last executing test programs: 8m3.626132011s ago: executing program 3 (id=9637): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SOUND_PCM_READ_CHANNELS(r1, 0x5008, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000540)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000380)={0x24, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 8m1.590596913s ago: executing program 3 (id=9650): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x220c) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r2, 0xc) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r4, 0x7) r5 = socket(0xa, 0x1, 0x0) listen(r5, 0x7f) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) r7 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r7, 0x0) r8 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$DCCPDIAG_GETSOCK(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c00000012000301000000000000fffe00009db7000000000000010004000000000000000000000000000000000000000000000000000000691d0f76e77044d1eb94e56239e4"], 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x800) 8m1.565863384s ago: executing program 3 (id=9651): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000f000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f0000000300)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b8000000000f23c00f21f835010003000f23f8ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x4b}], 0x1, 0x3b, 0x0, 0x0) (async) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) (async) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000240)={0x800, 0x820c, 0xa3c, 0x2}, 0x0) ioctl$KVM_GET_TSC_KHZ_cpu(r2, 0xaea3) (async) r3 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000059770c40c009030243d3000000010902120001000000000904"], 0x0) syz_usb_control_io$uac2(r3, 0x0, 0x0) (async) syz_usb_control_io$uac2(r3, 0x0, &(0x7f00000005c0)={0x44, &(0x7f0000000640)={0x40, 0x14, 0x1, "7f"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4004, 0x0, 0x34, 0x2) (async) syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0) (async) syz_usb_control_io$uac2(r3, 0x0, &(0x7f00000004c0)={0x44, &(0x7f0000000200)={0x0, 0x17, 0x6, "72979a6b2521"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r3, 0x0, &(0x7f00000007c0)={0x84, &(0x7f00000008c0)={0x40, 0x8, 0x2, "1f3c"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) r4 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000000), 0x4) (async) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x36, 0x40000000788, 0x80000000002, 0x183, 0x400000004, 0x0, 0xee, 0x80000001, 0x100000000, 0x1000045, 0x10000, 0x9, 0xf, 0xfffffffffffffffd, 0x0, 0xab], 0x8000000, 0x3c4210}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 8m0.748029262s ago: executing program 3 (id=9658): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) lsetxattr$system_posix_acl(0x0, 0x0, 0x0, 0x24, 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x141091, 0x0) (async, rerun: 32) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) (async, rerun: 32) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') rmdir(&(0x7f0000000380)='./file0/../file0\x00') (async, rerun: 32) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) (async, rerun: 32) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) (async, rerun: 64) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x1100) (async, rerun: 64) unshare(0x22020600) move_mount(r0, 0x0, r1, 0x0, 0x46) (async) rmdir(&(0x7f0000000000)='./file0\x00') 8m0.55801366s ago: executing program 3 (id=9659): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000400)=ANY=[], 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000040)=ANY=[@ANYBLOB="bc0000a8ddb4257b06cc2c7b92b572fd8dafce0000904ef60000037b644073bd0786fbd19f92b16306db88e2bf4465e82b0ba469c53b7658a46bb71e539e050aa238541d96e9885f99932e563dbc03b7d73b9543747cb5f7c308a00e14fb47aca27d59a5745db5a83bd85cc27b5338f20160027e190713445211996d97b0ef2e0f57a1260d0562a794eaf5a503547a0f8dcf1dfef5afa7581941c6c1334714f7065db0e5b25116ebb765f4a3a3d919e2024a7b96eb1d70788a2279cfcb6030e5b295ec87e8d6a22b99e385b50720f87934dc0a960a1ac804932ae1e4d63e8ce7bb6588690e422df4bde373de48fce48b83f1b55220116dfd49946dad5139e23c4b3443ea49d658e91d77f286c5d2cde54b4e41e07dd5606a50f4", @ANYRES16=r0, @ANYRESOCT=r0, @ANYRES8=0x0, @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) 8m0.32184584s ago: executing program 3 (id=9661): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001b00)=ANY=[@ANYBLOB="140000001000010000000000000000000024000a58000000060a0b040000000000000000020000002c0004802800018007000100637400001c0002800800014000000002080002400000001305000300000000000900010073797a30000000000900020073797a320000000014000000110001"], 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 8m0.072763262s ago: executing program 32 (id=9661): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001b00)=ANY=[@ANYBLOB="140000001000010000000000000000000024000a58000000060a0b040000000000000000020000002c0004802800018007000100637400001c0002800800014000000002080002400000001305000300000000000900010073797a30000000000900020073797a320000000014000000110001"], 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 7m57.92797443s ago: executing program 2 (id=9677): r0 = syz_usb_connect(0x0, 0x24, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000340)=ANY=[@ANYBLOB="000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000240)={0x2c, &(0x7f0000000000)={0x0, 0x30, 0x3f, {0x3f, 0x10, "4d7c2e3e55ecfc334f3ee3721d5252b8c2e4736fa513857243143060cb459d48c0512ccd7e3a0f64bcf7cb84f1ef437c57e366e6cb31ae9ca94eb06136"}}, &(0x7f0000000080)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x449}}, &(0x7f0000000180)=ANY=[@ANYBLOB="000fae68b5332ca43b5770000000050fae00060b100102243ee20040020800065d10035b38bb1b0bdae056564c2e4a4296a056ff48ea34761cb7c79a2c886b28fa54ba334baed130dccc1ad911347adac0502476f582a80cb857dd06caec51e35be031fabae754300fca72a0b7f10e3abd762d856b3a770c1b5253a21a1c100a03240010000f00cc0c003f000030000000c0c0ff000fc0ff00071002003606325fa56908901d1527a3fc921b53a8878c47e40d36"], &(0x7f00000000c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x9, 0x0, 0x4, 0x81, "e33595ff", "aa71c84a"}}, &(0x7f0000000100)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x5, 0x0, 0x2, 0x4, 0xa9, 0x80, 0x8}}}, &(0x7f0000000840)={0x84, &(0x7f00000004c0)={0x40, 0x16, 0xdc, "8b53db003507d2008d8406dc221d590cebdf2764c84a2ee9687c3a5c47c009a220e6f0b9fd807fbba70a232c810abcc32215763c631a8af2f619eea5ee1d08e6ba9256b92ff35595e63248f8a8b2aad24817abf80133bcf36610a0e7109b53592c98d1e1e8006c92ec8bd75ac057125fa5bb7cf0f94f4145df612f56489c7393d87f038a0f82932e4bc126e0e6286e8b030041eb54610bebe975ef4784fb4dbd80a509a0ab71713471233542e7d7906c200b30fafb6f81bf9b961e42169cd8b026bc65fcd5e3cafeceac2d1d290941b5c889251a77f74a1c60316a6b"}, &(0x7f0000000280)={0x0, 0xa, 0x1, 0x6}, &(0x7f00000002c0)={0x0, 0x8, 0x1, 0xfe}, &(0x7f0000000300)={0x20, 0x0, 0x4, {0x2, 0x1}}, &(0x7f0000000380)={0x20, 0x0, 0x8, {0xc0, 0x20, [0xf0]}}, &(0x7f00000003c0)={0x40, 0x7, 0x2, 0xfffa}, &(0x7f00000005c0)={0x40, 0x9, 0x1, 0x3}, &(0x7f0000000600)={0x40, 0xb, 0x2, "6ec2"}, &(0x7f0000000640)={0x40, 0xf, 0x2, 0x7}, &(0x7f0000000680)={0x40, 0x13, 0x6, @random="82807e641034"}, &(0x7f00000006c0)={0x40, 0x17, 0x6}, &(0x7f0000000700)={0x40, 0x19, 0x2, 'Hu'}, &(0x7f0000000740)={0x40, 0x1a, 0x2, 0xff01}, &(0x7f0000000780)={0x40, 0x1c, 0x1, 0x8}, &(0x7f00000007c0)={0x40, 0x1e, 0x1, 0x7f}, &(0x7f0000000800)={0x40, 0x21, 0x1, 0x9}}) syz_usb_control_io$uac1(r0, 0x0, 0x0) 7m57.261892595s ago: executing program 2 (id=9681): add_key$user(0x0, 0x0, &(0x7f0000000340)="e415ea906e8da78533d7ad2aca6433fa", 0x10, 0xfffffffffffffffa) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="000086dd03000a000000141200006c07010033d43afffb800000000000000000000000000310ff02000000000000000000000000000187"], 0x340a) 7m57.0152563s ago: executing program 2 (id=9682): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x20, &(0x7f0000000040)={&(0x7f0000000440)={0x14, 0x2e, 0x9, 0x70bd27, 0x0, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x42804}, 0x600) 7m56.723831026s ago: executing program 2 (id=9685): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_TEST(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="640000000906010800000000000000000600000505000100070000003c0007801800148014000240fc0000000000000000000000000000011800018014000240ff01000000000000000000000000000105000300070000000900020073797a31"], 0x64}}, 0x4800) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r1 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r1, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r2, 0x80015b18, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(&(0x7f0000000180)='./file0/file0\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2002, 0x0) sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x2, 0x1, 0x401, 0x0, 0x0, {0x3, 0x0, 0x9}}, 0x14}, 0x1, 0x0, 0x0, 0x20040080}, 0x44015) 7m55.069134544s ago: executing program 2 (id=9692): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x550, 0x280, 0x5, 0x0, 0x1, 0x40000000, {0x0, 0x9}, {0x350, 0x20002, 0xfffffffd}, {0xf4ef}, {0x4, 0xffffffff, 0x7fe}, 0x1, 0x100, 0x0, 0xd611, 0x0, 0x0, 0x0, 0x20, 0x3f00, 0x0, 0x0, 0x0, 0x30, 0x20, 0x0, 0x4}) 7m54.721592428s ago: executing program 2 (id=9695): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000003e0007012bbd700000000000017c00000400fc800c00018008000600", @ANYRES32=0x0, @ANYBLOB="080002807235ab620c0007000010"], 0x38}, 0x1, 0x0, 0x0, 0xc000}, 0x4040) 7m54.326612208s ago: executing program 33 (id=9695): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000003e0007012bbd700000000000017c00000400fc800c00018008000600", @ANYRES32=0x0, @ANYBLOB="080002807235ab620c0007000010"], 0x38}, 0x1, 0x0, 0x0, 0xc000}, 0x4040) 4.060068837s ago: executing program 1 (id=12974): sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000020801030000000000000000020000030900010073797a31000000005400048008000540fffffffb0800094000000007080005400000000208000940000000040800064000000000080009400000000908000740000000000800064000000009080002400000000808000740fffffffe06000240600000001c000480080002400000000508000240000000080800024000000007bb9c99e50271"], 0x98}, 0x1, 0x0, 0x0, 0x20000000}, 0x400c0c4) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58) r1 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000180)='/proc/asound/card0/oss_mixer\x00', 0x2, 0x0) write$proc_mixer(r1, &(0x7f0000000340)=ANY=[@ANYBLOB='LINE \'Li1'], 0x8c) close(r1) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000020801030000000000000000020000030900010073797a31000000005400048008000540fffffffb0800094000000007080005400000000208000940000000040800064000000000080009400000000908000740000000000800064000000009080002400000000808000740fffffffe06000240600000001c000480080002400000000508000240000000080800024000000007bb9c99e50271"], 0x98}, 0x1, 0x0, 0x0, 0x20000000}, 0x400c0c4) (async) socket$alg(0x26, 0x5, 0x0) (async) bind$alg(r0, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58) (async) openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000180)='/proc/asound/card0/oss_mixer\x00', 0x2, 0x0) (async) write$proc_mixer(r1, &(0x7f0000000340)=ANY=[@ANYBLOB='LINE \'Li1'], 0x8c) (async) close(r1) (async) 3.910001694s ago: executing program 1 (id=12975): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000002e00090027bd7000000000000400000008001a8004000480"], 0x1c}, 0x1, 0x0, 0x6000000, 0x42804}, 0x84) 3.896363712s ago: executing program 1 (id=12976): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000580)="d8000000140081054e81f782db44b904021d080225000000040000a118000200fcffffff00000e1208000f0100810401a80016ea1f0006400303000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000400000cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a00"/216, 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x4) 3.822287181s ago: executing program 1 (id=12977): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYRES32=0x0], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000003c0)={0x84, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00N\b'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x10, &(0x7f0000000040)=0x100000001, 0x4) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$UHID_INPUT(r2, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125b2ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb03bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2033aae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b85b7b26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd6929bbc2850cd4901389e6ea6e86041e0efa1111c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c669bb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b2967cbfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bcddf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d6748c2ce5bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4658098549646bd63175adf77b5cdcf102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4baea02fa76fb4830aebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f8426a9049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21abfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e0068607000000fb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9fb4000000f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002afea6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b46e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae66444a8f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a00", 0xdd52d6c}}, 0x1006) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)=0x0) fcntl$lock(r1, 0x7, &(0x7f0000000140)={0x2, 0x4, 0x4df4, 0x400, r3}) r4 = syz_open_dev$usbmon(&(0x7f0000000380), 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r5, &(0x7f00000001c0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r2, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {}, [@ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8, 0x9, 0x101}, @ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8, 0x9, 0x1}, @ETHTOOL_A_CHANNELS_RX_COUNT={0x8, 0x6, 0x4}, @ETHTOOL_A_CHANNELS_OTHER_COUNT={0x8, 0x8, 0x6}, @ETHTOOL_A_CHANNELS_OTHER_COUNT={0x8, 0x8, 0x3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x44010) sendmsg$NFT_BATCH(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x1}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5, 0x3, 0x1}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x17}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x11}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}, 0x1, 0x0, 0x0, 0x80}, 0x0) ioctl$MON_IOCX_MFETCH(r4, 0xc0109207, &(0x7f0000000100)={0x0, 0x0, 0xffffffff}) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x170, &(0x7f0000000480)=ANY=[@ANYBLOB="5d00004e56c98ffd7c38f9ab0b0d6803bf65170a80fe09d0ecad7366dc4702517a5f65c87f0ae21ff03d7962e1d7bc010f7ac3c08e0be84335d8d0f6a1ff86fa17ed1eefeacfa41b8fdeb784c0e5903638ec323fb06eb1b2102e7b667bf1bbb1d5000000cd00004e37977212a4520c71b96b65fdf592487035af25f4b182346f06bd28f6d59d4ccfccb19e9419a27a2f437bf802a6cbeb72aacc60bf983fa2092718c148f3b67613f858a39e86db973641d851fec00008ef2c9a5b2c14bbd6d0e187a6fafa506622bc1aa29fa9a3b0b7ffce5b39100f87adc45f9c2862af793a9a9fe3ccf658b7e2627d763d859e6a4c60e5b1bd6df0755cfbe8277a50a686c14af3adc06a024591ce707d6157ab21f4958423740ddd80183a2bffe4ce6c00fe70c0f3019fc8f74748e46b2f24be5bdf67ecd01c190000003300004efc856fe5e180b7ea441b85cf4f53a7b6c4c064c99bce1909d3000000000000006629efcc0249e230153add44e821f293d1f1c23000"]) syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x418000) syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a0100001905"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 3.551076265s ago: executing program 5 (id=12979): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0xc8, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {0x1}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @beacon=[@NL80211_ATTR_PROBE_RESP={0x6b, 0x91, "d2d9951dabc3ed057af2f93a0a91d5ea31d51e92efc6e03106b98686792bfb70a15b41da642f7a77945118ef2a14f9191a4f56133a32b89bf0610de0e4086f26a540aa8becb7599d061aa4e9ddff84356d1689b936ef2a43d5aa04b0c989b38baa8f821c4b9fae"}]]}, 0xc8}, 0x1, 0x0, 0x300000000000000}, 0x0) 3.49368802s ago: executing program 5 (id=12980): r0 = socket(0x10, 0x2, 0x0) (async) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) r1 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TIOCSTI(r1, 0x541b, &(0x7f0000000040)) (async) mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000008300), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x11040, &(0x7f0000002100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYRES64, @ANYRESDEC=r0]) (async) syz_fuse_handle_req(r2, &(0x7f00000021c0)="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e5ffffff0000000000b48115000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8ffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c1ae27700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004f250000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000eedbb46bea0b6c94000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a1264fa146208a500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e500", 0x2000, &(0x7f00000041c0)={&(0x7f0000000080)={0x50, 0x0, 0x0, {0x7, 0x29, 0x7, 0xffffffff9c080830, 0xfffd, 0x2c, 0xa000001, 0x7, 0x0, 0x0, 0x2, 0xffffffff}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat2$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)={0x45c203, 0x5b4}, 0x18) (async) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff) ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000000)=0x2000000) (async) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000080)={0x8, 0x6, 0x2}, 0x10) setxattr$trusted_overlay_origin(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140), &(0x7f0000000180), 0x2, 0x3) (async) write(r0, &(0x7f0000000480)="1c0000001a009b8a140000003b00"/28, 0x1c) recvmmsg(r0, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400}) (async, rerun: 32) connect$inet(r2, &(0x7f0000000200)={0x2, 0x4e20, @private=0x7ff}, 0x10) (rerun: 32) 3.397864876s ago: executing program 5 (id=12981): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={0x14, 0x2e, 0x9, 0x70bd27, 0x0, {0x4}}, 0x14}, 0x1, 0x400000000000000, 0x0, 0x42804}, 0x600) 3.343040769s ago: executing program 5 (id=12982): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0xa, 0x400, 0x0, 0x0, 0x180, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x10, 0xfffffffe, 0x0, 0x0, 0x0, 0x9, 0x0, 0x6, 0x0, 0x2000, 0x0, 0x4, 0x0, 0x1}) 3.146474589s ago: executing program 5 (id=12983): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000003c0)={0x84, &(0x7f0000000040)=ANY=[@ANYBLOB="044208"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_BSS(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010027bd7000fbdbdf251900000008000300", @ANYRES32=r3, @ANYBLOB="050024"], 0x34}, 0x1, 0x0, 0x0, 0x2004c051}, 0x14) 2.065393597s ago: executing program 4 (id=12986): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848420000005e140602000000000e000a0010000000148000001294", 0x2e}], 0x1}, 0x850) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(r0, 0x80047213, &(0x7f0000000100)) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/rcu_normal', 0x2, 0x2) write$FUSE_NOTIFY_STORE(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB='-', @ANYRESDEC], 0x28) sendmsg$NFT_MSG_GETRULE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYRES32=r2, @ANYRES8=r1], 0x48}, 0x1, 0x0, 0x0, 0x20040850}, 0x4004014) 1.930334927s ago: executing program 4 (id=12987): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000180)={0x0, 0x1, 0x6, @local}, 0x10) r2 = dup(r1) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="001c86dd0700100000004000000060ec97000fc83a00fe8000000000000000000000000000aaff0200000000000000000000002c0001"], 0xffe) 1.824734737s ago: executing program 4 (id=12988): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1400000010000100000000000000fffffff0000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a300000000008000540000000020800084000000001"], 0x130}}, 0x0) 1.776853405s ago: executing program 4 (id=12989): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup(r1) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="001c86dd0700100000004000000060ec97000fc82c00fe8000000000000000000000000000aaff02000000000000000000020000000106"], 0xffe) 1.618440778s ago: executing program 4 (id=12991): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000003280)={0x73622a85, 0xa, 0x4}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0}) dup3(r1, r0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000540)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0xfffffffffffffffd}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0xffffffffffffff67, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000800)={@ptr={0x66642a85, 0x0, 0x0, 0x0, 0x2, 0x1a}, @ptr={0x70742a85, 0x200010b0, 0x0, 0x0, 0x1, 0x26}, @fda={0x66646185, 0x9, 0x1, 0xbb}}, &(0x7f0000000240)={0x0, 0x28, 0x50}}, 0x1040}], 0x0, 0x0, 0x0}) 1.535818516s ago: executing program 4 (id=12992): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="120100009f187620ef170372362e010203010902240001000010000904bc00029e8833000905020200020200000905820220"], 0x0) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000040)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="200302"], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000002640)={0x44, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000a80)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)={0x40, 0xb, 0x2, "020a"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000000)={0x34, &(0x7f0000000140)=ANY=[@ANYBLOB="001602"], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000380)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x40, 0x9, 0x1, 0x21}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$rtl8150(r0, &(0x7f0000000440)={0x14, &(0x7f0000000180)={0x20, 0x6, 0xec, {0xec, 0x11, "2bc0f9ca2ad96717673973cef6f30c5be6089980ff229e48fc251f375402ab58b854a68dc7356a57dffc27342ad82a520540d62ebb0fd5363b89701dd95b0b798922320ce8ced9256b6abbe8d94f689e1037142b37dfff074465f22d000d07b3f211e62ad584a46e60901f444fa8292c3c408847dd4f3427a7bb4fc390463df2b248b1e491c2e5aae0222b272e8a805d2144e3a2af23b942b2a3300bdeb130b6ba49109d7cd5f74c0568d329c13ae5a9655676a49f2cd0847474c6b0339d2bc5a682e139ae0259da6ddd4028b354ed3e437e97ee90d1eccea6d7f4934e2743481d7af541e7cac405a867"}}, &(0x7f0000000280)={0x0, 0x3, 0xc6, @string={0xc6, 0x3, "f437092ba26e821785a4b18cb164163dc87a4a37e15cac8fe975c51256cc33270f76ef2651cc8e8d07acde27664bb6c8b916f43664c411ced8431800f829a079a2216b3cc99b1c9ad3a45f84aeee92d584ca7549bb3e33384b5deb3afdbae308d90ed5687cfb1409b4eeb03a19d46f4d14599634ec840f5a11e0bc74d0b243467a81f562f82cbd24032244ea14ff87b32d2119dbd01b5bba4660f2261319271a0c8535775aa717c1aefed0e2db35c17c39460c0ec9e739353d6fa2d98ee85cb5a6d13c17"}}}, &(0x7f0000000600)={0x2c, &(0x7f0000000480)={0x40, 0x14, 0x36, "f93c04acbde42bbcfb14b866bcdb0746cbf59bc8b2fc50510188ffe4f4342f6dc7010d48e0680843d94926e9c58abd9c8bae458cfa1c"}, &(0x7f00000004c0)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000000500)={0x0, 0x8, 0x1, 0x8}, &(0x7f0000000580)={0xc0, 0x5, 0x4, "62fecf37"}, &(0x7f00000005c0)={0x40, 0x5, 0x6, "55266f8ecb7a"}}) syz_usb_control_io$uac2(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) 1.356253432s ago: executing program 0 (id=12994): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) syz_clone(0xdd084500, 0x0, 0x0, 0x0, 0x0, 0x0) 744.5196ms ago: executing program 1 (id=12995): r0 = syz_open_procfs(0x0, &(0x7f0000000580)='setgroups\x00') r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r1, 0xc10c5541, &(0x7f0000000300)={0x0, 0x4}) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) setreuid(0x0, 0xee00) ioctl$KDFONTOP_SET(r2, 0x4b72, &(0x7f0000000140)={0x0, 0x1, 0x8, 0x13, 0x200, 0x0}) read$FUSE(r0, &(0x7f0000000800)={0x2020}, 0x2020) r3 = fsopen(&(0x7f0000000040)='hpfs\x00', 0x0) personality(0x5400004) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000ac0)='gid', &(0x7f00000005c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k', 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_MESH_CONFIG(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4, @ANYBLOB="02000000000000000b251d0000000c0099fb0a854008eaff0000"], 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000) r5 = socket$inet6(0xa, 0x1, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc00000019000100000000000000000020010000000000000000000000000000ac14141500000000000000000000000000000005000000000a00200000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000ac00000000000000ff0f00000000000000000000000000000000000000000000ffffffffffffffffffffff7f0000000000000000000000000200000000000000000a00000000000000000000008040000000000000000008000000000000000001000000000000004400050000000000000000000000000000000000000004d23c00000000000000ffffffff0000000000000000000000000000000000030d00"], 0xfc}}, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000064010100000000000000000000000000fc01000000000000000000000000000000000000000000000a0000"], 0xfc}}, 0x0) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4e24, 0x5, @loopback, 0xa}, 0x1c) syz_usb_connect$cdc_ecm(0x3, 0x68, &(0x7f0000000180)=ANY=[@ANYRESHEX, @ANYRESHEX=r3], &(0x7f0000000380)={0x0, 0x0, 0x5, &(0x7f0000000640)=ANY=[], 0x2, [{0xa1, &(0x7f00000001c0)=@string={0xa1, 0x3, "3a80f0780a9bb437b3278d9812b372deed30d180341a12b6800edca41114590bacbf6bc9f03ce504db8c34cfa2043eb6367bf4ade32c50a3bd5559e46f44de3957743846e6b03992d0afb0ea75b97a2075b7129e31feaa059b49a377863211301253d77a486dcea93007aa1435f4e0add58d0ddb4274decb1ae761890426ecae862fdd143edeea1ad14999afaf7fa517f2ef23254d281fba9f11f007528155"}}, {0xc5, &(0x7f0000000280)=@string={0xc5, 0x3, "de823813af3c083e4609988d3e682b5d22879f55868022c27a2ffb19ff448a1f2cd74a9ed68f7f362c234756cd0dea1ad1c19feb16f7188333c5f61e212f811372de292e0ac2d85ba15054fc20b0c5cad5b4e4637376008671f827a6bb64f3900a43e64ca77fec6eff1acbe50cf39ebbb20bfe6b89e77a6bb626922580ccb7df87198cd1eeecaf9e0eefa1d8d65f41539d2778d4f0e019a9d30e4c1d91ac44cdb9db50524a5ef0edb967d54d8beca974433d23469f03fa3859ef791f9a1ee12411c2ab"}}]}) 420.651465ms ago: executing program 0 (id=12996): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000580)="d8000000140081054e81f782db44b904021d080225000000040000a118000200fcffffff00000e1208000f0100810401a80016ea1f0006400303000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c01000000fffd0000cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a00"/216, 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x4) 308.812759ms ago: executing program 0 (id=12997): add_key$user(0x0, 0x0, &(0x7f0000000340)="e415ea906e8da78533d7ad2aca6433fa", 0x10, 0xfffffffffffffffa) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="000086dd03000a000000141200006c07010033d43afffb800000000000000000000000000010ff020000000000002bec00000000000187"], 0x340a) 166.690112ms ago: executing program 0 (id=12998): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000224c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000002110001180"], 0xd4}}, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f00000001c0), 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x4045, 0x0) chroot(0x0) 92.132937ms ago: executing program 0 (id=12999): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0xc8, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {0x1}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @beacon=[@NL80211_ATTR_PROBE_RESP={0x6b, 0x91, "d2d9951dabc3ed057af2f93a0a91d5ea31d51e92efc6e03106b98686792bfb70a15b41da642f7a77945118ef2a14f9191a4f56133a32b89bf0610de0e4086f26a540aa8becb7599d061aa4e9ddff84356d1689b936ef2a43d5aa04b0c989b38baa8f821c4b9fae"}]]}, 0xc8}, 0x1, 0x0, 0x400000000000000}, 0x0) 80.555733ms ago: executing program 1 (id=13000): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x8000, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=@migrate={0x184, 0x21, 0x1, 0x0, 0x4, {{@in6=@mcast1, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@migrate={0x134, 0x11, [{@in6=@remote, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@rand_addr=' \x01\x00', @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x2b, 0x2, 0x0, 0x3501, 0x2, 0x2}, {@in=@multicast1, @in=@local, @in6=@private2, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x33, 0x4, 0x0, 0x34ff, 0x2, 0x2}, {@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in6=@dev={0xfe, 0x80, '\x00', 0x35}, @in=@local, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x3c, 0x0, 0x0, 0x0, 0xa, 0x8}, {@in=@private=0xa010102, @in6=@empty, @in=@local, @in6=@dev={0xfe, 0x80, '\x00', 0x3f}, 0x3c, 0x0, 0x0, 0x3505, 0x2, 0xa}]}]}, 0x184}}, 0x535) 26.234266ms ago: executing program 5 (id=13001): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000007d00)=[{&(0x7f0000000080)={0x14, 0x6a, 0x15, 0x8000000, 0xffffffff, "", [@generic="8941"]}, 0x14}], 0x1}, 0x8000) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) socket$packet(0x11, 0x3, 0x300) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000040)={&(0x7f00004d8000/0x3000)=nil, &(0x7f0000b84000/0x2000)=nil, 0x3000, 0x3}) ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8) 0s ago: executing program 0 (id=13002): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0xa, 0x400, 0x0, 0x0, 0x180, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x10, 0xfffffffe, 0x0, 0x0, 0x0, 0x9, 0x0, 0x6, 0x0, 0x3e00, 0x0, 0x4, 0x0, 0x1}) kernel console output (not intermixed with test programs): ummy_hcd [ 1765.723681][ T9319] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1765.810418][ T9322] netlink: 'syz.4.12265': attribute type 11 has an invalid length. [ 1765.827111][ T10] usb 6-1: new high-speed USB device number 102 using dummy_hcd [ 1765.869569][ T29] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 1765.895408][ T29] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 1765.920025][T24242] usb 1-1: USB disconnect, device number 40 [ 1765.928157][ T29] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 1765.952994][ T29] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1766.001018][ T10] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1766.021723][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1766.054150][ T10] usb 6-1: config 0 descriptor?? [ 1766.072841][ T10] cp210x 6-1:0.0: cp210x converter detected [ 1766.206930][ T29] aiptek 2-1:17.0: Aiptek using 400 ms programming speed [ 1766.247827][ T29] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input236 [ 1766.283107][ T29] input: failed to attach handler kbd to device input236, error: -5 [ 1766.380231][ T29] usb 2-1: USB disconnect, device number 121 [ 1766.530080][ T9309] overlay: ./file1 is not a directory [ 1766.552625][ T9309] overlayfs: failed to resolve './file1/file0': -20 [ 1766.620499][ T9309] FAT-fs (loop5): unable to read boot sector [ 1766.629974][ T10] cp210x 6-1:0.0: failed to get vendor val 0x000e size 3: -71 [ 1766.647058][ T10] cp210x 6-1:0.0: failed to get vendor val 0x370c size 73: -71 [ 1766.659745][ T10] cp210x 6-1:0.0: GPIO initialisation failed: -71 [ 1766.680495][ T10] usb 6-1: cp210x converter now attached to ttyUSB0 [ 1766.699361][ T10] usb 6-1: USB disconnect, device number 102 [ 1766.745961][ T10] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1766.766686][ T10] cp210x 6-1:0.0: device disconnected [ 1766.950365][ T9427] netlink: 12 bytes leftover after parsing attributes in process `syz.4.12275'. [ 1767.038149][ T9435] input: syz0 as /devices/virtual/input/input237 [ 1767.202498][ T10] usb 2-1: new high-speed USB device number 122 using dummy_hcd [ 1767.363979][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 1767.373700][ T9460] mkiss: ax0: crc mode is auto. [ 1767.391553][ T10] usb 2-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1767.408438][ T9465] netlink: 'syz.5.12281': attribute type 2 has an invalid length. [ 1767.421227][ T10] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1767.429212][ T10] usb 2-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 1767.438786][ T9460] netlink: 68 bytes leftover after parsing attributes in process `syz.4.12280'. [ 1767.473476][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1767.488698][ T9468] binder: 9467:9468 ioctl 80685600 200000000280 returned -22 [ 1767.550560][ T10] usb 2-1: config 0 descriptor?? [ 1767.693609][ T9482] netlink: 'syz.5.12285': attribute type 27 has an invalid length. [ 1767.702829][ T9482] lo: entered promiscuous mode [ 1767.708932][ T9482] tunl0: entered promiscuous mode [ 1767.715629][ T9482] gre0: entered promiscuous mode [ 1767.722644][ T9482] gretap0: entered promiscuous mode [ 1767.728131][ T9482] gretap0: left allmulticast mode [ 1767.734506][ T9482] erspan0: entered promiscuous mode [ 1767.740938][ T9482] ip_vti0: entered promiscuous mode [ 1767.747444][ T9482] ip6_vti0: entered promiscuous mode [ 1767.757543][ T9482] sit0: entered promiscuous mode [ 1767.768245][ T9482] ip6tnl0: entered promiscuous mode [ 1767.777949][ T9484] tmpfs: Unknown parameter 'hugenever' [ 1767.778211][ T9482] ip6gre0: entered promiscuous mode [ 1767.801641][ T9482] syz_tun: entered promiscuous mode [ 1767.818671][ T9482] ip6gretap0: entered promiscuous mode [ 1767.825508][ T9482] bridge0: entered promiscuous mode [ 1767.831839][ T9482] vcan0: entered promiscuous mode [ 1767.837886][ T9482] bond0: entered promiscuous mode [ 1767.844318][ T9482] bond_slave_0: entered promiscuous mode [ 1767.853887][ T9482] bond_slave_1: entered promiscuous mode [ 1767.869447][ T9482] team0: entered promiscuous mode [ 1767.875031][ T9482] team_slave_0: entered promiscuous mode [ 1767.881493][ T9482] team_slave_1: entered promiscuous mode [ 1767.889054][ T9482] dummy0: entered promiscuous mode [ 1767.897110][ T9482] nlmon0: entered promiscuous mode [ 1767.905729][ T9482] caif0: entered promiscuous mode [ 1767.911833][ T9482] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1767.943858][ T983] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1767.964734][ T9489] netlink: 'syz.0.12287': attribute type 83 has an invalid length. [ 1767.974487][ T9489] netlink: 'syz.0.12287': attribute type 83 has an invalid length. [ 1768.013404][ T10] nzxt-smart2 0003:1E71:2009.0055: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.1-1/input0 [ 1768.175250][ T9504] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1768.469693][ T9510] syzkaller0: entered allmulticast mode [ 1768.476812][ T9517] netlink: 128 bytes leftover after parsing attributes in process `syz.5.12291'. [ 1768.492637][ T9517] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1768.525637][ T9522] netlink: 'syz.5.12291': attribute type 12 has an invalid length. [ 1768.536087][ T29] usb 2-1: USB disconnect, device number 122 [ 1769.026501][ T29] usb 6-1: new high-speed USB device number 103 using dummy_hcd [ 1769.196338][ T29] usb 6-1: Using ep0 maxpacket: 32 [ 1769.203980][ T29] usb 6-1: config 0 has an invalid interface number: 188 but max is 0 [ 1769.213624][ T29] usb 6-1: config 0 has no interface number 0 [ 1769.219953][ T29] usb 6-1: config 0 interface 188 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1769.234155][ T29] usb 6-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 1769.243659][ T29] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1769.251912][ T29] usb 6-1: Product: syz [ 1769.258035][ T29] usb 6-1: Manufacturer: syz [ 1769.262841][ T29] usb 6-1: SerialNumber: syz [ 1769.274454][ T29] usb 6-1: config 0 descriptor?? [ 1769.288903][ T29] asix 6-1:0.188: probe with driver asix failed with error -22 [ 1770.514942][T19429] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1771.807038][ T24] usb 6-1: USB disconnect, device number 103 [ 1771.894947][ T9574] netlink: 'syz.5.12297': attribute type 10 has an invalid length. [ 1773.058481][T12826] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1773.160124][ T9574] team0: Device vxcan1 is up. Set it down before adding it as a team port [ 1773.726143][ T9626] netlink: 'syz.1.12306': attribute type 2 has an invalid length. [ 1773.751430][ T9626] netlink: 132 bytes leftover after parsing attributes in process `syz.1.12306'. [ 1773.954363][ T9639] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12310'. [ 1774.248506][ T9658] binder: 9656:9658 ioctl c0306201 2000000003c0 returned -14 [ 1774.373713][ T9663] input: syz0 as /devices/virtual/input/input238 [ 1774.671128][ T9679] netlink: 'syz.4.12318': attribute type 2 has an invalid length. [ 1774.773723][ T9682] loop8: detected capacity change from 0 to 1 [ 1774.788919][ T9682] Dev loop8: unable to read RDB block 1 [ 1774.802087][ T9682] loop8: unable to read partition table [ 1774.817754][ T9682] loop8: partition table beyond EOD, truncated [ 1774.827646][ T9682] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 1774.971213][ T9688] tmpfs: Bad value for 'size' [ 1775.180584][ T9695] syzkaller1: entered promiscuous mode [ 1775.186243][ T9695] syzkaller1: entered allmulticast mode [ 1776.234297][ T1162] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1776.306363][ T9590] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1776.469882][ T9702] netlink: 4 bytes leftover after parsing attributes in process `syz.4.12323'. [ 1776.637419][ T9724] loop1: detected capacity change from 0 to 4 [ 1776.652457][ T9724] Dev loop1: unable to read RDB block 4 [ 1776.685058][ T9724] loop1: unable to read partition table [ 1776.697138][ T9724] loop1: partition table beyond EOD, truncated [ 1776.710292][ T9724] loop_reread_partitions: partition scan of loop1 (被x ) failed (rc=-5) [ 1776.896095][ T9739] netlink: 'syz.5.12331': attribute type 2 has an invalid length. [ 1776.911083][ T9739] netlink: 132 bytes leftover after parsing attributes in process `syz.5.12331'. [ 1777.071003][ T9749] netlink: 84 bytes leftover after parsing attributes in process `syz.4.12333'. [ 1777.101653][ T9749] /dev/nullb0: Can't open blockdev [ 1777.119732][ T9752] netlink: 84 bytes leftover after parsing attributes in process `syz.4.12333'. [ 1777.134945][ T9749] /dev/nullb0: Can't open blockdev [ 1777.758597][ T9788] netlink: 80 bytes leftover after parsing attributes in process `syz.5.12340'. [ 1777.784160][ T9790] loop8: detected capacity change from 0 to 1 [ 1777.801948][ T9790] Dev loop8: unable to read RDB block 1 [ 1777.814834][ T9790] loop8: unable to read partition table [ 1777.821121][ T9790] loop8: partition table beyond EOD, truncated [ 1777.838377][ T9790] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 1777.980924][ T9805] tmpfs: Bad value for 'mpol' [ 1778.309482][ T9829] netlink: 'syz.1.12349': attribute type 10 has an invalid length. [ 1778.340911][ T9827] IPv6: NLM_F_CREATE should be specified when creating new route [ 1778.383363][ T9829] vxcan1: entered promiscuous mode [ 1778.390190][ T9829] team0: Device vxcan1 is of different type [ 1778.652008][ T9845] syzkaller1: entered promiscuous mode [ 1778.658057][ T9845] syzkaller1: entered allmulticast mode [ 1778.735532][ T9] usb 2-1: new full-speed USB device number 123 using dummy_hcd [ 1778.789219][T12826] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1778.922457][ T9] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1778.953190][ T9] usb 2-1: not running at top speed; connect to a high speed hub [ 1778.975685][ T9] usb 2-1: config 255 has an invalid interface number: 56 but max is 0 [ 1779.006565][ T9] usb 2-1: config 255 has no interface number 0 [ 1779.026164][ T9] usb 2-1: config 255 interface 56 has no altsetting 0 [ 1779.059912][ T9] usb 2-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=69.43 [ 1779.091504][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1779.118884][ T9] usb 2-1: Product: ॹ辬貫郠윃㚤䭋뭖ﻓΪ蕜ᚉ䵴⧯㖡喈ἠ侩킟譻鰤껬夜걈箢䘍靝忼칟⢑蠤婻괼┣譕쨄紶䰔⽒厝鷞҆髙ᰜ鉜谍ꩌ욎烨࿨龷伮梚⿴삫䣡 [ 1779.165972][ T9] usb 2-1: Manufacturer: 盺ᜤ夅뺲㢊❯돹袏ꨲᘪ⻏畡淗룒䇥₩텽㎜㔹ꖓ⽻侴코ﻈ皇鏖賌忿봈됶Վ셔㨍橎橕䰥瓄噰틳頭埕㠢ֆ຺塐緃鱖諔흘텵妰ퟣ㮓빴腏䥞돆┦쳓⸷ៀ췜ⷰ榬ⲳퟮ淾撊ᆮ庠瀓깔磵意糙塥䭶攎ꗗ☤ద [ 1779.233885][ T9] usb 2-1: SerialNumber:  [ 1779.936644][ T9] dvb-usb: found a 'Sony PlayTV' in warm state. [ 1779.952610][ T9] dvb-usb: will use the device's hardware PID filter (table count: 32). [ 1779.978489][ T9] dvbdev: DVB: registering new adapter (Sony PlayTV) [ 1780.009005][ T9] usb 2-1: media controller created [ 1780.022503][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1780.132106][ T9] DVB: Unable to find symbol dib7000p_attach() [ 1780.162643][ T9] dvb-usb: no frontend was attached by 'Sony PlayTV' [ 1780.197102][ T9] dvb-usb: will use the device's hardware PID filter (table count: 32). [ 1780.225486][ T9] dvbdev: DVB: registering new adapter (Sony PlayTV) [ 1780.250879][ T9] usb 2-1: media controller created [ 1780.258789][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1780.416798][ T9] DVB: Unable to find symbol dib7000p_attach() [ 1780.440218][ T9] dvb-usb: no frontend was attached by 'Sony PlayTV' [ 1780.590078][ T9] rc_core: IR keymap rc-dib0700-rc5 not found [ 1780.599775][ T9] Registered IR keymap rc-empty [ 1780.612936][ T9] dvb-usb: could not initialize remote control. [ 1780.627171][ T9] dvb-usb: Sony PlayTV successfully initialized and connected. [ 1781.269477][ T13] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1781.945067][ T24] usb 2-1: USB disconnect, device number 123 [ 1782.065165][ T24] dvb-usb: Sony PlayTV successfully deinitialized and disconnected. [ 1782.109624][ T9914] binder: 9912:9914 ioctl c0306201 2000000001c0 returned -22 [ 1782.399059][ T9928] netlink: 12 bytes leftover after parsing attributes in process `syz.1.12361'. [ 1782.630375][ T9935] netlink: 9 bytes leftover after parsing attributes in process `syz.1.12363'. [ 1782.681748][ T9936] netlink: 5 bytes leftover after parsing attributes in process `syz.1.12363'. [ 1783.892545][ T13] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1784.280785][ T9935] l30{X: entered promiscuous mode [ 1784.286340][ T9935] l30{X: left allmulticast mode [ 1784.662983][ T9968] lo speed is unknown, defaulting to 1000 [ 1785.082560][T10011] loop1: detected capacity change from 0 to 4 [ 1785.116995][T10011] Dev loop1: unable to read RDB block 4 [ 1785.130912][T10011] loop1: unable to read partition table [ 1785.137168][T10011] loop1: partition table beyond EOD, truncated [ 1785.143525][T10011] loop_reread_partitions: partition scan of loop1 (被x ) failed (rc=-5) [ 1785.343850][T10019] syzkaller1: entered promiscuous mode [ 1785.350941][T10019] syzkaller1: entered allmulticast mode [ 1785.425077][T10026] binder: 10024:10026 ioctl c0306201 2000000003c0 returned -14 [ 1785.813654][T10047] veth1_virt_wifi: entered allmulticast mode [ 1785.838205][T10047] veth1_virt_wifi: left allmulticast mode [ 1785.921707][T10053] tmpfs: Bad value for 'mpol' [ 1785.942884][T10034] ip6tnl0: left promiscuous mode [ 1785.954851][T10034] netlink: 140 bytes leftover after parsing attributes in process `syz.0.12378'. [ 1786.103838][T10060] netlink: 'syz.0.12384': attribute type 27 has an invalid length. [ 1786.115835][T10060] ip6tnl0: entered promiscuous mode [ 1786.129223][T10060] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1786.215042][T10062] lo speed is unknown, defaulting to 1000 [ 1786.263941][T25904] usb 2-1: new high-speed USB device number 124 using dummy_hcd [ 1786.363778][ T1162] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1786.435613][T25904] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1786.448190][T25904] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1786.458915][T25904] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1786.471053][T25904] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1786.480982][T25904] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1786.502567][T25904] usb 2-1: Product: syz [ 1786.512389][T25904] usb 2-1: Manufacturer: syz [ 1786.522519][T25904] usb 2-1: SerialNumber: syz [ 1786.775975][T10053] netlink: 32 bytes leftover after parsing attributes in process `syz.1.12383'. [ 1786.787336][T10053] netlink: 20 bytes leftover after parsing attributes in process `syz.1.12383'. [ 1786.815391][T25904] usb 2-1: 0:1 : does not exist [ 1786.824681][T25904] usb 2-1: 0:2 : does not exist [ 1786.837024][T25904] usb 2-1: 2:0: failed to get current value for ch 1 (-22) [ 1786.868188][T25904] usb 2-1: 2:0: failed to get current value for ch 0 (-22) [ 1786.896535][T25904] usb 2-1: 2:0: cannot get min/max values for control 3 (id 2) [ 1786.922040][T25904] usb 2-1: 2:0: cannot get min/max values for control 4 (id 2) [ 1786.958662][T25904] usb 2-1: 2:0: failed to get current value for ch 1 (-22) [ 1786.976793][T25904] usb 2-1: 2:0: cannot get min/max values for control 8 (id 2) [ 1786.989115][T25904] usb 2-1: 2:0: failed to get current value for ch 1 (-22) [ 1787.039393][T25904] usb 2-1: 2:0: cannot get min/max values for control 3 (id 2) [ 1787.150658][T25904] usb 2-1: USB disconnect, device number 124 [ 1787.185558][ T6239] udevd[6239]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1787.218768][T10130] netlink: 9 bytes leftover after parsing attributes in process `syz.0.12393'. [ 1787.233014][T10130] netlink: 5 bytes leftover after parsing attributes in process `syz.0.12393'. [ 1787.233147][T10130] .30{X: renamed from 31{X [ 1787.235732][T10130] .30{X: left promiscuous mode [ 1787.235761][T10130] .30{X: entered allmulticast mode [ 1787.246394][T10130] A link change request failed with some changes committed already. Interface .30{X may have been left with an inconsistent configuration, please check. [ 1787.982340][T10179] x_tables: unsorted underflow at hook 2 [ 1788.203109][T10187] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.12403'. [ 1788.469431][T10203] loop8: detected capacity change from 0 to 1 [ 1788.478824][ T6239] Dev loop8: unable to read RDB block 1 [ 1788.484690][ T6239] loop8: unable to read partition table [ 1788.492978][ T6239] loop8: partition table beyond EOD, truncated [ 1788.502701][T10203] Dev loop8: unable to read RDB block 1 [ 1788.511540][T10203] loop8: unable to read partition table [ 1788.518466][T10203] loop8: partition table beyond EOD, truncated [ 1788.528398][T10203] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 1788.636335][ T29] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 1788.818317][T10221] netlink: 'syz.4.12410': attribute type 2 has an invalid length. [ 1788.818798][T10220] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12411'. [ 1788.838995][ T29] usb 1-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config [ 1788.849598][ T29] usb 1-1: config 17 interface 0 has no altsetting 0 [ 1788.856859][ T29] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 1788.866152][ T29] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1788.891011][ T29] aiptek 1-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 1789.036700][T24242] usb 6-1: new full-speed USB device number 104 using dummy_hcd [ 1789.059164][ T30] audit: type=1326 audit(1773432344.002:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10232 comm="syz.4.12414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbda19c799 code=0x7ffc0000 [ 1789.103734][ T30] audit: type=1326 audit(1773432344.002:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10232 comm="syz.4.12414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbda19c799 code=0x7ffc0000 [ 1789.127201][ T30] audit: type=1326 audit(1773432344.002:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10232 comm="syz.4.12414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ffbda19c799 code=0x7ffc0000 [ 1789.150095][ T30] audit: type=1326 audit(1773432344.002:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10232 comm="syz.4.12414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbda19c799 code=0x7ffc0000 [ 1789.179986][ T30] audit: type=1326 audit(1773432344.002:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10232 comm="syz.4.12414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7ffbda19c799 code=0x7ffc0000 [ 1789.203008][ T30] audit: type=1326 audit(1773432344.002:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10232 comm="syz.4.12414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbda19c799 code=0x7ffc0000 [ 1789.226543][ T30] audit: type=1326 audit(1773432344.002:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10232 comm="syz.4.12414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=100 compat=0 ip=0x7ffbda19c799 code=0x7ffc0000 [ 1789.250408][ T30] audit: type=1326 audit(1773432344.002:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10232 comm="syz.4.12414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbda19c799 code=0x7ffc0000 [ 1789.274345][T24242] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1789.284256][T24242] usb 6-1: not running at top speed; connect to a high speed hub [ 1789.293331][ T30] audit: type=1326 audit(1773432344.002:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10232 comm="syz.4.12414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ffbda15cfce code=0x7ffc0000 [ 1789.322034][T24242] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1789.333064][T24242] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1789.342484][ T30] audit: type=1326 audit(1773432344.002:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10232 comm="syz.4.12414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ffbda19c42b code=0x7ffc0000 [ 1789.367867][T24242] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1789.377521][T24242] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1789.385939][T24242] usb 6-1: Product: syz [ 1789.390229][T24242] usb 6-1: Manufacturer: syz [ 1789.396411][T24242] usb 6-1: SerialNumber: syz [ 1789.432392][T10243] netlink: 9 bytes leftover after parsing attributes in process `syz.1.12416'. [ 1789.445939][T10243] netlink: 5 bytes leftover after parsing attributes in process `syz.1.12416'. [ 1789.456073][T10243] l31{X: renamed from l30{X [ 1789.464040][T10243] l31{X: left promiscuous mode [ 1789.469496][T10243] l31{X: entered allmulticast mode [ 1789.481328][T10243] A link change request failed with some changes committed already. Interface l31{X may have been left with an inconsistent configuration, please check. [ 1789.587332][T10247] syzkaller1: entered promiscuous mode [ 1789.592859][T10247] syzkaller1: entered allmulticast mode [ 1789.646677][ T13] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1789.686767][T24242] usb 6-1: 0:2 : does not exist [ 1789.701309][T24242] usb 6-1: 5:0: failed to get current value for ch 0 (-22) [ 1789.749050][T24242] usb 6-1: 5:0: cannot get min/max values for control 2 (id 5) [ 1789.770034][T24242] usb 6-1: Warning! Unlikely small volume range (=1), linear volume or custom curve? [ 1789.800785][T24242] usb 6-1: [5] FU [Mic Playback Volume] ch = 3, val = 0/1/1 [ 1789.810600][T24242] usb 6-1: 5:0: cannot get min/max values for control 2 (id 5) [ 1789.810637][T24242] usb 6-1: Warning! Unlikely small volume range (=1), linear volume or custom curve? [ 1789.810659][T24242] usb 6-1: [5] FU [Mic Playback Volume] ch = 1, val = 0/1/1 [ 1789.817093][T24242] usb 6-1: 5:0: cannot get min/max values for control 3 (id 5) [ 1789.821887][T24242] usb 6-1: 5:0: cannot get min/max values for control 3 (id 5) [ 1789.829543][T24242] usb 6-1: 5:0: cannot get min/max values for control 4 (id 5) [ 1789.835567][T24242] usb 6-1: 5:0: failed to get current value for ch 1 (-22) [ 1789.845447][T24242] usb 6-1: 5:0: failed to get current value for ch 3 (-22) [ 1789.855038][T24242] usb 6-1: 5:0: failed to get current value for ch 1 (-22) [ 1789.880911][T24242] usb 6-1: 5:0: cannot get min/max values for control 3 (id 5) [ 1789.896070][T24242] usb 6-1: 5:0: cannot get min/max values for control 2 (id 5) [ 1789.928668][T24242] usb 6-1: USB disconnect, device number 104 [ 1789.999890][T10274] netlink: 'syz.1.12420': attribute type 11 has an invalid length. [ 1790.015493][ T6239] udevd[6239]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1790.372504][T12814] usb 2-1: new full-speed USB device number 125 using dummy_hcd [ 1790.553524][T12814] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1790.579377][T12814] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1790.596100][T12814] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1790.605873][T12814] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1790.625541][T12814] hub 2-1:4.0: USB hub found [ 1790.767188][T10311] netlink: 'syz.5.12426': attribute type 4 has an invalid length. [ 1790.828108][T12814] hub 2-1:4.0: 2 ports detected [ 1790.844511][T12814] usb 2-1: selecting invalid altsetting 1 [ 1790.852793][T12814] hub 2-1:4.0: Using single TT (err -22) [ 1790.861418][T10314] netlink: 'syz.5.12427': attribute type 10 has an invalid length. [ 1790.869566][T10314] team0: Device vxcan1 is up. Set it down before adding it as a team port [ 1791.031742][T10279] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1791.053312][T10322] netlink: 12 bytes leftover after parsing attributes in process `syz.5.12429'. [ 1791.058071][T10279] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1791.083383][T12814] hub 2-1:4.0: hub_hub_status failed (err = -71) [ 1791.100275][T12814] hub 2-1:4.0: config failed, can't get hub status (err -71) [ 1791.160969][T12814] usb 2-1: USB disconnect, device number 125 [ 1791.273963][T10337] netlink: 'syz.5.12431': attribute type 10 has an invalid length. [ 1791.301625][T10337] batman_adv: batadv0: Adding interface: netdevsim0 [ 1791.317677][T10337] batman_adv: batadv0: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1791.344075][T10337] batman_adv: batadv0: Not using interface netdevsim0 (retrying later): interface not active [ 1791.410278][T12814] usb 1-1: USB disconnect, device number 41 [ 1791.486772][T10348] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12433'. [ 1791.604638][T10356] binder: 10354:10356 ioctl c0306201 200000000140 returned -14 [ 1791.665855][T10355] lo speed is unknown, defaulting to 1000 [ 1791.736644][T10366] netlink: 'syz.5.12437': attribute type 10 has an invalid length. [ 1792.013658][T10387] syzkaller1: entered promiscuous mode [ 1792.019945][T10387] syzkaller1: entered allmulticast mode [ 1792.189411][ T13] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1792.665448][T24242] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 1792.771972][T10442] binder: 10440:10442 ioctl c0306201 2000000003c0 returned -14 [ 1792.805662][T10447] FAULT_INJECTION: forcing a failure. [ 1792.805662][T10447] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1792.819280][T10447] CPU: 1 UID: 0 PID: 10447 Comm: syz.1.12447 Tainted: G L syzkaller #0 PREEMPT(full) [ 1792.819313][T10447] Tainted: [L]=SOFTLOCKUP [ 1792.819322][T10447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1792.819335][T10447] Call Trace: [ 1792.819344][T10447] [ 1792.819353][T10447] dump_stack_lvl+0xe8/0x150 [ 1792.819390][T10447] should_fail_ex+0x412/0x560 [ 1792.819431][T10447] _copy_from_user+0x2d/0xb0 [ 1792.819456][T10447] ___sys_sendmsg+0x1c6/0x360 [ 1792.819493][T10447] ? __pfx____sys_sendmsg+0x10/0x10 [ 1792.819558][T10447] ? __fget_files+0x2a/0x420 [ 1792.819585][T10447] ? __fget_files+0x3a0/0x420 [ 1792.819622][T10447] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1792.819657][T10447] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1792.819697][T10447] ? __pfx_ksys_write+0x10/0x10 [ 1792.819740][T10447] do_syscall_64+0x14d/0xf80 [ 1792.819770][T10447] ? trace_irq_disable+0x3b/0x150 [ 1792.819796][T10447] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1792.819819][T10447] ? clear_bhb_loop+0x40/0x90 [ 1792.819846][T10447] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1792.819869][T10447] RIP: 0033:0x7f2753f9c799 [ 1792.819889][T10447] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1792.819909][T10447] RSP: 002b:00007f27521f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1792.819932][T10447] RAX: ffffffffffffffda RBX: 00007f2754215fa0 RCX: 00007f2753f9c799 [ 1792.819948][T10447] RDX: 0000000000000850 RSI: 0000200000000080 RDI: 0000000000000003 [ 1792.819962][T10447] RBP: 00007f27521f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1792.819977][T10447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1792.819991][T10447] R13: 00007f2754216038 R14: 00007f2754215fa0 R15: 00007fff280836d8 [ 1792.820022][T10447] [ 1793.061971][T24242] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1793.076653][T24242] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1793.087179][T24242] usb 1-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 1793.096583][T24242] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1793.137092][T24242] usb 1-1: config 0 descriptor?? [ 1793.540439][T10479] binder_alloc: 10478: binder_alloc_buf, no vma [ 1793.577033][T10482] loop8: detected capacity change from 0 to 1 [ 1793.609052][T10482] Dev loop8: unable to read RDB block 1 [ 1793.634997][T10482] loop8: unable to read partition table [ 1793.649729][T10482] loop8: partition table beyond EOD, truncated [ 1793.668746][T10482] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 1793.717468][T10491] netlink: 'syz.1.12456': attribute type 10 has an invalid length. [ 1793.730365][T10491] team0: Device vxcan1 is of different type [ 1793.816445][T24242] hid-led 0003:27B8:01ED.0056: probe with driver hid-led failed with error -71 [ 1793.882553][T24242] usb 1-1: USB disconnect, device number 42 [ 1793.943233][T10510] netlink: 12 bytes leftover after parsing attributes in process `syz.4.12459'. [ 1794.108086][T10521] block nbd21: Unsupported socket: should be TCP or UNIX. [ 1794.305718][T10542] binder_alloc: 10541: binder_alloc_buf, no vma [ 1794.406011][T10547] Bluetooth: MGMT ver 1.23 [ 1794.558982][T10561] syzkaller1: entered promiscuous mode [ 1794.559014][T10561] syzkaller1: entered allmulticast mode [ 1794.615748][T10564] loop1: detected capacity change from 0 to 4 [ 1794.621652][T31198] Dev loop1: unable to read RDB block 4 [ 1794.621697][T31198] loop1: unable to read partition table [ 1794.621925][T31198] loop1: partition table beyond EOD, truncated [ 1794.624439][T10564] Dev loop1: unable to read RDB block 4 [ 1794.624483][T10564] loop1: unable to read partition table [ 1794.624696][T10564] loop1: partition table beyond EOD, truncated [ 1794.624733][T10564] loop_reread_partitions: partition scan of loop1 (被x ) failed (rc=-5) [ 1794.836637][T10573] netlink: 'syz.5.12471': attribute type 3 has an invalid length. [ 1794.836667][T10573] netlink: 3 bytes leftover after parsing attributes in process `syz.5.12471'. [ 1794.936496][T10581] binder: 10580:10581 ioctl c0306201 2000000003c0 returned -14 [ 1794.977301][T10579] netlink: 'syz.1.12472': attribute type 21 has an invalid length. [ 1795.009302][T10579] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12472'. [ 1795.182495][T10598] netlink: 12 bytes leftover after parsing attributes in process `syz.1.12477'. [ 1795.359822][T10611] netlink: 8 bytes leftover after parsing attributes in process `syz.0.12480'. [ 1795.370752][T10611] netlink: 8 bytes leftover after parsing attributes in process `syz.0.12480'. [ 1795.389384][ T983] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1795.407685][ T10] usb 6-1: new high-speed USB device number 105 using dummy_hcd [ 1795.475491][T10613] netlink: 14 bytes leftover after parsing attributes in process `syz.0.12481'. [ 1795.518378][T24242] usb 2-1: new high-speed USB device number 126 using dummy_hcd [ 1795.569403][ T10] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1795.580501][ T10] usb 6-1: config index 0 descriptor too short (expected 21010, got 18) [ 1795.589240][ T10] usb 6-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 1795.599779][ T10] usb 6-1: config 27 has 0 interfaces, different from the descriptor's value: 7 [ 1795.613332][ T10] usb 6-1: New USB device found, idVendor=045a, idProduct=5210, bcdDevice= 1.01 [ 1795.622758][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1795.632585][ T10] usb 6-1: Product: syz [ 1795.637013][ T10] usb 6-1: Manufacturer: syz [ 1795.641938][ T10] usb 6-1: SerialNumber: syz [ 1795.677002][T24242] usb 2-1: Using ep0 maxpacket: 32 [ 1795.684279][T24242] usb 2-1: config 0 has an invalid interface number: 85 but max is 0 [ 1795.693831][T24242] usb 2-1: config 0 has no interface number 0 [ 1795.700518][T24242] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1795.712194][T24242] usb 2-1: config 0 interface 85 has no altsetting 0 [ 1795.722356][T24242] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 1795.731584][T24242] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1795.741667][T24242] usb 2-1: Product: syz [ 1795.746059][T24242] usb 2-1: Manufacturer: syz [ 1795.751220][T24242] usb 2-1: SerialNumber: syz [ 1795.767291][T24242] usb 2-1: config 0 descriptor?? [ 1795.862435][ T10] usb 6-1: USB disconnect, device number 105 [ 1796.381695][T24242] appletouch 2-1:0.85: Geyser mode initialized. [ 1796.396845][T24242] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.85/input/input241 [ 1796.416420][T10633] netlink: 'syz.0.12482': attribute type 10 has an invalid length. [ 1796.446640][T10633] team0: Device vxcan1 is up. Set it down before adding it as a team port [ 1796.586306][ T10] usb 2-1: USB disconnect, device number 126 [ 1796.650991][ T10] appletouch 2-1:0.85: input: appletouch disconnected [ 1796.700714][T10661] netlink: 'syz.5.12485': attribute type 27 has an invalid length. [ 1796.720215][T10661] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1796.869599][T10670] netlink: 12 bytes leftover after parsing attributes in process `syz.0.12488'. [ 1796.973192][T10676] syzkaller1: entered promiscuous mode [ 1796.979920][T10673] netlink: 8 bytes leftover after parsing attributes in process `syz.0.12489'. [ 1796.996226][T10676] syzkaller1: entered allmulticast mode [ 1797.204816][T10686] loop1: detected capacity change from 0 to 4 [ 1797.245683][T10686] Dev loop1: unable to read RDB block 4 [ 1797.261068][T10686] loop1: unable to read partition table [ 1797.276355][T10686] loop1: partition table beyond EOD, truncated [ 1797.295190][ T983] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1797.307206][T10699] netlink: 'syz.0.12493': attribute type 11 has an invalid length. [ 1797.312052][T10686] loop_reread_partitions: partition scan of loop1 (被x ") failed (rc=-5) [ 1797.336442][T10701] FAULT_INJECTION: forcing a failure. [ 1797.336442][T10701] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1797.391908][T10701] CPU: 1 UID: 0 PID: 10701 Comm: syz.4.12494 Tainted: G L syzkaller #0 PREEMPT(full) [ 1797.391944][T10701] Tainted: [L]=SOFTLOCKUP [ 1797.391953][T10701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1797.391967][T10701] Call Trace: [ 1797.391975][T10701] [ 1797.391985][T10701] dump_stack_lvl+0xe8/0x150 [ 1797.392024][T10701] should_fail_ex+0x412/0x560 [ 1797.392066][T10701] _copy_from_iter+0x1d3/0x1670 [ 1797.392093][T10701] ? rcu_is_watching+0x15/0xb0 [ 1797.392121][T10701] ? __pfx__copy_from_iter+0x10/0x10 [ 1797.392152][T10701] ? netlink_sendmsg+0x650/0xb40 [ 1797.392179][T10701] ? skb_put+0x11b/0x210 [ 1797.392212][T10701] netlink_sendmsg+0x6c0/0xb40 [ 1797.392253][T10701] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1797.392284][T10701] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 1797.392327][T10701] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1797.392354][T10701] sock_sendmsg_nosec+0x112/0x150 [ 1797.392382][T10701] ____sys_sendmsg+0x589/0x8c0 [ 1797.392424][T10701] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1797.392466][T10701] ? import_iovec+0x73/0xa0 [ 1797.392493][T10701] ___sys_sendmsg+0x2a5/0x360 [ 1797.392531][T10701] ? __pfx____sys_sendmsg+0x10/0x10 [ 1797.392606][T10701] ? __fget_files+0x2a/0x420 [ 1797.392635][T10701] ? __fget_files+0x3a0/0x420 [ 1797.392675][T10701] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1797.392710][T10701] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1797.392753][T10701] ? __pfx_ksys_write+0x10/0x10 [ 1797.392786][T10701] do_syscall_64+0x14d/0xf80 [ 1797.392816][T10701] ? trace_irq_disable+0x3b/0x150 [ 1797.392843][T10701] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1797.392865][T10701] ? clear_bhb_loop+0x40/0x90 [ 1797.392892][T10701] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1797.392914][T10701] RIP: 0033:0x7ffbda19c799 [ 1797.392935][T10701] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1797.392954][T10701] RSP: 002b:00007ffbdafe2028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1797.392977][T10701] RAX: ffffffffffffffda RBX: 00007ffbda415fa0 RCX: 00007ffbda19c799 [ 1797.392994][T10701] RDX: 0000000000000850 RSI: 0000200000000080 RDI: 0000000000000003 [ 1797.393008][T10701] RBP: 00007ffbdafe2090 R08: 0000000000000000 R09: 0000000000000000 [ 1797.393022][T10701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1797.393035][T10701] R13: 00007ffbda416038 R14: 00007ffbda415fa0 R15: 00007fffc40379c8 [ 1797.393069][T10701] [ 1797.733634][T10710] syz.5.12496 (10710): drop_caches: 4 [ 1797.759166][T10710] __vm_enough_memory: pid: 10710, comm: syz.5.12496, bytes: 21199613382656 not enough memory for the allocation [ 1797.791416][T10711] lo speed is unknown, defaulting to 1000 [ 1797.890146][T10710] openvswitch: netlink: Flow actions attr not present in new flow. [ 1797.939780][ T1309] ieee802154 phy1 wpan1: encryption failed: -22 [ 1798.359820][ T10] usb 6-1: new high-speed USB device number 106 using dummy_hcd [ 1798.403791][T10770] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12503'. [ 1798.449964][T12814] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 1798.531847][ T10] usb 6-1: Using ep0 maxpacket: 32 [ 1798.540379][ T10] usb 6-1: config 0 has an invalid interface number: 85 but max is 0 [ 1798.567202][ T10] usb 6-1: config 0 has no interface number 0 [ 1798.593149][T10778] loop8: detected capacity change from 0 to 1 [ 1798.601212][T10778] Dev loop8: unable to read RDB block 1 [ 1798.607001][T10778] loop8: unable to read partition table [ 1798.611126][ T10] usb 6-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1798.616612][T10778] loop8: partition table beyond EOD, truncated [ 1798.631383][T10778] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 1798.650163][T12814] usb 1-1: Using ep0 maxpacket: 16 [ 1798.664774][T12814] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1798.683081][ T10] usb 6-1: config 0 interface 85 has no altsetting 0 [ 1798.714189][ T10] usb 6-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 1798.723872][T12814] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1798.741301][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1798.761783][T12814] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1798.778291][ T10] usb 6-1: Product: syz [ 1798.790769][ T10] usb 6-1: Manufacturer: syz [ 1798.799469][T12814] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 1798.824757][ T10] usb 6-1: SerialNumber: syz [ 1798.835471][T12814] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1798.848885][ T10] usb 6-1: config 0 descriptor?? [ 1798.864661][T12814] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1798.886267][T12814] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1798.907860][T12814] usb 1-1: Manufacturer: syz [ 1798.934063][T12814] usb 1-1: config 0 descriptor?? [ 1799.269790][ T10] appletouch 6-1:0.85: Geyser mode initialized. [ 1799.288522][T12814] rc_core: IR keymap rc-hauppauge not found [ 1799.301619][ T10] input: appletouch as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.85/input/input242 [ 1799.316788][T12814] Registered IR keymap rc-empty [ 1799.332556][T12814] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 1799.369427][T12814] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 1799.411024][T12814] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 1799.446383][T12814] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input243 [ 1799.468206][T10829] netlink: 12 bytes leftover after parsing attributes in process `syz.4.12514'. [ 1799.484007][ T10] usb 6-1: USB disconnect, device number 106 [ 1799.507280][T12814] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 1799.540169][T12814] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 1799.553667][ T10] appletouch 6-1:0.85: input: appletouch disconnected [ 1799.566734][T12814] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 1799.597670][T12814] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 1799.637465][T12814] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 1799.686590][T12814] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 1799.699240][T10852] netlink: 'syz.1.12516': attribute type 40 has an invalid length. [ 1799.709191][T12814] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 1799.737301][T12814] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 1799.777797][T12814] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 1799.817587][T12814] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 1799.871573][T12814] mceusb 1-1:0.0: Registered with mce emulator interface version 1 [ 1799.885197][T12814] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 1799.907243][T12814] usb 1-1: USB disconnect, device number 43 [ 1799.918854][T10862] netlink: 12 bytes leftover after parsing attributes in process `syz.1.12518'. [ 1800.036984][T10875] netlink: 'syz.0.12520': attribute type 11 has an invalid length. [ 1800.448872][T24242] usb 6-1: new high-speed USB device number 107 using dummy_hcd [ 1800.530989][T10915] netlink: 24 bytes leftover after parsing attributes in process `syz.4.12527'. [ 1800.543292][T10916] netlink: 24 bytes leftover after parsing attributes in process `syz.4.12527'. [ 1800.595864][T10918] netlink: 20 bytes leftover after parsing attributes in process `syz.1.12528'. [ 1800.628922][T24242] usb 6-1: New USB device found, idVendor=1d50, idProduct=6089, bcdDevice=d0.1d [ 1800.654925][T10916] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1800.666650][T24242] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1800.680604][T10916] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1800.709743][T10927] netlink: 12 bytes leftover after parsing attributes in process `syz.0.12529'. [ 1800.716520][T24242] usb 6-1: config 0 descriptor?? [ 1800.767100][T10933] netlink: 'syz.1.12530': attribute type 1 has an invalid length. [ 1800.775803][T10933] netlink: 2084 bytes leftover after parsing attributes in process `syz.1.12530'. [ 1800.949158][T24242] hackrf 6-1:0.0: usb_control_msg() failed -32 request 0e [ 1800.957066][T24242] hackrf 6-1:0.0: Could not detect board [ 1800.973646][T24242] hackrf 6-1:0.0: probe with driver hackrf failed with error -32 [ 1801.124327][T12819] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1801.431850][T12814] usb 2-1: new high-speed USB device number 127 using dummy_hcd [ 1801.581559][T12814] usb 2-1: Using ep0 maxpacket: 8 [ 1801.589352][T12814] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1801.598582][T12814] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1801.611195][T12814] usb 2-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31 [ 1801.620420][T12814] usb 2-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3 [ 1801.628590][T12814] usb 2-1: Product: syz [ 1801.632865][T12814] usb 2-1: Manufacturer: syz [ 1801.637495][T12814] usb 2-1: SerialNumber: syz [ 1801.645502][T12814] usb 2-1: config 0 descriptor?? [ 1801.875980][T12814] usb 2-1: USB disconnect, device number 127 [ 1803.041838][T12826] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1803.130075][T11004] netlink: 'syz.1.12542': attribute type 2 has an invalid length. [ 1803.139112][T11004] netlink: 132 bytes leftover after parsing attributes in process `syz.1.12542'. [ 1803.197990][T11007] netlink: 'syz.1.12543': attribute type 10 has an invalid length. [ 1803.217495][T11007] team0: Device vxcan1 is of different type [ 1803.227113][ T24] usb 6-1: USB disconnect, device number 107 [ 1803.405488][T11027] binder: 11026:11027 ioctl c0306201 200000000140 returned -14 [ 1803.558310][T11035] FAULT_INJECTION: forcing a failure. [ 1803.558310][T11035] name failslab, interval 1, probability 0, space 0, times 0 [ 1803.574307][T11035] CPU: 0 UID: 0 PID: 11035 Comm: syz.5.12547 Tainted: G L syzkaller #0 PREEMPT(full) [ 1803.574343][T11035] Tainted: [L]=SOFTLOCKUP [ 1803.574351][T11035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1803.574365][T11035] Call Trace: [ 1803.574374][T11035] [ 1803.574383][T11035] dump_stack_lvl+0xe8/0x150 [ 1803.574420][T11035] should_fail_ex+0x412/0x560 [ 1803.574456][T11035] should_failslab+0xa8/0x100 [ 1803.574480][T11035] __kmalloc_cache_noprof+0x88/0x660 [ 1803.574514][T11035] ? rtnl_newlink+0x136/0x1be0 [ 1803.574546][T11035] rtnl_newlink+0x136/0x1be0 [ 1803.574578][T11035] ? sock_read_iter+0x150/0x360 [ 1803.574601][T11035] ? __pfx_rtnl_newlink+0x10/0x10 [ 1803.574635][T11035] ? __lock_acquire+0x6b5/0x2cf0 [ 1803.574665][T11035] ? sock_sendmsg_nosec+0x112/0x150 [ 1803.574689][T11035] ? pointer+0x6fa/0xe50 [ 1803.574717][T11035] ? __pfx_pointer+0x10/0x10 [ 1803.574741][T11035] ? unwind_next_frame+0xa5/0x23c0 [ 1803.574767][T11035] ? format_decode+0x60f/0xe10 [ 1803.574795][T11035] ? vsnprintf+0xdf1/0xee0 [ 1803.574836][T11035] ? snprintf+0xe8/0x140 [ 1803.574860][T11035] ? is_bpf_text_address+0x26/0x2b0 [ 1803.574894][T11035] ? __lock_acquire+0x6b5/0x2cf0 [ 1803.574928][T11035] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1803.574989][T11035] ? __pfx_rtnl_newlink+0x10/0x10 [ 1803.575017][T11035] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 1803.575047][T11035] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 1803.575075][T11035] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1803.575101][T11035] ? netlink_sendmsg+0x813/0xb40 [ 1803.575128][T11035] ? sock_sendmsg_nosec+0x112/0x150 [ 1803.575150][T11035] ? ____sys_sendmsg+0x589/0x8c0 [ 1803.575178][T11035] ? ___sys_sendmsg+0x2a5/0x360 [ 1803.575208][T11035] ? __x64_sys_sendmsg+0x1bd/0x2a0 [ 1803.575239][T11035] ? do_syscall_64+0x14d/0xf80 [ 1803.575267][T11035] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1803.575302][T11035] netlink_rcv_skb+0x232/0x4b0 [ 1803.575335][T11035] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1803.575366][T11035] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1803.575405][T11035] ? netlink_deliver_tap+0x2e/0x1b0 [ 1803.575441][T11035] netlink_unicast+0x80f/0x9b0 [ 1803.575475][T11035] ? __pfx_netlink_unicast+0x10/0x10 [ 1803.575503][T11035] ? netlink_sendmsg+0x650/0xb40 [ 1803.575529][T11035] ? skb_put+0x11b/0x210 [ 1803.575562][T11035] netlink_sendmsg+0x813/0xb40 [ 1803.575601][T11035] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1803.575631][T11035] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 1803.575675][T11035] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1803.575702][T11035] sock_sendmsg_nosec+0x112/0x150 [ 1803.575730][T11035] ____sys_sendmsg+0x589/0x8c0 [ 1803.575771][T11035] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1803.575813][T11035] ? import_iovec+0x73/0xa0 [ 1803.575849][T11035] ___sys_sendmsg+0x2a5/0x360 [ 1803.575887][T11035] ? __pfx____sys_sendmsg+0x10/0x10 [ 1803.575955][T11035] ? __fget_files+0x2a/0x420 [ 1803.575983][T11035] ? __fget_files+0x3a0/0x420 [ 1803.576022][T11035] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1803.576058][T11035] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1803.576100][T11035] ? __pfx_ksys_write+0x10/0x10 [ 1803.576133][T11035] do_syscall_64+0x14d/0xf80 [ 1803.576163][T11035] ? trace_irq_disable+0x3b/0x150 [ 1803.576188][T11035] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1803.576210][T11035] ? clear_bhb_loop+0x40/0x90 [ 1803.576237][T11035] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1803.576259][T11035] RIP: 0033:0x7f13d039c799 [ 1803.576280][T11035] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1803.576299][T11035] RSP: 002b:00007f13d1335028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1803.576323][T11035] RAX: ffffffffffffffda RBX: 00007f13d0615fa0 RCX: 00007f13d039c799 [ 1803.576338][T11035] RDX: 0000000000000850 RSI: 0000200000000080 RDI: 0000000000000003 [ 1803.576353][T11035] RBP: 00007f13d1335090 R08: 0000000000000000 R09: 0000000000000000 [ 1803.576367][T11035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1803.576379][T11035] R13: 00007f13d0616038 R14: 00007f13d0615fa0 R15: 00007ffcb4284138 [ 1803.576413][T11035] [ 1804.132057][T11049] loop1: detected capacity change from 0 to 4 [ 1804.162474][ T5455] Dev loop1: unable to read RDB block 4 [ 1804.162520][ T5455] loop1: unable to read partition table [ 1804.162769][ T5455] loop1: partition table beyond EOD, truncated [ 1804.169564][T11049] Dev loop1: unable to read RDB block 4 [ 1804.169616][T11049] loop1: unable to read partition table [ 1804.169851][T11049] loop1: partition table beyond EOD, truncated [ 1804.169875][T11049] loop_reread_partitions: partition scan of loop1 (被x ) failed (rc=-5) [ 1804.240743][T11060] loop8: detected capacity change from 0 to 1 [ 1804.259036][ T9884] Dev loop8: unable to read RDB block 1 [ 1804.259084][ T9884] loop8: unable to read partition table [ 1804.259318][ T9884] loop8: partition table beyond EOD, truncated [ 1804.268920][T11060] Dev loop8: unable to read RDB block 1 [ 1804.268967][T11060] loop8: unable to read partition table [ 1804.269176][T11060] loop8: partition table beyond EOD, truncated [ 1804.269199][T11060] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 1804.328640][T11064] input: syz0 as /devices/virtual/input/input244 [ 1804.437865][T11076] netlink: 4 bytes leftover after parsing attributes in process `syz.4.12556'. [ 1805.305128][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 1805.305149][ T30] audit: type=1326 audit(1773432360.295:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11124 comm="syz.4.12566" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffbda19c799 code=0x0 [ 1805.342226][T12814] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 1805.439700][T25904] usb 6-1: new high-speed USB device number 108 using dummy_hcd [ 1805.513595][T11141] netlink: 4 bytes leftover after parsing attributes in process `syz.4.12569'. [ 1805.523583][T12814] usb 2-1: Using ep0 maxpacket: 32 [ 1805.531190][T12814] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1805.541255][T12814] usb 2-1: config 128 has an invalid interface number: 127 but max is 3 [ 1805.550152][T12814] usb 2-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 1805.570938][T12814] usb 2-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 1805.581023][T12814] usb 2-1: config 128 has no interface number 0 [ 1805.588074][T12814] usb 2-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1805.598705][T12814] usb 2-1: config 128 interface 127 has no altsetting 0 [ 1805.605861][T25904] usb 6-1: Using ep0 maxpacket: 16 [ 1805.614568][T12814] usb 2-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 1805.624450][T12814] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1805.634075][T12814] usb 2-1: Product: syz [ 1805.639532][T25904] usb 6-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 1805.649136][T25904] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1805.657576][T12814] usb 2-1: Manufacturer: syz [ 1805.662583][T12814] usb 2-1: SerialNumber: syz [ 1805.667283][T25904] usb 6-1: Product: syz [ 1805.673728][T25904] usb 6-1: Manufacturer: syz [ 1805.680091][T25904] usb 6-1: SerialNumber: syz [ 1805.695604][T25904] usb 6-1: config 0 descriptor?? [ 1805.708886][T25904] visor 6-1:0.0: Sony Clie 3.5 converter detected [ 1805.735816][T11148] netlink: 12 bytes leftover after parsing attributes in process `syz.4.12570'. [ 1805.849483][T11151] syzkaller1: entered promiscuous mode [ 1805.855524][T11151] syzkaller1: entered allmulticast mode [ 1805.931709][T11161] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1805.946469][T25904] usb 6-1: clie_3_5_startup: get config number failed: -71 [ 1805.974668][T25904] visor 6-1:0.0: probe with driver visor failed with error -71 [ 1806.005350][T25904] usb 6-1: USB disconnect, device number 108 [ 1806.047039][T11177] netlink: 9 bytes leftover after parsing attributes in process `syz.0.12574'. [ 1806.065987][T11177] .30{X: entered promiscuous mode [ 1806.076609][T11177] .30{X: left allmulticast mode [ 1806.139806][T12814] usb 2-1: USB disconnect, device number 2 [ 1806.197766][ T6239] udevd[6239]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1806.307824][T11194] netlink: 12 bytes leftover after parsing attributes in process `syz.0.12576'. [ 1806.525995][T14688] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1806.544578][T14688] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1806.556770][T14688] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1806.569886][T14688] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1806.578013][T14688] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1806.653115][T11197] lo speed is unknown, defaulting to 1000 [ 1806.695966][T11213] netlink: 'syz.5.12580': attribute type 2 has an invalid length. [ 1806.750256][T11217] netlink: 16 bytes leftover after parsing attributes in process `syz.0.12581'. [ 1806.771463][T11217] netlink: 228 bytes leftover after parsing attributes in process `syz.0.12581'. [ 1806.868988][ T622] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1807.429903][ T1162] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1807.508444][T12814] usb 6-1: new high-speed USB device number 109 using dummy_hcd [ 1807.634923][ T1162] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1807.726392][T12814] usb 6-1: Using ep0 maxpacket: 32 [ 1807.746104][T12814] usb 6-1: config 0 has an invalid interface number: 85 but max is 0 [ 1807.761832][T12814] usb 6-1: config 0 has no interface number 0 [ 1807.768518][T12814] usb 6-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1807.792901][T12814] usb 6-1: config 0 interface 85 has no altsetting 0 [ 1807.842180][T12814] usb 6-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 1807.857873][T12814] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1807.886104][T12814] usb 6-1: Product: syz [ 1807.890415][T12814] usb 6-1: Manufacturer: syz [ 1807.895081][T12814] usb 6-1: SerialNumber: syz [ 1807.909560][T12814] usb 6-1: config 0 descriptor?? [ 1808.108069][ T1162] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1808.158981][ T622] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1808.212780][T11197] chnl_net:caif_netlink_parms(): no params data found [ 1808.347221][T12814] appletouch 6-1:0.85: Geyser mode initialized. [ 1808.368883][T12814] input: appletouch as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.85/input/input245 [ 1808.459802][ T1162] netdevsim netdevsim4 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1808.490545][T11372] loop1: detected capacity change from 0 to 4 [ 1808.516620][T11372] Dev loop1: unable to read RDB block 4 [ 1808.527800][T11372] loop1: unable to read partition table [ 1808.534586][T11372] loop1: partition table beyond EOD, truncated [ 1808.549808][T11372] loop_reread_partitions: partition scan of loop1 (被x ) failed (rc=-5) [ 1808.552924][T11375] binder: 11374:11375 ioctl c0306201 2000000003c0 returned -14 [ 1808.602856][ T10] usb 6-1: USB disconnect, device number 109 [ 1808.626907][T14688] Bluetooth: hci2: command tx timeout [ 1808.671524][ T10] appletouch 6-1:0.85: input: appletouch disconnected [ 1808.827908][T11418] netlink: 12 bytes leftover after parsing attributes in process `syz.0.12599'. [ 1808.887856][T11197] bridge0: port 1(bridge_slave_0) entered blocking state [ 1808.905685][T11197] bridge0: port 1(bridge_slave_0) entered disabled state [ 1808.916940][T11197] bridge_slave_0: entered allmulticast mode [ 1808.926647][T11197] bridge_slave_0: entered promiscuous mode [ 1808.936929][T11197] bridge0: port 2(bridge_slave_1) entered blocking state [ 1808.945001][T11197] bridge0: port 2(bridge_slave_1) entered disabled state [ 1808.952525][T11197] bridge_slave_1: entered allmulticast mode [ 1808.962105][T11197] bridge_slave_1: entered promiscuous mode [ 1809.216579][T11197] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1809.293060][T11197] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1809.399934][T11197] team0: Port device team_slave_0 added [ 1809.436779][T11435] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1809.452590][ T10] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 1809.488032][T11197] team0: Port device team_slave_1 added [ 1809.586809][ T1162] bridge_slave_1: left allmulticast mode [ 1809.593832][ T1162] bridge_slave_1: left promiscuous mode [ 1809.599871][ T1162] bridge0: port 2(bridge_slave_1) entered disabled state [ 1809.616180][ T1162] bridge_slave_0: left allmulticast mode [ 1809.626595][ T1162] bridge_slave_0: left promiscuous mode [ 1809.633132][ T1162] bridge0: port 1(bridge_slave_0) entered disabled state [ 1809.641880][ T10] usb 2-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1809.656859][ T10] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 1809.667582][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1809.693730][ T10] aiptek 2-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 1809.932493][ T1162] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1809.944760][ T1162] bond_slave_0: left promiscuous mode [ 1809.953376][ T1162] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1809.963018][ T1162] bond_slave_1: left promiscuous mode [ 1809.970348][ T1162] bond0 (unregistering): Released all slaves [ 1809.996570][T11197] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1810.014257][T11197] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1810.075676][T11538] netlink: 'syz.5.12606': attribute type 10 has an invalid length. [ 1810.097267][T11197] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1810.121167][T11197] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1810.128327][T11197] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1810.192603][T11197] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1810.666508][T11197] hsr_slave_0: entered promiscuous mode [ 1810.674226][T12819] Bluetooth: hci1: Frame reassembly failed (-84) [ 1810.693130][T11197] hsr_slave_1: entered promiscuous mode [ 1810.700997][T14686] Bluetooth: hci2: command tx timeout [ 1810.711334][T11197] debugfs: 'hsr0' already exists in 'hsr' [ 1810.717373][T11197] Cannot create hsr debugfs directory [ 1812.218092][T11197] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1812.221819][ T9] usb 2-1: USB disconnect, device number 3 [ 1812.293166][T11197] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1812.323835][T11197] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1812.348416][ T1162] hsr_slave_1: left promiscuous mode [ 1812.358157][ T1162] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1812.373085][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1812.411328][ T1162] veth1_macvtap: left promiscuous mode [ 1812.435336][ T1162] veth0_macvtap: left promiscuous mode [ 1812.441257][ T1162] veth1_vlan: left promiscuous mode [ 1812.447768][ T1162] veth0_vlan: left promiscuous mode [ 1812.500347][T11759] netlink: 'syz.1.12613': attribute type 3 has an invalid length. [ 1812.509261][T11759] netlink: 'syz.1.12613': attribute type 3 has an invalid length. [ 1812.554243][T11759] netlink: 16 bytes leftover after parsing attributes in process `syz.1.12613'. [ 1812.694446][T14688] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1812.749259][ T1162] team_slave_1 (unregistering): left promiscuous mode [ 1812.757930][ T1162] team0 (unregistering): Port device team_slave_1 removed [ 1812.779652][ T1162] team_slave_0 (unregistering): left promiscuous mode [ 1812.797058][ T1162] team0 (unregistering): Port device team_slave_0 removed [ 1812.808851][T14688] Bluetooth: hci2: command tx timeout [ 1812.930311][T11766] loop1: detected capacity change from 0 to 4 [ 1812.947334][ T6239] Dev loop1: unable to read RDB block 4 [ 1812.953199][ T6239] loop1: unable to read partition table [ 1812.967661][ T6239] loop1: partition table beyond EOD, truncated [ 1812.977521][T11766] Dev loop1: unable to read RDB block 4 [ 1813.001910][T11766] loop1: unable to read partition table [ 1813.008043][T11766] loop1: partition table beyond EOD, truncated [ 1813.020644][T11766] loop_reread_partitions: partition scan of loop1 (被x ) failed (rc=-5) [ 1813.042266][T11197] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1813.537826][T11793] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12617'. [ 1813.823744][T11809] netlink: 4 bytes leftover after parsing attributes in process `syz.5.12619'. [ 1813.840252][ T1162] IPVS: stop unused estimator thread 0... [ 1813.854344][T11197] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1813.904273][ T983] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1813.978162][T11197] 8021q: adding VLAN 0 to HW filter on device team0 [ 1814.050870][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 1814.058174][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1814.128315][T11826] netlink: 'syz.5.12620': attribute type 10 has an invalid length. [ 1814.152614][ T983] bridge0: port 2(bridge_slave_1) entered blocking state [ 1814.159909][ T983] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1814.186235][T11826] team0: Device vxcan1 is up. Set it down before adding it as a team port [ 1814.588966][T11856] syzkaller1: entered promiscuous mode [ 1814.603578][T11856] syzkaller1: entered allmulticast mode [ 1814.731641][T24242] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 1814.850209][T14688] Bluetooth: hci2: command tx timeout [ 1814.909640][T24242] usb 2-1: Using ep0 maxpacket: 32 [ 1814.937481][T24242] usb 2-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 1814.973637][T11867] afs: Unknown parameter 'uid>00000000004294967295' [ 1814.980723][T24242] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1814.994026][T11875] netlink: 'syz.0.12628': attribute type 27 has an invalid length. [ 1815.026339][T24242] usb 2-1: config 0 descriptor?? [ 1815.067053][T24242] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 1815.082275][T11875] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1815.235850][T11197] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1815.371030][T24242] gspca_vc032x: reg_w err -71 [ 1815.383376][T24242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1815.422581][T24242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1815.440393][T24242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1815.461027][T24242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1815.485822][T24242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1815.515931][T24242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1815.543485][T24242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1815.566431][T24242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1815.593864][T24242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1815.625578][T24242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1815.639141][T24242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1815.644657][T24242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1815.652855][T24242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1815.658606][T24242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1815.665925][T24242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1815.673757][T24242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1815.679834][T24242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1815.685268][T24242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1815.693949][T24242] gspca_vc032x: Unknown sensor... [ 1815.699989][T24242] vc032x 2-1:0.0: probe with driver vc032x failed with error -22 [ 1815.718851][T24242] usb 2-1: USB disconnect, device number 4 [ 1816.106489][T11933] binder: 11932:11933 ioctl c0306201 2000000003c0 returned -14 [ 1816.195701][T11936] loop8: detected capacity change from 0 to 1 [ 1816.227898][T11936] Dev loop8: unable to read RDB block 1 [ 1816.249881][T11936] loop8: unable to read partition table [ 1816.270009][T11936] loop8: partition table beyond EOD, truncated [ 1816.290663][T11936] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 1816.448751][ T983] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1816.483261][T11197] veth0_vlan: entered promiscuous mode [ 1816.534742][T14688] Bluetooth: hci4: unexpected event for opcode 0x200f [ 1816.557807][T11197] veth1_vlan: entered promiscuous mode [ 1816.633613][T11197] veth0_macvtap: entered promiscuous mode [ 1816.659439][T11197] veth1_macvtap: entered promiscuous mode [ 1816.750741][T11964] netlink: 'syz.0.12642': attribute type 2 has an invalid length. [ 1816.764325][T11197] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1816.851107][T11197] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1816.918567][ T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1816.943653][ T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1816.968949][ T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1816.981534][ T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1817.049120][T11980] netlink: 12 bytes leftover after parsing attributes in process `syz.0.12645'. [ 1817.358105][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1817.387326][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1817.492175][T11999] loop1: detected capacity change from 0 to 4 [ 1817.519596][ T6239] Dev loop1: unable to read RDB block 4 [ 1817.527084][ T6239] loop1: unable to read partition table [ 1817.539223][ T6239] loop1: partition table beyond EOD, truncated [ 1817.565365][T11999] Dev loop1: unable to read RDB block 4 [ 1817.586113][T11999] loop1: unable to read partition table [ 1817.606511][T11999] loop1: partition table beyond EOD, truncated [ 1817.617225][T11999] loop_reread_partitions: partition scan of loop1 (被x ) failed (rc=-5) [ 1817.689659][T12008] binder: 12007:12008 ioctl 4018620d 0 returned -22 [ 1817.785535][T12819] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1817.816107][T12819] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1818.192552][T12039] binder: 12038:12039 ioctl c0306201 2000000003c0 returned -14 [ 1818.252238][T12044] netlink: 'syz.4.12657': attribute type 2 has an invalid length. [ 1818.270499][T12044] netlink: 132 bytes leftover after parsing attributes in process `syz.4.12657'. [ 1818.367767][T12052] binder: 12050:12052 ioctl 4018620d 0 returned -22 [ 1818.458163][T12057] netlink: 'syz.0.12661': attribute type 2 has an invalid length. [ 1818.500477][T12059] input: syz0 as /devices/virtual/input/input248 [ 1818.510475][ T29] usb 6-1: new high-speed