last executing test programs: 9.292053472s ago: executing program 1 (id=2665): creat(&(0x7f0000000000)='./bus\x00', 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r0}, 0x18) mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x9d, &(0x7f0000000300)='trans=rdma,') 8.454725713s ago: executing program 1 (id=2666): openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="05000000040000", @ANYBLOB], 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) socket$nl_xfrm(0x10, 0x3, 0x6) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x65, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x44}, [@initr0]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) socket$can_bcm(0x1d, 0x2, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$xdp(0x2c, 0x3, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) socket$can_raw(0x1d, 0x3, 0x1) pipe(&(0x7f0000000100)) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000002c00)={'ip6gretap0\x00', 0x0}) r2 = socket(0x1, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0xdc03, &(0x7f0000000000)={&(0x7f0000000580)=@newlink={0x44, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xff7f}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r3}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x44}}, 0x0) 8.209949933s ago: executing program 1 (id=2670): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYRES64=0x0, @ANYRESHEX=0x0, @ANYBLOB="800202000a000200577f0000aabb000020000e80050001"], 0x48}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udplite(0x2, 0x2, 0x88) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000480)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a50000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000280), &(0x7f0000000340)=[{0x4, 0x2, 0x6, 0x8}, {0x0, 0x1, 0xb, 0x8}, {0x0, 0x2, 0x9, 0x5}, {0x3, 0x5, 0xe, 0xa}, {0x5, 0x2, 0xf, 0x2}, {0x5, 0x5, 0x3, 0x9}], 0x10, 0xfffffffb, @void, @value}, 0x94) syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0xe, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) r7 = dup(r6) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2400) write$UHID_INPUT(r7, &(0x7f0000001040)={0x7, {"a2e3ad21ed0d52f91b5d330987f70e06d038e7ff7fc6e5539b0d47078b089b34073b68090890e0878f0e1ac6e7049b334a959b669a240d5d67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07670936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70fe98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf1a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a97370614060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69b15c9f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaab1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106d26658b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c110000a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3f3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51090840517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4e004a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6ce1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c817e9177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d543902113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafcc009fc074bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5dc4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9f07b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e3ebb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4cddd5d0fc5a752f9000", 0x1000}}, 0x1006) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) write$UHID_INPUT(r1, &(0x7f0000001040)={0xc, {"a2e3ad214fc752f91b3e090987f70e06d038e7ff7fc6e5539b3264078b089b0e083871090890e0878f0e1ac6e7049b334c959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31360d3b5d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d780231c9c99a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f068bb87af8b90fd8f08876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b281769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e51074b41bc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x7c4}}, 0x1006) fsopen(&(0x7f0000000000)='sysfs\x00', 0x0) 7.880587172s ago: executing program 4 (id=2673): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write$sysctl(0xffffffffffffffff, &(0x7f0000000000)='5\x00', 0x2) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 6.554694944s ago: executing program 0 (id=2675): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_emit_ethernet(0x0, 0x0, 0x0) socket$nl_generic(0x11, 0x3, 0x10) syz_open_dev$dri(0x0, 0x0, 0x0) r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r4 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x8914, &(0x7f0000000100)={'macsec0\x00', 0x3300}) r5 = fcntl$dupfd(r3, 0x0, r3) write$sndseq(r5, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0x0, @tick=0x2f, {}, {}, @raw32}, {0x0, 0x2, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}], 0x38) 6.25030391s ago: executing program 4 (id=2678): creat(&(0x7f0000000000)='./bus\x00', 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r0}, 0x18) mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x9d, &(0x7f0000000300)='trans=rdma,') 4.888478705s ago: executing program 4 (id=2680): openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="05000000040000", @ANYBLOB], 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) socket$nl_xfrm(0x10, 0x3, 0x6) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x65, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x44}, [@initr0]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) socket$can_bcm(0x1d, 0x2, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$xdp(0x2c, 0x3, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) socket$can_raw(0x1d, 0x3, 0x1) pipe(&(0x7f0000000100)) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000002c00)={'ip6gretap0\x00', 0x0}) r2 = socket(0x1, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0xdc03, &(0x7f0000000000)={&(0x7f0000000580)=@newlink={0x44, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xff7f}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r3}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x44}}, 0x0) 4.398344357s ago: executing program 1 (id=2682): r0 = syz_open_dev$video4linux(&(0x7f00000002c0), 0x7f, 0x100) ioctl$VIDIOC_SUBDEV_G_DV_TIMINGS(r0, 0xc0845658, &(0x7f0000000000)) 4.385071028s ago: executing program 0 (id=2683): r0 = socket$inet(0x2, 0x2, 0x1) sendmsg$inet(r0, &(0x7f0000000600)={&(0x7f0000000000)={0x2, 0x0, @dev}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000480)="96bc14585c62", 0x6}], 0x2, &(0x7f0000000780)=[@ip_retopts={{0xc}}], 0xc, 0x1000000}, 0x0) 4.295617156s ago: executing program 4 (id=2684): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf"], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r1, &(0x7f00000002c0)="be", 0x1) write$char_usb(r1, &(0x7f0000000140)='D', 0x1) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) 4.205308763s ago: executing program 0 (id=2685): pipe(&(0x7f0000000040)) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x13) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000080), 0x200000, 0x4) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000280)=[0x1], &(0x7f0000000340)=[{0x4, 0x2, 0x6, 0x8}, {0x0, 0x1, 0xb, 0x8}, {0x3, 0x5, 0xe, 0xa}, {0x5, 0x2, 0xf, 0x2}, {0x5, 0x5, 0x3, 0x9}], 0x10, 0xfffffffb, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000006900000000000001000000940fa7c7326ae0367600000007070000b28a4533503319"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$inet(r2, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0, 0x0, 0x0, 0x0, 0x2000000}}], 0x40001b6, 0x0) close(r3) 4.204864423s ago: executing program 1 (id=2686): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r1, &(0x7f00000002c0)="be", 0x1) write$char_usb(r1, &(0x7f0000000140)='D', 0x1) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) 3.874592542s ago: executing program 3 (id=2687): r0 = socket$inet6(0xa, 0x80803, 0x83) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@private1, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xff}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@mcast2, 0x0, 0x32}, 0x0, @in=@multicast1}}, 0xe8) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) socket$inet_smc(0x2b, 0x1, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x34324152}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) bind$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) close(0xffffffffffffffff) close(r3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000280)={'veth1_macvtap\x00', @multicast}) fsmount(0xffffffffffffffff, 0x0, 0x80) 3.733172033s ago: executing program 3 (id=2689): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000040)=0x1df67, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000002004000b7080000000000007b8af8ff00000000b7080000000200007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7020000080000001823", @ANYBLOB="0000000000000000b70500000800000085000000a50000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x7fff, 0x6}, 0x10, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000340)=[{0x0, 0x3, 0xa, 0xb}, {0x2, 0x2, 0xf, 0x7}, {0x5, 0x2, 0x13, 0x2}, {0x5, 0x1, 0x5, 0x9}], 0x10, 0x35, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = syz_clone(0x800c000, &(0x7f0000001480), 0x0, 0x0, 0x0, 0x0) kcmp(r1, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socket$nl_route(0x10, 0x3, 0x0) r6 = syz_io_uring_setup(0x10d, &(0x7f0000000500)={0x0, 0x40000, 0x0, 0xfffffffc, 0x356}, &(0x7f0000000380)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r5, &(0x7f00000004c0)}) creat(&(0x7f0000000040)='./file0\x00', 0x0) r9 = socket(0x2000000015, 0x80005, 0x0) sendto$inet6(r9, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0xd0}}, 0x1c) recvfrom$inet6(r9, 0x0, 0x0, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @private2}, 0x20000000) io_uring_enter(r6, 0x3f70, 0x0, 0x0, 0x0, 0x0) 3.696516897s ago: executing program 2 (id=2690): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x8, 0x0) setreuid(0xee01, 0xee01) sendfile(r0, r1, 0x0, 0xc0) r2 = socket$tipc(0x1e, 0x5, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(gcm_base(ctr(aes-aesni),ghash-generic))\x00'}, 0x58) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10) r5 = socket$igmp(0x2, 0x3, 0x2) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000001800)) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8b15, &(0x7f0000000500)={'wlan1\x00'}) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="042fff01ffffffffffff000930d6af01000ce95cb818cb6ffeb76514c8cad808de66ff2038c048ff88762dd734ffc1043309fcf8dfc29482cc111e0edd0920fd962468bf30f56dec781a1c97b0cda066556d7d683095646fc367d0304d80a6d41c8f5a157d7dca343cffadbf0d33855558262f3dc47015a337d9a0caf4bfc89a3f8b451b7a31bbe2eb706868407cbe814cc03bc5eed57e93b64db933b0bccbad7cdfd47f8563cddfb44edb94b6f242e6eb1bac4e4fef4cc7f412b200ab7e3b814045de5e8b7ee9fe8228dd31ca29601d1ecc0b3d7461e51c75a633cddee5c3ff8fc62e31ae5799bf46bf7fc3c1211729698917bed5e47dff1e76c3fa5476133332a4793643d2c031faf23348e7"], 0x102) ioctl$FITRIM(r3, 0xc0185879, &(0x7f0000000240)={0x4, 0x45, 0x7ff}) bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(serpent)\x00'}, 0x58) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$SIOCSIFHWADDR(r6, 0x8924, &(0x7f0000000080)={'batadv0\x00', @remote}) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x7, 0x0, 0xfffd}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x84, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x5c, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_SYNPROXY_WSCALE={0x5}]}}}, {0x38, 0x1, 0x0, 0x1, @rt={{0x7}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_RT_DREG={0x8, 0x1, 0x1, 0x0, 0x13}, @NFTA_RT_DREG={0x8, 0x1, 0x1, 0x0, 0x16}, @NFTA_RT_KEY={0x8}, @NFTA_RT_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_RT_DREG={0x8, 0x1, 0x1, 0x0, 0xe}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xf8}}, 0x40000) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f00000000c0)={'ip6_vti0\x00', 0x1}) writev(r6, &(0x7f0000000100)=[{&(0x7f0000000a40)="2e9b3d0007", 0x5}, {&(0x7f0000000040)="cc4003cdda2e24d2eba460774356090c59ed767600", 0x15}], 0x2) r8 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) setsockopt$netrom_NETROM_T2(r8, 0x103, 0x2, &(0x7f0000000040), 0x4) arch_prctl$ARCH_SET_CPUID(0x1012, 0x1) sendmsg$tipc(r2, &(0x7f0000000400)={&(0x7f0000000000)=@id, 0x10, &(0x7f0000000380)=[{&(0x7f0000000040)="cf", 0x1}], 0x1}, 0x8051) 2.447997123s ago: executing program 2 (id=2691): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r0, 0x890b, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write$sysctl(0xffffffffffffffff, &(0x7f0000000000)='2\x00', 0x2) bind$bt_hci(r1, 0x0, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xd) 2.392984527s ago: executing program 3 (id=2692): creat(&(0x7f0000000000)='./bus\x00', 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r0}, 0x18) mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x9d, &(0x7f0000000300)='trans=rdma,') 2.211246212s ago: executing program 2 (id=2693): setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x8001000000000000, 0x40, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0xb) r1 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) ioctl$NBD_DO_IT(r1, 0xab03) ioctl$NBD_CLEAR_SOCK(r0, 0xab04) pread64(r1, &(0x7f0000000240)=""/70, 0x46, 0x52c) 2.183878565s ago: executing program 3 (id=2694): syz_emit_ethernet(0x82, &(0x7f0000000000)={@broadcast, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x74, 0x68, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x16, 0x4, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x11, 0x0, @local, @rand_addr, {[@lsrr={0x83, 0x3, 0x7e}, @rr={0x7, 0x3, 0xdd}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x0, [{@rand_addr=0x64010184}, {@private}, {@local}, {@multicast2}, {@private}, {@dev}, {@private}]}]}}}}}}}, 0x0) 2.023350158s ago: executing program 3 (id=2695): openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="05000000040000", @ANYBLOB], 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) socket$nl_xfrm(0x10, 0x3, 0x6) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x65, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x44}, [@initr0]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) socket$can_bcm(0x1d, 0x2, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$xdp(0x2c, 0x3, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) socket$can_raw(0x1d, 0x3, 0x1) pipe(&(0x7f0000000100)) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000002c00)={'ip6gretap0\x00', 0x0}) r2 = socket(0x1, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0xdc03, &(0x7f0000000000)={&(0x7f0000000580)=@newlink={0x44, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xff7f}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r3}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x44}}, 0x0) 1.724439064s ago: executing program 0 (id=2696): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)={0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) io_submit(0x0, 0x0, 0x0) mkdir(&(0x7f0000000200)='./file0\x00', 0x189) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x10, 0x0) chdir(&(0x7f0000000180)='./file0\x00') r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x8208204) open(&(0x7f0000000780)='./bus\x00', 0x0, 0x0) 1.670531928s ago: executing program 3 (id=2697): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) r2 = syz_usbip_server_init(0x5) write$usbip_server(r2, &(0x7f0000002680)=ANY=[@ANYBLOB='\x00\x00\x00'], 0x30) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000001500)={0x0, 0x0, &(0x7f00000014c0)={&(0x7f00000013c0)={0x2, 0xb, 0xfc, 0x5, 0x2, 0x0, 0x70bd2a, 0x25dfdbfc}, 0x10}}, 0x40080) capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f0000000480)={@private2, @empty, @loopback}) r5 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r5, &(0x7f0000000380)={0x1d, r6, 0x1}, 0x18) sendmsg$NFT_BATCH(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000dc0)={{0x14}, [], {0x14}}, 0x28}}, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[], 0x7c}}, 0x0) r7 = epoll_create(0x7) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r5, &(0x7f0000000280)) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000000c0)={'wpan3\x00'}) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) sendmsg$NL802154_CMD_NEW_INTERFACE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_PHY={0x8}]}, 0x1c}}, 0x0) 1.633929761s ago: executing program 2 (id=2698): r0 = socket(0xa, 0x2, 0x0) socket(0x21, 0x3, 0x0) ioctl$FBIOGET_FSCREENINFO(0xffffffffffffffff, 0x4602, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) connect$qrtr(0xffffffffffffffff, &(0x7f0000000040), 0xc) openat$tun(0xffffffffffffff9c, 0x0, 0x402100, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8983, 0x0) bind$can_j1939(0xffffffffffffffff, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000280)={0x100000011, @multicast2, 0x0, 0x0, 'fo\x00', 0x1, 0x7, 0xfffffffe}, 0x2c) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac1414aa00000000000000001400020002000000e000000200000000000004000d0001007564703a73"], 0x54}}, 0x0) 1.163083602s ago: executing program 2 (id=2699): r0 = socket$inet6(0xa, 0x80803, 0x83) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@private1, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xff}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@mcast2, 0x0, 0x32}, 0x0, @in=@multicast1}}, 0xe8) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) socket$inet_smc(0x2b, 0x1, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x34324152}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) bind$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) close(0xffffffffffffffff) close(r3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000280)={'veth1_macvtap\x00', @multicast}) fsmount(0xffffffffffffffff, 0x0, 0x80) 1.143163373s ago: executing program 4 (id=2700): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write$sysctl(0xffffffffffffffff, &(0x7f0000000000)='5\x00', 0x2) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 1.071049569s ago: executing program 1 (id=2701): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'hsr0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = open(&(0x7f00009e1000)='./file0\x00', 0x40840, 0x0) fcntl$setlease(r4, 0x400, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x16, 0x6, &(0x7f0000000580)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xd3}, @btf_id={0x18, 0x8, 0x3, 0x0, 0x2}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r4, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r6 = epoll_create1(0x0) r7 = fcntl$dupfd(r6, 0x2, 