last executing test programs: 24m28.832682874s ago: executing program 4 (id=3662): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0, @ANYBLOB="01002cbd7000fbdbdf2530000000", @ANYRES32=r2], 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x24008000) 24m28.555761579s ago: executing program 4 (id=3665): r0 = io_uring_setup(0x1195, &(0x7f0000000040)={0x0, 0x2150, 0xc000, 0x3, 0xce}) io_uring_enter(r0, 0x2219, 0xcf74, 0x16, 0x0, 0x0) 24m28.432322158s ago: executing program 4 (id=3666): mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x800007, 0x11, 0xffffffffffffffff, 0x40000) 24m28.369932239s ago: executing program 4 (id=3667): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0xc4) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f00000002c0)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x23e9c9e, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000280)='./file0/../file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x28a5291, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x9101) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0/file0\x00', 0x0) 24m28.182047988s ago: executing program 4 (id=3670): r0 = socket$inet6(0xa, 0x3, 0x5) sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000380)=@l2tp6={0xa, 0x0, 0x7080000, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4, 0x1}, 0x80, 0x0}}], 0x1, 0x4000000) 24m25.487770815s ago: executing program 4 (id=3702): mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x800, 0x0) readv(r0, &(0x7f0000000180)=[{&(0x7f0000000100)=""/30, 0x1e}], 0x1) r1 = syz_open_dev$vim2m(&(0x7f0000000680), 0x8, 0x2) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff7000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff30}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24040045) r3 = io_uring_setup(0x1195, &(0x7f0000000040)={0x0, 0x2150, 0xc000, 0x3, 0xce}) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000001480)}], 0x1) io_uring_enter(r3, 0x2219, 0xcf74, 0x16, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @cgroup_sysctl, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0) ioctl$HIDIOCGCOLLECTIONINFO(r4, 0xc0104811, &(0x7f0000000200)={0x20000, 0x8, 0x10, 0x6}) timer_settime(r2, 0x1, 0x0, 0x0) r5 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r5, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000100)="a6", 0x1}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x106) r6 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, 0x0, 0x0) recvfrom$inet(r6, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2, &(0x7f0000000340)=0x10001, 0x4) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x800007, 0x11, r1, 0x40000) 24m25.238689736s ago: executing program 32 (id=3702): mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x800, 0x0) readv(r0, &(0x7f0000000180)=[{&(0x7f0000000100)=""/30, 0x1e}], 0x1) r1 = syz_open_dev$vim2m(&(0x7f0000000680), 0x8, 0x2) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff7000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff30}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24040045) r3 = io_uring_setup(0x1195, &(0x7f0000000040)={0x0, 0x2150, 0xc000, 0x3, 0xce}) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000001480)}], 0x1) io_uring_enter(r3, 0x2219, 0xcf74, 0x16, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @cgroup_sysctl, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0) ioctl$HIDIOCGCOLLECTIONINFO(r4, 0xc0104811, &(0x7f0000000200)={0x20000, 0x8, 0x10, 0x6}) timer_settime(r2, 0x1, 0x0, 0x0) r5 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r5, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000100)="a6", 0x1}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x106) r6 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, 0x0, 0x0) recvfrom$inet(r6, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2, &(0x7f0000000340)=0x10001, 0x4) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x800007, 0x11, r1, 0x40000) 19.766970984s ago: executing program 2 (id=9072): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000480), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="80000000", @ANYRES16=r1, @ANYBLOB="070200000000000000000100000004000480080001000300000004000880080002000100000054000c801c000b8008000a009b0100000800"], 0x80}}, 0x800) 19.55733204s ago: executing program 2 (id=9074): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'tunl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0x6, 0xd}, {0x0, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x4004010) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) close(r2) r3 = syz_usb_connect(0x2, 0x24, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r3, 0x0, &(0x7f0000000000)={0x1c, &(0x7f0000000240)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r3, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r3, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000500)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0) syz_usb_control_io$uac1(r3, 0x0, 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io$uac1(r3, 0x0, &(0x7f0000000040)={0x44, &(0x7f0000000180)=ANY=[@ANYBLOB="408100000069"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r3, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r3, 0x0, &(0x7f00000001c0)={0x1c, &(0x7f0000000940)=ANY=[], 0x0, 0x0}) 15.974265052s ago: executing program 2 (id=9091): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x122}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0) getsockopt$sock_cred(r0, 0x1, 0x4d, 0x0, &(0x7f0000000200)=0x33) 15.771054392s ago: executing program 2 (id=9094): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x2c, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0xc5}]}, 0x2c}}, 0x0) 15.643943408s ago: executing program 2 (id=9097): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x48, 0x16, 0xa, 0x801, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x1c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'geneve0\x00'}]}]}]}], {0x14}}, 0x70}}, 0x24040884) 15.564377279s ago: executing program 2 (id=9099): r0 = socket$inet6(0xa, 0x3, 0x5) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x800, 0x0, 0x3, 0x9}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0xc) sendmmsg(r0, 0x0, 0x0, 0xc040) 15.563638994s ago: executing program 3 (id=9100): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee7, 0x8031, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0xffff, 0x3fd, 0x0, 0xb2, 0x0, 0x2}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x9, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c) bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="5800000002060102000034e40000000004000008050005000a000000050001000600000005000400000000000900020073797a310000000011000300686173683a69702c706f727400001f000c00078008000640"], 0x58}, 0x1, 0x0, 0x0, 0x81}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="54000000090613020000000000000000020000000900020073797a310000000005000100070000002c0007801800098014000240fe8000000000000000000000000000bb0500070006000000060005404e220000"], 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) shutdown(r4, 0x2) r7 = socket$kcm(0x2d, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r7, 0x89e2, &(0x7f0000000340)={r7}) ioctl$sock_kcm_SIOCKCMATTACH(r7, 0x89e0, &(0x7f0000000140)={r7}) mkdir(&(0x7f0000000400)='./file0\x00', 0x51) mount$9p_virtio(0x0, &(0x7f0000000300)='./file0/file0\x00', &(0x7f0000000040), 0xc, 0x0) 11.346671028s ago: executing program 3 (id=9105): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) syz_genetlink_get_family_id$devlink(0x0, r0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000200)={0x0, 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xffff, 0x20000000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() mount(0x0, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x7b53a000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = fsopen(&(0x7f0000000180)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x1) getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x19, 0x0, &(0x7f0000000080)) fchdir(r5) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) inotify_init1(0x0) lseek(r6, 0xd48a, 0x0) getdents64(r6, 0x0, 0x22) 10.099469022s ago: executing program 3 (id=9107): sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000002c0)="f973085a6ea39ea1b25a1c6b351e11245900557d1c8e9f86bae5e5c64e50ef25afb0295d0c303850b4bff4d088bf9df67e013836e2882dad3f7698b52997f7efa9eb96f09be1c3019445927c6b2fe32d38ae2bcad2ac0d85ebd42914fb18b7d0670f8b3be16755ead6a6fb713fa618ce2cf424ea7cc84b04016b9a2afbfaf68803", 0x81}, {&(0x7f0000000380)="82f294054d05973abfac6a6f31050418457d017c5fd68b034cf51b9f6a6d71daa5c776bca90037bc7c3d88b151fbf856f69ebd05e750f13f02af646b284953b6640a08c827c6f2ff4ad8e84077f9f03f94792aa17c4743cba3f355bb9c5b04b91ed70d253db68e17cdd561", 0x6b}], 0x2}}, {{0x0, 0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000580)}], 0x2}}], 0x2, 0x20000044) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00', 0x0}) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYBLOB="010000000000000000001400000008000200fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00", @ANYRES32], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000d40)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x10010002}, 0xc, &(0x7f0000000c80)={&(0x7f0000000e00)=ANY=[@ANYBLOB="7c0100", @ANYRES16=r1, @ANYRES32, @ANYRESDEC, @ANYRES32=r0, @ANYRES8=r1, @ANYRES32=r0, @ANYBLOB="400001801400020070696d367265673000000000000000001400020073797a5f74756e00000000000000000014000200697036677265746170300000000000003000018008000100", @ANYRES8, @ANYBLOB="080003000300000008000100", @ANYRES32=r0, @ANYBLOB="140002"], 0x17c}, 0x1, 0x0, 0x0, 0x4008004}, 0x20000080) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) truncate(&(0x7f0000000940)='./file1\x00', 0x2fffffd) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3be", 0x6) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 8.946538824s ago: executing program 5 (id=9110): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x48, 0x16, 0xa, 0x801, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x1c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'geneve0\x00'}]}]}]}], {0x14}}, 0x70}}, 0x24040884) 8.919694233s ago: executing program 0 (id=9111): r0 = getpgrp(0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000540)='auxv\x00') preadv(r1, 0x0, 0x0, 0x7, 0x5) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x8000000000001, r0, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000017000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r5 = io_uring_setup(0x17, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@union={0x0, 0x0, 0x0, 0x9, 0x0, 0x2}]}}, 0x0, 0x26}, 0x28) socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="020a3b6881"], 0x50) io_uring_enter(r5, 0x2219, 0x7721, 0x16, 0x0, 0x0) rt_sigsuspend(&(0x7f0000000100)={[0x2]}, 0x8) 8.87271702s ago: executing program 3 (id=9112): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0xfffffffffffffdbc, 0x2, {{0x1, 0xd, 0x0, 0x9, 0x8}, 0x6, 0x1, 0x1, 0x4, 0x8, 0xe, 0x7, 0x1d, 0x3, 0x9, {0xa2d6, 0x200, 0xb, 0x40, 0x2, 0x1ff}}}}]}, 0x78}}, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000006080)=@newtfilter={0x24, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r7, {0x4, 0x5}, {}, {0x7, 0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x20048081}, 0xc0) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r8) socket$nl_route(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x8914, 0x0) r9 = socket$kcm(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r9, &(0x7f00000000c0)={&(0x7f0000000840)=@xdp={0x2c, 0x7, r10, 0x3e}, 0x80, &(0x7f0000000480)=[{&(0x7f00000002c0)='\x00', 0x1}], 0x1}, 0x4) 8.805392231s ago: executing program 5 (id=9113): r0 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) tee(r1, r0, 0x9, 0x2) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x68c81, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendto$inet(r5, &(0x7f00000000c0)="0309207965b0acf1", 0x8, 0x4004084, &(0x7f0000000000)={0x2, 0x4e25, @loopback}, 0x10) recvfrom(r5, &(0x7f0000000080)=""/46, 0x2e, 0x60, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, 0x0) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r6, 0x7a8, &(0x7f0000000300)={{@hyper, 0x800000}, @my=0x1, 0x0, 0x0, 0x2, 0xfffffffffffffffe}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r6, 0x7a8, &(0x7f00000000c0)={{@host, 0xffffffff}, @host, 0x0, 0x0, 0x1, 0x4}) close(r6) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000000)=0x1, 0x4) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000040), &(0x7f00000000c0)=0x4) fsmount(0xffffffffffffffff, 0x0, 0x2) 8.591973704s ago: executing program 1 (id=9114): r0 = socket$inet6(0xa, 0x3, 0x5) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x800, 0x0, 0x3, 0x9}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0xc) sendmmsg(r0, &(0x7f0000001500)=[{{&(0x7f0000000180)=@l2tp6={0xa, 0x500, 0x80000, @remote, 0x0, 0x3}, 0x80, 0x0}, 0x5b4}], 0x1, 0xc040) 7.592090099s ago: executing program 1 (id=9115): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee7, 0x8031, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0xffff, 0x3fd, 0x0, 0xb2, 0x0, 0x2}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x9, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c) bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="5800000002060102000034e40000000004000008050005000a000000050001000600000005000400000000000900020073797a310000000011000300686173683a69702c706f727400001f000c00078008000640"], 0x58}, 0x1, 0x0, 0x0, 0x81}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="54000000090613020000000000000000020000000900020073797a310000000005000100070000002c0007801800098014000240fe800000"], 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) shutdown(r4, 0x2) r7 = socket$kcm(0x2d, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r7, 0x89e2, &(0x7f0000000340)={r7}) ioctl$sock_kcm_SIOCKCMATTACH(r7, 0x89e0, &(0x7f0000000140)={r7}) mkdir(&(0x7f0000000400)='./file0\x00', 0x51) mount$9p_virtio(0x0, &(0x7f0000000300)='./file0/file0\x00', &(0x7f0000000040), 0xc, 0x0) 7.17990443s ago: executing program 0 (id=9116): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000300)="a6", 0x1, 0x24000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000380)="b3", 0x1, 0x20060000, 0x0, 0x0) 6.498214759s ago: executing program 5 (id=9117): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="1a0100000000000000001d0000000000050100006d00000095", @ANYRES64=r0], 0x0, 0x7, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x1, 0x1}, 0x1c) recvmmsg$unix(r5, &(0x7f0000002cc0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000980)=""/4096, 0x1000}], 0x1}}, {{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000003100)=""/4096, 0x1000}], 0x1}}, {{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000002bc0)=""/245, 0xf5}], 0x1}}], 0x3, 0x400122a0, 0x0) sendmmsg(r5, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r6 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) pidfd_send_signal(r6, 0x0, 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r7 = syz_clone3(&(0x7f0000000740)={0x8180080, 0x0, 0x0, 0x0, {0x39}, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[0xffffffffffffffff], 0x1}, 0x58) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f0000000180)={0x48, 0xc, r1, 0x0, 0x0, 0x7fff}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000000)={0x28, 0x6, r1, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x4000}) socket$nl_netfilter(0x10, 0x3, 0xc) rseq(&(0x7f0000000680), 0x20, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, r7, 0x0, 0x0) r8 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r8, 0x7a7, &(0x7f0000000000)=0x10000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r8, 0x7a0, &(0x7f0000000100)={@local}) 5.343514774s ago: executing program 1 (id=9118): sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000002c0)="f973085a6ea39ea1b25a1c6b351e11245900557d1c8e9f86bae5e5c64e50ef25afb0295d0c303850b4bff4d088bf9df67e013836e2882dad3f7698b52997f7efa9eb96f09be1c3019445927c6b2fe32d38ae2bcad2ac0d85ebd42914fb18b7d0670f8b3be16755ead6a6fb713fa618ce", 0x70}, {&(0x7f0000000380)="82f294054d05973abfac6a6f31050418457d017c5fd68b034cf51b9f6a6d71daa5c776bca90037bc7c3d88b151fbf856f69ebd05e750f13f02af646b284953b6640a08c827c6f2ff4ad8e84077f9f03f94792aa17c4743cba3f355bb9c5b04b91ed70d253db68e17cdd561fab504479f723388dda974e2a9fb1bcda474c08d6222179b19e902009ea3cb3e42408b", 0x8e}], 0x2}}, {{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000580)}], 0x2, &(0x7f0000000cc0)=[@mark={{0x14, 0x1, 0x24, 0x9a9}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}], 0x48}}], 0x2, 0x20000044) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00'}) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) truncate(&(0x7f0000000940)='./file1\x00', 0x2fffffd) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 5.245003127s ago: executing program 3 (id=9119): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'tunl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0x6, 0xd}, {0x0, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x4004010) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) close(r2) r3 = syz_usb_connect(0x2, 0x24, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r3, 0x0, &(0x7f0000000000)={0x1c, &(0x7f0000000240)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r3, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r3, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000500)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0) syz_usb_control_io$uac1(r3, 0x0, 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io$uac1(r3, 0x0, &(0x7f0000000040)={0x44, &(0x7f0000000180)=ANY=[@ANYBLOB="408100000069"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r3, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0) 5.063008991s ago: executing program 1 (id=9120): r0 = io_uring_setup(0x650b, &(0x7f0000000180)={0x0, 0x2c3f, 0x0, 0x21, 0xab}) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) r2 = socket(0x28, 0x5, 0x0) r3 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r3, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(r3, 0x4) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, &(0x7f0000000000), &(0x7f0000000080)=r1}, 0x20) shutdown(r2, 0x0) recvfrom$unix(r2, 0x0, 0x0, 0x10120, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) getdents(0xffffffffffffffff, 0x0, 0x0) 4.572290897s ago: executing program 0 (id=9121): r0 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x24, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0xc5}]}, 0x24}}, 0x0) 4.492202415s ago: executing program 0 (id=9122): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x48d01, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000100)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f00000002c0)={0x48, 0x2, r1, 0x0, 0x0}) socket$kcm(0x2, 0x5, 0x84) bind$rds(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) socket$inet6_mptcp(0xa, 0x1, 0x106) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000fc0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000fc0)) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) sendmsg$inet(r3, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000080)="3bfdd75fa5717852d59a9367444a2130e72cd4dabc8854532cca0c32a5b9f844a4610c7525650ce3d3b76b15026d93e6dee896115e9364066aa3d14e33ef732b4681335c576902153114bdb9c74b538a71115fb1d1a63d1b04129661b29aab89d0be999a6b7c9bea755adedbf305a79f70b71d3d4c98577b49db4963ce89b0def5e840f459659cb6f86d56b069a5de11d601d348ff88ca6e5e2cfe40176880b33e9e8dbc32ba2e6a99b1b50276dc4f06166000d7069a3cc76f", 0xb9}, {&(0x7f0000000180)="892950e2405ee8629d9384a91c16d1706a3e61f305119f95cac0f1927f4c205b971eb41147cb1f86883d6910e68ac3996551800b3ec64b77f8444b18345a2c8b178eeeba0cde7319a5a46bfe7f5770e019efd9d52069edcced33a758c4e657f3a792dc193a1911b4e82ea800ad7afe03c851a8", 0x73}, {&(0x7f0000000200)="a68cde0d56b170df7710b54f17d9a39c4f98f3547190", 0x20000216}, {&(0x7f0000000240)="45e04400f2b383517a08c397dd0a76e67ecfc8e74573c24dedd3a48fb62418c1412fdcd15e888cb0f5d02e77bfecefda6b064c0bb2b66a9a522e63873dde02330510255eec7dfa1af708cdab59fb71eca786a359a2c3b0cbad35144ec5b069c53f90e43339845dc7fd140c55b0149ab38eb27c140f374bcc2c95b0b121d1a9302f3a01b888243b3fc0d46f0de0", 0x8d}, {&(0x7f0000000300)="87fb74cf4d67adbbd062637f514c1f5eb18d7b442e6457a356c6cb1f71a43dfae773c8489cce5145f92615d4bdb13ef54d6ae90ec7733180fcf5adf3e13fdb05b57b748bd14eda042a97fdd84498304a504a0a159b972e8200c2d0f536a3465ec498ed12b924bd134057df36129d3ebe3dd3ce9f0671e5278143e4afa3d43f444681de1b5f9725fca34fa357fe2154981666fb9dc202fc17a0199eb1c25bdd1005e590e84783ee9894c888998dc25a83c14aeee31d114acfa0bcd235d571cd765f4b9259ba43e6fc30291d8a642146c4771898030b736aeee6b247abb0784b154e104e7dcda401f9b1736fea30a41a4153fe6a9a525bd0a3487571f914f05b590e242341ade289d8f5b842c6be4a93c2755dfd47174def782a2f8f61c068b5a012f02c0801601e860def788121e8808c01fed4c920a3698d0d684920918c95b17f76bbcb4f265c931d8f79560ff8114b70f4dd6791e2ed70cfeb89905791b88be26efe1c5c66b7b50b3d2be0dbc066dfc31618f9507f6f340b85a2f76a6dcac9d6ccc289ace5e5fecd25afe22ffa451f5e365ab33cc985f2e9d7f7fb1be4794740a94215d7db14b0ffcec19e5e3c5ae0d8578ef3b65d2a7a77a11e390a6c3a6b391061c886b961e3c2f42d62047bfe1356a44b840d3d956105f4c0fa95db08c4933f00de77cdc057c28b41fecfc8398c442be1ad065954f6c9dfeb2fd7207e8548a00a1d50bdf522d2abfdafd71723616a34830fbfa8fc81e0c2639cc12f363a4919b7a00ac8189dad3e7e54122a2ef430f623658d5e281c9a19442995bb9b0e3f7d13e3016b6f9523be196bf23bbcc5ec802f43ef8b651d688d9d5a44f35c9847e4c32bce3e9ebed2326adadc76f06a195db32c80b3090d7cd65c9d8518ba4e528c5eb5c7a1c5695b21595fa8a8621734bfda8afddd65e1f37a1990220a00fa9bd2c22b0117ceb08ae6af3c944c2eca924abfddad065d1472d0c3f742a49b1e78c669471873706ad157d831d7482b773f07b0673a6ce1e227a7a4d13744bf459434c0ab1c323a38b1a84cbf1ce9741f2b8fdcc2e073e56171603d035aacd83e71d5132831f4f1e8bf517979f132a33fd03783272e9b8c96dfa4e1d320a58d82acfc8d3d53a5a52daafe4dc8be08f4ad53e11cc21374b6ff4ff5ea2ecc5d3f7c057f74f0098e57d990090475cdaffdef0da917653ed10fb70b94b72e5b4d95cbea0fc1dd2579635ad6ab545ba4d7b6d2f5442bdb78beb6c8ed62942a439117025b4566b48d9f3a17fdf4577e8606a4bc4c26557e58312fd2d1a541ebec3e5ae28eef8b2ab0597083716dd12889335570ee7839530eee879d9b137606cd4dd7103991671b4464bb68529eb19fb7a8845e3491bfbac688a87cf0744f429ea112014402915c4c1f6bae08d689d3cb7d641d7befe8fc74a2242310a9a367a39531b4c86da5b39df524e52f33ff9c40b48cb196ffc9ca855b6e698ade8a83e52b9ddc5031ff09e1907e4f8b0d07e64e1fb8e427f8819a7be907aa216bf8e2a4c7cc87ed53bf9490d4cc788b91f3b9f705e984a7e62c7a495e8421b97c39dc954b35468f17c6682334f4e16308448f457faeffff6d1f818522fa441d3a48168bdb12ffebace436a3915b63076cb6a655718647f87eaaf313b5bbd430421eed3a2215e439600a56eac8c65291eb103326a8034662bd337ab51577d9110ec7151be5cc9c54b2a30891acac5ad006ed537dbeb8f16eecbde7cf4e71373faf3c36b772f6d7ea9346875c8cf1049d49d4f8eb01b946c11e8c8e3ab2015f282167acddcc77fff03e1be9134252af0abfe538b4d25fc4ff874b52b9fb0996b5f32b4141dbd30578ff46e13ef6c63fc1620f62cb11a3dce401993976c272a5f62fde3f2a0e654d19e7a39dcdb622b9526d2a15cc18e6f817c916a00775353dd9c8954e66d0445b59bb0f5e6e3b46447232f52a0e398b057d123ef503afcbd48544db6434d2025bfc8dab72262a4fa5426a03061e7f8966e0086ff8ab5a91ab59f19b830394ee8bc76d6fb4816b8f4cde35b7eb9d3811228d51c54828f97fd1e648196c81bc73ed56249a59f318704e84656a6cedd2b8c1e1808d1cc648749abc643131e494c01336d4a14b8609656f2c972dc23c5c2e43fe40119fb88b5ec2aade35c03646e347354c493de8ab3672ccf94af0df333c6678299129d79be0eec281c5b3858ce3995566a390b674635b356692e3e9c53a089638ba0d69e772b7b410a5ae03de12e7de755ee559e1707b7b8003aabc8e2ce03c01e3183ff2d93262f6d5ceaafecdae66bc7cb3952c5a6571d864d502f281db5a228695badca5d022fdb6da56ab15dc377d1c1f8581ff56e28c2b2a84edb629547d28275c2ed571103b4ca7cdeb0776ba9f9dffcd78d21c3d4caa9289ed199672f4e7b912068c49c817114c37d37ea03954bae87d1ddae3da2ad85feb2fbb735b75a51f7bee5c8d88cc7bf64700d1a46ec6b631ae22ac7b06730a86a26bdcb992e1c7b50142de96b14a8468e4514068a30896fc677fddefaebb125c693a8d460469c7fe535f844781940f66d6abd091191c3122d584f5b0f5b0d443713d7d5186124d73de28aca30b719d4a55e09d259bddbf16995aeb1000880890afbd24d4066b0398985a40999de22ce176348e1c1f57eaf75b92a1e4f1482e89a00ac2cc36b20e36af9ec310599c19a5b1d6f8fadba104c58c801c6633315f82ebfa88faddd0b693e2f827f586c1cc5538e93bcf10f81af6dd7ee727df3b5018c0b4e31e40d040a47503b6ace4d29a1162ce487351825255f5584aff7cbd421f85c3d9fbb3784abd9848f16028b68f0d32ed8bb80106e8cc4acb939ff88bd39976d166b2addebf628b3fcd056da2f60e1b90f7a32702954921908ebccb683622a1f574ceba6951bef5e751c338c8279318dc28e36b9fc2bb17c3ad08aceb00fc388e6db112a738f86a4a1eb11526e1b9d73250b326285ed47c4398d93a3933d9a784249b65ad7d78a1f81d96ef36493ed693045a2150a8eb43cecc0c93e7d20b15b39a0646b081c2923b816365b7fbb41683a41732d942c5aa12faf876ec7f036becde8f3295af6dacff38d076d8e06260fee167703bb610745374a2758a6b88e465ca77d1f3105ae8b6b04a1eb509fb178d6249dbbc84d5d1d069278449a89d03e4a9a395d8170c329a296cfc329798cb9b9f1078d098cf3f989fd4ec53e013fbe917df35292d44fb1f3da4da4432a1847d4721514ade8cda5e5c0b51183580fc35266a970ebba74faeda56d4dcb56df51f96ad237452cedbd0cb2bee112713c3d450835811bf3da9745136d428e148fd0932dc77c8d8e61a16c625241fad8425b4ece394eedd5f165bd94923bfa1172be8edc8a4fcaae5f77ee8cc510192b27964da09c3e84efb4bc7154da1a24da8b7e544b42278d2574687ec76143afa6cf193d52a2a7f4c20ee57b6056a1337d5e408117a6cf1ab49c8980f39597f69902085d3e8d374d44e6ab4ed1185a26be2bc7281e9cfbbeb6bed899aa1924d3faa06d95999fbeaf2337494e0c2c39eef5a73fcde84459a9ea48d4e015d9e5bb5839354967ce02f637bc8678d2595b9a918fc36b927d7501f0ac2e3471ce02b5df355689c87f191ef5390900a41deec29984e45a878ece964b0009aad561316fc3b30ce1b49266d32eb17cd30f3e17e1f59014e8c518940dd0a093d1349c1a7c2581963bbe0ba372b6426e81c33c71b2ec8141c5713e52a37fff0a417a5b259e1420d9fb6a731f5baa0cc494221947895aa8fa14745a986a366bff9d0c239a19f85372497565b5b703da16439019df5f3d29f4247fb528854c9648630f03e9dedde5a08a47728ea6a4d42e62eff6fa3bd402325e0f4387b60171c37c180f958ad80955779c899517e7ea76eed00598e01552eaaf08b723daf9d466e8c57af43a15a46528b1119f5074aa3c51f77357ebe158275bc06b89640d7ce3c0a03af01418d7dc6ae8a1be8ab08c1722d66d1e9277480b8b178447667c024f9b78f8a878a2d7cf8e83e5104f6964b2907a989abafc7d7d0df941abf3d7283b6a11d46c2911a42182ec27ab785d92946e1ee8ef44846d561850d2a98c305c382f36d4cfc9b2bfd3b86ef21a0d187adcafbec8268c7d662a34dda1c83c4967097743133bc8c587edf249f5668c34ddb112fa4eb1bea9c8f6a000f1f34428b54688a5e214a7919868b25dbe930e86a243ecf54afe0b518c647d04873d2cf62cb2ab27f00015537a4fd2ea3dc8777abdf3284622347016566da0b9c406ca8c40694e4013a53fbf2e803d51b0bbe5e9df5fc74f66be618856357ccf803c53ed0e3b3fe79f69f0ede9b565d8f7a8ce5aa8cbb4e8fa61be3fd00ffb07e45065498925c14c0b311942d4ed951ad6237aadb5405bc7b2d79e1fd295b7c2ed8efa883e44c86a5053e2f421c6d4dc0c47d3a05d911db37d6efdb8e50fb3f06139ac147bc7162c21aece79eaf72e9779f19eb5395cec3d15a7594ea70a6b373d98651d2215b210f037ea3f8a57ded74474f6fdb64a08b56af52168da70b30aee03472cd8bee5af04cad7303004a4aba464b99", 0xcb3}], 0x5, &(0x7f0000001480)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @private, @multicast1}}}], 0x20}, 0x0) recvmsg$unix(r4, &(0x7f0000001140)={0x0, 0x0, &(0x7f0000001040)=[{&(0x7f00000015c0)=""/4096, 0x7ffff000}], 0x1, 0x0, 0x2}, 0x40000300) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000000)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000000380)=[{&(0x7f00000001c0)="91cfdfefdb", 0x1a000}], 0x1}, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r0, 0x3ba0, &(0x7f00000003c0)={0x48, 0xa, r2, 0x0, r1}) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x2000) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r5, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 4.484851605s ago: executing program 1 (id=9123): r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x5ce9b5144b755ae) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @rand_addr, 0x4}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x49, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2, 0x4}, 0x1c) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f00000010c0)=0xb, 0x4) recvmmsg(r1, &(0x7f0000001840)=[{{0x0, 0x0, 0x0}, 0x7}], 0x1, 0x42, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r3 = openat$audio(0xffffff9c, &(0x7f0000000080), 0x40080, 0x0) ioctl$SNDCTL_DSP_POST(r3, 0x5015, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000480), r4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94) r6 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r6, &(0x7f0000005100)={0x0, 0x0, &(0x7f00000050c0)={&(0x7f0000000200)={0x20, 0x140e, 0x101, 0x70bd29, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0xfd001707709cba22}, 0x20008004) sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="010026bd7000fcdbdf2502000000080001"], 0x1c}}, 0x840) syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0009030320d812010079de01ec020109021b0001000003000904000001785ecc000905850200"], 0x0) r7 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r7, &(0x7f0000000000)=""/172, 0xac) write$nci(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="40040104"], 0x4) ioctl$NBD_DO_IT(r0, 0xab03) 4.343167171s ago: executing program 5 (id=9124): sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000002c0)="f973085a6ea39ea1b25a1c6b351e11245900557d1c8e9f86bae5e5c64e50ef25afb0295d0c303850b4bff4d088bf9df67e013836e2882dad3f7698b52997f7efa9eb96f09be1c3019445927c6b2fe32d38ae2bcad2ac0d85ebd42914fb18b7d0670f8b3be16755ead6a6fb713fa618ce2cf424ea7cc84b04016b9a2afbfaf68803", 0x81}, {&(0x7f0000000380)="82f294054d05973abfac6a6f31050418457d017c5fd68b034cf51b9f6a6d71daa5c776bca90037bc7c3d88b151fbf856f69ebd05e750f13f02af646b284953b6640a08c827c6f2ff4ad8e84077f9f03f94792aa17c4743cba3f355bb9c5b04b91ed70d253db68e17cdd561", 0x6b}], 0x2}}, {{0x0, 0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000580)}], 0x2}}], 0x2, 0x20000044) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00', 0x0}) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={0x0, 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000d40)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x10010002}, 0xc, &(0x7f0000000c80)={&(0x7f0000000e00)=ANY=[@ANYBLOB="7c0100", @ANYRES16=r1, @ANYRES32, @ANYRESDEC, @ANYRES32=r0, @ANYRES8=r1, @ANYRES32=r0, @ANYBLOB="400001801400020070696d367265673000000000000000001400020073797a5f74756e00000000000000000014000200697036677265746170300000000000003000018008000100", @ANYRES8, @ANYBLOB="080003000300000008000100", @ANYRES32=r0, @ANYBLOB="140002"], 0x17c}, 0x1, 0x0, 0x0, 0x4008004}, 0x20000080) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) truncate(&(0x7f0000000940)='./file1\x00', 0x2fffffd) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3be", 0x6) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 3.296998614s ago: executing program 5 (id=9125): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000035ffaa20cd0caf104a380102030109021b0001000010000904590201801e2a00090582"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000640)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f00000003c0)={0x2c, &(0x7f0000000240)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000680)={0x44, &(0x7f0000000380)={0x0, 0x30, 0x1, "a1"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2.855690135s ago: executing program 0 (id=9126): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000006000/0x2000)=nil, &(0x7f000000d000/0x4000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ff3000/0x3000)=nil, &(0x7f0000ff6000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc8a2, 0xc000, 0x1, 0xf3}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@deltfilter={0xe, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x3}, {0x0, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x8010}, 0x0) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f00000004c0)={0x4b5a9da54893e123, 0x3, 0x18, 0xff}, 0x8, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0}) sendmsg$sock(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x12001, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) bpf$MAP_CREATE(0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x10010, 0xffffffffffffffff, 0x0) 2.777070154s ago: executing program 1 (id=9127): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'tunl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0x6, 0xd}, {0x0, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x4004010) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) close(r2) r3 = syz_usb_connect(0x2, 0x24, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r3, 0x0, &(0x7f0000000000)={0x1c, &(0x7f0000000240)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r3, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r3, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000500)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0) syz_usb_control_io$uac1(r3, 0x0, 0x0) syz_usb_control_io$uac1(r3, 0x0, &(0x7f0000000040)={0x44, &(0x7f0000000180)=ANY=[@ANYBLOB="408100000069"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r3, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) syz_usb_control_io$printer(r3, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r3, 0x0, &(0x7f00000001c0)={0x1c, &(0x7f0000000940)=ANY=[], 0x0, 0x0}) syz_usb_control_io(r3, 0x0, 0x0) 1.999041568s ago: executing program 3 (id=9128): r0 = socket$unix(0x1, 0x5, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd21, 0xfbffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}}, 0x24}}, 0x400) sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000280)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r4, {0xffff, 0x5}, {}, {0x7, 0xffff}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0xc, 0x8, 0x10000002, 0xc, 0x3}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x40080c1}, 0x4800) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r5) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x7}}) r6 = socket$kcm(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r6, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r7, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)='\r', 0x1}], 0x1}, 0x4) 1.269472601s ago: executing program 0 (id=9129): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="54000000020601080000000000000000000000000c00078008000640000000000500010006000000050005000a00000005000400000000000900020073797a31000000000d000300686173683a6e6574"], 0x54}, 0x1, 0x0, 0x0, 0x48000}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b18094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000140)='./file1\x00') r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x12d) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x40049366, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000001c00078018000180140002"], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000400), 0x8080, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0300000004000000040000000a000000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/10, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B'], 0x48) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newtaction={0x60, 0x30, 0xffff, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}}, 0x0) gettid() mount(&(0x7f0000000100)=@nullb, &(0x7f0000000040)='.\x00', &(0x7f0000000300)='romfs\x00', 0x5, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'tunl0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x8, 0xffffff37, 0xc934, 0x0, 0x10001, 0x40003, 0x0, 0x42b, 0x8001}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x40000}, 0x4004010) 0s ago: executing program 5 (id=9130): socket$inet_sctp(0x2, 0x1, 0x84) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x8000000000001, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = memfd_create(&(0x7f00000000c0)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc86s\xe07(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU', 0x1) r4 = dup(r3) write$binfmt_elf32(r4, 0x0, 0x58) execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) kernel console output (not intermixed with test programs): om [ 1673.397925][T29419] Bluetooth: hci3: command 0x0406 tx timeout [ 1673.440938][ T5613] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 1673.448841][ T5613] em28xx 4-1:0.0: dvb set to bulk mode. [ 1673.454444][T17277] em28xx 4-1:0.0: Binding DVB extension [ 1673.473929][ T5613] usb 4-1: USB disconnect, device number 63 [ 1673.491161][ T5613] em28xx 4-1:0.0: Disconnecting em28xx [ 1673.522939][T17277] em28xx 4-1:0.0: Registering input extension [ 1673.530938][ T5613] em28xx 4-1:0.0: Closing input extension [ 1673.572784][ T5613] em28xx 4-1:0.0: Freeing device [ 1673.638450][T29419] Bluetooth: hci0: command 0x0406 tx timeout [ 1673.954572][T31229] netlink: 'syz.3.7832': attribute type 3 has an invalid length. [ 1673.986741][ T5613] usb 6-1: USB disconnect, device number 44 [ 1677.500171][T24303] usb 2-1: USB disconnect, device number 78 [ 1677.596606][T31241] netlink: 56 bytes leftover after parsing attributes in process `syz.0.7836'. [ 1678.743235][T31261] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7841'. [ 1679.834809][T31274] netlink: 'syz.0.7845': attribute type 3 has an invalid length. [ 1679.927938][T24303] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 1680.088343][T24303] usb 4-1: Using ep0 maxpacket: 16 [ 1680.095438][T24303] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1680.125478][T24303] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1680.134974][T24303] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1680.149937][T24303] usb 4-1: Product: syz [ 1680.157342][T24303] usb 4-1: Manufacturer: syz [ 1680.169044][T24303] usb 4-1: SerialNumber: syz [ 1680.183914][T24303] usb 4-1: config 0 descriptor?? [ 1680.199183][T24303] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1680.223942][T24303] em28xx 4-1:0.0: DVB interface 0 found: bulk [ 1680.798573][T24303] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 1681.134972][T31289] netlink: 'syz.1.7851': attribute type 1 has an invalid length. [ 1681.144566][T31289] netlink: 60 bytes leftover after parsing attributes in process `syz.1.7851'. [ 1681.437203][T31295] input: syz1 as /devices/virtual/input/input90 [ 1681.466192][T31295] netlink: 48 bytes leftover after parsing attributes in process `syz.2.7850'. [ 1681.839289][T24303] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 1681.874046][T24303] em28xx 4-1:0.0: board has no eeprom [ 1682.319951][T24303] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 1682.336309][T24303] em28xx 4-1:0.0: dvb set to bulk mode. [ 1682.342063][T10492] em28xx 4-1:0.0: Binding DVB extension [ 1682.361098][T24303] usb 4-1: USB disconnect, device number 64 [ 1682.371403][T24303] em28xx 4-1:0.0: Disconnecting em28xx [ 1682.424761][T10492] em28xx 4-1:0.0: Registering input extension [ 1682.431923][T24303] em28xx 4-1:0.0: Closing input extension [ 1682.452056][T31303] loop2: detected capacity change from 0 to 7 [ 1682.464279][T31303] Dev loop2: unable to read RDB block 7 [ 1682.485573][T24303] em28xx 4-1:0.0: Freeing device [ 1682.491224][T31303] loop2: unable to read partition table [ 1682.515427][T31303] loop2: partition table beyond EOD, truncated [ 1682.534008][T31303] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 1682.650399][T25230] usb 1-1: new high-speed USB device number 65 using dummy_hcd [ 1682.808753][T25230] usb 1-1: Using ep0 maxpacket: 8 [ 1682.935520][T25230] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1683.123344][T25230] usb 1-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 10 [ 1683.289672][T25230] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1683.423671][T25230] usb 1-1: New USB device found, idVendor=0853, idProduct=0313, bcdDevice= 0.00 [ 1683.780801][T31315] loop9: detected capacity change from 0 to 7 [ 1683.787425][T31315] buffer_io_error: 14 callbacks suppressed [ 1683.787441][T31315] Buffer I/O error on dev loop9, logical block 0, async page read [ 1683.801493][T31315] Buffer I/O error on dev loop9, logical block 0, async page read [ 1683.809413][T31315] Buffer I/O error on dev loop9, logical block 0, async page read [ 1683.817302][T31315] Buffer I/O error on dev loop9, logical block 0, async page read [ 1683.825247][T31315] Buffer I/O error on dev loop9, logical block 0, async page read [ 1683.833168][T31315] Buffer I/O error on dev loop9, logical block 0, async page read [ 1683.841065][T31315] Buffer I/O error on dev loop9, logical