USB device number 110 using dummy_hcd [ 1818.708021][ T29] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1818.755047][T12071] loop4: detected capacity change from 0 to 7 [ 1818.755960][ T29] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1818.806776][ T29] usb 6-1: config 0 descriptor?? [ 1818.825450][T12071] buffer_io_error: 11 callbacks suppressed [ 1818.825469][T12071] Buffer I/O error on dev loop4, logical block 0, async page read [ 1818.854198][ T29] cp210x 6-1:0.0: cp210x converter detected [ 1818.883366][T12071] Buffer I/O error on dev loop4, logical block 0, async page read [ 1818.894480][T12079] Invalid option length (549) for dns_resolver key [ 1818.912935][T12071] Buffer I/O error on dev loop4, logical block 0, async page read [ 1818.936703][T12071] Buffer I/O error on dev loop4, logical block 0, async page read [ 1818.945044][T12071] Buffer I/O error on dev loop4, logical block 0, async page read [ 1818.953775][T12071] Buffer I/O error on dev loop4, logical block 0, async page read [ 1818.984442][T12071] Buffer I/O error on dev loop4, logical block 0, async page read [ 1818.996152][T12071] ldm_validate_partition_table(): Disk read failed. [ 1819.004691][T12071] Buffer I/O error on dev loop4, logical block 0, async page read [ 1819.014707][T12071] Buffer I/O error on dev loop4, logical block 0, async page read [ 1819.026009][T12071] Buffer I/O error on dev loop4, logical block 0, async page read [ 1819.034746][T12071] Dev loop4: unable to read RDB block 0 [ 1819.040858][T12071] loop4: unable to read partition table [ 1819.046974][T12071] loop4: partition table beyond EOD, truncated [ 1819.055051][T12046] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1819.067705][T12071] loop_reread_partitions: partition scan of loop4 (Sj %`ր5) failed (rc=-5) [ 1819.102380][T12046] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1819.134592][T12046] : renamed from vlan0 (while UP) [ 1819.175807][T12046] x_tables: duplicate underflow at hook 1 [ 1819.217059][T12046] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1819.252493][T12046] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1819.379233][ T5205] ldm_validate_partition_table(): Disk read failed. [ 1819.386116][ T5205] Dev loop4: unable to read RDB block 0 [ 1819.392519][ T5205] loop4: unable to read partition table [ 1819.398587][ T5205] loop4: partition table beyond EOD, truncated [ 1819.627036][T12113] binder: 12112:12113 ioctl 4018620d 0 returned -22 [ 1819.640614][ T983] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1819.700380][T12046] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1819.720689][T12114] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1819.732062][T12046] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1819.741526][T12114] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1819.775460][ T29] cp210x 6-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 1819.783471][ T29] cp210x 6-1:0.0: GPIO initialisation failed: -71 [ 1819.822728][ T29] usb 6-1: cp210x converter now attached to ttyUSB0 [ 1819.846369][ T29] usb 6-1: USB disconnect, device number 110 [ 1819.884580][ T29] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1819.896131][T12134] loop1: detected capacity change from 0 to 4 [ 1819.902573][ T29] cp210x 6-1:0.0: device disconnected [ 1819.916049][T12134] Dev loop1: unable to read RDB block 4 [ 1819.926707][T12134] loop1: unable to read partition table [ 1819.933423][T12134] loop1: partition table beyond EOD, truncated [ 1819.943977][T12134] loop_reread_partitions: partition scan of loop1 (被x ) failed (rc=-5) [ 1820.307171][T12173] binder: BINDER_SET_CONTEXT_MGR already set [ 1820.313306][T12173] binder: 12172:12173 ioctl 4018620d 2000000002c0 returned -16 [ 1820.389998][ T29] usb 6-1: new high-speed USB device number 111 using dummy_hcd [ 1820.556385][ T29] usb 6-1: Using ep0 maxpacket: 16 [ 1820.564289][ T29] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1820.575408][ T29] usb 6-1: New USB device found, idVendor=1235, idProduct=8201, bcdDevice= 0.40 [ 1820.584647][ T29] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1820.592920][ T29] usb 6-1: Product: syz [ 1820.598853][ T29] usb 6-1: Manufacturer: syz [ 1820.603514][ T29] usb 6-1: SerialNumber: syz [ 1820.666223][ T10] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 1820.827974][ T29] usb 6-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 1820.835317][ T29] usb 6-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 1820.850111][ T10] usb 2-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1820.864892][ T10] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1820.877629][ T10] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 1820.886858][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1820.908979][ T10] aiptek 2-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 1820.940294][ T29] usb 6-1: USB disconnect, device number 111 [ 1820.989763][ T6239] udevd[6239]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1821.381257][T12218] netlink: 1 bytes leftover after parsing attributes in process `syz.5.12683'. [ 1822.194796][ T1162] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1822.497075][T12246] devpts: Bad value for 'max' [ 1822.688872][T12250] binder: BINDER_SET_CONTEXT_MGR already set [ 1822.695978][T12250] binder: 12249:12250 ioctl 4018620d 2000000002c0 returned -16 [ 1822.750755][T12253] netlink: 'syz.5.12689': attribute type 40 has an invalid length. [ 1822.818744][T12256] netlink: 4 bytes leftover after parsing attributes in process `syz.5.12690'. [ 1823.429265][ T5834] usb 2-1: USB disconnect, device number 5 [ 1823.461419][ T29] usb 6-1: new high-speed USB device number 112 using dummy_hcd [ 1823.575880][T12301] binder: BINDER_SET_CONTEXT_MGR already set [ 1823.591305][T12301] binder: 12299:12301 ioctl 4018620d 2000000002c0 returned -16 [ 1823.649745][ T29] usb 6-1: Using ep0 maxpacket: 32 [ 1823.672894][ T29] usb 6-1: config 0 has an invalid interface number: 188 but max is 0 [ 1823.696080][ T29] usb 6-1: config 0 has no interface number 0 [ 1823.712294][ T29] usb 6-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 1823.741706][ T29] usb 6-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 1823.757705][T12316] syzkaller1: entered promiscuous mode [ 1823.766955][ T29] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1823.771394][ T30] audit: type=1800 audit(1773432378.788:60): pid=12305 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.12698" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 1823.783192][T12316] syzkaller1: entered allmulticast mode [ 1823.812774][ T29] usb 6-1: Product: syz [ 1823.823750][ T29] usb 6-1: Manufacturer: syz [ 1823.835547][ T29] usb 6-1: SerialNumber: syz [ 1823.857776][ T29] usb 6-1: config 0 descriptor?? [ 1823.864830][T12305] netlink: 'syz.0.12698': attribute type 4 has an invalid length. [ 1823.883017][T12278] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1824.126263][T12278] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1824.190595][T12332] netlink: 28 bytes leftover after parsing attributes in process `syz.0.12704'. [ 1824.234430][T12338] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12705'. [ 1824.384062][ T29] asix 6-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61 [ 1824.412264][ T29] asix 6-1:0.188: probe with driver asix failed with error -61 [ 1824.522903][T12362] binder: 12360:12362 ioctl c0306201 0 returned -14 [ 1824.608482][T12367] /dev/nullb0: Can't open blockdev [ 1824.675550][T12370] qrtr: Invalid version 43 [ 1824.765393][T12819] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1825.059232][T14688] Bluetooth: hci3: ACL packet for unknown connection handle 201 [ 1825.202508][T12414] netlink: 24 bytes leftover after parsing attributes in process `syz.4.12719'. [ 1825.212090][T12414] netlink: 24 bytes leftover after parsing attributes in process `syz.4.12719'. [ 1825.222113][T12414] netlink: 'syz.4.12719': attribute type 40 has an invalid length. [ 1825.293307][T12418] netlink: 12 bytes leftover after parsing attributes in process `syz.4.12720'. [ 1825.353871][T12421] netlink: 'syz.4.12721': attribute type 2 has an invalid length. [ 1825.387873][ T10] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 1825.557707][ T10] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1825.568430][ T10] usb 2-1: config 1 interface 0 has no altsetting 0 [ 1825.580160][ T10] usb 2-1: string descriptor 0 read error: -22 [ 1825.587293][ T10] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.40 [ 1825.597874][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1825.941147][T12453] netlink: 9 bytes leftover after parsing attributes in process `syz.4.12727'. [ 1825.959389][T12453] gretap0: entered promiscuous mode [ 1826.039336][ T10] kone 0003:1E7D:2CED.0057: unknown main item tag 0x0 [ 1826.050552][ T10] kone 0003:1E7D:2CED.0057: unknown main item tag 0x0 [ 1826.058412][ T10] kone 0003:1E7D:2CED.0057: unknown main item tag 0x0 [ 1826.058448][ T10] kone 0003:1E7D:2CED.0057: unknown main item tag 0x0 [ 1826.058479][ T10] kone 0003:1E7D:2CED.0057: unknown main item tag 0x0 [ 1826.058509][ T10] kone 0003:1E7D:2CED.0057: unknown main item tag 0x0 [ 1826.058538][ T10] kone 0003:1E7D:2CED.0057: unknown main item tag 0x0 [ 1826.058567][ T10] kone 0003:1E7D:2CED.0057: unknown main item tag 0x0 [ 1826.058595][ T10] kone 0003:1E7D:2CED.0057: unknown main item tag 0x0 [ 1826.058623][ T10] kone 0003:1E7D:2CED.0057: unknown main item tag 0x0 [ 1826.096802][ T10] kone 0003:1E7D:2CED.0057: hidraw0: USB HID v0.05 Device [HID 1e7d:2ced] on usb-dummy_hcd.1-1/input0 [ 1826.239739][ T10] kone 0003:1E7D:2CED.0057: couldn't init struct kone_device [ 1826.248776][ T10] kone 0003:1E7D:2CED.0057: couldn't install mouse [ 1826.267309][ T10] kone 0003:1E7D:2CED.0057: probe with driver kone failed with error -5 [ 1826.298488][ T10] usb 2-1: USB disconnect, device number 6 [ 1826.325619][ T5834] usb 6-1: USB disconnect, device number 112 [ 1826.377885][T12480] netlink: 12 bytes leftover after parsing attributes in process `syz.4.12729'. [ 1826.558544][T12482] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1826.575879][T12496] netlink: 'syz.4.12732': attribute type 2 has an invalid length. [ 1826.584092][T12496] netlink: 132 bytes leftover after parsing attributes in process `syz.4.12732'. [ 1826.947334][T12520] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12736'. [ 1827.166762][T12536] netlink: 12 bytes leftover after parsing attributes in process `syz.5.12739'. [ 1827.228321][T12539] netlink: 'syz.5.12740': attribute type 2 has an invalid length. [ 1827.307920][ T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1827.350330][T12545] netlink: 'syz.5.12742': attribute type 10 has an invalid length. [ 1827.359347][T12545] team0: Device vxcan1 is up. Set it down before adding it as a team port [ 1827.767464][T12575] loop1: detected capacity change from 0 to 4 [ 1827.780629][T12575] Dev loop1: unable to read RDB block 4 [ 1827.787979][T12575] loop1: unable to read partition table [ 1827.796027][T12575] loop1: partition table beyond EOD, truncated [ 1827.807489][T12575] loop_reread_partitions: partition scan of loop1 (被x ) failed (rc=-5) [ 1827.903395][T12583] input: syz0 as /devices/virtual/input/input250 [ 1828.264843][T12611] syzkaller1: entered promiscuous mode [ 1828.270634][T12611] syzkaller1: entered allmulticast mode [ 1828.686383][T12632] binder: 12631:12632 ioctl c0306201 2000000003c0 returned -14 [ 1829.027534][T12658] netlink: 'syz.1.12765': attribute type 40 has an invalid length. [ 1829.148381][ T10] usb 6-1: new low-speed USB device number 113 using dummy_hcd [ 1829.331003][ T10] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1829.347220][ T10] usb 6-1: config 242 has an invalid interface number: 40 but max is 0 [ 1829.357753][ T10] usb 6-1: config 242 has no interface number 0 [ 1829.364549][ T10] usb 6-1: config 242 interface 40 has no altsetting 0 [ 1829.410427][ T10] usb 6-1: string descriptor 0 read error: -22 [ 1829.417099][ T10] usb 6-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=44.11 [ 1829.426640][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1829.460195][ T10] hdpvr 6-1:242.40: Could not find bulk-in endpoint [ 1829.472287][ T10] hdpvr 6-1:242.40: probe with driver hdpvr failed with error -12 [ 1829.482972][T12678] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1829.491805][T12689] loop1: detected capacity change from 0 to 4 [ 1829.503719][ T5455] Dev loop1: unable to read RDB block 4 [ 1829.511562][ T5455] loop1: unable to read partition table [ 1829.517619][ T5455] loop1: partition table beyond EOD, truncated [ 1829.524855][T12689] Dev loop1: unable to read RDB block 4 [ 1829.531580][T12689] loop1: unable to read partition table [ 1829.538423][T12689] loop1: partition table beyond EOD, truncated [ 1829.545075][T12689] loop_reread_partitions: partition scan of loop1 (被x ) failed (rc=-5) [ 1829.627803][T12695] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 1829.656516][T12646] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1829.666327][T12646] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1829.677213][ T10] usb 6-1: USB disconnect, device number 113 [ 1829.860060][ T13] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1830.285862][ T10] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 1830.438535][ T10] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1830.448237][ T10] usb 2-1: config 1 has an invalid interface number: 52 but max is 0 [ 1830.457078][ T10] usb 2-1: config 1 has no interface number 0 [ 1830.463319][ T10] usb 2-1: config 1 interface 52 has no altsetting 0 [ 1830.478003][ T10] usb 2-1: New USB device found, idVendor=045a, idProduct=5210, bcdDevice= 1.01 [ 1830.509761][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1830.524549][ T10] usb 2-1: Product: syz [ 1830.529880][ T10] usb 2-1: Manufacturer: syz [ 1830.534586][ T10] usb 2-1: SerialNumber: syz [ 1830.768853][ T10] ums-karma 2-1:1.52: USB Mass Storage device detected [ 1830.872625][ T10] usb 2-1: USB disconnect, device number 7 [ 1830.941915][T12777] syzkaller1: entered promiscuous mode [ 1830.954960][T12777] syzkaller1: entered allmulticast mode [ 1831.331117][T12784] binder: 12783:12784 ioctl c0306201 2000000003c0 returned -14 [ 1831.679760][T12801] netlink: 'syz.1.12788': attribute type 40 has an invalid length. [ 1832.102105][ T9] usb 6-1: new high-speed USB device number 114 using dummy_hcd [ 1832.120538][T12821] loop1: detected capacity change from 0 to 4 [ 1832.129582][T12821] Dev loop1: unable to read RDB block 4 [ 1832.135879][T12821] loop1: unable to read partition table [ 1832.141847][T12821] loop1: partition table beyond EOD, truncated [ 1832.148413][T12821] loop_reread_partitions: partition scan of loop1 (被x ) failed (rc=-5) [ 1832.262595][ T9] usb 6-1: too many configurations: 9, using maximum allowed: 8 [ 1832.271576][ T9] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1832.280638][ T9] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1832.292727][ T9] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1832.300707][ T9] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1832.309780][ T9] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1832.322410][ T9] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1832.330251][ T9] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1832.339338][ T9] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1832.350569][ T9] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1832.358461][ T9] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1832.367963][ T9] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1832.379018][ T9] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1832.386882][ T9] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1832.396418][ T9] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1832.407599][ T9] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1832.421913][ T9] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1832.430851][ T9] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1832.441867][ T9] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1832.449654][ T9] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1832.458700][ T10] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 1832.466385][ T9] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1832.478019][ T9] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1832.486215][ T9] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1832.495925][ T9] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1832.506881][ T9] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1832.515848][ T9] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1832.525926][ T9] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1832.534678][ T9] usb 6-1: Product: syz [ 1832.538867][ T9] usb 6-1: Manufacturer: syz [ 1832.543541][ T9] usb 6-1: SerialNumber: syz [ 1832.550501][ T9] usb 6-1: config 0 descriptor?? [ 1832.562740][ T9] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0 [ 1832.653538][ T10] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1832.663409][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1832.675951][ T10] usb 2-1: config 0 descriptor?? [ 1832.775118][T10636] usb 6-1: USB disconnect, device number 114 [ 1832.793744][T10636] yurex 6-1:0.0: USB YUREX #0 now disconnected [ 1832.898786][T12827] netlink: 'syz.1.12793': attribute type 40 has an invalid length. [ 1832.914959][ T10] udl 2-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 1832.930579][ T10] [drm:udl_init] *ERROR* Selecting channel failed [ 1832.992189][ T10] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 2 [ 1833.007260][ T10] [drm] Initialized udl on minor 2 [ 1833.021303][ T10] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1833.039943][ T10] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 1833.052871][ T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1833.080267][ T9] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1833.125064][ T9] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1833.141625][ T10] usb 2-1: USB disconnect, device number 8 [ 1833.169461][ T9] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 1833.215065][T14686] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1833.236190][T14686] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1833.246546][T14686] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1833.254911][T14686] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1833.262892][T14686] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1833.365705][T12861] lo speed is unknown, defaulting to 1000 [ 1834.013839][T12861] chnl_net:caif_netlink_parms(): no params data found [ 1834.326692][ T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1834.520618][T12970] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1834.529704][T12970] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1834.536326][T12970] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1834.542918][T12970] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1834.549455][T12970] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1834.555900][T12970] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1834.562531][T12970] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1834.569233][T12970] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1834.575746][T12970] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1834.582480][T12970] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1836.576239][T12819] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1836.622221][T14688] Bluetooth: hci1: command tx timeout [ 1836.658221][T12906] pim6reg: entered allmulticast mode [ 1836.855042][ T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1837.012465][T12861] bridge0: port 1(bridge_slave_0) entered blocking state [ 1837.020734][T12861] bridge0: port 1(bridge_slave_0) entered disabled state [ 1837.029961][T12861] bridge_slave_0: entered allmulticast mode [ 1837.039649][T12861] bridge_slave_0: entered promiscuous mode [ 1837.047967][T13001] __nla_validate_parse: 2 callbacks suppressed [ 1837.047985][T13001] netlink: 32 bytes leftover after parsing attributes in process `syz.4.12804'. [ 1837.055299][T13033] misc userio: No port type given on /dev/userio [ 1837.108305][ T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1837.130709][T12861] bridge0: port 2(bridge_slave_1) entered blocking state [ 1837.138414][T12861] bridge0: port 2(bridge_slave_1) entered disabled state [ 1837.146733][T12861] bridge_slave_1: entered allmulticast mode [ 1837.156212][T12861] bridge_slave_1: entered promiscuous mode [ 1837.372401][ T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1837.508832][T12861] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1837.559762][T12861] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1837.652672][T12861] team0: Port device team_slave_0 added [ 1837.722182][T12861] team0: Port device team_slave_1 added [ 1837.840174][T12861] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1837.864627][T12861] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1837.898291][T12861] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1837.997175][T12861] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1838.007221][T12861] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1838.034471][T12861] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1838.217448][T12861] hsr_slave_0: entered promiscuous mode [ 1838.226346][T12861] hsr_slave_1: entered promiscuous mode [ 1838.233971][T12861] debugfs: 'hsr0' already exists in 'hsr' [ 1838.239878][T12861] Cannot create hsr debugfs directory [ 1838.293498][ T13] bridge_slave_1: left allmulticast mode [ 1838.299295][ T13] bridge_slave_1: left promiscuous mode [ 1838.305524][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 1838.315288][ T13] bridge_slave_0: left allmulticast mode [ 1838.322390][ T13] bridge_slave_0: left promiscuous mode [ 1838.328275][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 1838.641966][T14688] Bluetooth: hci1: command tx timeout [ 1838.685457][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1838.694974][ T13] bond_slave_0: left promiscuous mode [ 1838.704574][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1838.714091][ T13] bond_slave_1: left promiscuous mode [ 1838.735278][ T13] bond0 (unregistering): Released all slaves [ 1838.801999][ T1162] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1838.878558][ T13] tipc: Left network mode [ 1839.867749][T13287] syzkaller1: entered promiscuous mode [ 1839.873576][T13287] syzkaller1: entered allmulticast mode [ 1840.317547][ T9] usb 6-1: new high-speed USB device number 115 using dummy_hcd [ 1840.486352][ T9] usb 6-1: Using ep0 maxpacket: 16 [ 1840.503445][ T9] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1840.535292][ T9] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1840.564213][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1840.593787][ T9] usb 6-1: Product: ⠉ [ 1840.607324][ T9] usb 6-1: Manufacturer: 朳솽燪因붺痦萏烵䚮鑤鵬猅熏흊훐쎿′㺾㫕嬞샞䁇୪俩⛧볪瑐ꪢ䳊⛊젥梁뒹鞞榄鹵懑ᕶ웄믮ᶇ醵⒧纩ꛁ呣憄ለ᧐㲞뱛毜歚뉃辑䗲瘕쑒镬뵳ঋ懼赠옍靖砧नᖮﳤ谢}ጴᣁઝ揘捅瘡猩 [ 1840.718336][T14688] Bluetooth: hci1: command tx timeout [ 1840.919701][T13311] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1840.951699][T13311] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1841.006539][ T9] usb 6-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 1841.020063][ T9] usb 6-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 1841.142394][T13398] netlink: 'syz.4.12823': attribute type 10 has an invalid length. [ 1841.206256][ T9] usb 6-1: USB disconnect, device number 115 [ 1841.281329][T12861] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1841.349477][T13424] netlink: 104 bytes leftover after parsing attributes in process `syz.1.12824'. [ 1841.395446][ T6239] udevd[6239]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1841.432209][T12861] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1841.486766][T12861] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1841.587265][T12861] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1841.822846][T13435] ./file0: Can't open blockdev [ 1841.998646][ T1162] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1842.031215][T13440] ./file0: Can't open blockdev [ 1842.115528][T13471] netlink: 20 bytes leftover after parsing attributes in process `syz.5.12828'. [ 1842.240871][T12861] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1842.381842][T12861] 8021q: adding VLAN 0 to HW filter on device team0 [ 1842.401199][ T13] hsr_slave_0: left promiscuous mode [ 1842.411263][ T13] hsr_slave_1: left promiscuous mode [ 1842.421600][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1842.429271][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1842.439401][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1842.447029][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1842.459299][ T13] veth1_macvtap: left promiscuous mode [ 1842.470941][ T13] veth0_macvtap: left promiscuous mode [ 1842.494498][ T13] veth1_vlan: left promiscuous mode [ 1842.512127][ T13] veth0_vlan: left promiscuous mode [ 1842.522524][T10636] usb 6-1: new high-speed USB device number 116 using dummy_hcd [ 1842.681789][T10636] usb 6-1: Using ep0 maxpacket: 8 [ 1842.693021][T10636] usb 6-1: New USB device found, idVendor=0c45, idProduct=8003, bcdDevice=f9.64 [ 1842.702469][T10636] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=67 [ 1842.710641][T10636] usb 6-1: Product: syz [ 1842.718604][T10636] usb 6-1: Manufacturer: syz [ 1842.723926][T10636] usb 6-1: SerialNumber: syz [ 1842.732563][T10636] usb 6-1: config 0 descriptor?? [ 1842.750538][T10636] gspca_main: sn9c2028-2.14.0 probing 0c45:8003 [ 1842.795964][T14688] Bluetooth: hci1: command tx timeout [ 1842.952307][T10636] gspca_sn9c2028: read1 error -32 [ 1842.968661][ T13] team_slave_1 (unregistering): left promiscuous mode [ 1842.976136][T10636] gspca_sn9c2028: read1 error -32 [ 1842.991502][ T13] team0 (unregistering): Port device team_slave_1 removed [ 1843.013485][ T13] team_slave_0 (unregistering): left promiscuous mode [ 1843.025378][ T13] team0 (unregistering): Port device team_slave_0 removed [ 1843.208146][T13504] syzkaller1: entered promiscuous mode [ 1843.215339][T13504] syzkaller1: entered allmulticast mode [ 1843.226299][T10636] usb 6-1: USB disconnect, device number 116 [ 1843.240371][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 1843.247624][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1843.371392][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 1843.378649][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1843.676221][T13533] loop8: detected capacity change from 0 to 1 [ 1843.684683][T13533] Dev loop8: unable to read RDB block 1 [ 1843.691107][T13533] loop8: unable to read partition table [ 1843.697196][T13533] loop8: partition table beyond EOD, truncated [ 1843.704356][T13533] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 1843.746689][ T13] IPVS: stop unused estimator thread 0... [ 1843.908091][T13547] netlink: 20 bytes leftover after parsing attributes in process `syz.5.12837'. [ 1844.063321][T13552] netlink: 'syz.1.12838': attribute type 40 has an invalid length. [ 1844.131025][T12861] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1844.211107][T13563] netlink: 'syz.1.12840': attribute type 10 has an invalid length. [ 1844.342942][T12861] veth0_vlan: entered promiscuous mode [ 1844.384885][T13571] netlink: 'syz.1.12842': attribute type 2 has an invalid length. [ 1844.397284][T12861] veth1_vlan: entered promiscuous mode [ 1844.403563][T13572] loop1: detected capacity change from 0 to 4 [ 1844.404045][T13571] netlink: 132 bytes leftover after parsing attributes in process `syz.1.12842'. [ 1844.429947][ T6239] Dev loop1: unable to read RDB block 4 [ 1844.440735][ T6239] loop1: unable to read partition table [ 1844.462458][ T6239] loop1: partition table beyond EOD, truncated [ 1844.496641][T13572] Dev loop1: unable to read RDB block 4 [ 1844.515757][T13572] loop1: unable to read partition table [ 1844.533103][T13572] loop1: partition table beyond EOD, truncated [ 1844.546353][T13572] loop_reread_partitions: partition scan of loop1 (被x ) failed (rc=-5) [ 1844.557254][ T622] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1844.595714][T13579] binder: 13578:13579 ioctl c0306201 2000000003c0 returned -14 [ 1844.612218][T12861] veth0_macvtap: entered promiscuous mode [ 1844.656106][T12861] veth1_macvtap: entered promiscuous mode [ 1844.786604][T13588] netlink: 20 bytes leftover after parsing attributes in process `syz.4.12846'. [ 1844.800251][T12861] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1844.849567][T12861] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1844.912829][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1844.946517][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1844.986231][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1845.007055][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1845.034767][T13596] netlink: 9 bytes leftover after parsing attributes in process `syz.5.12849'. [ 1845.543837][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1845.572512][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1845.707758][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1845.728458][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1846.333964][T14686] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1846.356984][T14686] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1846.375939][T14686] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1846.384264][T14686] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1846.393434][T14686] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1846.583653][T13652] lo speed is unknown, defaulting to 1000 [ 1847.107859][ T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1847.218395][ T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1847.242755][T13652] chnl_net:caif_netlink_parms(): no params data found [ 1847.340078][ T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1847.443847][ T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1847.477986][T13652] bridge0: port 1(bridge_slave_0) entered blocking state [ 1847.485895][T13652] bridge0: port 1(bridge_slave_0) entered disabled state [ 1847.493732][T13652] bridge_slave_0: entered allmulticast mode [ 1847.506082][T13652] bridge_slave_0: entered promiscuous mode [ 1847.516912][T13652] bridge0: port 2(bridge_slave_1) entered blocking state [ 1847.524572][T13652] bridge0: port 2(bridge_slave_1) entered disabled state [ 1847.531983][T13652] bridge_slave_1: entered allmulticast mode [ 1847.541160][T13652] bridge_slave_1: entered promiscuous mode [ 1847.622881][ T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1847.667937][T13652] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1847.694272][T13652] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1847.774197][T13808] netlink: 12 bytes leftover after parsing attributes in process `syz.5.12857'. [ 1847.796980][T13652] team0: Port device team_slave_0 added [ 1847.809533][T13652] team0: Port device team_slave_1 added [ 1847.914311][T13652] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1847.931874][T13652] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1847.963648][T13652] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1848.028314][T13652] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1848.035757][T13652] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1848.066892][T13652] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1848.193760][T13652] hsr_slave_0: entered promiscuous mode [ 1848.200942][T13652] hsr_slave_1: entered promiscuous mode [ 1848.208125][T13652] debugfs: 'hsr0' already exists in 'hsr' [ 1848.215413][T13652] Cannot create hsr debugfs directory [ 1848.245039][ T13] bridge_slave_1: left allmulticast mode [ 1848.250845][ T13] bridge_slave_1: left promiscuous mode [ 1848.256804][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 1848.267143][ T13] bridge_slave_0: left promiscuous mode [ 1848.273207][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 1848.542951][T14686] Bluetooth: hci4: command tx timeout [ 1848.601853][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1848.625485][ T13] bond_slave_0: left promiscuous mode [ 1848.637427][T13885] loop1: detected capacity change from 0 to 4 [ 1848.650176][T13885] Dev loop1: unable to read RDB block 4 [ 1848.655939][T13885] loop1: unable to read partition table [ 1848.662028][T13885] loop1: partition table beyond EOD, truncated [ 1848.669294][T13885] loop_reread_partitions: partition scan of loop1 (被x ھ) failed (rc=-5) [ 1848.682745][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1848.705120][ T13] bond_slave_1: left promiscuous mode [ 1848.724392][ T13] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 1848.756307][ T13] bond0 (unregistering): Released all slaves [ 1849.372703][T13971] netlink: 12 bytes leftover after parsing attributes in process `syz.0.12865'. [ 1849.540838][ T13] IPVS: stopping master sync thread 4525 ... [ 1850.177143][T14026] netlink: 9 bytes leftover after parsing attributes in process `syz.0.12872'. [ 1850.262539][T14026] gretap0: entered promiscuous mode [ 1850.311804][ T622] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1850.487829][T14049] netlink: 56 bytes leftover after parsing attributes in process `syz.4.12874'. [ 1850.545180][T14051] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12875'. [ 1850.637400][T14686] Bluetooth: hci4: command tx timeout [ 1851.244620][T14094] loop8: detected capacity change from 0 to 1 [ 1851.261301][T14094] Dev loop8: unable to read RDB block 1 [ 1851.268556][T14094] loop8: unable to read partition table [ 1851.277564][T14094] loop8: partition table beyond EOD, truncated [ 1851.293223][T14095] input: syz0 as /devices/virtual/input/input252 [ 1851.300604][T14094] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 1851.549553][T14117] binder: 14115:14117 ioctl c0306201 0 returned -14 [ 1851.679564][T14128] netlink: 'syz.5.12887': attribute type 40 has an invalid length. [ 1851.779220][T13652] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1851.836996][T13652] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1851.852519][T13652] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1851.871829][T13652] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1852.179822][T14158] syzkaller0: entered allmulticast mode [ 1852.703834][T14686] Bluetooth: hci4: command tx timeout [ 1854.223749][T14174] netlink: 'syz.4.12891': attribute type 6 has an invalid length. [ 1854.811638][T14686] Bluetooth: hci4: command tx timeout [ 1856.059859][T19429] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1857.135918][T14195] syzkaller1: entered promiscuous mode [ 1857.142458][T14195] syzkaller1: entered allmulticast mode [ 1857.560530][T13652] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1857.660606][T13652] 8021q: adding VLAN 0 to HW filter on device team0 [ 1857.692539][ T622] bridge0: port 1(bridge_slave_0) entered blocking state [ 1857.700343][ T622] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1857.753797][ T622] bridge0: port 2(bridge_slave_1) entered blocking state [ 1857.761070][ T622] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1857.975602][T14240] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1858.152206][ T13] hsr_slave_0: left promiscuous mode [ 1858.167734][ T13] hsr_slave_1: left promiscuous mode [ 1858.174263][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1858.184000][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1858.193812][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1858.201526][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1858.213101][ T13] veth1_macvtap: left promiscuous mode [ 1858.220281][ T13] veth0_macvtap: left promiscuous mode [ 1858.226095][ T13] veth1_vlan: left promiscuous mode [ 1858.231536][ T13] veth0_vlan: left promiscuous mode [ 1858.489905][ T13] team_slave_1 (unregistering): left promiscuous mode [ 1858.498374][ T13] team0 (unregistering): Port device team_slave_1 removed [ 1858.541126][ T13] team_slave_0 (unregistering): left promiscuous mode [ 1858.566664][ T13] team0 (unregistering): Port device team_slave_0 removed [ 1858.741771][T14269] netlink: 'syz.5.12903': attribute type 27 has an invalid length. [ 1858.807539][T14269] net_ratelimit: 13068 callbacks suppressed [ 1858.807554][T14269] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1858.928308][T13652] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1859.131300][T13652] veth0_vlan: entered promiscuous mode [ 1859.149701][T13652] veth1_vlan: entered promiscuous mode [ 1859.252381][ T1309] ieee802154 phy1 wpan1: encryption failed: -22 [ 1859.269950][T13652] veth0_macvtap: entered promiscuous mode [ 1859.298948][T13652] veth1_macvtap: entered promiscuous mode [ 1859.380020][T13652] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1859.414113][T13652] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1859.457485][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1859.493159][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1859.506084][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1859.526913][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1859.781527][T12819] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1859.796381][T12819] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1859.848055][T14289] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1859.852582][T10636] usb 6-1: new high-speed USB device number 117 using dummy_hcd [ 