0xffffffffffffffff) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000140)={@cgroup=r7, r5, 0x11, 0x0, r7, @void, @value}, 0x14) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) r8 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil) shmat(0x0, &(0x7f0000ffc000/0x2000)=nil, 0x4000) madvise(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x16) shmctl$SHM_LOCK(r8, 0xb) madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x15) write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r9, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r10, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) r11 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r3, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x20, r11, 0x8, 0x70bd29, 0x25dfdbfd, {}, [@WGDEVICE_A_IFINDEX={0x8, 0x1, r2}, @WGDEVICE_A_PEERS={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x24004051}, 0x4044000) r12 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r12, 0x0, 0xca, &(0x7f00000000c0)={0x0, 0x8, 0x1, 0xfffffffa, @vifc_lcl_ifindex=r2, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r2], 0x20}}, 0x0) r13 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r13, 0x89f1, &(0x7f0000000500)={'ip_vti0\x00', &(0x7f0000000480)={'syztnl0\x00', r2, 0x40, 0x40, 0x3, 0x4, {{0xb, 0x4, 0x0, 0x1, 0x2c, 0x64, 0x0, 0x4, 0x29, 0x0, @rand_addr=0x64010102, @multicast1, {[@ra={0x94, 0x4, 0x1}, @ra={0x94, 0x4, 0x1}, @ssrr={0x89, 0xf, 0x77, [@local, @local, @multicast1]}, @end]}}}}}) sendmsg$nl_route(r7, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000003e00000227bd7000fcdbdf250a2c9dbf"], 0x14}, 0x1, 0x0, 0x0, 0x40}, 0xc000) r14 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) recvfrom$netrom(r14, &(0x7f0000000100)=""/201, 0xc9, 0x10000, 0x0, 0x0) 353.1007ms ago: executing program 4 (id=2702): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) socket$nl_generic(0x11, 0x3, 0x10) socket$inet6_sctp(0xa, 0x5, 0x84) syz_open_dev$usbfs(&(0x7f0000000000), 0xd, 0x800) r3 = syz_io_uring_setup(0x117, &(0x7f0000000100), &(0x7f0000000280), &(0x7f0000000200)) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) connect(r4, &(0x7f00000004c0)=@rc={0x1f, @none, 0x8}, 0x80) io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0) 307.363604ms ago: executing program 0 (id=2703): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r0, 0x890b, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write$sysctl(0xffffffffffffffff, &(0x7f0000000000)='2\x00', 0x2) bind$bt_hci(r1, 0x0, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xd) 296.529185ms ago: executing program 2 (id=2704): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81f782db44b9040a1d08030e000000e8fea4a1180015000600142603600e1208000f1000810401a80016000a0001", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a5c000000060a09040000000000000000020000000900020073797a32000000000900010073797a3000000000300004802c"], 0x84}}, 0x0) write$cgroup_subtree(r1, 0x0, 0xfe33) 0s ago: executing program 0 (id=2705): creat(&(0x7f0000000000)='./bus\x00', 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r0}, 0x18) mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x9d, &(0x7f0000000300)='trans=rdma,') kernel console output (not intermixed with test programs): S-fs (loop3): Found nat_bits in checkpoint [ 408.814224][ T3648] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 408.814252][ T3648] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 408.829954][ T3648] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 408.837599][ T3648] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 408.880348][ T3648] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 408.888026][ T3648] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 408.939637][ T3648] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 409.032856][ T3640] EXT4-fs (loop0): unmounting filesystem. [ 409.049774][ T8772] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1674'. [ 409.058912][ T8774] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1675'. [ 409.097794][ T8728] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 409.130152][ T8728] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 409.975539][ T8789] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1680'. [ 410.083578][ T9] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 410.167499][ T9] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 410.517206][ T8797] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 410.537868][ T8797] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 410.546489][ T8797] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 410.556797][ T8797] device bridge_slave_1 left promiscuous mode [ 410.564281][ T8797] bridge0: port 2(bridge_slave_1) entered disabled state [ 410.636060][ T8797] bond0: (slave bond_slave_0): Releasing backup interface [ 410.651028][ T8797] bond0: (slave bond_slave_1): Releasing backup interface [ 410.952593][ T8797] team0: Port device team_slave_0 removed [ 410.991547][ T8797] team0: Port device team_slave_1 removed [ 411.012530][ T8797] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 411.030829][ T8797] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 411.057721][ T8797] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 411.108129][ T8799] device wg2 entered promiscuous mode [ 411.137527][ T8809] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1686'. [ 411.845291][ T8830] netlink: 84 bytes leftover after parsing attributes in process `syz.4.1694'. [ 412.079798][ T22] usb 1-1: new full-speed USB device number 24 using dummy_hcd [ 412.124679][ T8835] netlink: 'syz.1.1696': attribute type 1 has an invalid length. [ 412.140251][ T8835] netlink: 'syz.1.1696': attribute type 4 has an invalid length. [ 412.156197][ T8838] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1698'. [ 412.175266][ T8835] netlink: 15334 bytes leftover after parsing attributes in process `syz.1.1696'. [ 412.279701][ T22] usb 1-1: device descriptor read/64, error -71 [ 413.041114][ T22] usb 1-1: new full-speed USB device number 25 using dummy_hcd [ 413.249693][ T22] usb 1-1: device descriptor read/64, error -71 [ 413.269643][ T8826] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1682'. [ 413.419008][ T22] usb usb1-port1: attempt power cycle [ 413.728304][ T8867] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1710'. [ 413.869722][ T22] usb 1-1: new full-speed USB device number 26 using dummy_hcd [ 413.989808][ T22] usb 1-1: device descriptor read/8, error -71 [ 414.235883][ T8878] device ipvlan2 entered promiscuous mode [ 414.288289][ T8878] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 414.313505][ T8878] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 414.379704][ T22] usb 1-1: new full-speed USB device number 27 using dummy_hcd [ 414.479796][ T22] usb 1-1: device descriptor read/8, error -71 [ 414.542950][ T8883] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1717'. [ 414.620782][ T22] usb usb1-port1: unable to enumerate USB device [ 414.655054][ T8885] netlink: 16162 bytes leftover after parsing attributes in process `syz.4.1719'. [ 414.788132][ T8889] tipc: Enabling of bearer rejected, already enabled [ 415.211501][ T8904] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1726'. [ 415.393035][ T8909] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1729'. [ 415.755094][ T8920] tipc: Enabling of bearer rejected, already enabled [ 415.999767][ T3688] usb 4-1: new full-speed USB device number 27 using dummy_hcd [ 416.239643][ T3688] usb 4-1: device descriptor read/64, error -71 [ 416.307520][ T8900] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1725'. [ 416.519647][ T3688] usb 4-1: new full-speed USB device number 28 using dummy_hcd [ 416.719612][ T3688] usb 4-1: device descriptor read/64, error -71 [ 416.840615][ T3688] usb usb4-port1: attempt power cycle [ 417.259774][ T3688] usb 4-1: new full-speed USB device number 29 using dummy_hcd [ 417.328013][ T8953] tipc: Enabling of bearer rejected, already enabled [ 417.369821][ T3688] usb 4-1: device descriptor read/8, error -71 [ 417.521876][ T8962] __nla_validate_parse: 1 callbacks suppressed [ 417.521895][ T8962] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1750'. [ 417.594077][ T8965] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1752'. [ 417.649604][ T3688] usb 4-1: new full-speed USB device number 30 using dummy_hcd [ 417.669784][ T8965] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1752'. [ 417.879919][ T3688] usb 4-1: device descriptor read/8, error -71 [ 418.009946][ T3688] usb usb4-port1: unable to enumerate USB device [ 418.227359][ T8979] Bluetooth: MGMT ver 1.22 [ 418.354013][ T8966] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1751'. [ 418.676294][ T8988] netlink: 16162 bytes leftover after parsing attributes in process `syz.4.1757'. [ 418.817495][ T8993] netlink: 'syz.3.1760': attribute type 13 has an invalid length. [ 419.074032][ T9007] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1765'. [ 419.089796][ T9006] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1764'. [ 419.131459][ T9007] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1765'. [ 419.487032][ T9017] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1768'. [ 419.960943][ T9024] netlink: 16162 bytes leftover after parsing attributes in process `syz.0.1772'. [ 419.983100][ T8999] loop2: detected capacity change from 0 to 40427 [ 420.005629][ T8999] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 420.017321][ T8999] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 420.035529][ T8999] F2FS-fs (loop2): invalid crc value [ 420.049746][ T22] usb 2-1: new full-speed USB device number 20 using dummy_hcd [ 420.057688][ T8999] F2FS-fs (loop2): Found nat_bits in checkpoint [ 420.279057][ T8999] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 420.309707][ T22] usb 2-1: device descriptor read/64, error -71 [ 420.316191][ T8999] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 421.249639][ T22] usb 2-1: new full-speed USB device number 21 using dummy_hcd [ 421.252562][ T3884] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 421.314405][ T3884] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 421.469800][ T22] usb 2-1: device descriptor read/64, error -71 [ 421.589831][ T22] usb usb2-port1: attempt power cycle [ 422.000410][ T22] usb 2-1: new full-speed USB device number 22 using dummy_hcd [ 422.100872][ T22] usb 2-1: device descriptor read/8, error -71 [ 422.206481][ T9047] smc: removing ib device syz1 [ 422.389749][ T22] usb 2-1: new full-speed USB device number 23 using dummy_hcd [ 422.479746][ T22] usb 2-1: device descriptor read/8, error -71 [ 422.527795][ T9055] netlink: 'syz.4.1780': attribute type 4 has an invalid length. [ 422.600165][ T22] usb usb2-port1: unable to enumerate USB device [ 422.837351][ T9066] __nla_validate_parse: 2 callbacks suppressed [ 422.837368][ T9066] netlink: 16162 bytes leftover after parsing attributes in process `syz.4.1783'. [ 423.082711][ T26] audit: type=1326 audit(1729099252.818:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9071 comm="syz.4.1785" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f516bf7dff9 code=0x0 [ 423.132309][ T26] audit: type=1326 audit(1729099252.868:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9071 comm="syz.4.1785" exe="/root/syz-executor" sig=31 arch=c000003e syscall=436 compat=0 ip=0x7f516bf7dff9 code=0x0 [ 423.935697][ T9078] loop3: detected capacity change from 0 to 128 [ 424.038047][ T9078] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 424.068125][ T9078] ext4 filesystem being mounted at /348/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 424.099719][ C0] vkms_vblank_simulate: vblank timer overrun [ 425.322511][ T3642] EXT4-fs (loop3): unmounting filesystem. [ 427.268232][ T9089] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1789'. [ 427.619654][ T3687] usb 2-1: new full-speed USB device number 24 using dummy_hcd [ 428.797074][ T9103] mkiss: ax0: crc mode is auto. [ 429.201368][ T9119] overlayfs: missing 'lowerdir' [ 429.403547][ T9113] mkiss: ax0: crc mode is auto. [ 429.735038][ T9129] netlink: 'syz.0.1802': attribute type 10 has an invalid length. [ 429.782159][ T9129] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 430.146632][ T3657] Bluetooth: hci1: Malformed LE Event: 0x0d [ 430.552176][ T9142] vcan0: Master is either lo or non-ether device [ 431.585541][ T9152] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1809'. [ 431.603510][ T9152] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1809'. [ 432.938306][ T9160] tipc: Enabling of bearer rejected, already enabled [ 433.479709][ T3688] usb 5-1: new full-speed USB device number 17 using dummy_hcd [ 433.669772][ T3688] usb 5-1: device descriptor read/64, error -71 [ 434.780640][ T3688] usb 5-1: new full-speed USB device number 18 using dummy_hcd [ 434.969871][ T3688] usb 5-1: device descriptor read/64, error -71 [ 435.110208][ T3688] usb usb5-port1: attempt power cycle [ 436.379659][ T3688] usb 5-1: new full-speed USB device number 19 using dummy_hcd [ 436.619021][ T9197] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1826'. [ 436.686124][ T9199] tipc: Enabling of bearer rejected, already enabled [ 436.818513][ T9202] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1827'. [ 437.411676][ T9210] vcan0: Master is either lo or non-ether device [ 437.549780][ T3688] usb 5-1: device descriptor read/8, error -71 [ 437.989719][ T3687] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 438.229862][ T3687] usb 1-1: Using ep0 maxpacket: 8 [ 438.346034][ T9231] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1839'. [ 438.350137][ T3688] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 438.440440][ T9233] netlink: 'syz.3.1840': attribute type 1 has an invalid length. [ 438.448509][ T9233] netlink: 'syz.3.1840': attribute type 4 has an invalid length. [ 438.459849][ T9233] netlink: 15334 bytes leftover after parsing attributes in process `syz.3.1840'. [ 438.509720][ T3687] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 438.527717][ T3687] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 438.536902][ T3687] usb 1-1: Product: syz [ 438.545128][ T9235] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1841'. [ 438.554293][ T3687] usb 1-1: Manufacturer: syz [ 438.559036][ T3687] usb 1-1: SerialNumber: syz [ 438.589798][ T3688] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 438.610819][ T3688] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 438.633352][ T3688] usb 5-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 438.666666][ T3688] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 438.686798][ T3688] usb 5-1: config 0 descriptor?? [ 438.851770][ T3687] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 28 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 439.027690][ T9249] vcan0: Master is either lo or non-ether device [ 439.162458][ T8215] usb 1-1: USB disconnect, device number 28 [ 439.179716][ C0] usblp0: nonzero write bulk status received: -108 [ 439.198539][ T8215] usblp0: removed [ 439.233305][ T3687] usb 2-1: new full-speed USB device number 25 using dummy_hcd [ 439.249757][ T3688] usbhid 5-1:0.0: can't add hid device: -71 [ 439.260093][ T3688] usbhid: probe of 5-1:0.0 failed with error -71 [ 439.289432][ T3688] usb 5-1: USB disconnect, device number 20 [ 439.306916][ T9254] netlink: 'syz.2.1848': attribute type 13 has an invalid length. [ 439.449654][ T3687] usb 2-1: device descriptor read/64, error -71 [ 439.598781][ T9262] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1851'. [ 439.729679][ T3687] usb 2-1: new full-speed USB device number 26 using dummy_hcd [ 439.929640][ T3687] usb 2-1: device descriptor read/64, error -71 [ 440.050056][ T3687] usb usb2-port1: attempt power cycle [ 440.102233][ T1272] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.108640][ T1272] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.342537][ T9280] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1858'. [ 440.469724][ T3687] usb 2-1: new full-speed USB device number 27 using dummy_hcd [ 440.619885][ T3687] usb 2-1: device descriptor read/8, error -71 [ 440.889655][ T3687] usb 2-1: new full-speed USB device number 28 using dummy_hcd [ 440.948154][ T9292] netlink: 'syz.4.1861': attribute type 13 has an invalid length. [ 440.989789][ T3687] usb 2-1: device descriptor read/8, error -71 [ 441.007125][ T9294] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1862'. [ 441.110089][ T3687] usb usb2-port1: unable to enumerate USB device [ 441.156966][ T9297] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1863'. [ 442.178012][ T9310] loop4: detected capacity change from 0 to 128 [ 442.262890][ T9310] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 442.280271][ T9310] ext4 filesystem being mounted at /363/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 442.637841][ T9321] netlink: 'syz.2.1873': attribute type 13 has an invalid length. [ 443.276789][ T3641] EXT4-fs (loop4): unmounting filesystem. [ 443.299977][ T9300] loop3: detected capacity change from 0 to 40427 [ 443.319182][ T9300] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 443.376034][ T9300] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 443.533013][ T3688] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 443.553963][ T9300] F2FS-fs (loop3): Found nat_bits in checkpoint [ 443.658836][ T9300] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 443.673235][ T9300] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 443.959687][ T3688] usb 3-1: Using ep0 maxpacket: 32 [ 444.129794][ T3688] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 444.150746][ T3688] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 444.165403][ T3688] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 444.178616][ T3688] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 444.193159][ T3688] usb 3-1: config 0 interface 0 has no altsetting 0 [ 444.924939][ T3642] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 444.924969][ T3642] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 444.975974][ T3642] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 444.998006][ T3642] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 445.029792][ T3688] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 445.140971][ T3642] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 445.141001][ T3642] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 445.179168][ T3642] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 445.197280][ T3688] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 445.237250][ T3688] usb 3-1: Product: syz [ 445.247102][ T3688] usb 3-1: Manufacturer: syz [ 445.258752][ T3688] usb 3-1: SerialNumber: syz [ 445.275948][ T3688] usb 3-1: config 0 descriptor?? [ 445.331619][ T3688] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 445.371768][ T3688] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 445.656260][ T9355] device ipvlan2 entered promiscuous mode [ 445.668303][ T9355] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 445.682012][ T9355] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 445.865394][ T9360] loop0: detected capacity change from 0 to 128 [ 445.906320][ T9360] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 445.923965][ T9360] ext4 filesystem being mounted at /351/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 446.626727][ T3631] usb 3-1: USB disconnect, device number 27 [ 447.101725][ T3640] EXT4-fs (loop0): unmounting filesystem. [ 447.125076][ T3631] ldusb 3-1:0.0: LD USB Device #0 now disconnected [ 447.344142][ T9375] netlink: 'syz.4.1888': attribute type 1 has an invalid length. [ 447.380894][ T9375] netlink: 'syz.4.1888': attribute type 4 has an invalid length. [ 447.439748][ T9375] netlink: 15334 bytes leftover after parsing attributes in process `syz.4.1888'. [ 447.535513][ T8215] usb 4-1: new full-speed USB device number 31 using dummy_hcd [ 447.705072][ T9379] tipc: Enabling of bearer rejected, already enabled [ 447.749642][ T8215] usb 4-1: device descriptor read/64, error -71 [ 447.924634][ T9383] netlink: 'syz.4.1892': attribute type 1 has an invalid length. [ 447.943089][ T9383] netlink: 'syz.4.1892': attribute type 4 has an invalid length. [ 447.967236][ T9383] netlink: 15334 bytes leftover after parsing attributes in process `syz.4.1892'. [ 448.029662][ T8215] usb 4-1: new full-speed USB device number 32 using dummy_hcd [ 448.219863][ T8215] usb 4-1: device descriptor read/64, error -71 [ 448.350293][ T8215] usb usb4-port1: attempt power cycle [ 448.381211][ T26] audit: type=1326 audit(1729099278.118:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9389 comm="syz.1.1895" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fde6077dff9 code=0x0 [ 448.835316][ T8215] usb 4-1: new full-speed USB device number 33 using dummy_hcd [ 448.951216][ T8215] usb 4-1: device descriptor read/8, error -71 [ 449.229674][ T8215] usb 4-1: new full-speed USB device number 34 using dummy_hcd [ 449.319706][ T8215] usb 4-1: device descriptor read/8, error -71 [ 449.439798][ T8215] usb usb4-port1: unable to enumerate USB device [ 449.574550][ T9377] loop0: detected capacity change from 0 to 40427 [ 449.690750][ T9377] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 449.706575][ T9377] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 449.832869][ T9377] F2FS-fs (loop0): Found nat_bits in checkpoint [ 450.524171][ T9395] loop4: detected capacity change from 0 to 40427 [ 450.700023][ T9395] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 450.726317][ T9395] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 450.765923][ T9395] F2FS-fs (loop4): invalid crc value [ 450.826287][ T9395] F2FS-fs (loop4): Found nat_bits in checkpoint [ 451.100418][ T9423] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1904'. [ 451.120552][ T9422] netlink: 'syz.2.1905': attribute type 1 has an invalid length. [ 451.162634][ T9423] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1904'. [ 451.175507][ T9395] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 451.182838][ T9422] netlink: 'syz.2.1905': attribute type 4 has an invalid length. [ 451.189590][ T9395] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 451.203624][ T9422] netlink: 15334 bytes leftover after parsing attributes in process `syz.2.1905'. [ 452.076936][ T4916] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 452.101056][ T4916] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 452.208356][ T9433] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1903'. [ 452.273877][ T9418] infiniband syz1: set down [ 452.282981][ T9418] infiniband syz1: added ipvlan1 [ 452.288530][ T9418] rdma_rxe: unable to create cq [ 452.310897][ T9418] infiniband syz1: Couldn't create ib_mad CQ [ 452.317490][ T9418] infiniband syz1: Couldn't open port 1 [ 452.431054][ T9418] RDS/IB: syz1: added [ 452.457300][ T9418] smc: adding ib device syz1 with port count 1 [ 452.471484][ T9418] smc: ib device syz1 port 1 has pnetid [ 452.579866][ T3687] usb 2-1: new full-speed USB device number 29 using dummy_hcd [ 452.791398][ T3687] usb 2-1: device descriptor read/64, error -71 [ 453.139304][ T9444] hfs: unable to parse mount options [ 453.160673][ T3687] usb 2-1: new full-speed USB device number 30 using dummy_hcd [ 453.243209][ T9445] device veth1_macvtap left promiscuous mode [ 453.249326][ T9445] device veth1_macvtap entered promiscuous mode [ 453.569571][ T3687] usb 2-1: device descriptor read/64, error -71 [ 453.709736][ T3687] usb usb2-port1: attempt power cycle [ 454.159618][ T3687] usb 2-1: new full-speed USB device number 31 using dummy_hcd [ 454.269773][ T3687] usb 2-1: device descriptor read/8, error -71 [ 454.549759][ T3687] usb 2-1: new full-speed USB device number 32 using dummy_hcd [ 454.563857][ T9457] netlink: 'syz.0.1915': attribute type 10 has an invalid length. [ 454.685070][ T3687] usb 2-1: device descriptor read/8, error -71 [ 454.892391][ T3687] usb usb2-port1: unable to enumerate USB device [ 455.871175][ T9466] device ipvlan2 entered promiscuous mode [ 455.889158][ T9466] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 455.950662][ T9466] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 456.063054][ T9450] loop2: detected capacity change from 0 to 40427 [ 456.107040][ T9450] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 456.147407][ T9450] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 456.155242][ T9474] netlink: 'syz.0.1921': attribute type 1 has an invalid length. [ 456.224740][ T9474] netlink: 'syz.0.1921': attribute type 4 has an invalid length. [ 456.252168][ T9474] netlink: 15334 bytes leftover after parsing attributes in process `syz.0.1921'. [ 456.272464][ T9450] F2FS-fs (loop2): Found nat_bits in checkpoint [ 456.326613][ T9481] netlink: 'syz.4.1923': attribute type 1 has an invalid length. [ 456.390696][ T9481] netlink: 'syz.4.1923': attribute type 4 has an invalid length. [ 456.408825][ T9481] netlink: 15334 bytes leftover after parsing attributes in process `syz.4.1923'. [ 456.414008][ T9450] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 456.435698][ T9450] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 456.601076][ T3687] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 456.749278][ T9489] netlink: 'syz.4.1926': attribute type 10 has an invalid length. [ 457.254225][ T9489] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 457.288890][ T9490] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1925'. [ 457.334016][ T9462] loop3: detected capacity change from 0 to 40427 [ 457.405315][ T9462] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 457.454056][ T9462] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 457.466538][ T3648] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 457.466568][ T3648] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 457.480016][ T9462] F2FS-fs (loop3): invalid crc value [ 457.499457][ T3648] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 457.499486][ T3648] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 457.531990][ T3648] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 457.539955][ T3648] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 457.547924][ T3648] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 457.710019][ T3687] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 457.762730][ T3687] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 457.766795][ T9462] F2FS-fs (loop3): Found nat_bits in checkpoint [ 457.778481][ T3687] usb 2-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 457.804963][ T3687] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 458.748574][ T3687] usb 2-1: config 0 descriptor?? [ 459.379899][ T3687] usbhid 2-1:0.0: can't add hid device: -71 [ 459.392831][ T3687] usbhid: probe of 2-1:0.0 failed with error -71 [ 459.430889][ T3687] usb 2-1: USB disconnect, device number 33 [ 459.780957][ T9522] rdma_rxe: rxe_register_device failed with error -23 [ 459.809954][ T9522] rdma_rxe: failed to add ipvlan1 [ 459.847325][ T9522] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1928'. [ 459.914130][ T9522] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1928'. [ 460.257113][ T8215] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 460.717792][ T9538] device ipvlan2 entered promiscuous mode [ 460.731686][ T9538] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 460.746967][ T9538] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 460.759665][ T8215] usb 5-1: Using ep0 maxpacket: 16 [ 461.049762][ T3726] usb 2-1: new full-speed USB device number 34 using dummy_hcd [ 461.113409][ T8215] usb 5-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35 [ 461.138722][ T8215] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 461.149100][ T8215] usb 5-1: Product: syz [ 461.202501][ T8215] usb 5-1: Manufacturer: syz [ 461.207204][ T8215] usb 5-1: SerialNumber: syz [ 461.232522][ T9546] tipc: Enabling of bearer rejected, already enabled [ 461.246820][ T8215] usb 5-1: config 0 descriptor?? [ 461.289627][ T3726] usb 2-1: device descriptor read/64, error -71 [ 461.306197][ T8215] as10x_usb: device has been detected [ 461.324821][ T8215] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led)) [ 461.440782][ T8215] usb 5-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))... [ 461.502050][ T9525] random: crng reseeded on system resumption [ 461.579768][ T3726] usb 2-1: new full-speed USB device number 35 using dummy_hcd [ 461.636746][ T8215] as10x_usb: error during firmware upload part1 [ 461.658636][ T8215] Registered device Sky IT Digital Key (green led) [ 461.809910][ T3726] usb 2-1: device descriptor read/64, error -71 [ 461.951852][ T3726] usb usb2-port1: attempt power cycle [ 462.153488][ T9558] rdma_rxe: rxe_register_device failed with error -23 [ 462.198476][ T9558] rdma_rxe: failed to add ipvlan1 [ 462.199001][ T9559] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1947'. [ 462.219916][ T9559] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1947'. [ 462.389678][ T3726] usb 2-1: new full-speed USB device number 36 using dummy_hcd [ 462.508925][ T8215] usb 5-1: USB disconnect, device number 21 [ 462.511455][ T9565] device ipvlan2 entered promiscuous mode [ 462.521471][ T3726] usb 2-1: device descriptor read/8, error -71 [ 462.534697][ T9565] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 462.543762][ T9565] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 462.584910][ T8215] Unregistered device Sky IT Digital Key (green led) [ 462.597483][ T8215] as10x_usb: device has been disconnected [ 462.709607][ T3687] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 462.789622][ T3726] usb 2-1: new full-speed USB device number 37 using dummy_hcd [ 462.854028][ T9571] tipc: Enabling of bearer rejected, already enabled [ 462.905097][ T3726] usb 2-1: device descriptor read/8, error -71 [ 462.979989][ T3687] usb 4-1: Using ep0 maxpacket: 32 [ 463.049782][ T3726] usb usb2-port1: unable to enumerate USB device [ 463.109865][ T3687] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 463.125470][ T3687] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 463.165492][ T3687] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 463.177123][ T3687] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 463.197338][ T3687] usb 4-1: config 0 interface 0 has no altsetting 0 [ 463.439911][ T3687] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 463.490784][ T3687] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 463.514420][ T3687] usb 4-1: Product: syz [ 463.524585][ T3687] usb 4-1: Manufacturer: syz [ 463.531822][ T3687] usb 4-1: SerialNumber: syz [ 464.268848][ T3687] usb 4-1: config 0 descriptor?? [ 464.311318][ T3687] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 464.345893][ T3687] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 464.437902][ T9591] rdma_rxe: rxe_register_device failed with error -23 [ 464.479964][ T9591] rdma_rxe: failed to add ipvlan1 [ 464.491963][ T9591] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1960'. [ 464.509021][ T9591] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1960'. [ 464.899678][ T22] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 465.062505][ T9608] netlink: 'syz.0.1966': attribute type 1 has an invalid length. [ 465.071910][ T9608] netlink: 'syz.0.1966': attribute type 4 has an invalid length. [ 465.082940][ T9608] netlink: 15334 bytes leftover after parsing attributes in process `syz.0.1966'. [ 465.289853][ T22] usb 2-1: Using ep0 maxpacket: 8 [ 465.315278][ T3726] usb 4-1: USB disconnect, device number 35 [ 465.337756][ T3726] ldusb 4-1:0.0: LD USB Device #0 now disconnected [ 465.409690][ T22] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 465.433991][ T22] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 465.471543][ T22] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 465.513854][ T22] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 465.546431][ T22] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 465.585652][ T22] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 465.634181][ T22] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 465.789711][ T3687] usb 1-1: new full-speed USB device number 29 using dummy_hcd [ 465.989858][ T22] usb 2-1: GET_CAPABILITIES returned 0 [ 466.009729][ T3687] usb 1-1: device descriptor read/64, error -71 [ 466.018542][ T22] usbtmc 2-1:16.0: can't read capabilities [ 466.286948][ T9594] usbtmc 2-1:16.0: send_request_dev_dep_msg_in returned -90 [ 466.299627][ T3687] usb 1-1: new full-speed USB device number 30 using dummy_hcd [ 466.519567][ T3687] usb 1-1: device descriptor read/64, error -71 [ 466.655488][ T3687] usb usb1-port1: attempt power cycle [ 467.457834][ T9616] loop2: detected capacity change from 0 to 40427 [ 467.541352][ T9616] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 467.589849][ T9616] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 467.632994][ T9616] F2FS-fs (loop2): invalid crc value [ 467.672035][ T9616] F2FS-fs (loop2): Found nat_bits in checkpoint [ 467.702744][ T3687] usb 1-1: new full-speed USB device number 31 using dummy_hcd [ 467.916658][ T3687] usb 1-1: device descriptor read/8, error -71 [ 467.929738][ T9616] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 467.936951][ T9616] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 468.029930][ T22] usb 2-1: USB disconnect, device number 38 [ 468.229640][ T3687] usb 1-1: new full-speed USB device number 32 using dummy_hcd [ 469.040555][ T1189] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 469.062906][ T9645] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1976'. [ 469.137270][ T1189] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 469.429862][ T3687] usb 1-1: device descriptor read/8, error -71 [ 469.549795][ T3687] usb usb1-port1: unable to enumerate USB device [ 472.384234][ T22] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 473.524638][ T9681] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1988'. [ 473.601374][ T9683] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1989'. [ 473.652600][ T9687] netlink: 'syz.4.1991': attribute type 1 has an invalid length. [ 473.701243][ T9687] netlink: 'syz.4.1991': attribute type 4 has an invalid length. [ 473.729286][ T9687] netlink: 15334 bytes leftover after parsing attributes in process `syz.4.1991'. [ 474.322344][ T9701] tipc: Enabling of bearer rejected, already enabled [ 475.787821][ T9715] random: crng reseeded on system resumption [ 475.799205][ T9723] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2003'. [ 476.821367][ T9732] netlink: 'syz.3.2006': attribute type 1 has an invalid length. [ 476.933313][ T9732] netlink: 'syz.3.2006': attribute type 4 has an invalid length. [ 477.012938][ T9732] netlink: 15334 bytes leftover after parsing attributes in process `syz.3.2006'. [ 477.140494][ T9740] netlink: 'syz.3.2010': attribute type 10 has an invalid length. [ 477.611498][ T9740] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 477.738921][ T9744] can0: slcan on ptm0. [ 478.615032][ T9734] can0 (unregistered): slcan off ptm0. [ 479.267840][ T9776] netlink: 'syz.4.2020': attribute type 1 has an invalid length. [ 479.304728][ T9776] netlink: 'syz.4.2020': attribute type 4 has an invalid length. [ 479.344842][ T9776] netlink: 15334 bytes leftover after parsing attributes in process `syz.4.2020'. [ 479.420820][ T9781] netlink: 'syz.1.2021': attribute type 10 has an invalid length. [ 479.507375][ T9781] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 481.279180][ T9761] loop0: detected capacity change from 0 to 40427 [ 481.363563][ T9761] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 481.417732][ T9761] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 481.474948][ T9761] F2FS-fs (loop0): invalid crc value [ 481.524459][ T9761] F2FS-fs (loop0): Found nat_bits in checkpoint [ 481.718842][ T22] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 481.751710][ T9761] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 481.759297][ T9761] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 482.351657][ T22] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 482.757335][ T22] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 482.795425][ T22] usb 2-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 482.823748][ T22] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 482.889235][ T22] usb 2-1: config 0 descriptor?? [ 482.911252][ T4916] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 482.942800][ T4916] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 483.023056][ T9832] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.2032'. [ 483.305818][ T9834] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2033'. [ 483.849772][ T22] usbhid 2-1:0.0: can't add hid device: -71 [ 483.856243][ T22] usbhid: probe of 2-1:0.0 failed with error -71 [ 483.880062][ T22] usb 2-1: USB disconnect, device number 39 [ 485.739620][ T3657] Bluetooth: hci2: unexpected event for opcode 0x0809 [ 485.747343][ T3657] Bluetooth: hci2: unexpected event for opcode 0x0411 [ 486.162635][ T9882] netlink: 'syz.2.2051': attribute type 10 has an invalid length. [ 486.188767][ T9882] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 486.286306][ T9861] loop0: detected