last executing test programs: 9m27.309414357s ago: executing program 32 (id=3003): r0 = socket$inet(0xa, 0x801, 0x84) listen(r0, 0xfffffffd) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000004000000000000000300000784"], 0x0, 0x5, 0x0, 0x0, 0x41100, 0x9}, 0x94) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x4014001}, 0x9590f6cc3ea35512) r1 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f00000002c0)=ANY=[@ANYBLOB="540000001200b7a339f2d30afddbdf4d200f070700000007000025862f00000001ffffffc3000000060000000087c32be695bfd3ead0084f", @ANYRES32=0x0, @ANYBLOB="de00fbffa611195cc93f034708000000080003"], 0x54}, 0x1, 0x0, 0x0, 0x4008000}, 0x40000) 8m36.078986542s ago: executing program 33 (id=3408): r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014}) connect$unix(r2, &(0x7f0000000440)=@abs={0x0, 0x0, 0x4e24}, 0x6e) 8m29.17679636s ago: executing program 34 (id=3467): r0 = io_uring_setup(0x8, &(0x7f0000000080)={0x0, 0xc95e, 0x0, 0x0, 0x229}) close(0x3) mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x11c0, 0x5) open(&(0x7f0000000040)='./file4\x00', 0x62142, 0xcc) io_setup(0x2, &(0x7f0000000000)=0x0) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0xa, r0, &(0x7f0000000200)="eb0eb5fc", 0x4}]) 7m38.584843709s ago: executing program 35 (id=3868): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xd}, {0xffff, 0xffff}, {0x10, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x5, 0x1, {0x0, '\x00', 0x1, 0x7, 0x80000000, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) 7m33.709076877s ago: executing program 36 (id=3910): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x899, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1c, 0x3, &(0x7f0000000000)=@framed={{0xdb, 0xa, 0xa, 0xfe00, 0xa0, 0x71, 0x10, 0x1d}}, 0x0, 0xb, 0x0, 0x0, 0x0, 0x6f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) setsockopt$inet_sctp6_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, &(0x7f0000000040)=0x8, 0x4) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 7m1.338603128s ago: executing program 37 (id=4192): r0 = syz_usb_connect$printer(0x2, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000000)=ANY=[], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x80000000) readv(r1, &(0x7f00000004c0)=[{&(0x7f0000000380)=""/109, 0x6d}], 0x1) syz_open_dev$I2C(&(0x7f0000001780), 0x0, 0x40000) 6m11.884651871s ago: executing program 38 (id=4661): r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x100}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) 5m53.394377197s ago: executing program 39 (id=4790): open(&(0x7f00000000c0)='./file0\x00', 0x100242, 0x78e22799f4a46f8e) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x8000002d) r1 = getpgid(0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000100)={0x2, r1}) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x4) 5m50.757229387s ago: executing program 40 (id=4808): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$netlink(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000078000000030a01030000000000000000050000000900010073797a300000000008000540000000001c0008800c00024000000000000000000c00014000000000000000000900030073797a3200000000280004800800024000000000140003007465616d5f736c6176655f3000000000080001400000000114000000020a090100000000000000000000000014000000110001"], 0xd4}}, 0x8818) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0) 5m16.758365864s ago: executing program 41 (id=5013): r0 = socket$inet6(0xa, 0x3, 0x6) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x6}, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x4000) syz_io_uring_submit(0x0, 0x0, 0x0, &(0x7f0000000000)) setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x50, 0x1}, {0x6, 0x80, 0xfd}]}, 0x10) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000180)={0xa, 0x0, 0x3, @mcast2={0xff, 0x5}, 0xfffffffc}, 0x1c) 5m1.938668228s ago: executing program 42 (id=5126): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(ecb-aes-aesni)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000180)="10797fcd6cd957d2b903c6bf46b4abf3629ff075475e4bd6e43be1712bf8b4dc", 0x20) r1 = accept4(r0, 0x0, 0x0, 0x80000) recvmsg(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000700)=""/82, 0x52}, {&(0x7f0000000300)=""/103, 0x67}], 0x2}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@deltclass={0x24, 0x29, 0x800, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xfff2, 0xf}, {0xfff1}, {0xb, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x12) sendmsg$ETHTOOL_MSG_RINGS_GET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000880)=ANY=[], 0x74}}, 0x400c000) 4m56.876622556s ago: executing program 1 (id=5161): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x3, @dev}, 0x2}}, 0x2e) close(r0) socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r0, &(0x7f0000000040)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x1, 0x2, 0x4, {0xa, 0x4e20, 0x4, @loopback, 0x7}}}, 0x32) ioctl$PPPIOCGMRU(r0, 0x80047453, &(0x7f0000000080)) 4m56.677789734s ago: executing program 1 (id=5164): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x16}, 0x1c) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'ip6gretap0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000180)="0b032200e0ff25000200475400f6a13bb10000a8880088a84803", 0x10000, 0x0, &(0x7f0000000140)={0x11, 0x8100, r2}, 0x14) 4m56.366169197s ago: executing program 1 (id=5165): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000300), 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0) r1 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r1, &(0x7f0000000000)={&(0x7f0000000140)={0x2, 0x4001, @empty}, 0x10, 0x0}, 0x30006041) close(r1) 4m55.99442947s ago: executing program 1 (id=5166): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) pivot_root(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', &(0x7f00000001c0)='./file0\x00') 4m55.730113636s ago: executing program 1 (id=5168): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000000)={0x1, 0x0, [{0x0, 0x4, 0x0, 0x0, @msi={0x0, 0xc0000000, 0x6, 0x6}}]}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000180)={0x1, 0x0, [{0x40000002, 0x0, 0x7}]}) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000140)={0x0, 0x401}) 4m53.5824035s ago: executing program 1 (id=5180): bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d1d7a440041601801f44010203010902120001000000000904"], 0x0) r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0xdc3, 0x0) fcntl$setstatus(r2, 0x4, 0x2000) syz_usb_disconnect(r1) close_range(r0, 0xffffffffffffffff, 0x0) 4m53.007949226s ago: executing program 43 (id=5180): bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d1d7a440041601801f44010203010902120001000000000904"], 0x0) r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0xdc3, 0x0) fcntl$setstatus(r2, 0x4, 0x2000) syz_usb_disconnect(r1) close_range(r0, 0xffffffffffffffff, 0x0) 4m47.182822786s ago: executing program 5 (id=5231): r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000800000/0x800000)=nil, 0x802000}, 0x2}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$UFFDIO_CONTINUE(r1, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}, 0x1}) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19) 4m47.048967187s ago: executing program 5 (id=5232): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000300)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000)='batadv_slave_1\x00', 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007bd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) 4m46.706480997s ago: executing program 5 (id=5233): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x3e, &(0x7f0000000240)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x80, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @dest_unreach={0x3, 0x7, 0x0, 0x0, 0x3, 0xc58, {0x5, 0x4, 0x0, 0x7, 0x0, 0x65, 0xe, 0x4e, 0x24, 0xc, @empty, @dev={0xac, 0x14, 0x14, 0x44}}}}}}}, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x3, 0x0, 0x7fff2000}]}) close_range(r2, 0xffffffffffffffff, 0x0) 4m45.582828715s ago: executing program 5 (id=5240): r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, 0x0, 0x41) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) 4m44.588145975s ago: executing program 5 (id=5246): r0 = socket$qrtr(0x2a, 0x2, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) connect$qrtr(r0, &(0x7f0000000040)={0x2a, 0x1, 0xfffffffe}, 0xc) r1 = socket$qrtr(0x2a, 0x2, 0x0) recvmmsg(r0, &(0x7f0000000ac0)=[{{0x0, 0xff2c, 0x0}, 0x1}], 0x40, 0x2, 0x0) connect$qrtr(r1, &(0x7f0000000040)={0x2a, 0x1, 0x4000}, 0xc) writev(r1, &(0x7f0000000340)=[{&(0x7f00000001c0)="c7", 0x1}], 0x1) 4m43.148840818s ago: executing program 5 (id=5251): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x3, 0x4, @rand_addr=' \x01\x00'}}}, &(0x7f0000000040)=0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8) 4m42.73685456s ago: executing program 44 (id=5251): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x3, 0x4, @rand_addr=' \x01\x00'}}}, &(0x7f0000000040)=0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8) 4m42.572912072s ago: executing program 0 (id=5255): r0 = fsopen(&(0x7f00000014c0)='proc\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0xa) fchdir(r1) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x8880, 0x85) lseek(r2, 0x55bf9eb, 0x0) getdents64(r2, 0x0, 0x4f) 4m42.323920798s ago: executing program 0 (id=5257): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) bind$unix(r0, &(0x7f0000000900)=@file={0x1, './file0\x00'}, 0x6e) r1 = landlock_create_ruleset(&(0x7f0000000140)={0x4000}, 0x18, 0x0) landlock_restrict_self(r1, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000640)='.\x00', 0x0, 0x0) renameat2(r2, &(0x7f00000001c0)='./file0\x00', r2, &(0x7f0000000200)='.\x02\x00', 0x4) renameat2(0xffffffffffffff9c, &(0x7f0000000100)='.\x02\x00', r2, &(0x7f0000000000)='./file0\x00', 0x2) 4m42.058564758s ago: executing program 0 (id=5258): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xb}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xa, 0x7f61, 0x1, 0xc5, 0xe23, 0x1, 0x1, 0x7fff, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008001}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xa0000, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0x10, 0xb}, {0x5, 0xa858712265c6c23}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x5f, 0x2, 0x2}}]}, 0x38}, 0x1, 0x0, 0x0, 0x240000a0}, 0x4028040) 4m41.656408634s ago: executing program 0 (id=5259): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000002040), &(0x7f00000020c0)='./file0\x00', 0x0, &(0x7f0000004300)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0) move_mount(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', r2, &(0x7f0000000100)='./file0\x00', 0x126) 4m40.635216856s ago: executing program 0 (id=5261): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000010400)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast6-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x80800) setsockopt$sock_int(r1, 0x1, 0x7, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffd35}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@assoc={0x18, 0x117, 0x4, 0x3}], 0x18}], 0x1, 0x448c4) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000640)=""/88, 0x58}, {&(0x7f0000000740)=""/105, 0xfffffe0b}], 0x2}, 0x0) 4m40.153870676s ago: executing program 0 (id=5262): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x80042, 0x0) read(r1, 0x0, 0x0) 4m39.767405919s ago: executing program 45 (id=5262): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x80042, 0x0) read(r1, 0x0, 0x0) 3m0.397713441s ago: executing program 3 (id=5933): r0 = syz_usb_connect(0x3, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100004898b610c2154100201f0102030109021b0001000500ea09040002018c78fd00090582f3c6"], 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000a80)={0x14, 0x0, &(0x7f0000000a40)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4040094) syz_usb_control_io$printer(r0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x802c550a, &(0x7f0000000280)=@urb_type_control={0x2, {0x7, 0x1}, 0x2, 0x0, 0x0, 0x0, 0x401, 0x1d262a23, 0x0, 0x2, 0x4, 0x0}) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x8, &(0x7f0000000280)=ANY=[]) 2m59.751029352s ago: executing program 3 (id=5936): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'wg0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000180)="0b03feff4f00021202004788aa96a13bb1000011000088ca1a00", 0x1fffc, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14) 2m59.654967777s ago: executing program 3 (id=5937): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0x56ac, &(0x7f0000000040)={0x0, 0x36d, 0xc000, 0xc, 0x77}) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000800)={0x2, {{0x2, 0x2, @multicast2}}, 0x1}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0xfffffffffffffda2, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)}], 0x3eb}}], 0x1, 0x8001) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4a, &(0x7f0000000000)=0x9, 0x4) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 2m59.36203673s ago: executing program 3 (id=5941): syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x20d036, 0x0, 0x0, 0x0, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x41) mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0) r2 = open(&(0x7f0000000040)='.\x00', 0x0, 0x6c) move_mount(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', r2, &(0x7f0000000100)='./file0\x00', 0x126) 2m59.161211795s ago: executing program 3 (id=5943): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30) read$FUSE(r0, &(0x7f0000004180)={0x2020, 0x0, 0x0}, 0x2020) umount2(&(0x7f00000001c0)='./file0\x00', 0x0) write$FUSE_NOTIFY_INVAL_INODE(r0, &(0x7f0000000000)={0x28, 0x2, 0x0, {0x3, 0x7, 0xe5e}}, 0x28) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x29, 0x0, 0x440, 0xfffc, 0x0, 0x0, 0x2, 0x0, 0x0, 0x8, 0x80}}, 0x50) 2m58.707812487s ago: executing program 3 (id=5949): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000006c0)=ANY=[@ANYBLOB="1201000000000040c41090ea80000000000109022400010000000009040000010300000009210000000122070009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000000)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="200103"], 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000540)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="20010e"], 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003) ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000500)={&(0x7f0000000580)=[{0x1000, 0x200, 0x0, 0x0}], 0x1}) 2m57.96284867s ago: executing program 46 (id=5949): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000006c0)=ANY=[@ANYBLOB="1201000000000040c41090ea80000000000109022400010000000009040000010300000009210000000122070009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000000)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="200103"], 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000540)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="20010e"], 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003) ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000500)={&(0x7f0000000580)=[{0x1000, 0x200, 0x0, 0x0}], 0x1}) 2m14.008904138s ago: executing program 9 (id=6272): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x35, &(0x7f0000000000)=0x8001, 0x4) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000140)=ANY=[], 0x8) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x38, &(0x7f00000000c0)=0x5, 0x4) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8) recvmmsg(r0, &(0x7f0000001140)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=""/19, 0x13}, 0xfffffffa}], 0x1, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 2m13.743712488s ago: executing program 9 (id=6274): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0) ioctl$TCXONC(r0, 0x540a, 0x2) read(r0, &(0x7f00000003c0)=""/163, 0xa3) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000200)=0x1b) fchmod(r0, 0x181) r1 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x200) ioctl$TCXONC(r1, 0x540a, 0x2) 2m13.547922901s ago: executing program 9 (id=6277): r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0xffffffffffffffbf) fcntl$setsig(r1, 0xa, 0x12) ppoll(&(0x7f0000000100)=[{r2}], 0x1, 0x0, &(0x7f0000000080)={[0x8001a0efffffff]}, 0x8) dup2(r1, r2) fcntl$setown(r2, 0x8, r0) tkill(r0, 0x13) 2m13.402624092s ago: executing program 9 (id=6279): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r2, 0x0, 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x4) mount$fuse(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x104000, 0x0) 2m13.319185205s ago: executing program 9 (id=6281): pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r2, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) r3 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10) sendmsg$tipc(r3, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4040000}, 0x10) close_range(r0, 0xffffffffffffffff, 0x0) 2m12.166057033s ago: executing program 9 (id=6291): getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000000)=0x40) syz_open_dev$sg(&(0x7f0000000140), 0x6f5e, 0x1) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) sendto$inet6(r0, &(0x7f00000001c0)="a6e2976b", 0x4, 0x840, 0x0, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000000)=0x40) 2m11.692486065s ago: executing program 47 (id=6291): getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000000)=0x40) syz_open_dev$sg(&(0x7f0000000140), 0x6f5e, 0x1) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) sendto$inet6(r0, &(0x7f00000001c0)="a6e2976b", 0x4, 0x840, 0x0, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000000)=0x40) 10.753398962s ago: executing program 4 (id=7130): socket$nl_route(0x10, 0x3, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_MSRS_cpu(r1, 0xc008ae88, 0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) get_mempolicy(0x0, 0x0, 0x3, &(0x7f000093d000/0x2000)=nil, 0x3) 10.529052391s ago: executing program 4 (id=7134): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x88800, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r2, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r2, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r1, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r3, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x334e8b}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r1, 0x3ba0, &(0x7f0000000240)={0x48, 0x7, r3, 0x0, 0x10000, 0x0, 0x8, 0x2ea473, 0x2eb80c}) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000200), 0x80000, 0x0) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r4, 0x3ba0, &(0x7f0000000180)={0x48, 0x7, r3, 0x0, 0x10001, 0x0, 0x1, 0xd6fe2, 0x5a848}) close_range(r0, 0xffffffffffffffff, 0x0) 10.144595855s ago: executing program 4 (id=7137): r0 = syz_usb_connect(0x5, 0x35, &(0x7f0000000500)=ANY=[@ANYBLOB="120100004aaf36207205a5580a27010203010902230001000000000904010901a37d7e03090500004000020401080b01"], 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[], 0x0) syz_usb_control_io$printer(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$printer(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f0000000940)={0x44, &(0x7f0000000000)={0x20, 0xc, 0x2, "e00e"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 6.866050026s ago: executing program 4 (id=7152): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x89901) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) open_tree(r1, &(0x7f0000000640)='\x00', 0x89901) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f00000002c0)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}}) 5.933239169s ago: executing program 4 (id=7153): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{0x228000, 0x4, 0xe, 0xf1, 0x5, 0xfd, 0xd4, 0xd4, 0x0, 0xd7, 0x7, 0x4f}, {0x0, 0x2, 0x10, 0x9, 0x8, 0x3, 0x6, 0xb, 0x5, 0xf, 0x3, 0xc0}, {0x8080000, 0xdddd1000, 0xb, 0x2, 0x2, 0x0, 0x24, 0x1, 0x85, 0x0, 0xc4, 0x5}, {0xd000, 0x2000, 0x4, 0xf8, 0x5, 0x68, 0x2, 0xd, 0x6, 0x3, 0x8, 0x7}, {0x100000, 0xa000, 0x9, 0x1, 0x3, 0x9, 0xd, 0x6, 0x5, 0x4, 0x2e, 0x4b}, {0x6000, 0x8000000, 0xb, 0x0, 0x3, 0x1, 0x1, 0xc3, 0x4, 0x90, 0x1, 0xfc}, {0x70000, 0x4000, 0xf, 0xff, 0x3, 0xfb, 0x0, 0xb, 0x5, 0x7, 0x80, 0xf8}, {0xf7f63004, 0x1, 0xf, 0x5, 0xfc, 0x3, 0xa, 0x1, 0x54, 0x1, 0xff, 0x6}, {0xeeef0000, 0x5}, {0x80a0000, 0x9}, 0x4001000e, 0x0, 0xffff1000, 0x300, 0xa, 0x2100, 0xe6e70c00, [0x3, 0x20000401, 0x7, 0xc5]}) memfd_create(&(0x7f0000000000)='-&:{-\xaa]{\x00', 0x2) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x9, 0x4, 0xd7, 0x0, 0x9, 0x4, 0x4, 0x6, 0xe8, 0x69, 0x5, 0x8, 0x0, 0x856c, 0x2, 0xd4, 0x4, 0x9, 0x0, '\x00', 0x9, 0xffffffffffff8001}) ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000000)={0x8000000, 0xffff1000, 0x1, 0x1, 0x999}) 4.130812028s ago: executing program 7 (id=7159): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22, @multicast1}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r2, 0x29, 0x1a, &(0x7f00000007c0)=0x40000401, 0x4) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty, 0xffffffff}, 0x1c) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty, 0xffffffff}, 0x1c) listen(r0, 0xb5d6) 4.032388999s ago: executing program 7 (id=7160): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) fcntl$lock(r0, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) creat(&(0x7f0000000280)='./file0\x00', 0x96ab9c7d55edd554) 3.138037755s ago: executing program 4 (id=7164): socket$inet6(0xa, 0x2, 0x0) r0 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000001c0), 0x4) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc01000019000100fcffffff10000000ffffffff000000000000000000000000ac1414bb00000000000000000000000000000000f7fb20000a0080000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x1fc}}, 0x4080) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'veth0_virt_wifi\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0) sendmsg$key(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) 2.582925976s ago: executing program 48 (id=7164): socket$inet6(0xa, 0x2, 0x0) r0 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000001c0), 0x4) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc01000019000100fcffffff10000000ffffffff000000000000000000000000ac1414bb00000000000000000000000000000000f7fb20000a0080000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x1fc}}, 0x4080) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'veth0_virt_wifi\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0) sendmsg$key(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) 2.550267848s ago: executing program 2 (id=7167): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10) listen(r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10) r2 = accept(r0, 0x0, 0x0) shutdown(r2, 0x1) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x9, 0x4, 0x6, 0xfffa}, 0x1d, [0x1, 0xc95a, 0xfffffff3, 0x3ee9, 0x80, 0x2, 0x6, 0x7f, 0x6, 0x4d, 0x39cc1918, 0x5c, 0x9, 0x3, 0x2, 0x0, 0x6, 0x3, 0x0, 0x2ab, 0x104, 0x7, 0x4, 0x3c5b, 0x1, 0x1ff, 0x9, 0x1, 0x7, 0x7, 0xe661, 0x0, 0xb, 0x3, 0x7fff, 0xfffffffe, 0x80000000, 0x800242, 0xffffffff, 0x7f, 0xfffffffe, 0x71, 0x2, 0x6, 0x3, 0x2, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x3, 0x80092a7, 0x4, 0x1, 0x20000000, 0x82, 0x0, 0x7, 0x7, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x12f, 0x9, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x7ff, 0x80001000, 0xfffffffc, 0x0, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x1, 0x0, 0x9, 0x8, 0x8, 0x8000, 0xd, 0x3fe, 0x401, 0xfff, 0x4, 0xfb, 0x5, 0x8000, 0x5f31, 0x9, 0x4, 0x2, 0x2, 0x20009, 0x4, 0x9, 0x8, 0x9, 0x6, 0x7f, 0xa, 0x1, 0x9, 0x9, 0x2, 0x7f, 0x9, 0x6, 0x3, 0x9, 0xffffffff, 0x7, 0x3, 0x9, 0x48c93690, 0x42, 0x400004], [0x6, 0x6, 0x80000001, 0x2, 0xff, 0x40000100, 0x8d2, 0x9, 0x5, 0x7fff, 0x8, 0x1, 0x4, 0xa, 0x5, 0x1005, 0x0, 0x1f0, 0xfffffffd, 0x2, 0xb, 0x1, 0x9, 0x3e7, 0x9, 0x5, 0x2, 0x2, 0x800, 0x8, 0x5, 0x8001, 0x7, 0x38, 0x800003, 0x200, 0x80, 0x2, 0xcc52, 0x950bfaf, 0x1000, 0xa2, 0x7, 0x51cf697b, 0xfffffff9, 0x6, 0xac8, 0xbf, 0x10002, 0x403, 0x7ff, 0x8000003, 0x0, 0x54, 0xffff, 0x0, 0x6, 0x1c, 0x120000, 0xc00, 0x6, 0xaaed, 0x4, 0xff], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0xfffffffe, 0x6, 0x3, 0x0, 0x3, 0x80ce8, 0x1ff, 0x4, 0x7, 0x5, 0x1007, 0x101, 0x10000, 0x6, 0x7fff, 0xffff, 0xe620, 0x2, 0x2, 0x1, 0x2, 0x14c, 0x100060a7, 0x6, 0xb6, 0xffffffff, 0x80000000, 0x7, 0x4, 0xc8, 0xee1, 0x0, 0xffff, 0x3, 0x7f, 0x100, 0x9602, 0x4, 0x2, 0xffff, 0x4006, 0x1, 0x10080, 0x6, 0x8, 0x30b1d693, 0x5a2d, 0xc, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x3, 0xb1c, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 2.548693258s ago: executing program 8 (id=7168): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x1000, 0x10009, 0x6}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000080)={0x1, 0xc, 0x3}) r3 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000140)={0x6, 0x1000, 0x800}) close_range(r0, 0xffffffffffffffff, 0x0) 2.5477756s ago: executing program 6 (id=7169): munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x110a}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x54, 0x0, &(0x7f0000000480)=[@acquire, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x60, 0x18, &(0x7f0000002080)={@flat=@handle={0x73682a85, 0x1100, 0x2}, @ptr={0x70742a85, 0x10000000, 0x0, 0x0, 0x1, 0x200000000022}, @fda={0x66646185, 0x7, 0x0, 0x25}}, &(0x7f0000000bc0)={0x0, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0}) 2.449889896s ago: executing program 7 (id=7170): syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x0) r0 = landlock_create_ruleset(&(0x7f0000000040)={0x2, 0x3, 0x3}, 0x18, 0x0) landlock_restrict_self(r0, 0x6) r1 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x200000, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000340)={0x2000, r2}, 0x0) landlock_restrict_self(r1, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2) 2.361929237s ago: executing program 6 (id=7171): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x0, 0x2, 0x4000000000004, 0x5, 0x4, 0xf1, 0x4, 0xfffffffffffffffe, 0x7, 0x0, 0x9, 0x0, 0xc, 0x0, 0xbdb], 0x70000, 0x43102}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x4, 0x1000000000, 0x0, 0x10043, 0x2000001, 0x3, 0x2004cb, 0x2, 0x3c00000000000000, 0x9, 0x9, 0x9, 0x403, 0x0, 0x7], 0x25000, 0x202}) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.360404456s ago: executing program 2 (id=7172): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00006dbffc), 0x4) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000200)="0000000000aa303e97380e90231bdbdaf6a4bd866226b7cdb7c26858c4e4fd703be2f51ed6ddc4a47116ec2db75c7042a22491af0ffea4174a9de3350c0a498396b28c7d1784d04aa38922721cb7816094cb82950fd012efd26d", 0x5a}, {&(0x7f0000000900)="0f198d5aa5caa1c55b84b414797cbdd4e8c576a921a070fc828060506683fd1106a961ac55b5b8ea3342ca7de5559ca2c14e05e42aed8ba14b2c78cb540f71a817d80fbf1945a046ebda494a8048a106a4d49d7f214735ada53397db3b203885ce39ee48d69465935eade21ce36e61826c52c82f038341d9bab5687c740ed3c18897094e7e1391eb84a4052e03c0c7c39ae86d454938f65e284620b99481c33d9f5e5b7a6c0d7548723f55b213c76be37f40c850c38e265758ebd8238257a146d6eced16fd658a784c928fea7a841db1a7fd6520442dae5fc0d3a3d3a5f16fcf6fe4f062ecdad7d0f3c6cd339339533c0ef28ad1e2729907094c3de93c1b1b00ad6df89507000000fb7565d3a8e9eaea020ed173c2179fb03e0944460989240a689c7fe795d310be4e7a6b778a903280dbf426b39c3603c49049980767e31edb997f59785184cbd7b9070400000073c745f71db0906cb51780f908fa61634af8ac85d9f04f3dff0a948e81cd3229a59aaeb00995358155343e3239588a0383e4df109d5ca24276d0d83a27d0e9bf681c1bbea12a6f3c20ad50f63430333bb327eb6ae32fe8809065bce26d2dc2fbb2b48d404637d61fd86852e0e1b6ccc6f75b1107aaa5f60ef45f94e953b3f213c3cb4ca4c716565078c666f84e1a99bb4cb5c7190648132f6ff1f6cb79b93f20752753c938da6241607a742361d995188b23cb4b8269e98e822585695962620673433748e476f7cc3e37db88639c525ff3a502c82c283b00aecfe7734ab369e1ed7c75e27a5a333641817baa3ea37844e20e6266c5095abf9d47ca5f8ad93f1a4d8795daec222ada00d65cf91425fae7939ceaa8d94ec1ab5082e1d251c27b3132119b350e81771f3733be232ffb90c03a818bf458aac3314007c3e35d5e4bed6b897608b01e7e26a54433e5f5c74a2ee3c2fc50067be05a677f122b7dba7010830b879a41b579d44158fb89ea05761d2d369853bea84dfb8081ed7b891dcb3bb3361534fdc5252e4964aed936ad2838e7af14fc65c7c1c6d44c6256f2462ae83cfd6a6b2651da607fe79d345e5080098e9e6e7482cc5c267e00d8d09dcde70b60fe6220fe9530547201664db91cf1885ecc2f106b66cd99131523c99f6102ddd7403791b3a7ac59b256cc4c938fe01740ae4f19b5204ca305b1666b0c2a7e5015d6d530995843adfbac3954306d4cd82257d4d2c3283d45dbae43548fed9879328f114f7c8238ac955391b24614d91be1701ae07c170a9c299fcf3d0ac4cea07e88fbf66b697883af17a06ac3f9954eb2fbd20f101802cd023fc48c5d464c16059cc9dce8558c5322ac7612db0e2725427628c2c41a21f0d2f3962e32f710bf9e216ff1694e8d88c8a81328744b36d9ef9f08c0ea3ccd4f8729e2f00a048162834a95", 0x3f1}, {&(0x7f00000003c0)="128b9306006d4810e5ac5040ad9201847839fc378469d5765b9cc241840896c1498194a7197b45d74a8532b82037b02c9e6045c361eb", 0x36}], 0x3}, 0x0) setsockopt$RDS_CONG_MONITOR(r0, 0x114, 0x6, &(0x7f0000000680)=0x1, 0x4) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x40) recvmmsg(r0, &(0x7f0000003a00)=[{{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, 0x0}, 0x1ae0}], 0x2, 0x60000100, 0x0) 2.198109275s ago: executing program 7 (id=7173): syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r3, 0x0, 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x4) open_tree(0xffffffffffffff9c, &(0x7f0000000000)='\x00', 0x89901) 2.185389594s ago: executing program 8 (id=7174): socket$netlink(0x10, 0x3, 0xb) r0 = socket$inet6(0xa, 0x2, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000055000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff7000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r1 = io_uring_setup(0x3893, &(0x7f0000000040)={0x0, 0x1000c89b, 0xc000, 0x800007, 0x41, 0x0, r0}) r2 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000000)={0x0, 0x1, 0x6, @random="2bc1cfa2897b"}, 0x10) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000000)='/', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) 2.098551836s ago: executing program 2 (id=7175): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x6) fchdir(r1) syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x89801) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901) move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) 2.069480366s ago: executing program 7 (id=7176): socket$vsock_stream(0x28, 0x1, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ff1000/0x1000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff3000/0x1000)=nil, &(0x7f0000ff1000/0x1000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x1c6c, &(0x7f0000000040)={0x0, 0xaebb, 0xd000, 0x20000a, 0x20002f7}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x800, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xfff2, 0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x10008007}, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 1.958178284s ago: executing program 8 (id=7177): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'}) openat(0xffffffffffffff9c, &(0x7f00000001c0)='.\x00', 0x0, 0x0) r1 = socket(0x15, 0x5, 0x0) getsockopt(r1, 0x200000000114, 0x2710, 0x0, &(0x7f0000000040)) ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000140)={@local}) bpf$MAP_CREATE(0x0, &(0x7f00000027c0)=@base={0x4, 0x4, 0x4, 0x10005}, 0x48) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x94, 0x7fff0000}]}) close_range(r2, 0xffffffffffffffff, 0x0) 1.895290852s ago: executing program 8 (id=7178): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r1) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000880)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x50, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_DESC={0xc, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x1}]}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x78}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\x00\x00'}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a010800000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c00018006000100d1"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[], 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 1.888921847s ago: executing program 6 (id=7179): ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000240)={0x53, 0xfffffffffffffffd, 0x0, 0x6, @buffer={0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0x3, 0x0, 0x2, 0x0}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x5f, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000040)=0x1000) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0x1, 0xc, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x80, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.826747397s ago: executing program 2 (id=7180): syz_usb_connect(0x1, 0x3d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b000100000000090437"], 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000006c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x4004000) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) close_range(r4, 0xffffffffffffffff, 0x2) dup3(r0, r4, 0x0) 1.729490311s ago: executing program 7 (id=7181): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180), 0xfea7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) r3 = openat$cgroup_ro(r0, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendfile(r4, r3, 0x0, 0x100000002) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 1.701979645s ago: executing program 8 (id=7182): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet(0x2b, 0x801, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) r2 = add_key$user(&(0x7f00000001c0), &(0x7f0000000280)={'syz', 0x2}, &(0x7f0000000480)="2f77abd63ebfe7dbf2f6bfd198b30957f888d4114bbe8a57a5fdc09f903c1d7b5fa8f24db0fdafe48b0405a97cdb0826dc0000000000a1cc5ec9c66a9914a800bdaf69416b535f3c35d8950367b47dec292546c560", 0x55, 0xffffffffffffffff) r3 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r2, r3, r2}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) 1.155429209s ago: executing program 49 (id=7181): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180), 0xfea7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) r3 = openat$cgroup_ro(r0, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendfile(r4, r3, 0x0, 0x100000002) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 1.122976854s ago: executing program 6 (id=7184): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) r4 = socket(0x10, 0x803, 0x0) r5 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000780)=@newtfilter={0x3c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0xe, 0xffff}, {}, {0x7}}, [@filter_kind_options=@f_basic={{0xa}, {0xc, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0xd, 0x4}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0xc040) 910.74241ms ago: executing program 6 (id=7185): write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x2, 0xffffffffe0100f4f, 0x86, 0xe000, 0xf, 0x2, 0x0, 0x0, 0x100, 0x6}}, 0x50) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, 0x0}], 0x1, 0x8, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, 0x0, 0x1) 503.479167ms ago: executing program 6 (id=7186): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x1, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x8812, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000e00)=[{{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f00000002c0)=""/131, 0x83}], 0x1}, 0x2}], 0x1, 0x10122, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) 196.92361ms ago: executing program 2 (id=7187): openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100), 0x400, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000280), 0x800c42, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x20001, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80882) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 79.13314ms ago: executing program 8 (id=7188): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REQ_SET_REG(r0, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0xc4, 0x0, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x40}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x8}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}, @NL80211_ATTR_REG_RULES={0x90, 0x22, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0xb38}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0xf0}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x7}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x3}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0xd}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x9}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x200}]}, {0x4}, {0x34, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0xb}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x8}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x8}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x2}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x8}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x4}]}]}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}]}, 0xc4}}, 0x4c801) r1 = landlock_create_ruleset(&(0x7f0000000040)={0x2, 0x3, 0x3}, 0x18, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) ioctl$EVIOCSFF(r2, 0x40304580, &(0x7f00000003c0)={0x55, 0x8000, 0xfffd, {0x2, 0x1}, {0x53, 0x2}, @cond=[{0x1ff, 0x5388, 0x6f5, 0x800, 0xc7, 0x2}, {0xffff, 0x5, 0x1, 0x46, 0x6, 0xfd}]}) write$char_usb(r2, &(0x7f0000000040)="e2", 0x2250) landlock_restrict_self(r1, 0xf) mkdir(&(0x7f0000000000)='./control\x00', 0x0) rmdir(&(0x7f00000002c0)='./control\x00') 0s ago: executing program 2 (id=7189): openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000100)={0x0, &(0x7f0000000300)=[@code={0xa, 0x45, {"0f01b425ac8500006726285d41c442519ae08f49a892db0f01cfc4c30579f400f27f74c4a36d022f67b8010000000f01c10f011e"}}], 0x45}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0x1000, 0xe000, 0x9896672923535952, 0x0, 0x8, 0x0, 0x0, 0x2, 0x0, 0x8, 0x6, 0x40}, {0x25000, 0x10000, 0xc, 0xff, 0xff, 0x0, 0x0, 0x10, 0x7, 0xff}, {0x1, 0xdddd1000, 0xc, 0x5, 0x4, 0xc4, 0x0, 0xf0, 0x6a, 0x3, 0x0, 0xfc}, {0x1, 0xd000, 0x6, 0x0, 0x81, 0x0, 0x9, 0x0, 0x8, 0x2, 0x4}, {0x6000, 0xffff1000, 0xf, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x3c}, {0x100000, 0x0, 0x0, 0x78, 0x5, 0x40, 0x2, 0x0, 0x40, 0xfe, 0x5, 0x4}, {0x4, 0x10000, 0x0, 0x3, 0x4, 0x2, 0xa1, 0x20, 0x0, 0x3}, {0x1, 0x41000, 0xc, 0x0, 0x0, 0x7, 0x8, 0x40, 0x26, 0x0, 0x0, 0x2}, {0xdddd0000, 0x3}, {0x30000, 0xfffe}, 0xddf8ffdb, 0x0, 0x0, 0x38, 0x0, 0x0, 0xd000, [0x80000001, 0x0, 0x40000000001]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) kernel console output (not intermixed with test programs): 6] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 771.408013][T22016] usb 8-1: config 0 descriptor?? [ 771.712571][T22016] usblp 8-1:0.0: usblp0: USB Bidirectional printer dev 31 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 771.776866][T22016] usb 8-1: USB disconnect, device number 31 [ 771.815780][T22016] usblp0: removed [ 772.285069][T22016] usb 8-1: new high-speed USB device number 32 using dummy_hcd [ 772.333946][ T29] audit: type=1800 audit(1774964970.089:700): pid=23588 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.6034" name="bus" dev="tmpfs" ino=936 res=0 errno=0 [ 772.455604][T22016] usb 8-1: Using ep0 maxpacket: 32 [ 772.506291][T22016] usb 8-1: config index 0 descriptor too short (expected 29220, got 36) [ 772.514817][T22016] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 772.589116][T22016] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 772.629199][T22016] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 772.663549][T22016] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 772.703709][T22016] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 772.748305][T22016] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 772.805892][T22016] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 772.846329][T22016] usb 8-1: config 0 descriptor?? [ 773.080746][T22016] usblp 8-1:0.0: usblp0: USB Bidirectional printer dev 32 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 773.422917][T23604] use of bytesused == 0 is deprecated and will be removed in the future, [ 773.559932][T23604] use the actual size instead. [ 773.622359][T22008] usb 8-1: USB disconnect, device number 32 [ 773.675605][T22008] usblp0: removed [ 775.007818][T22021] usb 8-1: new high-speed USB device number 33 using dummy_hcd [ 775.215490][T22021] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 775.237222][T22021] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 775.290829][T22021] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 775.331336][T22021] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 775.377756][T22021] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 775.395035][T22021] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 775.446622][T22021] usb 8-1: Manufacturer: syz [ 775.476202][T22021] usb 8-1: config 0 descriptor?? [ 775.903653][T22021] appleir 0003:05AC:8243.0073: unknown main item tag 0x0 [ 775.958832][T22021] appleir 0003:05AC:8243.0073: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.7-1/input0 [ 776.698798][T22016] usb 8-1: USB disconnect, device number 33 [ 777.118797][T23717] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6068'. [ 777.489223][T23734] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6074'. [ 777.531912][T23734] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6074'. [ 778.448947][T23752] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6080'. [ 778.634106][T23763] netlink: 24 bytes leftover after parsing attributes in process `syz.7.6086'. [ 778.881775][T23775] netlink: 'syz.6.6088': attribute type 10 has an invalid length. [ 778.905955][T23775] 8021q: adding VLAN 0 to HW filter on device team0 [ 778.945938][T23775] bond0: (slave team0): Enslaving as an active interface with an up link [ 779.160225][T23785] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=3901993312 (7803986624 ns) > initial count (6429106268 ns). Using initial count to start timer. [ 779.189733][T23785] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 779.835127][T16035] usb 10-1: new high-speed USB device number 22 using dummy_hcd [ 779.936574][T22008] usb 9-1: new high-speed USB device number 12 using dummy_hcd [ 779.952069][T23816] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 779.966025][T23816] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 780.015182][T16035] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 780.027866][T16035] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 780.040116][T16035] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 780.054129][T16035] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 780.074247][T16035] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 780.090244][T16035] usb 10-1: config 0 descriptor?? [ 780.120973][T22008] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 780.142254][T22008] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 780.165935][T22008] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 780.193423][T22008] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 780.233796][T22008] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 780.243430][T22008] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 780.266582][T22008] usb 9-1: config 0 descriptor?? [ 780.547940][T16035] plantronics 0003:047F:FFFF.0074: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.9-1/input0 [ 780.723323][T22008] plantronics 0003:047F:FFFF.0075: hiddev1,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0 [ 780.835360][T16035] usb 5-1: new high-speed USB device number 85 using dummy_hcd [ 781.007489][T16035] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 781.039923][T16035] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 781.050003][T16035] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 781.080570][T16035] usb 5-1: config 0 descriptor?? [ 781.305619][T22008] usb 8-1: new high-speed USB device number 34 using dummy_hcd [ 781.309540][T16035] usbhid 5-1:0.0: can't add hid device: -71 [ 781.325931][T16035] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 781.351285][T16035] usb 5-1: USB disconnect, device number 85 [ 781.465643][T22008] usb 8-1: Using ep0 maxpacket: 32 [ 781.473151][T22008] usb 8-1: config 0 has an invalid interface number: 67 but max is 0 [ 781.481957][T22008] usb 8-1: config 0 has no interface number 0 [ 781.496158][T22008] usb 8-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 781.526013][T22008] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 781.534119][T22008] usb 8-1: Product: syz [ 781.564740][T22008] usb 8-1: Manufacturer: syz [ 781.585638][T22008] usb 8-1: SerialNumber: syz [ 781.606144][T22008] usb 8-1: config 0 descriptor?? [ 781.815391][T22017] usb 5-1: new high-speed USB device number 86 using dummy_hcd [ 781.988882][T22017] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 782.013608][T22017] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 782.027721][T22017] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 782.038345][T22008] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 782.052842][T22017] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 782.064143][T22008] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 782.075580][T22017] usb 5-1: config 0 descriptor?? [ 782.506093][T22017] plantronics 0003:047F:FFFF.0076: hiddev2,hidraw2: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 782.637497][T22016] usb 10-1: USB disconnect, device number 22 [ 782.927033][T22016] usb 5-1: USB disconnect, device number 86 [ 782.989209][ T24] usb 9-1: USB disconnect, device number 12 [ 783.023943][T23874] sctp: [Deprecated]: syz.9.6123 (pid 23874) Use of struct sctp_assoc_value in delayed_ack socket option. [ 783.023943][T23874] Use struct sctp_sack_info instead [ 783.098972][T22008] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 783.112489][T22008] smsc95xx 8-1:0.67: probe with driver smsc95xx failed with error -71 [ 783.126682][T22008] usb 8-1: USB disconnect, device number 34 [ 783.607157][T23895] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6131'. [ 783.689814][T23895] bond2: entered promiscuous mode [ 783.695060][T23895] bond2: entered allmulticast mode [ 783.700812][T23895] 8021q: adding VLAN 0 to HW filter on device bond2 [ 783.791548][T23898] macvlan2: entered promiscuous mode [ 783.819271][T23898] macvlan2: entered allmulticast mode [ 784.323210][T23922] loop2: detected capacity change from 0 to 7 [ 784.356130][T23922] loop2: [ 784.359439][T23922] loop2: partition table partially beyond EOD, truncated [ 784.366693][ T24] usb 10-1: new high-speed USB device number 23 using dummy_hcd [ 784.486340][T23926] netlink: 'syz.7.6142': attribute type 3 has an invalid length. [ 784.537401][ T24] usb 10-1: Using ep0 maxpacket: 8 [ 784.546299][ T24] usb 10-1: config 179 has an invalid interface number: 65 but max is 0 [ 784.546332][ T24] usb 10-1: config 179 has no interface number 0 [ 784.546382][ T24] usb 10-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 784.546412][ T24] usb 10-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 784.546442][ T24] usb 10-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 784.546469][ T24] usb 10-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0 [ 784.546492][ T24] usb 10-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 784.546521][ T24] usb 10-1: config 179 interface 65 has no altsetting 0 [ 784.546559][ T24] usb 10-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 784.546584][ T24] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 784.600264][ T24] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:179.65/input/input129 [ 784.806172][T23931] netlink: 4 bytes leftover after parsing attributes in process `syz.8.6144'. [ 784.848126][T23914] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 784.848637][T23914] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 784.861160][ T24] usb 10-1: USB disconnect, device number 23 [ 784.863322][T23931] netlink: 12 bytes leftover after parsing attributes in process `syz.8.6144'. [ 785.504644][T23952] sctp: [Deprecated]: syz.9.6151 (pid 23952) Use of struct sctp_assoc_value in delayed_ack socket option. [ 785.504644][T23952] Use struct sctp_sack_info instead [ 785.917894][T23968] VFS: Lookup of 'binder0' in fuse fuse would have caused loop [ 786.160934][T23974] lo: entered allmulticast mode [ 786.202404][T23974] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 786.319895][T23982] bridge0: port 3(batadv0) entered disabled state [ 786.373266][T23982] bridge_slave_0: left allmulticast mode [ 786.381821][T23982] bridge_slave_0: left promiscuous mode [ 786.388221][T23982] bridge0: port 1(bridge_slave_0) entered disabled state [ 786.407248][T23982] bridge_slave_1: left allmulticast mode [ 786.413402][T23982] bridge_slave_1: left promiscuous mode [ 786.423075][T23982] bridge0: port 2(bridge_slave_1) entered disabled state [ 786.448346][T23982] bond0: (slave bond_slave_0): Releasing backup interface [ 786.503490][T23982] bond0: (slave bond_slave_1): Releasing backup interface [ 786.553445][T23982] team0: Port device team_slave_0 removed [ 786.599253][T23982] team0: Port device team_slave_1 removed [ 786.609359][T23982] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 786.634279][T23982] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 786.644584][T23982] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 786.682332][T23982] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 786.711936][T23982] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 786.752722][T23984] bridge1: entered promiscuous mode [ 787.368414][T24020] io-wq is not configured for unbound workers [ 787.755188][ T24] usb 7-1: new high-speed USB device number 26 using dummy_hcd [ 788.053451][ T24] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 788.164525][ T24] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 788.746292][ T24] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 788.758849][ T24] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 788.772558][ T24] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 788.815824][ T24] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 788.824000][ T24] usb 7-1: Product: syz [ 788.830115][ T24] usb 7-1: Manufacturer: syz [ 788.844049][ T24] cdc_wdm 7-1:1.0: skipping garbage [ 788.849494][ T24] cdc_wdm 7-1:1.0: skipping garbage [ 788.859447][ T24] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 788.866496][ T24] cdc_wdm 7-1:1.0: Unknown control protocol [ 789.117867][ T24] usb 5-1: new high-speed USB device number 87 using dummy_hcd [ 789.307361][ T24] usb 5-1: config 0 has no interfaces? [ 789.320229][ T24] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 789.335602][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 789.355107][ T24] usb 5-1: Product: syz [ 789.365183][ T24] usb 5-1: Manufacturer: syz [ 789.376716][ T24] usb 5-1: SerialNumber: syz [ 789.409830][ T24] usb 5-1: config 0 descriptor?? [ 789.790965][T24053] ip6gre1: entered allmulticast mode [ 789.821531][T22016] usb 5-1: USB disconnect, device number 87 [ 790.029728][ T24] hid-generic 0000:0000:0000.0077: unknown main item tag 0x0 [ 790.069131][ T24] hid-generic 0000:0000:0000.0077: hidraw0: HID v0.00 Device [syz1] on syz0 [ 790.523839][ T24] usb 7-1: USB disconnect, device number 26 [ 790.715934][T22016] usb 10-1: new high-speed USB device number 24 using dummy_hcd [ 790.895336][T22016] usb 10-1: Using ep0 maxpacket: 8 [ 790.917010][T22016] usb 10-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 790.955578][T22016] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 790.988812][T22016] usb 10-1: Product: syz [ 791.003839][T22016] usb 10-1: Manufacturer: syz [ 791.014683][T22016] usb 10-1: SerialNumber: syz [ 791.020667][T24116] random: crng reseeded on system resumption [ 791.049664][T22016] usb 10-1: config 0 descriptor?? [ 791.304295][T22016] usb 10-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 791.892858][T24146] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6201'. [ 791.971947][ T7381] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 791.972076][T24146] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6201'. [ 792.011531][ T7381] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 792.073410][ T7381] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 792.131850][ T7381] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 792.723957][T22016] dvb_usb_rtl28xxu 10-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 792.740822][T22016] usb 10-1: USB disconnect, device number 24 [ 793.223783][ T8238] usb 5-1: new high-speed USB device number 88 using dummy_hcd [ 793.289520][T24158] netlink: 76 bytes leftover after parsing attributes in process `syz.8.6204'. [ 793.395012][ T8238] usb 5-1: Using ep0 maxpacket: 32 [ 793.418527][ T8238] usb 5-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 793.443136][ T8238] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 793.464758][ T8238] usb 5-1: Product: syz [ 793.476869][ T8238] usb 5-1: Manufacturer: syz [ 793.481919][ T8238] usb 5-1: SerialNumber: syz [ 793.508345][ T8238] usb 5-1: config 0 descriptor?? [ 793.529685][ T8238] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 793.560278][T24163] netlink: 12 bytes leftover after parsing attributes in process `syz.8.6206'. [ 794.102768][ T29] audit: type=1326 audit(1774964991.859:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24159 comm="syz.9.6205" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f655479c819 code=0x0 [ 794.601239][T24175] netlink: 'syz.9.6209': attribute type 10 has an invalid length. [ 794.636484][T24175] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 794.682936][T24175] netlink: 16 bytes leftover after parsing attributes in process `syz.9.6209'. [ 794.692731][T24175] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6209'. [ 794.880870][T24182] loop2: detected capacity change from 0 to 7 [ 794.890294][T24182] loop2: [ 794.893564][T24182] loop2: partition table partially beyond EOD, truncated [ 794.958583][ T8238] gspca_topro: Sensor cx0342 [ 795.029345][T24187] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6215'. [ 795.204673][ T8236] usb 5-1: USB disconnect, device number 88 [ 795.859948][T24204] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6222'. [ 795.918411][T24204] bond3: entered promiscuous mode [ 795.923843][T24204] bond3: entered allmulticast mode [ 795.930135][T24204] 8021q: adding VLAN 0 to HW filter on device bond3 [ 795.938296][T24207] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6222'. [ 795.995036][ T8236] usb 9-1: new high-speed USB device number 13 using dummy_hcd [ 796.042427][T24207] macsec1: entered promiscuous mode [ 796.054686][T24207] macsec1: entered allmulticast mode [ 796.165075][ T8236] usb 9-1: Using ep0 maxpacket: 32 [ 796.189631][ T8236] usb 9-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 796.203494][ T8236] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 796.218416][ T8236] usb 9-1: config 0 descriptor?? [ 796.438757][ T8236] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 796.468313][ T8236] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 796.506143][ T8236] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 796.533969][ T8236] usb 9-1: media controller created [ 796.590554][ T8236] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 796.874789][ T8236] az6027: usb out operation failed. (-71) [ 796.892128][ T8236] stb0899_attach: Driver disabled by Kconfig [ 796.901666][ T8236] az6027: no front-end attached [ 796.901666][ T8236] [ 796.922273][ T8236] az6027: usb out operation failed. (-71) [ 796.935013][ T8236] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 796.971633][ T8236] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.8/usb9/9-1/input/input130 [ 797.014641][ T8236] dvb-usb: schedule remote query interval to 400 msecs. [ 797.048027][ T8236] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 797.074299][ T8236] usb 9-1: USB disconnect, device number 13 [ 797.210152][ T8236] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 797.695851][T24239] netlink: 24 bytes leftover after parsing attributes in process `syz.6.6235'. [ 798.035788][ T24] usb 10-1: new high-speed USB device number 25 using dummy_hcd [ 798.098196][T24253] kvm: pic: single mode not supported [ 798.098696][T24253] kvm: pic: single mode not supported [ 798.106305][T24253] kvm: pic: single mode not supported [ 798.112315][T24253] kvm: pic: single mode not supported [ 798.118636][T24253] kvm: pic: level sensitive irq not supported [ 798.124597][T24253] kvm: pic: level sensitive irq not supported [ 798.131385][T24253] kvm: pic: single mode not supported [ 798.138189][T24253] kvm: pic: single mode not supported [ 798.205052][ T8236] usb 7-1: new high-speed USB device number 27 using dummy_hcd [ 798.217328][ T24] usb 10-1: Using ep0 maxpacket: 8 [ 798.239906][ T24] usb 10-1: config index 0 descriptor too short (expected 301, got 45) [ 798.256506][ T24] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 798.272422][ T24] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 798.284128][ T24] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 798.295757][ T24] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 798.309778][ T24] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 798.319276][ T24] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 798.328097][T22016] usb 9-1: new high-speed USB device number 14 using dummy_hcd [ 798.366918][ T8236] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 798.379103][ T8236] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 798.393964][ T8236] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 798.403960][ T8236] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 798.418337][ T8236] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 798.428088][ T8236] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 798.439411][ T8236] usb 7-1: config 0 descriptor?? [ 798.502012][T22016] usb 9-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 798.513442][T22016] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 798.524546][T22016] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 798.536997][T22016] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 798.555865][T22016] usb 9-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 798.565382][ T24] usb 10-1: usb_control_msg returned -32 [ 798.571073][ T24] usbtmc 10-1:16.0: can't read capabilities [ 798.577230][T22016] usb 9-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 798.585392][T22016] usb 9-1: Manufacturer: syz [ 798.597914][T22016] usb 9-1: config 0 descriptor?? [ 798.871573][ T8236] plantronics 0003:047F:FFFF.0078: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 799.015901][T22016] appleir 0003:05AC:8243.0079: unknown main item tag 0x0 [ 799.028592][T22016] appleir 0003:05AC:8243.0079: hiddev2,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.8-1/input0 [ 799.229710][T22016] usb 9-1: USB disconnect, device number 14 [ 799.558326][T22016] usb 10-1: USB disconnect, device number 25 [ 799.604311][T24266] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6243'. [ 799.645694][T24268] syzkaller1: entered promiscuous mode [ 799.651589][T24268] syzkaller1: entered allmulticast mode [ 799.702706][T24270] loop5: detected capacity change from 0 to 7 [ 799.710266][T24270] loop5: [ 799.713605][T24270] loop5: partition table partially beyond EOD, truncated [ 800.220904][T24288] netlink: 28 bytes leftover after parsing attributes in process `syz.9.6253'. [ 800.234276][T24288] netlink: 28 bytes leftover after parsing attributes in process `syz.9.6253'. [ 800.256494][T22016] usb 5-1: new high-speed USB device number 89 using dummy_hcd [ 800.427060][T22016] usb 5-1: config 0 has too many interfaces: 253, using maximum allowed: 32 [ 800.437887][T22016] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 253 [ 800.450261][T22016] usb 5-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac [ 800.461029][T22016] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 800.469962][T22016] usb 5-1: Product: syz [ 800.474537][T22016] usb 5-1: Manufacturer: syz [ 800.479342][T22016] usb 5-1: SerialNumber: syz [ 800.491856][T22016] usb 5-1: config 0 descriptor?? [ 800.506536][T22016] gspca_main: sunplus-2.14.0 probing 055f:c630 [ 800.997247][T16035] usb 7-1: USB disconnect, device number 27 [ 801.125193][T22017] usb 8-1: new high-speed USB device number 35 using dummy_hcd [ 801.285324][T22017] usb 8-1: Using ep0 maxpacket: 8 [ 801.297307][T22017] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 801.314609][T22017] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 801.325461][T22017] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 801.337248][T22017] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 801.347994][T22017] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 801.362918][T22017] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 801.372422][T22017] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 801.392252][T24322] syzkaller0: entered promiscuous mode [ 801.624368][T22017] usb 8-1: usb_control_msg returned -32 [ 801.636433][T22017] usbtmc 8-1:16.0: can't read capabilities [ 801.952230][ T8238] usb 8-1: USB disconnect, device number 35 [ 801.955108][T24315] usbtmc 8-1:16.0: usb_control_msg returned -71 [ 802.130407][T22016] gspca_sunplus: reg_r err -71 [ 802.143193][T22016] sunplus 5-1:0.0: probe with driver sunplus failed with error -71 [ 802.167641][T24344] loop3: detected capacity change from 0 to 7 [ 802.172689][T22016] usb 5-1: USB disconnect, device number 89 [ 802.200827][T24344] Dev loop3: unable to read RDB block 7 [ 802.219131][T24344] loop3: unable to read partition table [ 802.231714][T24344] loop3: partition table beyond EOD, truncated [ 802.259692][T24344] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5) [ 802.559074][T24359] netlink: 8 bytes leftover after parsing attributes in process `syz.8.6278'. [ 802.569974][T24359] netlink: 8 bytes leftover after parsing attributes in process `syz.8.6278'. [ 802.957807][T24367] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 802.991548][T24367] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 803.095746][T22016] usb 5-1: new full-speed USB device number 90 using dummy_hcd [ 803.256823][T22016] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid maxpacket 1024, setting to 1023 [ 803.279635][T22016] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 173, changing to 4 [ 803.308118][T22016] usb 5-1: New USB device found, idVendor=2b73, idProduct=0034, bcdDevice= 0.40 [ 803.328681][T22016] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 803.350439][T22016] usb 5-1: Product: syz [ 803.354775][T22016] usb 5-1: Manufacturer: syz [ 803.370025][T22016] usb 5-1: SerialNumber: syz [ 803.636989][T22016] usb 5-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 803.647967][T22016] usb 5-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 803.777237][T22016] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -71 [ 803.801510][T22016] usb 5-1: USB disconnect, device number 90 [ 803.833887][ T6005] udevd[6005]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 804.525883][ T5833] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 804.539025][ T5833] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 804.549105][ T5833] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 804.560009][ T5833] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 804.570803][ T5833] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 804.616248][T22016] usb 5-1: new high-speed USB device number 91 using dummy_hcd [ 804.802636][T22016] usb 5-1: Using ep0 maxpacket: 16 [ 804.819120][T22016] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 804.845776][T22016] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 804.864084][T22016] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 804.894753][T22016] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 804.915205][T22016] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 804.944134][T22016] usb 5-1: Product: syz [ 804.960117][T22016] usb 5-1: Manufacturer: syz [ 804.965054][T22016] usb 5-1: SerialNumber: syz [ 805.154993][T24400] chnl_net:caif_netlink_parms(): no params data found [ 805.398432][T22016] usb 5-1: 0:2 : does not exist [ 805.473804][T24400] bridge0: port 1(bridge_slave_0) entered blocking state [ 805.498278][T24400] bridge0: port 1(bridge_slave_0) entered disabled state [ 805.534458][T24400] bridge_slave_0: entered allmulticast mode [ 805.554701][T24400] bridge_slave_0: entered promiscuous mode [ 805.576899][T24400] bridge0: port 2(bridge_slave_1) entered blocking state [ 805.606647][T24400] bridge0: port 2(bridge_slave_1) entered disabled state [ 805.640157][T24400] bridge_slave_1: entered allmulticast mode [ 805.671628][T24400] bridge_slave_1: entered promiscuous mode [ 805.737110][T24400] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 805.765466][T24400] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 805.889303][T24400] team0: Port device team_slave_0 added [ 805.899674][T24400] team0: Port device team_slave_1 added [ 805.964168][T24400] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 805.972153][T24400] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 806.000011][T24400] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 806.015147][T24400] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 806.022403][T24400] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 806.064281][T24400] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 806.299187][T24400] hsr_slave_0: entered promiscuous mode [ 806.326655][T24400] hsr_slave_1: entered promiscuous mode [ 806.357683][T24400] debugfs: 'hsr0' already exists in 'hsr' [ 806.363491][T24400] Cannot create hsr debugfs directory [ 806.485186][T22016] usb 5-1: USB disconnect, device number 91 [ 806.558447][ T6005] udevd[6005]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 806.586733][ T8236] usb 8-1: new high-speed USB device number 36 using dummy_hcd [ 806.625877][ T5833] Bluetooth: hci4: command tx timeout [ 806.745152][ T8236] usb 8-1: Using ep0 maxpacket: 32 [ 806.768359][T22008] usb 9-1: new high-speed USB device number 15 using dummy_hcd [ 806.789933][ T8236] usb 8-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 806.821087][ T8236] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 806.835071][ T8236] usb 8-1: Product: syz [ 806.839423][ T8236] usb 8-1: Manufacturer: syz [ 806.844199][ T8236] usb 8-1: SerialNumber: syz [ 806.890922][ T8236] usb 8-1: config 0 descriptor?? [ 806.914873][ T8236] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 806.959849][T22008] usb 9-1: config 0 has no interfaces? [ 806.971829][T22008] usb 9-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 807.002936][T22008] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 807.036780][T22008] usb 9-1: config 0 descriptor?? [ 807.306930][T24440] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 807.325472][T24440] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 807.395335][T24440] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 807.410228][T24440] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 807.434791][ T8238] usb 7-1: new high-speed USB device number 28 using dummy_hcd [ 807.467861][T16035] usb 9-1: USB disconnect, device number 15 [ 807.648361][ T8238] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 807.669452][ T8238] usb 7-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00 [ 807.680941][ T8238] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 807.720845][ T8238] usb 7-1: config 0 descriptor?? [ 807.757710][ T8238] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 807.915022][T24466] netlink: 68 bytes leftover after parsing attributes in process `syz.4.6313'. [ 807.934081][T24466] netlink: 68 bytes leftover after parsing attributes in process `syz.4.6313'. [ 807.948837][T24400] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 807.965962][ T8238] usb 9-1: new high-speed USB device number 16 using dummy_hcd [ 808.007267][T24400] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 808.027478][T24452] kvm: pic: level sensitive irq not supported [ 808.060388][T24400] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 808.098262][T22017] usb 7-1: USB disconnect, device number 28 [ 808.116431][T24400] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 808.160497][ T8238] usb 9-1: Using ep0 maxpacket: 8 [ 808.183284][ T8238] usb 9-1: New USB device found, idVendor=046d, idProduct=0900, bcdDevice=66.9e [ 808.204773][ T8238] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 808.235039][ T8238] usb 9-1: Product: syz [ 808.240615][ T8238] usb 9-1: Manufacturer: syz [ 808.255866][ T8238] usb 9-1: SerialNumber: syz [ 808.277593][ T8238] usb 9-1: config 0 descriptor?? [ 808.300144][ T8238] gspca_main: spca500-2.14.0 probing 046d:0900 [ 808.394269][T24400] 8021q: adding VLAN 0 to HW filter on device bond0 [ 808.446652][T24400] 8021q: adding VLAN 0 to HW filter on device team0 [ 808.476068][ T7379] bridge0: port 1(bridge_slave_0) entered blocking state [ 808.483453][ T7379] bridge0: port 1(bridge_slave_0) entered forwarding state [ 808.550296][ T7379] bridge0: port 2(bridge_slave_1) entered blocking state [ 808.557780][ T7379] bridge0: port 2(bridge_slave_1) entered forwarding state [ 808.602271][ T8236] gspca_ov534_9: reg_r err -71 [ 808.705168][ T5833] Bluetooth: hci4: command tx timeout [ 808.712023][ T8238] gspca_spca500: reg write: error -71 [ 808.743544][ T8238] gspca_spca500: reg write: error -71 [ 808.777781][ T8238] gspca_spca500: reg write: error -71 [ 808.805487][ T8238] gspca_spca500: reg write: error -71 [ 808.854415][ T8238] gspca_spca500: reg write: error -71 [ 808.862133][T24400] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 808.881014][ T8236] gspca_ov534_9: Unknown sensor 0000 [ 808.881124][ T8236] ov534_9 8-1:0.0: probe with driver ov534_9 failed with error -22 [ 808.905166][ T8238] gspca_spca500: reg write: error -71 [ 808.920957][ T8238] gspca_spca500: reg write: error -71 [ 808.945986][ T8236] usb 8-1: USB disconnect, device number 36 [ 808.955243][ T8238] gspca_spca500: reg write: error -71 [ 808.973128][ T8238] gspca_spca500: reg write: error -71 [ 808.993779][ T8238] gspca_spca500: reg write: error -71 [ 809.012634][ T8238] gspca_spca500: reg write: error -71 [ 809.031131][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.040796][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.081166][ T8238] gspca_spca500: reg write: error -71 [ 809.102421][T24400] veth0_vlan: entered promiscuous mode [ 809.114627][ T8238] gspca_spca500: reg write: error -71 [ 809.146043][ T8238] usb 9-1: USB disconnect, device number 16 [ 809.176306][T24400] veth1_vlan: entered promiscuous mode [ 809.248697][T24400] veth0_macvtap: entered promiscuous mode [ 809.307960][T24400] veth1_macvtap: entered promiscuous mode [ 809.400922][T24400] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 809.451169][T24400] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 809.542391][ T59] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 809.588821][ T59] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 809.642041][ T59] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 809.700147][T24509] kvm: pic: non byte write [ 809.924316][ T59] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 810.369847][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 810.418263][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 810.536243][ T1006] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 810.544409][ T1006] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 810.790198][ T5833] Bluetooth: hci4: command tx timeout [ 811.221751][T24556] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6331'. [ 811.231783][T24556] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6331'. [ 811.540107][ T29] audit: type=1800 audit(1774965009.299:702): pid=24538 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.8.6326" name="/" dev="fuse" ino=9 res=0 errno=0 [ 811.925023][T22008] usb 9-1: new high-speed USB device number 17 using dummy_hcd [ 812.085066][T22008] usb 9-1: Using ep0 maxpacket: 32 [ 812.092958][T22008] usb 9-1: config 0 has an invalid interface number: 67 but max is 0 [ 812.107022][T22008] usb 9-1: config 0 has no interface number 0 [ 812.116812][T22008] usb 9-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 812.127230][T22008] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 812.136065][T22008] usb 9-1: Product: syz [ 812.140667][T22008] usb 9-1: Manufacturer: syz [ 812.152955][T22008] usb 9-1: SerialNumber: syz [ 812.168890][T22008] usb 9-1: config 0 descriptor?? [ 812.619044][T22008] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 812.657941][T22008] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 812.714292][T24610] netlink: 'syz.6.6343': attribute type 10 has an invalid length. [ 812.771497][T24610] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 812.872204][ T5833] Bluetooth: hci4: command tx timeout [ 813.322294][T24632] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6349'. [ 813.339734][T24632] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6349'. [ 813.514126][T22008] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 813.542915][T22008] smsc95xx 9-1:0.67: probe with driver smsc95xx failed with error -71 [ 813.597622][T22008] usb 9-1: USB disconnect, device number 17 [ 813.877007][T24648] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6352'. [ 816.164499][T24704] netlink: 60 bytes leftover after parsing attributes in process `syz.7.6368'. [ 816.174337][T24705] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 816.175562][T24704] unsupported nlmsg_type 40 [ 816.242743][T24698] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 817.326212][T24742] loop5: detected capacity change from 0 to 7 [ 817.339390][ T6005] loop5: [ 817.342450][ T6005] loop5: partition table partially beyond EOD, truncated [ 817.391331][T24742] loop5: [ 817.394383][T24742] loop5: partition table partially beyond EOD, truncated [ 817.787411][T16035] usb 8-1: new high-speed USB device number 37 using dummy_hcd [ 817.975118][T16035] usb 8-1: Using ep0 maxpacket: 16 [ 817.992037][T16035] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 818.034060][T16035] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 818.084992][T16035] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 818.105939][T16035] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 818.168764][T16035] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 818.216421][T16035] usb 8-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 818.242382][T16035] usb 8-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 818.300187][T16035] usb 8-1: Manufacturer: syz [ 818.329557][T16035] usb 8-1: config 0 descriptor?? [ 818.701870][T16035] rc_core: IR keymap rc-hauppauge not found [ 818.724559][T16035] Registered IR keymap rc-empty [ 818.751306][T16035] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 818.976230][T16035] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 818.996617][T16035] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/rc/rc0 [ 819.127625][T16035] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/rc/rc0/input132 [ 819.135681][T24775] netlink: 64 bytes leftover after parsing attributes in process `syz.4.6387'. [ 819.213957][T16035] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 819.222529][T24775] syzkaller1: entered promiscuous mode [ 819.246445][T24775] syzkaller1: entered allmulticast mode [ 819.246909][T16035] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 819.345242][T16035] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 819.375254][T16035] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 819.415571][T16035] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 819.445937][T16035] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 819.488058][T16035] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 819.557492][T16035] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 819.587416][ T59] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 819.609056][T16035] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 819.635253][T16035] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 819.664381][T16035] mceusb 8-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 819.695220][T16035] mceusb 8-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 819.770083][T16035] usb 8-1: USB disconnect, device number 37 [ 819.883945][ T59] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 819.979477][T22008] usb 9-1: new high-speed USB device number 18 using dummy_hcd [ 820.028581][T24804] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6394'. [ 820.130095][ T59] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 820.175391][T22008] usb 9-1: Using ep0 maxpacket: 8 [ 820.195457][T22008] usb 9-1: config 0 has an invalid interface number: 55 but max is 0 [ 820.235231][T22008] usb 9-1: config 0 has no interface number 0 [ 820.255013][T22008] usb 9-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 820.299138][T22008] usb 9-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 820.360650][T22008] usb 9-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 820.372486][T22008] usb 9-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 820.387443][T22008] usb 9-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 820.438868][T22008] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 820.458524][T22008] usb 9-1: config 0 descriptor?? [ 820.487945][T22008] ldusb 9-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 820.649190][ T59] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 820.763847][ T8238] usb 9-1: USB disconnect, device number 18 [ 820.765976][ C1] ldusb 9-1:0.55: usb_submit_urb failed (-19) [ 820.836990][ T8238] ldusb 9-1:0.55: LD USB Device #0 now disconnected [ 820.848894][T24819] ldusb: No device or device unplugged -19 [ 820.908201][T24819] ldusb: No device or device unplugged -19 [ 820.914280][T24819] ldusb: No device or device unplugged -19 [ 821.002059][T24819] ldusb: No device or device unplugged -19 [ 822.147105][ T59] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 822.229737][ T59] bond0 (unregistering): Released all slaves [ 822.271893][ T59] bond1 (unregistering): Released all slaves [ 822.333758][ T59] bond2 (unregistering): Released all slaves [ 823.169603][T24883] kvm: pic: level sensitive irq not supported [ 823.169826][T24883] kvm: pic: non byte read [ 823.181373][T24883] kvm: pic: level sensitive irq not supported [ 823.181436][T24883] kvm: pic: non byte read [ 823.194633][T24883] kvm: pic: level sensitive irq not supported [ 823.194699][T24883] kvm: pic: non byte read [ 823.864246][ T59] hsr_slave_0: left promiscuous mode [ 823.872503][ T59] hsr_slave_1: left promiscuous mode [ 823.995209][ T59] veth1_macvtap: left promiscuous mode [ 824.003852][ T59] veth0_macvtap: left promiscuous mode [ 824.207038][ T59] veth1_vlan: left promiscuous mode [ 824.234486][ T59] veth0_vlan: left promiscuous mode [ 825.337211][ T29] audit: type=1326 audit(1774965023.099:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24917 comm="syz.2.6422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e2239c819 code=0x7ffc0000 [ 825.452179][ T29] audit: type=1326 audit(1774965023.099:704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24917 comm="syz.2.6422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e2239c819 code=0x7ffc0000 [ 825.585100][ T29] audit: type=1326 audit(1774965023.109:705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24917 comm="syz.2.6422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f6e2239c819 code=0x7ffc0000 [ 825.683556][ T29] audit: type=1326 audit(1774965023.109:706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24917 comm="syz.2.6422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e2239c819 code=0x7ffc0000 [ 825.816454][ T29] audit: type=1326 audit(1774965023.109:707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24917 comm="syz.2.6422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e2239c819 code=0x7ffc0000 [ 825.857654][ T29] audit: type=1326 audit(1774965023.109:708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24917 comm="syz.2.6422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f6e2239c819 code=0x7ffc0000 [ 825.913362][ T29] audit: type=1326 audit(1774965023.109:709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24917 comm="syz.2.6422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e2239c819 code=0x7ffc0000 [ 825.957806][ T29] audit: type=1326 audit(1774965023.109:710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24917 comm="syz.2.6422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e2239c819 code=0x7ffc0000 [ 826.107447][ T29] audit: type=1326 audit(1774965023.109:711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24917 comm="syz.2.6422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6e2239c819 code=0x7ffc0000 [ 826.277930][ T29] audit: type=1326 audit(1774965023.109:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24917 comm="syz.2.6422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e2239c819 code=0x7ffc0000 [ 828.002417][T25004] netlink: 64 bytes leftover after parsing attributes in process `syz.7.6444'. [ 828.059551][T25004] syzkaller1: entered promiscuous mode [ 828.091543][T25004] syzkaller1: entered allmulticast mode [ 828.730434][T25017] 8021q: adding VLAN 0 to HW filter on device bond1 [ 829.345081][T22017] usb 7-1: new high-speed USB device number 29 using dummy_hcd [ 829.532893][T22017] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 829.555482][T22017] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 829.583660][T22017] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 829.626239][T22017] usb 7-1: config 0 descriptor?? [ 829.670205][T22017] pwc: Askey VC010 type 2 USB webcam detected. [ 830.048741][T22017] pwc: recv_control_msg error -32 req 02 val 2b00 [ 830.060830][T22017] pwc: recv_control_msg error -32 req 02 val 2700 [ 830.077694][T22017] pwc: recv_control_msg error -32 req 02 val 2c00 [ 830.088314][T22017] pwc: recv_control_msg error -32 req 04 val 1000 [ 830.100683][T22017] pwc: recv_control_msg error -32 req 04 val 1300 [ 830.111251][T22017] pwc: recv_control_msg error -32 req 04 val 1400 [ 830.323663][T22017] pwc: recv_control_msg error -71 req 02 val 2100 [ 830.336843][T22017] pwc: recv_control_msg error -71 req 04 val 1500 [ 830.356004][T22017] pwc: recv_control_msg error -71 req 02 val 2500 [ 830.366639][T22017] pwc: recv_control_msg error -71 req 02 val 2400 [ 830.390735][T22017] pwc: recv_control_msg error -71 req 02 val 2600 [ 830.398375][T22017] pwc: recv_control_msg error -71 req 02 val 2900 [ 830.428526][T22017] pwc: recv_control_msg error -71 req 02 val 2800 [ 830.443271][T22017] pwc: recv_control_msg error -71 req 04 val 1100 [ 830.479116][T22017] pwc: recv_control_msg error -71 req 04 val 1200 [ 830.539911][T22017] pwc: Registered as video103. [ 830.576836][T22017] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input133 [ 830.619170][T22017] usb 7-1: USB disconnect, device number 29 [ 831.326677][T25089] xt_hashlimit: size too large, truncated to 1048576 [ 831.905309][ T29] kauditd_printk_skb: 7 callbacks suppressed [ 831.905325][ T29] audit: type=1800 audit(1774965029.659:720): pid=25084 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.6464" name="/" dev="fuse" ino=4 res=0 errno=0 [ 835.931729][T25137] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6480'. [ 836.009409][T22016] usb 9-1: new full-speed USB device number 19 using dummy_hcd [ 836.181701][T22016] usb 9-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 836.203150][T22016] usb 9-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 836.234497][T22016] usb 9-1: config 0 interface 0 has no altsetting 0 [ 836.261931][T22016] usb 9-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00 [ 836.281600][T22016] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 836.313913][T22016] usb 9-1: config 0 descriptor?? [ 836.760998][T22016] hid-steam 0003:28DE:1102.007A: unknown main item tag 0x0 [ 836.784591][T22016] hid-steam 0003:28DE:1102.007A: unknown main item tag 0x0 [ 836.796435][T22016] hid-steam 0003:28DE:1102.007A: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.8-1/input0 [ 836.865654][T22016] hid-steam 0003:28DE:1102.007A: Steam Controller 'XXXXXXXXXX' connected [ 836.885874][T22016] input: Steam Controller as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/0003:28DE:1102.007A/input/input134 [ 836.951956][T25167] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6487'. [ 836.975141][T22016] hid-steam 0003:28DE:1102.007B: unknown main item tag 0x0 [ 836.983029][T22016] hid-steam 0003:28DE:1102.007B: unknown main item tag 0x0 [ 837.109999][T22016] hid-steam 0003:28DE:1102.007B: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.8-1/input0 [ 837.146725][T25167] 8021q: adding VLAN 0 to HW filter on device bond1 [ 837.213355][T25170] macvtap1: entered promiscuous mode [ 837.238184][T25170] bond1: entered promiscuous mode [ 837.245276][T25170] macvtap1: entered allmulticast mode [ 837.255015][T25170] bond1: entered allmulticast mode [ 837.341606][T25170] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 837.418154][T25170] bond1: left allmulticast mode [ 837.423308][T25170] bond1: left promiscuous mode [ 837.858604][T25190] xt_hashlimit: size too large, truncated to 1048576 [ 837.960105][T25198] syzkaller1: entered promiscuous mode [ 837.998734][T25197] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6493'. [ 838.021313][T25198] syzkaller1: entered allmulticast mode [ 838.616462][T16035] usb 9-1: USB disconnect, device number 19 [ 838.779417][T16035] hid-steam 0003:28DE:1102.007A: Steam Controller 'XXXXXXXXXX' disconnected [ 839.155143][T22016] usb 5-1: new high-speed USB device number 92 using dummy_hcd [ 839.345228][T22016] usb 5-1: Using ep0 maxpacket: 32 [ 839.355085][T22016] usb 5-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 839.364580][T22016] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 839.373267][T22016] usb 5-1: Product: syz [ 839.377982][T22016] usb 5-1: Manufacturer: syz [ 839.382627][T22016] usb 5-1: SerialNumber: syz [ 839.394448][T22016] usb 5-1: config 0 descriptor?? [ 839.625310][ T8238] usb 7-1: new high-speed USB device number 30 using dummy_hcd [ 839.813629][ T8238] usb 7-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 839.823260][T22016] airspy 5-1:0.0: Board ID: 00 [ 839.836251][T22016] airspy 5-1:0.0: Firmware version: [ 839.846417][ T8238] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 839.874321][ T8238] usb 7-1: Product: syz [ 839.884732][ T8238] usb 7-1: Manufacturer: syz [ 839.911532][ T8238] usb 7-1: SerialNumber: syz [ 839.952051][ T8238] usb 7-1: config 0 descriptor?? [ 840.255884][T25243] bond0: (slave bond_slave_1): Releasing backup interface [ 840.485492][T22008] usb 8-1: new high-speed USB device number 38 using dummy_hcd [ 840.649494][T25273] bridge0: port 2(bridge_slave_1) entered disabled state [ 840.657768][T25273] bridge0: port 1(bridge_slave_0) entered disabled state [ 840.675063][T22008] usb 8-1: Using ep0 maxpacket: 32 [ 840.689642][T22008] usb 8-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 840.770593][T22008] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 840.795286][T22008] usb 8-1: Product: syz [ 840.799557][T22008] usb 8-1: Manufacturer: syz [ 840.804216][T22008] usb 8-1: SerialNumber: syz [ 840.812829][T22008] usb 8-1: config 0 descriptor?? [ 840.831331][T22008] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 840.842483][T22016] airspy 5-1:0.0: usb_control_msg() failed -71 request 10 [ 840.854177][T22016] airspy 5-1:0.0: Registered as swradio24 [ 840.860959][T22016] airspy 5-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 840.884785][T25273] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 840.917181][T25273] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 841.103999][ T8238] usb 7-1: ATUSB: AT86RF230 version 226 [ 841.154854][ T12] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 841.179120][ T12] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 841.197782][T22016] usb 5-1: USB disconnect, device number 92 [ 841.212443][ T12] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 841.243536][ T12] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 841.313511][ T8238] usb 7-1: Firmware: major: 224, minor: 205, hardware type: UNKNOWN (46) [ 841.517364][ T8238] usb 7-1: failed to fetch extended address, random address set [ 841.545619][ T8238] usb 7-1: atusb_probe: initialization failed, error = -524 [ 841.553502][ T8238] atusb 7-1:0.0: probe with driver atusb failed with error -524 [ 841.625489][ T8238] usb 7-1: USB disconnect, device number 30 [ 842.120902][T25294] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 842.366802][T25302] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 842.710178][T22008] gspca_ov534_9: reg_w failed -71 [ 842.785019][T22017] usb 3-1: new high-speed USB device number 73 using dummy_hcd [ 842.935067][T22017] usb 3-1: Using ep0 maxpacket: 8 [ 842.943033][T22017] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 842.952964][T22017] usb 3-1: config 0 has no interface number 0 [ 842.960892][T22017] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 842.975123][T22008] gspca_ov534_9: Unknown sensor 0000 [ 842.975228][T22008] ov534_9 8-1:0.0: probe with driver ov534_9 failed with error -22 [ 842.993354][T22017] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 843.005560][T22017] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 843.025336][T22008] usb 8-1: USB disconnect, device number 38 [ 843.042083][T22017] usb 3-1: config 0 descriptor?? [ 843.077165][T22017] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 844.604011][ T8238] usb 3-1: USB disconnect, device number 73 [ 845.174995][T22016] usb 3-1: new low-speed USB device number 74 using dummy_hcd [ 845.336758][T22016] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 845.344640][T22016] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 845.357110][T22016] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 845.371430][T22016] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 845.385140][T22016] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 845.398566][T22016] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 845.406929][T22016] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 845.417865][T22016] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 845.429882][T22016] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 845.444254][T22016] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 845.457658][T22016] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 845.466254][T22016] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 845.477343][T22016] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 845.489680][T22016] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 845.501985][T22016] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 845.520966][T22016] usb 3-1: string descriptor 0 read error: -22 [ 845.527910][T22016] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 845.539158][T22016] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 845.564151][T22016] adutux 3-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 847.926815][ T8242] usb 3-1: USB disconnect, device number 74 [ 848.196239][T25398] vivid-003: ================= START STATUS ================= [ 848.228405][T25398] vivid-003: Radio HW Seek Mode: Bounded [ 848.266287][T25398] vivid-003: Radio Programmable HW Seek: false [ 848.272656][T25398] vivid-003: RDS Rx I/O Mode: Block I/O [ 848.293084][T25401] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 848.335693][T25398] vivid-003: Generate RBDS Instead of RDS: false [ 848.342121][T25398] vivid-003: RDS Reception: true [ 848.415140][T25398] vivid-003: RDS Program Type: 0 inactive [ 848.555181][T25398] vivid-003: RDS PS Name: inactive [ 848.568620][T25398] vivid-003: RDS Radio Text: inactive [ 848.578418][T25398] vivid-003: RDS Traffic Announcement: false inactive [ 848.638667][T25398] vivid-003: RDS Traffic Program: false inactive [ 848.720764][T25398] vivid-003: RDS Music: false inactive [ 848.749424][T25398] vivid-003: ================== END STATUS ================== [ 849.032613][T25418] loop2: detected capacity change from 0 to 7 [ 849.042027][T25418] Dev loop2: unable to read RDB block 7 [ 849.049831][T25418] loop2: AHDI p1 p2 p3 [ 849.054521][T25418] loop2: partition table partially beyond EOD, truncated [ 849.063585][T25418] loop2: p1 start 1818582900 is beyond EOD, truncated [ 849.072206][T25418] loop2: p3 start 335544320 is beyond EOD, truncated [ 849.626807][T25432] netlink: 8 bytes leftover after parsing attributes in process `syz.8.6561'. [ 849.662404][T25432] netlink: 8 bytes leftover after parsing attributes in process `syz.8.6561'. [ 850.457389][T22015] usb 8-1: new high-speed USB device number 39 using dummy_hcd [ 850.510648][T25463] kvm: pic: non byte write [ 850.635848][T22015] usb 8-1: Using ep0 maxpacket: 32 [ 850.643450][T22015] usb 8-1: config 0 has an invalid interface number: 12 but max is 0 [ 850.652519][T22015] usb 8-1: config 0 has no interface number 0 [ 850.661564][T22015] usb 8-1: config 0 interface 12 has no altsetting 0 [ 850.671790][T25468] kvm: pic: single mode not supported [ 850.671814][T25468] kvm: pic: level sensitive irq not supported [ 850.672077][T22015] usb 8-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 850.689345][T25468] kvm: pic: level sensitive irq not supported [ 850.693627][T22015] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 850.720307][T22015] usb 8-1: Product: syz [ 850.724665][T22015] usb 8-1: Manufacturer: syz [ 850.730111][T22015] usb 8-1: SerialNumber: syz [ 850.739441][T22015] usb 8-1: config 0 descriptor?? [ 851.665656][T25491] syz_tun: entered allmulticast mode [ 851.813755][T25501] loop5: detected capacity change from 0 to 7 [ 851.834720][T25501] loop5: [ 851.849757][T25501] loop5: partition table partially beyond EOD, truncated [ 852.113776][T25506] kvm: pic: level sensitive irq not supported [ 852.113916][T25506] kvm: pic: non byte read [ 852.155300][T22017] usb 3-1: new high-speed USB device number 75 using dummy_hcd [ 852.167582][T25506] kvm: pic: level sensitive irq not supported [ 852.167678][T25506] kvm: pic: non byte read [ 852.350328][T22017] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 852.384328][T22017] usb 3-1: config 0 has no interfaces? [ 852.390786][T22017] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 852.428705][T22017] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 852.459481][T22017] usb 3-1: config 0 descriptor?? [ 852.618660][T22015] f81534 8-1:0.12: f81534_set_register: reg: 1003 data: d8 failed: -71 [ 852.647709][T22015] f81534 8-1:0.12: f81534_find_config_idx: read failed: -71 [ 852.677441][T22015] f81534 8-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 852.733473][T22015] f81534 8-1:0.12: probe with driver f81534 failed with error -71 [ 852.769838][T22015] usb 8-1: USB disconnect, device number 39 [ 852.826073][ T8238] usb 3-1: USB disconnect, device number 75 [ 853.744312][T25559] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6593'. [ 853.841941][ T8242] usb 5-1: new high-speed USB device number 93 using dummy_hcd [ 854.275006][ T8242] usb 5-1: Using ep0 maxpacket: 32 [ 854.325491][ T8242] usb 5-1: config 0 has an invalid interface number: 111 but max is 1 [ 854.333787][ T8242] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 854.375000][ T8242] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 854.384035][ T8242] usb 5-1: config 0 has no interface number 0 [ 854.448433][ T8242] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=4a.83 [ 854.466149][ T8242] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 854.500814][ T8242] usb 5-1: Product: syz [ 854.518618][ T8242] usb 5-1: Manufacturer: syz [ 854.523472][ T8242] usb 5-1: SerialNumber: syz [ 854.574269][ T8242] usb 5-1: config 0 descriptor?? [ 854.835041][ T8238] usb 9-1: new high-speed USB device number 20 using dummy_hcd [ 854.854301][T25594] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 854.866365][ T8242] snd-usb-6fire 5-1:0.111: unable to receive device firmware state. [ 854.907995][ T8242] snd-usb-6fire 5-1:0.111: probe with driver snd-usb-6fire failed with error -71 [ 854.928978][ T8242] usb 5-1: USB disconnect, device number 93 [ 855.041754][ T8238] usb 9-1: unable to get BOS descriptor or descriptor too short [ 855.054570][ T8238] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 855.112775][ T8238] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 9 [ 855.163276][ T8238] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 855.193135][ T8238] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x88 has invalid maxpacket 0 [ 855.224993][ T8238] usb 9-1: New USB device found, idVendor=04e6, idProduct=5591, bcdDevice=94.39 [ 855.235192][ T8238] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 855.260084][ T8238] usb 9-1: Product: syz [ 855.282788][ T8238] usb 9-1: Manufacturer: syz [ 855.310470][ T8238] usb 9-1: SerialNumber: syz [ 855.358788][ T8238] usb 9-1: config 0 descriptor?? [ 855.368625][ T8247] usb 5-1: new high-speed USB device number 94 using dummy_hcd [ 855.463562][T25587] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22 [ 855.490930][ C0] usb 9-1: NFC: Urb failure (status -71) [ 855.534853][ T8238] usb 9-1: NFC: Unable to get FW version [ 855.565019][ T8247] usb 5-1: Using ep0 maxpacket: 32 [ 855.565138][ T8238] pn533_usb 9-1:0.0: probe with driver pn533_usb failed with error -90 [ 855.574644][ T8247] usb 5-1: config 0 has an invalid interface number: 111 but max is 1 [ 855.589591][ T8247] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 855.604151][ T8247] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 855.640606][ T8247] usb 5-1: config 0 has no interface number 0 [ 855.704827][ T8247] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=4a.83 [ 855.720176][ T8238] usb 9-1: USB disconnect, device number 20 [ 855.730325][ T8247] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 855.773030][ T8247] usb 5-1: Product: syz [ 855.801699][ T8247] usb 5-1: Manufacturer: syz [ 855.811857][ T8247] usb 5-1: SerialNumber: syz [ 855.822972][ T8247] usb 5-1: config 0 descriptor?? [ 856.050318][ T8247] snd-usb-6fire 5-1:0.111: unable to receive device firmware state. [ 856.060985][ T8247] snd-usb-6fire 5-1:0.111: probe with driver snd-usb-6fire failed with error -32 [ 856.316586][T25629] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 856.428576][T25632] netlink: 212360 bytes leftover after parsing attributes in process `syz.8.6612'. [ 856.725051][ T8238] usb 3-1: new high-speed USB device number 76 using dummy_hcd [ 856.875055][ T8238] usb 3-1: Using ep0 maxpacket: 32 [ 856.882557][ T8238] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 856.895015][ T8238] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 856.923016][ T8238] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 856.950541][ T8238] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 856.996520][ T8238] usb 3-1: config 0 descriptor?? [ 857.012220][ T8238] hub 3-1:0.0: USB hub found [ 857.085025][T16035] usb 9-1: new high-speed USB device number 21 using dummy_hcd [ 857.121558][ T8247] usb 5-1: USB disconnect, device number 94 [ 857.212002][ T8238] hub 3-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 857.236260][T16035] usb 9-1: Using ep0 maxpacket: 8 [ 857.266429][T16035] usb 9-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 857.288167][T16035] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 857.288337][T25655] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 857.307645][T16035] usb 9-1: Product: syz [ 857.311930][T16035] usb 9-1: Manufacturer: syz [ 857.320077][T16035] usb 9-1: SerialNumber: syz [ 857.331482][T16035] usb 9-1: config 0 descriptor?? [ 857.561063][T16035] usb 9-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 857.622170][ T8238] hid-generic 0003:046D:C31C.007C: unknown main item tag 0x0 [ 857.648677][ T8238] hid-generic 0003:046D:C31C.007C: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.2-1/input0 [ 857.868400][T25674] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6621'. [ 857.877772][T25674] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6621'. [ 858.284102][T25634] usb 3-1: reset high-speed USB device number 76 using dummy_hcd [ 858.682899][T25634] usbhid 3-1:0.0: reset_resume error -1 [ 858.895096][ T8247] usb 7-1: new high-speed USB device number 31 using dummy_hcd [ 858.905606][ T8242] usb 3-1: USB disconnect, device number 76 [ 859.045068][ T8247] usb 7-1: Using ep0 maxpacket: 8 [ 859.058272][ T8247] usb 7-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 859.067626][ T8247] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 859.075948][ T8247] usb 7-1: Product: syz [ 859.080176][ T8247] usb 7-1: Manufacturer: syz [ 859.084807][ T8247] usb 7-1: SerialNumber: syz [ 859.092611][ T8247] usb 7-1: config 0 descriptor?? [ 859.101166][ T8247] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 859.179633][T16035] dvb_usb_rtl28xxu 9-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 859.195501][T16035] usb 9-1: USB disconnect, device number 21 [ 859.484340][T25699] kvm: pic: non byte read [ 859.489603][T25699] kvm: pic: non byte read [ 859.495387][T25699] kvm: pic: non byte read [ 860.012423][T25710] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 860.254843][T25713] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 860.913432][ T8247] gspca_sonixj: reg_r err -71 [ 860.935756][ T8247] sonixj 7-1:0.0: probe with driver sonixj failed with error -71 [ 860.973188][ T8247] usb 7-1: USB disconnect, device number 31 [ 861.165187][T25733] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6643'. [ 861.188129][T25733] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6643'. [ 861.217615][T25733] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6643'. [ 861.235069][T25733] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6643'. [ 862.146755][T25760] netlink: 12 bytes leftover after parsing attributes in process `syz.8.6654'. [ 862.295077][ T8247] usb 3-1: new high-speed USB device number 77 using dummy_hcd [ 862.484348][ T8247] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 862.520588][ T8247] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 862.547015][ T8247] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 862.565062][ T8247] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 862.583515][ T8247] usb 3-1: Manufacturer: syz [ 862.607245][ T8247] usb 3-1: config 0 descriptor?? [ 863.029050][ T8247] pyra 0003:1E7D:2CF6.007D: unknown main item tag 0x0 [ 863.045721][ T8247] pyra 0003:1E7D:2CF6.007D: unknown main item tag 0x0 [ 863.065307][ T8247] pyra 0003:1E7D:2CF6.007D: unknown main item tag 0x0 [ 863.072352][ T8247] pyra 0003:1E7D:2CF6.007D: unknown main item tag 0x0 [ 863.087503][ T8247] pyra 0003:1E7D:2CF6.007D: unknown main item tag 0x0 [ 863.124853][ T8247] pyra 0003:1E7D:2CF6.007D: unknown main item tag 0x0 [ 863.131993][ T8247] pyra 0003:1E7D:2CF6.007D: unknown main item tag 0x0 [ 863.161387][ T8247] pyra 0003:1E7D:2CF6.007D: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 863.878633][ T29] audit: type=1800 audit(1774965061.639:721): pid=25793 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.6665" name="bus" dev="tmpfs" ino=1517 res=0 errno=0 [ 863.915069][T16035] usb 7-1: new high-speed USB device number 32 using dummy_hcd [ 864.107278][T16035] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 864.133614][T16035] usb 7-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 864.163938][T16035] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 864.174529][T16035] usb 7-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 864.209514][T16035] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 864.228894][T16035] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 864.256776][T16035] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 864.266522][T16035] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 864.285087][T16035] usb 7-1: Product: syz [ 864.289806][T16035] usb 7-1: Manufacturer: syz [ 864.315355][T25788] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 864.335626][T16035] cdc_wdm 7-1:1.0: skipping garbage [ 864.340988][T16035] cdc_wdm 7-1:1.0: skipping garbage [ 864.363935][T16035] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 864.375041][T16035] cdc_wdm 7-1:1.0: Unknown control protocol [ 864.435122][ T8247] pyra 0003:1E7D:2CF6.007D: couldn't init struct pyra_device [ 864.442647][ T8247] pyra 0003:1E7D:2CF6.007D: couldn't install mouse [ 864.468523][ T8247] pyra 0003:1E7D:2CF6.007D: probe with driver pyra failed with error -71 [ 864.518848][ T8247] usb 3-1: USB disconnect, device number 77 [ 864.602174][ C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 864.608881][ C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 864.615444][ C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 864.622174][ C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 864.629159][ C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 864.636025][ C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 864.643023][ C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 864.649679][ C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 864.656728][ C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 864.663639][ C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 864.670515][ C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 864.677414][ C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 864.684149][ C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 864.690804][ C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 864.697625][ C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 864.704268][ C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 864.711383][ C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 864.718029][ C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 864.724583][ C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 864.731401][ C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 864.785325][ T8247] usb 7-1: USB disconnect, device number 32 [ 864.790133][ C0] cdc_wdm 7-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 864.830983][T25800] fido_id[25800]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 865.464090][T25819] netlink: 'syz.2.6674': attribute type 1 has an invalid length. [ 865.497868][T25810] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 865.504577][T25810] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 865.563444][T25823] vlan2: entered allmulticast mode [ 865.591443][T25823] veth0_to_bond: entered allmulticast mode [ 865.788781][T25819] 8021q: adding VLAN 0 to HW filter on device bond1 [ 865.801745][T25810] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 865.809100][T25810] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 865.819662][T25810] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 865.832002][T25810] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 866.201185][T25835] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6677'. [ 866.286940][T25835] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6677'. [ 866.588963][T25810] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 866.613237][T25810] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 866.950552][T25810] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 866.961478][T25810] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 867.641390][ T1160] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 867.695696][ T8242] usb 5-1: new high-speed USB device number 95 using dummy_hcd [ 867.800090][T25844] syz.6.6678 (25844): drop_caches: 2 [ 867.849934][ T1160] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 867.901888][ T8242] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 867.933267][ T8242] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 867.958066][ T8242] usb 5-1: Product: syz [ 867.962501][ T8242] usb 5-1: Manufacturer: syz [ 867.974217][ T8242] usb 5-1: SerialNumber: syz [ 868.013446][ T8242] usb 5-1: config 0 descriptor?? [ 868.034369][ T1160] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 868.240128][ T1160] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 868.331466][ T8247] usb 5-1: USB disconnect, device number 95 [ 868.525221][T22008] usb 9-1: new high-speed USB device number 22 using dummy_hcd [ 868.649644][ T1160] bridge_slave_1: left allmulticast mode [ 868.663339][ T1160] bridge_slave_1: left promiscuous mode [ 868.680020][ T1160] bridge0: port 2(bridge_slave_1) entered disabled state [ 868.710125][ T1160] bridge_slave_0: left allmulticast mode [ 868.726718][ T1160] bridge_slave_0: left promiscuous mode [ 868.735067][T22008] usb 9-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 868.754634][ T1160] bridge0: port 1(bridge_slave_0) entered disabled state [ 868.766346][T22008] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 868.787536][T22008] usb 9-1: Product: syz [ 868.791796][T22008] usb 9-1: Manufacturer: syz [ 868.812126][T22008] usb 9-1: SerialNumber: syz [ 868.829297][T22008] usb 9-1: config 0 descriptor?? [ 868.842825][T22008] hub 9-1:0.0: bad descriptor, ignoring hub [ 868.858798][T22008] hub 9-1:0.0: probe with driver hub failed with error -5 [ 869.061339][T22008] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state. [ 869.097930][T22008] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 869.117226][T22008] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo) [ 869.138379][T22008] usb 9-1: media controller created [ 869.203130][T22008] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 869.332087][T22008] DVB: Unable to find symbol dib7000p_attach() [ 869.355650][T22008] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo' [ 869.478158][T22008] rc_core: IR keymap rc-dib0700-rc5 not found [ 869.525537][T22008] Registered IR keymap rc-empty [ 869.530878][T22008] dvb-usb: could not initialize remote control. [ 869.567479][T22008] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected. [ 869.638689][ T5827] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 869.653623][ T5827] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 869.667222][ T5827] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 869.678570][ T5827] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 869.686501][ T5827] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 869.723802][ T1160] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 869.745202][ T5833] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 869.768420][ T5833] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 869.779868][ T5833] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 869.804193][ T5833] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 869.808874][ T1160] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 869.823534][ T5833] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 869.836282][ T1160] bond0 (unregistering): Released all slaves [ 869.894621][ T1160] bond1 (unregistering): Released all slaves [ 870.075107][ T8247] usb 9-1: USB disconnect, device number 22 [ 870.189945][ T8247] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected. [ 870.350256][T25919] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1025 (2050 ns) > initial count (14 ns). Using initial count to start timer. [ 870.470643][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.493595][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.731418][ T1160] hsr_slave_0: left promiscuous mode [ 870.756287][ T1160] hsr_slave_1: left promiscuous mode [ 870.766755][ T1160] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 870.794727][ T1160] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 870.816758][ T1160] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 870.866222][ T1160] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 870.915584][ T1160] veth1_macvtap: left promiscuous mode [ 870.921414][ T1160] veth0_macvtap: left promiscuous mode [ 870.927201][ T1160] veth1_vlan: left promiscuous mode [ 870.932752][ T1160] veth0_vlan: left promiscuous mode [ 871.126234][T16035] usb 7-1: new high-speed USB device number 33 using dummy_hcd [ 871.311338][T25951] loop2: detected capacity change from 0 to 1 [ 871.324660][T16035] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 871.350154][T25951] ldm_validate_privheads(): Disk read failed. [ 871.369949][T16035] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 871.383662][T25951] Dev loop2: unable to read RDB block 1 [ 871.400575][T25951] loop2: unable to read partition table [ 871.429231][T16035] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 871.441853][T25951] loop2: partition table beyond EOD, truncated [ 871.468059][T25951] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 871.481476][T16035] usb 7-1: config 0 descriptor?? [ 871.754579][T16035] usbhid 7-1:0.0: can't add hid device: -71 [ 871.772973][T16035] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 871.840677][T16035] usb 7-1: USB disconnect, device number 33 [ 871.908449][ T5833] Bluetooth: hci1: command tx timeout [ 872.164737][ T1160] team0 (unregistering): Port device team_slave_1 removed [ 872.223933][ T1160] team0 (unregistering): Port device team_slave_0 removed [ 872.320325][T16035] usb 7-1: new high-speed USB device number 34 using dummy_hcd [ 872.483364][T25905] chnl_net:caif_netlink_parms(): no params data found [ 872.501347][T16035] usb 7-1: Using ep0 maxpacket: 32 [ 872.521789][T16035] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 872.559780][T16035] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 872.592368][T16035] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 872.653289][T16035] usb 7-1: config 0 descriptor?? [ 872.671987][T16035] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 872.721581][T16035] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 872.898420][T25905] bridge0: port 1(bridge_slave_0) entered blocking state [ 872.905923][T25905] bridge0: port 1(bridge_slave_0) entered disabled state [ 872.913263][T25905] bridge_slave_0: entered allmulticast mode [ 872.927449][T25905] bridge_slave_0: entered promiscuous mode [ 872.942764][T25905] bridge0: port 2(bridge_slave_1) entered blocking state [ 872.959844][T25905] bridge0: port 2(bridge_slave_1) entered disabled state [ 872.967638][T25905] bridge_slave_1: entered allmulticast mode [ 872.976143][T25905] bridge_slave_1: entered promiscuous mode [ 873.028454][T25974] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6716'. [ 873.111194][T25905] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 873.149358][T25905] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 873.214507][T22022] usb 7-1: USB disconnect, device number 34 [ 873.260942][T22022] ldusb 7-1:0.0: LD USB Device #0 now disconnected [ 873.300758][T25905] team0: Port device team_slave_0 added [ 873.334525][T25905] team0: Port device team_slave_1 added [ 873.424804][T25905] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 873.436165][T25905] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 873.462680][T25905] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 873.483668][T25905] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 873.491811][T25905] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 873.523541][T25905] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 873.615451][T25905] hsr_slave_0: entered promiscuous mode [ 873.622597][T25905] hsr_slave_1: entered promiscuous mode [ 873.641651][T25905] debugfs: 'hsr0' already exists in 'hsr' [ 873.663958][T25905] Cannot create hsr debugfs directory [ 873.985422][ T5833] Bluetooth: hci1: command tx timeout [ 874.603359][T26018] input: syz0 as /devices/virtual/input/input136 [ 874.644116][T26020] netlink: 'syz.6.6729': attribute type 4 has an invalid length. [ 874.710896][T26020] netlink: 'syz.6.6729': attribute type 4 has an invalid length. [ 875.322912][T25905] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 875.367784][T25905] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 875.429184][T25905] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 875.457948][T25905] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 875.836529][T25905] 8021q: adding VLAN 0 to HW filter on device bond0 [ 875.910253][T26058] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6735'. [ 876.068651][ T5833] Bluetooth: hci1: command tx timeout [ 876.102749][T25905] 8021q: adding VLAN 0 to HW filter on device team0 [ 876.287390][ T7379] bridge0: port 1(bridge_slave_0) entered blocking state [ 876.294680][ T7379] bridge0: port 1(bridge_slave_0) entered forwarding state [ 876.378858][ T7379] bridge0: port 2(bridge_slave_1) entered blocking state [ 876.386102][ T7379] bridge0: port 2(bridge_slave_1) entered forwarding state [ 877.035588][T25905] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 877.230230][T26093] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6743'. [ 877.269519][T25905] veth0_vlan: entered promiscuous mode [ 877.303104][T25905] veth1_vlan: entered promiscuous mode [ 877.322051][T26099] netlink: 44 bytes leftover after parsing attributes in process `syz.6.6743'. [ 877.825615][T25905] veth0_macvtap: entered promiscuous mode [ 877.863565][T25905] veth1_macvtap: entered promiscuous mode [ 878.097359][T25905] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 878.152734][ T5833] Bluetooth: hci1: command tx timeout [ 878.191430][T25905] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 878.324470][ T7374] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 878.375759][ T7374] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 878.438051][ T7374] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 878.491698][ T7374] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 878.745010][ T8238] usb 3-1: new high-speed USB device number 78 using dummy_hcd [ 878.869190][ T1160] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 878.908450][ T1160] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 878.939033][ T8238] usb 3-1: Using ep0 maxpacket: 32 [ 879.005258][ T8238] usb 3-1: config 4 has an invalid interface number: 228 but max is 0 [ 879.013606][ T8238] usb 3-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 879.024771][T26140] tipc: Started in network mode [ 879.058021][T26140] tipc: Node identity 4, cluster identity 4711 [ 879.064364][ T8238] usb 3-1: config 4 has no interface number 0 [ 879.090533][T26140] tipc: Node number set to 4 [ 879.124977][ T8238] usb 3-1: too many endpoints for config 4 interface 228 altsetting 12: 129, using maximum allowed: 30 [ 879.137632][ T7381] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 879.173445][ T7381] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 879.193966][ T8238] usb 3-1: config 4 interface 228 altsetting 12 has 0 endpoint descriptors, different from the interface descriptor's value: 129 [ 879.260736][ T8238] usb 3-1: config 4 interface 228 has no altsetting 0 [ 879.303034][ T8238] usb 3-1: New USB device found, idVendor=0499, idProduct=a9a2, bcdDevice=c4.e8 [ 879.339250][ T8238] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 879.366171][ T8238] usb 3-1: Product: syz [ 879.370583][ T8238] usb 3-1: Manufacturer: syz [ 879.405667][ T8238] usb 3-1: SerialNumber: syz [ 879.696048][ T8242] usb 5-1: new high-speed USB device number 96 using dummy_hcd [ 879.879635][ T8242] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 879.925345][ T8238] usb 3-1: USB disconnect, device number 78 [ 879.932228][ T8242] usb 5-1: config 0 has no interfaces? [ 879.957568][ T8242] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 879.974840][ T8242] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 880.050333][ T8242] usb 5-1: config 0 descriptor?? [ 880.054319][ T6005] udevd[6005]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:4.228/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 880.332126][T22008] usb 5-1: USB disconnect, device number 96 [ 880.425243][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 880.855253][T22008] usb 5-1: new high-speed USB device number 97 using dummy_hcd [ 881.068659][T22008] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 881.125342][T22008] usb 5-1: config 0 has no interfaces? [ 881.154504][T26189] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6769'. [ 881.169952][T22008] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 881.210825][T22008] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 881.220051][T26194] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6769'. [ 881.238824][ T7374] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 881.290399][ T7374] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 881.306345][T22008] usb 5-1: config 0 descriptor?? [ 881.359863][T26194] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6769'. [ 881.369524][ T7374] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 881.418323][ T7374] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 881.601023][T26149] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6759'. [ 881.643818][T26149] netlink: 'syz.4.6759': attribute type 7 has an invalid length. [ 881.683398][T26149] netlink: 'syz.4.6759': attribute type 8 has an invalid length. [ 881.723464][T26149] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6759'. [ 881.776424][T22017] usb 5-1: USB disconnect, device number 97 [ 883.057475][T26242] xt_hashlimit: size too large, truncated to 1048576 [ 883.725463][ T8238] usb 7-1: new high-speed USB device number 35 using dummy_hcd [ 883.917864][ T8238] usb 7-1: Using ep0 maxpacket: 32 [ 883.967591][ T8238] usb 7-1: config 0 has an invalid interface number: 188 but max is 0 [ 884.005017][ T8238] usb 7-1: config 0 has no interface number 0 [ 884.022958][ T8238] usb 7-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 884.053873][ T8238] usb 7-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 884.080059][ T8238] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 884.096144][ T8238] usb 7-1: Product: syz [ 884.100812][ T8238] usb 7-1: Manufacturer: syz [ 884.106381][ T8238] usb 7-1: SerialNumber: syz [ 884.122501][ T8238] usb 7-1: config 0 descriptor?? [ 884.133236][T26252] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 884.367502][T26252] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 884.522202][ T29] audit: type=1800 audit(1774965082.279:722): pid=26270 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.6790" name="/" dev="fuse" ino=1 res=0 errno=0 [ 885.235142][T16035] usb 8-1: new full-speed USB device number 40 using dummy_hcd [ 885.427874][T16035] usb 8-1: config index 0 descriptor too short (expected 28277, got 36) [ 885.448057][T16035] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 885.484963][T16035] usb 8-1: config 0 has no interfaces? [ 885.501195][T16035] usb 8-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00 [ 885.532016][T16035] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 885.579754][T16035] usb 8-1: config 0 descriptor?? [ 886.014073][ T8238] asix 7-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 886.045041][ T8238] asix 7-1:0.188 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 886.080181][ T8238] asix 7-1:0.188: probe with driver asix failed with error -71 [ 886.170096][ T8238] usb 7-1: USB disconnect, device number 35 [ 886.530328][T26313] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 886.583089][T26313] block device autoloading is deprecated and will be removed. [ 887.968937][T16035] usb 8-1: USB disconnect, device number 40 [ 888.255764][T26349] kvm: pic: non byte read [ 888.260441][T26349] kvm: pic: non byte read [ 888.265510][T26349] kvm: pic: non byte read [ 888.270799][T26349] kvm: pic: non byte read [ 888.275659][T26349] kvm: pic: non byte read [ 888.280275][T26349] kvm: pic: non byte read [ 888.285065][T26349] kvm: pic: non byte read [ 888.289801][T26349] kvm: pic: non byte read [ 888.295627][T26349] kvm: pic: non byte read [ 888.300417][T26349] kvm: pic: non byte read [ 888.347067][T26351] bond2: entered allmulticast mode [ 888.400248][T26355] macvlan2: entered promiscuous mode [ 888.432330][T26355] macvlan2: entered allmulticast mode [ 888.462033][T26355] bond2: entered promiscuous mode [ 888.484667][T26355] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 888.540712][T26355] bond2: left promiscuous mode [ 888.663335][T26361] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6814'. [ 889.241432][T26374] loop2: detected capacity change from 0 to 7 [ 889.266075][T26374] Dev loop2: unable to read RDB block 7 [ 889.289621][T26374] loop2: AHDI p1 p2 p3 [ 889.307432][T26374] loop2: partition table partially beyond EOD, truncated [ 889.327485][T26374] loop2: p1 start 1818582900 is beyond EOD, truncated [ 889.358088][T26374] loop2: p3 start 335544320 is beyond EOD, truncated [ 889.589533][T26378] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 890.665150][T16035] usb 9-1: new high-speed USB device number 23 using dummy_hcd [ 890.837476][T16035] usb 9-1: config 0 has no interfaces? [ 890.852730][T16035] usb 9-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 890.872341][T16035] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 890.885274][T16035] usb 9-1: Product: syz [ 890.889956][T16035] usb 9-1: Manufacturer: syz [ 890.899977][T16035] usb 9-1: SerialNumber: syz [ 890.916161][T16035] usb 9-1: config 0 descriptor?? [ 891.262845][T26406] xt_hashlimit: size too large, truncated to 1048576 [ 891.392863][T16035] usb 9-1: USB disconnect, device number 23 [ 891.528107][T26409] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6831'. [ 892.635083][T22008] usb 3-1: new high-speed USB device number 79 using dummy_hcd [ 892.818061][T22008] usb 3-1: config 0 has no interfaces? [ 892.845387][T22008] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 892.903550][T22008] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 892.924683][T22008] usb 3-1: Product: syz [ 892.933574][T22008] usb 3-1: Manufacturer: syz [ 892.955152][T22008] usb 3-1: SerialNumber: syz [ 892.970426][T22008] usb 3-1: config 0 descriptor?? [ 893.390804][ T8238] usb 3-1: USB disconnect, device number 79 [ 893.562929][T26460] bond4: entered promiscuous mode [ 893.603175][T26460] ip6gre2: entered promiscuous mode [ 893.609439][T26460] ip6gre2: entered allmulticast mode [ 893.616103][T26460] bond4: (slave ip6gre2): The slave device specified does not support setting the MAC address [ 893.632512][T26460] bond4: (slave ip6gre2): Error -95 calling set_mac_address [ 894.191995][T26479] kvm: Disabled LAPIC found during irq injection [ 894.745265][T22017] usb 3-1: new high-speed USB device number 80 using dummy_hcd [ 894.965195][T22017] usb 3-1: config 0 has an invalid interface number: 33 but max is 0 [ 894.994600][T22017] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 895.014664][T22017] usb 3-1: config 0 has no interface number 0 [ 895.022905][T22017] usb 3-1: config 0 interface 33 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1023 [ 895.035704][T22017] usb 3-1: config 0 interface 33 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 895.055512][ T8238] usb 8-1: new full-speed USB device number 41 using dummy_hcd [ 895.067711][T22017] usb 3-1: New USB device found, idVendor=2040, idProduct=4901, bcdDevice=68.64 [ 895.079502][T22017] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 895.088277][T22017] usb 3-1: Product: syz [ 895.093130][T22017] usb 3-1: Manufacturer: syz [ 895.135014][T22017] usb 3-1: SerialNumber: syz [ 895.149605][T22017] usb 3-1: config 0 descriptor?? [ 895.163969][T26490] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 895.192261][T22017] hdpvr 3-1:0.33: Could not find bulk-in endpoint [ 895.206083][T26513] program syz.4.6870 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 895.216743][T22017] hdpvr 3-1:0.33: probe with driver hdpvr failed with error -12 [ 895.219934][ T8238] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 895.257158][ T8238] usb 8-1: config 0 has no interfaces? [ 895.282130][ T8238] usb 8-1: New USB device found, idVendor=07d0, idProduct=4101, bcdDevice=ec.5c [ 895.302062][ T8238] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 895.319342][ T8238] usb 8-1: Product: syz [ 895.354124][ T8238] usb 8-1: Manufacturer: syz [ 895.372273][ T8238] usb 8-1: SerialNumber: syz [ 895.388318][ T8238] usb 8-1: config 0 descriptor?? [ 895.523076][T26490] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 895.621038][T26497] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 895.653238][ T8238] usb 3-1: USB disconnect, device number 80 [ 895.693762][T22022] usb 8-1: USB disconnect, device number 41 [ 896.115060][T22008] usb 5-1: new high-speed USB device number 98 using dummy_hcd [ 896.281794][T22008] usb 5-1: config 0 has no interfaces? [ 896.302587][T22008] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 896.332619][T22008] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 896.341174][T26540] kvm: pic: non byte write [ 896.350891][T22008] usb 5-1: Product: syz [ 896.361909][T26545] loop2: detected capacity change from 0 to 7 [ 896.363877][T22008] usb 5-1: Manufacturer: syz [ 896.363904][T22008] usb 5-1: SerialNumber: syz [ 896.366337][ T6005] loop2: [ 896.366376][ T6005] loop2: partition table partially beyond EOD, truncated [ 896.376043][T22008] usb 5-1: config 0 descriptor?? [ 896.385323][T26545] loop2: [ 896.385362][T26545] loop2: partition table partially beyond EOD, truncated [ 896.832571][T22008] usb 5-1: USB disconnect, device number 98 [ 896.879954][T26559] kvm: pic: level sensitive irq not supported [ 896.880057][T26559] picdev_read: 77 callbacks suppressed [ 896.880076][T26559] kvm: pic: non byte read [ 896.901034][T26559] kvm: pic: non byte read [ 896.906929][T26559] kvm: pic: non byte read [ 896.913293][T26559] kvm: pic: single mode not supported [ 896.913390][T26559] kvm: pic: non byte read [ 896.928122][T26559] kvm: pic: non byte read [ 896.933009][T26559] kvm: pic: single mode not supported [ 896.933097][T26559] kvm: pic: non byte read [ 896.945404][T26559] kvm: pic: non byte read [ 896.950436][T26559] kvm: pic: single mode not supported [ 896.950457][T26559] kvm: pic: level sensitive irq not supported [ 896.956745][T26559] kvm: pic: non byte read [ 896.969363][T26559] kvm: pic: non byte read [ 897.217777][T26569] xt_hashlimit: size too large, truncated to 1048576 [ 897.345193][T22008] usb 3-1: new high-speed USB device number 81 using dummy_hcd [ 897.524981][T22008] usb 3-1: Using ep0 maxpacket: 32 [ 897.556347][T22008] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 897.584972][T22008] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 897.599331][T22008] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 897.614551][T22008] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 897.632782][T22008] usb 3-1: config 0 descriptor?? [ 897.649521][T22008] hub 3-1:0.0: USB hub found [ 897.857387][T22008] hub 3-1:0.0: 1 port detected [ 898.484629][T22008] hub 3-1:0.0: activate --> -90 [ 899.089806][T22008] hub 3-1:0.0: hub_ext_port_status failed (err = 0) [ 899.492694][T22015] usb 3-1: USB disconnect, device number 81 [ 899.500334][T22008] usb 3-1-port1: attempt power cycle [ 900.226781][T22015] usb 5-1: new high-speed USB device number 99 using dummy_hcd [ 900.389615][T22015] usb 5-1: Using ep0 maxpacket: 32 [ 900.417257][T22015] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 900.452398][T22015] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 900.471133][T22015] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 900.511493][T22015] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 900.543909][T22015] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 900.558264][T22015] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 900.573030][T22015] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 900.582644][T22015] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 900.598166][T22015] usb 5-1: config 0 descriptor?? [ 900.818831][T22015] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 99 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 901.072115][ T8238] usb 5-1: USB disconnect, device number 99 [ 901.100369][ T8238] usblp0: removed [ 901.144008][T26679] binder: 26677:26679 ioctl 40044591 0 returned -22 [ 901.212048][T26678] binder: 26677:26678 ioctl c0306201 200000000040 returned -14 [ 901.716828][T26702] netlink: 48 bytes leftover after parsing attributes in process `syz.4.6937'. [ 901.776569][T26706] netlink: 48 bytes leftover after parsing attributes in process `syz.4.6937'. [ 901.803536][T26702] bond5: peer notification delay (2365) is not a multiple of miimon (20), value rounded to 2360 ms [ 901.854188][T26706] bond5: Unable to set peer notification delay as MII monitoring is disabled [ 902.194307][T26714] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6941'. [ 902.505866][T26724] binder: 26723:26724 unknown command 0 [ 902.511608][T26724] binder: 26723:26724 ioctl c0306201 200000000640 returned -22 [ 903.443726][T26767] syzkaller1: entered promiscuous mode [ 903.451904][T26767] syzkaller1: entered allmulticast mode [ 903.916714][T26784] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 904.208878][T26793] snd_dummy snd_dummy.0: control 0:0:128:syz0:161 is already present [ 905.085197][T22022] usb 7-1: new high-speed USB device number 36 using dummy_hcd [ 905.259028][T22022] usb 7-1: Using ep0 maxpacket: 32 [ 905.281009][T22022] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 905.328330][T22022] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 905.369272][T22022] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 905.406500][T22022] usb 7-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 905.443221][T22022] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 905.481089][T22022] usb 7-1: config 0 descriptor?? [ 905.512232][T26810] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 905.541922][T22022] hub 7-1:0.0: USB hub found [ 905.815248][T22022] hub 7-1:0.0: 2 ports detected [ 905.913508][T26825] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 905.941796][T26827] loop5: detected capacity change from 0 to 7 [ 905.974516][T26827] Dev loop5: unable to read RDB block 7 [ 905.995777][T26827] loop5: AHDI p1 p2 p3 [ 906.011093][T26827] loop5: partition table partially beyond EOD, truncated [ 906.046012][T26827] loop5: p1 start 1818582900 is beyond EOD, truncated [ 906.077581][T26827] loop5: p3 start 335544320 is beyond EOD, truncated [ 906.173388][T26829] xt_hashlimit: size too large, truncated to 1048576 [ 907.413807][T26855] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 907.474475][T16035] hub 7-1:0.0: hub_ext_port_status failed (err = -71) [ 907.474778][T22008] usb 7-1: USB disconnect, device number 36 [ 907.565218][T22015] usb 8-1: new high-speed USB device number 42 using dummy_hcd [ 907.784942][T22015] usb 8-1: Using ep0 maxpacket: 32 [ 907.800799][T22015] usb 8-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 907.822263][T22015] usb 8-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 907.840153][T22015] usb 8-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 907.859739][T22015] usb 8-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 907.880025][T22015] usb 8-1: Product: syz [ 907.884276][T22015] usb 8-1: Manufacturer: syz [ 907.907555][T22015] hub 8-1:4.0: USB hub found [ 908.137982][T22015] hub 8-1:4.0: 2 ports detected [ 908.688015][T26877] openvswitch: netlink: Key type 50 is out of range max 32 [ 908.720425][T26877] openvswitch: netlink: Key type 50 is out of range max 32 [ 908.740574][T26877] openvswitch: netlink: Key type 50 is out of range max 32 [ 908.786353][T26877] openvswitch: netlink: Key type 50 is out of range max 32 [ 908.832469][T26877] openvswitch: netlink: Key type 50 is out of range max 32 [ 908.864676][T26877] openvswitch: netlink: Key type 50 is out of range max 32 [ 908.896777][T26877] openvswitch: netlink: Key type 50 is out of range max 32 [ 908.905554][T26877] openvswitch: netlink: Key type 50 is out of range max 32 [ 908.913678][T26877] openvswitch: netlink: Key type 50 is out of range max 32 [ 908.926764][T26877] openvswitch: netlink: Key type 50 is out of range max 32 [ 908.937582][T26877] openvswitch: netlink: Key type 50 is out of range max 32 [ 908.972798][T26877] openvswitch: netlink: Key type 50 is out of range max 32 [ 909.008604][T26877] openvswitch: netlink: Key type 50 is out of range max 32 [ 909.041551][T26877] openvswitch: netlink: Key type 50 is out of range max 32 [ 909.381356][T26887] syz_tun: entered allmulticast mode [ 909.413773][T22015] hub 8-1:4.0: activate --> -90 [ 909.835958][T22015] usb 8-1-port2: cannot warm reset (err = -71) [ 909.836627][T16035] usb 8-1: USB disconnect, device number 42 [ 910.192230][T26902] netlink: 'syz.6.7008': attribute type 1 has an invalid length. [ 910.376492][T26912] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 910.445022][T16035] usb 3-1: new high-speed USB device number 86 using dummy_hcd [ 910.620018][T16035] usb 3-1: Using ep0 maxpacket: 8 [ 910.638732][T16035] usb 3-1: config 0 has an invalid interface number: 8 but max is 0 [ 910.657525][T16035] usb 3-1: config 0 has no interface number 0 [ 910.667429][T16035] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 910.699950][T16035] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 910.744984][T16035] usb 3-1: New USB device strings: Mfr=0, Product=128, SerialNumber=0 [ 910.753332][T16035] usb 3-1: Product: syz [ 910.801800][T16035] usb 3-1: config 0 descriptor?? [ 910.827930][T16035] iowarrior 3-1:0.8: IOWarrior product=0x1512, serial= interface=8 now attached to iowarrior0 [ 911.085364][T16035] usb 3-1: USB disconnect, device number 86 [ 911.836439][T26967] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7032'. [ 913.695008][T22008] usb 8-1: new high-speed USB device number 43 using dummy_hcd [ 913.887078][T22008] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 913.931383][T22008] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 913.973491][T22008] usb 8-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 914.003029][T22008] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 914.031985][T22008] usb 8-1: SerialNumber: syz [ 914.310348][T22008] usb 8-1: 0:2 : does not exist [ 914.471876][T22008] usb 8-1: USB disconnect, device number 43 [ 914.553115][ T6005] udevd[6005]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 915.146386][T27023] kvm: pic: non byte read [ 915.156089][T27023] kvm: pic: non byte write [ 915.162912][T27023] kvm: pic: non byte read [ 915.168950][T27023] kvm: pic: non byte write [ 915.175591][T27023] kvm: pic: non byte read [ 915.180788][T27023] kvm: pic: non byte write [ 915.188437][T27023] kvm: pic: non byte read [ 915.193481][T27023] kvm: pic: single mode not supported [ 915.193579][T27023] kvm: pic: non byte write [ 916.092158][T27052] binder: 27051:27052 ioctl c0306201 0 returned -14 [ 916.185398][ T29] audit: type=1326 audit(1774965113.939:723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27051 comm="syz.6.7064" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5a4a99c819 code=0x0 [ 916.310357][T27056] kvm: pic: non byte write [ 916.781520][ T1160] bridge_slave_1: left allmulticast mode [ 916.801490][ T1160] bridge_slave_1: left promiscuous mode [ 916.809345][ T1160] bridge0: port 2(bridge_slave_1) entered disabled state [ 916.832035][ T1160] bridge_slave_0: left allmulticast mode [ 916.862155][ T1160] bridge_slave_0: left promiscuous mode [ 916.886370][ T1160] bridge0: port 1(bridge_slave_0) entered disabled state [ 917.685002][T22008] usb 7-1: new high-speed USB device number 37 using dummy_hcd [ 917.864979][T22008] usb 7-1: Using ep0 maxpacket: 16 [ 917.887828][T22008] usb 7-1: config 1 has an invalid interface number: 36 but max is 0 [ 917.907257][T22008] usb 7-1: config 1 has no interface number 0 [ 917.913508][T22008] usb 7-1: config 1 interface 36 has no altsetting 0 [ 917.924291][T22008] usb 7-1: New USB device found, idVendor=0df6, idProduct=0072, bcdDevice=e6.1c [ 917.940476][T22008] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 917.956099][T22008] usb 7-1: Product: syz [ 917.960748][T22008] usb 7-1: Manufacturer: syz [ 917.966041][T22008] usb 7-1: SerialNumber: syz [ 918.225203][T27087] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 918.262895][T27087] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 918.319283][ T1160] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 918.345690][T22008] ax88179_178a 7-1:1.36: probe with driver ax88179_178a failed with error -22 [ 918.369485][ T1160] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 918.435273][T22008] usb 7-1: USB disconnect, device number 37 [ 918.492709][ T1160] bond0 (unregistering): (slave team0): Releasing backup interface [ 918.532432][ T1160] bond0 (unregistering): Released all slaves [ 919.044820][ T1160] hsr_slave_0: left promiscuous mode [ 919.083191][ T1160] hsr_slave_1: left promiscuous mode [ 919.116132][ T1160] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 919.164223][ T1160] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 919.990853][T27113] binder: BINDER_SET_CONTEXT_MGR already set [ 920.021596][T27113] binder: 27111:27113 ioctl 4018620d 2000000002c0 returned -16 [ 920.190072][ T1160] team0 (unregistering): Port device team_slave_1 removed [ 920.264043][ T1160] team0 (unregistering): Port device team_slave_0 removed [ 920.319098][T27122] netlink: 'syz.8.7085': attribute type 13 has an invalid length. [ 920.638665][T27114] macsec1: entered allmulticast mode [ 920.644332][T27114] syz_tun: entered allmulticast mode [ 920.683967][T27114] syz_tun: left allmulticast mode [ 921.677896][T27147] netlink: 12 bytes leftover after parsing attributes in process `syz.8.7095'. [ 923.321784][T27183] kvm: requested 16761 ns i8254 timer period limited to 200000 ns [ 923.363838][T27183] kvm: requested 165942 ns i8254 timer period limited to 200000 ns [ 923.404419][T27183] kvm: requested 63695 ns i8254 timer period limited to 200000 ns [ 923.458008][T27183] kvm: requested 65371 ns i8254 timer period limited to 200000 ns [ 923.489626][T27183] kvm: requested 83809 ns i8254 timer period limited to 200000 ns [ 923.522659][T27183] kvm: requested 8380 ns i8254 timer period limited to 200000 ns [ 923.561964][T27183] kvm: requested 72076 ns i8254 timer period limited to 200000 ns [ 923.581203][T27183] kvm: requested 130742 ns i8254 timer period limited to 200000 ns [ 923.611061][T27183] kvm: requested 25142 ns i8254 timer period limited to 200000 ns [ 923.670477][T27183] kvm: requested 129066 ns i8254 timer period limited to 200000 ns [ 923.795435][T16035] usb 9-1: new high-speed USB device number 24 using dummy_hcd [ 923.966427][T16035] usb 9-1: Using ep0 maxpacket: 8 [ 923.999368][T16035] usb 9-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 924.033057][T16035] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 924.050946][T16035] usb 9-1: Product: syz [ 924.086213][T16035] usb 9-1: Manufacturer: syz [ 924.102965][T16035] usb 9-1: SerialNumber: syz [ 924.161639][T16035] usb 9-1: config 0 descriptor?? [ 924.375883][T16035] usb 9-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 924.583882][T27216] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7119'. [ 925.419262][T16035] dvb_usb_rtl28xxu 9-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 925.463959][T16035] usb 9-1: USB disconnect, device number 24 [ 926.215265][T22022] usb 5-1: new high-speed USB device number 100 using dummy_hcd [ 926.385289][T22022] usb 5-1: Using ep0 maxpacket: 32 [ 926.408505][T22022] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 926.431332][T22022] usb 5-1: config 0 has no interface number 0 [ 926.453790][T22022] usb 5-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 926.491816][T22022] usb 5-1: config 0 interface 1 has no altsetting 0 [ 926.505153][T22022] usb 5-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a [ 926.514953][T22022] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 926.523214][T22022] usb 5-1: Product: syz [ 926.528440][T22022] usb 5-1: Manufacturer: syz [ 926.533222][T22022] usb 5-1: SerialNumber: syz [ 926.542652][T22022] usb 5-1: config 0 descriptor?? [ 926.645201][ T8247] usb 3-1: new high-speed USB device number 87 using dummy_hcd [ 926.686557][T27275] netlink: 28 bytes leftover after parsing attributes in process `syz.7.7143'. [ 926.711201][T27275] netlink: 28 bytes leftover after parsing attributes in process `syz.7.7143'. [ 926.780472][T22022] cx231xx 5-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces [ 926.819157][ T8247] usb 3-1: Using ep0 maxpacket: 8 [ 926.859654][ T8247] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 926.889832][ T8247] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 926.889968][T22022] cx231xx 5-1:0.1: Failed to read PCB config [ 926.916572][ T8247] usb 3-1: Product: syz [ 926.922069][ T8247] usb 3-1: Manufacturer: syz [ 926.924344][T22022] cx231xx 5-1:0.1: probe with driver cx231xx failed with error -71 [ 926.947327][ T8247] usb 3-1: SerialNumber: syz [ 926.960786][ T8247] usb 3-1: config 0 descriptor?? [ 927.004902][T22022] usb 5-1: USB disconnect, device number 100 [ 927.176981][ T8247] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 927.455099][T22022] usb 5-1: new high-speed USB device number 101 using dummy_hcd [ 927.656369][T22022] usb 5-1: Using ep0 maxpacket: 32 [ 927.709212][T22022] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 927.748902][T22022] usb 5-1: config 0 has no interface number 0 [ 927.784997][T22022] usb 5-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 927.823110][T22022] usb 5-1: config 0 interface 1 has no altsetting 0 [ 927.852726][T22022] usb 5-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a [ 927.872704][T22022] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 927.894285][T22022] usb 5-1: Product: syz [ 927.902174][T22022] usb 5-1: Manufacturer: syz [ 927.915088][T22022] usb 5-1: SerialNumber: syz [ 927.933335][T22022] usb 5-1: config 0 descriptor?? [ 928.030400][ T8247] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 928.034992][ T8238] usb 8-1: new high-speed USB device number 44 using dummy_hcd [ 928.079069][ T8247] usb 3-1: USB disconnect, device number 87 [ 928.171924][T22022] cx231xx 5-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces [ 928.215843][T22022] cx231xx 5-1:0.1: Identified as Conexant Hybrid TV - RDU253S (card=4) [ 928.241329][ T8238] usb 8-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 928.253078][ T8238] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 928.292033][ T8238] usb 8-1: Product: syz [ 928.298525][ T8238] usb 8-1: Manufacturer: syz [ 928.303229][ T8238] usb 8-1: SerialNumber: syz [ 928.336104][T22022] cx231xx 5-1:0.1: cx231xx_send_gpio_cmd: failed with status --110 [ 928.369022][T22022] cx231xx 5-1:0.1: cx231xx_send_gpio_cmd: failed with status --32 [ 928.394602][T22022] cx231xx 5-1:0.1: cx231xx_send_gpio_cmd: failed with status --32 [ 928.418565][T22022] cx231xx 5-1:0.1: cx231xx_send_gpio_cmd: failed with status --32 [ 928.448880][T22022] cx231xx 5-1:0.1: cx231xx_send_gpio_cmd: failed with status --71 [ 928.458737][T22022] cx231xx 5-1:0.1: Failed to set devmode to analog: error: -71 [ 928.526311][T22022] i2c i2c-2: Added multiplexed i2c bus 4 [ 928.540772][T22022] i2c i2c-2: Added multiplexed i2c bus 5 [ 928.564147][T22022] cx231xx 5-1:0.1: cx231xx_dev_init: Failed to set Power - errCode [-71]! [ 928.574272][T22022] cx231xx 5-1:0.1: cx231xx_init_dev: cx231xx_i2c_register - errCode [-71]! [ 928.705997][T22022] cx231xx 5-1:0.1: probe with driver cx231xx failed with error -71 [ 928.718763][T22022] usb 5-1: USB disconnect, device number 101 [ 928.764641][ T8238] lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 928.783161][ T8238] lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 930.297235][ T8238] lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000040. ret = -EPROTO [ 930.314143][ T8238] lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPROTO [ 930.330658][ T8238] lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO [ 930.342843][ T8238] lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 930.353361][ T8238] lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 930.367620][ T8238] lan78xx 8-1:1.0: probe with driver lan78xx failed with error -71 [ 930.395869][ T8238] usb 8-1: USB disconnect, device number 44 [ 931.918750][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.942584][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 933.635277][ T5827] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 933.647630][ T5827] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 933.657049][ T5827] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 933.676826][ T5827] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 933.689059][ T5827] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 934.165687][T27360] netlink: 8 bytes leftover after parsing attributes in process `syz.8.7178'. [ 934.174619][T27360] netlink: 8 bytes leftover after parsing attributes in process `syz.8.7178'. [ 934.336131][T27367] kvm: pic: non byte write [ 934.408366][T27348] chnl_net:caif_netlink_parms(): no params data found [ 934.454995][ T8238] usb 3-1: new low-speed USB device number 88 using dummy_hcd [ 934.627344][ T8238] usb 3-1: config 0 has an invalid interface number: 55 but max is 0 [ 934.655969][T27348] bridge0: port 1(bridge_slave_0) entered blocking state [ 934.659069][ T8238] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 934.673938][T27348] bridge0: port 1(bridge_slave_0) entered disabled state [ 934.688208][T27348] bridge_slave_0: entered allmulticast mode [ 934.689050][ T8238] usb 3-1: config 0 has no interface number 0 [ 934.720435][ T8238] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 934.745541][ T8238] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 934.756068][T27348] bridge_slave_0: entered promiscuous mode [ 934.803314][T27348] bridge0: port 2(bridge_slave_1) entered blocking state [ 934.819350][ T8238] usb 3-1: config 0 descriptor?? [ 934.819389][T27348] bridge0: port 2(bridge_slave_1) entered disabled state [ 934.832071][T27348] bridge_slave_1: entered allmulticast mode [ 934.868654][T27348] bridge_slave_1: entered promiscuous mode [ 934.873148][ T8238] ldusb 3-1:0.55: Interrupt in endpoint not found [ 935.023999][T27348] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 935.087545][T27348] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 935.264620][ T5833] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 935.278088][ T5833] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 935.287492][ T5833] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 935.297508][ T5833] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 935.306363][ T5833] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 935.330478][T27348] team0: Port device team_slave_0 added [ 935.384831][T27348] team0: Port device team_slave_1 added [ 935.510252][T27348] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 935.526041][T27348] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 935.589451][T27348] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 935.638759][T27348] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 935.654978][T27348] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 935.707396][T22015] usb 3-1: USB disconnect, device number 88 [ 935.734540][T27348] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 935.758260][ T5833] Bluetooth: hci2: command tx timeout [ 936.021612][T27391] [ 936.021628][T27391] ===================================================== [ 936.021640][T27391] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 936.021657][T27391] syzkaller #0 Tainted: G L [ 936.021669][T27391] ----------------------------------------------------- [ 936.021677][T27391] syz.8.7188/27391 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 936.059484][T27391] ffff88802ba52468 (&tty->flow.lock){....}-{3:3}, at: stop_tty+0x2f/0x150 [ 936.059539][T27391] [ 936.059539][T27391] and this task is already holding: [ 936.059546][T27391] ffffffff8effe078 (kbd_event_lock){..-.}-{3:3}, at: kbd_event+0xd6/0x40d0 [ 936.059587][T27391] which would create a new lock dependency: [ 936.059593][T27391] (kbd_event_lock){..-.}-{3:3} -> (&tty->flow.lock){....}-{3:3} [ 936.059634][T27391] [ 936.059634][T27391] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 936.059643][T27391] (kbd_event_lock){..-.}-{3:3} [ 936.059660][T27391] [ 936.059660][T27391] ... which became SOFTIRQ-irq-safe at: [ 936.059669][T27391] lock_acquire+0xf0/0x2e0 [ 936.059690][T27391] _raw_spin_lock+0x2e/0x40 [ 936.059707][T27391] kbd_event+0xd6/0x40d0 [ 936.059722][T27391] input_handle_events_default+0xd4/0x1a0 [ 936.059740][T27391] input_pass_values+0x288/0x890 [ 936.059754][T27391] input_event_dispose+0x330/0x6b0 [ 936.059776][T27391] input_event+0x89/0xe0 [ 936.059794][T27391] rc_keydown+0x62/0x1e0 [ 936.059815][T27391] imon_incoming_packet+0x1ecb/0x31c0 [ 936.059835][T27391] usb_rx_callback_intf0+0xba/0x210 [ 936.059854][T27391] __usb_hcd_giveback_urb+0x376/0x540 [ 936.059876][T27391] dummy_timer+0xbbd/0x45d0 [ 936.059899][T27391] __hrtimer_run_queues+0x53a/0xcc0 [ 936.059922][T27391] hrtimer_run_softirq+0x182/0x5a0 [ 936.059944][T27391] handle_softirqs+0x22a/0x870 [ 936.059964][T27391] __irq_exit_rcu+0x5f/0x150 [ 936.059982][T27391] irq_exit_rcu+0x9/0x30 [ 936.060001][T27391] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 936.060019][T27391] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 936.060035][T27391] folios_put_refs+0x63b/0x8d0 [ 936.060055][T27391] free_pages_and_swap_cache+0x2e7/0x5b0 [ 936.060086][T27391] tlb_flush_mmu+0x6d3/0xa30 [ 936.060103][T27391] tlb_finish_mmu+0xf9/0x230 [ 936.060120][T27391] exit_mmap+0x498/0xa10 [ 936.060134][T27391] __mmput+0x118/0x430 [ 936.060152][T27391] exit_mm+0x168/0x220 [ 936.060166][T27391] do_exit+0x6a2/0x23c0 [ 936.060179][T27391] do_group_exit+0x21b/0x2d0 [ 936.060194][T27391] get_signal+0x1284/0x1330 [ 936.060212][T27391] arch_do_signal_or_restart+0xbc/0x830 [ 936.060229][T27391] exit_to_user_mode_loop+0x86/0x480 [ 936.060247][T27391] do_syscall_64+0x32d/0xf80 [ 936.060266][T27391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 936.060283][T27391] [ 936.060283][T27391] to a SOFTIRQ-irq-unsafe lock: [ 936.060290][T27391] (tasklist_lock){.+.+}-{3:3} [ 936.060307][T27391] [ 936.060307][T27391] ... which became SOFTIRQ-irq-unsafe at: [ 936.060315][T27391] ... [ 936.060320][T27391] lock_acquire+0xf0/0x2e0 [ 936.060339][T27391] _raw_read_lock+0x36/0x50 [ 936.060354][T27391] __do_wait+0xde/0x740 [ 936.060369][T27391] do_wait+0x1e7/0x540 [ 936.060384][T27391] kernel_wait+0xd6/0x1c0 [ 936.060399][T27391] call_usermodehelper_exec_work+0xbe/0x230 [ 936.060419][T27391] process_scheduled_works+0xb6e/0x18c0 [ 936.060437][T27391] worker_thread+0xa53/0xfc0 [ 936.060457][T27391] kthread+0x388/0x470 [ 936.060470][T27391] ret_from_fork+0x51e/0xb90 [ 936.060489][T27391] ret_from_fork_asm+0x1a/0x30 [ 936.060510][T27391] [ 936.060510][T27391] other info that might help us debug this: [ 936.060510][T27391] [ 936.060517][T27391] Chain exists of: [ 936.060517][T27391] kbd_event_lock --> &tty->flow.lock --> tasklist_lock [ 936.060517][T27391] [ 936.060546][T27391] Possible interrupt unsafe locking scenario: [ 936.060546][T27391] [ 936.060553][T27391] CPU0 CPU1 [ 936.060558][T27391] ---- ---- [ 936.060564][T27391] lock(tasklist_lock); [ 936.060577][T27391] local_irq_disable(); [ 936.060584][T27391] lock(kbd_event_lock); [ 936.060597][T27391] lock(&tty->flow.lock); [ 936.060612][T27391] [ 936.060617][T27391] lock(kbd_event_lock); [ 936.060630][T27391] [ 936.060630][T27391] *** DEADLOCK *** [ 936.060630][T27391] [ 936.060636][T27391] 5 locks held by syz.8.7188/27391: [ 936.060646][T27391] #0: ffff88802bd0b118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x1ae/0x4c0 [ 936.060687][T27391] #1: ffff88802bb33230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xa5/0x340 [ 936.060737][T27391] #2: ffffffff8e75e5e0 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xb6/0x340 [ 936.060781][T27391] #3: ffffffff8e75e5e0 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8d/0x890 [ 936.060819][T27391] #4: ffffffff8effe078 (kbd_event_lock){..-.}-{3:3}, at: kbd_event+0xd6/0x40d0 [ 936.060859][T27391] [ 936.060859][T27391] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 936.060868][T27391] -> (kbd_event_lock){..-.}-{3:3} { [ 936.060891][T27391] IN-SOFTIRQ-W at: [ 936.060901][T27391] lock_acquire+0xf0/0x2e0 [ 936.060920][T27391] _raw_spin_lock+0x2e/0x40 [ 936.060936][T27391] kbd_event+0xd6/0x40d0 [ 936.060951][T27391] input_handle_events_default+0xd4/0x1a0 [ 936.060968][T27391] input_pass_values+0x288/0x890 [ 936.060982][T27391] input_event_dispose+0x330/0x6b0 [ 936.061001][T27391] input_event+0x89/0xe0 [ 936.061021][T27391] rc_keydown+0x62/0x1e0 [ 936.061041][T27391] imon_incoming_packet+0x1ecb/0x31c0 [ 936.061060][T27391] usb_rx_callback_intf0+0xba/0x210 [ 936.061085][T27391] __usb_hcd_giveback_urb+0x376/0x540 [ 936.061109][T27391] dummy_timer+0xbbd/0x45d0 [ 936.061132][T27391] __hrtimer_run_queues+0x53a/0xcc0 [ 936.061153][T27391] hrtimer_run_softirq+0x182/0x5a0 [ 936.061175][T27391] handle_softirqs+0x22a/0x870 [ 936.061195][T27391] __irq_exit_rcu+0x5f/0x150 [ 936.061215][T27391] irq_exit_rcu+0x9/0x30 [ 936.061233][T27391] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 936.061252][T27391] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 936.061268][T27391] folios_put_refs+0x63b/0x8d0 [ 936.061289][T27391] free_pages_and_swap_cache+0x2e7/0x5b0 [ 936.061313][T27391] tlb_flush_mmu+0x6d3/0xa30 [ 936.061332][T27391] tlb_finish_mmu+0xf9/0x230 [ 936.061349][T27391] exit_mmap+0x498/0xa10 [ 936.061364][T27391] __mmput+0x118/0x430 [ 936.061382][T27391] exit_mm+0x168/0x220 [ 936.061396][T27391] do_exit+0x6a2/0x23c0 [ 936.061410][T27391] do_group_exit+0x21b/0x2d0 [ 936.061425][T27391] get_signal+0x1284/0x1330 [ 936.061443][T27391] arch_do_signal_or_restart+0xbc/0x830 [ 936.061460][T27391] exit_to_user_mode_loop+0x86/0x480 [ 936.061478][T27391] do_syscall_64+0x32d/0xf80 [ 936.061497][T27391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 936.061513][T27391] INITIAL USE at: [ 936.061522][T27391] lock_acquire+0xf0/0x2e0 [ 936.061541][T27391] _raw_spin_lock_irqsave+0x40/0x60 [ 936.061558][T27391] vt_reset_unicode+0x2b/0x1a0 [ 936.061573][T27391] reset_vc+0x68/0x1b0 [ 936.061594][T27391] vc_init+0x70/0x4a0 [ 936.061615][T27391] con_init+0x377/0x6a0 [ 936.061632][T27391] console_init+0x10b/0x4d0 [ 936.061649][T27391] start_kernel+0x22b/0x3d0 [ 936.061670][T27391] x86_64_start_reservations+0x24/0x30 [ 936.061687][T27391] x86_64_start_kernel+0x143/0x1c0 [ 936.061704][T27391] common_startup_64+0x13e/0x147 [ 936.061719][T27391] } [ 936.061725][T27391] ... key at: [] kbd_event_lock+0x18/0xa0 [ 936.061744][T27391] [ 936.061744][T27391] the dependencies between the lock to be acquired [ 936.061750][T27391] and SOFTIRQ-irq-unsafe lock: [ 936.061772][T27391] -> (tasklist_lock){.+.+}-{3:3} { [ 936.061798][T27391] HARDIRQ-ON-R at: [ 936.061809][T27391] lock_acquire+0xf0/0x2e0 [ 936.061829][T27391] _raw_read_lock+0x36/0x50 [ 936.061846][T27391] __do_wait+0xde/0x740 [ 936.061861][T27391] do_wait+0x1e7/0x540 [ 936.061877][T27391] kernel_wait+0xd6/0x1c0 [ 936.061894][T27391] call_usermodehelper_exec_work+0xbe/0x230 [ 936.061914][T27391] process_scheduled_works+0xb6e/0x18c0 [ 936.061934][T27391] worker_thread+0xa53/0xfc0 [ 936.061955][T27391] kthread+0x388/0x470 [ 936.061971][T27391] ret_from_fork+0x51e/0xb90 [ 936.061991][T27391] ret_from_fork_asm+0x1a/0x30 [ 936.062016][T27391] SOFTIRQ-ON-R at: [ 936.062026][T27391] lock_acquire+0xf0/0x2e0 [ 936.062044][T27391] _raw_read_lock+0x36/0x50 [ 936.062060][T27391] __do_wait+0xde/0x740 [ 936.062082][T27391] do_wait+0x1e7/0x540 [ 936.062098][T27391] kernel_wait+0xd6/0x1c0 [ 936.062114][T27391] call_usermodehelper_exec_work+0xbe/0x230 [ 936.062133][T27391] process_scheduled_works+0xb6e/0x18c0 [ 936.062152][T27391] worker_thread+0xa53/0xfc0 [ 936.062172][T27391] kthread+0x388/0x470 [ 936.062186][T27391] ret_from_fork+0x51e/0xb90 [ 936.062205][T27391] ret_from_fork_asm+0x1a/0x30 [ 936.062228][T27391] INITIAL USE at: [ 936.062237][T27391] lock_acquire+0xf0/0x2e0 [ 936.062256][T27391] _raw_write_lock_irq+0x3d/0x50 [ 936.062274][T27391] copy_process+0x247a/0x3cd0 [ 936.062294][T27391] kernel_clone+0x248/0x8e0 [ 936.062316][T27391] user_mode_thread+0x110/0x180 [ 936.062338][T27391] rest_init+0x23/0x300 [ 936.062351][T27391] start_kernel+0x385/0x3d0 [ 936.062372][T27391] x86_64_start_reservations+0x24/0x30 [ 936.062390][T27391] x86_64_start_kernel+0x143/0x1c0 [ 936.062407][T27391] common_startup_64+0x13e/0x147 [ 936.062423][T27391] INITIAL READ USE at: [ 936.062435][T27391] lock_acquire+0xf0/0x2e0 [ 936.062453][T27391] _raw_read_lock+0x36/0x50 [ 936.062470][T27391] __do_wait+0xde/0x740 [ 936.062485][T27391] do_wait+0x1e7/0x540 [ 936.062500][T27391] kernel_wait+0xd6/0x1c0 [ 936.062517][T27391] call_usermodehelper_exec_work+0xbe/0x230 [ 936.062536][T27391] process_scheduled_works+0xb6e/0x18c0 [ 936.062555][T27391] worker_thread+0xa53/0xfc0 [ 936.062575][T27391] kthread+0x388/0x470 [ 936.062589][T27391] ret_from_fork+0x51e/0xb90 [ 936.062608][T27391] ret_from_fork_asm+0x1a/0x30 [ 936.062630][T27391] } [ 936.062636][T27391] ... key at: [] tasklist_lock+0x18/0x40 [ 936.062659][T27391] ... acquired at: [ 936.062665][T27391] _raw_read_lock+0x36/0x50 [ 936.062680][T27391] send_sigurg+0x12b/0x420 [ 936.062696][T27391] sk_send_sigurg+0x6c/0x2e0 [ 936.062718][T27391] queue_oob+0x42c/0x4f0 [ 936.062732][T27391] unix_stream_sendmsg+0xcb1/0xe80 [ 936.062753][T27391] ____sys_sendmsg+0x972/0x9f0 [ 936.062771][T27391] ___sys_sendmsg+0x2a5/0x360 [ 936.062788][T27391] __sys_sendmmsg+0x27c/0x4e0 [ 936.062807][T27391] __x64_sys_sendmmsg+0xa0/0xc0 [ 936.062825][T27391] do_syscall_64+0x14d/0xf80 [ 936.062844][T27391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 936.062859][T27391] [ 936.062864][T27391] -> (&f_owner->lock){....}-{3:3} { [ 936.062887][T27391] INITIAL USE at: [ 936.062897][T27391] lock_acquire+0xf0/0x2e0 [ 936.062915][T27391] _raw_write_lock_irq+0x3d/0x50 [ 936.062933][T27391] __f_setown+0x67/0x370 [ 936.062948][T27391] generic_setlease+0xacf/0xff0 [ 936.062963][T27391] do_fcntl_add_lease+0x35e/0x470 [ 936.062978][T27391] fcntl_setlease+0x123/0x180 [ 936.062992][T27391] do_fcntl+0x8b3/0x1a20 [ 936.063008][T27391] __se_sys_fcntl+0xc8/0x150 [ 936.063024][T27391] do_syscall_64+0x14d/0xf80 [ 936.063043][T27391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 936.063059][T27391] INITIAL READ USE at: [ 936.063070][T27391] lock_acquire+0xf0/0x2e0 [ 936.063095][T27391] _raw_read_lock_irqsave+0x48/0x60 [ 936.063113][T27391] send_sigio+0x38/0x370 [ 936.063129][T27391] kill_fasync+0x24d/0x4d0 [ 936.063145][T27391] lease_break_callback+0x26/0x30 [ 936.063163][T27391] __break_lease+0x81c/0x1e80 [ 936.063186][T27391] try_break_deleg+0xfc/0x180 [ 936.063205][T27391] notify_change+0xb5a/0xf40 [ 936.063223][T27391] do_truncate+0x1c2/0x250 [ 936.063240][T27391] path_openat+0x2f89/0x3860 [ 936.063257][T27391] do_file_open+0x23e/0x4a0 [ 936.063274][T27391] do_sys_openat2+0x113/0x200 [ 936.063303][T27391] __x64_sys_openat+0x138/0x170 [ 936.063326][T27391] do_syscall_64+0x14d/0xf80 [ 936.063345][T27391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 936.063360][T27391] } [ 936.063366][T27391] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 936.063391][T27391] ... acquired at: [ 936.063398][T27391] _raw_read_lock_irqsave+0x48/0x60 [ 936.063414][T27391] send_sigio+0x38/0x370 [ 936.063430][T27391] kill_fasync+0x24d/0x4d0 [ 936.063446][T27391] lease_break_callback+0x26/0x30 [ 936.063462][T27391] __break_lease+0x81c/0x1e80 [ 936.063483][T27391] try_break_deleg+0xfc/0x180 [ 936.063501][T27391] notify_change+0xb5a/0xf40 [ 936.063520][T27391] do_truncate+0x1c2/0x250 [ 936.063537][T27391] path_openat+0x2f89/0x3860 [ 936.063553][T27391] do_file_open+0x23e/0x4a0 [ 936.063571][T27391] do_sys_openat2+0x113/0x200 [ 936.063592][T27391] __x64_sys_openat+0x138/0x170 [ 936.063614][T27391] do_syscall_64+0x14d/0xf80 [ 936.063632][T27391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 936.063647][T27391] [ 936.063652][T27391] -> (&new->fa_lock){...-}-{3:3} { [ 936.063675][T27391] IN-SOFTIRQ-R at: [ 936.063685][T27391] lock_acquire+0xf0/0x2e0 [ 936.063704][T27391] _raw_read_lock_irqsave+0x48/0x60 [ 936.063721][T27391] kill_fasync+0x199/0x4d0 [ 936.063737][T27391] hidraw_report_event+0x227/0x3b0 [ 936.063758][T27391] hid_report_raw_event+0x311/0x1730 [ 936.063781][T27391] hid_input_report+0x44b/0x580 [ 936.063803][T27391] hid_irq_in+0x47e/0x6d0 [ 936.063823][T27391] __usb_hcd_giveback_urb+0x376/0x540 [ 936.063847][T27391] dummy_timer+0xbbd/0x45d0 [ 936.063869][T27391] __hrtimer_run_queues+0x53a/0xcc0 [ 936.063891][T27391] hrtimer_run_softirq+0x182/0x5a0 [ 936.063912][T27391] handle_softirqs+0x22a/0x870 [ 936.063932][T27391] __irq_exit_rcu+0x5f/0x150 [ 936.063952][T27391] irq_exit_rcu+0x9/0x30 [ 936.063970][T27391] sysvec_apic_timer_interrupt+0x57/0xc0 [ 936.063989][T27391] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 936.064006][T27391] INITIAL USE at: [ 936.064016][T27391] lock_acquire+0xf0/0x2e0 [ 936.064036][T27391] _raw_write_lock_irq+0x3d/0x50 [ 936.064054][T27391] fasync_remove_entry+0xf1/0x1c0 [ 936.064108][T27391] lease_modify+0x4f7/0x6c0 [ 936.064132][T27391] locks_remove_file+0x5f0/0xf70 [ 936.064148][T27391] __fput+0x3ae/0xa70 [ 936.064171][T27391] fput_close_sync+0x11f/0x240 [ 936.064195][T27391] __x64_sys_close+0x7e/0x110 [ 936.064209][T27391] do_syscall_64+0x14d/0xf80 [ 936.064229][T27391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 936.064245][T27391] INITIAL READ USE at: [ 936.064256][T27391] lock_acquire+0xf0/0x2e0 [ 936.064275][T27391] _raw_read_lock_irqsave+0x48/0x60 [ 936.064292][T27391] kill_fasync+0x199/0x4d0 [ 936.064310][T27391] lease_break_callback+0x26/0x30 [ 936.064328][T27391] __break_lease+0x81c/0x1e80 [ 936.064352][T27391] try_break_deleg+0xfc/0x180 [ 936.064371][T27391] notify_change+0xb5a/0xf40 [ 936.064390][T27391] do_truncate+0x1c2/0x250 [ 936.064408][T27391] path_openat+0x2f89/0x3860 [ 936.064426][T27391] do_file_open+0x23e/0x4a0 [ 936.064444][T27391] do_sys_openat2+0x113/0x200 [ 936.064466][T27391] __x64_sys_openat+0x138/0x170 [ 936.064489][T27391] do_syscall_64+0x14d/0xf80 [ 936.064508][T27391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 936.064524][T27391] } [ 936.064529][T27391] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 936.064555][T27391] ... acquired at: [ 936.064562][T27391] _raw_read_lock_irqsave+0x48/0x60 [ 936.064579][T27391] kill_fasync+0x199/0x4d0 [ 936.064595][T27391] __start_tty+0x18c/0x220 [ 936.064609][T27391] tty_send_xchar+0x1d2/0x4d0 [ 936.064623][T27391] tty_ioctl+0x9c5/0xde0 [ 936.064638][T27391] __se_sys_ioctl+0xfc/0x170 [ 936.064655][T27391] do_syscall_64+0x14d/0xf80 [ 936.064673][T27391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 936.064688][T27391] [ 936.064692][T27391] -> (&tty->flow.lock){....}-{3:3} { [ 936.064716][T27391] INITIAL USE at: [ 936.064725][T27391] lock_acquire+0xf0/0x2e0 [ 936.064743][T27391] _raw_spin_lock_irqsave+0x40/0x60 [ 936.064760][T27391] start_tty+0x20/0x70 [ 936.064773][T27391] n_tty_set_termios+0xa7c/0x10c0 [ 936.064793][T27391] tty_set_termios+0xdb3/0x1800 [ 936.064815][T27391] set_termios+0x566/0x710 [ 936.064838][T27391] tty_mode_ioctl+0x4a6/0x7d0 [ 936.064860][T27391] tty_ioctl+0x9c5/0xde0 [ 936.064875][T27391] __se_sys_ioctl+0xfc/0x170 [ 936.064892][T27391] do_syscall_64+0x14d/0xf80 [ 936.064911][T27391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 936.064928][T27391] } [ 936.064935][T27391] ... key at: [] alloc_tty_struct.__key.35+0x0/0x20 [ 936.064955][T27391] ... acquired at: [ 936.064961][T27391] _raw_spin_lock_irqsave+0x40/0x60 [ 936.064980][T27391] stop_tty+0x2f/0x150 [ 936.064995][T27391] kbd_event+0x2ec1/0x40d0 [ 936.065014][T27391] input_handle_events_default+0xd4/0x1a0 [ 936.065047][T27391] input_pass_values+0x288/0x890 [ 936.065065][T27391] input_event_dispose+0x330/0x6b0 [ 936.065098][T27391] input_inject_event+0x1dd/0x340 [ 936.065122][T27391] evdev_write+0x325/0x4c0 [ 936.065142][T27391] vfs_write+0x29a/0xb90 [ 936.065161][T27391] ksys_write+0x150/0x270 [ 936.065180][T27391] do_syscall_64+0x14d/0xf80 [ 936.065201][T27391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 936.065221][T27391] [ 936.065226][T27391] [ 936.065226][T27391] stack backtrace: [ 936.065242][T27391] CPU: 1 UID: 0 PID: 27391 Comm: syz.8.7188 Tainted: G L syzkaller #0 PREEMPT(full) [ 936.065271][T27391] Tainted: [L]=SOFTLOCKUP [ 936.065278][T27391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 936.065289][T27391] Call Trace: [ 936.065296][T27391] [ 936.065304][T27391] dump_stack_lvl+0xe8/0x150 [ 936.065326][T27391] __lock_acquire+0x2a94/0x2cf0 [ 936.065354][T27391] lock_acquire+0xf0/0x2e0 [ 936.065373][T27391] ? stop_tty+0x2f/0x150 [ 936.065389][T27391] _raw_spin_lock_irqsave+0x40/0x60 [ 936.065406][T27391] ? stop_tty+0x2f/0x150 [ 936.065420][T27391] stop_tty+0x2f/0x150 [ 936.065435][T27391] kbd_event+0x2ec1/0x40d0 [ 936.065453][T27391] ? kernel_fpu_end+0x4f/0x80 [ 936.065468][T27391] ? blake2s_compress+0x1e17/0x1eb0 [ 936.065489][T27391] ? __pfx_kbd_event+0x10/0x10 [ 936.065505][T27391] ? finish_task_switch+0x245/0x920 [ 936.065526][T27391] ? __lock_acquire+0x6b5/0x2cf0 [ 936.065546][T27391] ? __pfx_blake2s_compress+0x10/0x10 [ 936.065564][T27391] ? __lock_acquire+0x6b5/0x2cf0 [ 936.065587][T27391] ? __lock_acquire+0x6b5/0x2cf0 [ 936.065606][T27391] ? __lock_acquire+0x6b5/0x2cf0 [ 936.065628][T27391] ? __lock_acquire+0x6b5/0x2cf0 [ 936.065648][T27391] ? lock_acquire+0xf0/0x2e0 [ 936.065668][T27391] input_handle_events_default+0xd4/0x1a0 [ 936.065687][T27391] ? input_pass_values+0x8d/0x890 [ 936.065701][T27391] input_pass_values+0x288/0x890 [ 936.065718][T27391] ? input_handle_event+0x70c/0xf30 [ 936.065739][T27391] input_event_dispose+0x330/0x6b0 [ 936.065761][T27391] input_inject_event+0x1dd/0x340 [ 936.065783][T27391] ? input_inject_event+0xb6/0x340 [ 936.065806][T27391] evdev_write+0x325/0x4c0 [ 936.065824][T27391] ? __pfx_evdev_write+0x10/0x10 [ 936.065841][T27391] ? bpf_lsm_file_permission+0x9/0x20 [ 936.065861][T27391] ? security_file_permission+0x75/0x260 [ 936.065882][T27391] ? rw_verify_area+0x255/0x4d0 [ 936.065898][T27391] ? __pfx_evdev_write+0x10/0x10 [ 936.065913][T27391] vfs_write+0x29a/0xb90 [ 936.065932][T27391] ? __pfx_vfs_write+0x10/0x10 [ 936.065949][T27391] ? __fget_files+0x2a/0x420 [ 936.065964][T27391] ? __fget_files+0x2a/0x420 [ 936.065977][T27391] ? __fget_files+0x3a0/0x420 [ 936.065990][T27391] ? __fget_files+0x2a/0x420 [ 936.066006][T27391] ksys_write+0x150/0x270 [ 936.066023][T27391] ? __pfx_ksys_write+0x10/0x10 [ 936.066043][T27391] do_syscall_64+0x14d/0xf80 [ 936.066062][T27391] ? trace_irq_disable+0x3b/0x150 [ 936.066083][T27391] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 936.066099][T27391] ? clear_bhb_loop+0x40/0x90 [ 936.066116][T27391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 936.066132][T27391] RIP: 0033:0x7fe3d079c819 [ 936.066148][T27391] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 936.066163][T27391] RSP: 002b:00007fe3d1663028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 936.066181][T27391] RAX: ffffffffffffffda RBX: 00007fe3d0a15fa0 RCX: 00007fe3d079c819 [ 936.066195][T27391] RDX: 0000000000002250 RSI: 0000200000000040 RDI: 0000000000000006 [ 936.066206][T27391] RBP: 00007fe3d0832c91 R08: 0000000000000000 R09: 0000000000000000 [ 936.066217][T27391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 936.066227][T27391] R13: 00007fe3d0a16038 R14: 00007fe3d0a15fa0 R15: 00007fe3d0b3fa48 [ 936.066245][T27391] [ 936.106842][T27348] hsr_slave_0: entered promiscuous mode [ 936.107617][T27348] hsr_slave_1: entered promiscuous mode [ 936.832880][T25099] syz_tun (unregistering): left allmulticast mode [ 937.709392][ T7379] bridge_slave_1: left allmulticast mode [ 938.906179][ T7379] bridge_slave_1: left promiscuous mode [ 938.906422][ T7379] bridge0: port 2(bridge_slave_1) entered disabled state [ 938.913666][ T7379] bridge_slave_0: left allmulticast mode [ 938.926542][ T7379] bridge_slave_0: left promiscuous mode [ 938.926713][ T7379] bridge0: port 1(bridge_slave_0) entered disabled state [ 938.983961][ T7379] bridge_slave_1: left allmulticast mode [ 938.991759][ T7379] bridge_slave_1: left promiscuous mode [ 938.999209][ T7379] bridge0: port 2(bridge_slave_1) entered disabled state [ 939.008073][ T7379] bridge_slave_0: left allmulticast mode [ 939.013808][ T7379] bridge_slave_0: left promiscuous mode [ 939.020947][ T7379] bridge0: port 1(bridge_slave_0) entered disabled state [ 939.289315][ T7379] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 939.299000][ T7379] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 939.308723][ T7379] bond0 (unregistering): Released all slaves [ 939.317277][ T7379] bond1 (unregistering): Released all slaves [ 939.386614][ T7379] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 939.396475][ T7379] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 939.407254][ T7379] bond0 (unregistering): Released all slaves [ 939.444987][T27390] syz_tun (unregistering): left allmulticast mode [ 939.680936][ T7379] hsr_slave_0: left promiscuous mode [ 939.702097][ T7379] hsr_slave_1: left promiscuous mode [ 939.712810][ T7379] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 939.722723][ T7379] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 939.738628][ T7379] hsr_slave_0: left promiscuous mode [ 939.757872][ T7379] hsr_slave_1: left promiscuous mode [ 939.767735][ T7379] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 939.785597][ T7379] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 939.950271][ T7379] team0 (unregistering): Port device team_slave_1 removed [ 939.971685][ T7379] team0 (unregistering): Port device team_slave_0 removed [ 940.140070][ T7379] team0 (unregistering): Port device team_slave_1 removed [ 940.152748][ T7379] team0 (unregistering): Port device team_slave_0 removed [ 940.927122][ T7379] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 941.004457][ T7379] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 941.071863][ T7379] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 941.132023][ T7379] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 941.223793][ T7379] bridge_slave_1: left allmulticast mode [ 941.229711][ T7379] bridge_slave_1: left promiscuous mode [ 941.236816][ T7379] bridge0: port 2(bridge_slave_1) entered disabled state [ 941.245464][ T7379] bridge_slave_0: left allmulticast mode [ 941.251213][ T7379] bridge_slave_0: left promiscuous mode [ 941.257332][ T7379] bridge0: port 1(bridge_slave_0) entered disabled state [ 941.568405][ T7379] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 941.578373][ T7379] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 941.589053][ T7379] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 941.598493][ T7379] bond0 (unregistering): Released all slaves [ 941.677324][ T7379] tipc: Left network mode [ 941.925465][ T7379] hsr_slave_0: left promiscuous mode [ 941.934454][ T7379] hsr_slave_1: left promiscuous mode [ 941.942749][ T7379] veth1_macvtap: left promiscuous mode [ 941.950261][ T7379] veth0_macvtap: left promiscuous mode [ 941.956188][ T7379] veth1_vlan: left promiscuous mode [ 941.961566][ T7379] veth0_vlan: left promiscuous mode [ 942.185891][ T7379] team0 (unregistering): Port device team_slave_1 removed [ 942.200109][ T7379] team0 (unregistering): Port device team_slave_0 removed