1859.856551][T14289] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1860.023932][T10636] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1860.035348][T10636] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1860.049129][T10636] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 1860.058616][T10636] usb 6-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 1860.067396][T10636] usb 6-1: Manufacturer: syz [ 1860.081787][T10636] usb 6-1: config 0 descriptor?? [ 1860.394877][T14330] netlink: 'syz.0.12914': attribute type 10 has an invalid length. [ 1860.452594][T14326] syzkaller0: entered allmulticast mode [ 1860.492428][T14330] team0: Port device geneve1 added [ 1860.703795][T14286] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1860.715802][T10636] usbhid 6-1:0.0: can't add hid device: -32 [ 1860.740064][T10636] usbhid 6-1:0.0: probe with driver usbhid failed with error -32 [ 1860.752024][T14286] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1860.850656][T10636] usb 6-1: USB disconnect, device number 117 [ 1861.811509][ T49] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1861.954060][T14365] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1865.231900][T14419] loop1: detected capacity change from 0 to 4 [ 1865.245990][T14419] Dev loop1: unable to read RDB block 4 [ 1865.252408][T14419] loop1: unable to read partition table [ 1865.259366][T14419] loop1: partition table beyond EOD, truncated [ 1865.267096][T14419] loop_reread_partitions: partition scan of loop1 (被x ) failed (rc=-5) [ 1865.323306][ T9] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 1865.493113][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 1865.500672][ T9] usb 2-1: config 0 has an invalid interface number: 188 but max is 0 [ 1865.509475][ T9] usb 2-1: config 0 has no interface number 0 [ 1865.516092][ T9] usb 2-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 1865.528767][ T9] usb 2-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 1865.538230][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1865.551255][ T9] usb 2-1: Product: syz [ 1865.557437][ T9] usb 2-1: Manufacturer: syz [ 1865.562177][ T9] usb 2-1: SerialNumber: syz [ 1865.570508][ T9] usb 2-1: config 0 descriptor?? [ 1865.577400][T14396] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1865.709245][T14442] netlink: 256 bytes leftover after parsing attributes in process `syz.5.12929'. [ 1865.732392][T14443] dvmrp3: entered allmulticast mode [ 1865.794208][T14396] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1865.815142][T14449] netlink: 'syz.5.12930': attribute type 2 has an invalid length. [ 1866.206693][T14466] loop1: detected capacity change from 0 to 4 [ 1866.214050][ T9] asix 2-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 1866.225741][T14404] Dev loop1: unable to read RDB block 4 [ 1866.230339][ T9] asix 2-1:0.188: probe with driver asix failed with error -32 [ 1866.231376][T14404] loop1: unable to read partition table [ 1866.246838][T14404] loop1: partition table beyond EOD, truncated [ 1866.257995][T14466] Dev loop1: unable to read RDB block 4 [ 1866.264089][T14466] loop1: unable to read partition table [ 1866.270019][T14466] loop1: partition table beyond EOD, truncated [ 1866.277666][T14466] loop_reread_partitions: partition scan of loop1 (被x ) failed (rc=-5) [ 1866.288348][T19429] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1866.600921][T14484] binder: 14483:14484 ioctl c0306201 2000000003c0 returned -14 [ 1867.280285][ T9] usb 6-1: new high-speed USB device number 118 using dummy_hcd [ 1867.430053][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 1867.437171][ T9] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1867.447389][ T9] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 1867.459051][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 1867.470368][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 1867.480272][ T9] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1867.498579][ T9] usb 6-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 1867.507875][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 1867.516184][ T9] usb 6-1: Product: syz [ 1867.520871][ T9] usb 6-1: Manufacturer: syz [ 1867.525643][ T9] usb 6-1: SerialNumber: syz [ 1867.533116][ T9] usb 6-1: config 0 descriptor?? [ 1867.550714][ T622] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1867.748042][ T9] radio-si470x 6-1:0.0: DeviceID=0x9583 ChipID=0x8888 [ 1867.950206][ T9] radio-si470x 6-1:0.0: software version 149, hardware version 131 [ 1868.051740][T10636] usb 2-1: USB disconnect, device number 9 [ 1868.126848][T14522] syzkaller1: entered promiscuous mode [ 1868.132535][T14522] syzkaller1: entered allmulticast mode [ 1868.168292][ T9] radio-si470x 6-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 1868.179607][ T9] radio-si470x 6-1:0.0: submitting int urb failed (-90) [ 1868.187093][ T9] radio-si470x 6-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 1868.202010][ T9] radio-si470x 6-1:0.0: probe with driver radio-si470x failed with error -22 [ 1868.227545][ T9] usb 6-1: USB disconnect, device number 118 [ 1868.403457][T14543] netlink: 'syz.0.12945': attribute type 10 has an invalid length. [ 1868.418180][T14543] team0: Device vxcan1 is up. Set it down before adding it as a team port [ 1868.582597][T14560] loop8: detected capacity change from 0 to 1 [ 1868.593481][T14560] Dev loop8: unable to read RDB block 1 [ 1868.600682][T14560] loop8: unable to read partition table [ 1868.608678][T14560] loop8: partition table beyond EOD, truncated [ 1868.615100][T14560] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 1868.787997][T24242] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 1868.957787][T24242] usb 2-1: Using ep0 maxpacket: 32 [ 1868.965299][T24242] usb 2-1: config 0 has an invalid interface number: 85 but max is 0 [ 1868.975076][T24242] usb 2-1: config 0 has no interface number 0 [ 1868.981442][T24242] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1868.992805][T24242] usb 2-1: config 0 interface 85 has no altsetting 0 [ 1869.003107][T24242] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 1869.012497][T24242] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1869.021316][T24242] usb 2-1: Product: syz [ 1869.025548][T24242] usb 2-1: Manufacturer: syz [ 1869.030560][T24242] usb 2-1: SerialNumber: syz [ 1869.039465][T24242] usb 2-1: config 0 descriptor?? [ 1869.167467][T25904] usb 6-1: new full-speed USB device number 119 using dummy_hcd [ 1869.256296][T14555] netlink: 16 bytes leftover after parsing attributes in process `syz.1.12948'. [ 1869.269772][T24242] appletouch 2-1:0.85: Failed to read mode from device. [ 1869.282316][T24242] appletouch 2-1:0.85: probe with driver appletouch failed with error -5 [ 1869.295460][T24242] usb 2-1: USB disconnect, device number 10 [ 1869.328987][T25904] usb 6-1: config 0 has an invalid interface number: 133 but max is 0 [ 1869.337632][T25904] usb 6-1: config 0 has no interface number 0 [ 1869.346328][T25904] usb 6-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 1869.356253][T25904] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1869.367207][T25904] usb 6-1: Product: syz [ 1869.371450][T25904] usb 6-1: Manufacturer: syz [ 1869.376213][T25904] usb 6-1: SerialNumber: syz [ 1869.387422][T25904] usb 6-1: config 0 descriptor?? [ 1869.608848][T25904] keyspan 6-1:0.133: Keyspan 1 port adapter converter detected [ 1869.630870][T25904] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 81 [ 1869.638982][T25904] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 1 [ 1869.647875][T25904] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 2 [ 1869.658696][T25904] usb 6-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 1869.674740][T25904] usb 6-1: USB disconnect, device number 119 [ 1869.698203][T25904] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 1869.723521][T25904] keyspan 6-1:0.133: device disconnected [ 1871.544056][T14686] Bluetooth: hci0: command 0x0406 tx timeout [ 1872.033655][ T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1872.666517][ T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1877.143099][ T622] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1878.415537][T12819] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1882.890034][ T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1884.168328][T12819] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1888.644837][T14289] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1889.925178][T12819] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1890.525995][T14633] syzkaller1: entered promiscuous mode [ 1890.532148][T14633] syzkaller1: entered allmulticast mode [ 1890.564237][T14640] netlink: 4 bytes leftover after parsing attributes in process `syz.5.12958'. [ 1890.733014][T14652] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1890.817747][T10636] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 1890.875319][T14662] netlink: 'syz.5.12962': attribute type 10 has an invalid length. [ 1890.896113][T14662] geneve1: entered promiscuous mode [ 1890.903832][T14662] team0: Port device geneve1 added [ 1890.999991][T10636] usb 2-1: Using ep0 maxpacket: 16 [ 1891.019015][T10636] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1891.036183][T10636] usb 2-1: config 1 has an invalid descriptor of length 156, skipping remainder of the config [ 1891.058680][T10636] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1891.085608][T10636] usb 2-1: New USB device found, idVendor=041e, idProduct=3020, bcdDevice= 0.40 [ 1891.096178][T10636] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1891.109337][T10636] usb 2-1: Product: syz [ 1891.113579][T10636] usb 2-1: Manufacturer: syz [ 1891.136526][T14688] Bluetooth: min 2 < 6 [ 1891.138603][T10636] usb 2-1: SerialNumber: syz [ 1891.402534][T14684] gretap0: left promiscuous mode [ 1891.443151][T10636] usb 2-1: invalid UAC_HEADER (v1) [ 1891.568041][T10636] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 1891.584266][T10636] usb 2-1: USB disconnect, device number 11 [ 1891.597505][T14700] loop1: detected capacity change from 0 to 4 [ 1891.613520][T14700] Dev loop1: unable to read RDB block 4 [ 1891.626572][T14700] loop1: unable to read partition table [ 1891.637569][T14700] loop1: partition table beyond EOD, truncated [ 1891.649840][T14647] udevd[14647]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1891.654716][T14700] loop_reread_partitions: partition scan of loop1 (被x ) failed (rc=-5) [ 1891.864516][T14717] loop1: detected capacity change from 0 to 4 [ 1891.872156][T14717] Dev loop1: unable to read RDB block 4 [ 1891.878489][T14717] loop1: unable to read partition table [ 1891.884353][T14717] loop1: partition table beyond EOD, truncated [ 1891.891848][T14717] loop_reread_partitions: partition scan of loop1 (被x ) failed (rc=-5) [ 1892.600843][T14761] netlink: 'syz.1.12976': attribute type 2 has an invalid length. [ 1892.612246][T14761] netlink: 132 bytes leftover after parsing attributes in process `syz.1.12976'. [ 1892.881438][T14771] netlink: 104 bytes leftover after parsing attributes in process `syz.5.12978'. [ 1892.905099][T24242] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 1893.044676][T24242] usb 2-1: device descriptor read/64, error -71 [ 1893.194555][T14688] Bluetooth: hci0: command 0x0406 tx timeout [ 1893.294426][T24242] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 1893.435861][T24242] usb 2-1: device descriptor read/64, error -71 [ 1893.544397][T24242] usb usb2-port1: attempt power cycle [ 1893.584114][ T24] usb 6-1: new high-speed USB device number 120 using dummy_hcd [ 1893.714008][ T24] usb 6-1: device descriptor read/64, error -71 [ 1893.756889][T14289] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1893.883647][T24242] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 1893.904438][T24242] usb 2-1: device descriptor read/8, error -71 [ 1893.953629][ T24] usb 6-1: new high-speed USB device number 121 using dummy_hcd [ 1894.093391][ T24] usb 6-1: device descriptor read/64, error -71 [ 1894.143486][T24242] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 1894.163997][T24242] usb 2-1: device descriptor read/8, error -71 [ 1894.204226][ T24] usb usb6-port1: attempt power cycle [ 1894.274410][T24242] usb usb2-port1: unable to enumerate USB device [ 1894.447966][T14809] netlink: 'syz.4.12986': attribute type 10 has an invalid length. [ 1894.462441][T14809] team0: Port device geneve1 added [ 1894.564881][ T24] usb 6-1: new high-speed USB device number 122 using dummy_hcd [ 1894.593539][ T24] usb 6-1: device descriptor read/8, error -71 [ 1894.832705][ T24] usb 6-1: new high-speed USB device number 123 using dummy_hcd [ 1894.864948][ T24] usb 6-1: device descriptor read/8, error -71 [ 1894.904233][T14838] binder: 14836:14838 ioctl c0306201 2000000003c0 returned -14 [ 1894.985210][ T24] usb usb6-port1: unable to enumerate USB device [ 1895.161347][T14853] lo speed is unknown, defaulting to 1000 [ 1895.675169][ T622] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1896.034423][T14885] netlink: 'syz.0.12996': attribute type 2 has an invalid length. [ 1896.051987][T14885] netlink: 132 bytes leftover after parsing attributes in process `syz.0.12996'. [ 1896.324983][T14893] netlink: 12 bytes leftover after parsing attributes in process `syz.0.12998'. [ 1896.509300][T14905] [ 1896.511726][T14905] ====================================================== [ 1896.518779][T14905] WARNING: possible circular locking dependency detected [ 1896.525849][T14905] syzkaller #0 Tainted: G L [ 1896.531859][T14905] ------------------------------------------------------ [ 1896.538913][T14905] syz.5.13001/14905 is trying to acquire lock: [ 1896.545092][T14905] ffff88801214f600 (&mm->mmap_lock){++++}-{4:4}, at: __might_fault+0xaf/0x130 [ 1896.554098][T14905] [ 1896.554098][T14905] but task is already holding lock: [ 1896.561480][T14905] ffff88805ab3adf8 (&ctx->map_changing_lock){++++}-{4:4}, at: mfill_get_vma+0x162/0x660 [ 1896.571254][T14905] [ 1896.571254][T14905] which lock already depends on the new lock. [ 1896.571254][T14905] [ 1896.581763][T14905] [ 1896.581763][T14905] the existing dependency chain (in reverse order) is: [ 1896.590788][T14905] [ 1896.590788][T14905] -> #1 (&ctx->map_changing_lock){++++}-{4:4}: [ 1896.599415][T14905] down_read+0x47/0x2e0 [ 1896.604114][T14905] mwriteprotect_range+0x1ba/0x4f0 [ 1896.609770][T14905] userfaultfd_ioctl+0x3a5f/0x4b00 [ 1896.615423][T14905] __se_sys_ioctl+0xfc/0x170 [ 1896.620549][T14905] do_syscall_64+0x14d/0xf80 [ 1896.625683][T14905] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1896.632120][T14905] [ 1896.632120][T14905] -> #0 (&mm->mmap_lock){++++}-{4:4}: [ 1896.639715][T14905] __lock_acquire+0x15a5/0x2cf0 [ 1896.645122][T14905] lock_acquire+0xf0/0x2e0 [ 1896.650099][T14905] __might_fault+0xcb/0x130 [ 1896.655163][T14905] userfaultfd_ioctl+0x2bcd/0x4b00 [ 1896.660824][T14905] __se_sys_ioctl+0xfc/0x170 [ 1896.665953][T14905] do_syscall_64+0x14d/0xf80 [ 1896.671086][T14905] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1896.677522][T14905] [ 1896.677522][T14905] other info that might help us debug this: [ 1896.677522][T14905] [ 1896.687940][T14905] Possible unsafe locking scenario: [ 1896.687940][T14905] [ 1896.695424][T14905] CPU0 CPU1 [ 1896.700817][T14905] ---- ---- [ 1896.706201][T14905] rlock(&ctx->map_changing_lock); [ 1896.711439][T14905] lock(&mm->mmap_lock); [ 1896.718312][T14905] lock(&ctx->map_changing_lock); [ 1896.725969][T14905] rlock(&mm->mmap_lock); [ 1896.730436][T14905] [ 1896.730436][T14905] *** DEADLOCK *** [ 1896.730436][T14905] [ 1896.738609][T14905] 2 locks held by syz.5.13001/14905: [ 1896.743913][T14905] #0: ffff8880380d51c8 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x1d1/0x500 [ 1896.753285][T14905] #1: ffff88805ab3adf8 (&ctx->map_changing_lock){++++}-{4:4}, at: mfill_get_vma+0x162/0x660 [ 1896.763506][T14905] [ 1896.763506][T14905] stack backtrace: [ 1896.769421][T14905] CPU: 1 UID: 0 PID: 14905 Comm: syz.5.13001 Tainted: G L syzkaller #0 PREEMPT(full) [ 1896.769445][T14905] Tainted: [L]=SOFTLOCKUP [ 1896.769452][T14905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1896.769464][T14905] Call Trace: [ 1896.769471][T14905] [ 1896.769479][T14905] dump_stack_lvl+0xe8/0x150 [ 1896.769508][T14905] print_circular_bug+0x2e1/0x300 [ 1896.769530][T14905] check_noncircular+0x12e/0x150 [ 1896.769552][T14905] __lock_acquire+0x15a5/0x2cf0 [ 1896.769581][T14905] ? __kernel_text_address+0xd/0x30 [ 1896.769605][T14905] ? arch_stack_walk+0xfb/0x150 [ 1896.769625][T14905] lock_acquire+0xf0/0x2e0 [ 1896.769649][T14905] ? __might_fault+0xaf/0x130 [ 1896.769676][T14905] ? __might_fault+0xaf/0x130 [ 1896.769698][T14905] __might_fault+0xcb/0x130 [ 1896.769721][T14905] ? __might_fault+0xaf/0x130 [ 1896.769745][T14905] userfaultfd_ioctl+0x2bcd/0x4b00 [ 1896.769769][T14905] ? __kasan_slab_free+0x5c/0x80 [ 1896.769784][T14905] ? kfree+0x1c5/0x640 [ 1896.769811][T14905] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 1896.769846][T14905] ? kasan_quarantine_put+0xbb/0x1f0 [ 1896.769874][T14905] ? tomoyo_path_number_perm+0x219/0x630 [ 1896.769897][T14905] ? tomoyo_path_number_perm+0x219/0x630 [ 1896.769919][T14905] ? do_vfs_ioctl+0x1166/0x1530 [ 1896.769936][T14905] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1896.769958][T14905] ? do_futex+0x333/0x420 [ 1896.769994][T14905] ? __fget_files+0x2a/0x420 [ 1896.770019][T14905] ? __fget_files+0x2a/0x420 [ 1896.770040][T14905] ? __fget_files+0x3a0/0x420 [ 1896.770061][T14905] ? __fget_files+0x2a/0x420 [ 1896.770085][T14905] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1896.770101][T14905] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 1896.770125][T14905] __se_sys_ioctl+0xfc/0x170 [ 1896.770143][T14905] do_syscall_64+0x14d/0xf80 [ 1896.770168][T14905] ? trace_irq_disable+0x3b/0x150 [ 1896.770188][T14905] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1896.770206][T14905] ? clear_bhb_loop+0x40/0x90 [ 1896.770226][T14905] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1896.770243][T14905] RIP: 0033:0x7f13d039c799 [ 1896.770261][T14905] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1896.770276][T14905] RSP: 002b:00007f13d1335028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1896.770294][T14905] RAX: ffffffffffffffda RBX: 00007f13d0615fa0 RCX: 00007f13d039c799 [ 1896.770308][T14905] RDX: 0000200000000040 RSI: 00000000c028aa03 RDI: 0000000000000003 [ 1896.770320][T14905] RBP: 00007f13d0432c99 R08: 0000000000000000 R09: 0000000000000000 [ 1896.770331][T14905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1896.770342][T14905] R13: 00007f13d0616038 R14: 00007f13d0615fa0 R15: 00007ffcb4284138 [ 1896.770363][T14905] [ 1899.509484][ T622] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1901.426660][ T983] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1905.262821][ T622] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration