last executing test programs: 6m39.337469855s ago: executing program 1 (id=13670): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x213) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="380000001a00010000000000000000000a0000f0000000000000000008000400", @ANYRES32=0x0, @ANYBLOB="140007"], 0x38}}, 0x0) 6m39.217114371s ago: executing program 1 (id=13673): r0 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100000000000000000008000000080009000200000008000b"], 0x24}}, 0x0) 6m39.031679551s ago: executing program 1 (id=13677): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x7c0, 0x1125, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x60, 0x6, [{{0x9, 0x4, 0x0, 0x10, 0x5, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x0, 0x16, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0xc, 0x4, 0x7}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)={0x0, 0x4, 0x5, {0x5, 0x1, "a7ea31"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 6m37.024153381s ago: executing program 1 (id=13706): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0) mount_setattr(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x8100, &(0x7f0000000000)={0x0, 0x0, 0x20000}, 0x20) 6m36.890468772s ago: executing program 1 (id=13708): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x18) 6m36.557091794s ago: executing program 1 (id=13710): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000001000000850000000e000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) listxattr(0x0, 0x0, 0x0) 6m36.234907596s ago: executing program 32 (id=13710): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000001000000850000000e000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) listxattr(0x0, 0x0, 0x0) 4m44.710235578s ago: executing program 3 (id=15511): r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) listen(r0, 0x0) connect$x25(r0, &(0x7f00000000c0)={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x1, 0x2}}, 0x12) 4m44.527178592s ago: executing program 3 (id=15515): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f00000000c0), 0x10) sendmsg$can_bcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001c40)=ANY=[], 0x48}, 0x1, 0x0, 0x0, 0x80}, 0x0) 4m44.348636408s ago: executing program 3 (id=15518): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x502) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ioctl$SNDRV_TIMER_IOCTL_PVERSION(r0, 0x400454a4, &(0x7f0000000040)) 4m44.202755081s ago: executing program 3 (id=15523): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) ioctl$sock_bt_hci(r0, 0x800448d3, &(0x7f0000000280)) 4m44.105585468s ago: executing program 3 (id=15526): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f00000000c0)='sysfs\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000200)='./file0/bus\x00', &(0x7f00000001c0)='sysfs\x00', 0x0, 0x0) 4m44.007939915s ago: executing program 3 (id=15529): mmap(&(0x7f000038b000/0x1000)=nil, 0x1000, 0xa, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) 4m27.624012671s ago: executing program 33 (id=15529): mmap(&(0x7f000038b000/0x1000)=nil, 0x1000, 0xa, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) 3m2.62735782s ago: executing program 5 (id=17102): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x12, 0x109, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r1}, &(0x7f0000001d80), &(0x7f0000001d40)=r0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000004c0)={r1, &(0x7f0000000580)="8dd78d17fb580918262e9bde4233f8bec77857acd2a096514fa364a8c571817af5ae75e0e809b76099301e36f06b4c9b3b66", &(0x7f0000000680)=""/171}, 0x20) 3m2.520027616s ago: executing program 5 (id=17105): openat$tcp_mem(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 3m2.411444821s ago: executing program 5 (id=17108): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x80800) sendmsg$alg(r1, &(0x7f0000008dc0)={0x0, 0x0, &(0x7f0000008cc0)=[{&(0x7f0000008a40)="7c72bf03f7d9c0fd0826786ffcfb99e55c1272594d5be5c7f1de9562bbf652", 0x1f}, {&(0x7f0000008c80)="9d", 0x7fffefe1}], 0x2}, 0x0) 3m1.893233698s ago: executing program 5 (id=17115): r0 = io_uring_setup(0x3dd3, &(0x7f0000001100)={0x0, 0x0, 0x800}) io_uring_register$IORING_REGISTER_BUFFERS2(r0, 0xf, &(0x7f0000000340)={0x2, 0x0, 0x0, &(0x7f00000000c0)=[{0x0}, {&(0x7f00000001c0)=""/21, 0x15}], 0x0}, 0x20) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') pread64(r1, &(0x7f0000000140)=""/108, 0x6c, 0x0) 3m1.616410684s ago: executing program 5 (id=17118): r0 = socket$unix(0x1, 0x2, 0x0) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000200)=0x10) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 3m1.412396883s ago: executing program 5 (id=17121): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000340)=@newqdisc={0x64, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xfff2}, {0xffff, 0xffff}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}]}, @qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_QUANTUM={0x8, 0x6, 0xbf}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 2m45.30390588s ago: executing program 34 (id=17121): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000340)=@newqdisc={0x64, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xfff2}, {0xffff, 0xffff}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}]}, @qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_QUANTUM={0x8, 0x6, 0xbf}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 1m57.275740348s ago: executing program 0 (id=17776): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x71, &(0x7f0000000080)={r1}, &(0x7f00000000c0)=0x18) 1m57.063791377s ago: executing program 0 (id=17779): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0xc422, 0x0, 0x0) 1m55.982585931s ago: executing program 0 (id=17797): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000031c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf7cf39e3100c8acaa47684f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d7559f3b14820ed58b15627c95aa0b784625704f07372c29184ff7f4a7c0000070015006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e000000000000041201baa80b0b8ed8fb1ec577c377f627daaf787a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bdeda7be586602d985430cea080000000000fb1a26abfb0767192361448279b05d96a703a660587a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aab926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb155481ef836eb0f8c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaed2b25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec0271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761036eafed1fb2b98b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe514283707c70600000000000000b7561301bb997316db01ee601f2c9659db9bc04f7089a660d8dcc3ae83169cf331efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a515d83129cd857c775f9e7d6101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbe3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562e00e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb2214209ed2d5d776e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b55ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f608ce27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e30400000000000000000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a95d32f46ed9bd1f00fb8191bbab2dc599dda61ee2010000294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bfe2777e808fcba821a00e8c5c39609ff854256cb490000000000c1fee30a3f7a85d1b2b458c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd210819203828b202779d386ed295f023c67d867014d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff00004043060000005dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df40600000000000000e9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b0600b805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1202000000b59fed817072a0da60160761fd3dffda0f7c742eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7000000000000000542954c167dd9b4acd946ffffffffffffffff1389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c9e281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b630500163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6e452a31bde54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f700400fa0c61d5fe6d8ff353f631080405547d65375ae04f44f0c2543c772c5ccb137be7dc87746e1785a8214454d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b036e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e010000005a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb3985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1428c0805b4031a667e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a9cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab9100781b9912160a3fd2a2e74dd690c57bdfdc1f069f9491bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c1227c8bed10591958c906321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b863af34bac64c247672a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677ec97c5c568a89d6e36b165c39132a0f27080ece2a94c360b002c77f82662675a7713c7067081cac1599a998c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc215a18ca0265400abf38e90000000000000000008faf2cddffbfa66bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942ce18e57bb7f337df5435bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de286553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c03f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c872a4882d21db2046a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265441d513a1294b8439276394945d94a589708e32a1cb30a8b07b391201385e0b92ecbb7b13d7a87284164018ace6ce58a82c5de321452461089cdd69259f5390f5f508646a524490583c30630bedb47e158ad41c0a653e86a4f4f255cd2a6e95f33b586823aef5564d9de1f5bdd8c80e193f0597b8003860302cd243c00bc5a82c52afb115d16258d507937966bb89409d6d47b8b652d0761d7c72875ae1efb9bc7c6807c2d783e31fd9cd7e84d3d50d8fc44ab8ac9ccd2c0d42e3bd4c029241320446bbf47e23d1320de30fbdf7ed13f80c28fb5c13fccc2e3f73509bdcddad8a2fe48cdd61f2f43611704af64eed8b0cbbd08754f93b8f3d6347aad5cde1ccc5cbd5eaa87e52cea257c856a4af5243eeb5e89f0000000000000000f420df5e4c6d856b3d55e455c08110b2ef4255a38f81555e8e1f22d59c0bc3c9013e66a1f5bda1b695e1602c0afb5c35b2f68f3b151b1e869f40ff4d1bef5e926e1ff95f6321131e4cb797f53455a093a95e67605222d6acc29c46e5db1ef3b8b07e2169fb24ced4b3ae87ebeca06df93212e465bbd1a7e41df2e1a0d508f86cfc7a469ac682685c44692877d03c34c23a65d2677acc73b5d276fdebd685c9b7a079eae228d8426188cb19b083548f5f29e493ab079f33d1965dcbb165015c46998ad410d60cc65fcfa73bd65a43fc024455c4bf530d663976cf71490577251780ab6b1cf8d397444b5be575229f687a3d95ea6b2aa62fce8acb3d4a6a130b4fefa55d0c1d6f3fa448ee24e588e2965c9a442f0baf90923dda91a6850fb7b9c7f432b63001423fedcf053fa28024cc9a178a07042dabc07176fc524032c2edb340c9c18a83565c431aeb0c869683507255254430f90f61e4eca9c8fa98c000b35fec357ee1ebd08439bd95c1ab0753dfd2603d1608bd8c589a1e160000a6ee0ad13346e08738c2d7b00b5d121d918f1dc8bceded939fa8605b54b37cdfcea0bf2bc63e655dc04a2e50212ff89d6587d49896ce18916cf3adc12839c345ca91bb232b891fae2fdd68aaa38281c0feb2c107af3e080d6cdd1c6646ec6804d7e9960c02aa0db9eda24bbcb287fd2a890fa7f9d6ae0c0b1f8dd1603c9ea2f66b572276f96a28b5b6dd9f9bf6ad4bdaa2139b90faf1f40b0f141258578bd825daaaf718d21b7ac05fe5d1b699e5422ca341fe1c944f68fe3a6d783dcf30b0e09d7688f696883b61cb64464b04d351a0a69b0733c348049b0430ed40e200f4ff0000000000000000000000996bcc1b721b152c892fab887e7d20466d90c049c0fdf51dcc16d226a2619c6f47bc25b7f5df5c09fed638922ed127ab36aa7b0c58a2ce5894b1b0f5375d340d96b69b966b05daaf585121a9c7605ed8e9964eef1f14b74cbb2ccdadc6d0b77cf0492b75e1cd11bfdcfddde91b20366715ba0cbe1041be2a65c25d7ca15ef8b71bd2ab9a4294899a1964b0152518fc2ac15a728bcb9e2bc4b551dfdf9011a2a607bc39ad2c4d7c64dcf967724e9b63c397d5265ad3f1da4395a5a800d8845257dcbf210d4f00fe0bd3deed05e506736e6bb6d40ee6cb960bcdb33633ee87f82beb665a9a4c2d4d2b06479ade3a4cd6bba765c9f52b52a0bdd0849ab92baae3775570accb5a57ee9f0035fc6d3df4eebec2e7eb4ff863d3979a20f4428ddca471037b49d4fd130743a97faa02c293b721e52bf53d64c6585e138162331ef98792e1e9b21a6a084fb7b42c64062ef1323a8a65a8ed6038f274f28ff4f78136a1ef108efbe8c4f4e347d50dcdbc33bf3ade4c3a39d316061930d7dd39b8acdecc3f27830e3eda40e648328d95a9aee65a9dd09fd4e96d5b852025dc53ec3f30cc753e6a796084b4e34f521dbb230ae0f3b79142073d437e1fd22d3b7503ffa95b1d5c7740b0ecbfd35dc0f8af895583dfcc2689f6e02c2dd4b57f3dcac54f40da013eb221fa3d65de760576031052c25a96ed4b20230b36d46d3d3fd6bb1d77cc8a48a6b10fa0149e55ccde4a2b26cca2d1ca9191c74ab006a602543fc24d1283e353cfb917620000000024bf3eed258c02a591ec4cd295212d9a98d38745f6f6c4530900000000000000f184f239098bf32551c7cf454e2865974f6520112743f73c619c3cab5609e00178f7393e53462f31559220c026bbde09837bf1b3ffe748a3247c9569f0c5e99f4494f93e0fa1badca90c888616eca97bddabd8003fc12a084d4b11d841979e161b998ddda92f194c4ec7947b7b303be11e0962d429a2c542a28c4932e14c123dfe2b8ec47a11cce134fd6e42a9f4e00ab6de6b45"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000140)='virtio_transport_alloc_pkt\x00', r0, 0x0, 0x8}, 0x18) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10) 1m55.766088005s ago: executing program 0 (id=17799): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000280)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x2000, 0x0) 1m55.564680561s ago: executing program 0 (id=17801): mlock2(&(0x7f0000ff6000/0x4000)=nil, 0x4000, 0x0) mbind(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x8005, &(0x7f0000000000)=0x3f, 0x9, 0x0) mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2) mlock(&(0x7f0000ffa000/0x4000)=nil, 0x4000) 1m55.339749874s ago: executing program 0 (id=17805): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000210018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000807b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000000000000", 0x0, 0x8441, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 1m55.043972383s ago: executing program 35 (id=17805): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000210018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000807b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000000000000", 0x0, 0x8441, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 4.606098254s ago: executing program 7 (id=19439): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0xe8f, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x3, 0x40, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x0, 0x0, 0x2}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000002880)={0x24, 0x0, 0x0, &(0x7f0000002800)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0xb, "af5d3e39"}]}}, 0x0}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 2.657058418s ago: executing program 4 (id=19474): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000300)='attr/current\x00') writev(r0, &(0x7f00000015c0)=[{&(0x7f00000000c0)='w', 0x1}], 0x1) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000001080)={0x200000, 0x200000, 0x0, 0x0, 0x40000}) creat(&(0x7f0000001040)='./file0\x00', 0xcc) 2.612030813s ago: executing program 8 (id=19476): r0 = openat$rfkill(0xffffff9c, &(0x7f0000000040), 0x8080, 0x0) r1 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000180)={0x1c}) openat$nci(0xffffff9c, &(0x7f0000000080), 0x2, 0x0) 2.537502734s ago: executing program 4 (id=19478): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000000)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000140)={0x28, 0x4, r1, 0x0, &(0x7f0000ff6000/0xa000)=nil, 0xa000}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f00000000c0)={0x48, 0x1, r1, 0x0, 0x55bc, 0x4}) 2.43646493s ago: executing program 8 (id=19479): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) ioprio_set$pid(0x1, 0x0, 0x0) add_key(&(0x7f00000018c0)='big_key\x00', &(0x7f0000001900)={'syz', 0x1}, &(0x7f0000001940)='\f', 0xfffff, 0xfffffffffffffffe) 2.285962012s ago: executing program 4 (id=19482): r0 = socket(0x10, 0x3, 0x0) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="d5"], 0x24}, 0x1, 0x0, 0x0, 0x41}, 0x0) recvmmsg$unix(r0, &(0x7f0000001dc0)=[{{0x0, 0x0, &(0x7f0000001800)=[{&(0x7f0000000380)=""/252, 0xfc}, {&(0x7f0000000480)=""/4096, 0x1000}, {&(0x7f0000000140)=""/52, 0x34}, {&(0x7f0000001480)=""/232, 0xe8}, {&(0x7f0000001580)=""/158, 0x9e}, {&(0x7f0000001700)=""/194, 0xc2}], 0x6}}], 0x1, 0x0, 0x0) write(r0, &(0x7f0000000100)="1400000052004f7fb3e4bf80a000080000000000", 0x14) 2.200988325s ago: executing program 8 (id=19484): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@mcast1, 0x800, 0x0, 0x103, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) sendmsg$inet6(r0, &(0x7f0000000600)={&(0x7f0000000080)={0xa, 0x4e20, 0x1000000080000, @dev={0xfe, 0x80, '\x00', 0x3f}}, 0x1c, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000290000000b0000002b0000000000000710"], 0x30}, 0x0) 2.161569699s ago: executing program 4 (id=19486): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000400)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x1c, 0x2, [@TCA_FQ_QUANTUM={0x8}, @TCA_FQ_INITIAL_QUANTUM={0x8, 0x4, 0x6}, @TCA_FQ_FLOW_DEFAULT_RATE={0x8, 0x6, 0x361a}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000011}, 0x0) 2.108200764s ago: executing program 8 (id=19487): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') rmdir(&(0x7f00000001c0)='./bus\x00') 1.997036419s ago: executing program 8 (id=19489): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000000c0)) ppoll(&(0x7f0000000000)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_GETISPACE(r0, 0x8010500d, &(0x7f00000001c0)) 1.996649294s ago: executing program 6 (id=19490): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="020000000400000008000000010000", @ANYRES32=0x0, @ANYBLOB, @ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.928386068s ago: executing program 6 (id=19492): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e22, 0x7ff, @local, 0xe}, 0x1c) getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f00000000c0), &(0x7f0000000100)=0x4) syz_clone(0x640c7400, 0x0, 0x0, 0x0, 0x0, 0x0) 1.911666963s ago: executing program 4 (id=19493): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000a7c276e8500200000000000000000000f5"]) 1.699639633s ago: executing program 4 (id=19495): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x4d, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a300000000068000000090a010400000000000000000100000008000a4000000000200011800e000100636f6e6e6c696d69740000000c00028008000140000000000900010073797a30000000000900020073797a3200000000080005400000001f0c000980080001400037"], 0xb0}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)={0x20, 0xd, 0xa, 0xe01, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x20}}, 0x0) 1.574545127s ago: executing program 2 (id=19496): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = fanotify_init(0x200, 0x0) fanotify_mark(r1, 0x1, 0x4800107a, r0, 0x0) vmsplice(r0, &(0x7f0000000600)=[{&(0x7f0000000100)="04", 0x1}], 0x1, 0x0) 1.432104161s ago: executing program 2 (id=19497): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000800000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x9, [@typedef={0x7}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x2d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x12) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={r0, 0x58, &(0x7f00000002c0)}, 0x10) 1.344310108s ago: executing program 2 (id=19498): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r1 = openat$cgroup_devices(r0, &(0x7f0000000000)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r1, &(0x7f0000000140)=ANY=[@ANYBLOB='b *:4\twwr'], 0xa) 1.262341583s ago: executing program 7 (id=19499): r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0xb, 0x1, 0x4, 0x0, 0x7}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000080)=0x1) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1) 1.2080211s ago: executing program 2 (id=19500): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x34, r1, 0xb97534d5fe9704cf, 0x0, 0xfffffffc, {{0x12}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_FLAGS2={0xc, 0x43, {0x2, 0x5}}]}, 0x34}}, 0x0) 1.165468724s ago: executing program 7 (id=19501): r0 = socket(0x840000000002, 0x3, 0xfa) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r0, &(0x7f0000005240), 0x4000095, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x48, &(0x7f0000000240)={0x0, 0x0}, 0x2c) 1.069035708s ago: executing program 2 (id=19502): r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000400)='.