block 0, async page read [ 1683.848951][T31315] ldm_validate_partition_table(): Disk read failed. [ 1683.856417][T31315] Buffer I/O error on dev loop9, logical block 0, async page read [ 1683.864362][T31315] Buffer I/O error on dev loop9, logical block 0, async page read [ 1683.872267][T31315] Buffer I/O error on dev loop9, logical block 0, async page read [ 1683.880407][T31315] Dev loop9: unable to read RDB block 0 [ 1683.886261][T31315] loop9: unable to read partition table [ 1683.892200][T31315] loop9: partition table beyond EOD, truncated [ 1683.898410][T31315] loop_reread_partitions: partition scan of loop9 () failed (rc=-5) [ 1685.227981][T25230] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1685.258387][T25230] usb 1-1: config 0 descriptor?? [ 1685.454478][T25230] usbhid 1-1:0.0: can't add hid device: -71 [ 1685.875628][T25230] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 1685.890144][T25230] usb 1-1: USB disconnect, device number 65 [ 1686.001768][T31326] netlink: 'syz.3.7862': attribute type 1 has an invalid length. [ 1686.028014][T31326] netlink: 60 bytes leftover after parsing attributes in process `syz.3.7862'. [ 1686.531252][ T5807] usb 2-1: new high-speed USB device number 79 using dummy_hcd [ 1686.798239][ T5807] usb 2-1: Using ep0 maxpacket: 16 [ 1686.915824][ T5807] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1687.077613][ T5807] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1687.237732][ T5807] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1687.350707][ T5807] usb 2-1: Product: syz [ 1687.395233][ T5807] usb 2-1: Manufacturer: syz [ 1687.453493][ T5807] usb 2-1: SerialNumber: syz [ 1687.757452][ T5807] usb 2-1: config 0 descriptor?? [ 1687.801267][ T5807] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1687.816167][ T5807] em28xx 2-1:0.0: DVB interface 0 found: bulk [ 1688.150023][T17277] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 1688.544477][T31358] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7874'. [ 1689.364661][ T5807] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 1689.382112][T17277] usb 3-1: Using ep0 maxpacket: 16 [ 1689.819212][T17277] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1689.865349][T17277] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1689.904932][T17277] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1689.927697][ T5807] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 1689.940881][T17277] usb 3-1: Product: syz [ 1689.945376][T31362] netlink: 'syz.5.7875': attribute type 1 has an invalid length. [ 1689.953756][ T5807] em28xx 2-1:0.0: board has no eeprom [ 1689.960355][T17277] usb 3-1: Manufacturer: syz [ 1689.964985][T17277] usb 3-1: SerialNumber: syz [ 1689.974931][T31362] netlink: 60 bytes leftover after parsing attributes in process `syz.5.7875'. [ 1689.987450][T17277] usb 3-1: config 0 descriptor?? [ 1690.009591][T17277] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1690.019023][T17277] em28xx 3-1:0.0: DVB interface 0 found: bulk [ 1690.047938][ T5807] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 1690.057863][ T5807] em28xx 2-1:0.0: dvb set to bulk mode. [ 1690.070229][ T5613] em28xx 2-1:0.0: Binding DVB extension [ 1690.088235][ T5807] usb 2-1: USB disconnect, device number 79 [ 1690.101042][ T5807] em28xx 2-1:0.0: Disconnecting em28xx [ 1690.232734][T31378] futex_wake_op: syz.1.7880 tries to shift op by 144; fix this program [ 1690.559137][ T5613] em28xx 2-1:0.0: Registering input extension [ 1690.580993][ T5807] em28xx 2-1:0.0: Closing input extension [ 1690.619247][ T5807] em28xx 2-1:0.0: Freeing device [ 1690.669164][T17277] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 1693.049513][T17277] em28xx 3-1:0.0: failed to get i2c transfer status from bridge register (error=-5) [ 1693.081111][T17277] em28xx 3-1:0.0: board has no eeprom [ 1693.168159][T17277] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 1693.186193][T17277] em28xx 3-1:0.0: dvb set to bulk mode. [ 1693.208754][ T5613] em28xx 3-1:0.0: Binding DVB extension [ 1693.239318][T17277] usb 3-1: USB disconnect, device number 64 [ 1693.267747][T17277] em28xx 3-1:0.0: Disconnecting em28xx [ 1694.259766][ T5613] em28xx 3-1:0.0: Registering input extension [ 1694.266069][T17277] em28xx 3-1:0.0: Closing input extension [ 1694.301702][T17277] em28xx 3-1:0.0: Freeing device [ 1696.184706][T31432] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7886'. [ 1697.168174][T31433] loop9: detected capacity change from 0 to 7 [ 1697.174728][T31433] buffer_io_error: 4 callbacks suppressed [ 1697.174743][T31433] Buffer I/O error on dev loop9, logical block 0, async page read [ 1697.188498][T31433] Buffer I/O error on dev loop9, logical block 0, async page read [ 1697.196505][T31433] Buffer I/O error on dev loop9, logical block 0, async page read [ 1697.204407][T31433] Buffer I/O error on dev loop9, logical block 0, async page read [ 1697.212331][T31433] Buffer I/O error on dev loop9, logical block 0, async page read [ 1697.220257][T31433] Buffer I/O error on dev loop9, logical block 0, async page read [ 1697.228144][T31433] Buffer I/O error on dev loop9, logical block 0, async page read [ 1697.236007][T31433] ldm_validate_partition_table(): Disk read failed. [ 1697.242994][T31433] Buffer I/O error on dev loop9, logical block 0, async page read [ 1697.250931][T31433] Buffer I/O error on dev loop9, logical block 0, async page read [ 1697.258828][T31433] Buffer I/O error on dev loop9, logical block 0, async page read [ 1697.266753][T31433] Dev loop9: unable to read RDB block 0 [ 1697.368065][T31433] loop9: unable to read partition table [ 1697.374750][T31433] loop9: partition table beyond EOD, truncated [ 1697.380961][T31433] loop_reread_partitions: partition scan of loop9 () failed (rc=-5) [ 1698.129062][ T5613] usb 6-1: new high-speed USB device number 45 using dummy_hcd [ 1698.346051][ T5613] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1698.388648][ T5613] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1698.447336][ T5613] usb 6-1: Product: syz [ 1698.475369][ T5613] usb 6-1: Manufacturer: syz [ 1698.490394][ T5613] usb 6-1: SerialNumber: syz [ 1698.532326][ T5613] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1698.549488][T29202] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1698.747940][ T5613] usb 6-1: USB disconnect, device number 45 [ 1699.639098][T29202] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive [ 1699.675962][T29202] ath9k_htc: Failed to initialize the device [ 1699.704496][ T5613] usb 6-1: ath9k_htc: USB layer deinitialized [ 1700.038729][ T5613] usb 6-1: new high-speed USB device number 46 using dummy_hcd [ 1700.222991][ T5613] usb 6-1: Using ep0 maxpacket: 16 [ 1700.243995][ T5613] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1700.281283][ T5613] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1700.323922][ T5613] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 1700.363658][ T5613] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1700.424478][ T5613] usb 6-1: config 0 descriptor?? [ 1700.462150][ T5613] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 1702.209310][T29202] usb 6-1: USB disconnect, device number 46 [ 1703.697296][T31475] loop9: detected capacity change from 0 to 7 [ 1703.703918][T31475] buffer_io_error: 4 callbacks suppressed [ 1703.703933][T31475] Buffer I/O error on dev loop9, logical block 0, async page read [ 1703.717599][T31475] Buffer I/O error on dev loop9, logical block 0, async page read [ 1703.728144][T31475] Buffer I/O error on dev loop9, logical block 0, async page read [ 1703.736052][T31475] Buffer I/O error on dev loop9, logical block 0, async page read [ 1703.744939][T31475] Buffer I/O error on dev loop9, logical block 0, async page read [ 1703.753533][T31475] Buffer I/O error on dev loop9, logical block 0, async page read [ 1703.761473][T31475] Buffer I/O error on dev loop9, logical block 0, async page read [ 1703.769402][T31475] ldm_validate_partition_table(): Disk read failed. [ 1703.776027][T31475] Buffer I/O error on dev loop9, logical block 0, async page read [ 1703.783993][T31475] Buffer I/O error on dev loop9, logical block 0, async page read [ 1703.792030][T31475] Buffer I/O error on dev loop9, logical block 0, async page read [ 1703.800351][T31475] Dev loop9: unable to read RDB block 0 [ 1703.806113][T31475] loop9: unable to read partition table [ 1703.811978][T31475] loop9: partition table beyond EOD, truncated [ 1703.818183][T31475] loop_reread_partitions: partition scan of loop9 () failed (rc=-5) [ 1705.435895][T29202] usb 6-1: new high-speed USB device number 47 using dummy_hcd [ 1705.936899][T29202] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1705.968434][T29202] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1706.009535][T29202] usb 6-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 1706.020878][T29202] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1706.047988][T31496] input: syz1 as /devices/virtual/input/input94 [ 1706.112768][T31496] netlink: 48 bytes leftover after parsing attributes in process `syz.1.7914'. [ 1706.526659][T29202] usb 6-1: config 0 descriptor?? [ 1706.629689][T31501] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=31501 comm=syz.3.7908 [ 1707.196105][T31507] input: syz1 as /devices/virtual/input/input95 [ 1707.249224][T31507] netlink: 48 bytes leftover after parsing attributes in process `syz.2.7917'. [ 1707.525599][T29202] hid_parser_main: 4 callbacks suppressed [ 1707.525620][T29202] cp2112 0003:10C4:EA90.0018: unknown main item tag 0x0 [ 1707.680358][T29202] cp2112 0003:10C4:EA90.0018: unknown main item tag 0x0 [ 1707.689027][T29202] cp2112 0003:10C4:EA90.0018: unknown main item tag 0x0 [ 1707.696190][T29202] cp2112 0003:10C4:EA90.0018: unknown main item tag 0x0 [ 1707.703610][T29202] cp2112 0003:10C4:EA90.0018: unknown main item tag 0x0 [ 1707.710862][ T29] audit: type=1400 audit(2000000938.250:1181): avc: denied { map } for pid=31512 comm="syz.3.7920" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 1707.735538][T29202] cp2112 0003:10C4:EA90.0018: unknown main item tag 0x0 [ 1707.743904][ T29] audit: type=1400 audit(2000000938.250:1182): avc: denied { execute } for pid=31512 comm="syz.3.7920" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 1707.782924][T29202] cp2112 0003:10C4:EA90.0018: unknown main item tag 0x0 [ 1707.797056][T29202] cp2112 0003:10C4:EA90.0018: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.5-1/input0 [ 1707.945932][T29202] cp2112 0003:10C4:EA90.0018: Part Number: 0x00 Device Version: 0x00 [ 1707.974710][T31517] netlink: 'syz.1.7918': attribute type 9 has an invalid length. [ 1708.603455][T29202] cp2112 0003:10C4:EA90.0018: error reading lock byte: -71 [ 1709.334919][T29202] usb 6-1: USB disconnect, device number 47 [ 1710.191338][T31540] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=31540 comm=syz.5.7929 [ 1714.140008][T31575] netlink: 20 bytes leftover after parsing attributes in process `syz.5.7941'. [ 1714.660346][T31585] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=31585 comm=syz.0.7944 [ 1719.344320][T31643] binder: Binderfs stats mode cannot be changed during a remount [ 1721.158072][T29419] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 1721.158203][T31198] Bluetooth: hci0: command 0x0406 tx timeout [ 1722.217891][T24303] usb 1-1: new high-speed USB device number 66 using dummy_hcd [ 1722.638965][T31680] input: syz1 as /devices/virtual/input/input96 [ 1722.859741][ T29] audit: type=1400 audit(2000000953.380:1183): avc: denied { setattr } for pid=31674 comm="syz.3.7968" name="/" dev="configfs" ino=1143 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 1722.971630][T31685] binder: Binderfs stats mode cannot be changed during a remount [ 1723.399287][T24303] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1723.410007][T24303] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1723.420439][T24303] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1723.447838][T24303] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1723.490191][T24303] usb 1-1: SerialNumber: syz [ 1723.730034][T24303] usb 1-1: 0:2 : does not exist [ 1723.741229][T24303] usb 1-1: unit 5: unexpected type 0x03 [ 1723.857445][T24303] usb 1-1: USB disconnect, device number 66 [ 1724.258972][ T1310] ieee802154 phy1 wpan1: encryption failed: -22 [ 1724.265511][T29419] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 1724.277839][T29419] Bluetooth: hci0: command 0x0406 tx timeout [ 1726.932463][T31727] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7982'. [ 1727.158651][T24303] usb 6-1: new high-speed USB device number 48 using dummy_hcd [ 1728.292191][T24303] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1728.341086][T24303] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1728.360878][T24303] usb 6-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 1728.370851][T24303] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1728.394052][T24303] usb 6-1: config 0 descriptor?? [ 1730.162054][T24303] usb 6-1: can't set config #0, error -71 [ 1730.169357][T24303] usb 6-1: USB disconnect, device number 48 [ 1733.243911][T31806] input: syz1 as /devices/virtual/input/input97 [ 1733.311588][T31806] netlink: 48 bytes leftover after parsing attributes in process `syz.3.8001'. [ 1735.921169][T31831] netlink: 'syz.5.8007': attribute type 9 has an invalid length. [ 1736.498829][T31843] netlink: 'syz.0.8012': attribute type 9 has an invalid length. [ 1738.156491][T29419] Bluetooth: Unexpected continuation frame (len 16) [ 1743.799161][T29419] Bluetooth: hci3: ACL packet for unknown connection handle 201 [ 1743.806936][T29419] Bluetooth: hci3: ACL packet for unknown connection handle 201 [ 1744.232480][T31917] input: syz1 as /devices/virtual/input/input98 [ 1744.306885][T31918] netlink: 48 bytes leftover after parsing attributes in process `syz.1.8033'. [ 1747.362287][T31941] binder: Binderfs stats mode cannot be changed during a remount [ 1749.173061][T29419] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 1749.183394][T31198] Bluetooth: hci0: command 0x0406 tx timeout [ 1755.342940][T32003] netlink: 'syz.5.8055': attribute type 9 has an invalid length. [ 1758.962641][T32030] netlink: 'syz.3.8065': attribute type 3 has an invalid length. [ 1760.160302][T32039] netlink: 48 bytes leftover after parsing attributes in process `syz.1.8067'. [ 1760.932270][T32049] netlink: 'syz.1.8071': attribute type 9 has an invalid length. [ 1761.153456][T31198] Bluetooth: hci5: unexpected event for opcode 0x200c [ 1761.270621][T32056] netlink: 'syz.0.8069': attribute type 9 has an invalid length. [ 1763.768977][T32085] netlink: 20 bytes leftover after parsing attributes in process `syz.5.8079'. [ 1764.109777][ T5613] usb 1-1: new high-speed USB device number 67 using dummy_hcd [ 1764.619660][ T5613] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 1764.656818][ T5613] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 1764.760699][ T5613] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121 [ 1764.773215][ T5613] usb 1-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 1764.783326][ T5613] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1764.791587][ T5613] usb 1-1: Product: syz [ 1764.795840][ T5613] usb 1-1: Manufacturer: syz [ 1764.806024][ T5613] usb 1-1: SerialNumber: syz [ 1764.836119][ T5613] usb 1-1: config 0 descriptor?? [ 1764.916446][T32098] netlink: 48 bytes leftover after parsing attributes in process `syz.1.8085'. [ 1765.289032][T32078] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1765.299745][T32078] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1765.320551][ T5613] usb 1-1: ucan: probing device on interface #0 [ 1765.541541][ T5613] usb 1-1: ucan: device protocol version 0 is not supported [ 1765.551435][ T5613] usb 1-1: ucan: probe failed; try to update the device firmware [ 1767.835612][T24382] usb 1-1: USB disconnect, device number 67 [ 1769.356859][T32138] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8096'. [ 1770.992525][T32149] loop2: detected capacity change from 0 to 7 [ 1771.046085][T32149] Dev loop2: unable to read RDB block 7 [ 1771.164145][T32149] loop2: unable to read partition table [ 1771.248215][T32149] loop2: partition table beyond EOD, truncated [ 1771.298058][T32149] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 1771.456191][T32159] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1773.132744][T32171] netlink: 'syz.3.8110': attribute type 9 has an invalid length. [ 1776.266949][T32182] loop2: detected capacity change from 0 to 7 [ 1776.276363][T32182] Dev loop2: unable to read RDB block 7 [ 1776.292679][T32182] loop2: unable to read partition table [ 1776.299356][T32182] loop2: partition table beyond EOD, truncated [ 1776.310125][T32182] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 1777.149342][T32190] netlink: 'syz.0.8115': attribute type 9 has an invalid length. [ 1777.891623][T24303] usb 6-1: new full-speed USB device number 49 using dummy_hcd [ 1778.119296][T32204] netlink: 'syz.3.8119': attribute type 9 has an invalid length. [ 1778.510122][T32206] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1778.959538][T24303] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 1779.149339][T24303] usb 6-1: config 0 has no interface number 0 [ 1779.171357][T24303] usb 6-1: config 0 interface 1 altsetting 149 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1780.144807][T24303] usb 6-1: config 0 interface 1 altsetting 149 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1780.155018][T24303] usb 6-1: config 0 interface 1 altsetting 149 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1780.181089][T24303] usb 6-1: config 0 interface 1 has no altsetting 0 [ 1780.421868][T32216] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8121'. [ 1780.624137][ T5613] IPVS: starting estimator thread 0... [ 1780.635644][T24303] usb 6-1: New USB device found, idVendor=04f2, idProduct=1236, bcdDevice= 0.00 [ 1780.647923][T24303] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1780.770285][T24303] usb 6-1: config 0 descriptor?? [ 1780.964420][T32223] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1780.974971][T24303] usb 6-1: can't set config #0, error -71 [ 1781.023046][T24303] usb 6-1: USB disconnect, device number 49 [ 1781.918060][T32217] IPVS: using max 44 ests per chain, 105600 per kthread [ 1785.641716][ T1310] ieee802154 phy1 wpan1: encryption failed: -22 [ 1787.156899][T32267] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1790.194190][T29419] Bluetooth: hci4: command 0x0406 tx timeout [ 1790.242451][T32305] netlink: 20 bytes leftover after parsing attributes in process `syz.1.8145'. [ 1791.407995][T32311] netlink: 'syz.0.8147': attribute type 9 has an invalid length. [ 1791.833807][T32321] loop9: detected capacity change from 0 to 7 [ 1791.841028][T32321] buffer_io_error: 14 callbacks suppressed [ 1791.841046][T32321] Buffer I/O error on dev loop9, logical block 0, async page read [ 1791.856037][T32321] Buffer I/O error on dev loop9, logical block 0, async page read [ 1791.863999][T32321] Buffer I/O error on dev loop9, logical block 0, async page read [ 1791.871951][T32321] Buffer I/O error on dev loop9, logical block 0, async page read [ 1791.879862][T32321] Buffer I/O error on dev loop9, logical block 0, async page read [ 1791.889146][T32321] Buffer I/O error on dev loop9, logical block 0, async page read [ 1791.897052][T32321] Buffer I/O error on dev loop9, logical block 0, async page read [ 1791.904983][T32321] ldm_validate_partition_table(): Disk read failed. [ 1791.911668][T32321] Buffer I/O error on dev loop9, logical block 0, async page read [ 1791.919637][T32321] Buffer I/O error on dev loop9, logical block 0, async page read [ 1791.927500][T32321] Buffer I/O error on dev loop9, logical block 0, async page read [ 1791.935404][T32321] Dev loop9: unable to read RDB block 0 [ 1791.941165][T32321] loop9: unable to read partition table [ 1791.946946][T32321] loop9: partition table beyond EOD, truncated [ 1791.953104][T32321] loop_reread_partitions: partition scan of loop9 () failed (rc=-5) [ 1797.214567][T32361] kvm: kvm [32360]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x166 [ 1797.627820][T17277] usb 2-1: new high-speed USB device number 80 using dummy_hcd [ 1797.804178][T17277] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1797.816145][T17277] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1797.827985][T17277] usb 2-1: Product: syz [ 1797.832258][T17277] usb 2-1: Manufacturer: syz [ 1797.836956][T17277] usb 2-1: SerialNumber: syz [ 1797.890832][T17277] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1797.916902][ T5807] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1798.137819][T32381] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8167'. [ 1799.225252][T24303] usb 2-1: USB disconnect, device number 80 [ 1799.797862][ T5807] usb 2-1: Service connection timeout for: 258 [ 1799.959871][ T5807] ath9k_htc 2-1:1.0: ath9k_htc: Unable to initialize HTC services [ 1799.976302][ T5807] ath9k_htc: Failed to initialize the device [ 1799.988996][T24303] usb 2-1: ath9k_htc: USB layer deinitialized [ 1800.464775][T32410] loop9: detected capacity change from 0 to 7 [ 1800.465114][T32410] buffer_io_error: 14 callbacks suppressed [ 1800.465122][T32410] Buffer I/O error on dev loop9, logical block 0, async page read [ 1800.465172][T32410] Buffer I/O error on dev loop9, logical block 0, async page read [ 1800.465232][T32410] Buffer I/O error on dev loop9, logical block 0, async page read [ 1800.465273][T32410] Buffer I/O error on dev loop9, logical block 0, async page read [ 1800.465320][T32410] Buffer I/O error on dev loop9, logical block 0, async page read [ 1800.465366][T32410] Buffer I/O error on dev loop9, logical block 0, async page read [ 1800.465406][T32410] Buffer I/O error on dev loop9, logical block 0, async page read [ 1800.465434][T32410] ldm_validate_partition_table(): Disk read failed. [ 1800.465455][T32410] Buffer I/O error on dev loop9, logical block 0, async page read [ 1800.465494][T32410] Buffer I/O error on dev loop9, logical block 0, async page read [ 1800.465541][T32410] Buffer I/O error on dev loop9, logical block 0, async page read [ 1800.465601][T32410] Dev loop9: unable to read RDB block 0 [ 1800.465704][T32410] loop9: unable to read partition table [ 1800.465789][T32410] loop9: partition table beyond EOD, truncated [ 1800.465801][T32410] loop_reread_partitions: partition scan of loop9 () failed (rc=-5) [ 1803.601219][T32446] loop2: detected capacity change from 0 to 7 [ 1803.627091][T32446] Dev loop2: unable to read RDB block 7 [ 1803.637970][T32446] loop2: unable to read partition table [ 1803.651689][T32446] loop2: partition table beyond EOD, truncated [ 1803.663333][T32442] kvm: kvm [32441]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x80006c49 [ 1803.672606][T32446] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 1806.381758][T32489] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1809.204341][T32526] input: syz1 as /devices/virtual/input/input100 [ 1809.275477][T32527] netlink: 48 bytes leftover after parsing attributes in process `syz.2.8216'. [ 1813.944793][T32565] loop9: detected capacity change from 0 to 7 [ 1813.951446][T32565] buffer_io_error: 14 callbacks suppressed [ 1813.951462][T32565] Buffer I/O error on dev loop9, logical block 0, async page read [ 1813.965402][T32565] Buffer I/O error on dev loop9, logical block 0, async page read [ 1813.973292][T32565] Buffer I/O error on dev loop9, logical block 0, async page read [ 1813.981388][T32565] Buffer I/O error on dev loop9, logical block 0, async page read [ 1813.989448][T32565] Buffer I/O error on dev loop9, logical block 0, async page read [ 1813.997336][T32565] Buffer I/O error on dev loop9, logical block 0, async page read [ 1814.006270][T32565] Buffer I/O error on dev loop9, logical block 0, async page read [ 1814.014449][T32565] ldm_validate_partition_table(): Disk read failed. [ 1814.021147][T32565] Buffer I/O error on dev loop9, logical block 0, async page read [ 1814.029106][T32565] Buffer I/O error on dev loop9, logical block 0, async page read [ 1814.037580][T32565] Buffer I/O error on dev loop9, logical block 0, async page read [ 1814.045613][T32565] Dev loop9: unable to read RDB block 0 [ 1814.051437][T32565] loop9: unable to read partition table [ 1814.057221][T32565] loop9: partition table beyond EOD, truncated [ 1814.063425][T32565] loop_reread_partitions: partition scan of loop9 () failed (rc=-5) [ 1815.246145][T32583] netlink: 'syz.2.8236': attribute type 9 has an invalid length. [ 1816.117852][T29419] Bluetooth: hci5: command 0x0406 tx timeout [ 1816.874218][T32602] input: syz1 as /devices/virtual/input/input101 [ 1816.949900][T32604] netlink: 48 bytes leftover after parsing attributes in process `syz.2.8241'. [ 1817.564372][T32603] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8242'. [ 1820.842847][T32634] netlink: 'syz.0.8248': attribute type 9 has an invalid length. [ 1822.635872][T32672] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1822.907645][ T29] audit: type=1400 audit(2000001053.060:1184): avc: denied { map } for pid=32669 comm="syz.0.8263" path="/dev/video8" dev="devtmpfs" ino=953 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 1822.974530][ T29] audit: type=1400 audit(2000001053.060:1185): avc: denied { execute } for pid=32669 comm="syz.0.8263" path="/dev/video8" dev="devtmpfs" ino=953 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 1824.287919][T10492] usb 1-1: new high-speed USB device number 68 using dummy_hcd [ 1824.459567][T10492] usb 1-1: Using ep0 maxpacket: 8 [ 1824.474154][T10492] usb 1-1: config 0 has an invalid interface number: 55 but max is 0 [ 1824.500549][T10492] usb 1-1: config 0 has no interface number 0 [ 1824.525733][T10492] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1824.551774][T10492] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 1824.581968][T10492] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1824.613459][T10492] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1824.662264][T10492] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1824.690077][T10492] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1824.732209][T10492] usb 1-1: config 0 descriptor?? [ 1824.759993][T10492] ldusb 1-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 1825.026908][T32683] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1825.041352][T32683] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1825.167860][T10492] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 1825.269282][T32702] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1825.292120][T32702] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1825.327958][T10492] usb 4-1: Using ep0 maxpacket: 8 [ 1825.352033][T10492] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 1825.379699][T10492] usb 4-1: config 0 has no interface number 0 [ 1825.403308][T10492] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1825.443982][T10492] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 1825.477349][T10492] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1825.517369][T10492] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1825.572979][T10492] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1825.599905][T10492] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1825.751078][T10492] usb 4-1: config 0 descriptor?? [ 1825.794124][T10492] ldusb 4-1:0.55: LD USB Device #1 now attached to major 180 minor 1 [ 1826.309005][T32712] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1826.511371][T32699] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1826.967001][T32699] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1827.042429][T32699] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1827.124366][T32699] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1827.173315][ T5807] usb 1-1: USB disconnect, device number 68 [ 1827.210055][T25230] usb 4-1: USB disconnect, device number 65 [ 1827.213095][ T5807] ldusb 1-1:0.55: LD USB Device #0 now disconnected [ 1827.283440][T25230] ldusb 4-1:0.55: LD USB Device #1 now disconnected [ 1827.370264][T32720] loop8: detected capacity change from 0 to 7 [ 1827.396278][T32720] Dev loop8: unable to read RDB block 7 [ 1827.428417][T32720] loop8: AHDI p1 [ 1827.442559][T32720] loop8: partition table partially beyond EOD, truncated [ 1828.725791][T32736] netlink: 76 bytes leftover after parsing attributes in process `syz.2.8278'. [ 1830.235618][T32759] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1835.480541][ T340] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1835.970762][ T343] netlink: 'syz.5.8300': attribute type 9 has an invalid length. [ 1836.827087][ T358] netlink: 'syz.0.8308': attribute type 9 has an invalid length. [ 1837.092363][ T362] netlink: 'syz.3.8303': attribute type 9 has an invalid length. [ 1839.888497][ T5613] usb 4-1: new high-speed USB device number 66 using dummy_hcd [ 1839.898373][ C1] raw-gadget.0 gadget.3: ignoring, device is not running [ 1840.044304][ T5613] usb 4-1: device descriptor read/64, error -32 [ 1841.367811][ T5613] usb 4-1: new high-speed USB device number 67 using dummy_hcd [ 1841.502481][ T384] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1841.558132][ T5613] usb 4-1: Using ep0 maxpacket: 8 [ 1841.590862][ T5613] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 1841.658305][ T5613] usb 4-1: config 0 has no interface number 0 [ 1841.711131][ T5613] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1841.806090][ T5613] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 1841.845815][ T5613] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1841.881977][ T5613] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1841.923971][ T5613] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1842.017302][ T5613] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1842.113060][ T5613] usb 4-1: config 0 descriptor?? [ 1842.144359][ T5613] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 1842.436428][ T369] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1842.477028][ T369] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1842.672114][ T396] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1842.673369][ T396] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1842.809258][T29202] usb 4-1: USB disconnect, device number 67 [ 1842.809292][ C1] ldusb 4-1:0.55: usb_submit_urb failed (-19) [ 1842.856767][T29202] ldusb 4-1:0.55: LD USB Device #0 now disconnected [ 1842.857297][ T369] ldusb: No device or device unplugged -19 [ 1844.382946][ T407] kvm: kvm [406]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xffe80000f400 [ 1844.973491][ T420] futex_wake_op: syz.3.8325 tries to shift op by 144; fix this program [ 1846.042872][ T436] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1846.870362][ T448] netlink: 'syz.5.8334': attribute type 9 has an invalid length. [ 1847.079720][ T1310] ieee802154 phy1 wpan1: encryption failed: -22 [ 1847.917823][T25230] usb 4-1: new high-speed USB device number 68 using dummy_hcd [ 1848.509198][T25230] usb 4-1: Using ep0 maxpacket: 8 [ 1848.519310][T25230] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 1848.527549][T25230] usb 4-1: config 0 has no interface number 0 [ 1848.533735][T25230] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1848.557764][T25230] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 1848.577953][T25230] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1848.597870][T25230] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1848.622981][T25230] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1848.632363][T25230] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1848.644950][T25230] usb 4-1: config 0 descriptor?? [ 1848.668109][T25230] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 1848.913294][ T455] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1848.930070][ T455] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1849.114532][ T472] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1849.142316][ T472] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1849.225089][T32208] usb 4-1: USB disconnect, device number 68 [ 1849.231097][ C0] ldusb 4-1:0.55: usb_submit_urb failed (-19) [ 1849.293131][ T455] ldusb: No device or device unplugged -19 [ 1849.300279][T32208] ldusb 4-1:0.55: LD USB Device #0 now disconnected [ 1858.303762][T29419] Bluetooth: hci2: command 0x0406 tx timeout [ 1858.467335][ T563] netlink: 'syz.5.8371': attribute type 3 has an invalid length. [ 1859.609963][ T579] input: syz1 as /devices/virtual/input/input102 [ 1859.760787][ T579] netlink: 48 bytes leftover after parsing attributes in process `syz.0.8373'. [ 1861.228797][T29202] usb 6-1: new high-speed USB device number 50 using dummy_hcd [ 1861.408591][T29202] usb 6-1: Using ep0 maxpacket: 8 [ 1861.429866][T29202] usb 6-1: config 0 has an invalid interface number: 55 but max is 0 [ 1861.457580][T29202] usb 6-1: config 0 has no interface number 0 [ 1861.485122][T29202] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1861.529103][T29202] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 1861.569920][T29202] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1861.599666][T29202] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1861.639606][T29202] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1861.667088][T29202] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1861.695205][T29202] usb 6-1: config 0 descriptor?? [ 1861.723065][T29202] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 1861.873106][ T602] kvm_intel: kvm [600]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x40000000382 [ 1861.935284][ T602] kvm: kvm [600]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 1861.980714][ T602] kvm: kvm [600]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 1861.995843][ T602] kvm: kvm [600]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x41 [ 1862.008985][ T590] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1862.023252][ T590] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1862.033684][ T602] kvm: kvm [600]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x64 [ 1862.058952][ T602] kvm: kvm [600]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 1862.093879][ T602] kvm: kvm [600]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 1862.129340][ T602] kvm: kvm [600]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 1862.304226][ T611] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1862.324729][ T611] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1862.539141][T32208] usb 6-1: USB disconnect, device number 50 [ 1862.539181][ C1] ldusb 6-1:0.55: usb_submit_urb failed (-19) [ 1863.217515][T32208] ldusb 6-1:0.55: LD USB Device #0 now disconnected [ 1863.227851][ T590] ldusb: No device or device unplugged -19 [ 1867.569918][ T665] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8404'. [ 1869.027603][ T683] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1870.928296][ T5734] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 1870.937533][ T705] netlink: 'syz.3.8416': attribute type 9 has an invalid length. [ 1871.107946][ T5734] usb 3-1: Using ep0 maxpacket: 8 [ 1871.121616][ T5734] usb 3-1: config 0 has an invalid interface number: 55 but max is 0 [ 1871.144183][ T5734] usb 3-1: config 0 has no interface number 0 [ 1871.161519][ T5734] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1871.189920][ T5734] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 1871.227377][ T5734] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1871.240996][ T715] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=715 comm=syz.0.8409 [ 1871.268203][ T5734] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1871.304509][ T5734] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1871.334086][ T5734] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1871.379405][ T5734] usb 3-1: config 0 descriptor?? [ 1871.412910][ T5734] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 1871.793073][ T724] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1872.384640][ T730] input: syz1 as /devices/virtual/input/input103 [ 1872.929933][ T702] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1873.071639][ T702] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1873.411213][ T745] input: syz1 as /devices/virtual/input/input105 [ 1873.584167][ T749] input: syz1 as /devices/virtual/input/input104 [ 1874.534796][ T752] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.8426'. [ 1874.743992][ T5734] usb 3-1: USB disconnect, device number 65 [ 1874.789462][ T761] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1874.819631][ T5734] ldusb 3-1:0.55: LD USB Device #0 now disconnected [ 1875.289995][ T767] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1875.882010][ T788] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=788 comm=syz.5.8436 [ 1876.181603][ T795] input: syz1 as /devices/virtual/input/input106 [ 1876.922932][ T811] futex_wake_op: syz.1.8444 tries to shift op by 144; fix this program [ 1878.200158][ T825] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1878.886938][T24303] usb 4-1: new high-speed USB device number 69 using dummy_hcd [ 1879.172361][T24303] usb 4-1: Using ep0 maxpacket: 32 [ 1879.179909][ T840] mac80211_hwsim hwsim32 syzkaller0: left promiscuous mode [ 1879.189292][ T840] mac80211_hwsim hwsim32 syzkaller0: left allmulticast mode [ 1879.199403][T24303] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1879.211616][T24303] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1879.235350][T24303] usb 4-1: config 0 descriptor?? [ 1879.461495][T24303] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware [ 1879.490366][T24303] usb 4-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2 [ 1879.514774][T24303] usb 4-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw [ 1879.515839][ T29] audit: type=1400 audit(2000001110.050:1186): avc: denied { firmware_load } for pid=24303 comm="kworker/0:1" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 1879.666849][ T829] team0: entered promiscuous mode [ 1879.695560][ T829] team_slave_0: entered promiscuous mode [ 1879.707970][ T829] team_slave_1: entered promiscuous mode [ 1879.739111][ T829] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1880.075915][ T859] netlink: 'syz.5.8458': attribute type 9 has an invalid length. [ 1881.193702][ T879] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1881.388656][ T883] netlink: 'syz.0.8465': attribute type 9 has an invalid length. [ 1882.327801][T10492] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 1882.707807][T10492] usb 3-1: Using ep0 maxpacket: 16 [ 1882.718857][T10492] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1882.761479][T10492] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1882.821955][T10492] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1882.880445][T10492] usb 3-1: Product: syz [ 1882.914141][T10492] usb 3-1: Manufacturer: syz [ 1882.966979][T10492] usb 3-1: SerialNumber: syz [ 1883.089291][T10492] usb 3-1: config 0 descriptor?? [ 1883.222927][T10492] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1883.343951][T10492] em28xx 3-1:0.0: DVB interface 0 found: bulk [ 1883.976629][T10492] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 1884.279005][ T908] netlink: 'syz.3.8473': attribute type 9 has an invalid length. [ 1885.530174][T10492] em28xx 3-1:0.0: read from i2c device at 0xa0 failed with unknown error (status=65) [ 1885.541751][T10492] em28xx 3-1:0.0: board has no eeprom [ 1885.637939][T10492] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 1885.660566][T10492] em28xx 3-1:0.0: dvb set to bulk mode. [ 1885.677151][T32208] em28xx 3-1:0.0: Binding DVB extension [ 1885.720359][T10492] usb 3-1: USB disconnect, device number 66 [ 1885.750971][T10492] em28xx 3-1:0.0: Disconnecting em28xx [ 1885.833287][T32208] em28xx 3-1:0.0: Registering input extension [ 1885.833401][T10492] em28xx 3-1:0.0: Closing input extension [ 1886.860809][T10492] em28xx 3-1:0.0: Freeing device [ 1887.297808][T10492] usb 3-1: new