last executing test programs: 13m54.514718177s ago: executing program 32 (id=14888): syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x4, 0x400}, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00') lseek(r0, 0x289e0cb5, 0x0) 13m6.311268512s ago: executing program 33 (id=15602): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)={0x2c, r1, 0x431, 0x70bd27, 0xfffffffd, {}, [@ETHTOOL_A_PAUSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x40) 12m48.278488561s ago: executing program 34 (id=15823): r0 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r0, &(0x7f00000000c0)={&(0x7f0000000140)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x22}}, 0x10, 0x0}, 0x340440f1) setsockopt$sock_attach_bpf(r0, 0x1, 0x12, &(0x7f00000007c0), 0x4) 12m40.28903215s ago: executing program 35 (id=15882): unshare(0x6a040000) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="2400000018000900000000000000000002000000f50000010000000008000500ac"], 0x24}, 0x1, 0x0, 0x0, 0x248c0}, 0x0) 10m23.280407412s ago: executing program 7 (id=19161): recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40bc5311, &(0x7f0000000000)={0x80, 0x1}) 10m23.276761319s ago: executing program 7 (id=19163): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f00000027c0)={0xfc, {"a2e3ad0e1f0d07f9505e1a1887f7071ad038e7fd7fc6e5539b203c0a8b089b3f32356c030890e0879b0af8c6e70a9b334a959b6696048ed30af3988f7ef31952013fffe8d178708c523c921b1b5b31070d0773180acd3b78130daa61d8e8048001005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2ff7949d1f416e56c71b1931870262f5e801119242ca026bfcc21e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771a0000119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc18892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae1b9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd48561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982c04000000000000005c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80c1ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d5062c59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843ddbd8db411d8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227fff72de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e240100c0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f7524e2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e842729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ed3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458ffff5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a898a33a6d88e7cfe0e0000000000d80a4fe654578376e599aff3565b1d531f30912b9945fc83d38a155d5284edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295bf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e542ccea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000001000", 0xfffffffffffffec8}}, 0x1006) 10m23.171841411s ago: executing program 7 (id=19166): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000040)={0xffffffffffffffff}, 0x2, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r1, 0x0, 0x1c, 0x30, 0x0, @in6={0xa, 0x4e22, 0x1, @mcast2, 0x6}, @ib={0x1b, 0x40, 0x7, {"4e31211a40e51c75adce5a1c234e4f87"}, 0x8, 0x2, 0x4}}}, 0x118) 10m23.171425761s ago: executing program 7 (id=19168): r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0x400017e) openat(0xffffffffffffff9c, &(0x7f0000001740)='.\x00', 0x515001, 0x408) 10m22.884309922s ago: executing program 7 (id=19172): r0 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_VM_COPY_ENC_CONTEXT_FROM(r1, 0x4068aea3, &(0x7f0000000140)={0xc5, 0x0, r1}) 10m15.802714023s ago: executing program 5 (id=19222): bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x0, 0x0, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x89b0, &(0x7f0000000040)={'bond0\x00'}) 10m15.679488129s ago: executing program 5 (id=19223): r0 = socket$inet(0x2, 0x2, 0x0) munmap(&(0x7f0000001000/0x1000)=nil, 0x1000) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000d80)=@filter={'filter\x00', 0x42, 0x4, 0x2a8, 0xffffffff, 0x0, 0x0, 0x1d0, 0xffffffff, 0xffffffff, 0x2c0, 0x2c0, 0x2c0, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0x70, 0xa8, 0x0, {0x88000000}}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff}, {0xffffffffffffffff, 0xfc}, {0x3}, 0x0, 0x7}}}, {{@ip={@private, @rand_addr, 0x0, 0x0, 'bridge_slave_0\x00', '\x00', {}, {}, 0x0, 0x1}, 0x0, 0x70, 0x98, 0x0, {0x122}}, @REJECT={0x28}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{}, {0x3}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x308) 10m15.604610414s ago: executing program 5 (id=19224): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000080)=@ipv4_newroute={0x1c, 0x1a, 0x1, 0x70bd29, 0x25dfdbfb, {0xa, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c}}, 0x1c}}, 0x0) 10m15.59295007s ago: executing program 5 (id=19225): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'tunl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000980)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x4}]}}]}, 0x38}}, 0x0) 10m15.450092239s ago: executing program 5 (id=19226): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, &(0x7f0000000500)={0x2, 0x0, @pic={0x0, 0x8, 0x0, 0x2, 0xe, 0x0, 0xf, 0xfa, 0x5, 0x9, 0xfd, 0x0, 0x4, 0x7e, 0x1, 0x6}}) 10m13.744084117s ago: executing program 0 (id=19232): r0 = socket$kcm(0x2, 0x3, 0x2) sendmsg$inet(r0, &(0x7f0000000500)={&(0x7f0000000080)={0x2, 0x80, @local}, 0x10, &(0x7f0000000b00)}, 0x0) recvmsg(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/4096, 0x1000}], 0x1}, 0x40010040) 10m13.743828006s ago: executing program 0 (id=19233): io_uring_setup(0xbbc, &(0x7f0000000280)={0x0, 0x0, 0x2, 0x0, 0x15a}) r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3800000056000100000000000000000007020000", @ANYRES32, @ANYBLOB="200001"], 0x38}}, 0x0) 10m13.582928211s ago: executing program 0 (id=19234): r0 = open(&(0x7f0000000300)='.\x00', 0x1500, 0x0) flock(r0, 0x1) mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x8000, 0x103) 10m13.573637992s ago: executing program 0 (id=19235): mkdir(&(0x7f0000000400)='./file0\x00', 0x48) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) listxattr(&(0x7f0000000100)='./file0\x00', &(0x7f0000000200)=""/133, 0x85) 10m13.567654038s ago: executing program 0 (id=19236): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8004, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_GET_TSC_KHZ_vm(r1, 0xaea3) 10m3.371550096s ago: executing program 7 (id=19253): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000380), r0) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000003c0)={0x54, r1, 0x111, 0x70bd27, 0x25dfdbfd, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0xd5, 0xb, 0x9}, {0x6, 0x16, 0xfffa}, {0x5, 0x12, 0x1}}]}, 0x54}, 0x1, 0x0, 0x0, 0x804}, 0x20000) 10m3.225380891s ago: executing program 5 (id=19254): r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 10m3.086630515s ago: executing program 0 (id=19255): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0x4, 0x7, 0x50000}]}) syz_clone(0xb45040, 0x0, 0x0, 0x0, 0x0, 0x0) setitimer(0x1, &(0x7f0000000380)={{0x0, 0xea60}, {0x0, 0xea60}}, 0x0) 9m50.595306638s ago: executing program 36 (id=19252): r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0x4, @multicast, 'veth1_to_bond\x00'}}, 0x1e) ioctl$PPPOEIOCSFWD(r0, 0x4008b100, &(0x7f0000000240)={0x18, 0x4000000, {0x1, @multicast, 'ip_vti0\x00'}}) 9m44.460867913s ago: executing program 37 (id=19255): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0x4, 0x7, 0x50000}]}) syz_clone(0xb45040, 0x0, 0x0, 0x0, 0x0, 0x0) setitimer(0x1, &(0x7f0000000380)={{0x0, 0xea60}, {0x0, 0xea60}}, 0x0) 9m38.230046599s ago: executing program 38 (id=19253): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000380), r0) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000003c0)={0x54, r1, 0x111, 0x70bd27, 0x25dfdbfd, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0xd5, 0xb, 0x9}, {0x6, 0x16, 0xfffa}, {0x5, 0x12, 0x1}}]}, 0x54}, 0x1, 0x0, 0x0, 0x804}, 0x20000) 9m31.364182033s ago: executing program 39 (id=19254): r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 5m44.983644888s ago: executing program 8 (id=19277): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000008dc0)={0x0, 0x0, &(0x7f0000008cc0)=[{&(0x7f0000008a40)="7c72bf03f7d9c0fd0826786ffcfb99e55c1272594d5be5c7f1de9562bbf652", 0x1f}, {&(0x7f0000008c80)="9d", 0x7fffefe1}], 0x2}, 0xfffffff0) 5m44.862893151s ago: executing program 8 (id=19278): r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00') r1 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0x20000003}) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f00000001c0)={0xa0000000}) 5m44.695337395s ago: executing program 8 (id=19279): r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x2) r1 = io_uring_setup(0xee4, &(0x7f00000002c0)={0x0, 0xe, 0x2, 0xffffffff, 0xfffffffe}) r2 = dup3(r0, r1, 0x0) ioctl$SG_SET_RESERVED_SIZE(r2, 0x4004550c, 0x0) 5m44.619614154s ago: executing program 8 (id=19280): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x8ab43, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000100)=0x5) 