\x00', 0x4000423) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0) removexattr(&(0x7f0000000180)='./file0\x00', &(0x7f0000000280)=@known='system.posix_acl_default\x00') 1.015742835s ago: executing program 8 (id=19503): r0 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'dvmrp1\x00'}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) syz_usb_connect(0x3, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000d3ccb510b1134200292b0102030109021b0001fc00000009040f0001e711e1000905834af8d6"], 0x0) 855.901933ms ago: executing program 2 (id=19504): socket$inet6(0xa, 0x2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x1000000, 0x3032, 0xffffffffffffffff, 0x0) syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x20, 0x16c0, 0x75e1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xb4, 0x20, 0xa, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x1, 0x2, 0x50, {0x9, 0x21, 0x7, 0x7a, 0x1, {0x22, 0xe85}}, {{{0x9, 0x5, 0x81, 0x3, 0x8fac18d14dc39581, 0x7, 0x40, 0x2}}}}}]}}]}}, &(0x7f00000002c0)={0x0, 0x0, 0x5, &(0x7f00000000c0)={0x5, 0xf, 0x5}}) 678.35935ms ago: executing program 6 (id=19505): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=@ipv6_newroute={0x38, 0x18, 0x309, 0x0, 0x0, {0xa, 0x80, 0x80}, [@RTA_OIF={0x8, 0x4, r1}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x7}, @RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @SEG6_LOCAL_ACTION={0x8, 0x1, 0x9}}]}, 0x38}}, 0x1000c840) 607.216249ms ago: executing program 7 (id=19506): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000001f40)={0x38, r1, 0x211, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TX_RATES={0x1c, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x18, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0xfffd, 0x0, 0x0, 0x0, 0x8001]}}]}]}]}, 0x38}}, 0x0) 481.995149ms ago: executing program 6 (id=19507): socket$packet(0x11, 0x2, 0x300) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000880)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x1f4, 0xd50, 0x1000000, &(0x7f0000000100)="ff412f66b0833efc8864968781", 0x0, 0x300, 0x300, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0x2}, 0x50) 461.634522ms ago: executing program 7 (id=19508): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000240)={'wg0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@ipv4_newroute={0x2c, 0x18, 0xaba64f4add525e83, 0x0, 0x0, {0x2, 0x0, 0x10, 0x0, 0x2, 0x0, 0xfe, 0x2}, [@RTA_OIF={0x8, 0x4, r1}, @RTA_PREFSRC={0x8, 0x7, @multicast1}]}, 0x2c}, 0x1, 0xffffff7f}, 0x4040000) 329.755117ms ago: executing program 7 (id=19509): r0 = memfd_create(&(0x7f0000000200)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05', 0x0) ftruncate(r0, 0x80079a0) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) 206.386885ms ago: executing program 6 (id=19510): bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x20, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x6fe, @void, @value}, 0x94) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) ioctl(r0, 0x8b1a, &(0x7f0000000040)) 0s ago: executing program 6 (id=19511): r0 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x800) r1 = syz_io_uring_setup(0xeec, &(0x7f0000000780)={0x0, 0x0, 0x10100}, &(0x7f00000001c0)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x40, 0x0, @fd=r0, 0x73b, &(0x7f00000002c0)=[{&(0x7f0000000800)=""/4096, 0x1000}], 0x1, 0x0, 0x1}) io_uring_enter(r1, 0x567, 0xa9ea, 0x5, 0x0, 0x0) kernel console output (not intermixed with test programs): T9822] delete_channel: no stack [ 1022.601034][T26798] kernel write not supported for file /6476/net/ip_tables_matches (pid: 26798 comm: kworker/1:3) [ 1023.174285][ T9901] netlink: 'syz.2.16789': attribute type 5 has an invalid length. [ 1024.447900][ T9961] trusted_key: encrypted_key: key trusted:syz not found [ 1024.529763][ T30] audit: type=1326 audit(2000000652.710:5704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9964 comm="syz.4.16820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f961618d169 code=0x7ffc0000 [ 1024.571195][ T30] audit: type=1326 audit(2000000652.710:5705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9964 comm="syz.4.16820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f961618d169 code=0x7ffc0000 [ 1024.646604][ T30] audit: type=1326 audit(2000000652.747:5706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9964 comm="syz.4.16820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f961618d169 code=0x7ffc0000 [ 1024.673428][ T30] audit: type=1326 audit(2000000652.747:5707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9964 comm="syz.4.16820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f961618d169 code=0x7ffc0000 [ 1024.681575][ T9972] vivid-000: disconnect [ 1024.725570][ T30] audit: type=1326 audit(2000000652.747:5708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9964 comm="syz.4.16820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f961618d169 code=0x7ffc0000 [ 1024.751215][ T9967] vivid-000: reconnect [ 1024.810263][ T30] audit: type=1326 audit(2000000652.747:5709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9964 comm="syz.4.16820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=442 compat=0 ip=0x7f961618d169 code=0x7ffc0000 [ 1024.895640][ T30] audit: type=1326 audit(2000000652.747:5710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9964 comm="syz.4.16820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f961618d169 code=0x7ffc0000 [ 1024.968992][ T30] audit: type=1326 audit(2000000652.747:5711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9964 comm="syz.4.16820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f961618d169 code=0x7ffc0000 [ 1025.189069][T26798] usb 5-1: new full-speed USB device number 64 using dummy_hcd [ 1025.363063][T26798] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1025.363099][T26798] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1025.363124][T26798] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1025.363153][T26798] usb 5-1: New USB device found, idVendor=06a3, idProduct=0621, bcdDevice= 0.00 [ 1025.363178][T26798] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1025.365184][T26798] usb 5-1: config 0 descriptor?? [ 1025.640625][ T30] audit: type=1800 audit(2000000653.748:5712): pid=10003 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.6.16838" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 1025.821719][T26798] saitek 0003:06A3:0621.0057: unbalanced delimiter at end of report description [ 1025.822717][T26798] saitek 0003:06A3:0621.0057: parse failed [ 1025.822818][T26798] saitek 0003:06A3:0621.0057: probe with driver saitek failed with error -22 [ 1026.033638][ T5879] usb 5-1: USB disconnect, device number 64 [ 1026.325134][ T30] audit: type=1400 audit(2000000654.384:5713): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object=":" requested=w pid=10023 comm="syz.2.16847" daddr=2001::2 dest=20003 [ 1026.347118][ T5878] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 1026.515567][ T5878] usb 6-1: Using ep0 maxpacket: 32 [ 1026.524964][ T5878] usb 6-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1026.553840][ T5878] usb 6-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1026.577819][ T5878] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1026.598820][ T5878] usb 6-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 1026.609633][ T5878] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1026.629339][ T5878] usb 6-1: config 0 descriptor?? [ 1026.753233][T10035] netlink: 36 bytes leftover after parsing attributes in process `syz.2.16854'. [ 1026.795498][T10035] netlink: 16 bytes leftover after parsing attributes in process `syz.2.16854'. [ 1026.816638][T10035] netlink: 36 bytes leftover after parsing attributes in process `syz.2.16854'. [ 1027.074829][ T5878] corsair-cpro 0003:1B1C:0C10.0058: item fetching failed at offset 3/5 [ 1027.097666][ T5878] corsair-cpro 0003:1B1C:0C10.0058: probe with driver corsair-cpro failed with error -22 [ 1027.274296][ T5912] usb 5-1: new high-speed USB device number 65 using dummy_hcd [ 1027.289389][ T5878] usb 6-1: USB disconnect, device number 20 [ 1027.365865][T10063] netlink: 'syz.2.16866': attribute type 3 has an invalid length. [ 1027.464516][ T5912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1027.481580][ T5912] usb 5-1: New USB device found, idVendor=056a, idProduct=0317, bcdDevice= 0.00 [ 1027.492463][ T5912] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1027.503140][ T5912] usb 5-1: config 0 descriptor?? [ 1027.957769][ T5912] wacom 0003:056A:0317.0059: Unknown device_type for 'HID 056a:0317'. Assuming pen. [ 1027.986108][ T5912] wacom 0003:056A:0317.0059: hidraw0: USB HID v0.02 Device [HID 056a:0317] on usb-dummy_hcd.4-1/input0 [ 1028.023875][ T5912] input: Wacom Intuos Pro L Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:056A:0317.0059/input/input141 [ 1028.165521][ T5912] usb 5-1: USB disconnect, device number 65 [ 1028.450563][T10104] vlan2: entered allmulticast mode [ 1028.813732][T10112] devtmpfs: Bad value for 'size' [ 1029.208693][T10134] netlink: 20 bytes leftover after parsing attributes in process `syz.0.16901'. [ 1029.728829][ T5197] udevd[5197]: worker [23452] terminated by signal 33 (Unknown signal 33) [ 1029.749835][ T5197] udevd[5197]: worker [23452] failed while handling '/devices/virtual/block/loop6' [ 1030.058951][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 1030.058970][ T30] audit: type=1400 audit(2000000657.883:5727): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=10177 comm="syz.5.16923" [ 1030.299422][T10188] program syz.4.16928 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1030.546689][ C1] sd 0:0:1:0: [sda] tag#4836 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 1030.557206][ C1] sd 0:0:1:0: [sda] tag#4836 CDB: Write(6) 0a 00 00 00 00 00 [ 1031.294037][ T5877] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 1031.332730][T10240] /dev/sg0: Can't lookup blockdev [ 1031.468070][ T5877] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1031.496363][ T5877] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1031.516488][ T5877] usb 5-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.10 [ 1031.537292][ T5877] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1031.566337][ T5877] usb 5-1: config 0 descriptor?? [ 1031.727935][T10258] netlink: 8 bytes leftover after parsing attributes in process `syz.2.16963'. [ 1031.817567][ T5911] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 1031.991711][ T5911] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1032.018951][ T5911] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1032.019483][ T5877] sony 0003:054C:0268.005A: unknown main item tag 0x0 [ 1032.030190][ T5911] usb 6-1: New USB device found, idVendor=056a, idProduct=00b7, bcdDevice= 0.00 [ 1032.030222][ T5911] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1032.053562][ T5911] usb 6-1: config 0 descriptor?? [ 1032.059862][ T5877] sony 0003:054C:0268.005A: unknown main item tag 0x0 [ 1032.068229][ T5877] sony 0003:054C:0268.005A: unknown main item tag 0x0 [ 1032.081291][ T5877] sony 0003:054C:0268.005A: unknown main item tag 0x0 [ 1032.088250][ T5877] sony 0003:054C:0268.005A: unknown main item tag 0x0 [ 1032.104707][ T5877] sony 0003:054C:0268.005A: hiddev0,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.4-1/input0 [ 1032.133346][ T5877] sony 0003:054C:0268.005A: failed to claim input [ 1032.227505][ T30] audit: type=1400 audit(2000000659.913:5728): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=10271 comm="syz.2.16970" daddr=::ffff:172.20.20.0 [ 1032.262981][ T5877] usb 5-1: USB disconnect, device number 66 [ 1032.502141][ T5911] wacom 0003:056A:00B7.005B: Unknown device_type for 'HID 056a:00b7'. Assuming pen. [ 1032.513730][ T5911] wacom 0003:056A:00B7.005B: hidraw0: USB HID v0.00 Device [HID 056a:00b7] on usb-dummy_hcd.5-1/input0 [ 1032.527838][ T5911] input: Wacom Intuos3 4x6 Pen as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:056A:00B7.005B/input/input146 [ 1032.749812][ T5877] usb 6-1: USB disconnect, device number 21 [ 1032.779345][T10282] /dev/nullb0: Can't open blockdev [ 1032.954320][T10288] netlink: 20 bytes leftover after parsing attributes in process `syz.4.16978'. [ 1033.126334][T10297] netlink: 8 bytes leftover after parsing attributes in process `syz.2.16983'. [ 1033.599031][T10321] tmpfs: Bad value for 'mpol' [ 1034.612128][T10376] netlink: 4 bytes leftover after parsing attributes in process `syz.6.17018'. [ 1035.535622][T10432] tipc: New replicast peer: 255.255.255.255 [ 1035.553045][T10432] tipc: Enabled bearer , priority 11 [ 1035.930669][T10452] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1037.068018][T10495] netlink: 8 bytes leftover after parsing attributes in process `syz.5.17060'. [ 1037.598872][T10524] netlink: 4 bytes leftover after parsing attributes in process `syz.0.17071'. [ 1037.637466][T10527] netlink: 4 bytes leftover after parsing attributes in process `syz.2.17072'. [ 1037.760924][ T5879] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 1037.835055][T10527] macvlan1 (unregistering): left allmulticast mode [ 1037.842122][T10527] macvlan1 (unregistering): left promiscuous mode [ 1037.850125][T10527] bridge0: port 3(macvlan1) entered disabled state [ 1037.932012][ T5879] usb 5-1: Using ep0 maxpacket: 16 [ 1037.943179][ T5879] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1037.965855][ T5879] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1037.989087][ T5879] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1038.007012][ T5879] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1038.031533][ T5879] usb 5-1: config 0 descriptor?? [ 1038.491961][ T5879] microsoft 0003:045E:07DA.005C: unknown main item tag 0x4 [ 1038.504734][ T5879] microsoft 0003:045E:07DA.005C: unbalanced collection at end of report description [ 1038.515752][ T5879] microsoft 0003:045E:07DA.005C: parse failed [ 1038.535916][ T5879] microsoft 0003:045E:07DA.005C: probe with driver microsoft failed with error -22 [ 1038.730314][ T5879] usb 5-1: USB disconnect, device number 67 [ 1038.941723][ T30] audit: type=1326 audit(2000000666.189:5729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10576 comm="syz.5.17084" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc48a18d169 code=0x0 [ 1039.059146][T10586] netlink: 8 bytes leftover after parsing attributes in process `syz.2.17086'. [ 1040.090017][T10619] netlink: 40 bytes leftover after parsing attributes in process `syz.4.17099'. [ 1040.320344][T10630] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 1042.771203][T10717] netlink: 'syz.6.17132': attribute type 10 has an invalid length. [ 1042.779980][ T30] audit: type=1400 audit(2000000669.772:5730): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object=":" requested=w pid=10716 comm="syz.4.17133" daddr=fc00:: dest=20001 [ 1042.828698][T10717] netlink: 40 bytes leftover after parsing attributes in process `syz.6.17132'. [ 1042.908619][T10717] team0: Port device geneve0 added [ 1043.821307][T10740] syz.6.17141: attempt to access beyond end of device [ 1043.821307][T10740] nbd6: rw=0, sector=64, nr_sectors = 1 limit=0 [ 1043.872929][T10740] syz.6.17141: attempt to access beyond end of device [ 1043.872929][T10740] nbd6: rw=0, sector=256, nr_sectors = 1 limit=0 [ 1043.907898][T10740] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256 [ 1043.918338][T10740] syz.6.17141: attempt to access beyond end of device [ 1043.918338][T10740] nbd6: rw=0, sector=512, nr_sectors = 1 limit=0 [ 1043.971738][T10740] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512 [ 1043.988454][T10740] UDF-fs: warning (device nbd6): udf_load_vrs: No anchor found [ 1044.027469][T10740] UDF-fs: Scanning with blocksize 512 failed [ 1044.034217][T10740] syz.6.17141: attempt to access beyond end of device [ 1044.034217][T10740] nbd6: rw=0, sector=64, nr_sectors = 2 limit=0 [ 1044.058291][ T30] audit: type=1400 audit(2000000670.978:5731): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=10744 comm="syz.2.17143" [ 1044.079181][T10740] syz.6.17141: attempt to access beyond end of device [ 1044.079181][T10740] nbd6: rw=0, sector=512, nr_sectors = 2 limit=0 [ 1044.121723][T10740] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256 [ 1044.164803][T10740] syz.6.17141: attempt to access beyond end of device [ 1044.164803][T10740] nbd6: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 1044.212011][T10740] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512 [ 1044.244675][T10740] UDF-fs: warning (device nbd6): udf_load_vrs: No anchor found [ 1044.267196][T10740] UDF-fs: Scanning with blocksize 1024 failed [ 1044.285053][T10740] syz.6.17141: attempt to access beyond end of device [ 1044.285053][T10740] nbd6: rw=0, sector=64, nr_sectors = 4 limit=0 [ 1044.327884][T10740] syz.6.17141: attempt to access beyond end of device [ 1044.327884][T10740] nbd6: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 1044.366555][T10740] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256 [ 1044.403434][T10740] syz.6.17141: attempt to access beyond end of device [ 1044.403434][T10740] nbd6: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 1044.437238][T10740] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512 [ 1044.462406][T10740] UDF-fs: warning (device nbd6): udf_load_vrs: No anchor found [ 1044.484247][T10740] UDF-fs: Scanning with blocksize 2048 failed [ 1044.513977][T10740] syz.6.17141: attempt to access beyond end of device [ 1044.513977][T10740] nbd6: rw=0, sector=64, nr_sectors = 8 limit=0 [ 1044.556392][T10740] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256 [ 1044.588612][T10740] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512 [ 1044.599175][ T30] audit: type=1326 audit(2000000671.474:5732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10752 comm="syz.0.17146" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f714eb8d169 code=0x0 [ 1044.628381][T10740] UDF-fs: warning (device nbd6): udf_load_vrs: No anchor found [ 1044.637967][T10740] UDF-fs: Scanning with blocksize 4096 failed [ 1044.644238][T10740] UDF-fs: warning (device nbd6): udf_fill_super: No partition found (1) [ 1044.949219][ T30] audit: type=1400 audit(2000000671.811:5733): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=10760 comm="syz.4.17149" dest=51873 [ 1045.582881][ T5912] kernel write not supported for file /amidi2 (pid: 5912 comm: kworker/1:7) [ 1045.872361][T10795] netem: incorrect gi model size [ 1045.889603][T10795] netem: change failed [ 1046.415772][T10812] netlink: 60 bytes leftover after parsing attributes in process `syz.2.17172'. [ 1046.437179][T10812] netlink: 28 bytes leftover after parsing attributes in process `syz.2.17172'. [ 1046.587064][T10818] netlink: 92 bytes leftover after parsing attributes in process `syz.4.17174'. [ 1047.151250][T10830] netlink: 4 bytes leftover after parsing attributes in process `syz.2.17179'. [ 1047.334154][T10832] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1048.890399][ T5912] usb 3-1: new full-speed USB device number 68 using dummy_hcd [ 1049.066493][ T5912] usb 3-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d [ 1049.088971][ T5912] usb 3-1: New USB device strings: Mfr=1, Product=12, SerialNumber=3 [ 1049.093880][ T7261] Bluetooth: hci5: command 0x1003 tx timeout [ 1049.099127][T25285] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1049.123077][ T5912] usb 3-1: Product: syz [ 1049.127602][ T5912] usb 3-1: Manufacturer: syz [ 1049.132464][ T5912] usb 3-1: SerialNumber: syz [ 1049.162481][ T5912] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state. [ 1049.318978][T10869] netlink: 24 bytes leftover after parsing attributes in process `syz.0.17198'. [ 1049.597203][ T5912] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 1049.638074][ T5912] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19) [ 1049.845816][ T5912] usb 3-1: USB disconnect, device number 68 [ 1050.098801][T10889] netlink: 8 bytes leftover after parsing attributes in process `syz.6.17208'. [ 1050.838432][T10910] tipc: Started in network mode [ 1050.853781][T10910] tipc: Node identity ac14140f, cluster identity 4711 [ 1050.890478][T10910] tipc: New replicast peer: 255.255.255.255 [ 1050.897256][T10910] tipc: Enabled bearer , priority 11 [ 1052.086737][ T5877] tipc: Node number set to 2886997007 [ 1052.963170][ T30] audit: type=1326 audit(2000000679.313:5734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10973 comm="syz.0.17243" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f714eb8d169 code=0x0 [ 1052.979804][T10976] netlink: 'syz.2.17246': attribute type 10 has an invalid length. [ 1053.012655][T10976] bridge_slave_1: left allmulticast mode [ 1053.032575][T10976] bridge_slave_1: left promiscuous mode [ 1053.050112][T10976] bridge0: port 2(bridge_slave_1) entered disabled state [ 1053.067948][T10976] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 1053.840145][T11004] netlink: 16215 bytes leftover after parsing attributes in process `syz.2.17256'. [ 1054.074751][ T5911] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 1054.257308][ T5911] usb 5-1: Using ep0 maxpacket: 8 [ 1054.272827][ T5911] usb 5-1: config 0 has no interfaces? [ 1054.288886][ T5911] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee [ 1054.298180][ T5911] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1054.306935][ T5911] usb 5-1: Product: syz [ 1054.311749][ T5911] usb 5-1: Manufacturer: syz [ 1054.316373][ T5911] usb 5-1: SerialNumber: syz [ 1054.324048][ T5911] usb 5-1: config 0 descriptor?? [ 1054.523603][ T5912] usb 3-1: new high-speed USB device number 69 using dummy_hcd [ 1054.570208][ T5877] usb 5-1: USB disconnect, device number 68 [ 1054.690761][ T30] audit: type=1400 audit(2000000680.922:5735): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object=":" requested=w pid=11027 comm="syz.6.17269" daddr=fc01:: [ 1054.737824][ T5912] usb 3-1: Using ep0 maxpacket: 32 [ 1054.778219][ T5912] usb 3-1: config 0 has an invalid interface number: 85 but max is 0 [ 1054.798435][ T5912] usb 3-1: config 0 has no interface number 0 [ 1054.815636][ T5912] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1054.845002][ T5912] usb 3-1: config 0 interface 85 has no altsetting 0 [ 1054.864620][ T5912] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 1054.885599][ T5912] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1054.916272][ T5912] usb 3-1: Product: syz [ 1054.930724][ T5912] usb 3-1: Manufacturer: syz [ 1054.935450][ T5912] usb 3-1: SerialNumber: syz [ 1054.952428][ T5912] usb 3-1: config 0 descriptor?? [ 1055.622731][ T5912] appletouch 3-1:0.85: Geyser mode initialized. [ 1055.649890][ T5912] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.85/input/input149 [ 1055.874221][ T5912] usb 3-1: USB disconnect, device number 69 [ 1055.880241][ C1] appletouch 3-1:0.85: atp_complete: usb_submit_urb failed with result -19 [ 1055.955188][ T5912] appletouch 3-1:0.85: input: appletouch disconnected [ 1057.324203][ T30] audit: type=1400 audit(2000000683.372:5736): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object=":" requested=w pid=11091 comm="syz.0.17299" daddr=fc00::1 dest=20004 [ 1057.507843][ T30] audit: type=1326 audit(2000000683.559:5737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11093 comm="syz.0.17300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f714eb8d169 code=0x7ffc0000 [ 1057.581056][ T30] audit: type=1326 audit(2000000683.559:5738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11093 comm="syz.0.17300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f714eb8d169 code=0x7ffc0000 [ 1057.652207][ T30] audit: type=1326 audit(2000000683.559:5739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11093 comm="syz.0.17300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f714eb8d169 code=0x7ffc0000 [ 1057.731153][ T30] audit: type=1326 audit(2000000683.559:5740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11093 comm="syz.0.17300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f714eb8d169 code=0x7ffc0000 [ 1057.752891][ C0] vkms_vblank_simulate: vblank timer overrun [ 1057.810085][ T30] audit: type=1326 audit(2000000683.559:5741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11093 comm="syz.0.17300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f714eb8d169 code=0x7ffc0000 [ 1057.879965][ T30] audit: type=1326 audit(2000000683.578:5742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11093 comm="syz.0.17300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=269 compat=0 ip=0x7f714eb8d169 code=0x7ffc0000 [ 1057.972564][ T30] audit: type=1326 audit(2000000683.578:5743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11093 comm="syz.0.17300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f714eb8d169 code=0x7ffc0000 [ 1058.210452][ T7261] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1058.227282][ T7261] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1058.236396][ T7261] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1058.247033][ T7261] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1058.255476][ T7261] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 1058.262833][ T7261] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1058.434941][T11105] lo speed is unknown, defaulting to 1000 [ 1058.695474][ T12] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1058.853032][ T12] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1058.928504][T11129] netlink: 36 bytes leftover after parsing attributes in process `syz.0.17314'. [ 1059.055752][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 1059.055772][ T30] audit: type=1326 audit(2000000684.991:5745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11132 comm="syz.2.17315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f778b58d169 code=0x7ffc0000 [ 1059.108833][ T12] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1059.133534][ T30] audit: type=1326 audit(2000000684.991:5746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11132 comm="syz.2.17315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f778b58d169 code=0x7ffc0000 [ 1059.164149][ T30] audit: type=1326 audit(2000000685.000:5747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11132 comm="syz.2.17315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f778b58d169 code=0x7ffc0000 [ 1059.218278][ T30] audit: type=1326 audit(2000000685.000:5748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11132 comm="syz.2.17315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f778b58d169 code=0x7ffc0000 [ 1059.261343][ T30] audit: type=1326 audit(2000000685.000:5749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11132 comm="syz.2.17315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f778b58d169 code=0x7ffc0000 [ 1059.283480][T11139] netlink: 96 bytes leftover after parsing attributes in process `syz.4.17317'. [ 1059.312257][ T30] audit: type=1326 audit(2000000685.000:5750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11132 comm="syz.2.17315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=438 compat=0 ip=0x7f778b58d169 code=0x7ffc0000 [ 1059.338779][ T30] audit: type=1326 audit(2000000685.000:5751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11132 comm="syz.2.17315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f778b58d169 code=0x7ffc0000 [ 1059.362557][ T12] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1059.369037][ T30] audit: type=1326 audit(2000000685.000:5752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11132 comm="syz.2.17315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f778b58d169 code=0x7ffc0000 [ 1059.543940][T11105] chnl_net:caif_netlink_parms(): no params data found [ 1059.748151][ T12] bridge_slave_1: left allmulticast mode [ 1059.757668][ T12] bridge_slave_1: left promiscuous mode [ 1059.765915][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 1059.787231][ T12] bridge_slave_0: left allmulticast mode [ 1059.792918][ T12] bridge_slave_0: left promiscuous mode [ 1059.813232][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 1059.856625][T26798] kernel write not supported for file /audio (pid: 26798 comm: kworker/1:3) [ 1059.871925][ T12] tipc: Resetting bearer [ 1059.973458][ T30] audit: type=1400 audit(2000000685.861:5753): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=11159 comm="syz.0.17325" [ 1060.468794][T25285] Bluetooth: hci5: command tx timeout [ 1060.488772][ T12] gretap0 (unregistering): left promiscuous mode [ 1060.685501][ T12] tipc: Disabling bearer [ 1060.766945][ T5878] usb 5-1: new high-speed USB device number 69 using dummy_hcd [ 1060.927421][ T5878] usb 5-1: Using ep0 maxpacket: 8 [ 1060.944112][ T5878] usb 5-1: config index 0 descriptor too short (expected 30768, got 18) [ 1060.956345][ T5878] usb 5-1: config 102 has too many interfaces: 102, using maximum allowed: 32 [ 1060.973551][ T5878] usb 5-1: config 102 has an invalid descriptor of length 102, skipping remainder of the config [ 1060.989386][ T5878] usb 5-1: config 102 has 0 interfaces, different from the descriptor's value: 102 [ 1061.002285][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1061.016321][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1061.018062][ T5878] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 1061.037717][ T12] bond0 (unregistering): Released all slaves [ 1061.043993][ T5878] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1061.192159][ T12] tipc: Disabling bearer [ 1061.225717][ T12] tipc: Left network mode [ 1061.255136][T11105] bridge0: port 1(bridge_slave_0) entered blocking state [ 1061.263398][T11105] bridge0: port 1(bridge_slave_0) entered disabled state [ 1061.280112][T11105] bridge_slave_0: entered allmulticast mode [ 1061.305492][T11105] bridge_slave_0: entered promiscuous mode [ 1061.325226][T11105] bridge0: port 2(bridge_slave_1) entered blocking state [ 1061.332393][T11105] bridge0: port 2(bridge_slave_1) entered disabled state [ 1061.351794][T11105] bridge_slave_1: entered allmulticast mode [ 1061.360763][T11105] bridge_slave_1: entered promiscuous mode [ 1061.549909][ T5878] usb 5-1: USB disconnect, device number 69 [ 1061.637864][T11105] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1061.678760][T11105] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1062.045460][T11105] team0: Port device team_slave_0 added [ 1062.078067][T11105] team0: Port device team_slave_1 added [ 1062.515516][ T12] hsr_slave_0: left promiscuous mode [ 1062.523662][ T12] hsr_slave_1: left promiscuous mode [ 1062.532288][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1062.539818][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1062.629722][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1062.637234][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1062.691720][T25285] Bluetooth: hci5: command tx timeout [ 1062.725193][ T12] veth1_macvtap: left promiscuous mode [ 1062.731139][ T12] veth0_macvtap: left promiscuous mode [ 1062.736990][ T12] veth1_vlan: left promiscuous mode [ 1062.742385][ T12] veth0_vlan: left promiscuous mode [ 1064.521100][ T30] audit: type=1400 audit(2000000690.107:5754): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=11250 comm="syz.4.17359" daddr=::ffff:172.30.1.5 dest=1 [ 1064.711518][ T12] team0 (unregistering): Port device team_slave_1 removed [ 1064.813121][ T12] team0 (unregistering): Port device team_slave_0 removed [ 1064.915566][T25285] Bluetooth: hci5: command tx timeout [ 1065.028174][T11260] netlink: 8 bytes leftover after parsing attributes in process `syz.2.17362'. [ 1065.037782][T11260] netlink: 16 bytes leftover after parsing attributes in process `syz.2.17362'. [ 1065.465994][T11105] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1065.473867][T11105] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1065.502630][T11105] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1065.546559][T11105] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1065.553715][T11105] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1065.606015][T11105] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1065.777530][T11265] random: crng reseeded on system resumption [ 1065.848357][T11105] hsr_slave_0: entered promiscuous mode [ 1065.857399][T11105] hsr_slave_1: entered promiscuous mode [ 1065.863614][T11105] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1065.906115][T11105] Cannot create hsr debugfs directory [ 1066.071280][T11279] netlink: 'syz.2.17369': attribute type 6 has an invalid length. [ 1066.111672][T11279] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.17369'. [ 1066.552089][ T12] IPVS: stop unused estimator thread 0... [ 1066.612573][T11105] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1066.681062][T11105] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1066.714135][T11105] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1066.737273][T11105] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1066.960017][T11105] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1067.015601][T11105] 8021q: adding VLAN 0 to HW filter on device team0 [ 1067.056963][ T64] bridge0: port 1(bridge_slave_0) entered blocking state [ 1067.064120][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1067.128890][ T2777] bridge0: port 2(bridge_slave_1) entered blocking state [ 1067.136139][ T2777] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1067.149868][T25285] Bluetooth: hci5: command tx timeout [ 1067.867680][T11105] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1068.511405][T11105] veth0_vlan: entered promiscuous mode [ 1068.543589][T11105] veth1_vlan: entered promiscuous mode [ 1068.587159][T11105] veth0_macvtap: entered promiscuous mode [ 1068.603366][ T5878] usb 3-1: new high-speed USB device number 70 using dummy_hcd [ 1068.626407][T11105] veth1_macvtap: entered promiscuous mode [ 1068.679722][T11105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1068.705503][T11105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1068.735256][T11105] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1068.755246][T11105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1068.776482][ T5878] usb 3-1: Using ep0 maxpacket: 32 [ 1068.783781][T11105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1068.787245][ T5878] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1068.805547][T11105] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1068.848194][T11105] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1068.863474][ T5878] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1068.887670][ T5878] usb 3-1: New USB device found, idVendor=1294, idProduct=1320, bcdDevice= 0.00 [ 1068.890600][T11105] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1068.912367][T11105] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1068.921280][T11105] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1068.929591][ T5878] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1068.963916][ T5878] usb 3-1: config 0 descriptor?? [ 1069.142242][T11358] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 1069.145664][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1069.223879][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1069.290027][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1069.310060][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1069.360595][ T30] audit: type=1400 audit(2000000694.635:5755): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=11362 comm="syz.6.17384" daddr=::ffff:172.30.1.7 dest=1 [ 1069.429648][ T5878] hid-led 0003:1294:1320.005D: hidraw0: USB HID v0.04 Device [HID 1294:1320] on usb-dummy_hcd.2-1/input0 [ 1069.500038][ T5878] hid-led 0003:1294:1320.005D: Riso Kagaku Webmail Notifier initialized [ 1069.672619][ T59] usb 3-1: USB disconnect, device number 70 [ 1069.714368][ T12] leds riso_kagaku0:blue: Setting an LED's brightness failed (-38) [ 1069.756585][ T64] leds riso_kagaku0:green: Setting an LED's brightness failed (-38) [ 1069.782603][ T64] leds riso_kagaku0:red: Setting an LED's brightness failed (-38) [ 1070.898894][ T30] audit: type=1326 audit(2000000696.075:5756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11416 comm="syz.7.17400" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efd5b18d169 code=0x0 [ 1070.996649][ T30] audit: type=1400 audit(2000000696.159:5757): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object=":" requested=w pid=11422 comm="syz.6.17402" daddr=fc01:: dest=8 [ 1071.073057][T11351] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1073.291215][T11499] sctp: [Deprecated]: syz.4.17427 (pid 11499) Use of int in max_burst socket option deprecated. [ 1073.291215][T11499] Use struct sctp_assoc_value instead [ 1075.864741][T11587] netlink: 11 bytes leftover after parsing attributes in process `syz.2.17450'. [ 1077.165744][T11640] sp0: Synchronizing with TNC [ 1077.316703][T11640] Falling back ldisc for ttyS3. [ 1077.345191][T11650] netlink: 'syz.4.17474': attribute type 25 has an invalid length. [ 1077.380119][T11650] netlink: 'syz.4.17474': attribute type 7 has an invalid length. [ 1077.520584][T11658] netlink: 1256 bytes leftover after parsing attributes in process `syz.7.17478'. [ 1077.649880][T11664] netlink: 8 bytes leftover after parsing attributes in process `syz.6.17479'. [ 1077.934119][T11676] input: syz0 as /devices/virtual/input/input150 [ 1078.477504][T11695] netlink: 8 bytes leftover after parsing attributes in process `syz.4.17493'. [ 1078.498814][T11695] bond_slave_1: entered promiscuous mode [ 1078.509718][T11695] netlink: 'syz.4.17493': attribute type 2 has an invalid length. [ 1079.462305][T11732] lo speed is unknown, defaulting to 1000 [ 1079.642935][T11741] netlink: 8 bytes leftover after parsing attributes in process `syz.4.17513'. [ 1079.663473][T11741] netlink: 32 bytes leftover after parsing attributes in process `syz.4.17513'. [ 1079.707066][T11741] gretap1: entered promiscuous mode [ 1079.828289][T11745] netlink: 4 bytes leftover after parsing attributes in process `syz.7.17515'. [ 1080.246876][T11762] trusted_key: encrypted_key: key user:syz not found [ 1080.635261][T11774] netlink: 36 bytes leftover after parsing attributes in process `syz.2.17527'. [ 1082.178532][T11817] sctp: [Deprecated]: syz.6.17546 (pid 11817) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1082.178532][T11817] Use struct sctp_sack_info instead [ 1083.898459][ T30] audit: type=1400 audit(2000000708.235:5758): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=11855 comm="syz.6.17562" daddr=::ffff:0.0.0.0 [ 1083.987154][ T30] audit: type=1400 audit(2000000708.235:5759): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=11855 comm="syz.6.17562" [ 1084.337796][T11868] lo speed is unknown, defaulting to 1000 [ 1084.457942][T11872] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 1085.992899][ T30] audit: type=1400 audit(2000000710.200:5760): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object=":" requested=w pid=11921 comm="syz.0.17584" daddr=2001::2 dest=20001 [ 1086.221251][ T5908] usb 5-1: new high-speed USB device number 70 using dummy_hcd [ 1086.409177][ T5908] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1086.447717][ T5908] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1086.467751][ T5908] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1086.484867][ T5908] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1086.497915][T11940] netlink: 'syz.2.17591': attribute type 1 has an invalid length. [ 1086.529702][T11919] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1086.556731][ T5908] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 1086.800145][ T5878] usb 5-1: USB disconnect, device number 70 [ 1087.913894][T11997] ceph: missing cluster fsid [ 1087.918559][T11997] ceph: separator ':' missing in source [ 1088.346980][T12021] netlink: 8 bytes leftover after parsing attributes in process `syz.2.17622'. [ 1088.788830][T12037] netlink: 8 bytes leftover after parsing attributes in process `syz.2.17627'. [ 1091.434965][T12125] netlink: 8 bytes leftover after parsing attributes in process `syz.7.17655'. [ 1091.446587][T12125] netlink: 'syz.7.17655': attribute type 30 has an invalid length. [ 1091.474974][T12125] netdevsim netdevsim7 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1091.484066][T12125] netdevsim netdevsim7 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1091.492950][T12125] netdevsim netdevsim7 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1091.501709][T12125] netdevsim netdevsim7 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1092.304940][ T59] usb 3-1: new high-speed USB device number 71 using dummy_hcd [ 1092.518740][ T59] usb 3-1: Using ep0 maxpacket: 16 [ 1092.551778][ T59] usb 3-1: config 0 has an invalid interface number: 251 but max is 0 [ 1092.560315][ T59] usb 3-1: config 0 has no interface number 0 [ 1092.602616][ T59] usb 3-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 1092.622778][ T59] usb 3-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 1092.661047][ T59] usb 3-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 1092.673592][ T59] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1092.688997][ T59] usb 3-1: Product: syz [ 1092.698096][ T59] usb 3-1: Manufacturer: syz [ 1092.712223][ T59] usb 3-1: SerialNumber: syz [ 1092.745192][ T59] usb 3-1: config 0 descriptor?? [ 1092.778239][T12152] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1092.792923][T12152] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1093.055794][T12152] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1093.085147][T12152] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1093.777396][ T59] asix 3-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 1093.806048][ T12] hsr0: left allmulticast mode [ 1093.811357][ T59] asix 3-1:0.251 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 1093.835859][ T12] hsr_slave_0: left allmulticast mode [ 1093.841340][ T12] hsr_slave_1: left allmulticast mode [ 1093.861892][ T59] asix 3-1:0.251: probe with driver asix failed with error -71 [ 1093.877648][ T12] hsr0: left promiscuous mode [ 1093.908434][ T12] bridge0: port 3(hsr0) entered disabled state [ 1093.908846][ T59] usb 3-1: USB disconnect, device number 71 [ 1093.987284][ T12] bridge_slave_1: left allmulticast mode [ 1094.033315][ T12] bridge_slave_1: left promiscuous mode [ 1094.055064][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 1094.097230][ T12] bridge_slave_0: left allmulticast mode [ 1094.122632][ T12] bridge_slave_0: left promiscuous mode [ 1094.138026][ T7261] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1094.148879][ T7261] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1094.157931][ T7261] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1094.162493][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 1094.189828][ T7261] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1094.197891][ T7261] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1094.227122][ T7261] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1094.849768][ T12] team0: Port device bridge0 removed [ 1095.451520][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1095.461645][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1095.472172][ T12] bond0 (unregistering): (slave macvlan0): Releasing backup interface [ 1095.484252][ T12] bond0 (unregistering): Released all slaves [ 1095.495427][ T12] bond1 (unregistering): Released all slaves [ 1095.507450][ T12] bond2 (unregistering): Released all slaves [ 1095.672110][ T12] bond3 (unregistering): Released all slaves [ 1095.816405][ T12] f: left promiscuous mode [ 1095.941516][T12242] netlink: 4 bytes leftover after parsing attributes in process `syz.4.17690'. [ 1095.987975][ T12] tipc: Disabling bearer [ 1096.085091][ T12] tipc: Disabling bearer [ 1096.099008][ T12] tipc: Left network mode [ 1096.117762][T12212] lo speed is unknown, defaulting to 1000 [ 1096.186668][ T12] IPVS: stopping backup sync thread 27049 ... [ 1096.485399][T25285] Bluetooth: hci1: command tx timeout [ 1097.231384][T12212] chnl_net:caif_netlink_parms(): no params data found [ 1097.357013][T12293] netlink: 'syz.2.17706': attribute type 10 has an invalid length. [ 1097.365264][T12293] netlink: 152 bytes leftover after parsing attributes in process `syz.2.17706'. [ 1097.400690][ T12] hsr_slave_0: left promiscuous mode [ 1097.410840][ T12] hsr_slave_1: left promiscuous mode [ 1097.425349][T12295] netlink: 8 bytes leftover after parsing attributes in process `syz.7.17705'. [ 1097.611229][ T59] usb 5-1: new full-speed USB device number 71 using dummy_hcd [ 1097.807976][ T59] usb 5-1: too many endpoints for config 0 interface 0 altsetting 2: 242, using maximum allowed: 30 [ 1097.830162][ T59] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1097.862798][ T59] usb 5-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 242 [ 1097.876351][ T59] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1097.883020][ T59] usb 5-1: New USB device found, idVendor=05ac, idProduct=0225, bcdDevice= 0.00 [ 1097.901934][ T59] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1097.927075][ T59] usb 5-1: config 0 descriptor?? [ 1097.993450][ T12] team_slave_1 (unregistering): left promiscuous mode [ 1098.002237][ T12] team0 (unregistering): Port device team_slave_1 removed [ 1098.062306][ T12] team_slave_0 (unregistering): left promiscuous mode [ 1098.071330][ T12] team0 (unregistering): Port device team_slave_0 removed [ 1098.397464][ T59] apple 0003:05AC:0225.005E: unknown main item tag 0x0 [ 1098.406812][ T59] apple 0003:05AC:0225.005E: hidraw0: USB HID v0.03 Device [HID 05ac:0225] on usb-dummy_hcd.4-1/input0 [ 1098.620577][T11355] usb 5-1: USB disconnect, device number 71 [ 1098.698855][T12266] Bluetooth: hci1: command tx timeout [ 1098.698922][ T5839] Bluetooth: hci4: command 0x0405 tx timeout [ 1098.713264][ T2777] smc: removing ib device syz0 [ 1099.159870][T12212] bridge0: port 1(bridge_slave_0) entered blocking state [ 1099.167025][T12212] bridge0: port 1(bridge_slave_0) entered disabled state [ 1099.211707][T12212] bridge_slave_0: entered allmulticast mode [ 1099.229710][T12212] bridge_slave_0: entered promiscuous mode [ 1099.271740][T12212] bridge0: port 2(bridge_slave_1) entered blocking state [ 1099.306845][T12212] bridge0: port 2(bridge_slave_1) entered disabled state [ 1099.335758][T12212] bridge_slave_1: entered allmulticast mode [ 1099.352941][T12212] bridge_slave_1: entered promiscuous mode [ 1099.468788][T12212] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1099.512498][T12212] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1099.721939][T12212] team0: Port device team_slave_0 added [ 1099.776622][T12212] team0: Port device team_slave_1 added [ 1099.920870][T12212] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1099.938551][T12212] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1099.995354][T12212] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1100.315741][T12212] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1100.379038][T12212] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1100.536285][ T30] audit: type=1326 audit(2000000723.810:5761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12347 comm="syz.4.17722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f961618d169 code=0x7ffc0000 [ 1100.555552][T12212] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1100.604558][ T30] audit: type=1326 audit(2000000723.810:5762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12347 comm="syz.4.17722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f961618d169 code=0x7ffc0000 [ 1100.629839][ T30] audit: type=1326 audit(2000000723.810:5763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12347 comm="syz.4.17722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=34 compat=0 ip=0x7f961618d169 code=0x7ffc0000 [ 1100.849458][T12212] hsr_slave_0: entered promiscuous mode [ 1100.874187][T12212] hsr_slave_1: entered promiscuous mode [ 1100.896724][T12212] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1100.914057][T12212] Cannot create hsr debugfs directory [ 1100.921312][ T7261] Bluetooth: hci1: command tx timeout [ 1102.368297][T12212] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1102.390144][T12212] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1102.401379][T12212] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1102.411593][T12212] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1102.699941][T12212] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1102.781637][T12212] 8021q: adding VLAN 0 to HW filter on device team0 [ 1102.845358][ T3555] bridge0: port 1(bridge_slave_0) entered blocking state [ 1102.852514][ T3555] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1102.888387][ T3555] bridge0: port 2(bridge_slave_1) entered blocking state [ 1102.895550][ T3555] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1103.146019][ T7261] Bluetooth: hci1: command tx timeout [ 1103.531402][T12212] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1103.665104][T12212] veth0_vlan: entered promiscuous mode [ 1103.698779][T12212] veth1_vlan: entered promiscuous mode [ 1103.783079][T12212] veth0_macvtap: entered promiscuous mode [ 1103.820168][T12212] veth1_macvtap: entered promiscuous mode [ 1103.871095][T12212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1103.906603][T12212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1103.946430][T12212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1103.977576][T12212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1104.018196][T12212] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1104.042580][T12212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1104.054007][T12212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1104.064159][T12212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1104.106658][T12212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1104.139319][T12212] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1104.184189][T12212] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1104.222570][T12212] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1104.245934][T12212] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1104.254681][T12212] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1104.291403][T12483] cifs: Unknown parameter 'mode' [ 1104.477840][ T2588] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1104.507099][ T2588] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1104.547827][ T2588] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1104.557371][ T2588] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1104.994632][T12500] netlink: 104 bytes leftover after parsing attributes in process `syz.6.17769'. [ 1106.511072][T12551] netlink: 'syz.7.17790': attribute type 1 has an invalid length. [ 1106.519407][T12551] netlink: 24 bytes leftover after parsing attributes in process `syz.7.17790'. [ 1106.979712][T12563] bridge0: port 2(bridge_slave_1) entered disabled state [ 1108.459602][ T5839] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1108.471398][ T5839] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1108.482576][ T5839] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1108.502032][ T5839] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1108.521889][ T5839] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1108.529295][ T5839] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1108.990250][T12607] chnl_net:caif_netlink_parms(): no params data found [ 1109.247941][T12607] bridge0: port 1(bridge_slave_0) entered blocking state [ 1109.270428][T12607] bridge0: port 1(bridge_slave_0) entered disabled state [ 1109.277628][T12607] bridge_slave_0: entered allmulticast mode [ 1109.305338][T12607] bridge_slave_0: entered promiscuous mode [ 1109.322737][T12607] bridge0: port 2(bridge_slave_1) entered blocking state [ 1109.330630][T12607] bridge0: port 2(bridge_slave_1) entered disabled state [ 1109.342379][T12607] bridge_slave_1: entered allmulticast mode [ 1109.353709][T12607] bridge_slave_1: entered promiscuous mode [ 1109.444969][T12607] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1109.467488][T12607] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1109.552142][T12607] team0: Port device team_slave_0 added [ 1109.564601][T12607] team0: Port device team_slave_1 added [ 1109.613083][T12607] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1109.626001][T12607] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1109.687137][T12607] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1109.709932][T12607] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1109.716994][T12607] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1109.742923][ C1] vkms_vblank_simulate: vblank timer overrun [ 1109.753731][T12607] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1109.785284][T12647] delete_channel: no stack [ 1109.803926][T12607] hsr_slave_0: entered promiscuous mode [ 1109.819066][T12607] hsr_slave_1: entered promiscuous mode [ 1109.832335][T12607] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1109.841416][T12607] Cannot create hsr debugfs directory [ 1109.902282][ T5877] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1110.140141][T12607] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 1110.179664][T12607] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 1110.190778][T12607] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 1110.213496][T12607] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 1110.402860][T12607] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1110.449011][T12607] 8021q: adding VLAN 0 to HW filter on device team0 [ 1110.502588][ T2588] bridge0: port 1(bridge_slave_0) entered blocking state [ 1110.509740][ T2588] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1110.545397][ T2588] bridge0: port 2(bridge_slave_1) entered blocking state [ 1110.552581][ T2588] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1110.671441][ T59] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1110.756829][ T7261] Bluetooth: hci1: command tx timeout [ 1110.783453][T12669] macsec1: entered promiscuous mode [ 1110.799720][T12669] macsec1: entered allmulticast mode [ 1110.815963][T12669] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 1111.014630][T11355] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1111.063890][T12607] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1111.617286][T12607] veth0_vlan: entered promiscuous mode [ 1111.675271][T12607] veth1_vlan: entered promiscuous mode [ 1111.737304][T12698] : renamed from pim6reg1 [ 1111.815340][T12607] veth0_macvtap: entered promiscuous mode [ 1111.827011][T12700] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1111.833159][T12607] veth1_macvtap: entered promiscuous mode [ 1111.894829][T12607] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1111.911891][T12607] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1111.923674][T12607] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1111.940985][T12607] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1111.961364][T12607] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1111.974019][T12607] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1112.009322][T12607] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1112.022855][T12607] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1112.061199][T12607] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1112.079875][T12607] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1112.120928][T12607] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1112.124972][T11355] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1112.167669][T12607] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1112.190564][T12607] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1112.222216][T12607] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1112.235076][T12607] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1112.263250][T12607] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1112.295856][T12607] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1112.305175][T12607] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1112.630001][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1112.663005][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1112.684202][T12725] netlink: 32 bytes leftover after parsing attributes in process `syz.7.17862'. [ 1112.719301][T12725] sch_tbf: peakrate 4 is lower than or equals to rate 5 ! [ 1112.775490][ T3533] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1112.802910][ T3533] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1112.991901][ T7261] Bluetooth: hci1: command tx timeout [ 1113.243297][T11355] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1113.587523][ T3555] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1113.599004][T26800] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1113.609264][ T59] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1113.923539][ T59] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1114.155807][ T5878] usb 3-1: new full-speed USB device number 72 using dummy_hcd [ 1114.339195][ T5878] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1114.350848][T11355] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1114.372048][ T5878] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 1024, setting to 64 [ 1114.419681][ T5878] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1114.431492][ T5878] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1114.455120][ T5878] usb 3-1: Product: syz [ 1114.459322][ T5878] usb 3-1: Manufacturer: syz [ 1114.489373][ T5878] usb 3-1: SerialNumber: syz [ 1114.744241][T12762] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1114.950354][T12787] netlink: 16 bytes leftover after parsing attributes in process `syz.8.17888'. [ 1114.983452][T12787] netlink: 16 bytes leftover after parsing attributes in process `syz.8.17888'. [ 1115.204615][ T7261] Bluetooth: hci1: command tx timeout [ 1115.427059][ T5878] cdc_ncm 3-1:1.0: SET_CRC_MODE failed [ 1115.450570][ T5878] cdc_ncm 3-1:1.0: bind() failure [ 1115.459120][ T5878] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 1115.477504][T11355] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1115.496561][ T5878] cdc_ncm 3-1:1.1: bind() failure [ 1115.509146][ T5878] usb 3-1: USB disconnect, device number 72 [ 1115.913593][T12817] ALSA: mixer_oss: invalid OSS volume 'DIGTAL1' [ 1115.921798][T12820] netlink: zone id is out of range [ 1115.933542][T12820] netlink: zone id is out of range [ 1115.938908][T12819] netlink: 4 bytes leftover after parsing attributes in process `syz.6.17902'. [ 1115.951794][T12820] netlink: zone id is out of range [ 1115.956950][T12820] netlink: zone id is out of range [ 1115.963666][T12820] netlink: zone id is out of range [ 1115.968810][T12820] netlink: zone id is out of range [ 1115.974677][T12820] netlink: zone id is out of range [ 1115.979927][T12820] netlink: zone id is out of range [ 1115.996314][T12820] netlink: zone id is out of range [ 1116.939424][T12861] @: renamed from vlan0 (while UP) [ 1117.199021][T12874] netlink: 12 bytes leftover after parsing attributes in process `syz.6.17927'. [ 1117.427491][ T7261] Bluetooth: hci1: command tx timeout [ 1117.581326][T12889] netlink: 4 bytes leftover after parsing attributes in process `syz.8.17935'. [ 1117.655368][T12889] team0: Device ipvlan2 failed to register rx_handler [ 1117.878937][T12897] mkiss: ax0: crc mode is auto. [ 1118.409221][T12917] tap0: tun_chr_ioctl cmd 2147767511 [ 1119.231219][ T5912] kernel write not supported for file /uhid (pid: 5912 comm: kworker/1:7) [ 1119.974151][ T30] audit: type=1400 audit(2000000741.966:5764): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=12958 comm="syz.4.17968" dest=20003 [ 1120.535208][ T30] audit: type=1400 audit(2000000742.508:5765): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=12987 comm="syz.4.17979" dest=20001 [ 1121.140967][T13009] netlink: 16 bytes leftover after parsing attributes in process `syz.8.17989'. [ 1121.670493][T13028] netlink: 8 bytes leftover after parsing attributes in process `syz.4.17998'. [ 1122.024583][T13038] netlink: 4 bytes leftover after parsing attributes in process `syz.7.18003'. [ 1122.522855][T13054] netlink: 12 bytes leftover after parsing attributes in process `syz.2.18010'. [ 1122.595835][ T30] audit: type=1400 audit(2000000744.407:5766): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object=":" requested=w pid=13059 comm="syz.7.18013" daddr=2001:: [ 1123.690570][T13094] netlink: 'syz.4.18026': attribute type 21 has an invalid length. [ 1123.706861][T13094] netlink: 'syz.4.18026': attribute type 1 has an invalid length. [ 1123.723922][T13094] netlink: 16050 bytes leftover after parsing attributes in process `syz.4.18026'. [ 1123.873311][T13097] tipc: Enabling of bearer rejected, already enabled [ 1124.467921][T13113] sctp: [Deprecated]: syz.6.18036 (pid 13113) Use of int in maxseg socket option. [ 1124.467921][T13113] Use struct sctp_assoc_value instead [ 1124.472244][ T30] audit: type=1400 audit(2000000746.185:5767): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object=":" requested=w pid=13112 comm="syz.6.18036" daddr=fc01:: dest=20002 [ 1124.827981][T13125] netlink: 10 bytes leftover after parsing attributes in process `syz.7.18041'. [ 1125.135155][ T10] usb 3-1: new low-speed USB device number 73 using dummy_hcd [ 1125.242212][ T5878] usb 9-1: new full-speed USB device number 2 using dummy_hcd [ 1125.318740][ T10] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 1125.328127][ T10] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1125.347829][ T10] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1125.379328][ T10] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1125.394486][ T10] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1125.415115][ T10] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 1125.422567][ T10] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1125.443886][ T5878] usb 9-1: config 0 has an invalid interface number: 1 but max is 0 [ 1125.454424][ T5878] usb 9-1: config 0 has no interface number 0 [ 1125.466165][ T10] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1125.479158][ T5878] usb 9-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 1125.502541][ T5878] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1125.511006][ T10] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1125.543943][ T5878] usb 9-1: config 0 descriptor?? [ 1125.559584][ T10] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1125.584118][ T5878] usb 9-1: selecting invalid altsetting 1 [ 1125.589976][ T5878] dvb_ttusb_budget: ttusb_init_controller: error [ 1125.605756][ T5878] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 1125.615062][ T10] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 1125.629246][ T10] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1125.657458][ T10] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1125.674796][ T10] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1125.686538][ T10] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1125.700899][ T10] usb 3-1: string descriptor 0 read error: -22 [ 1125.708610][ T10] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1125.729800][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1125.738378][ T5878] DVB: Unable to find symbol cx22700_attach() [ 1125.779553][ T10] adutux 3-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 1125.802766][ T5878] DVB: Unable to find symbol tda10046_attach() [ 1125.813203][ T5878] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 1125.836129][ T5878] usb 9-1: USB disconnect, device number 2 [ 1125.905509][T11354] usb 5-1: new high-speed USB device number 72 using dummy_hcd [ 1126.078505][T11354] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1126.095064][ T5912] usb 3-1: USB disconnect, device number 73 [ 1126.095649][T11354] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1126.120041][T11354] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1126.137060][T11354] usb 5-1: config 0 descriptor?? [ 1126.146212][T11354] pwc: Askey VC010 type 2 USB webcam detected. [ 1126.792759][T11354] pwc: recv_control_msg error -32 req 02 val 2700 [ 1126.806859][T11354] pwc: recv_control_msg error -71 req 02 val 2c00 [ 1126.820930][T11354] pwc: recv_control_msg error -71 req 04 val 1000 [ 1126.856804][T11354] pwc: recv_control_msg error -71 req 04 val 1300 [ 1126.933840][T11354] pwc: recv_control_msg error -71 req 04 val 1400 [ 1126.958875][T11354] pwc: recv_control_msg error -71 req 02 val 2000 [ 1126.999188][T11354] pwc: recv_control_msg error -71 req 02 val 2100 [ 1127.017002][T11354] pwc: recv_control_msg error -71 req 04 val 1500 [ 1127.025554][T11354] pwc: recv_control_msg error -71 req 02 val 2500 [ 1127.041340][T11354] pwc: recv_control_msg error -71 req 02 val 2400 [ 1127.048222][T11354] pwc: recv_control_msg error -71 req 02 val 2600 [ 1127.069714][T11354] pwc: recv_control_msg error -71 req 02 val 2900 [ 1127.079536][T11354] pwc: recv_control_msg error -71 req 02 val 2800 [ 1127.096206][T13171] sch_tbf: burst 0 is lower than device lo mtu (81) ! [ 1127.110049][T11354] pwc: recv_control_msg error -71 req 04 val 1100 [ 1127.121514][T11354] pwc: recv_control_msg error -71 req 04 val 1200 [ 1127.168813][T11354] pwc: Registered as video103. [ 1127.178700][T11354] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input151 [ 1127.212147][T11354] usb 5-1: USB disconnect, device number 72 [ 1127.808218][T13178] cgroup: fork rejected by pids controller in /syz4 [ 1127.907508][T13248] veth1_macvtap: left promiscuous mode [ 1128.159221][T13432] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1128.196257][T13432] bond0: (slave bond1): Enslaving as an active interface with an up link [ 1129.329277][T13977] bond0: entered promiscuous mode [ 1129.345611][T13977] bond_slave_0: entered promiscuous mode [ 1129.356657][T13977] bond_slave_1: entered promiscuous mode [ 1129.367336][T13977] bond1: entered promiscuous mode [ 1129.384754][T13977] batadv0: entered promiscuous mode [ 1129.414003][T13977] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 1129.646072][T13157] net_ratelimit: 79 callbacks suppressed [ 1129.646094][T13157] Set syz1 is full, maxelem 65536 reached [ 1129.841052][T13986] tc_dump_action: action bad kind [ 1130.336610][T14000] netlink: 52 bytes leftover after parsing attributes in process `syz.6.18087'. [ 1131.112851][ T30] audit: type=1400 audit(2000000752.405:5768): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=14025 comm="syz.4.18101" [ 1131.346920][ T30] audit: type=1326 audit(2000000752.620:5769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14032 comm="syz.6.18106" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbe3a98d169 code=0x0 [ 1131.355376][T11354] kernel write not supported for file /bluetooth/6lowpan_control (pid: 11354 comm: kworker/0:0) [ 1131.430723][ T30] audit: type=1326 audit(2000000752.695:5770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14036 comm="syz.4.18105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f961618d169 code=0x7ffc0000 [ 1131.459624][ T30] audit: type=1326 audit(2000000752.695:5771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14036 comm="syz.4.18105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f961618d169 code=0x7ffc0000 [ 1131.534822][ T30] audit: type=1326 audit(2000000752.742:5772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14036 comm="syz.4.18105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f961618d169 code=0x7ffc0000 [ 1131.615017][ T30] audit: type=1326 audit(2000000752.742:5773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14036 comm="syz.4.18105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f961618d169 code=0x7ffc0000 [ 1131.640962][ T30] audit: type=1326 audit(2000000752.742:5774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14036 comm="syz.4.18105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f961618d169 code=0x7ffc0000 [ 1131.664162][ T30] audit: type=1326 audit(2000000752.742:5775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14036 comm="syz.4.18105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f961618d169 code=0x7ffc0000 [ 1131.756985][ T30] audit: type=1326 audit(2000000752.760:5776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14036 comm="syz.4.18105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f961618d169 code=0x7ffc0000 [ 1131.814500][ T30] audit: type=1326 audit(2000000752.770:5777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14036 comm="syz.4.18105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f961618d169 code=0x7ffc0000 [ 1133.540975][T14104] sd 0:0:1:0: device reset [ 1133.602516][T14106] netlink: 40 bytes leftover after parsing attributes in process `syz.6.18137'. [ 1133.721041][T14110] netlink: 24 bytes leftover after parsing attributes in process `syz.8.18139'. [ 1133.768836][T14110] bond0: option ad_select: unable to set because the bond device is up [ 1134.033019][T14124] misc userio: Can't change port type on an already running userio instance [ 1134.513073][T14146] netlink: 'syz.7.18157': attribute type 1 has an invalid length. [ 1134.521025][T14146] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1134.528304][T14146] IPv6: NLM_F_CREATE should be set when creating new route [ 1135.629166][T14181] netlink: 4 bytes leftover after parsing attributes in process `syz.8.18173'. [ 1137.022735][T14232] netlink: 100 bytes leftover after parsing attributes in process `syz.4.18196'. [ 1137.060682][T14232] netlink: 157 bytes leftover after parsing attributes in process `syz.4.18196'. [ 1137.915511][T14267] Falling back ldisc for ptm0. [ 1137.922672][T14269] 9p: Unknown uid 00000000004294967295 [ 1138.874173][T14314] netlink: 'syz.6.18234': attribute type 1 has an invalid length. [ 1138.888341][T14314] netlink: 104 bytes leftover after parsing attributes in process `syz.6.18234'. [ 1138.902684][T14314] netlink: 'syz.6.18234': attribute type 1 has an invalid length. [ 1138.958527][ T5912] usb 3-1: new high-speed USB device number 74 using dummy_hcd [ 1139.139742][ T5912] usb 3-1: Using ep0 maxpacket: 16 [ 1139.158812][ T5912] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1139.177450][ T30] kauditd_printk_skb: 28 callbacks suppressed [ 1139.177469][ T30] audit: type=1400 audit(2000000759.944:5806): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=14325 comm="syz.4.18242" [ 1139.214684][ T5912] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1139.222722][ T5912] usb 3-1: Product: syz [ 1139.249391][ T5912] usb 3-1: Manufacturer: syz [ 1139.254038][ T5912] usb 3-1: SerialNumber: syz [ 1139.268198][ T5912] r8152-cfgselector 3-1: Unknown version 0x0000 [ 1139.274500][ T5912] r8152-cfgselector 3-1: config 0 descriptor?? [ 1139.545737][T14345] loop7: detected capacity change from 0 to 2 [ 1139.557980][T14345] Dev loop7: unable to read RDB block 2 [ 1139.566953][T14345] loop7: unable to read partition table [ 1139.573039][T14345] loop7: partition table beyond EOD, truncated [ 1139.581526][T14345] loop_reread_partitions: partition scan of loop7 (被xڬdƤݡ [ 1139.581526][T14345] ) failed (rc=-5) [ 1139.668673][T11354] IPVS: starting estimator thread 0... [ 1139.685575][T26800] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 1139.722326][ T5912] r8152-cfgselector 3-1: USB disconnect, device number 74 [ 1139.802690][T14350] IPVS: using max 23 ests per chain, 55200 per kthread [ 1139.867382][T26800] usb 9-1: Using ep0 maxpacket: 16 [ 1139.879459][T26800] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1139.901382][T26800] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 1139.912126][T26800] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1139.928167][T26800] usb 9-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47 [ 1139.938036][T26800] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1139.946126][T26800] usb 9-1: Product: syz [ 1139.961203][T26800] usb 9-1: Manufacturer: syz [ 1139.966108][T26800] usb 9-1: SerialNumber: syz [ 1139.972903][T26800] usb 9-1: config 0 descriptor?? [ 1139.979928][T26800] mcba_usb 9-1:0.0: Can't find endpoints [ 1140.216722][ T10] usb 9-1: USB disconnect, device number 3 [ 1140.323485][T14370] netlink: 'syz.2.18260': attribute type 10 has an invalid length. [ 1140.343351][T14370] 8021q: adding VLAN 0 to HW filter on device team0 [ 1140.363381][T14370] bond0: (slave team0): Enslaving as an active interface with an up link [ 1140.683620][T14386] netlink: 20 bytes leftover after parsing attributes in process `syz.2.18268'. [ 1141.932630][T14446] netlink: 8 bytes leftover after parsing attributes in process `syz.7.18294'. [ 1141.950422][T14446] netlink: 8 bytes leftover after parsing attributes in process `syz.7.18294'. [ 1141.973656][T14446] netlink: 8 bytes leftover after parsing attributes in process `syz.7.18294'. [ 1142.555808][T14472] input: syz0 as /devices/virtual/input/input153 [ 1142.984230][T14486] netlink: 36 bytes leftover after parsing attributes in process `syz.2.18313'. [ 1143.000051][T14486] netlink: 24 bytes leftover after parsing attributes in process `syz.2.18313'. [ 1143.668642][T14515] netlink: 4 bytes leftover after parsing attributes in process `syz.8.18327'. [ 1143.764271][T14515] bond2 (unregistering): Released all slaves [ 1145.090177][T14567] pim6reg: entered allmulticast mode [ 1145.122099][T14566] pim6reg: left allmulticast mode [ 1147.803642][T14637] netlink: 8 bytes leftover after parsing attributes in process `syz.2.18382'. [ 1148.462887][T14672] netlink: 20 bytes leftover after parsing attributes in process `syz.7.18399'. [ 1148.536622][T14675] netlink: 'syz.8.18400': attribute type 10 has an invalid length. [ 1148.599524][T14675] 8021q: adding VLAN 0 to HW filter on device team0 [ 1148.630576][T14675] team0: entered promiscuous mode [ 1148.646257][T14675] team_slave_0: entered promiscuous mode [ 1148.657976][T14675] team_slave_1: entered promiscuous mode [ 1149.399936][ T30] audit: type=1400 audit(2000000769.513:5807): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object=":" requested=w pid=14698 comm="syz.4.18409" daddr=fc02::1 [ 1149.457077][ T59] usb 3-1: new high-speed USB device number 75 using dummy_hcd [ 1149.638213][ T59] usb 3-1: Using ep0 maxpacket: 16 [ 1149.657294][ T59] usb 3-1: config 0 has an invalid interface number: 4 but max is 0 [ 1149.668631][ T59] usb 3-1: config 0 has no interface number 0 [ 1149.695125][ T59] usb 3-1: config 0 interface 4 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1149.711515][ T59] usb 3-1: config 0 interface 4 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1149.723872][ T59] usb 3-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 1149.733046][ T59] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1149.743464][ T59] usb 3-1: config 0 descriptor?? [ 1149.841788][ T5911] usb 5-1: new high-speed USB device number 73 using dummy_hcd [ 1149.849604][ T30] audit: type=1400 audit(2000000769.925:5808): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object=":" requested=w pid=14714 comm="syz.7.18415" daddr=fc01::1 dest=16 [ 1150.005153][ T5911] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1150.023024][ T5911] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1150.034907][ T5911] usb 5-1: config 0 descriptor?? [ 1150.056847][ T5911] cp210x 5-1:0.0: cp210x converter detected [ 1150.135931][T14723] netlink: 4 bytes leftover after parsing attributes in process `syz.7.18420'. [ 1150.203487][ T59] hid (null): report_id 0 is invalid [ 1150.442830][ T10] usb 3-1: USB disconnect, device number 75 [ 1150.474872][ T5911] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 1150.496345][ T5911] usb 5-1: cp210x converter now attached to ttyUSB0 [ 1150.715263][ T10] usb 5-1: USB disconnect, device number 73 [ 1150.723956][ T10] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1150.779803][ T10] cp210x 5-1:0.0: device disconnected [ 1150.804788][T14743] netlink: 24 bytes leftover after parsing attributes in process `syz.7.18430'. [ 1150.824034][T14743] netlink: 24 bytes leftover after parsing attributes in process `syz.7.18430'. [ 1152.102625][T14789] bond0: (slave macvlan2): Error -98 calling set_mac_address [ 1152.928535][ T30] audit: type=1400 audit(2000000772.778:5809): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=14818 comm="syz.4.18465" dest=20004 [ 1153.353835][ T30] audit: type=1326 audit(2000000773.208:5810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14837 comm="syz.7.18474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd5b18d169 code=0x7ffc0000 [ 1153.419197][ T30] audit: type=1326 audit(2000000773.208:5811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14837 comm="syz.7.18474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd5b18d169 code=0x7ffc0000 [ 1153.479968][ T30] audit: type=1326 audit(2000000773.218:5812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14837 comm="syz.7.18474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efd5b18d169 code=0x7ffc0000 [ 1153.576250][ T30] audit: type=1326 audit(2000000773.218:5813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14837 comm="syz.7.18474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd5b18d169 code=0x7ffc0000 [ 1153.668008][ T30] audit: type=1326 audit(2000000773.218:5814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14837 comm="syz.7.18474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd5b18d169 code=0x7ffc0000 [ 1153.729389][ T30] audit: type=1326 audit(2000000773.218:5815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14837 comm="syz.7.18474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efd5b18d169 code=0x7ffc0000 [ 1153.829178][ T30] audit: type=1326 audit(2000000773.236:5816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14837 comm="syz.7.18474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd5b18d169 code=0x7ffc0000 [ 1155.261390][ T10] usb 5-1: new high-speed USB device number 74 using dummy_hcd [ 1155.436980][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 1155.448027][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1155.464063][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1155.492423][ T10] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1155.545822][ T10] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1155.571251][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1155.595751][ T10] usb 5-1: config 0 descriptor?? [ 1156.072945][ T10] microsoft 0003:045E:07DA.0060: unknown main item tag 0x2 [ 1156.104338][ T10] microsoft 0003:045E:07DA.0060: unknown main item tag 0x0 [ 1156.127724][ T10] microsoft 0003:045E:07DA.0060: unknown main item tag 0x0 [ 1156.156649][ T10] microsoft 0003:045E:07DA.0060: unknown main item tag 0x0 [ 1156.182105][ T10] microsoft 0003:045E:07DA.0060: unknown main item tag 0x0 [ 1156.189402][ T10] microsoft 0003:045E:07DA.0060: unknown main item tag 0x0 [ 1156.221498][ T10] microsoft 0003:045E:07DA.0060: unknown main item tag 0x0 [ 1156.229188][ T10] microsoft 0003:045E:07DA.0060: unknown main item tag 0x0 [ 1156.248493][ T10] microsoft 0003:045E:07DA.0060: unknown main item tag 0x0 [ 1156.275209][ T10] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0060/input/input155 [ 1156.310980][ T10] microsoft 0003:045E:07DA.0060: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 1156.336581][ T10] usb 5-1: USB disconnect, device number 74 [ 1157.179879][T14978] syz_tun: entered promiscuous mode [ 1157.189986][T14978] syz_tun: left promiscuous mode [ 1157.453048][ T59] usb 5-1: new high-speed USB device number 75 using dummy_hcd [ 1157.637087][ T59] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1157.667306][ T59] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1157.705543][ T59] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1157.715604][ T59] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1157.741202][T14980] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 1157.797915][ T59] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 1158.023730][ T10] usb 5-1: USB disconnect, device number 75 [ 1158.522776][T15032] tap0: tun_chr_ioctl cmd 1074025677 [ 1158.528380][T15032] tap0: linktype set to 512 [ 1159.019729][ T30] kauditd_printk_skb: 7 callbacks suppressed [ 1159.019748][ T30] audit: type=1326 audit(2000000778.512:5824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15057 comm="syz.8.18569" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcff1f8d169 code=0x0 [ 1160.403343][ T30] audit: type=1400 audit(2000000779.784:5825): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object=":" requested=w pid=15094 comm="syz.8.18585" daddr=fc01::1 dest=20001 [ 1160.657701][T15111] random: crng reseeded on system resumption [ 1161.549088][T15128] netlink: 8 bytes leftover after parsing attributes in process `syz.2.18598'. [ 1161.558731][T15128] netlink: 4 bytes leftover after parsing attributes in process `syz.2.18598'. [ 1161.568280][T15128] nbd: socks must be embedded in a SOCK_ITEM attr [ 1161.800666][T15138] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 1161.831407][T15138] overlayfs: conflicting options: metacopy=off,verity=require [ 1161.975976][T15144] netlink: 4 bytes leftover after parsing attributes in process `syz.2.18606'. [ 1162.027858][T15142] sctp: [Deprecated]: syz.8.18605 (pid 15142) Use of int in max_burst socket option. [ 1162.027858][T15142] Use struct sctp_assoc_value instead [ 1162.499428][ T5911] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 1162.627007][ T10] usb 5-1: new high-speed USB device number 76 using dummy_hcd [ 1162.695194][ T5911] usb 9-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1162.704533][ T5911] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1162.719138][ T5911] usb 9-1: config 0 descriptor?? [ 1162.726462][ T5911] cp210x 9-1:0.0: cp210x converter detected [ 1162.787475][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 1162.799777][ T10] usb 5-1: config 0 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1162.816988][ T10] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1162.825117][ T10] usb 5-1: New USB device found, idVendor=056a, idProduct=0094, bcdDevice= 0.00 [ 1162.834403][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1162.844879][ T10] usb 5-1: config 0 descriptor?? [ 1163.160796][ T5911] usb 9-1: cp210x converter now attached to ttyUSB0 [ 1163.293360][ T10] wacom 0003:056A:0094.0061: unknown main item tag 0x6 [ 1163.311596][ T10] wacom 0003:056A:0094.0061: Using device in hidraw-only mode [ 1163.326599][ T10] wacom 0003:056A:0094.0061: hidraw0: USB HID v3.ff Device [HID 056a:0094] on usb-dummy_hcd.4-1/input0 [ 1163.382973][ T10] usb 9-1: USB disconnect, device number 4 [ 1163.401118][ T10] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1163.417855][ T10] cp210x 9-1:0.0: device disconnected [ 1163.508588][T26798] usb 5-1: USB disconnect, device number 76 [ 1164.049856][ T30] audit: type=1326 audit(2000000783.208:5826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15196 comm="syz.6.18629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe3a98d169 code=0x7ffc0000 [ 1164.092003][ T30] audit: type=1326 audit(2000000783.208:5827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15196 comm="syz.6.18629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe3a98d169 code=0x7ffc0000 [ 1164.115179][ T30] audit: type=1326 audit(2000000783.245:5828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15196 comm="syz.6.18629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fbe3a98d169 code=0x7ffc0000 [ 1164.183993][ T30] audit: type=1326 audit(2000000783.245:5829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15196 comm="syz.6.18629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe3a98d169 code=0x7ffc0000 [ 1164.207131][ T30] audit: type=1326 audit(2000000783.245:5830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15196 comm="syz.6.18629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe3a98d169 code=0x7ffc0000 [ 1164.318364][T15208] netlink: 12 bytes leftover after parsing attributes in process `syz.8.18633'. [ 1164.319356][ T30] audit: type=1326 audit(2000000783.245:5831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15196 comm="syz.6.18629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7fbe3a98d169 code=0x7ffc0000 [ 1164.354126][T15208] netlink: 12 bytes leftover after parsing attributes in process `syz.8.18633'. [ 1164.393014][ T30] audit: type=1326 audit(2000000783.320:5832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15196 comm="syz.6.18629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe3a98d169 code=0x7ffc0000 [ 1164.407027][T15208] bridge0: port 3(vlan2) entered blocking state [ 1164.439133][T15208] bridge0: port 3(vlan2) entered disabled state [ 1164.454435][T15208] vlan2: entered allmulticast mode [ 1164.457070][ T30] audit: type=1326 audit(2000000783.320:5833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15196 comm="syz.6.18629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe3a98d169 code=0x7ffc0000 [ 1164.485520][T15208] vlan2: left allmulticast mode [ 1164.651597][T15220] sit0: left promiscuous mode [ 1164.661348][T15220] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check. [ 1165.950899][ T30] audit: type=1326 audit(2000000784.985:5834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15275 comm="syz.7.18665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd5b18d169 code=0x7ffc0000 [ 1165.995389][ T30] audit: type=1326 audit(2000000784.985:5835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15275 comm="syz.7.18665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7efd5b18d169 code=0x7ffc0000 [ 1166.050174][ T30] audit: type=1326 audit(2000000784.985:5836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15275 comm="syz.7.18665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd5b18d169 code=0x7ffc0000 [ 1166.090091][ T30] audit: type=1326 audit(2000000784.985:5837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15275 comm="syz.7.18665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd5b18d169 code=0x7ffc0000 [ 1166.129044][ T30] audit: type=1326 audit(2000000784.985:5838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15275 comm="syz.7.18665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7efd5b18d169 code=0x7ffc0000 [ 1166.198672][ T30] audit: type=1326 audit(2000000784.985:5839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15275 comm="syz.7.18665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd5b18d169 code=0x7ffc0000 [ 1166.220688][ T30] audit: type=1326 audit(2000000784.985:5840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15275 comm="syz.7.18665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd5b18d169 code=0x7ffc0000 [ 1166.248446][ T30] audit: type=1326 audit(2000000784.985:5841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15275 comm="syz.7.18665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7efd5b18d169 code=0x7ffc0000 [ 1167.124498][T15312] veth1_macvtap: left promiscuous mode [ 1168.380748][T15355] netlink: 12 bytes leftover after parsing attributes in process `syz.8.18703'. [ 1170.187895][T15421] netlink: 'syz.8.18732': attribute type 25 has an invalid length. [ 1170.233387][T15421] netlink: 20 bytes leftover after parsing attributes in process `syz.8.18732'. [ 1171.160174][T15468] bridge: RTM_NEWNEIGH with invalid state 0x4 [ 1171.223715][T15472] netlink: 'syz.8.18755': attribute type 18 has an invalid length. [ 1171.243289][T15472] netdevsim netdevsim8 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1171.252727][T15472] netdevsim netdevsim8 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1171.262850][T15472] netdevsim netdevsim8 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1171.271714][T15472] netdevsim netdevsim8 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1171.771396][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 1171.771416][ T30] audit: type=1400 audit(2000000790.438:5848): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object=":" requested=w pid=15497 comm="syz.2.18768" daddr=2001::2 dest=20002 [ 1172.708487][T26798] usb 5-1: new high-speed USB device number 77 using dummy_hcd [ 1172.816386][T15535] tipc: New replicast peer: 255.255.255.255 [ 1172.838441][T15535] tipc: Enabled bearer , priority 11 [ 1172.890069][T26798] usb 5-1: Using ep0 maxpacket: 16 [ 1172.908729][T26798] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1172.955374][T26798] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1172.978917][T26798] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1173.003640][T26798] usb 5-1: Product: syz [ 1173.019157][T26798] usb 5-1: Manufacturer: syz [ 1173.024033][T26798] usb 5-1: SerialNumber: syz [ 1173.036152][T26798] usb 5-1: config 0 descriptor?? [ 1173.059102][T26798] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 1173.079457][T26798] usb 5-1: Detected FT232R [ 1173.087806][T15545] netlink: 8 bytes leftover after parsing attributes in process `syz.8.18789'. [ 1173.115571][T15545] netlink: 4 bytes leftover after parsing attributes in process `syz.8.18789'. [ 1173.289027][T26798] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 1173.524374][T26798] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1173.596699][ T10] usb 3-1: new high-speed USB device number 76 using dummy_hcd [ 1173.749598][T11354] usb 5-1: USB disconnect, device number 77 [ 1173.756231][ T10] usb 3-1: Using ep0 maxpacket: 32 [ 1173.764640][ T10] usb 3-1: config 0 has an invalid interface number: 12 but max is 0 [ 1173.773333][ T10] usb 3-1: config 0 has no interface number 0 [ 1173.780083][T11354] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1173.790872][ T10] usb 3-1: config 0 interface 12 has no altsetting 0 [ 1173.797900][T11354] ftdi_sio 5-1:0.0: device disconnected [ 1173.805542][ T10] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 1173.818552][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1173.827023][ T10] usb 3-1: Product: syz [ 1173.831973][ T10] usb 3-1: Manufacturer: syz [ 1173.836608][ T10] usb 3-1: SerialNumber: syz [ 1173.844617][ T10] usb 3-1: config 0 descriptor?? [ 1174.038649][T11354] tipc: Node number set to 16416 [ 1174.725984][ T10] f81534 3-1:0.12: f81534_set_register: reg: 1002 data: 0 failed: -71 [ 1174.755210][ T10] f81534 3-1:0.12: f81534_find_config_idx: read failed: -71 [ 1174.771634][ T10] f81534 3-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 1174.798138][ T10] f81534 3-1:0.12: probe with driver f81534 failed with error -71 [ 1174.831850][ T10] usb 3-1: USB disconnect, device number 76 [ 1175.552092][ T30] audit: type=1326 audit(2000000793.965:5849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15607 comm="syz.8.18819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcff1f8d169 code=0x7ffc0000 [ 1175.645980][ T30] audit: type=1326 audit(2000000793.965:5850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15607 comm="syz.8.18819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcff1f8d169 code=0x7ffc0000 [ 1175.715389][ T30] audit: type=1326 audit(2000000794.012:5851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15607 comm="syz.8.18819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fcff1f8d169 code=0x7ffc0000 [ 1175.775707][ T30] audit: type=1326 audit(2000000794.012:5852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15607 comm="syz.8.18819" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcff1f8d169 code=0x0 [ 1175.903844][T15621] netlink: 28 bytes leftover after parsing attributes in process `syz.7.18824'. [ 1176.333431][T15640] netlink: 1036 bytes leftover after parsing attributes in process `syz.7.18834'. [ 1176.342742][T15640] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 1176.862451][T15661] netlink: 104 bytes leftover after parsing attributes in process `syz.8.18844'. [ 1177.504047][T15685] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 1178.158551][T15720] batman_adv: batadv0: Adding interface: dummy0 [ 1178.165107][T15720] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1178.191349][T15720] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 1178.327537][ T10] kernel read not supported for file /dsp (pid: 10 comm: kworker/0:1) [ 1178.839108][T15738] overlay: Unknown parameter '/' [ 1179.352074][T15752] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1179.396936][ T64] Bluetooth: hci3: Frame reassembly failed (-84) [ 1179.832334][T15772] netlink: 12 bytes leftover after parsing attributes in process `syz.2.18892'. [ 1180.890005][ T30] audit: type=1400 audit(2000000798.969:5853): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object=":" requested=w pid=15798 comm="syz.7.18903" daddr=fc01::1 dest=20003 [ 1181.058465][ T30] audit: type=1400 audit(2000000799.109:5854): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=15804 comm="syz.7.18906" daddr=::ffff:172.30.1.8 dest=1 [ 1181.485480][ T7261] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 1182.027342][T15831] netlink: 24 bytes leftover after parsing attributes in process `syz.4.18918'. [ 1182.212260][T11355] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 1182.391943][T11355] usb 9-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1182.415815][T11355] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1182.423858][T11355] usb 9-1: Product: syz [ 1182.447361][T11355] usb 9-1: Manufacturer: syz [ 1182.452111][T11355] usb 9-1: SerialNumber: syz [ 1182.468541][T11355] usb 9-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1182.605941][ T10] usb 9-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1183.151550][T11354] kernel write not supported for file /snd/seq (pid: 11354 comm: kworker/0:0) [ 1183.328518][T11354] usb 9-1: USB disconnect, device number 5 [ 1183.547672][T15878] random: crng reseeded on system resumption [ 1183.963297][T15887] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1183.976161][ T10] usb 9-1: Service connection timeout for: 256 [ 1183.982367][ T10] ath9k_htc 9-1:1.0: ath9k_htc: Unable to initialize HTC services [ 1184.000295][ T10] ath9k_htc: Failed to initialize the device [ 1184.006386][T11354] usb 9-1: ath9k_htc: USB layer deinitialized [ 1184.020460][T15887] bond2: entered promiscuous mode [ 1184.026158][T15887] bond0: (slave bond2): Enslaving as an active interface with an up link [ 1185.152836][T15947] netlink: 88 bytes leftover after parsing attributes in process `syz.4.18971'. [ 1185.186061][T15947] netlink: 16 bytes leftover after parsing attributes in process `syz.4.18971'. [ 1185.392405][T15960] netlink: 48 bytes leftover after parsing attributes in process `syz.7.18976'. [ 1185.593497][T15965] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1185.666351][T15965] bond0: (slave bond1): Enslaving as an active interface with an up link [ 1185.871619][T15980] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 1186.203936][T15994] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1186.841469][ T5911] usb 3-1: new high-speed USB device number 77 using dummy_hcd [ 1187.025451][ T5911] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1187.053869][ T5911] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1187.087408][ T5911] usb 3-1: New USB device found, idVendor=07b5, idProduct=0312, bcdDevice= 0.00 [ 1187.107130][ T5911] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1187.131028][ T5911] usb 3-1: config 0 descriptor?? [ 1187.595427][ T5911] megaworld 0003:07B5:0312.0062: unknown main item tag 0x7 [ 1187.616029][ T5911] megaworld 0003:07B5:0312.0062: item fetching failed at offset 3/5 [ 1187.631614][ T5911] megaworld 0003:07B5:0312.0062: parse failed [ 1187.650172][ T5911] megaworld 0003:07B5:0312.0062: probe with driver megaworld failed with error -22 [ 1187.796295][T16055] UBIFS error (pid: 16055): cannot open "/dev/loop7", error -22 [ 1187.814247][ T30] audit: type=1326 audit(2000000805.442:5855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16056 comm="syz.8.19018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcff1f8d169 code=0x7ffc0000 [ 1187.839793][T26798] usb 3-1: USB disconnect, device number 77 [ 1187.943226][T16061] netlink: 8 bytes leftover after parsing attributes in process `syz.7.19020'. [ 1187.996244][ T30] audit: type=1326 audit(2000000805.442:5856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16056 comm="syz.8.19018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcff1f8d169 code=0x7ffc0000 [ 1188.049863][ T30] audit: type=1326 audit(2000000805.442:5857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16056 comm="syz.8.19018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7fcff1f8d169 code=0x7ffc0000 [ 1188.110161][ T30] audit: type=1326 audit(2000000805.442:5858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16056 comm="syz.8.19018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcff1f8d169 code=0x7ffc0000 [ 1188.151447][ T30] audit: type=1326 audit(2000000805.442:5859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16056 comm="syz.8.19018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=191 compat=0 ip=0x7fcff1f8d169 code=0x7ffc0000 [ 1188.192500][ T30] audit: type=1326 audit(2000000805.442:5860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16056 comm="syz.8.19018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcff1f8d169 code=0x7ffc0000 [ 1188.223518][ T30] audit: type=1800 audit(2000000805.667:5861): pid=16052 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.19015" name="cgroup.controllers" dev="tmpfs" ino=20210 res=0 errno=0 [ 1188.394656][T16071] netlink: 8 bytes leftover after parsing attributes in process `syz.4.19024'. [ 1188.404740][T16071] netlink: 4 bytes leftover after parsing attributes in process `syz.4.19024'. [ 1188.421299][T16071] netlink: 'syz.4.19024': attribute type 1 has an invalid length. [ 1188.429956][T16071] nbd: error processing sock list [ 1188.571177][T16078] netlink: 12 bytes leftover after parsing attributes in process `syz.2.19026'. [ 1188.661450][T16083] netlink: 24 bytes leftover after parsing attributes in process `syz.8.19029'. [ 1188.767315][T16088] random: crng reseeded on system resumption [ 1189.582603][T16122] netlink: 280 bytes leftover after parsing attributes in process `syz.4.19047'. [ 1190.612986][T16164] random: crng reseeded on system resumption [ 1191.071601][T16173] netlink: 60 bytes leftover after parsing attributes in process `syz.8.19069'. [ 1191.395430][T16183] netlink: 'syz.7.19073': attribute type 2 has an invalid length. [ 1191.404003][T16183] netlink: 'syz.7.19073': attribute type 9 has an invalid length. [ 1191.418597][T16183] netlink: 209852 bytes leftover after parsing attributes in process `syz.7.19073'. [ 1191.719289][T16192] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1191.749006][ T7261] Bluetooth: hci5: command 0x0406 tx timeout [ 1191.968126][T16203] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 1191.978700][T16203] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 1192.005065][T16203] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 1192.334347][ T30] audit: type=1326 audit(2000000809.670:5862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16211 comm="syz.2.19087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f778b58d169 code=0x7ffc0000 [ 1192.406516][ T30] audit: type=1326 audit(2000000809.670:5863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16211 comm="syz.2.19087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f778b58d169 code=0x7ffc0000 [ 1192.457010][ T30] audit: type=1326 audit(2000000809.670:5864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16211 comm="syz.2.19087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f778b58d169 code=0x7ffc0000 [ 1193.884243][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 1193.884263][ T30] audit: type=1400 audit(2000000811.120:5867): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object=":" requested=w pid=16252 comm="syz.2.19105" daddr=fc01:: dest=20002 [ 1194.111281][T16261] bond8: entered promiscuous mode [ 1194.137995][T16261] bond8: entered allmulticast mode [ 1194.166765][T16261] 8021q: adding VLAN 0 to HW filter on device bond8 [ 1194.174056][T16261] bridge2: port 1(bond8) entered blocking state [ 1194.195389][T16261] bridge2: port 1(bond8) entered disabled state [ 1194.743107][ T36] wlan0: Trigger new scan to find an IBSS to join [ 1196.260924][T16327] netlink: 8 bytes leftover after parsing attributes in process `syz.6.19139'. [ 1196.445274][T16327] netlink: 24 bytes leftover after parsing attributes in process `syz.6.19139'. [ 1198.169590][T16378] syz.6.19161 (16378): drop_caches: 2 [ 1198.770236][T16400] netdevsim netdevsim2: Direct firmware load for ./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa failed with error -2 [ 1198.805039][T16400] netdevsim netdevsim2: Falling back to sysfs fallback for: ./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 1198.917217][T16405] netlink: 4 bytes leftover after parsing attributes in process `syz.8.19175'. [ 1199.149643][ T30] audit: type=1400 audit(2000000816.050:5868): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=16413 comm="syz.7.19179" daddr=::ffff:0.0.0.0 dest=20003 [ 1199.545073][T16429] netem: change failed [ 1200.045029][ T2588] wlan0: Trigger new scan to find an IBSS to join [ 1200.274177][T16457] netlink: 'syz.2.19198': attribute type 11 has an invalid length. [ 1200.283130][T16457] netlink: 60 bytes leftover after parsing attributes in process `syz.2.19198'. [ 1200.536149][T16473] netlink: 4 bytes leftover after parsing attributes in process `syz.6.19202'. [ 1200.746657][T16483] ALSA: mixer_oss: invalid OSS volume 'P7{*;+$p' [ 1200.776049][T16483] ALSA: mixer_oss: invalid OSS volume '' [ 1200.793080][T16483] ALSA: mixer_oss: invalid OSS volume 'b$Kf7?]3sX' [ 1200.817405][T16483] ALSA: mixer_oss: invalid OSS volume 'K׍?Fg' [ 1200.836478][T16483] ALSA: mixer_oss: invalid OSS volume '.L!t8yW+$NJs' [ 1201.052613][ T3555] wlan0: Creating new IBSS network, BSSID b2:1b:b9:a3:d8:e5 [ 1201.650295][ T30] audit: type=1326 audit(2000000818.388:5869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16515 comm="syz.7.19220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd5b18d169 code=0x7ffc0000 [ 1201.672862][ T30] audit: type=1326 audit(2000000818.388:5870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16515 comm="syz.7.19220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd5b18d169 code=0x7ffc0000 [ 1201.730128][ T30] audit: type=1326 audit(2000000818.416:5871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16515 comm="syz.7.19220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efd5b18d169 code=0x7ffc0000 [ 1201.793939][ T30] audit: type=1326 audit(2000000818.425:5872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16515 comm="syz.7.19220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd5b18d169 code=0x7ffc0000 [ 1201.868690][ T30] audit: type=1326 audit(2000000818.425:5873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16515 comm="syz.7.19220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd5b18d169 code=0x7ffc0000 [ 1201.941658][ T30] audit: type=1326 audit(2000000818.425:5874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16515 comm="syz.7.19220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efd5b18d169 code=0x7ffc0000 [ 1202.012090][ T30] audit: type=1326 audit(2000000818.435:5875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16515 comm="syz.7.19220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd5b18d169 code=0x7ffc0000 [ 1202.101215][ T30] audit: type=1326 audit(2000000818.435:5876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16515 comm="syz.7.19220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7efd5b184127 code=0x7ffc0000 [ 1202.141942][ T30] audit: type=1326 audit(2000000818.435:5877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16515 comm="syz.7.19220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efd5b129359 code=0x7ffc0000 [ 1202.188862][ T30] audit: type=1326 audit(2000000818.435:5878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16515 comm="syz.7.19220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7efd5b18d169 code=0x7ffc0000 [ 1202.529142][T16538] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1202.581458][T16540] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1202.778270][T16538] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1202.953877][T16538] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1202.985748][T16565] Bluetooth: MGMT ver 1.23 [ 1203.125018][T16538] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1203.165690][T16570] netlink: 'syz.4.19245': attribute type 21 has an invalid length. [ 1203.180103][T16570] netlink: 8 bytes leftover after parsing attributes in process `syz.4.19245'. [ 1203.350395][T16538] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1203.388535][T16538] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1203.439378][T16538] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1203.453522][T16583] netlink: 'syz.4.19251': attribute type 1 has an invalid length. [ 1203.463135][T16538] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1203.486216][T16583] netlink: 224 bytes leftover after parsing attributes in process `syz.4.19251'. [ 1203.842844][T16594] kvm: kvm [16593]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x4000002a) = 0x4 [ 1204.061287][T16602] can0: slcan on ttyS3. [ 1204.128965][T16602] can0 (unregistered): slcan off ttyS3. [ 1204.145068][T16602] Falling back ldisc for ttyS3. [ 1205.020675][T16631] trusted_key: syz.2.19273 sent an empty control message without MSG_MORE. [ 1205.995490][T16658] netlink: 'syz.4.19285': attribute type 1 has an invalid length. [ 1206.014880][T16658] netlink: 4 bytes leftover after parsing attributes in process `syz.4.19285'. [ 1207.402340][T16701] loop6: detected capacity change from 0 to 524287999 [ 1207.446401][ C0] blk_print_req_error: 6 callbacks suppressed [ 1207.446424][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1207.461765][ C0] buffer_io_error: 6 callbacks suppressed [ 