capacity change from 0 to 40427 [ 486.303443][ T9887] netlink: 'syz.4.2052': attribute type 1 has an invalid length. [ 486.321797][ T9861] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 486.341511][ T9861] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 486.369883][ T9887] netlink: 'syz.4.2052': attribute type 4 has an invalid length. [ 486.386604][ T9887] netlink: 15334 bytes leftover after parsing attributes in process `syz.4.2052'. [ 486.405410][ T9861] F2FS-fs (loop0): Found nat_bits in checkpoint [ 486.507714][ T9862] loop1: detected capacity change from 0 to 40427 [ 486.540041][ T9862] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 486.550528][ T9862] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 486.571449][ T9861] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 486.583101][ T9861] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 486.696965][ T9862] F2FS-fs (loop1): invalid crc value [ 486.749685][ T26] audit: type=1800 audit(1729099316.448:5): pid=9892 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.2.2053" name="/" dev="sockfs" ino=52948 res=0 errno=0 [ 486.799167][ T9862] F2FS-fs (loop1): Found nat_bits in checkpoint [ 487.169292][ T9862] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 487.184369][ T9907] rdma_rxe: rxe_register_device failed with error -23 [ 487.194729][ T9862] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 487.215757][ T9907] rdma_rxe: failed to add ipvlan1 [ 487.237932][ T9907] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2055'. [ 487.279745][ T9907] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2055'. [ 488.149974][ T7599] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 488.200837][ T7599] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 488.306664][ T9924] capability: warning: `syz.4.2058' uses deprecated v2 capabilities in a way that may be insecure [ 488.655369][ T9933] netlink: 'syz.3.2063': attribute type 10 has an invalid length. [ 488.903811][ T1189] wlan1: Trigger new scan to find an IBSS to join [ 489.410429][ T26] audit: type=1800 audit(1729099319.148:6): pid=9937 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.2.2065" name="/" dev="sockfs" ino=53006 res=0 errno=0 [ 489.569218][ T9948] rdma_rxe: rxe_register_device failed with error -23 [ 489.597621][ T9948] rdma_rxe: failed to add ipvlan1 [ 489.648154][ T9951] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2067'. [ 490.044492][ T9951] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2067'. [ 491.949742][ T3884] wlan1: Trigger new scan to find an IBSS to join [ 492.261963][ T9970] loop1: detected capacity change from 0 to 40427 [ 492.299906][ T9970] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 492.331456][ T9970] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 492.407029][ T9971] loop2: detected capacity change from 0 to 40427 [ 492.407511][ T9970] F2FS-fs (loop1): Found nat_bits in checkpoint [ 492.429421][ T9971] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 492.442661][ T9971] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 492.596127][ T9995] rdma_rxe: rxe_register_device failed with error -23 [ 492.614423][ T9971] F2FS-fs (loop2): Found nat_bits in checkpoint [ 492.630693][ T9995] rdma_rxe: failed to add ipvlan1 [ 492.652624][ T9995] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2080'. [ 492.662561][ T9995] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2080'. [ 492.662749][ T9970] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 492.684626][ T9970] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 493.402656][ T9970] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 493.422588][ T9971] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 493.432077][ T9971] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 493.452033][ T9970] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 493.689971][T10010] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2084'. [ 494.511939][ T3648] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 494.511969][ T3648] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 494.579551][ T3648] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 494.587249][ T3648] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 494.609648][ T3648] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 494.629703][ T3648] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 494.675299][ T3648] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 494.809580][ T22] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 494.899608][ T3884] wlan1: Creating new IBSS network, BSSID 96:97:a7:c4:42:03 [ 495.097369][T10033] rdma_rxe: rxe_register_device failed with error -23 [ 495.112313][T10033] rdma_rxe: failed to add ipvlan1 [ 495.134069][T10033] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2092'. [ 495.160315][T10033] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2092'. [ 495.199936][ T22] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 495.236689][ T22] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 495.263009][ T22] usb 4-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 495.292023][ T22] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 495.324399][ T22] usb 4-1: config 0 descriptor?? [ 495.522728][ T3657] Bluetooth: hci1: Unknown advertising packet type: 0xb00 [ 495.522759][ T3657] Bluetooth: hci1: Malformed LE Event: 0x0d [ 495.834493][ T22] hid-led 0003:0FC5:B080.000D: unknown main item tag 0x0 [ 495.849269][ T22] hid-led 0003:0FC5:B080.000D: unknown main item tag 0x0 [ 495.857014][ T22] hid-led 0003:0FC5:B080.000D: unknown main item tag 0x0 [ 496.921302][T10053] netlink: 'syz.0.2097': attribute type 10 has an invalid length. [ 496.990088][ T22] hid-led: probe of 0003:0FC5:B080.000D failed with error -71 [ 497.041556][ T22] usb 4-1: USB disconnect, device number 36 [ 497.909726][ T14] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 498.037258][T10068] netlink: 'syz.0.2104': attribute type 1 has an invalid length. [ 498.086421][T10068] netlink: 'syz.0.2104': attribute type 4 has an invalid length. [ 498.127070][T10068] netlink: 15334 bytes leftover after parsing attributes in process `syz.0.2104'. [ 498.180911][ T14] usb 5-1: Using ep0 maxpacket: 32 [ 498.185651][T10051] loop2: detected capacity change from 0 to 40427 [ 498.203445][T10051] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 498.229686][T10051] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 498.264890][T10069] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 498.318069][T10051] F2FS-fs (loop2): Found nat_bits in checkpoint [ 498.350277][ T14] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 498.354282][T10069] device syzkaller0 entered promiscuous mode [ 498.369122][ T14] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 498.387251][ T14] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 498.398908][ T14] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 498.439593][ T14] usb 5-1: config 0 interface 0 has no altsetting 0 [ 498.518379][T10051] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 498.536601][T10051] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 498.602195][T10051] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 498.620722][ T14] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 498.630173][T10082] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2107'. [ 498.632197][T10051] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 498.657279][ T14] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 498.674869][ T14] usb 5-1: Product: syz [ 498.691300][ T14] usb 5-1: Manufacturer: syz [ 498.703672][ T14] usb 5-1: SerialNumber: syz [ 498.729861][ T14] usb 5-1: config 0 descriptor?? [ 498.791327][ T14] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 498.832029][ T14] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 499.221433][ T22] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 499.529756][ T22] usb 2-1: too many configurations: 9, using maximum allowed: 8 [ 499.622009][ T22] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 499.631892][ T22] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 499.645594][ T22] usb 2-1: config 0 interface 0 has no altsetting 0 [ 499.740002][ T22] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 499.750614][ T22] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 499.765864][ T22] usb 2-1: config 0 interface 0 has no altsetting 0 [ 499.849697][ T22] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 499.862682][ T22] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 499.874440][ T22] usb 2-1: config 0 interface 0 has no altsetting 0 [ 499.959839][ T22] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 499.975985][ T22] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 499.997578][ T22] usb 2-1: config 0 interface 0 has no altsetting 0 [ 500.079705][ T22] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 500.089602][ T22] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 500.101778][ T22] usb 2-1: config 0 interface 0 has no altsetting 0 [ 500.189781][ T22] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 500.199430][ T22] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 500.230078][ T22] usb 2-1: config 0 interface 0 has no altsetting 0 [ 500.319752][ T22] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 500.332188][T10094] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2110'. [ 500.333815][ T22] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 500.352547][ T22] usb 2-1: config 0 interface 0 has no altsetting 0 [ 500.429930][ T22] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 500.439106][ T22] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 500.456064][ T22] usb 2-1: config 0 interface 0 has no altsetting 0 [ 500.628756][ T22] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 500.637974][ T22] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 500.646704][ T22] usb 2-1: Product: syz [ 500.651047][ T22] usb 2-1: Manufacturer: syz [ 500.655702][ T22] usb 2-1: SerialNumber: syz [ 500.672433][ T22] usb 2-1: config 0 descriptor?? [ 500.731161][ T22] yurex 2-1:0.0: USB YUREX device now attached to Yurex #1 [ 501.555737][ T1272] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.564131][ T1272] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.157691][ T3688] usb 2-1: USB disconnect, device number 40 [ 502.178424][ T3688] yurex 2-1:0.0: USB YUREX #1 now disconnected [ 502.224896][T10099] netlink: 'syz.2.2111': attribute type 10 has an invalid length. [ 502.527595][T10106] rdma_rxe: already configured on ipvlan1 [ 502.538744][T10106] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2115'. [ 502.552338][T10106] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2115'. [ 502.701454][T10108] netlink: 'syz.1.2116': attribute type 1 has an invalid length. [ 502.738297][T10108] netlink: 'syz.1.2116': attribute type 4 has an invalid length. [ 502.750514][T10108] netlink: 15334 bytes leftover after parsing attributes in process `syz.1.2116'. [ 503.119259][T10117] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2120'. [ 504.451250][T10085] ldusb 5-1:0.0: Couldn't submit HID_REQ_SET_REPORT -110 [ 504.979245][ T3631] usb 5-1: USB disconnect, device number 22 [ 505.010417][ T3631] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 505.324161][ T3688] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 505.478108][T10112] loop3: detected capacity change from 0 to 40427 [ 505.493624][T10112] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 505.508991][T10112] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 505.540504][T10112] F2FS-fs (loop3): Found nat_bits in checkpoint [ 505.619674][ T3688] usb 2-1: Using ep0 maxpacket: 32 [ 505.630423][T10112] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 505.649439][T10112] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 505.707555][T10112] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 505.725566][T10112] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 505.775479][ T3688] usb 2-1: config index 0 descriptor too short (expected 156, got 27) [ 505.797359][ T3688] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 505.838279][ T3688] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 505.855682][ T3688] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 505.875575][ T3688] usb 2-1: config 0 interface 0 has no altsetting 0 [ 506.080880][ T3688] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 506.120005][ T3688] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 506.150706][ T3688] usb 2-1: Product: syz [ 506.154937][ T3688] usb 2-1: Manufacturer: syz [ 506.180954][T10133] loop2: detected capacity change from 0 to 40427 [ 506.184908][ T3688] usb 2-1: SerialNumber: syz [ 506.207225][ T3688] usb 2-1: config 0 descriptor?? [ 506.219610][T10133] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 506.241334][T10133] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 506.261218][ T3688] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 506.273698][T10133] F2FS-fs (loop2): invalid crc value [ 506.325503][ T3688] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 506.335444][T10133] F2FS-fs (loop2): Found nat_bits in checkpoint [ 506.480327][T10133] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 506.487458][T10133] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 506.520601][T10158] rdma_rxe: already configured on ipvlan1 [ 506.551589][T10158] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2128'. [ 506.570013][T10158] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2128'. [ 507.340540][ T4916] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 507.409398][ T4916] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 508.010834][T10150] bridge0: port 2(bridge_slave_1) entered disabled state [ 508.018114][T10150] bridge0: port 1(bridge_slave_0) entered disabled state [ 508.110514][ T8191] usb 2-1: USB disconnect, device number 41 [ 508.229923][ T8191] ldusb 2-1:0.0: LD USB Device #0 now disconnected [ 511.719411][T10150] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 511.820031][T10150] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 511.839689][ T3726] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 512.189671][ T8194] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 512.223218][ T3726] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 512.238313][ T3726] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 512.250994][ T3726] usb 2-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 512.263715][ T3726] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 512.285869][ T3726] usb 2-1: config 0 descriptor?? [ 512.456757][ T26] audit: type=1800 audit(1729099342.188:7): pid=10196 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.0.2141" name="/" dev="sockfs" ino=53963 res=0 errno=0 [ 512.479593][ T8194] usb 4-1: Using ep0 maxpacket: 32 [ 512.611989][ T8194] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 512.649810][ T8194] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 512.671947][ T8194] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 512.691103][ T8194] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 512.705612][ T8194] usb 4-1: config 0 interface 0 has no altsetting 0 [ 512.767296][ T3726] hid-led 0003:0FC5:B080.000E: unknown main item tag 0x0 [ 512.787091][ T3726] hid-led 0003:0FC5:B080.000E: unknown main item tag 0x0 [ 512.800262][ T3726] hid-led 0003:0FC5:B080.000E: unknown main item tag 0x0 [ 512.879947][ T8194] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 512.896874][ T8194] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 512.907651][ T8194] usb 4-1: Product: syz [ 512.915934][ T8194] usb 4-1: Manufacturer: syz [ 512.920948][ T8194] usb 4-1: SerialNumber: syz [ 512.933383][ T8194] usb 4-1: config 0 descriptor?? [ 512.982063][ T8194] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 513.011785][ T8194] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 513.203049][ T3726] hid-led: probe of 0003:0FC5:B080.000E failed with error -71 [ 513.225691][ T3726] usb 2-1: USB disconnect, device number 42 [ 513.333888][T10150] tipc: Resetting bearer [ 513.372186][T10150] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 513.389091][T10150] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 513.398450][T10150] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 513.413424][T10150] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 513.744720][T10150] device ipip0 left promiscuous mode [ 513.777234][T10177] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2132'. [ 513.830068][T10201] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2142'. [ 513.923607][T10206] rdma_rxe: rxe_register_device failed with error -23 [ 513.956656][T10206] rdma_rxe: failed to add ipvlan1 [ 514.036188][T10206] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2143'. [ 514.057444][T10206] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2143'. [ 514.073042][ T26] audit: type=1326 audit(1729099343.808:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10212 comm="syz.4.2147" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f516bf7dff9 code=0x0 [ 514.125444][ T26] audit: type=1326 audit(1729099343.858:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10212 comm="syz.4.2147" exe="/root/syz-executor" sig=31 arch=c000003e syscall=436 compat=0 ip=0x7f516bf7dff9 code=0x0 [ 514.361392][ T8215] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 514.609871][ T8215] usb 3-1: Using ep0 maxpacket: 32 [ 514.740335][ T8215] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 514.803905][ T8215] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 514.970530][ T8215] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 515.090134][ T8215] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 515.108889][ T8215] usb 3-1: config 0 interface 0 has no altsetting 0 [ 515.186389][ T3688] usb 4-1: USB disconnect, device number 37 [ 515.204170][ T3688] ldusb 4-1:0.0: LD USB Device #0 now disconnected [ 515.300032][ T8215] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 515.309185][ T8215] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 515.418819][ T8215] usb 3-1: Product: syz [ 515.437330][ T8215] usb 3-1: Manufacturer: syz [ 515.453452][ T8215] usb 3-1: SerialNumber: syz [ 515.495972][ T8215] usb 3-1: config 0 descriptor?? [ 515.562497][ T8215] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 515.616657][ T8215] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 515.889911][ T8215] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 516.140134][ T8215] usb 2-1: Using ep0 maxpacket: 16 [ 516.263359][ T8215] usb 2-1: config 0 has an invalid interface number: 8 but max is 0 [ 516.292731][ T8215] usb 2-1: config 0 has no interface number 0 [ 516.299430][ T8215] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 516.317536][ T8215] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 516.449762][ T8215] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 516.478665][ T8215] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 516.502324][ T8215] usb 2-1: Product: syz [ 516.506648][ T8215] usb 2-1: SerialNumber: syz [ 516.546515][ T8215] usb 2-1: config 0 descriptor?? [ 516.591019][ T8215] cm109 2-1:0.8: invalid payload size 0, expected 4 [ 516.615349][ T8215] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.8/input/input5 [ 517.205053][ T3688] usb 2-1: USB disconnect, device number 43 [ 517.219835][ C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 517.226975][ C1] cm109 2-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 517.282579][ T3688] cm109 2-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 517.288158][ T8215] usb 3-1: USB disconnect, device number 28 [ 517.299010][ T8215] ldusb 3-1:0.0: LD USB Device #0 now disconnected [ 517.561279][T10239] device veth1_macvtap left promiscuous mode [ 517.606739][T10242] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2156'. [ 517.879198][T10246] rdma_rxe: rxe_register_device failed with error -23 [ 517.898437][T10246] rdma_rxe: failed to add ipvlan1 [ 517.941945][T10246] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2158'. [ 518.105465][T10246] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2158'. [ 518.419927][ T8215] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 519.060144][ T8215] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 519.797416][ T8215] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 519.840134][ T8215] usb 5-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 519.862987][ T8215] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 519.917682][ T8215] usb 5-1: config 0 descriptor?? [ 520.179992][ T3656] Bluetooth: hci5: command 0x0406 tx timeout [ 520.356557][ T3688] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 520.765670][ T8215] hid-led 0003:0FC5:B080.000F: unknown main item tag 0x0 [ 520.773291][ T8215] hid-led 0003:0FC5:B080.000F: unknown main item tag 0x0 [ 520.802690][ T8215] hid-led 0003:0FC5:B080.000F: unknown main item tag 0x0 [ 520.880416][ T3688] usb 4-1: Using ep0 maxpacket: 32 [ 521.099738][ T8215] hid-led: probe of 0003:0FC5:B080.000F failed with error -71 [ 521.135082][ T8215] usb 5-1: USB disconnect, device number 23 [ 521.180249][ T3688] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 521.192589][ T3688] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 521.204039][ T3688] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 521.215371][ T3688] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 521.237388][ T3688] usb 4-1: config 0 interface 0 has no altsetting 0 [ 521.336276][T10280] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2167'. [ 521.429708][ T3688] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 521.448109][ T3688] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 521.465188][ T3688] usb 4-1: Product: syz [ 521.479912][ T3688] usb 4-1: Manufacturer: syz [ 521.488897][ T3688] usb 4-1: SerialNumber: syz [ 521.507536][ T3688] usb 4-1: config 0 descriptor?? [ 521.546735][T10284] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.2169'. [ 521.560159][ T3688] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 521.577237][ T3688] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 521.943080][T10278] loop1: detected capacity change from 0 to 40427 [ 521.978172][T10278] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 522.029144][T10278] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 522.212215][T10278] F2FS-fs (loop1): Found nat_bits in checkpoint [ 522.994608][T10278] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 523.007480][T10278] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 523.967053][ T3726] usb 4-1: USB disconnect, device number 38 [ 523.985661][ T3726] ldusb 4-1:0.0: LD USB Device #0 now disconnected [ 524.045881][ T4740] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 524.045903][ T4740] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 524.083689][ T4740] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 524.109639][ T4740] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 524.144398][ T4740] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 524.172807][ T4740] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 524.182788][ T4740] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 524.338421][T10322] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2178'. [ 524.820806][T10333] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2184'. [ 524.929760][ T3643] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 524.950606][T10335] ptrace attach of "./syz-executor exec"[3648] was attempted by "./syz-executor exec"[10335] [ 525.290028][ T3643] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 525.374432][ T3643] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 525.385279][ T3643] usb 4-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 525.395361][ T3643] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 525.546599][ T3643] usb 4-1: config 0 descriptor?? [ 526.011027][T10351] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2189'. [ 526.123306][ T3643] hid-led 0003:0FC5:B080.0010: unknown main item tag 0x0 [ 526.153042][ T3643] hid-led 0003:0FC5:B080.0010: unknown main item tag 0x0 [ 526.187109][ T3643] hid-led 0003:0FC5:B080.0010: unknown main item tag 0x0 [ 526.509800][ T3688] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 526.820628][ T3643] hid-led: probe of 0003:0FC5:B080.0010 failed with error -71 [ 527.307998][ T3643] usb 4-1: USB disconnect, device number 39 [ 527.469571][ T3688] usb 3-1: Using ep0 maxpacket: 32 [ 527.589801][ T3688] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 527.621428][ T3688] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 527.654155][ T3688] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 527.699333][T10371] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2196'. [ 527.699620][ T3688] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 527.740593][ T3688] usb 3-1: config 0 interface 0 has no altsetting 0 [ 527.929877][ T3688] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 527.953462][T10383] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2202'. [ 527.973003][ T3688] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 528.020057][ T3688] usb 3-1: Product: syz [ 528.049657][ T3688] usb 3-1: Manufacturer: syz [ 528.079862][ T3688] usb 3-1: SerialNumber: syz [ 528.119760][ T3688] usb 3-1: config 0 descriptor?? [ 528.181622][ T3688] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 528.211979][ T3688] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 528.296837][T10393] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2206'. [ 528.739676][ T3688] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 529.069563][ T3688] usb 4-1: Using ep0 maxpacket: 32 [ 529.200606][ T3688] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 529.312285][ T3688] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 529.371431][ T3688] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 529.431420][ T3688] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 529.470812][ T3688] usb 4-1: config 0 interface 0 has no altsetting 0 [ 529.669778][ T3688] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 529.685834][ T3688] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 529.711919][T10411] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2212'. [ 529.714955][ T3688] usb 4-1: Product: syz [ 529.755937][ T3688] usb 4-1: Manufacturer: syz [ 529.775108][ T3688] usb 4-1: SerialNumber: syz [ 529.792041][ T3688] usb 4-1: config 0 descriptor?? [ 529.830820][ T3688] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 529.852351][ T3688] ldusb 4-1:0.0: LD USB Device #1 now attached to major 180 minor 1 [ 529.870356][ T3643] usb 3-1: USB disconnect, device number 29 [ 529.905074][ T3643] ldusb 3-1:0.0: LD USB Device #0 now disconnected [ 530.357707][T10421] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2215'. [ 530.969138][T10439] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2224'. [ 531.970819][ T8215] usb 4-1: USB disconnect, device number 40 [ 532.017124][ T8215] ldusb 4-1:0.0: LD USB Device #1 now disconnected [ 532.154614][T10458] bridge0: port 1(bridge_slave_0) entered disabled state [ 532.216920][ T7599] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 532.311583][ T7599] bridge0: port 1(bridge_slave_0) entered blocking state [ 532.318737][ T7599] bridge0: port 1(bridge_slave_0) entered forwarding state [ 533.239574][ T3718] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 533.489699][ T3718] usb 2-1: Using ep0 maxpacket: 32 [ 533.999703][ T3718] usb 2-1: config index 0 descriptor too short (expected 156, got 27) [ 534.074314][ T3718] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 534.935938][ T3718] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 535.009380][ T3718] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 535.038210][ T3718] usb 2-1: config 0 interface 0 has no altsetting 0 [ 535.229906][ T3718] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 535.253437][ T3718] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 535.268018][ T3718] usb 2-1: Product: syz [ 535.283380][ T3718] usb 2-1: Manufacturer: syz [ 535.292884][ T3718] usb 2-1: SerialNumber: syz [ 535.324705][ T3718] usb 2-1: config 0 descriptor?? [ 535.381398][ T3718] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 535.410152][ T3718] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 535.471221][T10515] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2256'. [ 535.510109][T10515] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2256'. [ 536.137143][ T26] audit: type=1800 audit(1729099365.868:10): pid=10533 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.0.2261" name="/" dev="sockfs" ino=55661 res=0 errno=0 [ 536.290498][T10553] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2269'. [ 536.304965][T10553] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2269'. [ 536.479709][ T3718] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 536.715119][T10572] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2277'. [ 536.729727][ T3718] usb 5-1: Using ep0 maxpacket: 32 [ 536.849958][ T3718] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 536.862824][T10577] netlink: 'syz.3.2279': attribute type 1 has an invalid length. [ 536.868524][ T3718] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 536.886118][T10577] netlink: 16150 bytes leftover after parsing attributes in process `syz.3.2279'. [ 536.892497][ T3718] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 536.937437][ T3718] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 536.969596][ T3718] usb 5-1: config 0 interface 0 has no altsetting 0 [ 537.074061][ T3643] usb 2-1: USB disconnect, device number 44 [ 537.083198][T10582] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2281'. [ 537.098681][T10582] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2281'. [ 537.117767][ T3643] ldusb 2-1:0.0: LD USB Device #0 now disconnected [ 537.140288][ T3718] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 537.161701][ T3718] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 537.189843][ T3718] usb 5-1: Product: syz [ 537.194252][ T3718] usb 5-1: Manufacturer: syz [ 537.211038][ T3718] usb 5-1: SerialNumber: syz [ 537.259396][ T3718] usb 5-1: config 0 descriptor?? [ 537.334233][ T3718] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 537.361942][ T3718] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 537.825032][T10599] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2288'. [ 538.212043][T10613] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2293'. [ 538.949729][ T8194] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 539.229721][ T8194] usb 4-1: Using ep0 maxpacket: 32 [ 539.246081][ T3688] usb 5-1: USB disconnect, device number 24 [ 539.978869][ T3688] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 540.070997][ T8194] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 540.093202][ T8194] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 540.167673][ T8194] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 540.244774][ T8194] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 540.331983][ T8194] usb 4-1: config 0 interface 0 has no altsetting 0 [ 540.497149][T10646] __nla_validate_parse: 3 callbacks suppressed [ 540.497168][T10646] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2306'. [ 540.518922][T10646] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2306'. [ 540.549970][ T8194] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 540.569884][ T8194] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 540.609569][ T8194] usb 4-1: Product: syz [ 540.642461][ T8194] usb 4-1: Manufacturer: syz [ 540.664588][ T8194] usb 4-1: SerialNumber: syz [ 540.718920][ T8194] usb 4-1: config 0 descriptor?? [ 540.781772][ T8194] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 540.807900][ T8194] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 541.343566][T10648] loop2: detected capacity change from 0 to 40427 [ 541.377461][T10648] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 541.430182][T10648] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 541.463553][T10648] F2FS-fs (loop2): invalid crc value [ 541.527243][T10648] F2FS-fs (loop2): Found nat_bits in checkpoint [ 541.596093][T10648] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 541.605744][T10648] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 542.357314][ T9] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 542.380580][ T8217] usb 4-1: USB disconnect, device number 41 [ 542.399111][ T9] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 542.437601][ T8217] ldusb 4-1:0.0: LD USB Device #0 now disconnected [ 542.889616][ T3643] usb 2-1: new full-speed USB device number 45 using dummy_hcd [ 543.129579][ T3643] usb 2-1: device descriptor read/64, error -71 [ 543.219695][ T8217] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 543.250048][T10688] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2319'. [ 543.399784][ T3643] usb 2-1: new full-speed USB device number 46 using dummy_hcd [ 543.589811][ T3643] usb 2-1: device descriptor read/64, error -71 [ 543.609829][ T8217] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 543.642400][ T8217] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 543.663275][ T8217] usb 4-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 543.708121][ T8217] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 543.717808][ T3643] usb usb2-port1: attempt power cycle [ 543.946234][ T8217] usb 4-1: config 0 descriptor?? [ 544.369599][ T3643] usb 2-1: new full-speed USB device number 47 using dummy_hcd [ 544.479736][ T3643] usb 2-1: device descriptor read/8, error -71 [ 544.713197][ T8217] hid-led 0003:0FC5:B080.0011: unknown main item tag 0x0 [ 544.720490][ T8217] hid-led 0003:0FC5:B080.0011: unknown main item tag 0x0 [ 544.735536][ T8217] hid-led 0003:0FC5:B080.0011: unknown main item tag 0x0 [ 544.769666][ T3643] usb 2-1: new full-speed USB device number 48 using dummy_hcd [ 545.049812][ T3643] usb 2-1: device not accepting address 48, error -71 [ 545.126650][ T3643] usb usb2-port1: unable to enumerate USB device [ 545.141168][ T8217] hid-led: probe of 0003:0FC5:B080.0011 failed with error -71 [ 545.541962][ T8217] usb 4-1: USB disconnect, device number 42 [ 545.710509][T10723] netlink: 16162 bytes leftover after parsing attributes in process `syz.4.2331'. [ 545.923056][ T3656] Bluetooth: hci5: unexpected cc 0x2007 length: 100 > 2 [ 545.932792][ T3656] Bluetooth: hci5: unexpected event for opcode 0x2007 [ 545.980109][T10731] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 545.987199][T10731] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 546.069330][T10731] vhci_hcd vhci_hcd.0: Device attached [ 546.085560][T10734] vhci_hcd: connection closed [ 546.115646][ T1189] vhci_hcd: stop threads [ 546.188843][ T1189] vhci_hcd: release socket [ 546.238955][ T1189] vhci_hcd: disconnect device [ 546.767409][ T26] audit: type=1800 audit(1729099376.498:11): pid=10746 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.3.2339" name="/" dev="sockfs" ino=56532 res=0 errno=0 [ 546.929548][ T8194] usb 1-1: new full-speed USB device number 34 using dummy_hcd [ 547.014841][T10761] netlink: 16162 bytes leftover after parsing attributes in process `syz.3.2344'. [ 547.129561][ T8194] usb 1-1: device descriptor read/64, error -71 [ 547.412035][ T8194] usb 1-1: new full-speed USB device number 35 using dummy_hcd [ 548.479547][ T8194] usb 1-1: device descriptor read/64, error -71 [ 548.563424][T10760] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 548.609764][ T8194] usb usb1-port1: attempt power cycle [ 549.188337][T10784] netlink: 168 bytes leftover after parsing attributes in process `syz.3.2350'. [ 549.199524][T10784] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2350'. [ 549.327904][ T8194] usb 1-1: new full-speed USB device number 36 using dummy_hcd [ 549.745162][T10798] fuse: Bad value for 'fd' [ 549.819649][ T8194] usb 1-1: device descriptor read/8, error -71 [ 549.941792][ T3656] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0 [ 549.950582][ T3656] Bluetooth: hci5: Injecting HCI hardware error event [ 549.959650][ T3657] Bluetooth: hci5: hardware error 0x00 [ 550.046709][T10804] netlink: 16162 bytes leftover after parsing attributes in process `syz.3.2358'. [ 550.188815][ T26] audit: type=1800 audit(1729099379.918:12): pid=10789 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.2.2354" name="/" dev="sockfs" ino=56576 res=0 errno=0 [ 552.019738][ T3657] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 552.840078][T10843] fuse: Bad value for 'fd' [ 552.969969][ T3687] usb 1-1: new full-speed USB device number 38 using dummy_hcd [ 553.057933][T10846] netlink: 16162 bytes leftover after parsing attributes in process `syz.2.2372'. [ 553.179645][ T3687] usb 1-1: device descriptor read/64, error -71 [ 553.449630][ T3687] usb 1-1: new full-speed USB device number 39 using dummy_hcd [ 553.679683][ T3687] usb 1-1: device descriptor read/64, error -71 [ 553.722594][ T26] audit: type=1800 audit(1729099383.458:13): pid=10849 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.3.2371" name="/" dev="sockfs" ino=56313 res=0 errno=0 [ 553.872046][ T3687] usb usb1-port1: attempt power cycle [ 554.323285][ T3687] usb 1-1: new full-speed USB device number 40 using dummy_hcd [ 554.539826][ T3687] usb 1-1: device descriptor read/8, error -71 [ 554.891810][ T3687] usb 1-1: new full-speed USB device number 41 using dummy_hcd [ 555.029948][ T3687] usb 1-1: device descriptor read/8, error -71 [ 555.149728][ T3687] usb usb1-port1: unable to enumerate USB device [ 555.412671][T10884] fuse: Bad value for 'fd' [ 555.751946][T10892] netlink: 16162 bytes leftover after parsing attributes in process `syz.2.2384'. [ 556.852891][ T3687] libceph: connect (1)[c::]:6789 error -101 [ 556.861633][ T3687] libceph: mon0 (1)[c::]:6789 connect error [ 556.872384][T10905] ceph: No mds server is up or the cluster is laggy [ 557.999589][ T3643] usb 4-1: new full-speed USB device number 43 using dummy_hcd [ 558.219746][ T3643] usb 4-1: device descriptor read/64, error -71 [ 558.489745][ T3643] usb 4-1: new full-speed USB device number 44 using dummy_hcd [ 558.729710][ T3643] usb 4-1: device descriptor read/64, error -71 [ 558.849896][ T3643] usb usb4-port1: attempt power cycle [ 559.026196][ T26] audit: type=1800 audit(1729099388.758:14): pid=10941 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.2.2400" name="/" dev="sockfs" ino=57629 res=0 errno=0 [ 559.449650][ T3643] usb 4-1: new full-speed USB device number 45 using dummy_hcd [ 560.129653][ T3643] usb 4-1: device descriptor read/8, error -71 [ 560.399813][ T3643] usb 4-1: new full-speed USB device number 46 using dummy_hcd [ 561.359544][T10972] device veth1_macvtap left promiscuous mode [ 561.365712][T10972] device veth1_macvtap entered promiscuous mode [ 562.119723][ T3643] usb 4-1: device descriptor read/8, error -71 [ 562.126126][ T8215] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 562.177138][ T3657] Bluetooth: hci1: unexpected event for opcode 0x1003 [ 562.252139][ T3643] usb usb4-port1: unable to enumerate USB device [ 562.406972][ T26] audit: type=1800 audit(1729099392.128:15): pid=10979 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.2.2414" name="/" dev="sockfs" ino=56935 res=0 errno=0 [ 562.700374][ T8215] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 562.789169][ T8215] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 563.020493][ T1272] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.027216][ T1272] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.052923][ T8215] usb 5-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 563.233790][ T8215] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 563.326146][ T8215] usb 5-1: config 0 descriptor?? [ 563.659764][T11011] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2425'. [ 563.843219][ T8215] hid-led 0003:0FC5:B080.0012: unknown main item tag 0x0 [ 563.871870][ T8215] hid-led 0003:0FC5:B080.0012: unknown main item tag 0x0 [ 563.909972][ T8215] hid-led 0003:0FC5:B080.0012: unknown main item tag 0x0 [ 564.169579][ T3726] usb 1-1: new full-speed USB device number 42 using dummy_hcd [ 564.279763][ T8215] hid-led: probe of 0003:0FC5:B080.0012 failed with error -71 [ 564.320800][ T8215] usb 5-1: USB disconnect, device number 25 [ 564.359564][ T3726] usb 1-1: device descriptor read/64, error -71 [ 564.649535][ T3726] usb 1-1: new full-speed USB device number 43 using dummy_hcd [ 564.849548][ T3726] usb 1-1: device descriptor read/64, error -71 [ 564.979846][ T3726] usb usb1-port1: attempt power cycle [ 565.399574][ T3726] usb 1-1: new full-speed USB device number 44 using dummy_hcd [ 565.469555][ T26] audit: type=1800 audit(1729099395.198:16): pid=11028 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.3.2430" name="/" dev="sockfs" ino=57855 res=0 errno=0 [ 566.269862][ T3726] usb 1-1: device descriptor read/8, error -71 [ 566.579548][ T3726] usb 1-1: new full-speed USB device number 45 using dummy_hcd [ 566.710092][ T3726] usb 1-1: device descriptor read/8, error -71 [ 566.851895][ T3726] usb usb1-port1: unable to enumerate USB device [ 567.034392][T11058] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 567.041147][T11058] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 567.066215][T11064] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 567.217869][T11058] vhci_hcd vhci_hcd.0: Device attached [ 567.262854][T11070] netlink: 'syz.2.2441': attribute type 1 has an invalid length. [ 567.275179][T11070] netlink: 15382 bytes leftover after parsing attributes in process `syz.2.2441'. [ 567.519843][ T3643] usb 18-1: SetAddress Request (2) to port 0 [ 567.547074][ T3643] usb 18-1: new SuperSpeed USB device number 2 using vhci_hcd [ 567.692754][T11074] device veth1_macvtap entered promiscuous mode [ 569.040977][T11086] netlink: 'syz.2.2447': attribute type 10 has an invalid length. [ 569.091617][T11086] batman_adv: batadv0: Adding interface: hsr_slave_0 [ 569.742369][T11086] batman_adv: batadv0: The MTU of interface hsr_slave_0 is too small (1500) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1560. [ 569.764204][T11086] batman_adv: batadv0: Not using interface hsr_slave_0 (retrying later): interface not active [ 570.599241][T11105] netlink: 'syz.1.2454': attribute type 1 has an invalid length. [ 570.646792][T11105] netlink: 15382 bytes leftover after parsing attributes in process `syz.1.2454'. [ 570.766883][ T3657] Bluetooth: hci4: unexpected cc 0x2007 length: 100 > 2 [ 570.776544][ T3657] Bluetooth: hci4: unexpected event for opcode 0x2007 [ 570.809076][T11109] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 570.815642][T11109] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 570.823773][T11109] vhci_hcd vhci_hcd.0: Device attached [ 570.831320][T11110] vhci_hcd: connection closed [ 570.837892][ T7599] vhci_hcd: stop threads [ 570.847726][ T7599] vhci_hcd: release socket [ 570.892948][ T7599] vhci_hcd: disconnect device [ 571.064171][T11059] vhci_hcd: connection reset by peer [ 571.082565][ T7599] vhci_hcd: stop threads [ 571.087010][ T7599] vhci_hcd: release socket [ 571.109971][ T7599] vhci_hcd: disconnect device [ 572.030746][ T26] audit: type=1800 audit(1729099401.768:17): pid=11115 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.0.2458" name="/" dev="sockfs" ino=57124 res=0 errno=0 [ 572.131577][T11129] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2462'. [ 572.365337][T11136] rdma_rxe: rxe_register_device failed with error -23 [ 572.452432][T11136] rdma_rxe: failed to add ipvlan1 [ 572.507987][T11136] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2465'. [ 572.660205][ T3643] usb 18-1: device descriptor read/8, error -110 [ 572.729659][ T3689] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 572.906147][T11151] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 572.913534][T11151] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 572.922634][T11151] vhci_hcd vhci_hcd.0: Device attached [ 572.935382][T11153] usbip_core: unknown command [ 572.941543][T11153] vhci_hcd: unknown pdu 0 [ 572.947736][T11153] usbip_core: unknown command [ 572.953946][ T4916] vhci_hcd: stop threads [ 572.979580][ T3689] usb 2-1: Using ep0 maxpacket: 32 [ 572.985579][ T4916] vhci_hcd: release socket [ 572.994495][ T4916] vhci_hcd: disconnect device [ 573.080892][ T3643] usb usb18-port1: attempt power cycle [ 573.099786][ T3689] usb 2-1: config index 0 descriptor too short (expected 156, got 27) [ 573.115775][ T3689] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 573.153118][ T3689] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 573.190915][ T3689] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 573.233775][T11158] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2473'. [ 573.236158][ T3689] usb 2-1: config 0 interface 0 has no altsetting 0 [ 573.439769][ T3689] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 573.454429][ T3689] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 573.492926][ T3689] usb 2-1: Product: syz [ 573.508697][ T3689] usb 2-1: Manufacturer: syz [ 573.526794][ T3689] usb 2-1: SerialNumber: syz [ 573.557831][ T3689] usb 2-1: config 0 descriptor?? [ 573.730581][ T3643] usb usb18-port1: unable to enumerate USB device [ 573.738965][ T3689] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 573.844682][ T3689] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 574.604169][T11170] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2476'. [ 574.745740][T11163] loop4: detected capacity change from 0 to 40427 [ 574.793061][T11163] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 574.815173][T11163] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 574.825024][ T3657] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 574.835694][ T3657] Bluetooth: hci4: Injecting HCI hardware error event [ 574.846177][ T3656] Bluetooth: hci4: hardware error 0x00 [ 574.893335][T11175] netlink: 'syz.3.2478': attribute type 1 has an invalid length. [ 574.921419][T11163] F2FS-fs (loop4): Found nat_bits in checkpoint [ 574.948601][T11175] netlink: 'syz.3.2478': attribute type 4 has an invalid length. [ 574.989688][T11175] netlink: 15334 bytes leftover after parsing attributes in process `syz.3.2478'. [ 574.999741][ T26] audit: type=1800 audit(1729099404.738:18): pid=11167 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.0.2477" name="/" dev="sockfs" ino=58175 res=0 errno=0 [ 575.206110][T11163] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 575.225638][T11163] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 576.409590][ T3641] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 576.409620][ T3641] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 576.417485][ T3641] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 576.476683][ T3726] usb 2-1: USB disconnect, device number 49 [ 576.489869][ T3641] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 576.491359][ T3641] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 576.512153][ T3641] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 576.516285][ T3726] ldusb 2-1:0.0: LD USB Device #0 now disconnected [ 576.573757][ T3641] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 576.699027][T11202] 9pnet_virtio: no channels available for device syz [ 576.816721][T11204] netlink: 'syz.3.2484': attribute type 10 has an invalid length. [ 576.916441][T11204] device hsr0 entered promiscuous mode [ 576.980282][ T3656] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 577.007153][T11204] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 577.025332][T11204] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 577.037523][T11204] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 577.050544][T11204] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 577.493642][T11214] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 577.500248][T11214] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 577.656259][T11220] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2489'. [ 577.672102][T11214] vhci_hcd vhci_hcd.0: Device attached [ 577.704315][T11215] vhci_hcd: connection closed [ 577.704770][ T7599] vhci_hcd: stop threads [ 577.716876][ T7599] vhci_hcd: release socket [ 577.721663][ T7599] vhci_hcd: disconnect device [ 577.874866][T11226] netlink: 'syz.3.2491': attribute type 1 has an invalid length. [ 577.890718][T11226] netlink: 'syz.3.2491': attribute type 4 has an invalid length. [ 577.899016][T11226] netlink: 15334 bytes leftover after parsing attributes in process `syz.3.2491'. [ 578.007883][T11230] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 578.162668][T11234] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2493'. [ 578.175758][T11236] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2494'. [ 578.340173][ T3656] Bluetooth: hci2: command 0x0406 tx timeout [ 578.755974][T11252] fuse: Unknown parameter 'rootde' [ 579.698760][T11259] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2501'. [ 580.679622][ T3689] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 581.179801][ T3689] usb 1-1: config index 0 descriptor too short (expected 23569, got 27) [ 581.188825][ T3689] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 581.329813][ T3689] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 581.333269][T11286] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2512'. [ 581.359227][ T3689] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 581.400765][ T3689] usb 1-1: Manufacturer: syz [ 581.419984][ T3689] usb 1-1: config 0 descriptor?? [ 581.779730][ T3689] rc_core: IR keymap rc-hauppauge not found [ 581.795080][ T3689] Registered IR keymap rc-empty [ 581.840327][ T3689] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 581.888846][ T3689] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input6 [ 581.940348][T11295] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 581.946919][T11295] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 582.010885][ T3689] usb 1-1: USB disconnect, device number 46 [ 582.030348][T11295] vhci_hcd vhci_hcd.0: Device attached [ 582.107463][T11296] vhci_hcd: connection closed [ 582.110851][ T4916] vhci_hcd: stop threads [ 582.124943][ T4916] vhci_hcd: release socket [ 582.138254][ T4916] vhci_hcd: disconnect device [ 583.441248][T11319] netlink: 'syz.4.2519': attribute type 1 has an invalid length. [ 583.449608][T11319] netlink: 'syz.4.2519': attribute type 4 has an invalid length. [ 583.536243][T11319] netlink: 15334 bytes leftover after parsing attributes in process `syz.4.2519'. [ 585.044900][T11332] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2524'. [ 585.242621][T11337] 9pnet_virtio: no channels available for device syz [ 585.277004][ T26] audit: type=1326 audit(1729099415.008:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11338 comm="syz.4.2527" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f516bf7dff9 code=0x0 [ 585.354103][T11337] netlink: 'syz.2.2525': attribute type 10 has an invalid length. [ 585.381104][T11337] device hsr0 entered promiscuous mode [ 585.479712][T11337] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 585.480464][T11337] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 585.481393][T11337] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 585.481415][T11337] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 585.680833][T11347] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 585.680906][T11347] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 585.681051][T11347] vhci_hcd vhci_hcd.0: Device attached [ 585.684190][T11348] usbip_core: unknown command [ 585.684202][T11348] vhci_hcd: unknown pdu 0 [ 585.684215][T11348] usbip_core: unknown command [ 585.685370][ T3760] vhci_hcd: stop threads [ 585.685421][ T3760] vhci_hcd: release socket [ 585.685441][ T3760] vhci_hcd: disconnect device [ 586.169623][ T3718] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 586.469622][ T3718] usb 5-1: Using ep0 maxpacket: 8 [ 586.565840][T11358] fuse: Bad value for 'fd' [ 586.589834][ T3718] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 586.618470][ T3718] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 586.662963][ T3718] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 586.681393][T11362] siw: device registration error -23 [ 586.746865][ T3718] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 586.848801][ T3718] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 586.904190][ T3718] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 587.219660][ T3718] usb 5-1: GET_CAPABILITIES returned 0 [ 587.225461][ T3718] usbtmc 5-1:16.0: can't read capabilities [ 587.860268][T11379] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2537'. [ 588.419825][ T8217] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 588.549019][ T3726] usb 5-1: USB disconnect, device number 26 [ 588.598604][T11383] netlink: 'syz.3.2539': attribute type 1 has an invalid length. [ 588.619684][ T8217] usb 2-1: device descriptor read/64, error -71 [ 588.654984][T11383] netlink: 'syz.3.2539': attribute type 4 has an invalid length. [ 588.695576][T11383] netlink: 15334 bytes leftover after parsing attributes in process `syz.3.2539'. [ 588.725182][T11385] netlink: 'syz.4.2540': attribute type 1 has an invalid length. [ 588.773736][T11385] netlink: 15334 bytes leftover after parsing attributes in process `syz.4.2540'. [ 588.889649][ T8217] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 589.079594][ T8217] usb 2-1: device descriptor read/64, error -71 [ 589.200340][ T8217] usb usb2-port1: attempt power cycle [ 589.302684][ T3689] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 589.505604][ T3689] usb 5-1: device descriptor read/64, error -71 [ 589.609593][ T3643] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 589.617319][ T8217] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 589.709904][ T8217] usb 2-1: device descriptor read/8, error -71 [ 589.779671][ T3689] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 589.859691][ T3643] usb 1-1: Using ep0 maxpacket: 32 [ 589.979850][ T3643] usb 1-1: config index 0 descriptor too short (expected 156, got 27) [ 589.988361][ T8217] usb 2-1: new high-speed USB device number 53 using dummy_hcd [ 589.996126][ T3689] usb 5-1: device descriptor read/64, error -71 [ 590.003632][ T3643] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 590.022045][ T3643] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 590.034358][ T3643] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 590.048093][ T3643] usb 1-1: config 0 interface 0 has no altsetting 0 [ 590.089651][ T8217] usb 2-1: device descriptor read/8, error -71 [ 590.119724][ T3689] usb usb5-port1: attempt power cycle [ 590.209653][ T3643] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 590.218859][ T3643] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 590.227618][ T8217] usb usb2-port1: unable to enumerate USB device [ 590.234696][ T3643] usb 1-1: Product: syz [ 590.238996][ T3643] usb 1-1: Manufacturer: syz [ 590.244540][ T3643] usb 1-1: SerialNumber: syz [ 590.266738][ T3643] usb 1-1: config 0 descriptor?? [ 590.310948][ T3643] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 590.330234][ T3643] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 590.516327][T11421] netlink: 'syz.3.2553': attribute type 1 has an invalid length. [ 590.524598][T11421] netlink: 'syz.3.2553': attribute type 4 has an invalid length. [ 590.533409][T11421] netlink: 15334 bytes leftover after parsing attributes in process `syz.3.2553'. [ 590.536821][ T3689] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 590.646445][T11427] netlink: 'syz.3.2555': attribute type 1 has an invalid length. [ 590.654648][ T3689] usb 5-1: device descriptor read/8, error -71 [ 590.656902][T11427] netlink: 15334 bytes leftover after parsing attributes in process `syz.3.2555'. [ 590.941986][ T3689] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 591.075180][ T26] audit: type=1326 audit(1729099420.808:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11435 comm="syz.3.2558" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f9277dff9 code=0x7ffc0000 [ 591.107127][ T26] audit: type=1326 audit(1729099420.808:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11435 comm="syz.3.2558" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f8f9277dff9 code=0x7ffc0000 [ 591.151068][ T26] audit: type=1326 audit(1729099420.808:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11435 comm="syz.3.2558" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f9277dff9 code=0x7ffc0000 [ 591.174294][ T26] audit: type=1326 audit(1729099420.808:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11435 comm="syz.3.2558" exe="/root/syz-executor" sig=0 arch=c000003e syscall=271 compat=0 ip=0x7f8f9277dff9 code=0x7ffc0000 [ 591.198055][ T3689] usb 5-1: device descriptor read/8, error -71 [ 591.207210][ T26] audit: type=1326 audit(1729099420.888:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11435 comm="syz.3.2558" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f9277dff9 code=0x7fc00000 [ 591.353106][ T3689] usb usb5-port1: unable to enumerate USB device [ 591.741954][ T26] audit: type=1326 audit(1729099421.478:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11435 comm="syz.3.2558" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8f9277dff9 code=0x7fc00000 [ 592.048848][ T3656] Bluetooth: hci2: unexpected cc 0x2007 length: 100 > 2 [ 592.057244][ T3656] Bluetooth: hci2: unexpected event for opcode 0x2007 [ 592.091962][T11452] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 592.098561][T11452] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 592.134516][T11452] vhci_hcd vhci_hcd.0: Device attached [ 592.141923][T11455] vhci_hcd: connection closed [ 592.142130][ T3884] vhci_hcd: stop threads [ 592.165219][ T3884] vhci_hcd: release socket [ 592.182406][ T3884] vhci_hcd: disconnect device [ 592.257876][T11461] 9pnet_virtio: no channels available for device syz [ 592.312917][T11465] netlink: 'syz.4.2565': attribute type 10 has an invalid length. [ 592.384713][T11465] device hsr0 entered promiscuous mode [ 592.394547][ T3643] usb 1-1: USB disconnect, device number 47 [ 592.430847][T11465] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 592.448611][T11465] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 592.462149][ T3643] ldusb 1-1:0.0: LD USB Device #0 now disconnected [ 592.567368][T11465] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 592.659721][T11465] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 592.704607][T11467] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2568'. [ 593.121004][ T3726] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 593.334826][ T3726] usb 1-1: device descriptor read/64, error -71 [ 593.620016][ T3726] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 593.809682][ T3726] usb 1-1: device descriptor read/64, error -71 [ 593.943111][ T3726] usb usb1-port1: attempt power cycle [ 594.056872][ T3643] usb 2-1: new high-speed USB device number 54 using dummy_hcd [ 594.363301][ T3726] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 594.404227][T11501] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 594.410889][T11501] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 594.426427][T11501] vhci_hcd vhci_hcd.0: Device attached [ 594.434845][T11502] usbip_core: unknown command [ 594.446741][T11502] vhci_hcd: unknown pdu 0 [ 594.456189][T11502] usbip_core: unknown command [ 594.477000][ T3884] vhci_hcd: stop threads [ 594.482011][ T3726] usb 1-1: device descriptor read/8, error -71 [ 594.489033][ T3643] usb 2-1: device descriptor read/64, error -71 [ 594.504616][ T3884] vhci_hcd: release socket [ 594.509177][ T3884] vhci_hcd: disconnect device [ 594.839807][ T3643] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 595.059551][ T3643] usb 2-1: device descriptor read/64, error -71 [ 595.219297][ T3643] usb usb2-port1: attempt power cycle [ 595.391875][T11507] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2582'. [ 595.517601][T11511] 9pnet_virtio: no channels available for device syz [ 595.529515][ T3726] usb 1-1: new high-speed USB device number 51 using dummy_hcd [ 595.649571][ T3643] usb 2-1: new high-speed USB device number 56 using dummy_hcd [ 595.664070][ T3726] usb 1-1: device descriptor read/8, error -71 [ 595.749846][ T3643] usb 2-1: device descriptor read/8, error -71 [ 595.824693][ T3726] usb usb1-port1: unable to enumerate USB device [ 595.999534][ T3688] usb 5-1: new full-speed USB device number 31 using dummy_hcd [ 596.079737][ T3643] usb 2-1: new high-speed USB device number 57 using dummy_hcd [ 596.114195][ T3656] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 596.127418][ T3656] Bluetooth: hci2: Injecting HCI hardware error event [ 596.137410][ T3650] Bluetooth: hci2: hardware error 0x00 [ 596.143784][T11520] sd 0:0:1:0: PR command failed: 1026 [ 596.155605][T11520] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 596.169874][ T3643] usb 2-1: device descriptor read/8, error -71 [ 596.208516][T11520] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 596.321036][ T3643] usb usb2-port1: unable to enumerate USB device [ 596.520018][ T3688] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 596.538726][ T3688] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 596.564548][ T3688] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 596.577893][ T3688] usb 5-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 596.587343][ T3688] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 596.624394][ T3688] usb 5-1: config 0 descriptor?? [ 597.106757][T11539] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2592'. [ 597.144087][ T3688] usbhid 5-1:0.0: can't add hid device: -71 [ 597.166464][ T3688] usbhid: probe of 5-1:0.0 failed with error -71 [ 597.238304][ T3688] usb 5-1: USB disconnect, device number 31 [ 597.323493][T11543] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2594'. [ 597.729820][T11552] netlink: 'syz.2.2598': attribute type 10 has an invalid length. [ 597.737974][T11552] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 597.759900][T11552] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 597.772173][T11552] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 597.849608][ T3643] usb 2-1: new high-speed USB device number 58 using dummy_hcd [ 597.860036][T11552] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 597.957311][T11557] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 597.963904][T11557] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 598.020244][T11557] vhci_hcd vhci_hcd.0: Device attached [ 598.106154][T11558] device veth1_macvtap left promiscuous mode [ 598.109724][ T3643] usb 2-1: Using ep0 maxpacket: 32 [ 598.120680][T11558] device veth1_macvtap entered promiscuous mode [ 598.182187][ T3650] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 598.239862][ T3643] usb 2-1: config index 0 descriptor too short (expected 156, got 27) [ 598.268836][ T3643] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 598.357174][ T3643] usb 2-1: config 0 has no interfaces? [ 598.383929][ T3688] usb 16-1: SetAddress Request (2) to port 0 [ 598.498630][ T3688] usb 16-1: new SuperSpeed USB device number 2 using vhci_hcd [ 598.572022][ T3643] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 598.593107][ T3643] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 598.639579][ T3643] usb 2-1: Product: syz [ 598.654158][ T3643] usb 2-1: Manufacturer: syz [ 598.684588][ T3643] usb 2-1: SerialNumber: syz [ 598.696468][ T3643] usb 2-1: config 0 descriptor?? [ 599.039546][ T8217] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 599.080178][ T3650] Bluetooth: hci1: command 0x0406 tx timeout [ 599.350186][ T8217] usb 3-1: device descriptor read/64, error -71 [ 599.388392][ T7599] Bluetooth: hci3: received HCILL_GO_TO_SLEEP_ACK in state 1 [ 599.534467][ T7599] Bluetooth: hci3: Frame reassembly failed (-84) [ 599.799641][ T8217] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 600.005914][ T8217] usb 3-1: device descriptor read/64, error -71 [ 600.077135][T11559] vhci_hcd: connection reset by peer [ 600.091435][ T7599] vhci_hcd: stop threads [ 600.095826][ T7599] vhci_hcd: release socket [ 600.102950][ T7599] vhci_hcd: disconnect device [ 600.106660][T11571] netlink: 'syz.0.2603': attribute type 1 has an invalid length. [ 600.121605][T11571] netlink: 'syz.0.2603': attribute type 4 has an invalid length. [ 600.134718][T11571] netlink: 15334 bytes leftover after parsing attributes in process `syz.0.2603'. [ 600.142081][ T8217] usb usb3-port1: attempt power cycle [ 600.499328][T11580] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2607'. [ 600.503837][ T3726] usb 2-1: USB disconnect, device number 58 [ 600.569732][ T8217] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 600.660107][ T8217] usb 3-1: device descriptor read/8, error -71 [ 600.934203][ T8217] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 601.218216][ T8217] usb 3-1: device descriptor read/8, error -71 [ 601.300933][T11538] Bluetooth: hci3: command 0x1003 tx timeout [ 601.307420][ T3650] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 601.767159][ T8217] usb usb3-port1: unable to enumerate USB device [ 602.132214][T11602] netlink: 'syz.4.2615': attribute type 1 has an invalid length. [ 602.156010][T11602] netlink: 'syz.4.2615': attribute type 4 has an invalid length. [ 602.170211][T11602] netlink: 15334 bytes leftover after parsing attributes in process `syz.4.2615'. [ 602.243654][T11605] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 602.250232][T11605] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 602.267586][T11605] vhci_hcd vhci_hcd.0: Device attached [ 602.278905][T11611] netlink: 'syz.1.2617': attribute type 1 has an invalid length. [ 602.287052][T11608] usbip_core: unknown command [ 602.292375][T11608] vhci_hcd: unknown pdu 0 [ 602.296850][T11608] usbip_core: unknown command [ 602.308513][T11611] netlink: 'syz.1.2617': attribute type 4 has an invalid length. [ 602.308526][ T7599] vhci_hcd: stop threads [ 602.308538][ T7599] vhci_hcd: release socket [ 602.308555][ T7599] vhci_hcd: disconnect device [ 602.317287][T11611] netlink: 15334 bytes leftover after parsing attributes in process `syz.1.2617'. [ 602.659701][ T3687] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 602.696979][T11619] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 602.909559][ T3687] usb 3-1: Using ep0 maxpacket: 32 [ 603.060889][ T3687] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 603.080492][ T3687] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 603.097530][ T3687] usb 3-1: config 0 has no interfaces? [ 603.276757][T11633] 9pnet_virtio: no channels available for device syz [ 603.289796][ T3687] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 603.305340][ T3687] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 603.321911][ T3687] usb 3-1: Product: syz [ 603.329748][ T3687] usb 3-1: Manufacturer: syz [ 603.334466][ T3687] usb 3-1: SerialNumber: syz [ 603.341894][ T3687] usb 3-1: config 0 descriptor?? [ 603.619626][ T3688] usb 16-1: device descriptor read/8, error -110 [ 604.081045][ T3688] usb usb16-port1: attempt power cycle [ 604.750563][ T3688] usb usb16-port1: unable to enumerate USB device [ 605.502115][T11651] netlink: 'syz.0.2632': attribute type 1 has an invalid length. [ 605.517531][T11651] netlink: 'syz.0.2632': attribute type 4 has an invalid length. [ 605.528727][T11651] netlink: 15334 bytes leftover after parsing attributes in process `syz.0.2632'. [ 605.714256][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x1 [ 605.757368][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 605.785698][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 605.807814][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 605.822294][T11538] Bluetooth: hci1: unexpected subevent 0x01 length: 78 > 18 [ 605.848375][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 605.858418][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 606.043113][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x4 [ 606.629662][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 606.651572][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x2 [ 606.669791][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 606.680216][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 606.705419][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 606.719968][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 606.727539][ T3643] usb 3-1: USB disconnect, device number 34 [ 606.750429][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x4 [ 606.764797][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 606.829132][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 606.854653][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 606.875202][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 606.912194][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 606.945221][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 606.953562][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 606.961965][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 606.973321][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 606.990341][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 606.998749][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 607.006892][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 607.015196][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 607.024828][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 607.034926][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 607.045045][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 607.053748][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 607.061876][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 607.073442][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 607.084441][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 607.092127][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 607.099624][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 607.107709][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 607.115329][ T3688] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 607.152073][ T3688] hid-generic 0000:0000:0000.0013: hidraw0: HID v0.00 Device [syz0] on syz0 [ 607.653500][T11678] input: syz0 as /devices/virtual/input/input7 [ 607.692690][T11681] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 607.699246][T11681] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 607.756438][T11681] vhci_hcd vhci_hcd.0: Device attached [ 607.959854][T11683] vhci_hcd: connection closed [ 607.960239][ T7599] vhci_hcd: stop threads [ 607.971741][ T7599] vhci_hcd: release socket [ 607.977134][ T7599] vhci_hcd: disconnect device [ 608.113739][T11695] netlink: 'syz.3.2645': attribute type 1 has an invalid length. [ 608.121662][T11695] netlink: 'syz.3.2645': attribute type 4 has an invalid length. [ 608.133574][T11695] netlink: 15334 bytes leftover after parsing attributes in process `syz.3.2645'. [ 608.827480][ T3726] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 609.810931][T11722] netlink: 'syz.2.2658': attribute type 1 has an invalid length. [ 609.839625][ T3726] usb 4-1: Using ep0 maxpacket: 8 [ 609.869667][T11722] netlink: 'syz.2.2658': attribute type 4 has an invalid length. [ 609.906943][T11722] netlink: 15334 bytes leftover after parsing attributes in process `syz.2.2658'. [ 609.966409][ T3726] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 609.982762][ T3726] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 610.006455][ T3726] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 610.032738][ T3726] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 610.089528][ T3726] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 610.162942][ T3726] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 610.191914][ T3726] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 611.356268][ T8191] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 611.386112][T11740] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 611.392697][T11740] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 611.461362][T11740] vhci_hcd vhci_hcd.0: Device attached [ 611.550599][T11741] vhci_hcd: connection closed [ 611.552642][ T1189] vhci_hcd: stop threads [ 611.579748][ T8191] usb 3-1: device descriptor read/64, error -71 [ 611.589283][ T1189] vhci_hcd: release socket [ 611.612203][ T1189] vhci_hcd: disconnect device [ 612.589803][ T3726] usb 4-1: usb_control_msg returned -71 [ 612.603173][ T3726] usbtmc 4-1:16.0: can't read capabilities [ 612.638579][ T3726] usb 4-1: USB disconnect, device number 47 [ 612.679696][ T8191] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 614.344753][ T8191] usb 3-1: device descriptor read/64, error -71 [ 614.546105][ T8191] usb usb3-port1: attempt power cycle [ 615.779645][T11783] device macsec0 entered promiscuous mode [ 615.990733][T11787] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 615.997308][T11787] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 616.081207][T11787] vhci_hcd vhci_hcd.0: Device attached [ 616.089804][T11783] sg_write: data in/out 11/14 bytes for SCSI command 0x0-- guessing data in; [ 616.089804][T11783] program syz.0.2675 not setting count and/or reply_len properly [ 616.379582][ T3726] usb 16-1: SetAddress Request (6) to port 0 [ 616.385669][ T3726] usb 16-1: new SuperSpeed USB device number 6 using vhci_hcd [ 616.414851][T11788] vhci_hcd: connection closed [ 616.415309][ T3884] vhci_hcd: stop threads [ 616.563411][ T3884] vhci_hcd: release socket [ 616.609082][ T3884] vhci_hcd: disconnect device [ 616.969591][ T3643] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 617.019580][ T8217] usb 2-1: new high-speed USB device number 59 using dummy_hcd [ 617.209603][ T3643] usb 5-1: Using ep0 maxpacket: 32 [ 617.219761][ T8217] usb 2-1: device descriptor read/64, error -71 [ 617.329812][ T3643] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 617.344636][ T3643] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 617.367754][ T3643] usb 5-1: config 0 interface 0 has no altsetting 0 [ 617.489772][ T8217] usb 2-1: new high-speed USB device number 60 using dummy_hcd [ 617.541757][ T3643] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 617.567037][ T3643] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 617.639026][ T3643] usb 5-1: Product: syz [ 617.699843][ T8217] usb 2-1: device descriptor read/64, error -71 [ 617.807146][ T3643] usb 5-1: Manufacturer: syz [ 617.833355][ T8217] usb usb2-port1: attempt power cycle [ 617.905819][ T3643] usb 5-1: SerialNumber: syz [ 618.349775][ T8217] usb 2-1: new high-speed USB device number 61 using dummy_hcd [ 618.363723][ T3643] usb 5-1: config 0 descriptor?? [ 618.525361][ T3643] ldusb 5-1:0.0: Interrupt in endpoint not found [ 618.569710][ T8217] usb 2-1: device descriptor read/8, error -71 [ 618.779646][T11843] nbd2: detected capacity change from 0 to 22 [ 618.825923][T11846] block nbd2: shutting down sockets [ 618.839617][ T8217] usb 2-1: new high-speed USB device number 62 using dummy_hcd [ 618.887644][ C1] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 618.897102][ C1] Buffer I/O error on dev nbd2, logical block 0, async page read [ 618.909659][ T120] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 618.919330][ T120] Buffer I/O error on dev nbd2, logical block 0, async page read [ 618.937835][ T120] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 618.940149][ T8217] usb 2-1: device descriptor read/8, error -71 [ 618.947413][ T120] Buffer I/O error on dev nbd2, logical block 0, async page read [ 618.961328][ T52] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 618.970552][ T52] Buffer I/O error on dev nbd2, logical block 0, async page read [ 618.978499][ T52] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 618.988256][ T52] Buffer I/O error on dev nbd2, logical block 0, async page read [ 618.996279][ T52] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 619.005403][ T52] Buffer I/O error on dev nbd2, logical block 0, async page read [ 619.013487][ T52] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 619.022654][ T52] Buffer I/O error on dev nbd2, logical block 0, async page read [ 619.042583][ T120] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 619.051982][ T120] Buffer I/O error on dev nbd2, logical block 0, async page read [ 619.062424][ T120] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 619.071677][ T120] Buffer I/O error on dev nbd2, logical block 0, async page read [ 619.079530][ T3632] ldm_validate_partition_table(): Disk read failed. [ 619.086727][ T120] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 619.095853][ T120] Buffer I/O error on dev nbd2, logical block 0, async page read [ 619.118108][ T3632] Dev nbd2: unable to read RDB block 0 [ 619.130103][ T3632] nbd2: unable to read partition table [ 619.136088][ T3632] nbd2: partition table beyond EOD, truncated [ 619.149896][ T8217] usb usb2-port1: unable to enumerate USB device [ 619.178303][ T3632] ldm_validate_partition_table(): Disk read failed. [ 619.207494][ T3632] Dev nbd2: unable to read RDB block 0 [ 619.236604][ T3632] nbd2: unable to read partition table [ 619.250033][ T3632] nbd2: partition table beyond EOD, truncated [ 619.347668][T11859] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 619.354937][T11859] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 619.366279][T11859] vhci_hcd vhci_hcd.0: Device attached [ 619.373574][T11860] usbip_core: unknown command [ 619.378393][T11860] vhci_hcd: unknown pdu 0 [ 619.391488][T11860] usbip_core: unknown command [ 619.405886][ T7599] vhci_hcd: stop threads [ 619.410509][ T7599] vhci_hcd: release socket [ 619.427935][ T7599] vhci_hcd: disconnect device [ 619.481464][ T26] audit: type=1804 audit(1729099449.218:26): pid=11862 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2696" name="/newroot/529/file0/bus" dev="ramfs" ino=60344 res=1 errno=0 [ 619.529708][T11864] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 619.601269][T11864] tipc: Enabled bearer , priority 10 [ 619.672090][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 619.773469][ T8191] usb 5-1: USB disconnect, device number 32 [ 619.940975][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 620.469810][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 620.595759][T11871] device hsr_slave_0 left promiscuous mode [ 620.683965][T11871] device hsr_slave_1 left promiscuous mode [ 621.680475][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 621.682212][T11885] [ 621.688056][ T3726] usb 16-1: device descriptor read/8, error -110 [ 621.689691][T11885] ====================================================== [ 621.689700][T11885] WARNING: possible circular locking dependency detected [ 621.689709][T11885] 6.1.112-syzkaller #0 Not tainted [ 621.689720][T11885] ------------------------------------------------------ [ 621.689727][T11885] syz.4.2702/11885 is trying to acquire lock: [ 621.689738][T11885] ffff88801faa4130 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sk_state_change+0x57/0x300 [ 621.739972][T11885] [ 621.739972][T11885] but task is already holding lock: [ 621.747343][T11885] ffff88805ae78d28 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x259/0x6d0 [ 621.756322][T11885] [ 621.756322][T11885] which lock already depends on the new lock. [ 621.756322][T11885] [ 621.766825][T11885] [ 621.766825][T11885] the existing dependency chain (in reverse order) is: [ 621.775833][T11885] [ 621.775833][T11885] -> #3 (&d->lock){+.+.}-{3:3}: [ 621.782891][T11885] lock_acquire+0x1f8/0x5a0 [ 621.787946][T11885] __mutex_lock+0x132/0xd80 [ 621.792977][T11885] __rfcomm_dlc_close+0x259/0x6d0 [ 621.798537][T11885] rfcomm_dlc_close+0xed/0x180 [ 621.803826][T11885] __rfcomm_sock_close+0x104/0x220 [ 621.809493][T11885] rfcomm_sock_shutdown+0xb4/0x230 [ 621.815141][T11885] rfcomm_sock_release+0x55/0x110 [ 621.820712][T11885] sock_close+0xcd/0x230 [ 621.825475][T11885] __fput+0x3f6/0x8d0 [ 621.829992][T11885] task_work_run+0x246/0x300 [ 621.835194][T11885] get_signal+0x15fc/0x17d0 [ 621.840235][T11885] arch_do_signal_or_restart+0xb0/0x1a10 [ 621.846393][T11885] exit_to_user_mode_loop+0x6a/0x100 [ 621.852207][T11885] exit_to_user_mode_prepare+0xb1/0x140 [ 621.858271][T11885] syscall_exit_to_user_mode+0x60/0x270 [ 621.864342][T11885] do_syscall_64+0x47/0xb0 [ 621.869279][T11885] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 621.875701][T11885] [ 621.875701][T11885] -> #2 (rfcomm_mutex){+.+.}-{3:3}: [ 621.883090][T11885] lock_acquire+0x1f8/0x5a0 [ 621.888412][T11885] __mutex_lock+0x132/0xd80 [ 621.893436][T11885] rfcomm_dlc_exists+0xa2/0x370 [ 621.898812][T11885] rfcomm_dev_ioctl+0xb2d/0x2180 [ 621.904285][T11885] rfcomm_sock_ioctl+0x82/0xc0 [ 621.909579][T11885] sock_do_ioctl+0x152/0x450 [ 621.914711][T11885] sock_ioctl+0x47f/0x770 [ 621.919745][T11885] __se_sys_ioctl+0xf1/0x160 [ 621.924878][T11885] do_syscall_64+0x3b/0xb0 [ 621.929845][T11885] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 621.936274][T11885] [ 621.936274][T11885] -> #1 (rfcomm_ioctl_mutex){+.+.}-{3:3}: [ 621.944184][T11885] lock_acquire+0x1f8/0x5a0 [ 621.949222][T11885] __mutex_lock+0x132/0xd80 [ 621.954244][T11885] rfcomm_dev_ioctl+0x233/0x2180 [ 621.959710][T11885] rfcomm_sock_ioctl+0x82/0xc0 [ 621.965004][T11885] sock_do_ioctl+0x152/0x450 [ 621.970125][T11885] sock_ioctl+0x47f/0x770 [ 621.974980][T11885] __se_sys_ioctl+0xf1/0x160 [ 621.980087][T11885] do_syscall_64+0x3b/0xb0 [ 621.985023][T11885] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 621.991442][T11885] [ 621.991442][T11885] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}: [ 622.000855][T11885] validate_chain+0x1661/0x5950 [ 622.006229][T11885] __lock_acquire+0x125b/0x1f80 [ 622.011607][T11885] lock_acquire+0x1f8/0x5a0 [ 622.016656][T11885] lock_sock_nested+0x44/0x100 [ 622.021998][T11885] rfcomm_sk_state_change+0x57/0x300 [ 622.027821][T11885] __rfcomm_dlc_close+0x2b2/0x6d0 [ 622.033378][T11885] rfcomm_dlc_close+0xed/0x180 [ 622.038671][T11885] __rfcomm_sock_close+0x104/0x220 [ 622.044309][T11885] rfcomm_sock_shutdown+0xb4/0x230 [ 622.049946][T11885] rfcomm_sock_release+0x55/0x110 [ 622.055495][T11885] sock_close+0xcd/0x230 [ 622.060259][T11885] __fput+0x3f6/0x8d0 [ 622.064765][T11885] task_work_run+0x246/0x300 [ 622.069882][T11885] get_signal+0x15fc/0x17d0 [ 622.074919][T11885] arch_do_signal_or_restart+0xb0/0x1a10 [ 622.081077][T11885] exit_to_user_mode_loop+0x6a/0x100 [ 622.086882][T11885] exit_to_user_mode_prepare+0xb1/0x140 [ 622.092962][T11885] syscall_exit_to_user_mode+0x60/0x270 [ 622.099033][T11885] do_syscall_64+0x47/0xb0 [ 622.103968][T11885] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 622.110388][T11885] [ 622.110388][T11885] other info that might help us debug this: [ 622.110388][T11885] [ 622.120630][T11885] Chain exists of: [ 622.120630][T11885] sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM --> rfcomm_mutex --> &d->lock [ 622.120630][T11885] [ 622.134536][T11885] Possible unsafe locking scenario: [ 622.134536][T11885] [ 622.141982][T11885] CPU0 CPU1 [ 622.147340][T11885] ---- ---- [ 622.152698][T11885] lock(&d->lock); [ 622.156529][T11885] lock(rfcomm_mutex); [ 622.163208][T11885] lock(&d->lock); [ 622.169782][T11885] lock(sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM); [ 622.175941][T11885] [ 622.175941][T11885] *** DEADLOCK *** [ 622.175941][T11885] [ 622.184080][T11885] 3 locks held by syz.4.2702/11885: [ 622.189272][T11885] #0: ffff8880275e2c10 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: sock_close+0x98/0x230 [ 622.199470][T11885] #1: ffffffff8e6762e8 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_close+0x37/0x180 [ 622.208973][T11885] #2: ffff88805ae78d28 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x259/0x6d0 [ 622.218326][T11885] [ 622.218326][T11885] stack backtrace: [ 622.224235][T11885] CPU: 1 PID: 11885 Comm: syz.4.2702 Not tainted 6.1.112-syzkaller #0 [ 622.232396][T11885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 622.242470][T11885] Call Trace: [ 622.245773][T11885] [ 622.248704][T11885] dump_stack_lvl+0x1e3/0x2cb [ 622.253408][T11885] ? nf_tcp_handle_invalid+0x642/0x642 [ 622.259083][T11885] ? print_circular_bug+0x12b/0x1a0 [ 622.264292][T11885] check_noncircular+0x2fa/0x3b0 [ 622.269226][T11885] ? add_lock_to_list+0x1de/0x2e0 [ 622.274252][T11885] ? add_chain_block+0x850/0x850 [ 622.279192][T11885] ? lockdep_lock+0x11f/0x2a0 [ 622.283893][T11885] ? _find_first_zero_bit+0xd0/0x100 [ 622.289187][T11885] validate_chain+0x1661/0x5950 [ 622.294048][T11885] ? register_lock_class+0x100/0x990 [ 622.299344][T11885] ? reacquire_held_locks+0x660/0x660 [ 622.304726][T11885] ? is_dynamic_key+0x260/0x260 [ 622.309605][T11885] ? mark_lock+0x9a/0x340 [ 622.313948][T11885] ? __lock_acquire+0x125b/0x1f80 [ 622.318989][T11885] ? mark_lock+0x9a/0x340 [ 622.323341][T11885] __lock_acquire+0x125b/0x1f80 [ 622.328228][T11885] lock_acquire+0x1f8/0x5a0 [ 622.332742][T11885] ? rfcomm_sk_state_change+0x57/0x300 [ 622.338213][T11885] ? read_lock_is_recursive+0x10/0x10 [ 622.343595][T11885] ? __mutex_lock+0x2f7/0xd80 [ 622.348276][T11885] ? rcu_is_watching+0x11/0xb0 [ 622.353044][T11885] ? detach_timer+0x17d/0x380 [ 622.357842][T11885] ? __rfcomm_dlc_close+0x259/0x6d0 [ 622.363052][T11885] ? mutex_lock_nested+0x10/0x10 [ 622.368054][T11885] lock_sock_nested+0x44/0x100 [ 622.372843][T11885] ? rfcomm_sk_state_change+0x57/0x300 [ 622.378310][T11885] rfcomm_sk_state_change+0x57/0x300 [ 622.383699][T11885] __rfcomm_dlc_close+0x2b2/0x6d0 [ 622.388733][T11885] rfcomm_dlc_close+0xed/0x180 [ 622.393504][T11885] __rfcomm_sock_close+0x104/0x220 [ 622.398625][T11885] rfcomm_sock_shutdown+0xb4/0x230 [ 622.403754][T11885] rfcomm_sock_release+0x55/0x110 [ 622.408788][T11885] sock_close+0xcd/0x230 [ 622.413206][T11885] ? sock_mmap+0x90/0x90 [ 622.417472][T11885] __fput+0x3f6/0x8d0 [ 622.421465][T11885] task_work_run+0x246/0x300 [ 622.426061][T11885] ? __sys_connect+0x161/0x300 [ 622.430839][T11885] ? __x64_sys_connect+0x76/0x80 [ 622.435790][T11885] ? task_work_cancel+0x2e0/0x2e0 [ 622.440827][T11885] get_signal+0x15fc/0x17d0 [ 622.445354][T11885] ? ptrace_notify+0x370/0x370 [ 622.450132][T11885] arch_do_signal_or_restart+0xb0/0x1a10 [ 622.455780][T11885] ? task_work_add+0x314/0x3a0 [ 622.460552][T11885] ? __ia32_sys_pidfd_getfd+0x80/0x80 [ 622.465939][T11885] ? get_sigframe_size+0x10/0x10 [ 622.470882][T11885] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 622.476876][T11885] ? exit_to_user_mode_loop+0x39/0x100 [ 622.482339][T11885] exit_to_user_mode_loop+0x6a/0x100 [ 622.487624][T11885] exit_to_user_mode_prepare+0xb1/0x140 [ 622.493170][T11885] syscall_exit_to_user_mode+0x60/0x270 [ 622.498724][T11885] do_syscall_64+0x47/0xb0 [ 622.503146][T11885] ? clear_bhb_loop+0x45/0xa0 [ 622.507841][T11885] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 622.513755][T11885] RIP: 0033:0x7f516bf7dff9 [ 622.518191][T11885] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 622.537906][T11885] RSP: 002b:00007f516bdde038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 622.546334][T11885] RAX: fffffffffffffffc RBX: 00007f516c136130 RCX: 00007f516bf7dff9 [ 622.554348][T11885] RDX: 0000000000000080 RSI: 00000000200004c0 RDI: 000000000000000a [ 622.562407][T11885] RBP: 00007f516bff0296 R08: 0000000000000000 R09: 0000000000000000 [ 622.570398][T11885] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 622.578466][T11885] R13: 0000000000000000 R14: 00007f516c136130 R15: 00007ffe9e7d11a8 [ 622.586453][T11885] SYZFAIL: failed to send rpc fd=3 want=4344 sent=0 n=-1 (errno 32: Broken pipe) [ 622.739630][ C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 622.922045][ T3726] usb usb16-port1: attempt power cycle [ 623.491918][ T3884] bond0: (slave netdevsim0): Releasing backup interface [ 623.582180][ T3726] usb usb16-port1: unable to enumerate USB device [ 623.652196][ T3884] tipc: Disabling bearer [ 623.657902][ T3884] tipc: Disabling bearer [ 623.669645][ T3884] tipc: Left network mode [ 624.345099][ T3884] bond0: (slave wlan1): Releasing backup interface [ 624.421480][ T1272] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.427817][ T1272] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.575605][ T3884] device hsr_slave_0 left promiscuous mode [ 624.582417][ T3884] device hsr_slave_1 left promiscuous mode [ 624.588906][ T3884] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 624.597411][ T3884] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 624.605391][ T3884] batman_adv: batadv0: Removing interface: hsr_slave_0 [ 624.612761][ T3884] device bridge_slave_1 left promiscuous mode [ 624.619011][ T3884] bridge0: port 2(bridge_slave_1) entered disabled state [ 624.627341][ T3884] device bridge_slave_0 left promiscuous mode [ 624.634096][ T3884] bridge0: port 1(bridge_slave_0) entered disabled state [ 625.002467][ T3884] team0 (unregistering): Port device team_slave_1 removed [ 625.047969][ T3884] team0 (unregistering): Port device team_slave_0 removed [ 625.087751][ T3884] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 625.131321][ T3884] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 625.567637][ T3884] bond0 (unregistering): Released all slaves [ 626.071771][ T3884] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 626.133485][ T3884] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 626.174669][ T3884] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 626.214176][ T3884] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 626.297567][ T3884] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 626.355034][ T3884] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 626.403850][ T3884] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 626.464198][ T3884] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 626.816671][ T3884] tipc: Disabling bearer [ 626.829844][ T3884] tipc: Left network mode [ 626.837157][ T3884] tipc: Disabling bearer [ 626.844734][ T3884] tipc: Left network mode [ 626.850139][ T3884] tipc: Disabling bearer [ 626.855807][ T3884] tipc: Left network mode [ 627.731116][ T3884] bond0: (slave wlan1): Releasing backup interface [ 627.885808][ T3884] bond0: (slave wlan1): Releasing backup interface [ 628.005162][ T3884] bond0: (slave wlan1): Releasing backup interface [ 628.318850][ T3884] device hsr_slave_0 left promiscuous mode [ 628.326123][ T3884] device hsr_slave_1 left promiscuous mode [ 628.335697][ T3884] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 628.343477][ T3884] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 628.353378][ T3884] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 628.361052][ T3884] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 628.368762][ T3884] device bridge_slave_1 left promiscuous mode [ 628.376944][ T3884] bridge0: port 2(bridge_slave_1) entered disabled state [ 628.385596][ T3884] bridge0: port 1(bridge_slave_0) entered disabled state [ 628.396852][ T3884] device hsr_slave_0 left promiscuous mode [ 628.403235][ T3884] device hsr_slave_1 left promiscuous mode [ 628.410345][ T3884] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 628.417819][ T3884] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 628.426127][ T3884] device bridge_slave_1 left promiscuous mode [ 628.434040][ T3884] bridge0: port 2(bridge_slave_1) entered disabled state [ 628.442302][ T3884] device bridge_slave_0 left promiscuous mode [ 628.448620][ T3884] bridge0: port 1(bridge_slave_0) entered disabled state [ 628.459770][ T3884] device veth0_macvtap left promiscuous mode [ 628.465833][ T3884] device veth1_vlan left promiscuous mode [ 628.471747][ T3884] device veth0_vlan left promiscuous mode [ 628.477996][ T3884] device veth0 left promiscuous mode [ 628.483686][ T3884] device veth0_macvtap left promiscuous mode [ 628.489935][ T3884] device veth1_vlan left promiscuous mode [ 628.495703][ T3884] device veth0_vlan left promiscuous mode [ 629.088899][ T3884] bond0 (unregistering): Released all slaves [ 629.162979][ T3884] bond1 (unregistering): Released all slaves [ 629.184961][ T7599] smc: removing ib device syz1 [ 629.326194][ T3884] team0 (unregistering): Port device team_slave_1 removed [ 629.352663][ T3884] team0 (unregistering): Port device team_slave_0 removed [ 629.377609][ T3884] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 629.403928][ T3884] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 629.506338][ T3884] bond0 (unregistering): Released all slaves [ 629.872096][ T3884] team0 (unregistering): Port device team_slave_1 removed [ 629.914212][ T3884] team0 (unregistering): Port device team_slave_0 removed [ 629.959524][ T3884] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 630.004577][ T3884] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 630.367360][ T3884] bond0 (unregistering): Released all slaves