last executing test programs: 8.525877524s ago: executing program 3 (id=5279): r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000003}) lremovexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000140)=@known='trusted.overlay.origin\x00') 7.102258997s ago: executing program 3 (id=5300): syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f00000004c0), 0x48, 0x820b, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4) setsockopt$inet6_int(r0, 0x29, 0x4d, &(0x7f0000000180)=0x8, 0x4) r1 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x2409c8c1, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) sendto$inet6(r1, &(0x7f0000000e80)="0d0ad7c36d6617110e434332d6ac582208222cfb7c37ce1148f448455bc37f5f70c92774dcb201629979039d7c8943b207e5bdf9ab8eed9ace110469c51f4f211dd9fad815eb5b273ac04e1edc679bcdf0a0d24482de5454be9003cb80714a95e136bb704ee58e707d1e69b3c3a1c2c37f9c0402e14abdeb32086a49aff25e5c0f0131d59b4783316b9fa2c71c51ce76942d5f519145c9e3bf0d4182b4a62970b2ce81d35a7afc8384b387b8e21f2051d90d92323a710cabe5275d335b64453e759251a140de480541d8dd7662a14296a59eba99b95bfdf5b22992c323865b471d13ad79867e2692fd4eece299a81e2b33336b6801f51c2ae8d73e4df90c9bd70cd535b72cbdf67754acdc44b3780450308d9c5527c3314eb7b2cc38b61e96403a30a8ba0c8a357aa04d3c62bc51bcf55cf214f44a909b29c30c18c3a43c86472612086664a80f2aa8490e58352732acb96eb46deab42895d1957a6029ad86e7a5ced6bde89c158aaee721954beeebe5973059007f7dd5459029af6d3f1d73d35f07d19b7cedfc80d1d7ef37f8b113f564afd0f093202929fef43e788619ca522c7f679dd2f27949d879b4dab46581a0e054b4ed1db37e43f528748b56ec5a54b7af198d4ae551046f7814fe3a5cbc1cc7cb6655fc198939b049f3c02443148c588e34d6ebef81096b4e48f468016d2bde0828664c0874d71e2d88b3bc04079d4a504255a83c3f07a4f1c3e5a4c66f55f36e51e344392487c8299d8d1bfb568780c0d57df48990cb5d6b35c3f7445f80312186d8598faf61072d4eefc961fb5a7e72b971c8f94a8346effd27362cee8d72a98b55e317de280d2d63ee83ca7140b7913122d402c536d914c8510c81d08f0ad1c952f5b7ad5e7ef72d7c58cb4d5bafbea535b381df6ebe94c62cf782cf7ab81c017c296a88ca91d641b45748d230cf5e87e5dbee4764ea4d131ae022e6bbf3ffc3ea7b264737d9db44354bfffa63d79bc403d3ac23fb615edc382d18b0daf1bbb2fbd708d1830ddac1c3f098b8cb1ef9a0019d804bf5d953110f12f3b9a8b9b7e0c61cb5d34116add1fc9a92721ffa5fdc83e1488cf88aa6e56ad2dd55e0aadd827cc7b4e7242f01241f49e905e5e7451092c28c3f6560a6a0002e5d91fc253a5a8fd8f27e42f4f02f5849528b7d93df9b0c568022acaff410e797e88d2f8eeadbba66e423335b843df734d203fa62a861b712da8f33d5ea721767871aa2cd53e659e505507de9a54d7e6fa3c20bbfb28cd6dd2b314dabbb59e9ce15c0a94ec3b3efc54eaaa27bd7576a687dcaf58dc182662539943014a02e76dc89f48c9f83cc7199038418f965ad3dc866098b89cabcac8691b0f51ffb71902337e49293309c4480a8f1b32411cc1b55a0ec0fe2c2572fe9d488a25bfc12ba74048e1d7beee93321c7aa49ea17cb9728dc46e5272154b3b995feacbacb8885621b335274af4df9365f8c8121ff323b572d320c8fc46acd6218b9579d43005e7b0506ccb14d9a0dac4cc6efaf5366c44342eaea8b5a11457f5afbea913ce4975ab67e6a85bc46e714ca5741da38a7cceb9e85d77fd03f83f7a5ecc7241e69e2bda327f769b48ba5f13662585c72778d12bd0e9a62a3d0dbe376d1aee81e6845c2cf23f42c458ae5668c8d387bf9ab224bc9703f1c08347be810d2f19278fe8d97560b3c9f1816667d0461a25e778eb1404dcaac1ed0a6a0745f3a5d2dc1b6babf98f5135d531cb26334ef2fec4c78c95b7193935139664fc65f17b047eb3dc39e251ba52ce33f8099719f1a789db1690347355e7b02d4c522692b9597fd31abb90f973ae4eb0bd0d900cdd887ff01d4845d7f0aee39b220a65a5aeee0fd386054070723c841c042d5339cc6325f07f0f733d124c6524f388ef7419f42c06278b8fceaa3a16b202dfb539b129762397e29cdd679ca6240272fa0c3e2e8c0a27aaa407f30b4024d0638dfca1bc9483db3ccc2880f", 0x5c6, 0x6d91fb6102d8910c, 0x0, 0xfffffffffffffe38) sendto$inet6(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 6.933616079s ago: executing program 3 (id=5303): bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c250000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x1, 0x0, 0x7, 0x800005fffffffffd}) socket$unix(0x1, 0x2, 0x0) sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, 0x0, 0x40000) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) io_uring_setup(0x4fec, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000300)={0x0, 0x18, 0x0}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 6.478020032s ago: executing program 3 (id=5307): socket$inet6_sctp(0xa, 0x5, 0x84) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00') read$FUSE(r0, &(0x7f0000006800)={0x2020}, 0x2020) 6.359103743s ago: executing program 3 (id=5309): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'macvtap0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r1, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xd, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1300006553156700100000000200000000000000", @ANYRES32, @ANYBLOB='\x00'/15, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/20], 0x48) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="d8000000260001"], 0xd8}, 0x1, 0x0, 0x0, 0x4004041}, 0x20004440) 6.154024677s ago: executing program 3 (id=5312): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r0, 0x0) ftruncate(r0, 0x200c17a) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0) move_pages(0x0, 0x20000000000000fe, &(0x7f0000000080)=[&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil], 0x0, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0) 1.590991915s ago: executing program 1 (id=5366): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text32={0x20, 0x0}], 0x1, 0x4, 0x0, 0x0) ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, &(0x7f0000000580)={0x2, 0x380, 0x180, 0x0}) 1.362788093s ago: executing program 0 (id=5369): writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000000)="39e8dcfa461ac09e8a722e34d7e484893ffa560200133b1b00003f210000001770faf047145bc79e0b9971bcbedac0eeaf3300000000000000000000cab0312cf6b68ced50ac2b5546216e3ce964359fa4ea01a34f038f38509172feed11b0fd62fd47a9d236813b4ebda3ebdd33aec5ea71251a0651345627e476fa4b9c478f296d2457c7d3", 0x86}], 0x1) r0 = syz_open_dev$sg(&(0x7f0000001bc0), 0x208, 0x2c41) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)=ANY=[@ANYRES64=r0]) 1.29851595s ago: executing program 1 (id=5370): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0xb03, 0x110000, 0x0, 0xffffffffffffffff, 0x3}) 1.185693948s ago: executing program 0 (id=5373): openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2d41, 0x1b8) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, 0x0, 0x0) write$FUSE_INIT(r0, &(0x7f0000000240)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x1, 0x202, 0x0, 0x0, 0x2}}, 0x50) syz_fuse_handle_req(r0, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101081, 0x11) umount2(&(0x7f0000000000)='./file0\x00', 0x1) fcntl$lock(r1, 0x25, &(0x7f00000002c0)={0x1, 0x1, 0x10008000000000}) 1.050901191s ago: executing program 1 (id=5374): connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e23, 0x1, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xfc}}, 0x40009}, 0x1c) syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007880)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000040)="af0ac95ab194f93f8e795a9b29420fa62d", 0x11}], 0x1}}], 0x1, 0x24088000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0xf, &(0x7f0000000200)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) r0 = syz_open_dev$loop(&(0x7f00000000c0), 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.idle_time\x00', 0x275a, 0x0) write$binfmt_misc(r1, 0x0, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad44afac11d875397bdb22d0000b420a1a93c5240f45f819ef6167d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}}) 1.05061714s ago: executing program 2 (id=5375): r0 = socket$inet6(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000c80)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000d40)={&(0x7f0000000000)=@ipv4_newaddr={0x48, 0x14, 0x509, 0x70bd27, 0x25dfdbfd, {0x2, 0x1f, 0xa6, 0xcb, r2}, [@IFA_BROADCAST={0x8, 0x4, @rand_addr=0x64010102}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x4}, @IFA_LOCAL={0x8, 0x2, @local}, @IFA_LOCAL={0x8, 0x2, @loopback}, @IFA_LOCAL={0x8, 0x2, @local}, @IFA_RT_PRIORITY={0x8, 0x9, 0x400006}]}, 0x48}, 0x1, 0x0, 0x0, 0x404c014}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB], 0x18}}, 0x0) sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) 1.000111051s ago: executing program 4 (id=5376): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x40004, @ipv4={'\x00', '\xff\xff', @loopback}, 0x6}, 0x1c) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0xd}, 0x1c) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$SEG6_CMD_DUMPHMAC(r1, &(0x7f0000000140)={0x0, 0xfffffffffffffe5b, &(0x7f0000000380)={&(0x7f0000000180)=ANY=[], 0x4a}, 0x1, 0x0, 0x0, 0x8000}, 0xc905) sendmsg$inet6(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000740)=[{0x0}], 0x1}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0xc, &(0x7f0000000580)=0x1, 0x4) 928.110116ms ago: executing program 0 (id=5377): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0xfffffffffffffffc, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000740)={0x0}) 892.275437ms ago: executing program 1 (id=5378): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, 0x0, 0x0}, 0x94) madvise(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x64) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo\x00') getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) 778.813144ms ago: executing program 4 (id=5379): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4) setsockopt$packet_int(r2, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4) syz_emit_ethernet(0x4e, &(0x7f0000002e40)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "7428dd", 0x18, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_na={0x89, 0x0, 0x0, 0x0, '\x00', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}}}}, 0x0) 762.873697ms ago: executing program 2 (id=5380): r0 = socket$igmp(0x2, 0x3, 0x2) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge0\x00', 0x0}) sendmsg$inet(r0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x2, 0x4e24, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=[@ip_retopts={{0x10}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @dev={0xac, 0x14, 0x14, 0x38}, @dev={0xac, 0x14, 0x14, 0x2b}}}}], 0x30}, 0x180) 757.401294ms ago: executing program 1 (id=5381): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000680)=@newqdisc={0x38, 0x24, 0xd0f, 0x470bd2d, 0xfffffffd, {0x60, 0x0, 0x0, r2, {0x0, 0xfff2}, {0xfff1, 0xffff}, {0x0, 0xa}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_RATE={0x6, 0x5, {0x48, 0x6}}]}, 0x38}, 0x1, 0x0, 0x0, 0x24000040}, 0x0) 622.222548ms ago: executing program 0 (id=5382): r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r0, 0x0, 0xf, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000100)=[@in6={0xa, 0x0, 0x0, @loopback}, @in6={0xa, 0x0, 0xffffffff, @private0}], 0x38) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000340), 0x4) 621.922671ms ago: executing program 4 (id=5383): writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000000)="39e8dcfa461ac09e8a722e34d7e484893ffa560200133b1b00003f210000001770faf047145bc79e0b9971bcbedac0eeaf3300000000000000000000cab0312cf6b68ced50ac2b5546216e3ce964359fa4ea01a34f038f38509172feed11b0fd62fd47a9d236813b4ebda3ebdd33aec5ea71251a0651345627e476fa4b9c478f296d2457c7d362ae", 0x88}], 0x1) r0 = syz_open_dev$sg(&(0x7f0000001bc0), 0x208, 0x2c41) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)=ANY=[@ANYRES64=r0]) 588.959136ms ago: executing program 1 (id=5384): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, 0x0, 0x0) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000003180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf84, 0x3}, 0x1c) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0) 568.761794ms ago: executing program 2 (id=5385): mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYRESHEX, @ANYBLOB=',rootmode=00000000000000']) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB="680000006200040029bd7000fedbdf2500000000", @ANYRES32, @ANYBLOB="1010000000010000140003006e6574706369300000000000", @ANYRES32, @ANYBLOB="08001e008af4000005002700ff"], 0x68}, 0x1, 0x0, 0x0, 0x8000}, 0x20000000) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="7c0000001000010400"/20, @ANYRES32=r1, @ANYBLOB="00000000000000005c001280110001006272696467655f736c61766500000000440005"], 0x7c}}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000235, 0x0) 441.551248ms ago: executing program 0 (id=5386): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) wait4(r0, 0x0, 0x2, 0x0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000480)={&(0x7f0000000380)=""/232, 0xe8}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x101000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r4, 0x107, 0x5, &(0x7f0000000140)=@req3={0x0, 0x3a, 0x1000, 0x3a, 0x7ff, 0x8001, 0x3}, 0x1c) socketpair$unix(0x1, 0x5, 0x0, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, &(0x7f0000000080)=@x86={0xb, 0x5, 0xc, 0x0, 0xb93, 0x80, 0x0, 0x5, 0x0, 0x4, 0x40, 0xe, 0x0, 0x0, 0x4, 0x3, 0x40, 0xfa, 0x40, '\x00', 0x6, 0x8}) 439.997296ms ago: executing program 4 (id=5387): openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2d41, 0x1b8) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, 0x0, 0x0) write$FUSE_INIT(r0, &(0x7f0000000240)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x1, 0x202, 0x0, 0x0, 0x2}}, 0x50) syz_fuse_handle_req(r0, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101081, 0x11) umount2(&(0x7f0000000000)='./file0\x00', 0x1) fcntl$lock(r1, 0x25, &(0x7f00000002c0)={0x1, 0x1, 0x10008000000000}) 363.087928ms ago: executing program 2 (id=5388): connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e23, 0x1, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xfc}}, 0x40009}, 0x1c) syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007880)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000040)="af0ac95ab194f93f8e795a9b29420fa62d", 0x11}], 0x1}}], 0x1, 0x24088000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0xf, &(0x7f0000000200)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) r0 = syz_open_dev$loop(&(0x7f00000000c0), 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.idle_time\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, 0x0) 260.625106ms ago: executing program 2 (id=5389): r0 = socket$inet6(0xa, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000940)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14) sendmmsg$inet(r0, &(0x7f0000000b80)=[{{&(0x7f0000000000)={0x2, 0x4e1c, @local}, 0x10, 0x0}}, {{&(0x7f0000000100)={0x2, 0x4e21, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000240)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @dev={0xac, 0x14, 0x14, 0x13}, @rand_addr=0x64010100}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x9}}], 0x38}}], 0x2, 0x4000) 172.290572ms ago: executing program 4 (id=5390): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000140)=0xa) 451.15µs ago: executing program 2 (id=5391): r0 = socket$inet6(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000c80)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000d40)={&(0x7f0000000000)=@ipv4_newaddr={0x48, 0x14, 0x509, 0x70bd27, 0x25dfdbfd, {0x2, 0x1f, 0xa6, 0xcb, r2}, [@IFA_BROADCAST={0x8, 0x4, @rand_addr=0x64010102}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x4}, @IFA_LOCAL={0x8, 0x2, @local}, @IFA_LOCAL={0x8, 0x2, @loopback}, @IFA_LOCAL={0x8, 0x2, @local}, @IFA_RT_PRIORITY={0x8, 0x9, 0x400006}]}, 0x48}, 0x1, 0x0, 0x0, 0x404c014}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB], 0x18}}, 0x0) sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) 138.414µs ago: executing program 0 (id=5392): r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2) r1 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x2) ftruncate(r1, 0xffff) fcntl$addseals(r1, 0x409, 0x7) r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000140)={r1, 0x1, 0x8000, 0x4000}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000007, 0x11, r2, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ff7000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f000068e000/0x1000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000692000/0x3000)=nil, &(0x7f0000ff6000/0x4000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) io_uring_setup(0x66b8, &(0x7f0000000040)={0x0, 0x59f6, 0xc000, 0x1, 0x800000c5}) bind$inet6(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x3a, 0x0, 0x0) 0s ago: executing program 4 (id=5393): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3, 0x12, r0, 0x8000000) r1 = userfaultfd(0x801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) ioctl$UFFDIO_WRITEPROTECT(r1, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f0000ffe000/0x2000)=nil, 0x2000}, 0x1}) kernel console output (not intermixed with test programs): v packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1007.407514][T18062] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1007.555166][T18062] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1007.569054][T18062] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1007.639974][T18062] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1007.778425][T18062] hsr_slave_0: entered promiscuous mode [ 1007.788001][T18062] hsr_slave_1: entered promiscuous mode [ 1007.799526][T18062] debugfs: 'hsr0' already exists in 'hsr' [ 1007.805425][T18062] Cannot create hsr debugfs directory [ 1008.159643][T10921] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1008.171314][T10921] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1008.281271][T10921] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1008.308445][T10921] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1009.123183][T18062] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1009.226438][ T5151] Bluetooth: hci2: command tx timeout [ 1009.346444][T18062] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1009.379352][T18062] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1009.404550][T18062] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1009.541444][T11091] usb 2-1: new high-speed USB device number 75 using dummy_hcd [ 1009.717724][T11091] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1009.745723][T11091] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1009.772624][T11091] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1009.832182][T11091] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1009.872265][T11091] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1009.920677][T11091] usb 2-1: config 0 descriptor?? [ 1009.995276][T18062] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1010.054978][T18062] 8021q: adding VLAN 0 to HW filter on device team0 [ 1010.096859][ T4142] bridge0: port 1(bridge_slave_0) entered blocking state [ 1010.104084][ T4142] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1010.184361][T18125] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1010.194673][T18125] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1010.229899][T10921] bridge0: port 2(bridge_slave_1) entered blocking state [ 1010.237212][T10921] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1010.413736][T18062] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1010.637255][T18062] veth0_vlan: entered promiscuous mode [ 1010.674746][T18062] veth1_vlan: entered promiscuous mode [ 1010.815477][T18062] veth0_macvtap: entered promiscuous mode [ 1010.872697][T18062] veth1_macvtap: entered promiscuous mode [ 1010.962305][T18062] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1011.207709][T18062] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1011.256193][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1011.287283][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1011.296354][ T5151] Bluetooth: hci2: command tx timeout [ 1011.365029][T11091] usbhid 2-1:0.0: can't add hid device: -71 [ 1011.381220][T11091] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1011.395432][T11091] usb 2-1: USB disconnect, device number 75 [ 1011.435971][ T3731] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1011.480389][ T3731] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1011.605088][T18162] netlink: 76 bytes leftover after parsing attributes in process `syz.2.3292'. [ 1011.719636][T18013] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1011.730845][T18013] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1011.926431][ T4142] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1011.941668][ T4142] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1012.756740][T18177] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3297'. [ 1012.778864][T18177] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3297'. [ 1012.933675][ T38] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1012.933998][T18177] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3297'. [ 1012.976256][ T38] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1013.000879][ T38] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1013.012424][ T38] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1013.029066][T18177] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3297'. [ 1013.369162][ T5151] Bluetooth: hci2: command tx timeout [ 1013.632539][T18195] netlink: 'syz.1.3304': attribute type 30 has an invalid length. [ 1014.274044][T18216] syzkaller0: entered promiscuous mode [ 1014.280584][T18216] syzkaller0: entered allmulticast mode [ 1014.366965][T15601] usb 2-1: new high-speed USB device number 76 using dummy_hcd [ 1014.570724][T15601] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1014.582639][T15601] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1014.602163][T15601] usb 2-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 1014.650144][T15601] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1014.678685][T15601] usb 2-1: config 0 descriptor?? [ 1015.173326][ T30] kauditd_printk_skb: 36 callbacks suppressed [ 1015.173343][ T30] audit: type=1326 audit(1767512665.547:2353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18240 comm="syz.2.3325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89ffd8f749 code=0x7ffc0000 [ 1015.288889][ T30] audit: type=1326 audit(1767512665.577:2354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18240 comm="syz.2.3325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89ffd8f749 code=0x7ffc0000 [ 1015.324727][T15601] usbhid 2-1:0.0: can't add hid device: -71 [ 1015.332440][T15601] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1015.427963][ T30] audit: type=1326 audit(1767512665.577:2355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18240 comm="syz.2.3325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7f89ffd8f749 code=0x7ffc0000 [ 1015.500391][T18248] FAULT_INJECTION: forcing a failure. [ 1015.500391][T18248] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1015.518070][T18248] CPU: 0 UID: 0 PID: 18248 Comm: syz.2.3327 Tainted: G L syzkaller #0 PREEMPT(full) [ 1015.518103][T18248] Tainted: [L]=SOFTLOCKUP [ 1015.518112][T18248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1015.518125][T18248] Call Trace: [ 1015.518134][T18248] [ 1015.518143][T18248] dump_stack_lvl+0xe8/0x150 [ 1015.518175][T18248] should_fail_ex+0x414/0x560 [ 1015.518214][T18248] _copy_to_user+0x31/0xb0 [ 1015.518242][T18248] simple_read_from_buffer+0xe1/0x170 [ 1015.518273][T18248] proc_fail_nth_read+0x1b3/0x220 [ 1015.518300][T18248] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1015.518325][T18248] ? rw_verify_area+0x2a6/0x4d0 [ 1015.518345][T18248] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1015.518368][T18248] vfs_read+0x200/0xa30 [ 1015.518386][T18248] ? fdget_pos+0x247/0x320 [ 1015.518416][T18248] ? __pfx___mutex_lock+0x10/0x10 [ 1015.518440][T18248] ? __pfx_vfs_read+0x10/0x10 [ 1015.518461][T18248] ? __fget_files+0x2a/0x420 [ 1015.518490][T18248] ? __fget_files+0x3a0/0x420 [ 1015.518514][T18248] ? __fget_files+0x2a/0x420 [ 1015.518549][T18248] ksys_read+0x145/0x250 [ 1015.518568][T18248] ? __fget_files+0x3a0/0x420 [ 1015.518594][T18248] ? __pfx_ksys_read+0x10/0x10 [ 1015.518626][T18248] do_syscall_64+0xec/0xf80 [ 1015.518648][T18248] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1015.518669][T18248] ? trace_irq_disable+0x37/0x100 [ 1015.518696][T18248] ? clear_bhb_loop+0x60/0xb0 [ 1015.518721][T18248] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1015.518742][T18248] RIP: 0033:0x7f89ffd8e15c [ 1015.518765][T18248] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1015.518783][T18248] RSP: 002b:00007f8a00c9f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1015.518804][T18248] RAX: ffffffffffffffda RBX: 00007f89fffe5fa0 RCX: 00007f89ffd8e15c [ 1015.518818][T18248] RDX: 000000000000000f RSI: 00007f8a00c9f0a0 RDI: 0000000000000004 [ 1015.518830][T18248] RBP: 00007f8a00c9f090 R08: 0000000000000000 R09: 0000000000000000 [ 1015.518841][T18248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1015.518860][T18248] R13: 00007f89fffe6038 R14: 00007f89fffe5fa0 R15: 00007f8a0010fa28 [ 1015.518892][T18248] [ 1015.746794][T15601] usb 2-1: USB disconnect, device number 76 [ 1015.800725][ T30] audit: type=1326 audit(1767512665.577:2356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18240 comm="syz.2.3325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89ffd8f749 code=0x7ffc0000 [ 1015.948876][ T30] audit: type=1326 audit(1767512665.577:2357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18240 comm="syz.2.3325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89ffd8f749 code=0x7ffc0000 [ 1016.196915][ T30] audit: type=1326 audit(1767512665.577:2358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18240 comm="syz.2.3325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f89ffd8f749 code=0x7ffc0000 [ 1016.209058][ T5953] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 1016.222403][ T30] audit: type=1326 audit(1767512665.577:2359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18240 comm="syz.2.3325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89ffd8f749 code=0x7ffc0000 [ 1016.282877][ T30] audit: type=1326 audit(1767512665.577:2360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18240 comm="syz.2.3325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89ffd8f749 code=0x7ffc0000 [ 1016.365881][ T30] audit: type=1326 audit(1767512665.577:2361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18240 comm="syz.2.3325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f89ffd8f749 code=0x7ffc0000 [ 1016.388427][ T5953] usb 3-1: device descriptor read/64, error -71 [ 1016.389728][ T30] audit: type=1326 audit(1767512665.577:2362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18240 comm="syz.2.3325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89ffd8f749 code=0x7ffc0000 [ 1016.679230][ T5953] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 1016.819008][ T5953] usb 3-1: device descriptor read/64, error -71 [ 1016.929963][ T5953] usb usb3-port1: attempt power cycle [ 1017.077914][T18279] FAULT_INJECTION: forcing a failure. [ 1017.077914][T18279] name failslab, interval 1, probability 0, space 0, times 0 [ 1017.100590][T18279] CPU: 1 UID: 0 PID: 18279 Comm: syz.3.3337 Tainted: G L syzkaller #0 PREEMPT(full) [ 1017.100624][T18279] Tainted: [L]=SOFTLOCKUP [ 1017.100633][T18279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1017.100646][T18279] Call Trace: [ 1017.100655][T18279] [ 1017.100665][T18279] dump_stack_lvl+0xe8/0x150 [ 1017.100697][T18279] should_fail_ex+0x414/0x560 [ 1017.100737][T18279] should_failslab+0xa8/0x100 [ 1017.100764][T18279] __kmalloc_noprof+0xdf/0x800 [ 1017.100785][T18279] ? kfree+0x4d/0x660 [ 1017.100811][T18279] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1017.100858][T18279] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1017.100898][T18279] ? tomoyo_domain+0xd8/0x130 [ 1017.100932][T18279] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1017.100955][T18279] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1017.100981][T18279] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1017.101003][T18279] ? __lock_acquire+0x6b6/0x2cf0 [ 1017.101039][T18279] ? __mutex_unlock_slowpath+0x1a1/0x730 [ 1017.101083][T18279] ? __fget_files+0x2a/0x420 [ 1017.101111][T18279] ? __fget_files+0x2a/0x420 [ 1017.101135][T18279] ? __fget_files+0x3a0/0x420 [ 1017.101160][T18279] ? __fget_files+0x2a/0x420 [ 1017.101189][T18279] security_file_ioctl+0xcb/0x2d0 [ 1017.101212][T18279] __se_sys_ioctl+0x47/0x170 [ 1017.101235][T18279] do_syscall_64+0xec/0xf80 [ 1017.101256][T18279] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1017.101275][T18279] ? trace_irq_disable+0x37/0x100 [ 1017.101321][T18279] ? clear_bhb_loop+0x60/0xb0 [ 1017.101347][T18279] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1017.101366][T18279] RIP: 0033:0x7f50f638f749 [ 1017.101385][T18279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1017.101403][T18279] RSP: 002b:00007f50f7196038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1017.101426][T18279] RAX: ffffffffffffffda RBX: 00007f50f65e5fa0 RCX: 00007f50f638f749 [ 1017.101442][T18279] RDX: 0000200000000140 RSI: 00000000c0105500 RDI: 0000000000000003 [ 1017.101456][T18279] RBP: 00007f50f7196090 R08: 0000000000000000 R09: 0000000000000000 [ 1017.101470][T18279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1017.101483][T18279] R13: 00007f50f65e6038 R14: 00007f50f65e5fa0 R15: 00007f50f670fa28 [ 1017.101518][T18279] [ 1017.101613][T18279] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1017.281668][ T5953] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 1017.302124][ T5953] usb 3-1: device descriptor read/8, error -71 [ 1017.559221][ T980] usb 2-1: new high-speed USB device number 77 using dummy_hcd [ 1017.610385][ T5953] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 1017.642244][ T5953] usb 3-1: device descriptor read/8, error -71 [ 1017.718899][ T980] usb 2-1: Using ep0 maxpacket: 32 [ 1017.728571][ T980] usb 2-1: config 0 has an invalid interface number: 76 but max is 0 [ 1017.749383][ T5953] usb usb3-port1: unable to enumerate USB device [ 1017.754859][ T980] usb 2-1: config 0 has no interface number 0 [ 1017.786291][ T980] usb 2-1: New USB device found, idVendor=2040, idProduct=d900, bcdDevice=a9.2c [ 1017.803200][ T980] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1017.814955][ T980] usb 2-1: Product: syz [ 1017.829894][ T980] usb 2-1: Manufacturer: syz [ 1017.834638][ T980] usb 2-1: SerialNumber: syz [ 1017.851498][ T980] usb 2-1: config 0 descriptor?? [ 1017.868414][ T980] dvb-usb: found a 'Hauppauge MAX S2 or WinTV NOVA HD USB2.0' in warm state. [ 1017.878448][ T980] dw2102: su3000_power_ctrl: 1, initialized 0 [ 1017.897941][ T980] dvb-usb: bulk message failed: -8 (2/0) [ 1017.917606][ T980] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1017.945664][ T980] dvbdev: DVB: registering new adapter (Hauppauge MAX S2 or WinTV NOVA HD USB2.0) [ 1017.967860][ T980] usb 2-1: media controller created [ 1017.979070][ T980] dvb-usb: bulk message failed: -8 (6/0) [ 1017.991987][ T980] dw2102: i2c transfer failed. [ 1018.007433][ T980] dvb-usb: bulk message failed: -8 (6/0) [ 1018.017235][ T980] dw2102: i2c transfer failed. [ 1018.027441][ T980] dvb-usb: bulk message failed: -8 (6/0) [ 1018.043327][ T980] dw2102: i2c transfer failed. [ 1018.048327][ T980] dvb-usb: bulk message failed: -8 (6/0) [ 1018.057661][ T980] dw2102: i2c transfer failed. [ 1018.062953][ T980] dvb-usb: bulk message failed: -8 (6/0) [ 1018.069188][ T980] dw2102: i2c transfer failed. [ 1018.074192][ T980] dvb-usb: bulk message failed: -8 (6/0) [ 1018.082286][ T980] dw2102: i2c transfer failed. [ 1018.087181][ T980] dvb-usb: MAC address: 02:02:02:02:02:02 [ 1018.095486][T18283] dvb-usb: bulk message failed: -8 (3/0) [ 1018.111529][T18283] dw2102: i2c transfer failed. [ 1018.112137][ T980] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1018.116401][T18283] dvb-usb: bulk message failed: -8 (3/0) [ 1018.146512][T18283] dw2102: i2c transfer failed. [ 1018.182148][ T980] dvb-usb: bulk message failed: -8 (3/0) [ 1018.199243][ T980] dw2102: command 0x0e transfer failed. [ 1018.212616][ T980] dvb-usb: bulk message failed: -8 (3/0) [ 1018.228435][ T980] dw2102: command 0x0e transfer failed. [ 1018.252861][T18314] syzkaller0: entered promiscuous mode [ 1018.258397][T18314] syzkaller0: entered allmulticast mode [ 1018.548266][ T980] dvb-usb: bulk message failed: -8 (3/0) [ 1018.569517][ T980] dw2102: command 0x0e transfer failed. [ 1018.575236][ T980] dvb-usb: bulk message failed: -8 (3/0) [ 1018.609089][ T980] dw2102: command 0x0e transfer failed. [ 1018.614781][ T980] dvb-usb: bulk message failed: -8 (1/0) [ 1018.635251][ T980] dw2102: command 0x51 transfer failed. [ 1018.822899][ T980] DVB: Unable to find symbol ds3000_attach() [ 1018.833734][ T980] dvb-usb: no frontend was attached by 'Hauppauge MAX S2 or WinTV NOVA HD USB2.0' [ 1018.903408][T18343] syzkaller0: entered promiscuous mode [ 1018.909924][T18343] syzkaller0: entered allmulticast mode [ 1019.017417][ T980] rc_core: IR keymap rc-su3000 not found [ 1019.037925][ T980] Registered IR keymap rc-empty [ 1019.059072][ T980] rc rc0: Hauppauge MAX S2 or WinTV NOVA HD USB2.0 as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0 [ 1019.086985][ T980] input: Hauppauge MAX S2 or WinTV NOVA HD USB2.0 as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0/input71 [ 1019.134556][ T980] dvb-usb: schedule remote query interval to 150 msecs. [ 1019.165131][ T980] dw2102: su3000_power_ctrl: 0, initialized 1 [ 1019.175746][ T980] dvb-usb: Hauppauge MAX S2 or WinTV NOVA HD USB2.0 successfully initialized and connected. [ 1019.208890][ T980] usb 2-1: USB disconnect, device number 77 [ 1019.416318][T18363] dvb-usb: bulk message failed: -19 (3/0) [ 1019.449275][T18363] dw2102: i2c transfer failed. [ 1019.474785][T18363] dvb-usb: bulk message failed: -19 (3/0) [ 1019.495874][T18363] dw2102: i2c transfer failed. [ 1019.516299][ T980] dvb-usb: Hauppauge MAX S2 or WinTV NOVA HD USB2. successfully deinitialized and disconnected. [ 1020.533240][T18428] netlink: 'syz.4.3408': attribute type 12 has an invalid length. [ 1020.556876][T18428] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3408'. [ 1021.235932][T18470] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3429'. [ 1021.362005][T18474] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3430'. [ 1021.866290][T18506] netlink: 64691 bytes leftover after parsing attributes in process `syz.3.3444'. [ 1022.065404][T18516] netlink: 60 bytes leftover after parsing attributes in process `syz.4.3449'. [ 1022.113779][T18512] syzkaller0: entered promiscuous mode [ 1022.129595][T18512] syzkaller0: entered allmulticast mode [ 1023.172558][T18559] netlink: 'syz.0.3468': attribute type 10 has an invalid length. [ 1024.577402][T18559] macvlan0: entered promiscuous mode [ 1024.588599][T18559] macvlan0: entered allmulticast mode [ 1024.610442][T18559] bridge0: port 3(macvlan0) entered blocking state [ 1024.637744][T18559] bridge0: port 3(macvlan0) entered disabled state [ 1024.812249][T18576] syzkaller0: entered promiscuous mode [ 1024.817784][T18576] syzkaller0: entered allmulticast mode [ 1025.214346][T18600] syzkaller0: entered promiscuous mode [ 1025.229643][T18600] syzkaller0: entered allmulticast mode [ 1027.962971][T18630] syzkaller0: entered promiscuous mode [ 1027.979073][T18630] syzkaller0: entered allmulticast mode [ 1030.197390][T18667] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3507'. [ 1030.236144][T18670] FAULT_INJECTION: forcing a failure. [ 1030.236144][T18670] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1030.272123][T18670] CPU: 1 UID: 0 PID: 18670 Comm: syz.1.3506 Tainted: G L syzkaller #0 PREEMPT(full) [ 1030.272158][T18670] Tainted: [L]=SOFTLOCKUP [ 1030.272166][T18670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1030.272179][T18670] Call Trace: [ 1030.272188][T18670] [ 1030.272198][T18670] dump_stack_lvl+0xe8/0x150 [ 1030.272232][T18670] should_fail_ex+0x414/0x560 [ 1030.272271][T18670] _copy_to_user+0x31/0xb0 [ 1030.272301][T18670] simple_read_from_buffer+0xe1/0x170 [ 1030.272332][T18670] proc_fail_nth_read+0x1b3/0x220 [ 1030.272359][T18670] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1030.272386][T18670] ? rw_verify_area+0x2a6/0x4d0 [ 1030.272404][T18670] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1030.272428][T18670] vfs_read+0x200/0xa30 [ 1030.272455][T18670] ? fdget_pos+0x247/0x320 [ 1030.272497][T18670] ? __pfx___mutex_lock+0x10/0x10 [ 1030.272520][T18670] ? __pfx_vfs_read+0x10/0x10 [ 1030.272540][T18670] ? __fget_files+0x2a/0x420 [ 1030.272570][T18670] ? __fget_files+0x3a0/0x420 [ 1030.272594][T18670] ? __fget_files+0x2a/0x420 [ 1030.272628][T18670] ksys_read+0x145/0x250 [ 1030.272648][T18670] ? __pfx_ksys_read+0x10/0x10 [ 1030.272684][T18670] do_syscall_64+0xec/0xf80 [ 1030.272705][T18670] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1030.272723][T18670] ? trace_irq_disable+0x37/0x100 [ 1030.272748][T18670] ? clear_bhb_loop+0x60/0xb0 [ 1030.272773][T18670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1030.272792][T18670] RIP: 0033:0x7f6c6af8e15c [ 1030.272828][T18670] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1030.272847][T18670] RSP: 002b:00007f6c691b4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1030.272870][T18670] RAX: ffffffffffffffda RBX: 00007f6c6b1e6180 RCX: 00007f6c6af8e15c [ 1030.272886][T18670] RDX: 000000000000000f RSI: 00007f6c691b40a0 RDI: 0000000000000006 [ 1030.272899][T18670] RBP: 00007f6c691b4090 R08: 0000000000000000 R09: 0000000000000000 [ 1030.272912][T18670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1030.272924][T18670] R13: 00007f6c6b1e6218 R14: 00007f6c6b1e6180 R15: 00007f6c6b30fa28 [ 1030.272956][T18670] [ 1032.954969][T18704] FAULT_INJECTION: forcing a failure. [ 1032.954969][T18704] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1033.005737][T18704] CPU: 0 UID: 0 PID: 18704 Comm: syz.1.3517 Tainted: G L syzkaller #0 PREEMPT(full) [ 1033.005771][T18704] Tainted: [L]=SOFTLOCKUP [ 1033.005779][T18704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1033.005793][T18704] Call Trace: [ 1033.005802][T18704] [ 1033.005812][T18704] dump_stack_lvl+0xe8/0x150 [ 1033.005851][T18704] should_fail_ex+0x414/0x560 [ 1033.005890][T18704] _copy_to_user+0x31/0xb0 [ 1033.005918][T18704] userio_char_read+0x69b/0x790 [ 1033.005946][T18704] ? kstrtouint+0x6e/0xe0 [ 1033.005985][T18704] ? __pfx_userio_char_read+0x10/0x10 [ 1033.006012][T18704] ? common_file_perm+0x1b5/0x220 [ 1033.006038][T18704] ? __pfx_autoremove_wake_function+0x10/0x10 [ 1033.006071][T18704] ? bpf_lsm_file_permission+0x9/0x20 [ 1033.006092][T18704] ? security_file_permission+0x75/0x290 [ 1033.006114][T18704] ? rw_verify_area+0x2a6/0x4d0 [ 1033.006138][T18704] vfs_readv+0x5aa/0x850 [ 1033.006163][T18704] ? __pfx_userio_char_read+0x10/0x10 [ 1033.006199][T18704] ? __pfx_vfs_readv+0x10/0x10 [ 1033.006237][T18704] ? __fget_files+0x2a/0x420 [ 1033.006267][T18704] ? __fget_files+0x3a0/0x420 [ 1033.006291][T18704] ? __fget_files+0x2a/0x420 [ 1033.006325][T18704] __x64_sys_preadv+0x197/0x2a0 [ 1033.006350][T18704] ? __pfx___x64_sys_preadv+0x10/0x10 [ 1033.006384][T18704] do_syscall_64+0xec/0xf80 [ 1033.006407][T18704] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1033.006427][T18704] ? trace_irq_disable+0x37/0x100 [ 1033.006454][T18704] ? clear_bhb_loop+0x60/0xb0 [ 1033.006477][T18704] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1033.006497][T18704] RIP: 0033:0x7f6c6af8f749 [ 1033.006516][T18704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1033.006532][T18704] RSP: 002b:00007f6c691f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 1033.006556][T18704] RAX: ffffffffffffffda RBX: 00007f6c6b1e5fa0 RCX: 00007f6c6af8f749 [ 1033.006571][T18704] RDX: 0000000000000001 RSI: 0000200000000b00 RDI: 0000000000000003 [ 1033.006583][T18704] RBP: 00007f6c691f6090 R08: 0000000000000003 R09: 0000000000000000 [ 1033.006596][T18704] R10: 0000000040001001 R11: 0000000000000246 R12: 0000000000000001 [ 1033.006615][T18704] R13: 00007f6c6b1e6038 R14: 00007f6c6b1e5fa0 R15: 00007f6c6b30fa28 [ 1033.006648][T18704] [ 1033.359378][T18711] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3520'. [ 1034.030409][ T30] kauditd_printk_skb: 38 callbacks suppressed [ 1034.030423][ T30] audit: type=1400 audit(1767512684.407:2401): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E161 pid=18728 comm="syz.1.3527" [ 1034.354726][T18739] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3530'. [ 1035.121387][ T30] audit: type=1326 audit(1767512685.497:2402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18775 comm="syz.3.3546" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f50f638f749 code=0x0 [ 1035.317997][T18792] : renamed from bond_slave_0 (while UP) [ 1035.881945][T18797] FAULT_INJECTION: forcing a failure. [ 1035.881945][T18797] name failslab, interval 1, probability 0, space 0, times 0 [ 1035.950281][T18799] syzkaller0: entered promiscuous mode [ 1035.955868][T18799] syzkaller0: entered allmulticast mode [ 1035.964861][T18797] CPU: 1 UID: 0 PID: 18797 Comm: syz.0.3552 Tainted: G L syzkaller #0 PREEMPT(full) [ 1035.964894][T18797] Tainted: [L]=SOFTLOCKUP [ 1035.964903][T18797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1035.964916][T18797] Call Trace: [ 1035.964925][T18797] [ 1035.964934][T18797] dump_stack_lvl+0xe8/0x150 [ 1035.964967][T18797] should_fail_ex+0x414/0x560 [ 1035.965006][T18797] should_failslab+0xa8/0x100 [ 1035.965035][T18797] kmem_cache_alloc_node_noprof+0x8c/0x720 [ 1035.965068][T18797] ? __alloc_skb+0x198/0x3a0 [ 1035.965090][T18797] ? __alloc_skb+0x1dc/0x3a0 [ 1035.965110][T18797] ? __local_bh_enable_ip+0xd0/0x130 [ 1035.965133][T18797] ? __alloc_skb+0x198/0x3a0 [ 1035.965155][T18797] __alloc_skb+0x1dc/0x3a0 [ 1035.965182][T18797] netlink_sendmsg+0x5c6/0xb30 [ 1035.965219][T18797] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1035.965250][T18797] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1035.965279][T18797] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1035.965298][T18797] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1035.965327][T18797] __sock_sendmsg+0x21c/0x270 [ 1035.965362][T18797] ____sys_sendmsg+0x505/0x820 [ 1035.965393][T18797] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1035.965428][T18797] ? import_iovec+0x74/0xa0 [ 1035.965458][T18797] ___sys_sendmsg+0x21f/0x2a0 [ 1035.965486][T18797] ? __pfx____sys_sendmsg+0x10/0x10 [ 1035.965547][T18797] ? __fget_files+0x2a/0x420 [ 1035.965572][T18797] ? __fget_files+0x3a0/0x420 [ 1035.965609][T18797] __x64_sys_sendmsg+0x19b/0x260 [ 1035.965644][T18797] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1035.965679][T18797] ? __pfx_ksys_write+0x10/0x10 [ 1035.965712][T18797] do_syscall_64+0xec/0xf80 [ 1035.965734][T18797] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1035.965755][T18797] ? trace_irq_disable+0x37/0x100 [ 1035.965782][T18797] ? clear_bhb_loop+0x60/0xb0 [ 1035.965807][T18797] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1035.965827][T18797] RIP: 0033:0x7f3c3e78f749 [ 1035.965846][T18797] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1035.965864][T18797] RSP: 002b:00007f3c3f713038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1035.965887][T18797] RAX: ffffffffffffffda RBX: 00007f3c3e9e5fa0 RCX: 00007f3c3e78f749 [ 1035.965903][T18797] RDX: ea5bc50b619d97fe RSI: 0000200000000000 RDI: 0000000000000003 [ 1035.965918][T18797] RBP: 00007f3c3f713090 R08: 0000000000000000 R09: 0000000000000000 [ 1035.965932][T18797] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1035.965945][T18797] R13: 00007f3c3e9e6038 R14: 00007f3c3e9e5fa0 R15: 00007f3c3eb0fa28 [ 1035.965979][T18797] [ 1036.412705][T18810] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 1036.663226][T18822] FAULT_INJECTION: forcing a failure. [ 1036.663226][T18822] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1036.680437][T18822] CPU: 0 UID: 0 PID: 18822 Comm: syz.1.3563 Tainted: G L syzkaller #0 PREEMPT(full) [ 1036.680467][T18822] Tainted: [L]=SOFTLOCKUP [ 1036.680473][T18822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1036.680484][T18822] Call Trace: [ 1036.680492][T18822] [ 1036.680500][T18822] dump_stack_lvl+0xe8/0x150 [ 1036.680527][T18822] should_fail_ex+0x414/0x560 [ 1036.680609][T18822] _copy_from_iter+0x1cd/0x1630 [ 1036.680637][T18822] ? __pfx__copy_from_iter+0x10/0x10 [ 1036.680656][T18822] ? __build_skb_around+0x22d/0x3c0 [ 1036.680676][T18822] ? __alloc_skb+0x198/0x3a0 [ 1036.680693][T18822] ? netlink_sendmsg+0x642/0xb30 [ 1036.680715][T18822] ? skb_put+0x11b/0x210 [ 1036.680736][T18822] netlink_sendmsg+0x6b2/0xb30 [ 1036.680767][T18822] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1036.680793][T18822] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1036.680818][T18822] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1036.680834][T18822] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1036.680858][T18822] __sock_sendmsg+0x21c/0x270 [ 1036.680886][T18822] ____sys_sendmsg+0x505/0x820 [ 1036.680912][T18822] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1036.680940][T18822] ? import_iovec+0x74/0xa0 [ 1036.680965][T18822] ___sys_sendmsg+0x21f/0x2a0 [ 1036.680987][T18822] ? __pfx____sys_sendmsg+0x10/0x10 [ 1036.681034][T18822] ? __fget_files+0x2a/0x420 [ 1036.681055][T18822] ? __fget_files+0x3a0/0x420 [ 1036.681084][T18822] __x64_sys_sendmsg+0x19b/0x260 [ 1036.681107][T18822] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1036.681135][T18822] ? __pfx_ksys_write+0x10/0x10 [ 1036.681161][T18822] do_syscall_64+0xec/0xf80 [ 1036.681180][T18822] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1036.681196][T18822] ? trace_irq_disable+0x37/0x100 [ 1036.681218][T18822] ? clear_bhb_loop+0x60/0xb0 [ 1036.681238][T18822] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1036.681255][T18822] RIP: 0033:0x7f6c6af8f749 [ 1036.681272][T18822] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1036.681286][T18822] RSP: 002b:00007f6c691f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1036.681304][T18822] RAX: ffffffffffffffda RBX: 00007f6c6b1e5fa0 RCX: 00007f6c6af8f749 [ 1036.681317][T18822] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000003 [ 1036.681328][T18822] RBP: 00007f6c691f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1036.681339][T18822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1036.681350][T18822] R13: 00007f6c6b1e6038 R14: 00007f6c6b1e5fa0 R15: 00007f6c6b30fa28 [ 1036.681376][T18822] [ 1037.188342][T18836] syzkaller0: entered promiscuous mode [ 1037.194308][T15593] usb 3-1: new full-speed USB device number 30 using dummy_hcd [ 1037.205609][T18836] syzkaller0: entered allmulticast mode [ 1037.352103][T15593] usb 3-1: config 0 has no interfaces? [ 1037.390638][T15593] usb 3-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 1037.402622][T15593] usb 3-1: New USB device strings: Mfr=32, Product=0, SerialNumber=0 [ 1037.411029][T15593] usb 3-1: Manufacturer: syz [ 1037.419744][T15593] usb 3-1: config 0 descriptor?? [ 1037.468960][ T980] usb 2-1: new full-speed USB device number 78 using dummy_hcd [ 1037.651249][ T980] usb 2-1: device descriptor read/64, error -71 [ 1037.756672][T18824] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3564'. [ 1037.788652][T18824] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3564'. [ 1037.855590][T18824] team0: entered promiscuous mode [ 1037.862203][T18824] team_slave_0: entered promiscuous mode [ 1037.870873][T18824] team_slave_1: entered promiscuous mode [ 1037.881493][T18824] bond0: entered promiscuous mode [ 1037.886945][T18824] 1: entered promiscuous mode [ 1037.893025][T18824] bond_slave_1: entered promiscuous mode [ 1037.921134][T18824] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 1037.968835][ T980] usb 2-1: new full-speed USB device number 79 using dummy_hcd [ 1038.082095][T15593] usb 3-1: USB disconnect, device number 30 [ 1038.151931][T18857] FAULT_INJECTION: forcing a failure. [ 1038.151931][T18857] name failslab, interval 1, probability 0, space 0, times 0 [ 1038.163758][ T980] usb 2-1: device descriptor read/64, error -71 [ 1038.165585][T18857] CPU: 0 UID: 0 PID: 18857 Comm: syz.3.3577 Tainted: G L syzkaller #0 PREEMPT(full) [ 1038.165683][T18857] Tainted: [L]=SOFTLOCKUP [ 1038.165704][T18857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1038.165742][T18857] Call Trace: [ 1038.165765][T18857] [ 1038.165788][T18857] dump_stack_lvl+0xe8/0x150 [ 1038.165877][T18857] should_fail_ex+0x414/0x560 [ 1038.165981][T18857] should_failslab+0xa8/0x100 [ 1038.166055][T18857] kmem_cache_alloc_noprof+0x88/0x710 [ 1038.166139][T18857] ? sctp_get_port_local+0x6d0/0x1700 [ 1038.166211][T18857] sctp_get_port_local+0x6d0/0x1700 [ 1038.166263][T18857] ? sctp_bind_addr_match+0x30/0x2b0 [ 1038.166362][T18857] ? __pfx_sctp_get_port_local+0x10/0x10 [ 1038.166424][T18857] ? sctp_bind_addr_match+0x28b/0x2b0 [ 1038.166520][T18857] sctp_do_bind+0x4ef/0x9d0 [ 1038.166604][T18857] sctp_connect_new_asoc+0x25c/0x690 [ 1038.166682][T18857] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 1038.166744][T18857] ? __ipv6_addr_type+0x247/0x2f0 [ 1038.166837][T18857] ? sctp_inet6_send_verify+0x6e/0x300 [ 1038.166929][T18857] ? sctp_endpoint_lookup_assoc+0xd1/0x260 [ 1038.167014][T18857] __sctp_connect+0x5b5/0xda0 [ 1038.167108][T18857] ? __pfx___sctp_connect+0x10/0x10 [ 1038.167160][T18857] ? security_sctp_bind_connect+0x7e/0x2e0 [ 1038.167224][T18857] ? __sctp_setsockopt_connectx+0xc7/0x190 [ 1038.167303][T18857] sctp_getsockopt_connectx3+0x1fa/0x320 [ 1038.167372][T18857] ? lock_sock_nested+0x6a/0x100 [ 1038.167441][T18857] ? __pfx_sctp_getsockopt_connectx3+0x10/0x10 [ 1038.167544][T18857] ? __local_bh_enable_ip+0xd0/0x130 [ 1038.167622][T18857] sctp_getsockopt+0x984/0xb90 [ 1038.167672][T18857] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 1038.167756][T18857] do_sock_getsockopt+0x2b4/0x3d0 [ 1038.167829][T18857] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 1038.167894][T18857] ? __fget_files+0x3a0/0x420 [ 1038.167965][T18857] ? __fget_files+0x2a/0x420 [ 1038.168048][T18857] __x64_sys_getsockopt+0x1a5/0x250 [ 1038.168140][T18857] do_syscall_64+0xec/0xf80 [ 1038.168179][T18857] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1038.168245][T18857] ? trace_irq_disable+0x37/0x100 [ 1038.168335][T18857] ? clear_bhb_loop+0x60/0xb0 [ 1038.168396][T18857] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1038.168447][T18857] RIP: 0033:0x7f50f638f749 [ 1038.168492][T18857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1038.168541][T18857] RSP: 002b:00007f50f7196038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 1038.168594][T18857] RAX: ffffffffffffffda RBX: 00007f50f65e5fa0 RCX: 00007f50f638f749 [ 1038.168644][T18857] RDX: 000000000000006f RSI: 0000000000000084 RDI: 0000000000000003 [ 1038.168675][T18857] RBP: 00007f50f7196090 R08: 0000200000000100 R09: 0000000000000000 [ 1038.168708][T18857] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000001 [ 1038.168751][T18857] R13: 00007f50f65e6038 R14: 00007f50f65e5fa0 R15: 00007f50f670fa28 [ 1038.168828][T18857] [ 1038.640900][T18861] netlink: 65047 bytes leftover after parsing attributes in process `syz.0.3578'. [ 1038.732919][T18863] syzkaller0: entered promiscuous mode [ 1038.742752][T18863] syzkaller0: entered allmulticast mode [ 1038.820293][ T980] usb usb2-port1: attempt power cycle [ 1039.200962][ T980] usb 2-1: new full-speed USB device number 80 using dummy_hcd [ 1039.530191][ T980] usb 2-1: device descriptor read/8, error -71 [ 1039.769082][ T980] usb 2-1: new full-speed USB device number 81 using dummy_hcd [ 1039.883391][ T980] usb 2-1: device descriptor read/8, error -71 [ 1039.999754][ T980] usb usb2-port1: unable to enumerate USB device [ 1040.349044][ T30] audit: type=1326 audit(1767512690.717:2403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18891 comm="syz.3.3590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50f638f749 code=0x7ffc0000 [ 1040.457300][ T30] audit: type=1326 audit(1767512690.717:2404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18891 comm="syz.3.3590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50f638f749 code=0x7ffc0000 [ 1040.567140][T18906] FAULT_INJECTION: forcing a failure. [ 1040.567140][T18906] name failslab, interval 1, probability 0, space 0, times 0 [ 1040.604056][T18906] CPU: 0 UID: 0 PID: 18906 Comm: syz.2.3595 Tainted: G L syzkaller #0 PREEMPT(full) [ 1040.604091][T18906] Tainted: [L]=SOFTLOCKUP [ 1040.604100][T18906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1040.604113][T18906] Call Trace: [ 1040.604122][T18906] [ 1040.604132][T18906] dump_stack_lvl+0xe8/0x150 [ 1040.604165][T18906] should_fail_ex+0x414/0x560 [ 1040.604203][T18906] should_failslab+0xa8/0x100 [ 1040.604231][T18906] kmem_cache_alloc_node_noprof+0x8c/0x720 [ 1040.604265][T18906] ? __alloc_skb+0x198/0x3a0 [ 1040.604285][T18906] ? __alloc_skb+0x1dc/0x3a0 [ 1040.604305][T18906] ? __local_bh_enable_ip+0xd0/0x130 [ 1040.604337][T18906] ? __alloc_skb+0x198/0x3a0 [ 1040.604359][T18906] __alloc_skb+0x1dc/0x3a0 [ 1040.604385][T18906] netlink_sendmsg+0x5c6/0xb30 [ 1040.604423][T18906] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1040.604455][T18906] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1040.604484][T18906] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1040.604503][T18906] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1040.604532][T18906] __sock_sendmsg+0x21c/0x270 [ 1040.604566][T18906] ____sys_sendmsg+0x505/0x820 [ 1040.604597][T18906] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1040.604632][T18906] ? import_iovec+0x74/0xa0 [ 1040.604662][T18906] ___sys_sendmsg+0x21f/0x2a0 [ 1040.604690][T18906] ? __pfx____sys_sendmsg+0x10/0x10 [ 1040.604752][T18906] ? __fget_files+0x2a/0x420 [ 1040.604778][T18906] ? __fget_files+0x3a0/0x420 [ 1040.604815][T18906] __x64_sys_sendmsg+0x19b/0x260 [ 1040.604844][T18906] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1040.604880][T18906] ? __pfx_ksys_write+0x10/0x10 [ 1040.604913][T18906] do_syscall_64+0xec/0xf80 [ 1040.604935][T18906] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1040.604954][T18906] ? trace_irq_disable+0x37/0x100 [ 1040.604981][T18906] ? clear_bhb_loop+0x60/0xb0 [ 1040.605007][T18906] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1040.605027][T18906] RIP: 0033:0x7f89ffd8f749 [ 1040.605045][T18906] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1040.605064][T18906] RSP: 002b:00007f8a00c9f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1040.605087][T18906] RAX: ffffffffffffffda RBX: 00007f89fffe5fa0 RCX: 00007f89ffd8f749 [ 1040.605103][T18906] RDX: 0000000000004054 RSI: 00002000000002c0 RDI: 0000000000000003 [ 1040.605117][T18906] RBP: 00007f8a00c9f090 R08: 0000000000000000 R09: 0000000000000000 [ 1040.605131][T18906] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1040.605144][T18906] R13: 00007f89fffe6038 R14: 00007f89fffe5fa0 R15: 00007f8a0010fa28 [ 1040.605178][T18906] [ 1041.039843][ T980] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 1041.200875][ T980] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1041.242115][ T980] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 1041.270334][ T980] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1041.295774][ T980] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1041.322792][ T980] usb 4-1: Product: syz [ 1041.332815][ T980] usb 4-1: Manufacturer: syz [ 1041.345285][ T980] usb 4-1: SerialNumber: syz [ 1041.376102][T18924] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3603'. [ 1041.390148][ T980] cdc_mbim 4-1:1.0: skipping garbage [ 1041.575690][T18905] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1041.891948][T18933] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1041.940074][T18905] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1041.970467][T18933] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1041.989551][T18905] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1042.032839][T18905] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1042.079433][T18905] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1042.102130][T18933] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1042.154879][T18933] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1042.421277][T18945] binder: BINDER_SET_CONTEXT_MGR already set [ 1042.427409][T18945] binder: 18900:18945 ioctl 4018620d 200000000100 returned -16 [ 1042.473425][ T30] audit: type=1326 audit(1767512692.847:2405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18900 comm="syz.3.3593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50f638f749 code=0x7ffc0000 [ 1042.503164][T18933] binder: BINDER_SET_CONTEXT_MGR already set [ 1042.509787][T18933] binder: 18900:18933 ioctl 4018620d 200000004a80 returned -16 [ 1042.567032][ T980] cdc_mbim 4-1:1.0: failed GET_NTB_PARAMETERS [ 1042.609236][ T980] cdc_mbim 4-1:1.0: bind() failure [ 1042.623222][ T30] audit: type=1326 audit(1767512692.867:2406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18900 comm="syz.3.3593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50f638f749 code=0x7ffc0000 [ 1042.671062][ T980] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 1042.708932][ T30] audit: type=1326 audit(1767512692.867:2407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18900 comm="syz.3.3593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f50f638f749 code=0x7ffc0000 [ 1042.749103][ T980] cdc_ncm 4-1:1.1: bind() failure [ 1042.801187][ T30] audit: type=1326 audit(1767512692.867:2408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18900 comm="syz.3.3593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50f638f749 code=0x7ffc0000 [ 1042.831371][T18951] gtp0: entered promiscuous mode [ 1042.838877][T18951] gtp0: entered allmulticast mode [ 1042.889149][ T30] audit: type=1326 audit(1767512692.867:2409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18900 comm="syz.3.3593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50f638f749 code=0x7ffc0000 [ 1042.950554][ T30] audit: type=1326 audit(1767512692.867:2410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18900 comm="syz.3.3593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f50f638df90 code=0x7ffc0000 [ 1042.974941][T18953] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3614'. [ 1043.008950][ T980] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 1043.009004][ T30] audit: type=1326 audit(1767512692.867:2411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18900 comm="syz.3.3593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50f638f749 code=0x7ffc0000 [ 1043.056611][ T30] audit: type=1326 audit(1767512692.867:2412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18900 comm="syz.3.3593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50f638f749 code=0x7ffc0000 [ 1043.152428][T15593] usb 4-1: USB disconnect, device number 22 [ 1043.269054][ T980] usb 5-1: Using ep0 maxpacket: 32 [ 1043.289903][ T980] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1043.308919][ T980] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1043.327973][ T980] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00 [ 1043.348426][ T980] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1043.376922][ T980] usb 5-1: config 0 descriptor?? [ 1044.165270][T18989] kAFS: unable to lookup cell '' [ 1044.658818][T18995] net_ratelimit: 66 callbacks suppressed [ 1044.658838][T18995] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1044.671107][T18995] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1044.717038][T18995] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1044.723677][T18995] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1044.760314][T18986] syzkaller1: entered promiscuous mode [ 1044.769985][T18995] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1044.776487][T18995] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1044.787781][T18986] syzkaller1: entered allmulticast mode [ 1044.800093][T18995] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1044.806650][T18995] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1044.835773][T18995] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1044.842275][T18995] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1046.208128][ T30] kauditd_printk_skb: 54 callbacks suppressed [ 1046.208150][ T30] audit: type=1326 audit(1767512696.557:2467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19007 comm="syz.0.3632" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c3e78f749 code=0x7ffc0000 [ 1046.310193][ T30] audit: type=1326 audit(1767512696.677:2468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19007 comm="syz.0.3632" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c3e78f749 code=0x7ffc0000 [ 1046.449845][ T30] audit: type=1326 audit(1767512696.727:2469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19007 comm="syz.0.3632" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3c3e78f749 code=0x7ffc0000 [ 1046.507799][ T30] audit: type=1326 audit(1767512696.727:2470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19007 comm="syz.0.3632" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c3e78f749 code=0x7ffc0000 [ 1046.747048][ T30] audit: type=1326 audit(1767512696.727:2471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19007 comm="syz.0.3632" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c3e78f749 code=0x7ffc0000 [ 1046.798720][T19014] gtp0: entered promiscuous mode [ 1046.818946][ T30] audit: type=1326 audit(1767512696.737:2472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19007 comm="syz.0.3632" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f3c3e78f749 code=0x7ffc0000 [ 1046.841463][T19014] gtp0: entered allmulticast mode [ 1046.972893][ T30] audit: type=1326 audit(1767512696.737:2473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19007 comm="syz.0.3632" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c3e78f749 code=0x7ffc0000 [ 1047.026521][ T30] audit: type=1326 audit(1767512696.737:2474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19007 comm="syz.0.3632" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3c3e78f749 code=0x7ffc0000 [ 1047.056746][ T30] audit: type=1326 audit(1767512696.737:2475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19007 comm="syz.0.3632" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c3e78f749 code=0x7ffc0000 [ 1047.118473][ T30] audit: type=1326 audit(1767512696.737:2476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19007 comm="syz.0.3632" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f3c3e78f749 code=0x7ffc0000 [ 1047.289320][ T980] usbhid 5-1:0.0: can't add hid device: -71 [ 1047.309248][ T980] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1047.339491][ T980] usb 5-1: USB disconnect, device number 23 [ 1047.436486][T19028] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3636'. [ 1047.510762][T19030] netlink: 56 bytes leftover after parsing attributes in process `syz.4.3639'. [ 1048.338988][T15595] usb 3-1: new full-speed USB device number 31 using dummy_hcd [ 1048.491011][T15595] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 1048.508846][T15595] usb 3-1: config 0 has no interface number 0 [ 1048.525281][T15595] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 1048.536968][T19064] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3656'. [ 1048.558170][T15595] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 64 [ 1048.618946][T15595] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1048.638101][T15595] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1048.671208][T15595] usb 3-1: config 0 descriptor?? [ 1048.677325][T19056] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1048.718090][T15595] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 1048.853101][T15595] IPVS: starting estimator thread 0... [ 1048.929563][ T980] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 1048.949413][T19077] IPVS: using max 27 ests per chain, 64800 per kthread [ 1048.970774][T15595] usb 3-1: USB disconnect, device number 31 [ 1049.094108][ T980] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1049.120826][ T980] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1049.130282][ T980] usb 5-1: Product: syz [ 1049.134506][ T980] usb 5-1: Manufacturer: syz [ 1049.139507][ T980] usb 5-1: SerialNumber: syz [ 1049.150649][ T980] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1049.168853][T15596] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1049.368935][ T980] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 1049.378981][ T5915] usb 2-1: new high-speed USB device number 82 using dummy_hcd [ 1049.539124][ T980] usb 4-1: Using ep0 maxpacket: 8 [ 1049.565200][ T980] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1049.587258][ T980] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 1049.596728][ T5915] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1049.648370][T19092] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3668'. [ 1049.668392][T15601] usb 5-1: USB disconnect, device number 24 [ 1049.685574][ T5915] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1049.695991][ T980] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1049.706075][ T5915] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1049.717136][ T980] usb 4-1: config 0 descriptor?? [ 1049.722440][ T5915] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1049.736246][ T980] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 1049.759284][T19086] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 1049.803731][ T5915] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1049.978926][T19096] random: crng reseeded on system resumption [ 1050.047949][T19097] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3669'. [ 1050.067297][T19086] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1050.145083][T19086] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1050.308935][T15596] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 1050.409621][T15596] ath9k_htc: Failed to initialize the device [ 1050.450127][T15601] usb 5-1: ath9k_htc: USB layer deinitialized [ 1051.042702][ T980] gspca_vc032x: reg_w err -71 [ 1051.047486][ T980] vc032x 4-1:0.0: probe with driver vc032x failed with error -71 [ 1051.058460][ T980] usb 4-1: USB disconnect, device number 23 [ 1051.128721][T19116] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3677'. [ 1051.516836][T19121] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3679'. [ 1052.043377][ T5953] usb 2-1: USB disconnect, device number 82 [ 1053.569715][ T5151] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 1053.579880][ T5151] CPU: 1 UID: 0 PID: 5151 Comm: kworker/u9:1 Tainted: G L syzkaller #0 PREEMPT(full) [ 1053.579914][ T5151] Tainted: [L]=SOFTLOCKUP [ 1053.579924][ T5151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1053.579940][ T5151] Workqueue: hci3 hci_rx_work [ 1053.579966][ T5151] Call Trace: [ 1053.579975][ T5151] [ 1053.579985][ T5151] dump_stack_lvl+0xe8/0x150 [ 1053.580013][ T5151] sysfs_create_dir_ns+0x259/0x280 [ 1053.580039][ T5151] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1053.580062][ T5151] ? do_raw_spin_unlock+0x122/0x240 [ 1053.580097][ T5151] kobject_add_internal+0x6ab/0xcc0 [ 1053.580133][ T5151] kobject_add+0x155/0x220 [ 1053.580163][ T5151] ? __pfx_kobject_add+0x10/0x10 [ 1053.580187][ T5151] ? _raw_spin_unlock+0x28/0x50 [ 1053.580222][ T5151] ? get_device_parent+0x366/0x3a0 [ 1053.580249][ T5151] device_add+0x408/0xb80 [ 1053.580273][ T5151] hci_conn_add_sysfs+0xd5/0x210 [ 1053.580299][ T5151] le_conn_complete_evt+0xf1d/0x1420 [ 1053.580339][ T5151] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1053.580367][ T5151] ? __mutex_unlock_slowpath+0x1a1/0x730 [ 1053.580389][ T5151] ? __asan_memcpy+0x40/0x70 [ 1053.580416][ T5151] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1053.580439][ T5151] ? skb_pull_data+0xfb/0x200 [ 1053.580474][ T5151] hci_le_enh_conn_complete_evt+0x189/0x4a0 [ 1053.580507][ T5151] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10 [ 1053.580541][ T5151] hci_event_packet+0x78f/0x1260 [ 1053.580570][ T5151] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1053.580600][ T5151] ? __pfx_hci_event_packet+0x10/0x10 [ 1053.580630][ T5151] ? kcov_remote_start+0x49b/0x7a0 [ 1053.580675][ T5151] ? hci_send_to_monitor+0xe2/0x590 [ 1053.580710][ T5151] hci_rx_work+0x3ee/0x1060 [ 1053.580743][ T5151] ? process_scheduled_works+0x9ef/0x1770 [ 1053.580767][ T5151] process_scheduled_works+0xad1/0x1770 [ 1053.580821][ T5151] ? __pfx_process_scheduled_works+0x10/0x10 [ 1053.580843][ T5151] ? do_raw_spin_lock+0x121/0x290 [ 1053.580889][ T5151] worker_thread+0x8a0/0xda0 [ 1053.580941][ T5151] kthread+0x711/0x8a0 [ 1053.580972][ T5151] ? __pfx_worker_thread+0x10/0x10 [ 1053.580995][ T5151] ? __pfx_kthread+0x10/0x10 [ 1053.581027][ T5151] ? _raw_spin_unlock_irq+0x23/0x50 [ 1053.581058][ T5151] ? __pfx_kthread+0x10/0x10 [ 1053.581087][ T5151] ret_from_fork+0x510/0xa50 [ 1053.581111][ T5151] ? __pfx_ret_from_fork+0x10/0x10 [ 1053.581131][ T5151] ? __switch_to+0xc9e/0x1480 [ 1053.581165][ T5151] ? __pfx_kthread+0x10/0x10 [ 1053.581195][ T5151] ret_from_fork_asm+0x1a/0x30 [ 1053.581243][ T5151] [ 1053.581276][ T5151] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 1053.729502][ T5953] usb 2-1: new full-speed USB device number 83 using dummy_hcd [ 1053.740355][ T5151] Bluetooth: hci3: failed to register connection device [ 1053.932782][T19170] usb usb8: usbfs: process 19170 (syz.4.3698) did not claim interface 0 before use [ 1053.950933][ T5953] usb 2-1: config 0 has no interfaces? [ 1053.968386][ T5953] usb 2-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 1053.980872][ T5953] usb 2-1: New USB device strings: Mfr=32, Product=0, SerialNumber=0 [ 1053.989752][ T5953] usb 2-1: Manufacturer: syz [ 1054.000128][ T5953] usb 2-1: config 0 descriptor?? [ 1054.016597][T19160] binder: 19158:19160 ioctl c0306201 0 returned -14 [ 1054.261657][T19165] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3696'. [ 1054.270945][T19165] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3696'. [ 1054.458065][ T5953] usb 2-1: USB disconnect, device number 83 [ 1054.600385][T19182] usb usb7: usbfs: process 19182 (syz.3.3702) did not claim interface 0 before use [ 1055.430444][T19199] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3708'. [ 1055.489833][T19205] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3709'. [ 1057.180377][T19235] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1057.314677][T19240] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3723'. [ 1057.940148][T19250] vivid-002: disconnect [ 1058.163322][T19252] syzkaller0: entered promiscuous mode [ 1058.177890][T19252] syzkaller0: entered allmulticast mode [ 1058.719405][T19249] vivid-002: reconnect [ 1058.723906][T19259] netlink: 65047 bytes leftover after parsing attributes in process `syz.0.3729'. [ 1059.169241][T19269] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3734'. [ 1059.685119][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1059.691626][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1059.916236][T19289] netlink: 65047 bytes leftover after parsing attributes in process `syz.2.3741'. [ 1060.606787][T19300] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3746'. [ 1060.868874][T15608] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 1061.046781][T15608] usb 4-1: Using ep0 maxpacket: 32 [ 1061.063710][T15608] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 1061.072294][T15608] usb 4-1: config 0 has no interface number 0 [ 1061.087516][T15608] usb 4-1: config 0 interface 184 has no altsetting 0 [ 1061.108065][T15608] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1061.125281][T15608] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1061.145416][T15608] usb 4-1: Product: syz [ 1061.151455][T15608] usb 4-1: Manufacturer: syz [ 1061.156142][T15608] usb 4-1: SerialNumber: syz [ 1061.171582][T15608] usb 4-1: config 0 descriptor?? [ 1061.190801][T15608] smsc75xx v1.0.0 [ 1062.087797][T15608] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 1062.105447][T15608] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 1062.133920][T19316] netlink: 65047 bytes leftover after parsing attributes in process `syz.1.3752'. [ 1062.327341][T15608] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 1062.348614][T15608] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 1062.368606][T15608] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 1062.388913][T15608] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 1062.409255][T15608] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -71 [ 1062.441532][T15608] usb 4-1: USB disconnect, device number 24 [ 1062.462070][T18827] udevd[18827]: setting owner of /dev/bus/usb/004/024 to uid=0, gid=0 failed: No such file or directory [ 1062.744144][T19334] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3759'. [ 1062.884051][T15608] IPVS: starting estimator thread 0... [ 1062.991742][T19341] IPVS: using max 29 ests per chain, 69600 per kthread [ 1063.269673][ T980] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 1063.441023][ T980] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 1063.469008][ T980] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1063.479312][T15608] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 1063.487978][ T980] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1063.520122][ T980] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 1063.576094][ T980] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 1063.608962][ T980] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 1063.628871][ T980] usb 4-1: Manufacturer: syz [ 1063.648705][ T980] usb 4-1: config 0 descriptor?? [ 1063.809149][T15608] usb 5-1: Using ep0 maxpacket: 32 [ 1063.819270][T15608] usb 5-1: config 0 has an invalid interface number: 12 but max is 0 [ 1063.827513][T15608] usb 5-1: config 0 has no interface number 0 [ 1063.833853][T15608] usb 5-1: config 0 interface 12 has no altsetting 0 [ 1063.851584][T15608] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 1063.860930][T15608] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1063.882739][T15608] usb 5-1: Product: syz [ 1063.886963][T15608] usb 5-1: Manufacturer: syz [ 1063.913375][T15608] usb 5-1: SerialNumber: syz [ 1063.960990][T15608] usb 5-1: config 0 descriptor?? [ 1064.191804][ T980] appleir 0003:05AC:8243.0024: unknown main item tag 0x0 [ 1064.205836][T15608] f81534 5-1:0.12: f81534_set_register: reg: 1002 data: 3 failed: -71 [ 1064.235342][T15608] f81534 5-1:0.12: f81534_find_config_idx: read failed: -71 [ 1064.243167][T15608] f81534 5-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 1064.251829][T15608] f81534 5-1:0.12: probe with driver f81534 failed with error -71 [ 1064.260443][T15596] IPVS: starting estimator thread 0... [ 1064.269067][T15608] usb 5-1: USB disconnect, device number 25 [ 1064.331047][ T980] appleir 0003:05AC:8243.0024: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 1064.360794][T19374] IPVS: using max 27 ests per chain, 64800 per kthread [ 1064.715101][ T5953] usb 4-1: USB disconnect, device number 25 [ 1064.805008][T19386] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3780'. [ 1065.339010][ T5151] Bluetooth: hci5: SCO packet for unknown connection handle 200 [ 1065.751892][T19407] netlink: 'syz.3.3790': attribute type 14 has an invalid length. [ 1065.873014][T19414] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3793'. [ 1066.376802][T19428] syzkaller0: entered promiscuous mode [ 1066.409036][T19428] syzkaller0: entered allmulticast mode [ 1067.891613][T19445] netlink: 64691 bytes leftover after parsing attributes in process `syz.0.3804'. [ 1068.091148][T19447] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3805'. [ 1070.038962][T15606] usb 4-1: new full-speed USB device number 26 using dummy_hcd [ 1070.162241][T19469] netlink: 64691 bytes leftover after parsing attributes in process `syz.2.3815'. [ 1070.207846][T15606] usb 4-1: config 0 has no interfaces? [ 1070.217673][T15606] usb 4-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 1070.233344][T15606] usb 4-1: New USB device strings: Mfr=32, Product=0, SerialNumber=0 [ 1070.246980][T19471] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3816'. [ 1070.256098][T15606] usb 4-1: Manufacturer: syz [ 1070.265159][T15606] usb 4-1: config 0 descriptor?? [ 1070.515133][T19467] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3814'. [ 1070.525591][T19467] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3814'. [ 1070.555740][T19467] team0: entered promiscuous mode [ 1070.568834][T15596] usb 3-1: new full-speed USB device number 32 using dummy_hcd [ 1070.580886][T19467] team_slave_0: entered promiscuous mode [ 1070.586916][T19467] team_slave_1: entered promiscuous mode [ 1070.596930][T19467] bond0: entered promiscuous mode [ 1070.603787][T19467] bond_slave_0: entered promiscuous mode [ 1070.614541][T19467] bond_slave_1: entered promiscuous mode [ 1070.625563][T19467] debugfs: 'hsr1' already exists in 'hsr' [ 1070.631737][T19467] Cannot create hsr debugfs directory [ 1070.637991][T19467] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 1070.653733][T19487] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3824'. [ 1070.669218][ T5915] usb 2-1: new high-speed USB device number 84 using dummy_hcd [ 1070.743404][T15596] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 1070.756536][T15596] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64 [ 1070.773170][T15608] usb 4-1: USB disconnect, device number 26 [ 1070.775245][T15596] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1070.798477][T15596] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1070.822005][T19473] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 1070.837377][ T5915] usb 2-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1070.844142][T19473] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 1070.873721][T15596] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 1070.881043][ T5915] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1070.897925][ T5915] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1070.954430][ T5915] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 1070.989202][ T5915] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1071.010838][T19481] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 1071.150792][T15596] usb 3-1: USB disconnect, device number 32 [ 1071.438519][ T5915] aiptek 2-1:17.0: Aiptek using 400 ms programming speed [ 1071.464752][ T5915] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input75 [ 1071.551805][ T5915] usb 2-1: USB disconnect, device number 84 [ 1071.557846][ C1] aiptek 2-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 1071.579014][T19513] netlink: 64691 bytes leftover after parsing attributes in process `syz.3.3827'. [ 1071.688545][T19506] syzkaller0: entered promiscuous mode [ 1071.733097][T19506] syzkaller0: entered allmulticast mode [ 1072.052462][ T5953] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 1072.244737][ T5953] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1072.265929][ T5953] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1072.277258][ T5953] usb 5-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 1072.303240][ T5953] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1072.318148][ T5953] usb 5-1: config 0 descriptor?? [ 1072.751211][ T5953] usbhid 5-1:0.0: can't add hid device: -71 [ 1072.766742][ T5953] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1072.797490][ T5953] usb 5-1: USB disconnect, device number 26 [ 1073.090425][T19546] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3838'. [ 1073.858914][ T980] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 1074.010463][ T980] usb 5-1: Using ep0 maxpacket: 32 [ 1074.042080][ T980] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 1074.054639][ T980] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 1074.064062][ T980] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 1074.072324][ T980] usb 5-1: Product: syz [ 1074.076656][ T980] usb 5-1: Manufacturer: syz [ 1074.081472][ T980] usb 5-1: SerialNumber: syz [ 1074.105585][ T980] usb 5-1: config 0 descriptor?? [ 1074.112506][T19564] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1074.127553][ T980] hub 5-1:0.0: bad descriptor, ignoring hub [ 1074.133745][ T980] hub 5-1:0.0: probe with driver hub failed with error -5 [ 1074.241576][T15606] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 1074.399770][T15606] usb 4-1: Using ep0 maxpacket: 32 [ 1074.407054][T15606] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 1074.419491][T15606] usb 4-1: config 0 has no interface number 0 [ 1074.427626][T15606] usb 4-1: config 0 interface 184 has no altsetting 0 [ 1074.446002][T15606] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1074.463405][T15606] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1074.471848][T15606] usb 4-1: Product: syz [ 1074.476268][T15606] usb 4-1: Manufacturer: syz [ 1074.481304][T15606] usb 4-1: SerialNumber: syz [ 1074.503439][T15606] usb 4-1: config 0 descriptor?? [ 1074.540369][T15606] smsc75xx v1.0.0 [ 1074.737563][T19537] syz_tun: entered allmulticast mode [ 1074.799243][ T7537] Bluetooth: hci5: command 0x0406 tx timeout [ 1075.135339][T15606] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 1075.178006][T15606] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 1075.339947][ T13] raw-gadget.0 gadget.4: failed to queue suspend event [ 1075.561703][T19569] raw-gadget.0 gadget.4: failed to queue resume event [ 1075.603317][ T13] raw-gadget.0 gadget.4: failed to queue suspend event [ 1075.680812][T19569] raw-gadget.0 gadget.4: failed to queue resume event [ 1075.688945][T15593] usb 3-1: new full-speed USB device number 33 using dummy_hcd [ 1075.711389][ T5915] usb 2-1: new high-speed USB device number 85 using dummy_hcd [ 1075.722170][ T13] raw-gadget.0 gadget.4: failed to queue suspend event [ 1075.800477][T19569] raw-gadget.0 gadget.4: failed to queue resume event [ 1075.821261][T13541] raw-gadget.0 gadget.4: failed to queue suspend event [ 1075.841703][T15593] usb 3-1: config 7 has an invalid interface number: 101 but max is 0 [ 1075.852763][T15593] usb 3-1: config 7 has no interface number 0 [ 1075.863743][T15593] usb 3-1: New USB device found, idVendor=0fd9, idProduct=002c, bcdDevice= 6.6b [ 1075.874946][T15593] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1075.883575][T15593] usb 3-1: Product: syz [ 1075.888067][T15593] usb 3-1: Manufacturer: syz [ 1075.889142][ T5915] usb 2-1: Using ep0 maxpacket: 16 [ 1075.894121][T15593] usb 3-1: SerialNumber: syz [ 1075.904526][T19569] raw-gadget.0 gadget.4: failed to queue resume event [ 1075.906940][ T5915] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1075.931682][T13541] raw-gadget.0 gadget.4: failed to queue suspend event [ 1075.940151][ T5915] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87 [ 1075.954470][ T5915] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 152, changing to 11 [ 1075.986251][ T5915] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 8285, setting to 1024 [ 1076.008860][ T5915] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1076.014894][T15606] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71 [ 1076.036537][T19569] raw-gadget.0 gadget.4: failed to queue resume event [ 1076.044793][T15606] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71 [ 1076.057866][T15606] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 1076.062096][ T5915] usb 2-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89 [ 1076.078682][ T3965] raw-gadget.0 gadget.4: failed to queue suspend event [ 1076.082620][T15606] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -71 [ 1076.097112][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1076.105221][T15606] usb 4-1: USB disconnect, device number 27 [ 1076.138780][ T5915] usb 2-1: Product: syz [ 1076.144017][ T5915] usb 2-1: Manufacturer: syz [ 1076.148665][ T5915] usb 2-1: SerialNumber: syz [ 1076.160357][T19569] raw-gadget.0 gadget.4: failed to queue resume event [ 1076.180486][ T5915] usb 2-1: config 0 descriptor?? [ 1076.223343][ T3965] raw-gadget.0 gadget.4: failed to queue suspend event [ 1076.319435][T19569] raw-gadget.0 gadget.4: failed to queue resume event [ 1076.349982][ T4142] raw-gadget.0 gadget.4: failed to queue suspend event [ 1076.392756][ T5915] appledisplay 2-1:0.0: Error while getting initial brightness: -71 [ 1076.407711][ T5915] appledisplay 2-1:0.0: probe with driver appledisplay failed with error -71 [ 1076.435822][ T5915] usb 2-1: USB disconnect, device number 85 [ 1076.518943][T19569] raw-gadget.0 gadget.4: failed to queue resume event [ 1076.550186][ T36] raw-gadget.0 gadget.4: failed to queue suspend event [ 1076.648976][T19569] raw-gadget.0 gadget.4: failed to queue resume event [ 1076.669829][ T4142] raw-gadget.0 gadget.4: failed to queue suspend event [ 1076.699144][T19569] raw-gadget.0 gadget.4: failed to queue disconnect event [ 1076.717625][T19603] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3856'. [ 1076.749180][T15593] as10x_usb: device has been detected [ 1076.755841][T15593] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT Deluxe) [ 1076.769123][T19605] net_ratelimit: 66 callbacks suppressed [ 1076.769143][T19605] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 1076.798030][T15593] usb 3-1: DVB: registering adapter 1 frontend 0 (Elgato EyeTV DTT Deluxe)... [ 1076.815981][T15606] usb 5-1: USB disconnect, device number 27 [ 1076.857995][T15593] as10x_usb: error during firmware upload part1 [ 1076.876766][T15593] Registered device Elgato EyeTV DTT Deluxe [ 1077.224085][T19619] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3863'. [ 1077.780784][T19631] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3868'. [ 1078.500001][T15606] usb 3-1: USB disconnect, device number 33 [ 1078.547031][T15606] Unregistered device Elgato EyeTV DTT Deluxe [ 1078.560280][T15606] as10x_usb: device has been disconnected [ 1078.643800][T19661] vivid-000: disconnect [ 1078.648611][T19660] vivid-000: reconnect [ 1078.998983][T19672] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3882'. [ 1080.751308][ T30] kauditd_printk_skb: 55 callbacks suppressed [ 1080.751328][ T30] audit: type=1326 audit(1767512731.127:2532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19695 comm="syz.3.3894" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f50f638f749 code=0x0 [ 1080.753799][T19689] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1082.141443][T19740] syzkaller0: entered promiscuous mode [ 1082.147113][T19740] syzkaller0: entered allmulticast mode [ 1082.243901][ T7537] Bluetooth: hci3: command 0x0406 tx timeout [ 1082.356763][T19743] pim6reg: entered allmulticast mode [ 1086.218863][ T5953] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 1086.252331][ T980] IPVS: starting estimator thread 0... [ 1086.348898][T19798] IPVS: using max 27 ests per chain, 64800 per kthread [ 1086.399192][ T5953] usb 3-1: Using ep0 maxpacket: 32 [ 1086.407371][ T5953] usb 3-1: config index 0 descriptor too short (expected 60946, got 18) [ 1086.428808][ T5953] usb 3-1: config 0 has an invalid interface number: 0 but max is -1 [ 1086.436983][ T5953] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 1086.459141][ T5953] usb 3-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91 [ 1086.481207][ T5953] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1086.509850][ T5953] usb 3-1: config 0 descriptor?? [ 1086.520463][ T5953] gspca_main: sunplus-2.14.0 probing 0458:7006 [ 1086.699472][T19805] bridge0: port 3(syz_tun) entered blocking state [ 1086.707092][T19805] bridge0: port 3(syz_tun) entered disabled state [ 1086.779383][T19805] syz_tun: entered allmulticast mode [ 1086.814935][T19805] syz_tun: entered promiscuous mode [ 1086.835439][T19805] bridge0: port 3(syz_tun) entered blocking state [ 1086.842872][T19805] bridge0: port 3(syz_tun) entered listening state [ 1086.898552][T19807] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3936'. [ 1086.941659][T19807] bridge0: port 3(syz_tun) entered disabled state [ 1087.133183][ T5953] gspca_sunplus: reg_w_riv err -71 [ 1087.144438][T19807] syz_tun (unregistering): left allmulticast mode [ 1087.158319][ T5953] sunplus 3-1:0.0: probe with driver sunplus failed with error -71 [ 1087.207906][ T5953] usb 3-1: USB disconnect, device number 34 [ 1087.232523][T19807] syz_tun (unregistering): left promiscuous mode [ 1087.258371][T19807] bridge0: port 3(syz_tun) entered disabled state [ 1087.989230][T15604] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 1088.194677][T15604] usb 3-1: too many configurations: 9, using maximum allowed: 8 [ 1088.215324][T15604] usb 3-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 1088.225016][T15604] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1088.236728][T15604] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 1088.247687][T15604] usb 3-1: config 64 interface 0 has no altsetting 0 [ 1088.257058][T15604] usb 3-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 1088.302316][T15604] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1088.314093][T15604] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 1088.324467][T15604] usb 3-1: config 64 interface 0 has no altsetting 0 [ 1088.332855][T15604] usb 3-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 1088.342865][T15604] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1088.359729][T15604] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 1088.437934][T15604] usb 3-1: config 64 interface 0 has no altsetting 0 [ 1088.476870][T15604] usb 3-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 1088.519425][T15604] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1088.579733][T15604] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 1088.612627][T15604] usb 3-1: config 64 interface 0 has no altsetting 0 [ 1088.640168][T15604] usb 3-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 1088.670551][T15604] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1088.703997][T15604] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 1088.766293][T15604] usb 3-1: config 64 interface 0 has no altsetting 0 [ 1088.794869][T15604] usb 3-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 1088.814443][T15604] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1088.864903][T15604] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 1088.896054][T15604] usb 3-1: config 64 interface 0 has no altsetting 0 [ 1088.910678][T15604] usb 3-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 1088.937900][T15604] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1088.974819][T19840] syz_tun: entered allmulticast mode [ 1088.981493][T15604] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 1089.010241][T15604] usb 3-1: config 64 interface 0 has no altsetting 0 [ 1089.034122][T15604] usb 3-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 1089.065293][T15604] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1089.108355][T15604] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 1089.142233][T15604] usb 3-1: config 64 interface 0 has no altsetting 0 [ 1089.166261][T15604] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1089.198685][T15604] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1089.221213][T15604] usb 3-1: Product: syz [ 1089.241764][T15604] usb 3-1: Manufacturer: syz [ 1089.246442][T15604] usb 3-1: SerialNumber: syz [ 1089.305302][T15604] yurex 3-1:64.0: Could not submitting URB [ 1089.335943][T15604] yurex 3-1:64.0: probe with driver yurex failed with error -5 [ 1089.419543][T15605] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 1089.525331][ T5918] usb 3-1: USB disconnect, device number 35 [ 1089.678854][T15605] usb 4-1: Using ep0 maxpacket: 32 [ 1089.697685][T15605] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1089.718819][T15605] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1089.728638][T15605] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1089.759373][T15605] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1089.778271][T15605] usb 4-1: config 0 descriptor?? [ 1089.810060][T15605] hub 4-1:0.0: USB hub found [ 1090.023896][T15605] hub 4-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 1090.209148][ T129] usb 2-1: new full-speed USB device number 86 using dummy_hcd [ 1090.219301][T19862] random: crng reseeded on system resumption [ 1090.389368][ T129] usb 2-1: config 2 has an invalid interface number: 211 but max is 0 [ 1090.418114][ T129] usb 2-1: config 2 has no interface number 0 [ 1090.437402][T15605] hid-generic 0003:046D:C31C.0025: unknown main item tag 0x0 [ 1090.446903][ T129] usb 2-1: config 2 interface 211 altsetting 0 endpoint 0x4 has invalid maxpacket 512, setting to 64 [ 1090.481470][ T129] usb 2-1: config 2 interface 211 altsetting 0 endpoint 0x82 has an invalid bInterval 97, changing to 4 [ 1090.502181][T15605] hid-generic 0003:046D:C31C.0025: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.3-1/input0 [ 1090.525115][ T129] usb 2-1: config 2 interface 211 altsetting 0 endpoint 0x82 has invalid maxpacket 24929, setting to 1023 [ 1090.564853][ T129] usb 2-1: New USB device found, idVendor=2040, idProduct=8268, bcdDevice=27.95 [ 1090.584650][ T129] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1090.602768][ T129] usb 2-1: Product: syz [ 1090.617226][ T129] usb 2-1: Manufacturer: syz [ 1090.625745][ T129] usb 2-1: SerialNumber: syz [ 1090.648493][T19858] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1090.693257][ T129] em28xx 2-1:2.211: New device syz syz @ 12 Mbps (2040:8268, interface 211, class 211) [ 1090.708094][ T129] em28xx 2-1:2.211: Device initialization failed. [ 1090.715291][ T129] em28xx 2-1:2.211: Device must be connected to a high-speed USB 2.0 port. [ 1090.890731][T15606] usb 2-1: USB disconnect, device number 86 [ 1091.004783][T19878] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3961'. [ 1091.018348][T19878] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3961'. [ 1091.028406][T19878] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3961'. [ 1091.047183][T19878] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3961'. [ 1091.059844][T19878] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3961'. [ 1091.125437][T19880] lo: entered allmulticast mode [ 1091.378143][T19846] usb 4-1: reset high-speed USB device number 28 using dummy_hcd [ 1091.778035][T19846] usbhid 4-1:0.0: reset_resume error -1 [ 1091.958881][ T5953] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 1091.999762][ T5918] usb 4-1: USB disconnect, device number 28 [ 1092.118922][ T5953] usb 5-1: Using ep0 maxpacket: 32 [ 1092.131941][ T5953] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 1092.155781][ T5953] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 1092.173327][ T5953] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 1092.195059][ T5953] usb 5-1: Product: syz [ 1092.204552][ T5953] usb 5-1: Manufacturer: syz [ 1092.209651][ T5953] usb 5-1: SerialNumber: syz [ 1092.217497][ T5953] usb 5-1: config 0 descriptor?? [ 1092.240335][T19890] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 1092.250485][ T5953] hub 5-1:0.0: bad descriptor, ignoring hub [ 1092.256455][ T5953] hub 5-1:0.0: probe with driver hub failed with error -5 [ 1092.889712][ T129] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 1093.051423][ T129] usb 4-1: Using ep0 maxpacket: 32 [ 1093.073717][ T129] usb 4-1: config 4 has an invalid interface number: 225 but max is 1 [ 1093.098197][ T129] usb 4-1: config 4 has an invalid interface number: 196 but max is 1 [ 1093.126307][ T129] usb 4-1: config 4 has no interface number 0 [ 1093.149277][ T129] usb 4-1: config 4 has no interface number 1 [ 1093.150285][T19915] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3976'. [ 1093.170924][ T129] usb 4-1: config 4 interface 225 altsetting 9 endpoint 0xC has invalid maxpacket 512, setting to 64 [ 1093.212688][ T129] usb 4-1: config 4 interface 225 altsetting 9 endpoint 0xA has invalid maxpacket 1023, setting to 64 [ 1093.244283][ T129] usb 4-1: config 4 interface 225 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 1093.276192][ T129] usb 4-1: config 4 interface 225 has no altsetting 0 [ 1093.293772][ T129] usb 4-1: config 4 interface 196 has no altsetting 0 [ 1093.311518][ T129] usb 4-1: New USB device found, idVendor=1199, idProduct=683c, bcdDevice=fb.51 [ 1093.338909][ T129] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1093.378438][ T129] usb 4-1: Product: 䀕 [ 1093.398676][ T129] usb 4-1: Manufacturer: чꅢﶎ걄胰澸爄陿嫑㯤鹼뱚備즐䠢綞㹷⍞࠸⩉掺똥쨋譅翿膙炘搓ꉄ룳焢簊ᰘ䫓⥣䳐Ი팦銏⁽糨㆚誜ѩ咽囋譒녠鮹⺼Ꮣ⬮ᜈ鮟ળ拺騢ꍪ톜䉟蠤⤣㏦꾾ෂ骿絀♨ꔻ䗗붾齱녁䴠肼琠䱶靱컜ㆯ䙥т䜯綿㐘旖纪瓃왕斃秙ᴍ稥瘭鉸雉踁 [ 1093.704114][ T129] sierra 4-1:4.225: Sierra USB modem converter detected [ 1093.729847][ T129] usb 4-1: Sierra USB modem converter now attached to ttyUSB0 [ 1093.764051][ T129] sierra 4-1:4.196: Sierra USB modem converter detected [ 1093.797479][ T129] usb 4-1: Sierra USB modem converter now attached to ttyUSB1 [ 1093.852876][T19925] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3981'. [ 1093.867101][ T129] usb 4-1: USB disconnect, device number 29 [ 1093.900237][ T38] raw-gadget.1 gadget.4: failed to queue suspend event [ 1093.935006][ T129] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 1093.960016][ T129] sierra 4-1:4.225: device disconnected [ 1093.992479][ T129] sierra ttyUSB1: Sierra USB modem converter now disconnected from ttyUSB1 [ 1094.002343][T19904] raw-gadget.1 gadget.4: failed to queue resume event [ 1094.022242][ T129] sierra 4-1:4.196: device disconnected [ 1094.053480][ T38] raw-gadget.1 gadget.4: failed to queue suspend event [ 1094.139675][T19904] raw-gadget.1 gadget.4: failed to queue resume event [ 1094.161985][ T3801] raw-gadget.1 gadget.4: failed to queue suspend event [ 1094.259016][T19904] raw-gadget.1 gadget.4: failed to queue resume event [ 1094.327997][ T3965] raw-gadget.1 gadget.4: failed to queue suspend event [ 1094.398920][T19904] raw-gadget.1 gadget.4: failed to queue resume event [ 1094.439703][ T1107] raw-gadget.1 gadget.4: failed to queue suspend event [ 1094.539098][T19904] raw-gadget.1 gadget.4: failed to queue resume event [ 1094.576134][ T3965] raw-gadget.1 gadget.4: failed to queue suspend event [ 1094.668978][T19904] raw-gadget.1 gadget.4: failed to queue resume event [ 1094.710028][ T6089] raw-gadget.1 gadget.4: failed to queue suspend event [ 1094.799078][T19904] raw-gadget.1 gadget.4: failed to queue resume event [ 1094.839642][ T3965] raw-gadget.1 gadget.4: failed to queue suspend event [ 1094.940114][T19904] raw-gadget.1 gadget.4: failed to queue resume event [ 1094.980583][ T6089] raw-gadget.1 gadget.4: failed to queue suspend event [ 1095.022660][T19904] raw-gadget.1 gadget.4: failed to queue disconnect event [ 1095.039738][ T5918] usb 5-1: USB disconnect, device number 28 [ 1095.113141][T19956] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3993'. [ 1096.550931][T19982] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4002'. [ 1097.518071][T20006] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4013'. [ 1099.045301][T20041] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4025'. [ 1099.594735][T20071] netlink: 148 bytes leftover after parsing attributes in process `syz.3.4038'. [ 1100.874691][T20115] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4057'. [ 1101.748703][T20147] netlink: 64691 bytes leftover after parsing attributes in process `syz.2.4071'. [ 1102.139835][T20156] loop2: detected capacity change from 0 to 7 [ 1102.146981][T20156] loop2: [ 1102.150098][T20156] loop2: partition table partially beyond EOD, truncated [ 1102.219184][T20160] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4077'. [ 1102.636925][T20175] netlink: 'syz.3.4083': attribute type 4 has an invalid length. [ 1102.723496][ T7537] Bluetooth: hci4: command 0x0406 tx timeout [ 1103.237216][T20187] netlink: 180 bytes leftover after parsing attributes in process `syz.1.4086'. [ 1103.858914][T15605] usb 5-1: new full-speed USB device number 29 using dummy_hcd [ 1104.040864][T15605] usb 5-1: config 0 has no interfaces? [ 1104.049951][T15605] usb 5-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 1104.067157][T15605] usb 5-1: New USB device strings: Mfr=32, Product=0, SerialNumber=0 [ 1104.087497][T15605] usb 5-1: Manufacturer: syz [ 1104.099770][T15605] usb 5-1: config 0 descriptor?? [ 1104.354394][T20207] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4096'. [ 1104.369748][T20207] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4096'. [ 1104.387264][T20207] team0: entered promiscuous mode [ 1104.394137][T20207] team_slave_0: entered promiscuous mode [ 1104.408222][T20207] team_slave_1: entered promiscuous mode [ 1104.416623][T20207] team0: left promiscuous mode [ 1104.422113][T20207] team_slave_0: left promiscuous mode [ 1104.428014][T20207] team_slave_1: left promiscuous mode [ 1104.595375][ T5953] usb 5-1: USB disconnect, device number 29 [ 1104.688308][T20255] kvm_intel: kvm [20254]: vcpu0, guest rIP: 0x0 Unhandled WRMSR(0x1d9) = 0xeec7f47d563e95bb [ 1104.706293][T20255] kvm_intel: kvm [20254]: vcpu0, guest rIP: 0x0 Unhandled WRMSR(0x1d9) = 0xeec7f47d563e95bb [ 1104.717392][T20255] kvm_intel: kvm [20254]: vcpu0, guest rIP: 0x0 Unhandled WRMSR(0x1d9) = 0xeec7f47d563e95bb [ 1105.328973][ T129] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 1105.489186][ T129] usb 4-1: Using ep0 maxpacket: 8 [ 1105.500886][ T129] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1023 [ 1105.518839][ T129] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 1105.551145][ T129] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1105.562648][ T129] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1105.588998][ T129] usb 4-1: Product: syz [ 1105.601240][ T129] usb 4-1: Manufacturer: syz [ 1105.606470][ T129] usb 4-1: SerialNumber: syz [ 1105.837448][ T129] cdc_ncm 4-1:1.0: bind() failure [ 1105.871642][ T129] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 1105.908907][ T129] cdc_ncm 4-1:1.1: bind() failure [ 1105.930156][ T129] usb 4-1: USB disconnect, device number 30 [ 1106.872221][T20338] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4152'. [ 1106.937442][T20342] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4152'. [ 1110.981580][T20445] bridge0: port 2(bridge_slave_1) entered disabled state [ 1110.989004][T20445] bridge0: port 1(bridge_slave_0) entered disabled state [ 1111.336828][T20445] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1111.367581][T20445] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1111.707408][T20445] sit1: left allmulticast mode [ 1112.052131][ T38] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1112.061419][ T38] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1112.087423][ T38] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1112.110518][ T38] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1112.124503][ T38] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1112.171410][ T38] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1112.200131][ T38] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1112.225093][ T38] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1112.339650][T20483] fuse: Unknown parameter 'group_id00000000000000000000' [ 1112.833316][T20505] batadv_slave_1: entered promiscuous mode [ 1112.858643][T20504] batadv_slave_1: left promiscuous mode [ 1113.111772][T20514] fuse: Bad value for 'user_id' [ 1113.116935][T20514] fuse: Bad value for 'user_id' [ 1113.538948][T15606] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 1113.614240][T20528] syzkaller0: entered promiscuous mode [ 1113.620361][T20528] syzkaller0: entered allmulticast mode [ 1113.698899][T15606] usb 5-1: Using ep0 maxpacket: 8 [ 1113.710861][T15606] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1023 [ 1113.731426][T15606] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 1113.754432][T15606] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1113.772997][T15606] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1113.783241][T15606] usb 5-1: Product: syz [ 1113.808809][T15606] usb 5-1: Manufacturer: syz [ 1113.813491][T15606] usb 5-1: SerialNumber: syz [ 1113.904736][T20540] fuse: Bad value for 'user_id' [ 1113.914114][T20540] fuse: Bad value for 'user_id' [ 1114.071593][T15606] cdc_ncm 5-1:1.0: bind() failure [ 1114.102384][T15606] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 1114.124721][T15606] cdc_ncm 5-1:1.1: bind() failure [ 1114.152399][T15606] usb 5-1: USB disconnect, device number 30 [ 1114.507868][T20558] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4246'. [ 1114.704468][T20564] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4249'. [ 1115.051311][T20571] fuse: Bad value for 'user_id' [ 1115.056287][T20571] fuse: Bad value for 'user_id' [ 1117.294673][T20558] syz_tun (unregistering): left allmulticast mode [ 1117.315309][T20560] netlink: 180 bytes leftover after parsing attributes in process `syz.0.4247'. [ 1117.811903][T20597] fuse: Bad value for 'fd' [ 1117.969135][T15605] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 1118.078867][ T5151] Bluetooth: hci0: command 0x0406 tx timeout [ 1118.129124][T15605] usb 3-1: Using ep0 maxpacket: 8 [ 1118.156783][T15605] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1023 [ 1118.182808][T15605] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 1118.245816][T15605] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1118.278216][T15605] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1118.297099][T15605] usb 3-1: Product: syz [ 1118.304435][T15605] usb 3-1: Manufacturer: syz [ 1118.309895][T15605] usb 3-1: SerialNumber: syz [ 1118.325584][T20617] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4270'. [ 1118.345450][T20619] netlink: 180 bytes leftover after parsing attributes in process `syz.3.4272'. [ 1118.548472][T15605] cdc_ncm 3-1:1.0: bind() failure [ 1118.592643][T15605] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 1118.611447][T15605] cdc_ncm 3-1:1.1: bind() failure [ 1118.641967][T15605] usb 3-1: USB disconnect, device number 36 [ 1119.366010][T20648] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4284'. [ 1119.934212][T20671] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4296'. [ 1120.042487][T20669] syzkaller0: entered promiscuous mode [ 1120.048107][T20669] syzkaller0: entered allmulticast mode [ 1120.079597][T15602] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 1120.258981][T15602] usb 5-1: Using ep0 maxpacket: 8 [ 1120.303764][T15602] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1023 [ 1120.325887][T15602] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 1120.365064][T15602] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1120.388373][T15602] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1120.412904][T15602] usb 5-1: Product: syz [ 1120.445636][T15602] usb 5-1: Manufacturer: syz [ 1120.455966][T15602] usb 5-1: SerialNumber: syz [ 1121.138309][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1121.146403][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1121.484895][T15602] cdc_ncm 5-1:1.0: bind() failure [ 1121.501879][T15602] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 1121.515944][T15602] cdc_ncm 5-1:1.1: bind() failure [ 1121.527247][T15602] usb 5-1: USB disconnect, device number 31 [ 1123.671723][T20725] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4316'. [ 1123.679632][T20723] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4314'. [ 1123.932126][T20735] loop2: detected capacity change from 0 to 7 [ 1123.966764][T17121] Dev loop2: unable to read RDB block 7 [ 1123.979991][T17121] loop2: unable to read partition table [ 1123.988111][T17121] loop2: partition table beyond EOD, truncated [ 1124.007528][T20735] Dev loop2: unable to read RDB block 7 [ 1124.026476][T20735] loop2: unable to read partition table [ 1124.044710][T20735] loop2: partition table beyond EOD, truncated [ 1124.059053][T20735] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 1124.102016][ T5201] Dev loop2: unable to read RDB block 7 [ 1124.107672][ T5201] loop2: unable to read partition table [ 1124.139063][ T5201] loop2: partition table beyond EOD, truncated [ 1124.445744][T20754] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4330'. [ 1124.709677][T20765] fuse: Invalid rootmode [ 1124.828955][T15605] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 1124.896058][T20767] syzkaller0: entered promiscuous mode [ 1124.901870][T20767] syzkaller0: entered allmulticast mode [ 1125.000599][T15605] usb 3-1: too many configurations: 9, using maximum allowed: 8 [ 1125.021270][T15605] usb 3-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 1125.051413][T15605] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1125.082976][T15605] usb 3-1: config 64 interface 0 has no altsetting 0 [ 1125.099922][T15605] usb 3-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 1125.115945][T15605] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1125.127651][T15605] usb 3-1: config 64 interface 0 has no altsetting 0 [ 1125.165691][T15605] usb 3-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 1125.176534][T15605] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1125.204029][T15605] usb 3-1: config 64 interface 0 has no altsetting 0 [ 1125.229149][T15605] usb 3-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 1125.249469][T15605] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1125.267082][T15605] usb 3-1: config 64 interface 0 has no altsetting 0 [ 1125.285949][T15605] usb 3-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 1125.295294][T15605] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1125.324282][T15605] usb 3-1: config 64 interface 0 has no altsetting 0 [ 1125.346969][T15605] usb 3-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 1125.368886][T15605] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1125.399132][T15605] usb 3-1: config 64 interface 0 has no altsetting 0 [ 1125.408162][T15605] usb 3-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 1125.439231][T15605] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1125.469361][T15605] usb 3-1: config 64 interface 0 has no altsetting 0 [ 1125.481319][T15605] usb 3-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 1125.500735][T15605] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1125.512742][T15605] usb 3-1: config 64 interface 0 has no altsetting 0 [ 1125.526421][T15605] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1125.546856][T15605] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1125.566476][T15605] usb 3-1: Product: syz [ 1125.574037][T15605] usb 3-1: Manufacturer: syz [ 1125.586105][T15605] usb 3-1: SerialNumber: syz [ 1125.609301][T15605] yurex 3-1:64.0: USB YUREX device now attached to Yurex #0 [ 1125.823510][T15605] usb 3-1: USB disconnect, device number 37 [ 1125.842579][T15605] yurex 3-1:64.0: USB YUREX #0 now disconnected [ 1126.436269][T20798] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4344'. [ 1126.924868][T20811] loop2: detected capacity change from 0 to 7 [ 1126.941328][T20811] Dev loop2: unable to read RDB block 7 [ 1126.948839][T20811] loop2: AHDI p1 p2 p3 [ 1126.953350][T20811] loop2: partition table partially beyond EOD, truncated [ 1126.968664][T20811] loop2: p1 start 1818582900 is beyond EOD, truncated [ 1126.988966][T20811] loop2: p3 start 335544320 is beyond EOD, truncated [ 1127.035962][ T5201] Dev loop2: unable to read RDB block 7 [ 1127.042589][ T5201] loop2: AHDI p1 p2 p3 [ 1127.065525][ T5201] loop2: partition table partially beyond EOD, truncated [ 1127.083816][ T5201] loop2: p1 start 1818582900 is beyond EOD, truncated [ 1127.091069][ T5201] loop2: p3 start 335544320 is beyond EOD, truncated [ 1128.319767][ T5151] Bluetooth: hci2: command 0x0406 tx timeout [ 1129.298270][T20784] bridge0: port 2(bridge_slave_1) entered disabled state [ 1129.306059][T20784] bridge0: port 1(bridge_slave_0) entered disabled state [ 1129.385336][ T30] audit: type=1326 audit(1767512779.747:2533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20866 comm="syz.1.4373" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6c6af8f749 code=0x0 [ 1129.439041][T20784] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1129.454058][T20784] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1129.586936][T20796] netlink: 148 bytes leftover after parsing attributes in process `syz.3.4348'. [ 1129.604217][T20870] fuse: Bad value for 'rootmode' [ 1129.639580][ T3731] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1129.651514][ T3731] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1129.723819][ T3731] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1129.754371][ T3731] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1129.819405][T20878] xt_connbytes: Forcing CT accounting to be enabled [ 1129.946153][T20885] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4379'. [ 1130.326916][T20905] fuse: Bad value for 'rootmode' [ 1130.350471][T20899] syzkaller0: entered promiscuous mode [ 1130.355991][T20899] syzkaller0: entered allmulticast mode [ 1130.423972][T20898] syzkaller0: entered promiscuous mode [ 1130.431396][T20898] syzkaller0: entered allmulticast mode [ 1135.121608][T20932] netlink: 148 bytes leftover after parsing attributes in process `syz.2.4396'. [ 1135.857120][T21014] syzkaller0: entered promiscuous mode [ 1135.878841][T21014] syzkaller0: entered allmulticast mode [ 1139.596897][T21025] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1140.136060][T21146] netlink: 'syz.2.4483': attribute type 1 has an invalid length. [ 1140.208869][T21151] bond1: (slave gretap1): making interface the new active one [ 1140.217558][T21151] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 1140.596707][T21171] netlink: 27 bytes leftover after parsing attributes in process `syz.3.4494'. [ 1141.180733][T21198] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4506'. [ 1141.682446][T21227] fuse: Bad value for 'fd' [ 1141.684599][T21226] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4518'. [ 1142.660522][T21269] loop2: detected capacity change from 0 to 7 [ 1142.687137][T21269] Dev loop2: unable to read RDB block 7 [ 1142.699179][T21269] loop2: AHDI p1 p2 p3 [ 1142.711737][T21269] loop2: partition table partially beyond EOD, truncated [ 1142.732445][T21269] loop2: p1 start 1818582900 is beyond EOD, truncated [ 1142.761715][T21269] loop2: p3 start 335544320 is beyond EOD, truncated [ 1142.786118][ T5201] Dev loop2: unable to read RDB block 7 [ 1142.813826][ T5201] loop2: AHDI p1 p2 p3 [ 1142.820689][ T5201] loop2: partition table partially beyond EOD, truncated [ 1142.827963][ T5201] loop2: p1 start 1818582900 is beyond EOD, truncated [ 1142.844460][ T5201] loop2: p3 start 335544320 is beyond EOD, truncated [ 1145.100026][T21381] loop2: detected capacity change from 0 to 7 [ 1145.135002][T18827] Dev loop2: unable to read RDB block 7 [ 1145.165886][T18827] loop2: AHDI p1 p2 p3 [ 1145.192017][T18827] loop2: partition table partially beyond EOD, truncated [ 1145.199449][T18827] loop2: p1 start 1818582900 is beyond EOD, truncated [ 1145.206377][T18827] loop2: p3 start 335544320 is beyond EOD, truncated [ 1145.240452][T21381] Dev loop2: unable to read RDB block 7 [ 1145.246634][T21381] loop2: AHDI p1 p2 p3 [ 1145.253735][T21381] loop2: partition table partially beyond EOD, truncated [ 1145.266074][T21381] loop2: p1 start 1818582900 is beyond EOD, truncated [ 1145.275915][T21381] loop2: p3 start 335544320 is beyond EOD, truncated [ 1145.849936][T21417] loop2: detected capacity change from 0 to 7 [ 1145.857526][T21417] Dev loop2: unable to read RDB block 7 [ 1145.864138][T21417] loop2: AHDI p1 p2 p3 [ 1145.868540][T21417] loop2: partition table partially beyond EOD, truncated [ 1145.880476][T21417] loop2: p1 start 1818582900 is beyond EOD, truncated [ 1145.887456][T21417] loop2: p3 start 335544320 is beyond EOD, truncated [ 1145.912103][ T5201] Dev loop2: unable to read RDB block 7 [ 1145.917753][ T5201] loop2: AHDI p1 p2 p3 [ 1145.927442][ T5201] loop2: partition table partially beyond EOD, truncated [ 1145.939618][ T5201] loop2: p1 start 1818582900 is beyond EOD, truncated [ 1145.946486][ T5201] loop2: p3 start 335544320 is beyond EOD, truncated [ 1146.518788][T21439] xt_connbytes: Forcing CT accounting to be enabled [ 1146.560625][T21442] sctp: [Deprecated]: syz.0.4607 (pid 21442) Use of int in max_burst socket option. [ 1146.560625][T21442] Use struct sctp_assoc_value instead [ 1146.853776][T21452] loop2: detected capacity change from 0 to 7 [ 1146.861207][T21452] Dev loop2: unable to read RDB block 7 [ 1146.866832][T21452] loop2: AHDI p1 p2 p3 [ 1146.880483][T21452] loop2: partition table partially beyond EOD, truncated [ 1146.888215][T21452] loop2: p1 start 1818582900 is beyond EOD, truncated [ 1146.898188][T21452] loop2: p3 start 335544320 is beyond EOD, truncated [ 1147.256200][T21466] syzkaller0: entered promiscuous mode [ 1147.262043][T21466] syzkaller0: entered allmulticast mode [ 1150.767070][T21498] syzkaller0: entered promiscuous mode [ 1150.772827][T21498] syzkaller0: entered allmulticast mode [ 1150.784209][T21521] netlink: 180 bytes leftover after parsing attributes in process `syz.2.4637'. [ 1151.887055][T21551] netlink: 52 bytes leftover after parsing attributes in process `syz.2.4649'. [ 1153.474196][T21551] bridge0: port 2(bridge_slave_1) entered disabled state [ 1153.484104][T21551] bridge0: port 1(bridge_slave_0) entered disabled state [ 1153.925401][T21576] netlink: 27 bytes leftover after parsing attributes in process `syz.1.4659'. [ 1154.175826][T21583] syzkaller0: entered promiscuous mode [ 1154.187508][T21583] syzkaller0: entered allmulticast mode [ 1156.591701][T21589] syzkaller0: entered promiscuous mode [ 1156.597228][T21589] syzkaller0: entered allmulticast mode [ 1156.605799][T21599] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4668'. [ 1156.615793][T21601] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4668'. [ 1156.625357][T21603] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4668'. [ 1159.618493][T21636] netlink: 180 bytes leftover after parsing attributes in process `syz.0.4682'. [ 1159.756127][T21648] syzkaller0: entered promiscuous mode [ 1159.774521][T21648] syzkaller0: entered allmulticast mode [ 1162.185769][T21684] netlink: 180 bytes leftover after parsing attributes in process `syz.3.4699'. [ 1162.380510][T21694] bridge0: port 3(syz_tun) entered blocking state [ 1162.406805][T21694] bridge0: port 3(syz_tun) entered disabled state [ 1162.429469][T21694] syz_tun: entered allmulticast mode [ 1162.465383][T21694] syz_tun: left allmulticast mode [ 1162.749917][T21717] netlink: 148 bytes leftover after parsing attributes in process `syz.0.4712'. [ 1162.924202][T21719] syzkaller0: entered promiscuous mode [ 1162.938477][T21719] syzkaller0: entered allmulticast mode [ 1164.625172][T21751] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4725'. [ 1165.342713][T21729] dvmrp1: tun_chr_ioctl cmd 1074025677 [ 1165.348519][T21729] dvmrp1: linktype set to 804 [ 1165.358268][T21733] netlink: 'syz.1.4718': attribute type 30 has an invalid length. [ 1165.377064][T21733] bridge0: port 2(bridge_slave_1) entered disabled state [ 1167.644113][T21847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1167.677776][T21847] 8021q: adding VLAN 0 to HW filter on device team0 [ 1167.733268][T21847] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1168.227106][T21867] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4772'. [ 1168.381482][T21873] loop2: detected capacity change from 0 to 7 [ 1168.394641][T21696] Dev loop2: unable to read RDB block 7 [ 1168.429651][T21696] loop2: AHDI p1 p2 p3 [ 1168.434059][T21696] loop2: partition table partially beyond EOD, truncated [ 1168.448375][T21867] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1168.485500][T21696] loop2: p1 start 1818582900 is beyond EOD, truncated [ 1168.521913][T21696] loop2: p3 start 335544320 is beyond EOD, truncated [ 1168.553784][T21873] Dev loop2: unable to read RDB block 7 [ 1168.583546][T21873] loop2: AHDI p1 p2 p3 [ 1168.595971][T21873] loop2: partition table partially beyond EOD, truncated [ 1168.614822][T21873] loop2: p1 start 1818582900 is beyond EOD, truncated [ 1168.643146][T21873] loop2: p3 start 335544320 is beyond EOD, truncated [ 1169.770787][T21943] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4804'. [ 1169.784136][T21943] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4804'. [ 1169.930778][T21948] syzkaller0: entered promiscuous mode [ 1169.939551][T21948] syzkaller0: entered allmulticast mode [ 1170.699322][T21977] x_tables: ip6_tables: icmp6 match: only valid for protocol 58 [ 1170.721968][T21978] netlink: 27 bytes leftover after parsing attributes in process `syz.2.4816'. [ 1173.074129][T22013] af_packet: tpacket_rcv: packet too big, clamped from 42 to 4294967286. macoff=82 [ 1173.549345][T22033] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4840'. [ 1173.559489][T22033] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4840'. [ 1174.915240][T22105] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4869'. [ 1175.719752][T22139] kvm: pic: non byte write [ 1175.778474][T22145] loop2: detected capacity change from 0 to 7 [ 1175.794628][T22145] loop2: [ 1175.800083][T22145] loop2: partition table partially beyond EOD, truncated [ 1176.047518][T22156] kvm: pic: single mode not supported [ 1176.050028][T22156] kvm: pic: single mode not supported [ 1176.056619][T22156] kvm: pic: level sensitive irq not supported [ 1177.323577][T22201] netlink: 148 bytes leftover after parsing attributes in process `syz.4.4904'. [ 1177.440367][ T9] kworker/0:0 (9) used greatest stack depth: 15832 bytes left [ 1179.995309][T22293] syzkaller0: entered promiscuous mode [ 1180.001478][T22293] syzkaller0: entered allmulticast mode [ 1180.077636][T22295] loop2: detected capacity change from 0 to 7 [ 1180.088046][T22295] Dev loop2: unable to read RDB block 7 [ 1180.094244][T22295] loop2: AHDI p1 p2 [ 1180.098566][T22295] loop2: partition table partially beyond EOD, truncated [ 1180.106138][T22295] loop2: p1 start 1818582900 is beyond EOD, truncated [ 1180.824073][T22305] netlink: 68 bytes leftover after parsing attributes in process `syz.0.4943'. [ 1182.567996][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1182.574554][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1182.635652][T22336] loop2: detected capacity change from 0 to 7 [ 1182.646457][T22336] Dev loop2: unable to read RDB block 7 [ 1182.652494][T22336] loop2: AHDI p1 p2 [ 1182.656643][T22336] loop2: partition table partially beyond EOD, truncated [ 1182.664117][T22336] loop2: p1 start 1818582900 is beyond EOD, truncated [ 1182.965799][T22334] netlink: 148 bytes leftover after parsing attributes in process `syz.1.4954'. [ 1183.126704][T22350] kvm: MWAIT instruction emulated as NOP! [ 1183.180233][ T129] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 1183.348972][ T129] usb 4-1: Using ep0 maxpacket: 8 [ 1183.356461][ T129] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1023 [ 1183.375300][ T129] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 1183.390686][ T129] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1183.410186][ T129] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1183.426045][ T129] usb 4-1: Product: syz [ 1183.444148][ T129] usb 4-1: Manufacturer: syz [ 1183.449255][ T129] usb 4-1: SerialNumber: syz [ 1184.145592][ T129] cdc_ncm 4-1:1.0: bind() failure [ 1184.174171][ T129] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 1184.181804][ T129] cdc_ncm 4-1:1.1: bind() failure [ 1184.200746][ T129] usb 4-1: USB disconnect, device number 31 [ 1184.266901][T22376] syzkaller0: entered promiscuous mode [ 1184.272631][T22376] syzkaller0: entered allmulticast mode [ 1186.515514][T22384] netlink: 148 bytes leftover after parsing attributes in process `syz.0.4971'. [ 1186.607467][T22389] syzkaller0: entered promiscuous mode [ 1186.614794][T22389] syzkaller0: entered allmulticast mode [ 1186.665034][T22394] loop2: detected capacity change from 0 to 7 [ 1186.677656][T22394] Dev loop2: unable to read RDB block 7 [ 1186.683970][T22394] loop2: AHDI p1 p2 [ 1186.688037][T22394] loop2: partition table partially beyond EOD, truncated [ 1186.708053][T22394] loop2: p1 start 1818582900 is beyond EOD, truncated [ 1187.081120][T22409] netlink: 68 bytes leftover after parsing attributes in process `syz.4.4981'. [ 1190.419119][T22419] netlink: 148 bytes leftover after parsing attributes in process `syz.3.4983'. [ 1190.993825][T22459] : entered promiscuous mode [ 1190.998759][T22459] bond_slave_1: entered promiscuous mode [ 1191.013507][T22459] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1191.026700][T22459] bond1: (slave macvlan2): Enslaving as an active interface with an up link [ 1191.064379][T22467] netlink: 148 bytes leftover after parsing attributes in process `syz.3.5001'. [ 1191.717816][T22498] netlink: 148 bytes leftover after parsing attributes in process `syz.0.5014'. [ 1192.309977][T22528] netlink: 148 bytes leftover after parsing attributes in process `syz.1.5026'. [ 1193.081192][T22558] netlink: 148 bytes leftover after parsing attributes in process `syz.0.5039'. [ 1193.548982][T22569] program syz.4.5044 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1194.184142][T22587] netlink: 148 bytes leftover after parsing attributes in process `syz.3.5050'. [ 1194.607927][T22602] program syz.3.5056 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1195.046096][T22617] netlink: 148 bytes leftover after parsing attributes in process `syz.1.5061'. [ 1195.355490][T22632] syzkaller0: entered promiscuous mode [ 1195.371921][T22632] syzkaller0: entered allmulticast mode [ 1195.438595][T22636] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 1195.569062][T22642] tap0: tun_chr_ioctl cmd 1074025677 [ 1195.574853][T22642] tap0: linktype set to 0 [ 1195.710068][T22647] netlink: 148 bytes leftover after parsing attributes in process `syz.1.5074'. [ 1195.930810][T22661] program syz.4.5082 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1196.040403][T22664] No such timeout policy "syz0" [ 1196.110765][T22670] syzkaller0: entered promiscuous mode [ 1196.116314][T22670] syzkaller0: entered allmulticast mode [ 1196.241167][T22674] netlink: 148 bytes leftover after parsing attributes in process `syz.0.5090'. [ 1196.570634][T22693] program syz.1.5096 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1197.008551][T22706] syzkaller0: entered promiscuous mode [ 1197.026272][T22706] syzkaller0: entered allmulticast mode [ 1197.068270][T22714] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5105'. [ 1197.177721][T22720] loop5: detected capacity change from 0 to 7 [ 1197.194192][T22720] loop5: [ 1197.197303][T22720] loop5: partition table partially beyond EOD, truncated [ 1197.257593][T15605] usb 2-1: new high-speed USB device number 87 using dummy_hcd [ 1197.275581][T22723] program syz.0.5108 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1197.448900][T15605] usb 2-1: Using ep0 maxpacket: 8 [ 1197.456250][T15605] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1023 [ 1197.467088][T15605] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 1197.497006][T15605] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1197.523774][T15605] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1197.532105][T15605] usb 2-1: Product: syz [ 1197.547294][T15605] usb 2-1: Manufacturer: syz [ 1197.552989][T15605] usb 2-1: SerialNumber: syz [ 1197.788178][T15605] cdc_ncm 2-1:1.0: bind() failure [ 1197.798128][T15605] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 1197.807514][T15605] cdc_ncm 2-1:1.1: bind() failure [ 1197.828621][T15605] usb 2-1: USB disconnect, device number 87 [ 1199.342235][T22763] program syz.4.5120 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1199.784829][T22732] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1199.796165][T22732] 8021q: adding VLAN 0 to HW filter on device team0 [ 1199.809955][T22732] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1199.825710][T22758] netlink: 148 bytes leftover after parsing attributes in process `syz.1.5118'. [ 1200.314559][T22788] program syz.0.5131 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1200.926861][T22821] netlink: 27 bytes leftover after parsing attributes in process `syz.1.5146'. [ 1200.938490][T22823] program syz.3.5145 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1201.016286][T22825] create_pit_timer: 12 callbacks suppressed [ 1201.016307][T22825] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 1201.458227][T22848] netlink: 148 bytes leftover after parsing attributes in process `syz.1.5156'. [ 1201.525998][T22853] program syz.1.5158 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1202.469815][T22882] netlink: 27 bytes leftover after parsing attributes in process `syz.3.5170'. [ 1202.875912][T22905] loop2: detected capacity change from 0 to 7 [ 1202.891547][T22064] Dev loop2: unable to read RDB block 7 [ 1202.897323][T22064] loop2: AHDI p1 p2 p3 [ 1202.902767][T22064] loop2: partition table partially beyond EOD, truncated [ 1202.910389][T22064] loop2: p1 start 1818582900 is beyond EOD, truncated [ 1202.919685][T22064] loop2: p3 start 335544320 is beyond EOD, truncated [ 1202.930184][T22905] Dev loop2: unable to read RDB block 7 [ 1202.937613][T22905] loop2: AHDI p1 p2 p3 [ 1202.943886][T22905] loop2: partition table partially beyond EOD, truncated [ 1202.951872][T22905] loop2: p1 start 1818582900 is beyond EOD, truncated [ 1202.967151][T22905] loop2: p3 start 335544320 is beyond EOD, truncated [ 1202.997071][T22910] netlink: 27 bytes leftover after parsing attributes in process `syz.4.5183'. [ 1203.226497][T22917] netlink: 56 bytes leftover after parsing attributes in process `syz.3.5185'. [ 1203.264356][T22924] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5189'. [ 1203.437550][T22933] sctp: [Deprecated]: syz.4.5193 (pid 22933) Use of int in max_burst socket option deprecated. [ 1203.437550][T22933] Use struct sctp_assoc_value instead [ 1203.479922][T22934] netlink: 27 bytes leftover after parsing attributes in process `syz.3.5194'. [ 1204.824186][T22968] netlink: 27 bytes leftover after parsing attributes in process `syz.1.5208'. [ 1204.940017][T22971] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5210'. [ 1204.995223][T22975] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5210'. [ 1205.025197][T22971] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5210'. [ 1205.063605][T22975] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5210'. [ 1205.781279][T23008] program syz.3.5225 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1206.096793][T23022] fuse: Bad value for 'fd' [ 1206.615719][T23046] loop2: detected capacity change from 0 to 7 [ 1206.677704][T23046] Dev loop2: unable to read RDB block 7 [ 1206.728871][T23046] loop2: unable to read partition table [ 1206.748301][T23046] loop2: partition table beyond EOD, truncated [ 1206.778850][T23046] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 1206.868530][T23057] fuse: Bad value for 'fd' [ 1207.312936][T23076] kvm: emulating exchange as write [ 1207.523803][T23082] loop2: detected capacity change from 0 to 7 [ 1207.550242][T23082] Dev loop2: unable to read RDB block 7 [ 1207.555984][T23082] loop2: unable to read partition table [ 1207.589929][T23082] loop2: partition table beyond EOD, truncated [ 1207.619287][T23082] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 1207.993408][T23096] can: request_module (can-proto-4) failed. [ 1208.005922][T23103] __nla_validate_parse: 5 callbacks suppressed [ 1208.005944][T23103] netlink: 43 bytes leftover after parsing attributes in process `syz.3.5267'. [ 1208.158519][T23106] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5269'. [ 1208.679797][T23125] fuse: Unknown parameter '0x0000000000000004' [ 1208.866946][T23130] fuse: Bad value for 'fd' [ 1208.872360][T23131] program syz.0.5277 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1209.534510][T23154] fuse: Unknown parameter '0x0000000000000004' [ 1209.654900][T23159] program syz.2.5290 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1209.693736][T23161] fuse: Bad value for 'fd' [ 1209.933806][T23171] netlink: 43 bytes leftover after parsing attributes in process `syz.2.5295'. [ 1209.970014][T23174] netlink: 148 bytes leftover after parsing attributes in process `syz.1.5296'. [ 1210.277829][T23187] fuse: Unknown parameter '0x0000000000000004' [ 1210.526090][ T30] audit: type=1326 audit(1767512860.787:2534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23188 comm="syz.0.5302" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3c3e78f749 code=0x0 [ 1211.036602][T23209] netlink: 148 bytes leftover after parsing attributes in process `syz.3.5309'. [ 1211.222119][T23214] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5311'. [ 1211.314087][T23218] fuse: Unknown parameter '0x0000000000000004' [ 1211.849883][T23236] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5321'. [ 1212.063156][T23236] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1212.075767][T23249] fuse: Unknown parameter '0x0000000000000004' [ 1212.148399][T23239] bond1: (slave dummy0): Enslaving as an active interface with an up link [ 1212.266377][T23254] netlink: 43 bytes leftover after parsing attributes in process `syz.4.5327'. [ 1212.443360][T23245] bond1 (unregistering): (slave dummy0): Releasing backup interface [ 1212.456551][T23245] bond1 (unregistering): Released all slaves [ 1213.154193][T23276] fuse: Unknown parameter 'fd0x0000000000000004' [ 1213.732488][T23283] netlink: 43 bytes leftover after parsing attributes in process `syz.2.5339'. [ 1214.175133][T23302] fuse: Unknown parameter 'fd0x0000000000000004' [ 1215.161660][T23324] netlink: 'syz.0.5357': attribute type 12 has an invalid length. [ 1215.433154][T23331] fuse: Unknown parameter 'fd0x0000000000000004' [ 1216.014836][T23354] program syz.0.5369 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1216.393809][T23365] netlink: 43 bytes leftover after parsing attributes in process `syz.2.5375'. [ 1216.742087][T23382] program syz.4.5383 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1217.362195][T23403] ------------[ cut here ]------------ [ 1217.367795][T23403] WARNING: fs/exec.c:119 at path_noexec+0x1af/0x200, CPU#1: syz.0.5392/23403 [ 1217.377289][T23403] Modules linked in: [ 1217.382754][T23403] CPU: 1 UID: 0 PID: 23403 Comm: syz.0.5392 Tainted: G L syzkaller #0 PREEMPT(full) [ 1217.393795][T23403] Tainted: [L]=SOFTLOCKUP [ 1217.398151][T23403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1217.408393][T23403] RIP: 0010:path_noexec+0x1af/0x200 [ 1217.413712][T23403] Code: 02 31 ff 48 89 de e8 b0 ac 86 ff d1 eb eb 07 e8 c7 a7 86 ff b3 01 89 d8 5b 41 5e 41 5f 5d e9 88 2f 22 09 cc e8 b2 a7 86 ff 90 <0f> 0b 90 e9 48 ff ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c a6 [ 1217.433518][T23403] RSP: 0018:ffffc9000e847bd8 EFLAGS: 00010287 [ 1217.439909][T23403] RAX: ffffffff823a505e RBX: ffff8880291733c0 RCX: 0000000000080000 [ 1217.447941][T23403] RDX: ffffc9001fa44000 RSI: 000000000000006b RDI: 000000000000006c [ 1217.456004][T23403] RBP: 0000000000080000 R08: ffff8880467f1e80 R09: 0000000000000003 [ 1217.464245][T23403] R10: 0000000000000003 R11: 0000000000000002 R12: 0000000000000011 [ 1217.472334][T23403] R13: 1ffff92001d08f90 R14: 0000000000000000 R15: dffffc0000000000 [ 1217.480666][T23403] FS: 00007f3c3f7136c0(0000) GS:ffff888125f1f000(0000) knlGS:0000000000000000 [ 1217.489692][T23403] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1217.496504][T23403] CR2: 000000110c27f606 CR3: 000000004c2dc000 CR4: 00000000003526f0 [ 1217.504589][T23403] Call Trace: [ 1217.507930][T23403] [ 1217.511011][T23403] do_mmap+0xa43/0x10d0 [ 1217.515247][T23403] ? __pfx_do_mmap+0x10/0x10 [ 1217.520301][T23403] ? down_write_killable+0x178/0x230 [ 1217.525656][T23403] ? __pfx_down_write_killable+0x10/0x10 [ 1217.531582][T23403] ? common_file_perm+0x1b5/0x220 [ 1217.536667][T23403] vm_mmap_pgoff+0x2a6/0x4d0 [ 1217.541362][T23403] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1217.546529][T23403] ? __fget_files+0x2a/0x420 [ 1217.551260][T23403] ? __fget_files+0x3a0/0x420 [ 1217.556002][T23403] ? __fget_files+0x2a/0x420 [ 1217.560725][T23403] ksys_mmap_pgoff+0x51f/0x760 [ 1217.565814][T23403] do_syscall_64+0xec/0xf80 [ 1217.570424][T23403] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1217.576553][T23403] ? trace_irq_disable+0x37/0x100 [ 1217.581799][T23403] ? clear_bhb_loop+0x60/0xb0 [ 1217.586536][T23403] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1217.592547][T23403] RIP: 0033:0x7f3c3e78f749 [ 1217.597109][T23403] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1217.605160][T23405] netlink: 43 bytes leftover after parsing attributes in process `syz.2.5391'. [ 1217.617091][T23403] RSP: 002b:00007f3c3f713038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1217.634629][T23403] RAX: ffffffffffffffda RBX: 00007f3c3e9e5fa0 RCX: 00007f3c3e78f749 [ 1217.642734][T23403] RDX: 0000000003000007 RSI: 0000000000003000 RDI: 0000200000000000 [ 1217.650797][T23403] RBP: 00007f3c3e813f91 R08: 0000000000000005 R09: 0000000000000000 [ 1217.659162][T23403] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 1217.667315][T23403] R13: 00007f3c3e9e6038 R14: 00007f3c3e9e5fa0 R15: 00007f3c3eb0fa28 [ 1217.675537][T23403] [ 1217.678615][T23403] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1217.685952][T23403] CPU: 1 UID: 0 PID: 23403 Comm: syz.0.5392 Tainted: G L syzkaller #0 PREEMPT(full) [ 1217.696945][T23403] Tainted: [L]=SOFTLOCKUP [ 1217.701396][T23403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1217.711510][T23403] Call Trace: [ 1217.714817][T23403] [ 1217.717772][T23403] vpanic+0x1e0/0x670 [ 1217.721784][T23403] panic+0xb9/0xc0 [ 1217.725535][T23403] ? __pfx_panic+0x10/0x10 [ 1217.729992][T23403] __warn+0x317/0x4b0 [ 1217.734003][T23403] ? path_noexec+0x1af/0x200 [ 1217.738724][T23403] ? path_noexec+0x1af/0x200 [ 1217.743359][T23403] __report_bug+0x288/0x500 [ 1217.747889][T23403] ? path_noexec+0x1af/0x200 [ 1217.752515][T23403] ? __pfx___report_bug+0x10/0x10 [ 1217.757558][T23403] ? futex_unqueue+0x211/0x240 [ 1217.762354][T23403] ? arch_get_unmapped_area_topdown+0x251/0xbc0 [ 1217.768627][T23403] ? path_noexec+0x1af/0x200 [ 1217.773259][T23403] report_bug+0x16a/0x220 [ 1217.777618][T23403] ? path_noexec+0x1af/0x200 [ 1217.782279][T23403] ? path_noexec+0x1b1/0x200 [ 1217.786905][T23403] handle_bug+0x98/0x200 [ 1217.791169][T23403] exc_invalid_op+0x1a/0x50 [ 1217.795692][T23403] asm_exc_invalid_op+0x1a/0x20 [ 1217.800559][T23403] RIP: 0010:path_noexec+0x1af/0x200 [ 1217.805836][T23403] Code: 02 31 ff 48 89 de e8 b0 ac 86 ff d1 eb eb 07 e8 c7 a7 86 ff b3 01 89 d8 5b 41 5e 41 5f 5d e9 88 2f 22 09 cc e8 b2 a7 86 ff 90 <0f> 0b 90 e9 48 ff ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c a6 [ 1217.825812][T23403] RSP: 0018:ffffc9000e847bd8 EFLAGS: 00010287 [ 1217.831914][T23403] RAX: ffffffff823a505e RBX: ffff8880291733c0 RCX: 0000000000080000 [ 1217.839917][T23403] RDX: ffffc9001fa44000 RSI: 000000000000006b RDI: 000000000000006c [ 1217.847997][T23403] RBP: 0000000000080000 R08: ffff8880467f1e80 R09: 0000000000000003 [ 1217.855994][T23403] R10: 0000000000000003 R11: 0000000000000002 R12: 0000000000000011 [ 1217.864161][T23403] R13: 1ffff92001d08f90 R14: 0000000000000000 R15: dffffc0000000000 [ 1217.872182][T23403] ? path_noexec+0x1ae/0x200 [ 1217.876827][T23403] ? path_noexec+0x1ae/0x200 [ 1217.881445][T23403] do_mmap+0xa43/0x10d0 [ 1217.885644][T23403] ? __pfx_do_mmap+0x10/0x10 [ 1217.890263][T23403] ? down_write_killable+0x178/0x230 [ 1217.895581][T23403] ? __pfx_down_write_killable+0x10/0x10 [ 1217.901272][T23403] ? common_file_perm+0x1b5/0x220 [ 1217.906332][T23403] vm_mmap_pgoff+0x2a6/0x4d0 [ 1217.910953][T23403] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1217.916183][T23403] ? __fget_files+0x2a/0x420 [ 1217.920801][T23403] ? __fget_files+0x3a0/0x420 [ 1217.925541][T23403] ? __fget_files+0x2a/0x420 [ 1217.930165][T23403] ksys_mmap_pgoff+0x51f/0x760 [ 1217.934965][T23403] do_syscall_64+0xec/0xf80 [ 1217.939491][T23403] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1217.945582][T23403] ? trace_irq_disable+0x37/0x100 [ 1217.950630][T23403] ? clear_bhb_loop+0x60/0xb0 [ 1217.955329][T23403] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1217.961246][T23403] RIP: 0033:0x7f3c3e78f749 [ 1217.965683][T23403] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1217.985314][T23403] RSP: 002b:00007f3c3f713038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1217.993758][T23403] RAX: ffffffffffffffda RBX: 00007f3c3e9e5fa0 RCX: 00007f3c3e78f749 [ 1218.001932][T23403] RDX: 0000000003000007 RSI: 0000000000003000 RDI: 0000200000000000 [ 1218.009925][T23403] RBP: 00007f3c3e813f91 R08: 0000000000000005 R09: 0000000000000000 [ 1218.017913][T23403] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 1218.025899][T23403] R13: 00007f3c3e9e6038 R14: 00007f3c3e9e5fa0 R15: 00007f3c3eb0fa28 [ 1218.033995][T23403] [ 1218.037639][T23403] Kernel Offset: disabled [ 1218.041972][T23403] Rebooting in 86400 seconds..