1207.461781][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1207.496996][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1207.506242][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1207.515910][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1207.525116][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1207.533207][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1207.542444][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1207.557344][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1207.566602][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1207.577567][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1207.586771][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1207.594909][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1207.604144][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1207.612431][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1207.621642][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1207.629720][T16701] ldm_validate_partition_table(): Disk read failed. [ 1207.636903][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1207.646133][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1207.654537][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1207.663748][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1207.730797][T16701] Dev loop6: unable to read RDB block 0 [ 1207.740933][T16701] loop6: unable to read partition table [ 1207.750564][T16701] loop_reread_partitions: partition scan of loop6 (3 xC) failed (rc=-5) [ 1208.507677][T16722] bond0: entered promiscuous mode [ 1208.522247][T16722] bond_slave_0: entered promiscuous mode [ 1208.528921][T16722] bond_slave_1: entered promiscuous mode [ 1208.536619][T16722] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 1208.545086][T16722] bridge_slave_1: entered promiscuous mode [ 1208.579618][T16722] team0: entered promiscuous mode [ 1208.590330][T16722] team_slave_0: entered promiscuous mode [ 1208.608268][T16722] team_slave_1: entered promiscuous mode [ 1208.656332][T16722] bond0: left promiscuous mode [ 1208.668232][T16722] bond_slave_0: left promiscuous mode [ 1208.688472][T16722] bond_slave_1: left promiscuous mode [ 1208.709117][T16722] netdevsim netdevsim2 netdevsim0: left promiscuous mode [ 1208.732166][T16722] bridge_slave_1: left promiscuous mode [ 1208.752538][T16722] team0: left promiscuous mode [ 1208.771416][T16722] team_slave_0: left promiscuous mode [ 1208.786634][T16722] team_slave_1: left promiscuous mode [ 1209.485547][T16746] netlink: 8 bytes leftover after parsing attributes in process `syz.7.19322'. [ 1209.576980][T16649] Set syz1 is full, maxelem 65536 reached [ 1209.774371][T16756] netlink: 40 bytes leftover after parsing attributes in process `syz.6.19326'. [ 1209.943807][T16764] netlink: 'syz.7.19331': attribute type 1 has an invalid length. [ 1209.967664][T16764] netlink: 134708 bytes leftover after parsing attributes in process `syz.7.19331'. [ 1210.093642][T16768] sch_fq: defrate 2 ignored. [ 1210.920052][T16805] cgroup: fork rejected by pids controller in /syz2 [ 1211.432084][T16824] program syz.4.19355 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1211.489315][ T30] kauditd_printk_skb: 22 callbacks suppressed [ 1211.489335][ T30] audit: type=1400 audit(2000000827.592:5901): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=16822 comm="syz.7.19357" [ 1212.645032][ T7261] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1212.661525][ T7261] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1212.672466][ T7261] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1212.681467][ T7261] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1212.689093][ T7261] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1212.699491][ T7261] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1212.705486][T16860] netlink: 12 bytes leftover after parsing attributes in process `syz.6.19373'. [ 1213.036523][T16856] chnl_net:caif_netlink_parms(): no params data found [ 1213.168405][T16856] bridge0: port 1(bridge_slave_0) entered blocking state [ 1213.186907][T16856] bridge0: port 1(bridge_slave_0) entered disabled state [ 1213.207396][T16856] bridge_slave_0: entered allmulticast mode [ 1213.225152][T16856] bridge_slave_0: entered promiscuous mode [ 1213.245974][T16856] bridge0: port 2(bridge_slave_1) entered blocking state [ 1213.255760][T16856] bridge0: port 2(bridge_slave_1) entered disabled state [ 1213.266808][T16856] bridge_slave_1: entered allmulticast mode [ 1213.278200][T16856] bridge_slave_1: entered promiscuous mode [ 1213.303941][ T5878] kernel read not supported for file /dsp1 (pid: 5878 comm: kworker/0:4) [ 1213.390958][T16856] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1213.454848][T16856] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1213.576341][T16856] team0: Port device team_slave_0 added [ 1213.603149][T16856] team0: Port device team_slave_1 added [ 1213.671697][T16856] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1213.687511][T16856] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1213.721592][T16856] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1213.823768][T16856] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1213.830875][T16856] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1213.860197][T16856] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1213.950526][T16856] hsr_slave_0: entered promiscuous mode [ 1213.964459][T16856] hsr_slave_1: entered promiscuous mode [ 1213.979035][T16856] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1213.995242][T16856] Cannot create hsr debugfs directory [ 1214.241944][T26798] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 1214.401706][T26798] usb 9-1: Using ep0 maxpacket: 16 [ 1214.431025][T26798] usb 9-1: config 0 has an invalid interface number: 214 but max is 0 [ 1214.447119][T26798] usb 9-1: config 0 has no interface number 0 [ 1214.476492][T26798] usb 9-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64 [ 1214.500398][T26798] usb 9-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 1214.515518][T26798] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1214.547494][T26798] usb 9-1: Product: syz [ 1214.561912][T26798] usb 9-1: Manufacturer: syz [ 1214.566559][T26798] usb 9-1: SerialNumber: syz [ 1214.586257][T26798] usb 9-1: config 0 descriptor?? [ 1214.630723][T16856] bond0: (slave netdevsim0): Releasing backup interface [ 1214.897166][T16856] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1214.925565][ T5839] Bluetooth: hci2: command tx timeout [ 1214.946924][T16856] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1214.960191][T16856] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1214.978242][T16856] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1215.077435][T16856] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1215.104981][T16856] 8021q: adding VLAN 0 to HW filter on device team0 [ 1215.117266][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 1215.124438][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1215.151696][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 1215.158967][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1215.266475][T26798] input: syz syz as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.214/input/input158 [ 1215.519308][T26798] usb 9-1: USB disconnect, device number 6 [ 1215.589413][T16856] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1215.694092][T16856] veth0_vlan: entered promiscuous mode [ 1215.732086][T16856] veth1_vlan: entered promiscuous mode [ 1215.825469][T16856] veth0_macvtap: entered promiscuous mode [ 1215.923518][T16856] veth1_macvtap: entered promiscuous mode [ 1215.954774][T16856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1215.985190][T16856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1216.005324][T16856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1216.015992][T16856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1216.025861][T16856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1216.060690][T16856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1216.081203][T16856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1216.106297][T16856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1216.129859][T16856] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1216.167275][T16856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1216.206208][T16856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1216.228245][T16856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1216.240401][T16856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1216.286887][T16856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1216.310203][T16856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1216.324715][T16856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1216.345280][T16856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1216.396636][T16856] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1216.431557][T16856] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1216.454028][T16856] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1216.478244][T16856] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1216.498629][T16968] netlink: 8 bytes leftover after parsing attributes in process `syz.8.19419'. [ 1216.517198][T16856] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1216.768187][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1216.785737][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1216.816831][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1216.895250][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1217.166837][ T5839] Bluetooth: hci2: command tx timeout [ 1217.367513][T16983] netlink: 28 bytes leftover after parsing attributes in process `syz.2.19363'. [ 1217.389573][T16983] netlink: 28 bytes leftover after parsing attributes in process `syz.2.19363'. [ 1217.415806][T16983] gretap0: entered promiscuous mode [ 1217.439726][T16983] batadv_slave_1: entered promiscuous mode [ 1217.462259][T16983] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 1217.479233][T16983] Cannot create hsr debugfs directory [ 1217.613602][T16992] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1217.952103][T17007] [U] [ 1218.435011][T17029] IPv6: Can't replace route, no match found [ 1219.124448][ T10] kernel write not supported for file /bluetooth/6lowpan_control (pid: 10 comm: kworker/0:1) [ 1219.372950][ T5839] Bluetooth: hci2: command tx timeout [ 1219.421546][ T30] audit: type=1400 audit(2000000835.010:5902): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=17068 comm="syz.4.19460" daddr=::ffff:172.20.20.187 dest=20003 [ 1220.195426][ T30] audit: type=1400 audit(2000000835.730:5903): lsm=SMACK fn=smack_inode_permission action=denied subject="w" object="_" requested=wx pid=17101 comm="syz.4.19474" name="4124" dev="tmpfs" ino=20772 [ 1220.789140][T17131] sch_fq: defrate 13850 ignored. [ 1221.596508][ T5839] Bluetooth: hci2: command tx timeout [ 1222.334382][T26798] usb 9-1: new high-speed USB device number 7 using dummy_hcd [ 1222.419584][ T10] usb 3-1: new full-speed USB device number 78 using dummy_hcd [ 1222.515949][T26798] usb 9-1: Using ep0 maxpacket: 16 [ 1222.540363][T26798] usb 9-1: config 252 has an invalid interface number: 15 but max is 0 [ 1222.550012][T26798] usb 9-1: config 252 has no interface number 0 [ 1222.571649][T26798] usb 9-1: config 252 interface 15 altsetting 0 endpoint 0x83 has invalid maxpacket 55032, setting to 1024 [ 1222.597025][ T10] usb 3-1: not running at top speed; connect to a high speed hub [ 1222.608575][T26798] usb 9-1: config 252 interface 15 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 1222.625085][ T10] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 38273, setting to 64 [ 1222.653277][ T10] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1222.657328][T26798] usb 9-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=2b.29 [ 1222.688831][ T10] usb 3-1: New USB device found, idVendor=16c0, idProduct=75e1, bcdDevice= 0.40 [ 1222.699160][T26798] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1222.707187][T26798] usb 9-1: Product: syz [ 1222.719018][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1222.731213][ T10] usb 3-1: Product: syz [ 1222.735414][ T10] usb 3-1: Manufacturer: syz [ 1222.740048][ T10] usb 3-1: SerialNumber: syz [ 1222.748749][T26798] usb 9-1: Manufacturer: syz [ 1222.764427][T26798] usb 9-1: SerialNumber: syz [ 1222.792138][T17173] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 1222.793896][T17175] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1222.843517][T26798] usb 9-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 1222.942522][T17195] ================================================================== [ 1222.950648][T17195] BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x1ad6/0x5ca0 [ 1222.959271][T17195] Write of size 3840 at addr ffffc90004e81000 by task vivid-000-vid-c/17195 [ 1222.967979][T17195] [ 1222.970333][T17195] CPU: 1 UID: 0 PID: 17195 Comm: vivid-000-vid-c Not tainted 6.14.0-rc6-syzkaller-00244-g31d7109a19f6 #0 [ 1222.970362][T17195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1222.970377][T17195] Call Trace: [ 1222.970385][T17195] [ 1222.970394][T17195] dump_stack_lvl+0x241/0x360 [ 1222.970419][T17195] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1222.970438][T17195] ? __pfx__printk+0x10/0x10 [ 1222.970467][T17195] ? _printk+0xd5/0x120 [ 1222.970507][T17195] print_report+0x16e/0x5b0 [ 1222.970540][T17195] ? __virt_addr_valid+0xbd/0x530 [ 1222.970571][T17195] ? tpg_fill_plane_buffer+0x1ad6/0x5ca0 [ 1222.970593][T17195] kasan_report+0x143/0x180 [ 1222.970621][T17195] ? tpg_fill_plane_buffer+0x1ad6/0x5ca0 [ 1222.970648][T17195] kasan_check_range+0x282/0x290 [ 1222.970681][T17195] ? tpg_fill_plane_buffer+0x1ad6/0x5ca0 [ 1222.970703][T17195] __asan_memcpy+0x40/0x70 [ 1222.970726][T17195] tpg_fill_plane_buffer+0x1ad6/0x5ca0 [ 1222.970778][T17195] vivid_thread_vid_cap_tick+0xfbc/0x6090 [ 1222.970805][T17195] ? mark_lock+0x9a/0x360 [ 1222.970861][T17195] ? __pfx_vivid_thread_vid_cap_tick+0x10/0x10 [ 1222.970894][T17195] ? _raw_spin_unlock_irq+0x23/0x50 [ 1222.970918][T17195] ? lockdep_hardirqs_on+0x99/0x150 [ 1222.970949][T17195] vivid_thread_vid_cap+0x8aa/0xf30 [ 1222.970989][T17195] ? __pfx_vivid_thread_vid_cap+0x10/0x10 [ 1222.971013][T17195] kthread+0x7a9/0x920 [ 1222.971038][T17195] ? __pfx_kthread+0x10/0x10 [ 1222.971066][T17195] ? __pfx_vivid_thread_vid_cap+0x10/0x10 [ 1222.971089][T17195] ? __pfx_kthread+0x10/0x10 [ 1222.971118][T17195] ? __pfx_kthread+0x10/0x10 [ 1222.971149][T17195] ? __pfx_kthread+0x10/0x10 [ 1222.971175][T17195] ? _raw_spin_unlock_irq+0x23/0x50 [ 1222.971198][T17195] ? lockdep_hardirqs_on+0x99/0x150 [ 1222.971222][T17195] ? __pfx_kthread+0x10/0x10 [ 1222.971250][T17195] ret_from_fork+0x4b/0x80 [ 1222.971276][T17195] ? __pfx_kthread+0x10/0x10 [ 1222.971305][T17195] ret_from_fork_asm+0x1a/0x30 [ 1222.971333][T17195] [ 1222.971340][T17195] [ 1223.062712][ T10] usbhid 3-1:1.0: can't add hid device: -71 [ 1223.063030][T17195] The buggy address belongs to the virtual mapping at [ 1223.063030][T17195] [ffffc90004e45000, ffffc90004e82000) created by: [ 1223.063030][T17195] vb2_vmalloc_alloc+0xf2/0x340 [ 1223.070520][ T10] usbhid 3-1:1.0: probe with driver usbhid failed with error -71 [ 1223.073077][T17195] [ 1223.073086][T17195] Memory state around the buggy address: [ 1223.073100][T17195] ffffc90004e80f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1223.073115][T17195] ffffc90004e80f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1223.073130][T17195] >ffffc90004e81000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 1223.073142][T17195] ^ [ 1223.073153][T17195] ffffc90004e81080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 1223.073168][T17195] ffffc90004e81100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 1223.073180][T17195] ================================================================== [ 1223.219366][T17195] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1223.219387][T17195] CPU: 1 UID: 0 PID: 17195 Comm: vivid-000-vid-c Not tainted 6.14.0-rc6-syzkaller-00244-g31d7109a19f6 #0 [ 1223.219415][T17195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1223.219431][T17195] Call Trace: [ 1223.219440][T17195] [ 1223.219451][T17195] dump_stack_lvl+0x241/0x360 [ 1223.219489][T17195] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1223.219512][T17195] ? __pfx__printk+0x10/0x10 [ 1223.219544][T17195] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1223.219582][T17195] ? vscnprintf+0x5d/0x90 [ 1223.219611][T17195] panic+0x349/0x880 [ 1223.219645][T17195] ? check_panic_on_warn+0x21/0xb0 [ 1223.219679][T17195] ? __pfx_panic+0x10/0x10 [ 1223.219718][T17195] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 1223.219749][T17195] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1223.219783][T17195] check_panic_on_warn+0x86/0xb0 [ 1223.219821][T17195] ? tpg_fill_plane_buffer+0x1ad6/0x5ca0 [ 1223.219847][T17195] end_report+0x77/0x160 [ 1223.219882][T17195] kasan_report+0x154/0x180 [ 1223.219917][T17195] ? tpg_fill_plane_buffer+0x1ad6/0x5ca0 [ 1223.219948][T17195] kasan_check_range+0x282/0x290 [ 1223.219983][T17195] ? tpg_fill_plane_buffer+0x1ad6/0x5ca0 [ 1223.220009][T17195] __asan_memcpy+0x40/0x70 [ 1223.220039][T17195] tpg_fill_plane_buffer+0x1ad6/0x5ca0 [ 1223.220104][T17195] vivid_thread_vid_cap_tick+0xfbc/0x6090 [ 1223.220134][T17195] ? mark_lock+0x9a/0x360 [ 1223.220197][T17195] ? __pfx_vivid_thread_vid_cap_tick+0x10/0x10 [ 1223.220238][T17195] ? _raw_spin_unlock_irq+0x23/0x50 [ 1223.220266][T17195] ? lockdep_hardirqs_on+0x99/0x150 [ 1223.220305][T17195] vivid_thread_vid_cap+0x8aa/0xf30 [ 1223.220349][T17195] ? __pfx_vivid_thread_vid_cap+0x10/0x10 [ 1223.220380][T17195] kthread+0x7a9/0x920 [ 1223.220413][T17195] ? __pfx_kthread+0x10/0x10 [ 1223.220447][T17195] ? __pfx_vivid_thread_vid_cap+0x10/0x10 [ 1223.220482][T17195] ? __pfx_kthread+0x10/0x10 [ 1223.220514][T17195] ? __pfx_kthread+0x10/0x10 [ 1223.220549][T17195] ? __pfx_kthread+0x10/0x10 [ 1223.220580][T17195] ? _raw_spin_unlock_irq+0x23/0x50 [ 1223.220608][T17195] ? lockdep_hardirqs_on+0x99/0x150 [ 1223.220639][T17195] ? __pfx_kthread+0x10/0x10 [ 1223.220678][T17195] ret_from_fork+0x4b/0x80 [ 1223.220706][T17195] ? __pfx_kthread+0x10/0x10 [ 1223.220739][T17195] ret_from_fork_asm+0x1a/0x30 [ 1223.220774][T17195] [ 1223.223010][T17195] Kernel Offset: disabled