high-speed USB device number 67 using dummy_hcd [ 1887.469346][T10492] usb 3-1: config 1 has an invalid interface number: 5 but max is 2 [ 1887.492408][T10492] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1887.513315][T10492] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1887.540498][T10492] usb 3-1: config 1 has no interface number 1 [ 1887.560660][T10492] usb 3-1: config 1 interface 5 has no altsetting 0 [ 1887.588777][T10492] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1887.600619][T10492] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1887.622519][T10492] usb 3-1: SerialNumber: syz [ 1888.409581][T10492] usb 3-1: 0:2 : does not exist [ 1888.429038][T10492] usb 3-1: unit 5 not found! [ 1888.537631][T10492] usb 3-1: USB disconnect, device number 67 [ 1889.252912][ T963] netlink: 'syz.1.8482': attribute type 9 has an invalid length. [ 1889.889760][ T927] udevd[927]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1890.211074][ T976] netlink: 'syz.0.8485': attribute type 9 has an invalid length. [ 1891.798055][T25230] usb 1-1: new high-speed USB device number 69 using dummy_hcd [ 1891.883073][ T989] input: syz1 as /devices/virtual/input/input108 [ 1891.925744][ T989] netlink: 48 bytes leftover after parsing attributes in process `syz.1.8490'. [ 1892.427906][T25230] usb 1-1: Using ep0 maxpacket: 16 [ 1892.446543][T25230] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1892.500415][T25230] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1892.526561][T25230] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1892.557092][T25230] usb 1-1: Product: syz [ 1892.571989][T25230] usb 1-1: Manufacturer: syz [ 1892.583317][T25230] usb 1-1: SerialNumber: syz [ 1892.617487][T25230] usb 1-1: config 0 descriptor?? [ 1892.662276][T25230] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1892.686654][T25230] em28xx 1-1:0.0: DVB interface 0 found: bulk [ 1893.812455][ T1001] input: syz1 as /devices/virtual/input/input109 [ 1894.122143][T25230] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 1894.649282][T25230] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 1894.667766][T25230] em28xx 1-1:0.0: board has no eeprom [ 1894.791606][T25230] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 1894.817808][T25230] em28xx 1-1:0.0: dvb set to bulk mode. [ 1894.824225][T32208] em28xx 1-1:0.0: Binding DVB extension [ 1894.841660][T25230] usb 1-1: USB disconnect, device number 69 [ 1895.001902][T25230] em28xx 1-1:0.0: Disconnecting em28xx [ 1895.009587][T32208] em28xx 1-1:0.0: Registering input extension [ 1895.016250][T25230] em28xx 1-1:0.0: Closing input extension [ 1895.034768][T25230] em28xx 1-1:0.0: Freeing device [ 1904.561078][ T1131] netlink: 'syz.2.8524': attribute type 9 has an invalid length. [ 1904.660447][ T1136] netlink: 76 bytes leftover after parsing attributes in process `syz.0.8525'. [ 1905.126423][ T1144] input: syz1 as /devices/virtual/input/input111 [ 1905.509331][ T1146] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1906.327003][ T1156] netlink: 'syz.0.8529': attribute type 9 has an invalid length. [ 1906.744254][ T1165] input: syz1 as /devices/virtual/input/input112 [ 1908.443643][ T1181] tipc: Enabled bearer , priority 0 [ 1908.509870][ T1181] mac80211_hwsim hwsim28 syzkaller0: entered promiscuous mode [ 1908.520200][ T1310] ieee802154 phy1 wpan1: encryption failed: -22 [ 1908.530221][ T1181] mac80211_hwsim hwsim28 syzkaller0: entered allmulticast mode [ 1910.409131][ T1191] netlink: 'syz.3.8538': attribute type 9 has an invalid length. [ 1910.783244][ T1181] syzkaller0: mtu less than device minimum [ 1912.451271][ T1213] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1912.758519][ T5613] usb 2-1: new high-speed USB device number 81 using dummy_hcd [ 1912.837517][ T1220] netlink: 'syz.3.8547': attribute type 9 has an invalid length. [ 1914.120266][ T5613] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1914.120294][ T5613] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 1914.120308][ T5613] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1914.121741][ T5613] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 1914.121758][ T5613] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1914.121770][ T5613] usb 2-1: Product: syz [ 1914.121778][ T5613] usb 2-1: Manufacturer: syz [ 1914.121787][ T5613] usb 2-1: SerialNumber: syz [ 1914.125878][ T5613] usb 2-1: config 0 descriptor?? [ 1914.130122][ T1211] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1914.132800][ T5613] usb 2-1: ucan: probing device on interface #0 [ 1914.132821][ T5613] usb 2-1: ucan: invalid EP count (1) [ 1914.132835][ T5613] usb 2-1: ucan: probe failed; try to update the device firmware [ 1914.439615][ T1227] input: syz1 as /devices/virtual/input/input113 [ 1916.216322][ T5613] usb 2-1: USB disconnect, device number 81 [ 1917.561041][ T1264] netlink: 'syz.3.8553': attribute type 9 has an invalid length. [ 1921.977969][T10490] usb 2-1: new high-speed USB device number 82 using dummy_hcd [ 1922.167817][T10490] usb 2-1: Using ep0 maxpacket: 32 [ 1922.176843][T10490] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1922.192883][T10490] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1922.227307][T10490] usb 2-1: config 0 descriptor?? [ 1922.634962][ T1271] binder: 1269:1271 ioctl c0306201 0 returned -14 [ 1923.375542][ T1290] netlink: 'syz.0.8566': attribute type 3 has an invalid length. [ 1923.767915][ T1297] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1924.366687][T10490] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware [ 1931.248946][ T1359] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1931.841243][ T1361] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8584'. [ 1932.034042][ T1364] futex_wake_op: syz.2.8585 tries to shift op by 144; fix this program [ 1932.808891][ T1376] netlink: 'syz.5.8579': attribute type 3 has an invalid length. [ 1932.888187][ T1377] netlink: 'syz.0.8587': attribute type 9 has an invalid length. [ 1934.813431][ T1386] input: syz1 as /devices/virtual/input/input114 [ 1935.101296][ T1391] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=1391 comm=syz.5.8590 [ 1935.772801][ T1401] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8592'. [ 1940.456325][ T1435] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1940.936279][ T5613] usb 6-1: new high-speed USB device number 51 using dummy_hcd [ 1941.353812][ T5613] usb 6-1: Using ep0 maxpacket: 8 [ 1942.661440][ T5613] usb 6-1: config 0 has an invalid interface number: 55 but max is 0 [ 1942.670066][ T5613] usb 6-1: config 0 has no interface number 0 [ 1942.698209][ T5613] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1942.711540][ T5613] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 1942.730524][ T5613] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1942.741568][ T5613] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1942.756502][ T5613] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1942.765760][ T5613] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1942.788752][ T5613] usb 6-1: config 0 descriptor?? [ 1942.803629][ T5613] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 1942.957860][T32208] usb 3-1: new high-speed USB device number 68 using dummy_hcd [ 1943.971524][ T1438] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1943.987212][ T1471] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 1943.995744][ T1438] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1944.027911][T32208] usb 3-1: Using ep0 maxpacket: 16 [ 1944.046056][T32208] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1944.091786][T32208] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1944.122631][T32208] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1944.151108][T32208] usb 3-1: Product: syz [ 1944.181024][T32208] usb 3-1: Manufacturer: syz [ 1944.187381][ C0] ldusb 6-1:0.55: usb_submit_urb failed (-19) [ 1944.187388][T29202] usb 6-1: USB disconnect, device number 51 [ 1944.210414][T32208] usb 3-1: SerialNumber: syz [ 1944.227790][T32208] usb 3-1: config 0 descriptor?? [ 1944.231331][T29202] ldusb 6-1:0.55: LD USB Device #0 now disconnected [ 1944.243909][ T1438] ldusb: No device or device unplugged -19 [ 1944.266910][T32208] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1944.316743][T32208] em28xx 3-1:0.0: DVB interface 0 found: bulk [ 1944.383132][T10490] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -2). You can use /scripts/get_dvb_firmware to get the firmware [ 1944.399279][T24303] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use /scripts/get_dvb_firmware to get the firmware [ 1944.442833][T10490] dvb_usb_az6027 2-1:0.0: probe with driver dvb_usb_az6027 failed with error -2 [ 1944.458060][T24303] dvb_usb_az6027 4-1:0.0: probe with driver dvb_usb_az6027 failed with error -110 [ 1944.500231][T10490] usb 2-1: USB disconnect, device number 82 [ 1944.510132][T24303] usb 4-1: USB disconnect, device number 69 [ 1944.860013][ T1479] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 1944.994564][ T1479] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 1945.006929][ T1479] overlayfs: failed to look up (tracing) for ino (-66) [ 1945.733504][T32208] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 1948.542704][T32208] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 1948.573335][T32208] em28xx 3-1:0.0: board has no eeprom [ 1948.688058][T32208] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 1948.722979][T32208] em28xx 3-1:0.0: dvb set to bulk mode. [ 1948.752717][T24303] em28xx 3-1:0.0: Binding DVB extension [ 1948.820427][T32208] usb 3-1: USB disconnect, device number 68 [ 1948.859110][T24303] em28xx 3-1:0.0: Registering input extension [ 1948.877063][T32208] em28xx 3-1:0.0: Disconnecting em28xx [ 1948.929982][T32208] em28xx 3-1:0.0: Closing input extension [ 1949.035636][T32208] em28xx 3-1:0.0: Freeing device [ 1952.210176][ T1529] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=1529 comm=syz.5.8632 [ 1952.731346][ T1539] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8633'. [ 1954.197814][ T5734] usb 3-1: new high-speed USB device number 69 using dummy_hcd [ 1954.377899][ T5734] usb 3-1: Using ep0 maxpacket: 16 [ 1954.406773][ T5734] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1954.433809][ T5734] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1954.481391][ T5734] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1954.510762][ T5734] usb 3-1: Product: syz [ 1954.515274][ T5734] usb 3-1: Manufacturer: syz [ 1954.521262][ T5734] usb 3-1: SerialNumber: syz [ 1954.543427][ T5734] usb 3-1: config 0 descriptor?? [ 1954.574240][ T5734] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1954.583668][ T5734] em28xx 3-1:0.0: DVB interface 0 found: bulk [ 1954.947249][ T1546] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8635'. [ 1955.028010][ T1547] netlink: 'syz.0.8635': attribute type 9 has an invalid length. [ 1955.832557][ T1546] Can't find ip_set type has [ 1955.842995][ T5734] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 1956.217880][T17277] usb 6-1: new high-speed USB device number 52 using dummy_hcd [ 1956.478166][ T5734] em28xx 3-1:0.0: failed to get i2c transfer status from bridge register (error=-5) [ 1956.488983][ T5734] em28xx 3-1:0.0: board has no eeprom [ 1956.499482][T17277] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1956.509280][T17277] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1956.522263][T17277] usb 6-1: Product: syz [ 1956.526429][T17277] usb 6-1: Manufacturer: syz [ 1956.531993][T17277] usb 6-1: SerialNumber: syz [ 1956.548088][T17277] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1956.577977][ T5734] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 1956.587071][T29202] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1956.623647][ T1564] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8639'. [ 1956.660502][ T5734] em28xx 3-1:0.0: dvb set to bulk mode. [ 1956.702088][ T1565] netlink: 'syz.3.8639': attribute type 9 has an invalid length. [ 1957.489637][ T1564] Can't find ip_set type has [ 1957.532920][ T24] em28xx 3-1:0.0: Binding DVB extension [ 1957.550446][ T5734] usb 3-1: USB disconnect, device number 69 [ 1957.567908][ T5734] em28xx 3-1:0.0: Disconnecting em28xx [ 1957.607179][ T24] em28xx 3-1:0.0: Registering input extension [ 1957.665713][ T5734] em28xx 3-1:0.0: Closing input extension [ 1957.823921][ T5734] em28xx 3-1:0.0: Freeing device [ 1957.937935][ T24] usb 6-1: USB disconnect, device number 52 [ 1958.178410][ T5734] usb 3-1: new high-speed USB device number 70 using dummy_hcd [ 1958.349094][ T5734] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 1959.628436][T29202] usb 6-1: Service connection timeout for: 257 [ 1959.642872][T29202] ath9k_htc 6-1:1.0: ath9k_htc: Unable to initialize HTC services [ 1959.651952][ T5734] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 1959.664021][T29202] ath9k_htc: Failed to initialize the device [ 1959.670636][ T5734] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 1959.849743][ T24] usb 6-1: ath9k_htc: USB layer deinitialized [ 1959.881206][ T5734] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 0 [ 1960.188753][ T5734] usb 3-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 1960.272071][ T5734] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1960.306997][ T5734] usb 3-1: Product: syz [ 1960.318058][ T5734] usb 3-1: Manufacturer: syz [ 1960.327865][ T5734] usb 3-1: SerialNumber: syz [ 1960.343599][ T5734] usb 3-1: config 0 descriptor?? [ 1960.432984][ T1576] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1960.442998][ T5734] usb 3-1: ucan: probing device on interface #0 [ 1960.449741][ T5734] usb 3-1: ucan: invalid in_ep MaxPacketSize [ 1960.455889][ T5734] usb 3-1: ucan: probe failed; try to update the device firmware [ 1960.614988][ T1604] netlink: 8 bytes leftover after parsing attributes in process `syz.5.8650'. [ 1962.111515][T29202] usb 3-1: USB disconnect, device number 70 [ 1964.854056][ T1649] netlink: 'syz.3.8662': attribute type 9 has an invalid length. [ 1966.231208][ T1652] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=1652 comm=syz.0.8660 [ 1966.343217][ T1655] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8661'. [ 1967.912465][T24303] usb 6-1: new high-speed USB device number 53 using dummy_hcd [ 1968.057808][T32208] usb 2-1: new high-speed USB device number 83 using dummy_hcd [ 1968.079242][T24303] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 1968.104937][T24303] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 1968.144003][T24303] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 1968.228721][T24303] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 0 [ 1968.258190][T32208] usb 2-1: Using ep0 maxpacket: 8 [ 1968.307439][T32208] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 1968.323594][T24303] usb 6-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 1968.346049][T32208] usb 2-1: config 0 has no interface number 0 [ 1968.353320][T24303] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1968.370752][T32208] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1968.391162][T24303] usb 6-1: Product: syz [ 1968.403225][T24303] usb 6-1: Manufacturer: syz [ 1968.415672][ T1668] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8667'. [ 1968.428777][T32208] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 1968.442585][T24303] usb 6-1: SerialNumber: syz [ 1968.476228][T24303] usb 6-1: config 0 descriptor?? [ 1968.483267][ T1668] sit2: entered allmulticast mode [ 1968.491538][T32208] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1968.507939][ T1659] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1968.538587][T24303] usb 6-1: ucan: probing device on interface #0 [ 1968.548835][T32208] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1968.566832][T24303] usb 6-1: ucan: invalid in_ep MaxPacketSize [ 1968.587284][T24303] usb 6-1: ucan: probe failed; try to update the device firmware [ 1968.603089][T32208] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1968.646520][T32208] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1968.718781][T32208] usb 2-1: config 0 descriptor?? [ 1968.756376][T32208] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 1969.137402][ T1664] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1969.154028][ T1664] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1969.234142][ T24] usb 2-1: USB disconnect, device number 83 [ 1969.234282][ C0] ldusb 2-1:0.55: usb_submit_urb failed (-19) [ 1969.963884][ T1310] ieee802154 phy1 wpan1: encryption failed: -22 [ 1970.636772][ T24] ldusb 2-1:0.55: LD USB Device #0 now disconnected [ 1970.658151][T24303] usb 6-1: USB disconnect, device number 53 [ 1972.061249][ T1705] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 1972.069627][ T1705] overlayfs: overlapping lowerdir path [ 1972.693012][ T1708] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8678'. [ 1972.734988][ T1708] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8678'. [ 1974.371945][ T1726] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=1726 comm=syz.1.8680 [ 1974.626082][ T1728] kvm: kvm [1727]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x20 [ 1975.786700][T24303] usb 6-1: new high-speed USB device number 54 using dummy_hcd [ 1975.900763][ T1742] input: syz1 as /devices/virtual/input/input117 [ 1975.960482][T24303] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 1975.985430][T24303] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 1976.018119][T24303] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121 [ 1976.052356][T24303] usb 6-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 1976.065878][T24303] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1976.090135][T24303] usb 6-1: Product: syz [ 1976.106521][T24303] usb 6-1: Manufacturer: syz [ 1976.145826][T24303] usb 6-1: SerialNumber: syz [ 1976.179061][T24303] usb 6-1: config 0 descriptor?? [ 1976.195219][ T1735] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1976.208044][ T1735] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1976.224537][T24303] usb 6-1: ucan: probing device on interface #0 [ 1976.504507][ T1753] netlink: 'syz.3.8692': attribute type 9 has an invalid length. [ 1977.379494][T24303] usb 6-1: ucan: could not read protocol version, ret=-32 [ 1977.386814][T24303] usb 6-1: ucan: probe failed; try to update the device firmware [ 1977.403038][T24303] usb 6-1: USB disconnect, device number 54 [ 1978.057589][ T1766] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 1978.197438][ T1766] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 1978.207899][ T1766] overlayfs: failed to look up (tracing) for ino (-66) [ 1979.337862][T29202] usb 2-1: new high-speed USB device number 84 using dummy_hcd [ 1979.508036][T29202] usb 2-1: Using ep0 maxpacket: 8 [ 1979.606189][T29202] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 1979.631605][T29202] usb 2-1: config 0 has no interface number 0 [ 1980.073175][T29202] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1980.084471][T29202] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 1980.119084][T29202] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1980.133037][T29202] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1980.150205][T29202] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1980.205247][T29202] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1980.258291][T29202] usb 2-1: config 0 descriptor?? [ 1980.289997][T29202] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 1980.525246][ T1786] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8704'. [ 1980.603465][ T1768] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1980.638386][ T1768] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1980.652172][ T1786] sit2: entered allmulticast mode [ 1980.835076][T29202] usb 2-1: USB disconnect, device number 84 [ 1980.841086][ C1] ldusb 2-1:0.55: usb_submit_urb failed (-19) [ 1981.318694][ T5734] usb 3-1: new high-speed USB device number 71 using dummy_hcd [ 1981.529648][ T5734] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 1981.551457][ T5734] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 1981.582410][ T5734] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121 [ 1981.605639][ T5734] usb 3-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 1981.615167][ T5734] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1981.623990][ T5734] usb 3-1: Product: syz [ 1981.628375][ T5734] usb 3-1: Manufacturer: syz [ 1981.633670][ T5734] usb 3-1: SerialNumber: syz [ 1981.642290][ T5734] usb 3-1: config 0 descriptor?? [ 1981.792843][ T1795] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1981.811911][ T1795] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1981.821285][ T5734] usb 3-1: ucan: probing device on interface #0 [ 1982.797797][T29202] ldusb 2-1:0.55: LD USB Device #0 now disconnected [ 1982.849843][ T5734] usb 3-1: ucan: could not read protocol version, ret=-110 [ 1982.857116][ T5734] usb 3-1: ucan: probe failed; try to update the device firmware [ 1983.184036][ T5734] usb 3-1: USB disconnect, device number 71 [ 1983.238283][ T1822] tipc: Enabled bearer , priority 0 [ 1983.668343][T29202] usb 1-1: new high-speed USB device number 70 using dummy_hcd [ 1984.381747][ T5734] tipc: Node number set to 1435511813 [ 1984.406173][T29202] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1984.482522][T29202] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1984.532686][T29202] usb 1-1: Product: syz [ 1984.551248][T29202] usb 1-1: Manufacturer: syz [ 1984.575429][T29202] usb 1-1: SerialNumber: syz [ 1984.619052][T29202] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1984.650655][ T24] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1984.935310][ T1841] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=1841 comm=syz.2.8721 [ 1985.518788][T24303] usb 1-1: USB disconnect, device number 70 [ 1985.863127][ T1857] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 1986.002139][ T1857] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 1986.012451][ T1857] overlayfs: failed to look up (tracing) for ino (-66) [ 1986.357814][ T24] usb 1-1: Service connection timeout for: 258 [ 1986.757325][ T24] ath9k_htc 1-1:1.0: ath9k_htc: Unable to initialize HTC services [ 1986.771817][ T24] ath9k_htc: Failed to initialize the device [ 1988.321056][ T1869] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 1988.592881][T24303] usb 1-1: ath9k_htc: USB layer deinitialized [ 1988.627464][ T1869] overlayfs: conflicting lowerdir path [ 1988.676992][ T1872] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1990.382590][ T1895] netlink: 'syz.3.8734': attribute type 9 has an invalid length. [ 1991.200986][ T1898] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1991.676749][ T1904] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 1991.744320][ T1904] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 1991.754322][ T1904] overlayfs: failed to look up (tracing) for ino (-66) [ 1993.063781][ T1906] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 1993.076954][ T1906] VFS: Can't find a romfs filesystem on dev nullb0. [ 1993.076954][ T1906] [ 1993.369712][ T1910] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8741'. [ 1993.477092][ T1910] sit1: entered allmulticast mode [ 1994.411145][ T29] audit: type=1400 audit(2000001224.950:1187): avc: denied { transfer } for pid=1925 comm="syz.1.8747" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 1997.428075][ T29] audit: type=1326 audit(2000001227.710:1188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1952 comm="syz.1.8756" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f381f99ce59 code=0x0 [ 1998.914917][ T1983] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1999.824828][ T1994] ubi: mtd0 is already attached to ubi0 [ 2000.973270][T29202] usb 3-1: new high-speed USB device number 72 using dummy_hcd [ 2001.828653][T29202] usb 3-1: Using ep0 maxpacket: 32 [ 2001.836413][T29202] usb 3-1: config 0 has an invalid interface number: 89 but max is 0 [ 2001.856792][T29202] usb 3-1: config 0 has no interface number 0 [ 2001.880790][T29202] usb 3-1: config 0 interface 89 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 2001.936084][T29202] usb 3-1: config 0 interface 89 has no altsetting 0 [ 2001.969755][T29202] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4a [ 2001.979011][T29202] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2002.001290][T29202] usb 3-1: Product: syz [ 2002.015792][T29202] usb 3-1: Manufacturer: syz [ 2002.033120][T29202] usb 3-1: SerialNumber: syz [ 2002.095173][T29202] usb 3-1: config 0 descriptor?? [ 2002.403951][ T2022] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 2002.536818][ T2022] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 2002.547121][ T2022] overlayfs: failed to look up (tracing) for ino (-66) [ 2003.768636][ T2029] netlink: 'syz.1.8776': attribute type 10 has an invalid length. [ 2003.799666][ T2029] 8021q: adding VLAN 0 to HW filter on device team0 [ 2003.820985][ T2029] bond0: (slave team0): Enslaving as an active interface with an up link [ 2004.383358][T10490] usb 3-1: USB disconnect, device number 72 [ 2004.474496][ T2048] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2006.251081][ T2065] mac80211_hwsim hwsim40 syzkaller0: entered promiscuous mode [ 2006.372737][ T2065] mac80211_hwsim hwsim40 syzkaller0: entered allmulticast mode [ 2006.466493][ T2071] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 2006.489957][ T2071] VFS: Can't find a romfs filesystem on dev nullb0. [ 2006.489957][ T2071] [ 2008.258056][T29202] usb 6-1: new high-speed USB device number 55 using dummy_hcd [ 2008.595815][ T2086] binder_alloc: 2085: binder_alloc_buf, no vma [ 2008.659512][T29202] usb 6-1: Using ep0 maxpacket: 16 [ 2008.748308][ T24] usb 2-1: new high-speed USB device number 85 using dummy_hcd [ 2008.803025][T29202] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 2008.897579][T29202] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 2008.938307][T29202] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2008.949298][T29202] usb 6-1: Product: syz [ 2008.957819][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 2008.966561][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 2008.976832][ T24] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 0 [ 2008.989760][T29202] usb 6-1: Manufacturer: syz [ 2008.994479][T29202] usb 6-1: SerialNumber: syz [ 2009.166250][ T24] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 2009.767379][ T24] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 2009.778002][ T24] usb 2-1: Product: syz [ 2009.802065][ T24] usb 2-1: Manufacturer: syz [ 2009.807895][ T24] usb 2-1: SerialNumber: syz [ 2009.842104][T29202] usb 6-1: config 0 descriptor?? [ 2009.864301][ T24] usb 2-1: config 0 descriptor?? [ 2009.896273][T29202] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 2009.906282][ T24] hub 2-1:0.0: bad descriptor, ignoring hub [ 2009.916112][ T24] hub 2-1:0.0: probe with driver hub failed with error -5 [ 2009.923404][T29202] em28xx 6-1:0.0: DVB interface 0 found: bulk [ 2010.217645][ T2075] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2010.228287][ T2075] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2010.487980][T24303] usb 2-1: USB disconnect, device number 85 [ 2010.550276][ T2110] netlink: 'syz.2.8799': attribute type 25 has an invalid length. [ 2010.649160][T29202] em28xx 6-1:0.0: unknown em28xx chip ID (0) [ 2010.694140][ T2114] netlink: 'syz.0.8801': attribute type 3 has an invalid length. [ 2011.287224][T29202] em28xx 6-1:0.0: failed to get i2c transfer status from bridge register (error=-5) [ 2011.320493][T29202] em28xx 6-1:0.0: board has no eeprom [ 2011.365723][ T29] audit: type=1326 audit(2000001241.900:1189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2122 comm="syz.2.8804" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8978b9ce59 code=0x0 [ 2011.377945][ T2130] input: syz1 as /devices/virtual/input/input118 [ 2011.440100][T29202] em28xx 6-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 2011.483788][T29202] em28xx 6-1:0.0: dvb set to bulk mode. [ 2011.498844][ T24] em28xx 6-1:0.0: Binding DVB extension [ 2011.527984][T29202] usb 6-1: USB disconnect, device number 55 [ 2011.572104][T29202] em28xx 6-1:0.0: Disconnecting em28xx [ 2011.751520][ T24] em28xx 6-1:0.0: Registering input extension [ 2011.831607][T29202] em28xx 6-1:0.0: Closing input extension [ 2012.001489][T29202] em28xx 6-1:0.0: Freeing device [ 2012.095444][ T2139] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 2012.123246][ T2139] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 2012.135160][ T2139] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 2012.146043][ T2139] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 2012.155361][ T2139] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 2012.887342][T24647] bond0: (slave syz_tun): Releasing backup interface [ 2014.259838][T31198] Bluetooth: hci1: command tx timeout [ 2015.267210][ T2166] netlink: 'syz.3.8813': attribute type 25 has an invalid length. [ 2016.365158][T31198] Bluetooth: hci1: command tx timeout [ 2016.635546][ T2180] netlink: 'syz.5.8815': attribute type 9 has an invalid length. [ 2018.083103][ T2138] bridge0: port 1(bridge_slave_0) entered blocking state [ 2018.118003][ T2138] bridge0: port 1(bridge_slave_0) entered disabled state [ 2018.153119][ T2138] bridge_slave_0: entered allmulticast mode [ 2018.185829][ T2138] bridge_slave_0: entered promiscuous mode [ 2018.213650][ T2138] bridge0: port 2(bridge_slave_1) entered blocking state [ 2018.233256][ T2138] bridge0: port 2(bridge_slave_1) entered disabled state [ 2018.251829][ T2138] bridge_slave_1: entered allmulticast mode [ 2018.259219][T10490] usb 2-1: new high-speed USB device number 86 using dummy_hcd [ 2018.270064][ T2138] bridge_slave_1: entered promiscuous mode [ 2018.438485][T31198] Bluetooth: hci1: command tx timeout [ 2018.514885][T10490] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 2018.668866][T10490] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 2018.860337][T10490] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121 [ 2019.051566][T10490] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 2019.070273][ T2138] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2019.101674][T10490] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2019.131627][T10490] usb 2-1: Product: syz [ 2019.140862][ T2138] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2020.410175][T10490] usb 2-1: Manufacturer: syz [ 2020.414910][T10490] usb 2-1: SerialNumber: syz [ 2020.455892][T10490] usb 2-1: config 0 descriptor?? [ 2020.482731][ T2185] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 2020.501175][ T2185] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 2020.557955][T31198] Bluetooth: hci1: command tx timeout [ 2021.204789][T10490] usb 2-1: can't set config #0, error -71 [ 2021.274934][T10490] usb 2-1: USB disconnect, device number 86 [ 2021.301476][ T2138] team0: Port device team_slave_0 added [ 2021.360494][ T2138] team0: Port device team_slave_1 added [ 2021.450853][ T2138] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2021.470271][ T2138] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2021.498806][ T2138] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2021.512117][ T2138] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2021.519629][ T2138] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2021.549115][ T2138] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2021.655957][ T2138] hsr_slave_0: entered promiscuous mode [ 2021.667437][ T2138] hsr_slave_1: entered promiscuous mode [ 2021.691988][ T2138] debugfs: 'hsr0' already exists in 'hsr' [ 2021.709595][ T2138] Cannot create hsr debugfs directory [ 2023.485863][ T2234] ubi: mtd0 is already attached to ubi0 [ 2024.153544][ T2138] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2025.262273][ T2138] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2025.399718][T10490] usb 4-1: new high-speed USB device number 70 using dummy_hcd [ 2025.571445][T10490] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 2025.600402][ T2262] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 2025.615805][ T2262] VFS: Can't find a romfs filesystem on dev nullb0. [ 2025.615805][ T2262] [ 2025.686096][T10490] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 2025.841668][T10490] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121 [ 2026.045229][T10490] usb 4-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 2026.171080][T10490] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2026.300694][T10490] usb 4-1: Product: syz [ 2026.340079][ T2138] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2026.356857][T10490] usb 4-1: Manufacturer: syz [ 2026.418935][T10490] usb 4-1: SerialNumber: syz [ 2026.533282][T10490] usb 4-1: config 0 descriptor?? [ 2026.550009][ T2254] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 2026.557959][ T2254] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 2026.566063][T10490] usb 4-1: ucan: probing device on interface #0 [ 2026.699027][ T2138] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2027.764960][T10490] usb 4-1: ucan: could not read protocol version, ret=-110 [ 2027.772440][T10490] usb 4-1: ucan: probe failed; try to update the device firmware [ 2027.838957][T24303] usb 3-1: new full-speed USB device number 73 using dummy_hcd [ 2027.967971][ T2138] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 2027.978736][ T2138] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 2027.986697][ T2138] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 2028.000088][ T2138] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 2028.004184][T24303] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 2028.010676][ T2138] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 2028.042800][ T2138] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 2028.048464][T24303] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2028.983538][T24303] usb 3-1: Product: syz [ 2028.988373][T24303] usb 3-1: Manufacturer: syz [ 2028.995177][T24303] usb 3-1: SerialNumber: syz [ 2029.023166][ T2138] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 2029.050669][T24303] usb 3-1: config 0 descriptor?? [ 2029.052571][ T2138] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 2029.092949][T10490] usb 4-1: USB disconnect, device number 70 [ 2029.154113][ T2138] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2029.182803][ T2138] 8021q: adding VLAN 0 to HW filter on device team0 [ 2029.201998][ T977] bridge0: port 1(bridge_slave_0) entered blocking state [ 2029.209192][ T977] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2029.226518][ T2287] overlayfs: failed to resolve './file1': -2 [ 2029.262811][ T977] bridge0: port 2(bridge_slave_1) entered blocking state [ 2029.269994][ T977] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2029.281274][T24303] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 2030.163021][ T2301] netlink: 'syz.5.8841': attribute type 9 has an invalid length. [ 2030.316925][ T2138] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2030.419588][ T2138] veth0_vlan: entered promiscuous mode [ 2030.459716][ T2138] veth1_vlan: entered promiscuous mode [ 2030.564840][ T2138] veth0_macvtap: entered promiscuous mode [ 2030.619125][ T2138] veth1_macvtap: entered promiscuous mode [ 2030.656855][ T2138] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2030.691599][ T2138] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2030.715041][ T57] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 2030.740927][ T57] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 2030.778161][ T57] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 2030.794046][ T57] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 2030.883681][ T977] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2030.931438][ T977] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2030.949205][T24303] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 2030.988132][ T977] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2030.999708][T24303] usb 3-1: USB disconnect, device number 73 [ 2031.032032][ T977] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2031.252329][T24824] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2031.277736][T24824] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2031.402233][ T1310] ieee802154 phy1 wpan1: encryption failed: -22 [ 2031.410981][T24824] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2031.423967][T24824] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2035.051515][ T2362] mac80211_hwsim hwsim30 syzkaller0: entered promiscuous mode [ 2035.069732][ T2362] mac80211_hwsim hwsim30 syzkaller0: entered allmulticast mode [ 2035.555732][ T2362] syzkaller0: mtu less than device minimum [ 2036.696089][ T29] audit: type=1326 audit(2000001267.230:1190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2369 comm="syz.0.8864" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f868db9ce59 code=0x0 [ 2038.473862][ T2398] mac80211_hwsim hwsim32 syzkaller0: entered promiscuous mode [ 2038.502715][ T2398] mac80211_hwsim hwsim32 syzkaller0: entered allmulticast mode [ 2038.660675][ T2400] overlayfs: failed to resolve './bus': -2 [ 2038.940790][ T2405] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8875'. [ 2038.961427][ T2405] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8875'. [ 2039.065751][ T2412] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8875'. [ 2039.076676][ T2412] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8875'. [ 2039.960295][ T2422] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2040.226878][ T2424] mac80211_hwsim hwsim32 syzkaller0: left promiscuous mode [ 2040.249161][ T2424] mac80211_hwsim hwsim32 syzkaller0: left allmulticast mode [ 2041.997338][ T2444] overlayfs: failed to resolve './bus': -2 [ 2042.343210][ T2455] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 2042.468806][ T2455] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 2042.478953][ T2455] overlayfs: failed to look up (tracing) for ino (-66) [ 2044.451433][ T2451] overlayfs: failed to resolve './file1': -2 [ 2044.738924][ T2468] kvm: kvm [2465]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0xcd [ 2044.898662][ T2477] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2045.362321][ T2468] kvm: kvm [2465]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x10000f9ea [ 2045.874484][ T2495] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2049.618088][ T2518] netlink: 68 bytes leftover after parsing attributes in process `syz.3.8901'. [ 2049.788264][ T2526] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2050.467806][ T24] usb 4-1: new high-speed USB device number 71 using dummy_hcd [ 2050.778025][ T24] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 2050.829213][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2050.863969][ T24] usb 4-1: Product: syz [ 2050.877793][ T24] usb 4-1: Manufacturer: syz [ 2050.898043][ T24] usb 4-1: SerialNumber: syz [ 2050.946913][ T24] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 2050.969570][ T1569] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 2051.209700][ T2544] netlink: 1688 bytes leftover after parsing attributes in process `syz.0.8904'. [ 2052.003892][ T2566] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2052.066012][T10490] usb 4-1: USB disconnect, device number 71 [ 2052.405568][ T1569] ath9k_htc 4-1:1.0: ath9k_htc: Unable to initialize HTC services [ 2052.492304][ T1569] ath9k_htc: Failed to initialize the device [ 2052.512443][T10490] usb 4-1: ath9k_htc: USB layer deinitialized [ 2052.621385][ T2572] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2053.847732][T24303] usb 1-1: new full-speed USB device number 71 using dummy_hcd [ 2053.998769][T24303] usb 1-1: not running at top speed; connect to a high speed hub [ 2054.007586][T24303] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 1024, setting to 64 [ 2054.020974][T24303] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2054.031136][T24303] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2054.273381][T24303] usb 1-1: Product: ⠉ [ 2054.277598][T24303] usb 1-1: Manufacturer: 紒憬ਈ鑤ᨳ⑐垩멡鵗눥᧯茽ᖛ轋ې륫맚ᑶ졔⯫⅖镅ﭮ䕠㏬櫜읺냹郎㚪䒐쵌鸄倦᪓䊉퀹൐贵駧襂돎人ꓒ射ʳ鐝襠㼸劄녥䚷跀슷﬑烝릔ꟲ挎ฬ坝⾾쬟洱䞠툱郳ॴꮑᆭẐ婽ꇾ᤬뙩떜⮃⃌럽賄邙ꗤꀔ꓋𛹘ご걺ⓩ觡녙댔潰 [ 2054.322233][T24303] usb 1-1: SerialNumber: syz [ 2055.504406][T24303] cdc_ncm 1-1:1.0: bind() failure [ 2055.533298][T24303] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 2055.555655][T24303] cdc_ncm 1-1:1.1: bind() failure [ 2055.585365][T24303] usb 1-1: USB disconnect, device number 71 [ 2057.599270][ T2637] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2058.314663][ T1572] usb 4-1: new high-speed USB device number 72 using dummy_hcd [ 2058.492716][ T1572] usb 4-1: Using ep0 maxpacket: 8 [ 2058.557038][ T1572] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 2058.632574][ T1572] usb 4-1: config 0 has no interface number 0 [ 2058.650996][ T1572] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 2058.775300][ T1572] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 2058.787523][ T1572] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 2058.798770][ T1572] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 2058.812100][ T1572] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 2058.838463][ T1572] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2058.878111][ T2661] ubi: mtd0 is already attached to ubi0 [ 2058.911437][ T1572] usb 4-1: config 0 descriptor?? [ 2059.118594][ T1572] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 2059.273372][ T2632] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2059.299380][ T2632] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2059.449189][T10490] usb 4-1: USB disconnect, device number 72 [ 2059.455175][ C0] ldusb 4-1:0.55: usb_submit_urb failed (-19) [ 2059.541422][ T2632] ldusb: No device or device unplugged -19 [ 2059.541419][T10490] ldusb 4-1:0.55: LD USB Device #0 now disconnected [ 2060.143020][ T2697] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 2060.151630][ T2697] overlayfs: overlapping lowerdir path [ 2062.398307][T10490] usb 2-1: new high-speed USB device number 87 using dummy_hcd [ 2062.767717][T10490] usb 2-1: Using ep0 maxpacket: 32 [ 2062.778410][T10490] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 2062.795054][T10490] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 0 [ 2062.796400][ T2728] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2062.809945][T10490] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 2062.825394][T10490] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 2062.835404][T10490] usb 2-1: Product: syz [ 2062.841171][T10490] usb 2-1: Manufacturer: syz [ 2062.845897][T10490] usb 2-1: SerialNumber: syz [ 2062.852870][T10490] usb 2-1: config 0 descriptor?? [ 2062.860109][T10490] hub 2-1:0.0: bad descriptor, ignoring hub [ 2062.866547][T10490] hub 2-1:0.0: probe with driver hub failed with error -5 [ 2062.961603][ T2690] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 2063.148352][ T1572] usb 2-1: USB disconnect, device number 87 [ 2063.342597][ T2750] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 2063.353444][ T2750] VFS: Can't find a romfs filesystem on dev nullb0. [ 2063.353444][ T2750] [ 2064.834362][ T1228] bond0: (slave syz_tun): Releasing backup interface [ 2064.941555][ T2139] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 2064.956288][ T2139] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 2064.965639][ T2139] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 2065.001307][ T2139] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 2065.308307][ T2139] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 2065.579196][ T2788] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2065.630358][ T1569] usb 3-1: new high-speed USB device number 74 using dummy_hcd [ 2065.810123][ T1569] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2065.848561][ T1569] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2065.902151][ T1569] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 2065.953616][ T2798] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 2065.977116][ T1569] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 2066.023370][ T1569] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2066.064378][ T1569] usb 3-1: config 0 descriptor?? [ 2066.369364][ T1569] usbhid 3-1:0.0: can't add hid device: -71 [ 2066.386872][ T1569] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 2066.911494][ T1569] usb 3-1: USB disconnect, device number 74 [ 2067.398743][T31198] Bluetooth: hci3: command tx timeout [ 2067.449771][ T2766] bridge0: port 1(bridge_slave_0) entered blocking state [ 2067.471808][ T2766] bridge0: port 1(bridge_slave_0) entered disabled state [ 2067.503724][ T2766] bridge_slave_0: entered allmulticast mode [ 2067.536327][ T2766] bridge_slave_0: entered promiscuous mode [ 2067.563985][ T2766] bridge0: port 2(bridge_slave_1) entered blocking state [ 2067.591039][ T2766] bridge0: port 2(bridge_slave_1) entered disabled state [ 2067.614396][ T2766] bridge_slave_1: entered allmulticast mode [ 2067.646672][ T2766] bridge_slave_1: entered promiscuous mode [ 2067.792240][ T2820] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2067.826328][ T2766] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2067.870901][ T2823] overlayfs: conflicting lowerdir path [ 2067.877517][ T2766] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2068.262162][ T2766] team0: Port device team_slave_0 added [ 2068.311741][ T2843] netlink: 'syz.1.8964': attribute type 9 has an invalid length. [ 2068.739540][ T29] audit: type=1326 audit(2000001299.110:1191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2835 comm="syz.0.8965" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f868db9ce59 code=0x0 [ 2068.777389][ T2766] team0: Port device team_slave_1 added [ 2069.240890][ T2766] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2069.252374][ T2766] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2069.291080][ T2766] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2069.399627][ T2766] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2069.418329][ T2766] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2069.432487][ T2866] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8971'. [ 2069.446927][ T2766] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2069.494797][T31198] Bluetooth: hci3: command tx timeout [ 2069.596373][ T2766] hsr_slave_0: entered promiscuous mode [ 2069.604229][ T2766] hsr_slave_1: entered promiscuous mode [ 2069.611146][ T2766] debugfs: 'hsr0' already exists in 'hsr' [ 2069.616911][ T2766] Cannot create hsr debugfs directory [ 2070.207015][ T29] audit: type=1326 audit(2000001300.740:1192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2874 comm="syz.5.8973" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff9ab99ce59 code=0x0 [ 2071.243948][ T2766] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2071.274026][ T2889] netlink: 36 bytes leftover after parsing attributes in process `syz.0.8975'. [ 2071.527445][ T2895] futex_wake_op: syz.5.8976 tries to shift op by 144; fix this program [ 2071.558660][T31198] Bluetooth: hci3: command tx timeout [ 2072.260901][ T2766] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2072.690868][ T2766] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2072.891977][ T2766] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2073.577435][ T2925] netlink: 132 bytes leftover after parsing attributes in process `syz.2.8978'. [ 2073.638100][T31198] Bluetooth: hci3: command tx timeout [ 2073.832368][ T2929] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 2073.953209][ T2929] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 2073.963530][ T2929] overlayfs: failed to look up (tracing) for ino (-66) [ 2074.938397][ T2766] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 2075.055104][ T2766] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 2075.065833][ T2766] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 2075.078875][ T2932] netlink: 'syz.2.8988': attribute type 9 has an invalid length. [ 2075.098262][ T2766] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 2075.207995][ T2766] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 2075.222805][ T2766] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 2075.236003][ T2766] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 2075.255175][ T2766] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 2075.344295][ T2939] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 2075.487100][ T2939] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 2075.497230][ T2939] overlayfs: failed to look up (tracing) for ino (-66) [ 2077.927970][T24382] usb 2-1: new high-speed USB device number 88 using dummy_hcd [ 2077.964976][ T2766] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2078.046096][ T2766] 8021q: adding VLAN 0 to HW filter on device team0 [ 2078.085666][ T112] bridge0: port 1(bridge_slave_0) entered blocking state [ 2078.092952][ T112] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2078.111038][T24382] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2078.151386][T24382] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2078.180413][ T112] bridge0: port 2(bridge_slave_1) entered blocking state [ 2078.187507][ T112] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2078.197864][T24382] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 2078.224397][T24382] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2078.273166][T24382] usb 2-1: config 0 descriptor?? [ 2078.762075][T24382] cp2112 0003:10C4:EA90.0019: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.1-1/input0 [ 2078.960181][T24382] cp2112 0003:10C4:EA90.0019: error requesting version [ 2079.010051][T24382] cp2112 0003:10C4:EA90.0019: probe with driver cp2112 failed with error -71 [ 2079.072448][T24382] usb 2-1: USB disconnect, device number 88 [ 2079.262553][ T2969] netlink: 132 bytes leftover after parsing attributes in process `syz.2.8997'. [ 2079.689689][ T2979] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 2079.813708][ T2979] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 2079.823919][ T2979] overlayfs: failed to look up (tracing) for ino (-66) [ 2081.290015][ T2766] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2081.480295][ T2766] veth0_vlan: entered promiscuous mode [ 2081.510857][ T2766] veth1_vlan: entered promiscuous mode [ 2081.600157][ T2766] veth0_macvtap: entered promiscuous mode [ 2081.747617][ T2766] veth1_macvtap: entered promiscuous mode [ 2081.755853][ T2989] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 2081.776089][ T2989] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 2081.786573][ T2989] overlayfs: failed to look up (tracing) for ino (-66) [ 2081.848018][ T2766] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2081.885231][ T2766] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2081.921461][T21724] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2081.958228][T24382] usb 1-1: new high-speed USB device number 72 using dummy_hcd [ 2081.997186][T21724] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2082.018101][T21724] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2082.071576][T21724] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2082.151742][T24382] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2082.208061][T24382] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2082.241171][T24382] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 2082.260622][T12614] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2082.292959][T12614] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2082.308939][T24382] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 2082.348176][T24382] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2082.372459][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2082.382376][T24382] usb 1-1: config 0 descriptor?? [ 2082.397624][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2082.628894][T24382] usbhid 1-1:0.0: can't add hid device: -71 [ 2082.647766][T24382] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 2082.686542][T24382] usb 1-1: USB disconnect, device number 72 [ 2083.434371][ T3012] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2085.222699][ T3022] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2085.464394][ T3026] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.9009'. [ 2085.695809][ T3033] overlayfs: missing 'lowerdir' [ 2088.277055][ T3066] netlink: 52 bytes leftover after parsing attributes in process `syz.3.9019'. [ 2088.354191][ T3066] netlink: 16 bytes leftover after parsing attributes in process `syz.3.9019'. [ 2089.957383][ T3081] overlayfs: missing 'lowerdir' [ 2089.963237][ T2139] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 2089.997088][ T2139] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 2090.007017][ T2139] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 2090.014872][ T2139] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 2090.024375][ T2139] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 2091.644747][ T3114] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2092.047795][ T2139] Bluetooth: hci2: command tx timeout [ 2092.401700][ T3075] bridge0: port 1(bridge_slave_0) entered blocking state [ 2092.413487][ T3075] bridge0: port 1(bridge_slave_0) entered disabled state [ 2092.424666][ T3075] bridge_slave_0: entered allmulticast mode [ 2092.451684][ T3075] bridge_slave_0: entered promiscuous mode [ 2092.474812][ T3075] bridge0: port 2(bridge_slave_1) entered blocking state [ 2092.506776][ T3075] bridge0: port 2(bridge_slave_1) entered disabled state [ 2092.530998][ T3075] bridge_slave_1: entered allmulticast mode [ 2092.584982][ T3075] bridge_slave_1: entered promiscuous mode [ 2092.763644][ T3075] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2092.884413][ T1310] ieee802154 phy1 wpan1: encryption failed: -22 [ 2092.909353][ T3075] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2093.007042][ T3129] netlink: 'syz.5.9034': attribute type 9 has an invalid length. [ 2094.119080][ T2139] Bluetooth: hci2: command tx timeout [ 2094.165567][ T3132] overlayfs: missing 'lowerdir' [ 2094.207963][ T3075] team0: Port device team_slave_0 added [ 2094.250884][ T3075] team0: Port device team_slave_1 added [ 2094.377418][ T3075] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2094.397558][ T3075] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2094.516261][ T3075] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2094.624145][ T3075] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2094.631431][ T3075] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2096.103097][ T3075] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2096.197726][ T2139] Bluetooth: hci2: command tx timeout [ 2096.725132][ T3075] hsr_slave_0: entered promiscuous mode [ 2096.734674][ T3075] hsr_slave_1: entered promiscuous mode [ 2096.747145][ T3075] debugfs: 'hsr0' already exists in 'hsr' [ 2096.756665][ T3075] Cannot create hsr debugfs directory [ 2097.347184][ T29] audit: type=1326 audit(2000001327.880:1193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3150 comm="syz.3.9041" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f820139ce59 code=0x0 [ 2097.572760][ T3075] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 2097.613613][ T3075] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2098.075455][ T3075] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 2098.088753][ T3075] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2098.288561][ T2139] Bluetooth: hci2: command tx timeout [ 2099.135902][ T3075] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 2099.185362][ T3075] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2099.484154][ T3075] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 2099.510220][ T3075] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2099.591045][ T3180] syzkaller0: entered promiscuous mode [ 2099.613176][ T3180] syzkaller0: entered allmulticast mode [ 2100.487832][ T3075] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 2100.531696][ T3075] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 2100.554107][ T3075] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 2100.679863][ T3075] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 2100.696663][ T3075] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 2100.804932][ T3075] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 2100.922879][ T3075] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 2101.167973][ T29] audit: type=1326 audit(2000001331.700:1194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3198 comm="syz.0.9054" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f868db9ce59 code=0x0 [ 2101.454559][ T3075] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 2101.861480][ T3075] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2101.966671][ T3075] 8021q: adding VLAN 0 to HW filter on device team0 [ 2102.018142][T21187] bridge0: port 1(bridge_slave_0) entered blocking state [ 2102.025232][T21187] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2102.321211][T21187] bridge0: port 2(bridge_slave_1) entered blocking state [ 2102.328345][T21187] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2103.785493][ T3251] input: syz1 as /devices/virtual/input/input120 [ 2104.800053][ T3075] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2106.263362][ T3075] veth0_vlan: entered promiscuous mode [ 2106.351778][ T3075] veth1_vlan: entered promiscuous mode [ 2106.712104][ T3075] veth0_macvtap: entered promiscuous mode [ 2107.218614][ T29] audit: type=1326 audit(2000001337.470:1195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3276 comm="syz.5.9068" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff9ab99ce59 code=0x0 [ 2108.624171][ T3075] veth1_macvtap: entered promiscuous mode [ 2108.744783][ T3292] netlink: 52 bytes leftover after parsing attributes in process `syz.2.9072'. [ 2108.774180][ T3292] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9072'. [ 2108.794338][ T3075] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2108.826273][ T3075] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2108.905159][ T57] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2108.929384][ T57] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2108.965185][ T57] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2108.998256][ T57] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2109.234387][T27106] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2109.242621][T10490] usb 3-1: new full-speed USB device number 75 using dummy_hcd [ 2109.287384][T27106] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2109.350329][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2109.362819][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2109.401668][T10490] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 2109.422450][T10490] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2109.453403][T10490] usb 3-1: Product: syz [ 2109.473985][T10490] usb 3-1: Manufacturer: syz [ 2109.492938][T10490] usb 3-1: SerialNumber: syz [ 2109.514981][T10490] usb 3-1: config 0 descriptor?? [ 2109.566223][ T3300] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.9020'. [ 2109.813167][T10490] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 2109.941536][ T3311] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 2109.952709][ T3311] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 2110.108955][ T3315] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2110.252692][ T3319] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 2111.116664][ T3331] iommufd_mock iommufd_mock2: Adding to iommu group 2 [ 2111.798207][T10490] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 2111.838847][T10490] usb 3-1: USB disconnect, device number 75 [ 2112.307397][ T3339] netlink: 1752 bytes leftover after parsing attributes in process `syz.5.9086'. [ 2112.525279][ T3347] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 2112.593064][ T3347] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 2113.146430][ T3369] ubi: mtd0 is already attached to ubi0 [ 2113.418121][ T3375] netlink: 'syz.3.9100': attribute type 9 has an invalid length. [ 2116.964943][ T3388] fuse: Unknown parameter 'group_i00000000000000000000' [ 2117.407756][ T5734] usb 6-1: new full-speed USB device number 56 using dummy_hcd [ 2117.654710][T31198] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 2117.668503][T31198] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 2117.706587][T31198] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 2117.721676][ T1166] bond0: (slave syz_tun): Releasing backup interface [ 2117.735080][T31198] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 2117.745843][T31198] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 2117.793112][ T5734] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 2117.809312][ T5734] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2117.826977][ T5734] usb 6-1: Product: syz [ 2117.836314][ T5734] usb 6-1: Manufacturer: syz [ 2117.853875][ T5734] usb 6-1: SerialNumber: syz [ 2117.884519][ T5734] usb 6-1: config 0 descriptor?? [ 2118.524710][ T5734] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 2119.442497][ T5734] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 2119.468080][ T5734] usb 6-1: USB disconnect, device number 56 [ 2119.645035][ T3426] netlink: 76 bytes leftover after parsing attributes in process `syz.3.9112'. [ 2119.824179][T31198] Bluetooth: hci5: command tx timeout [ 2121.878638][T31198] Bluetooth: hci5: command tx timeout [ 2121.978817][ T3439] netlink: 'syz.1.9115': attribute type 9 has an invalid length. [ 2123.485644][ T3451] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2123.887973][ T5734] usb 4-1: new full-speed USB device number 73 using dummy_hcd [ 2123.958180][T31198] Bluetooth: hci5: command tx timeout [ 2124.003835][ T3459] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 2124.103836][ T5734] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 2124.119041][ T5734] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2124.127115][ T5734] usb 4-1: Product: syz [ 2124.132383][ T5734] usb 4-1: Manufacturer: syz [ 2124.137011][ T5734] usb 4-1: SerialNumber: syz [ 2124.159773][ T5734] usb 4-1: config 0 descriptor?? [ 2124.205751][ T3394] bridge0: port 1(bridge_slave_0) entered blocking state [ 2124.214240][ T3394] bridge0: port 1(bridge_slave_0) entered disabled state [ 2124.221974][ T3394] bridge_slave_0: entered allmulticast mode [ 2124.230899][ T3394] bridge_slave_0: entered promiscuous mode [ 2124.240524][ T3394] bridge0: port 2(bridge_slave_1) entered blocking state [ 2124.248172][ T3394] bridge0: port 2(bridge_slave_1) entered disabled state [ 2124.257990][ T3394] bridge_slave_1: entered allmulticast mode [ 2124.265486][ T3394] bridge_slave_1: entered promiscuous mode [ 2124.303383][ T3394] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2124.319231][ T3394] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2124.353605][ T3394] team0: Port device team_slave_0 added [ 2124.361337][ T3394] team0: Port device team_slave_1 added [ 2124.376680][ T5734] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 2124.394173][ T3394] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2124.406810][ T3394] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2124.438933][ T2992] usb 2-1: new high-speed USB device number 89 using dummy_hcd [ 2124.465978][ T3394] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2124.493467][ T3394] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2124.507836][ T3394] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2124.548354][ T3394] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2124.607860][ T2992] usb 2-1: Using ep0 maxpacket: 32 [ 2124.620235][ T2992] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 2124.630608][ T2992] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 0 [ 2124.666602][ T2992] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 2124.677233][ T2992] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 2124.690723][ T3394] hsr_slave_0: entered promiscuous mode [ 2124.698107][ T2992] usb 2-1: Product: syz [ 2124.702335][ T3394] hsr_slave_1: entered promiscuous mode [ 2124.708273][ T2992] usb 2-1: Manufacturer: syz [ 2124.713622][ T3394] debugfs: 'hsr0' already exists in 'hsr' [ 2124.720411][ T2992] usb 2-1: SerialNumber: syz [ 2124.725031][ T3394] Cannot create hsr debugfs directory [ 2124.734518][ T2992] usb 2-1: config 0 descriptor?? [ 2124.743586][ T2992] hub 2-1:0.0: bad descriptor, ignoring hub [ 2124.750015][ T2992] hub 2-1:0.0: probe with driver hub failed with error -5 [ 2124.980827][ T3394] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2125.118375][T29202] usb 2-1: USB disconnect, device number 89 [ 2125.249172][ T3394] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2125.360151][ T3394] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2125.377904][ T1569] usb 6-1: new high-speed USB device number 57 using dummy_hcd [ 2125.487887][ T3394] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2125.547816][ T1569] usb 6-1: Using ep0 maxpacket: 32 [ 2125.554631][ T1569] usb 6-1: config 0 has an invalid interface number: 89 but max is 0 [ 2125.582442][ T1569] usb 6-1: config 0 has no interface number 0 [ 2125.602525][ T1569] usb 6-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 2125.640593][ T1569] usb 6-1: config 0 interface 89 has no altsetting 0 [ 2125.677906][ T1569] usb 6-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4a [ 2125.698189][ T1569] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2125.713541][ T1569] usb 6-1: Product: syz [ 2125.774064][ T1569] usb 6-1: Manufacturer: syz [ 2125.783036][ T1569] usb 6-1: SerialNumber: syz [ 2125.803547][ T1569] usb 6-1: config 0 descriptor?? [ 2125.824228][ T5734] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 2125.835794][ T1569] em28xx 6-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 2125.851631][ T1569] em28xx 6-1:0.89: Video interface 89 found: [ 2125.864367][ T5734] usb 4-1: USB disconnect, device number 73 [ 2125.980208][ T2992] usb 2-1: new full-speed USB device number 90 using dummy_hcd [ 2126.029231][ T3394] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 2126.037859][T31198] Bluetooth: hci5: command tx timeout [ 2126.048599][ T3394] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 2126.057298][ T3394] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 2126.071633][ T3394] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 2126.081988][ T3394] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 2126.101649][ T3394] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 2126.110156][ T3394] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 2126.124792][ T3394] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 2126.160784][ T2992] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 2126.177868][ T2992] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2126.186038][ T2992] usb 2-1: Product: syz [ 2126.190781][ T2992] usb 2-1: Manufacturer: syz [ 2126.195938][ T2992] usb 2-1: SerialNumber: syz [ 2126.214782][ T2992] usb 2-1: config 0 descriptor?? [ 2126.290750][ T3394] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2126.317175][ T3394] 8021q: adding VLAN 0 to HW filter on device team0 [ 2126.332847][ T977] bridge0: port 1(bridge_slave_0) entered blocking state [ 2126.339972][ T977] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2126.361740][T27106] bridge0: port 2(bridge_slave_1) entered blocking state [ 2126.368953][T27106] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2126.430556][ T1569] em28xx 6-1:0.89: unknown em28xx chip ID (0) [ 2126.441488][ T2992] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 2126.874814][ T1569] em28xx 6-1:0.89: reading from i2c device at 0xa0 failed (error=-5) [ 2126.890121][ T1569] em28xx 6-1:0.89: board has no eeprom [ 2127.205047][ T1569] em28xx 6-1:0.89: Identified as Terratec Grabby (card=67) [ 2127.218071][ T1569] em28xx 6-1:0.89: analog set to bulk mode. [ 2127.228753][ T5734] em28xx 6-1:0.89: Registering V4L2 extension [ 2127.453726][ T3499] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 2127.462150][ T3499] VFS: Can't find a romfs filesystem on dev nullb0. [ 2127.462150][ T3499] [ 2127.803080][T29202] usb 6-1: USB disconnect, device number 57 [ 2127.843801][T29202] em28xx 6-1:0.89: Disconnecting em28xx [ 2128.176225][ T2992] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 2128.205816][ T2992] usb 2-1: USB disconnect, device number 90 [ 2128.261484][ T5734] em28xx 6-1:0.89: Config register raw data: 0xffffffed [ 2128.277284][ T5734] em28xx 6-1:0.89: AC97 chip type couldn't be determined [ 2128.297570][ T5734] em28xx 6-1:0.89: No AC97 audio processor [ 2128.330039][ T5734] usb 6-1: Decoder not found [ 2128.338767][ T5734] em28xx 6-1:0.89: failed to create media graph [ 2128.357245][ T5734] em28xx 6-1:0.89: V4L2 device video103 deregistered [ 2128.565469][ T5734] em28xx 6-1:0.89: Registering snapshot button... [ 2128.596478][ T5734] input: em28xx snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.89/input/input121 [ 2128.616898][ T3500] ================================================================== [ 2128.624971][ T3500] BUG: KASAN: slab-use-after-free in v4l2_open+0x351/0x490 [ 2128.632161][ T3500] Read of size 4 at addr ffff888068fe4860 by task v4l_id/3500 [ 2128.639587][ T3500] [ 2128.641893][ T3500] CPU: 0 UID: 0 PID: 3500 Comm: v4l_id Tainted: G L syzkaller #0 PREEMPT(full) [ 2128.641909][ T3500] Tainted: [L]=SOFTLOCKUP [ 2128.641913][ T3500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 2128.641919][ T3500] Call Trace: [ 2128.641924][ T3500] [ 2128.641930][ T3500] dump_stack_lvl+0x100/0x190 [ 2128.641944][ T3500] print_report+0x13d/0x4b0 [ 2128.641960][ T3500] ? __virt_addr_valid+0x239/0x430 [ 2128.641973][ T3500] ? v4l2_open+0x351/0x490 [ 2128.641988][ T3500] kasan_report+0xdf/0x1d0 [ 2128.642001][ T3500] ? v4l2_open+0x351/0x490 [ 2128.642017][ T3500] v4l2_open+0x351/0x490 [ 2128.642032][ T3500] ? __pfx_v4l2_open+0x10/0x10 [ 2128.642047][ T3500] chrdev_open+0x234/0x6a0 [ 2128.642061][ T3500] ? __pfx_chrdev_open+0x10/0x10 [ 2128.642075][ T3500] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 2128.642091][ T3500] do_dentry_open+0x6d8/0x1660 [ 2128.642103][ T3500] ? __pfx_chrdev_open+0x10/0x10 [ 2128.642118][ T3500] vfs_open+0x82/0x3f0 [ 2128.642133][ T3500] path_openat+0x208c/0x31a0 [ 2128.642149][ T3500] ? __pfx_path_openat+0x10/0x10 [ 2128.642165][ T3500] do_file_open+0x20e/0x430 [ 2128.642184][ T3500] ? __pfx_do_file_open+0x10/0x10 [ 2128.642202][ T3500] ? alloc_fd+0x476/0x790 [ 2128.642216][ T3500] ? do_getname+0x191/0x390 [ 2128.642232][ T3500] do_sys_openat2+0x10d/0x1e0 [ 2128.642247][ T3500] ? __pfx_do_sys_openat2+0x10/0x10 [ 2128.642265][ T3500] __x64_sys_openat+0x12d/0x210 [ 2128.642281][ T3500] ? __pfx___x64_sys_openat+0x10/0x10 [ 2128.642297][ T3500] ? rcu_is_watching+0x12/0xc0 [ 2128.642314][ T3500] do_syscall_64+0x10b/0xf80 [ 2128.642330][ T3500] ? clear_bhb_loop+0x40/0x90 [ 2128.642342][ T3500] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2128.642353][ T3500] RIP: 0033:0x7f38026a7407 [ 2128.642363][ T3500] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 2128.642374][ T3500] RSP: 002b:00007ffde674a060 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 2128.642385][ T3500] RAX: ffffffffffffffda RBX: 00007f3802dac880 RCX: 00007f38026a7407 [ 2128.642392][ T3500] RDX: 0000000000000000 RSI: 00007ffde674bf1b RDI: ffffffffffffff9c [ 2128.642398][ T3500] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 2128.642405][ T3500] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2128.642411][ T3500] R13: 00007ffde674a2b0 R14: 00007f3802f13000 R15: 0000557515a5a4d8 [ 2128.642421][ T3500] [ 2128.642425][ T3500] [ 2128.883397][ T3500] Allocated by task 5734: [ 2128.887691][ T3500] kasan_save_stack+0x30/0x50 [ 2128.892341][ T3500] kasan_save_track+0x14/0x30 [ 2128.896983][ T3500] __kasan_kmalloc+0xaa/0xb0 [ 2128.901550][ T3500] em28xx_v4l2_init.cold+0x94/0x3a40 [ 2128.906828][ T3500] em28xx_init_extension+0x13a/0x200 [ 2128.912091][ T3500] request_module_async+0x61/0x80 [ 2128.917107][ T3500] process_one_work+0xa0e/0x1980 [ 2128.922028][ T3500] worker_thread+0x5ef/0xe50 [ 2128.926601][ T3500] kthread+0x370/0x450 [ 2128.930642][ T3500] ret_from_fork+0x72b/0xd50 [ 2128.935203][ T3500] ret_from_fork_asm+0x1a/0x30 [ 2128.939949][ T3500] [ 2128.942242][ T3500] Freed by task 5734: [ 2128.946186][ T3500] kasan_save_stack+0x30/0x50 [ 2128.950830][ T3500] kasan_save_track+0x14/0x30 [ 2128.955480][ T3500] kasan_save_free_info+0x3b/0x70 [ 2128.960498][ T3500] __kasan_slab_free+0x5f/0x80 [ 2128.965231][ T3500] kfree+0x223/0x6c0 [ 2128.969106][ T3500] kref_put.isra.0+0x53/0x75 [ 2128.973673][ T3500] em28xx_v4l2_init.cold+0x280/0x3a40 [ 2128.979012][ T3500] em28xx_init_extension+0x13a/0x200 [ 2128.984274][ T3500] request_module_async+0x61/0x80 [ 2128.989266][ T3500] process_one_work+0xa0e/0x1980 [ 2128.994176][ T3500] worker_thread+0x5ef/0xe50 [ 2128.998745][ T3500] kthread+0x370/0x450 [ 2129.002783][ T3500] ret_from_fork+0x72b/0xd50 [ 2129.007342][ T3500] ret_from_fork_asm+0x1a/0x30 [ 2129.012078][ T3500] [ 2129.014370][ T3500] The buggy address belongs to the object at ffff888068fe4000 [ 2129.014370][ T3500] which belongs to the cache kmalloc-8k of size 8192 [ 2129.028393][ T3500] The buggy address is located 2144 bytes inside of [ 2129.028393][ T3500] freed 8192-byte region [ffff888068fe4000, ffff888068fe6000) [ 2129.042334][ T3500] [ 2129.044627][ T3500] The buggy address belongs to the physical page: [ 2129.051002][ T3500] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x68fe0 [ 2129.059735][ T3500] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 2129.068210][ T3500] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 2129.075722][ T3500] page_type: f5(slab) [ 2129.079671][ T3500] raw: 00fff00000000040 ffff88813fe32280 dead000000000122 0000000000000000 [ 2129.088231][ T3500] raw: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000 [ 2129.096792][ T3500] head: 00fff00000000040 ffff88813fe32280 dead000000000122 0000000000000000 [ 2129.105431][ T3500] head: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000 [ 2129.114077][ T3500] head: 00fff00000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff [ 2129.122735][ T3500] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 2129.131370][ T3500] page dumped because: kasan: bad access detected [ 2129.137756][ T3500] page_owner tracks the page as allocated [ 2129.143435][ T3500] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5734, tgid 5734 (kworker/1:6), ts 2127241513174, free_ts 2126909810265 [ 2129.165023][ T3500] post_alloc_hook+0x153/0x170 [ 2129.169769][ T3500] get_page_from_freelist+0x11a6/0x33b0 [ 2129.175323][ T3500] __alloc_frozen_pages_noprof+0x27c/0x2bc0 [ 2129.181203][ T3500] new_slab+0xa6/0x6c0 [ 2129.185248][ T3500] refill_objects+0x277/0x420 [ 2129.189909][ T3500] __pcs_replace_empty_main+0x375/0x650 [ 2129.195430][ T3500] __kmalloc_cache_noprof+0x493/0x6f0 [ 2129.200776][ T3500] em28xx_v4l2_init.cold+0x94/0x3a40 [ 2129.206029][ T3500] em28xx_init_extension+0x13a/0x200 [ 2129.211292][ T3500] request_module_async+0x61/0x80 [ 2129.216291][ T3500] process_one_work+0xa0e/0x1980 [ 2129.221205][ T3500] worker_thread+0x5ef/0xe50 [ 2129.225783][ T3500] kthread+0x370/0x450 [ 2129.229823][ T3500] ret_from_fork+0x72b/0xd50 [ 2129.234381][ T3500] ret_from_fork_asm+0x1a/0x30 [ 2129.239115][ T3500] page last free pid 1569 tgid 1569 stack trace: [ 2129.245405][ T3500] __free_frozen_pages+0x747/0x1040 [ 2129.250574][ T3500] qlist_free_all+0x47/0xf0 [ 2129.255049][ T3500] kasan_quarantine_reduce+0x1a0/0x1f0 [ 2129.260479][ T3500] __kasan_slab_alloc+0x69/0x90 [ 2129.265297][ T3500] __kmalloc_cache_noprof+0x243/0x6f0 [ 2129.270642][ T3500] usb_control_msg+0xbc/0x4b0 [ 2129.275290][ T3500] em28xx_write_regs_req+0x17a/0x2e0 [ 2129.280560][ T3500] em28xx_write_reg+0x7c/0xb0 [ 2129.285219][ T3500] em28xx_set_xclk_i2c_speed+0xf4/0x1c0 [ 2129.290740][ T3500] em28xx_set_model+0x1a7/0x220 [ 2129.295564][ T3500] em28xx_init_dev.isra.0+0xf08/0x1829 [ 2129.300997][ T3500] em28xx_usb_probe.cold+0xca7/0x25f6 [ 2129.306336][ T3500] usb_probe_interface+0x303/0x8f0 [ 2129.311413][ T3500] really_probe+0x241/0xa60 [ 2129.315890][ T3500] __driver_probe_device+0x22e/0x480 [ 2129.321143][ T3500] driver_probe_device+0x4c/0x1b0 [ 2129.326143][ T3500] [ 2129.328440][ T3500] Memory state around the buggy address: [ 2129.334035][ T3500] ffff888068fe4700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2129.342062][ T3500] ffff888068fe4780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2129.350089][ T3500] >ffff888068fe4800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2129.358115][ T3500] ^ [ 2129.365279][ T3500] ffff888068fe4880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2129.373308][ T3500] ffff888068fe4900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2129.381335][ T3500] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 2130.349285][ T3500] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 2130.356518][ T3500] CPU: 0 UID: 0 PID: 3500 Comm: v4l_id Tainted: G L syzkaller #0 PREEMPT(full) [ 2130.367017][ T3500] Tainted: [L]=SOFTLOCKUP [ 2130.371334][ T3500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 2130.381389][ T3500] Call Trace: [ 2130.384646][ T3500] [ 2130.387556][ T3500] dump_stack_lvl+0x100/0x190 [ 2130.392217][ T3500] vpanic+0x552/0x970 [ 2130.396181][ T3500] ? __pfx_vpanic+0x10/0x10 [ 2130.400662][ T3500] ? v4l2_open+0x351/0x490 [ 2130.405060][ T3500] panic+0xd1/0xe0 [ 2130.408761][ T3500] ? __pfx_panic+0x10/0x10 [ 2130.413156][ T3500] ? v4l2_open+0x351/0x490 [ 2130.417560][ T3500] ? preempt_schedule_common+0x42/0xc0 [ 2130.423009][ T3500] ? check_panic_on_warn+0x1f/0x90 [ 2130.428101][ T3500] check_panic_on_warn.cold+0x19/0x34 [ 2130.433463][ T3500] end_report.part.0+0x3a/0x90 [ 2130.438223][ T3500] kasan_report.cold+0xe/0x18 [ 2130.442881][ T3500] ? v4l2_open+0x351/0x490 [ 2130.447303][ T3500] v4l2_open+0x351/0x490 [ 2130.451532][ T3500] ? __pfx_v4l2_open+0x10/0x10 [ 2130.456277][ T3500] chrdev_open+0x234/0x6a0 [ 2130.460680][ T3500] ? __pfx_chrdev_open+0x10/0x10 [ 2130.465621][ T3500] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 2130.471934][ T3500] do_dentry_open+0x6d8/0x1660 [ 2130.476676][ T3500] ? __pfx_chrdev_open+0x10/0x10 [ 2130.481595][ T3500] vfs_open+0x82/0x3f0 [ 2130.485646][ T3500] path_openat+0x208c/0x31a0 [ 2130.490230][ T3500] ? __pfx_path_openat+0x10/0x10 [ 2130.495150][ T3500] do_file_open+0x20e/0x430 [ 2130.499641][ T3500] ? __pfx_do_file_open+0x10/0x10 [ 2130.504651][ T3500] ? alloc_fd+0x476/0x790 [ 2130.508964][ T3500] ? do_getname+0x191/0x390 [ 2130.513450][ T3500] do_sys_openat2+0x10d/0x1e0 [ 2130.518109][ T3500] ? __pfx_do_sys_openat2+0x10/0x10 [ 2130.523291][ T3500] __x64_sys_openat+0x12d/0x210 [ 2130.528127][ T3500] ? __pfx___x64_sys_openat+0x10/0x10 [ 2130.533486][ T3500] ? rcu_is_watching+0x12/0xc0 [ 2130.538235][ T3500] do_syscall_64+0x10b/0xf80 [ 2130.542811][ T3500] ? clear_bhb_loop+0x40/0x90 [ 2130.547470][ T3500] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2130.553340][ T3500] RIP: 0033:0x7f38026a7407 [ 2130.557735][ T3500] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 2130.577352][ T3500] RSP: 002b:00007ffde674a060 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 2130.585748][ T3500] RAX: ffffffffffffffda RBX: 00007f3802dac880 RCX: 00007f38026a7407 [ 2130.593697][ T3500] RDX: 0000000000000000 RSI: 00007ffde674bf1b RDI: ffffffffffffff9c [ 2130.601646][ T3500] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 2130.609597][ T3500] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2130.617551][ T3500] R13: 00007ffde674a2b0 R14: 00007f3802f13000 R15: 0000557515a5a4d8 [ 2130.625505][ T3500] [ 2130.628856][ T3500] Kernel Offset: disabled [ 2130.633153][ T3500] Rebooting in 86400 seconds..