5m44.43854528s ago: executing program 8 (id=19281): r0 = syz_open_dev$dri(&(0x7f0000000040), 0x20000000, 0x40800) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000000c0)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000240)={0x0, 0x0, r1, 0x0}) ioctl$DRM_IOCTL_MODE_DIRTYFB(r0, 0xc01864b1, &(0x7f0000000180)={r2, 0x2, 0x8, 0x0, 0x0}) 5m44.364973639s ago: executing program 8 (id=19282): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000680)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x4c, r1, 0x1, 0x70bd28, 0x25dfdbfe, {{}, {@void, @val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x81}, 0x24044884) 5m28.332781165s ago: executing program 40 (id=19282): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000680)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x4c, r1, 0x1, 0x70bd28, 0x25dfdbfe, {{}, {@void, @val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x81}, 0x24044884) 4m25.922385957s ago: executing program 1 (id=20207): syz_open_dev$media(&(0x7f0000000000), 0x6, 0x2800) r0 = syz_io_uring_setup(0x1e1a, &(0x7f0000000440)={0x0, 0x430, 0x10100, 0x0, 0x83}, &(0x7f0000002000)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x23}) io_uring_enter(r0, 0x100048ed, 0x0, 0x2, 0x0, 0x0) 4m25.730238512s ago: executing program 1 (id=20211): r0 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8) close(r0) inotify_init1(0x800) fcntl$setstatus(r0, 0x4, 0x2c00) 4m25.728590034s ago: executing program 1 (id=20213): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x9}, [@call={0x85, 0x0, 0x0, 0x11}]}, &(0x7f0000000000)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) r1 = socket$kcm(0x10, 0x3, 0x10) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000980)=r0, 0x4) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000003c0)="1400000017000b63d25a80648c2594f934a3c92b", 0x14}], 0x1}, 0x0) 4m25.685864909s ago: executing program 1 (id=20222): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000280)='./file0\x00', 0x0, 0x97801, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x112) 4m25.571508595s ago: executing program 1 (id=20217): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r1, 0xffffffffffffffff, 0x0) 4m24.970902165s ago: executing program 1 (id=20227): syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket(0x1d, 0x2, 0x6) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x6a, 0x3, 0x0, &(0x7f0000000180)) 4m24.88060879s ago: executing program 41 (id=20227): syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket(0x1d, 0x2, 0x6) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x6a, 0x3, 0x0, &(0x7f0000000180)) 25.611222954s ago: executing program 9 (id=24188): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000040)={[0x6, 0x3, 0x6, 0x4, 0xc000000, 0x8, 0x2, 0x4, 0x9, 0x1, 0x8, 0x4, 0x7, 0xe18, 0x0, 0x1], 0x9d11bd6b7f945bac, 0x10c642}) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0xffff0000, 0x0, 0xf000, 0x0, 0x7f, 0x80, 0x0, 0x0, 0x0, 0x0, 0x3, 0xb}, {0xffff1000, 0xddccb000, 0xa, 0xfc, 0x0, 0x7, 0x0, 0x0, 0x0, 0x1}, {0x5000, 0x0, 0x0, 0x8, 0x0, 0x0, 0x80, 0x9, 0x44, 0x5, 0x0, 0x2}, {0x10b002, 0x2000, 0xc, 0xfd, 0x80, 0x6, 0x2}, {0x1000, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0xfc, 0x1a, 0xa8}, {0x10000, 0xd000, 0x9, 0x0, 0x80, 0x8f, 0x0, 0x0, 0x0, 0xd, 0x84, 0xfe}, {0xeeee8000, 0x80a0000, 0x0, 0x0, 0x0, 0x2, 0x0, 0x80, 0x0, 0x4, 0x2}, {0xd000, 0xdddd0000, 0x0, 0x82, 0x0, 0x10, 0x4, 0xe, 0x2}, {0x3000}, {0x1, 0xff4d}, 0x60000021, 0x0, 0x8080000, 0x10, 0x14000000c, 0x0, 0x900, [0x0, 0x0, 0x10000, 0x2]}) 25.451186636s ago: executing program 9 (id=24189): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, &(0x7f0000000180)={0x0, @time={0x0, 0x7}, 0x0, {0xa}, 0x40}) write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000140)={0x17b, @tick=0x5, 0x0, {0x1, 0x9}, 0xfd, 0x1, 0x2}) 25.36437183s ago: executing program 9 (id=24190): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='rdma.current\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x2000001, 0x12, r0, 0x0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) getsockopt$IP_VS_SO_GET_VERSION(r1, 0x0, 0x480, &(0x7f0000001080), &(0x7f00000010c0)=0x40) 25.363763805s ago: executing program 9 (id=24191): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x41) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x1805406, 0x0) mount$bind(&(0x7f0000000200)='./file0/file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0xa06006, 0x0) 25.290480078s ago: executing program 9 (id=24192): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=ANY=[@ANYBLOB="3400000011000500000000000000000007000000", @ANYRES32=r2, @ANYBLOB="000000000000000014001a80100004800c00098008"], 0x34}}, 0x0) 24.849253917s ago: executing program 9 (id=24199): openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x81c0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2) 24.814861543s ago: executing program 42 (id=24199): openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x81c0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2) 1.075521928s ago: executing program 6 (id=24428): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000200)=0x1, 0x4) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000400)={{{@in6=@ipv4={'\x00', '\xff\xff', @loopback}, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x2, 0x120, 0x20}, {0xffffffff80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x0, 0x0, 0xfffffffffffffff1}, 0x0, 0x0, 0x1}, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}}, 0xe8) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) 1.075173303s ago: executing program 6 (id=24429): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x18e) mkdir(&(0x7f0000000300)='./bus\x00', 0x120) lsetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@known='trusted.overlay.impure\x00', 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) 1.053564018s ago: executing program 2 (id=24431): syz_80211_inject_frame(0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000001c0)={0x40, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @action={{{}, {0x8}, @device_b, @device_a, @from_mac=@broadcast}, @ext_ch_sw={0x4, 0x4, {{0x0, 0x3, 0xe, 0xf9}, @void}}}}]}, 0x40}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 1.034932049s ago: executing program 6 (id=24432): r0 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x20) symlinkat(&(0x7f0000000000)='.\x00', r1, &(0x7f0000000140)='./file0\x00') openat(r1, &(0x7f00000000c0)='./file0\x00', 0x515a02, 0x52abe154ad664e2e) 862.002601ms ago: executing program 6 (id=24438): r0 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0) landlock_add_rule$LANDLOCK_RULE_NET_PORT(r0, 0x2, &(0x7f00000000c0)={0x1, 0x2}, 0x0) landlock_add_rule$LANDLOCK_RULE_NET_PORT(r0, 0x2, &(0x7f0000000100)={0x1, 0x4}, 0x0) landlock_restrict_self(r0, 0x0) landlock_restrict_self(r0, 0x0) 808.583915ms ago: executing program 6 (id=24440): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG_x86(r2, 0x4048ae9b, &(0x7f0000000080)={0xe0003, 0x0, {[0xffffffffffffffff, 0x1f8, 0x7a8d, 0xffffffffefffff15, 0x2000000003, 0x4, 0x4, 0xfc9]}}) ioctl$KVM_SET_DEBUGREGS(r2, 0x4080aea2, &(0x7f0000000340)={[0xdddd0000, 0x0, 0x8080000, 0xf000], 0x800}) 729.646336ms ago: executing program 3 (id=24441): pipe(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xfd, 0x7fff0000}]}) close_range(r1, 0xffffffffffffffff, 0x0) r2 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r2, 0x5, &(0x7f00000005c0)='fd', 0x0, r0) 656.167304ms ago: executing program 3 (id=24443): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x4, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 655.726496ms ago: executing program 6 (id=24444): r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_disconnect(0xffffffffffffffff) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r1, &(0x7f0000000000)="93", 0xf5) 561.996342ms ago: executing program 3 (id=24445): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty, 0x1000}, 0x1c) recvmmsg(r0, &(0x7f00000009c0)=[{{0x0, 0x0, 0x0}, 0x4}], 0x65942126f3d7b6a8, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x4000045, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) mremap(&(0x7f0000064000/0x3000)=nil, 0x3000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil) 497.915467ms ago: executing program 4 (id=24446): r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x20002) syz_emit_ethernet(0x0, 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) memfd_create(&(0x7f0000000280)='/sys/kernel/debug/bluetooth/6lowpan_enable\x00', 0x6) write$tun(r1, &(0x7f0000000380)={@void, @void, @ipv4=@generic={{0x5, 0x4, 0x3, 0x13, 0x30, 0x66, 0x8, 0x81, 0x5e, 0x0, @empty, @broadcast}, "72d0c72e8032caaf6d91f20906860a83c41634ab0a63f9e2eb99d883"}}, 0x30) 497.589726ms ago: executing program 4 (id=24447): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x60}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_CONTINUE(r0, 0xc020aa07, &(0x7f0000000040)={{&(0x7f00009a7000/0x3000)=nil, 0x3000}}) 462.794187ms ago: executing program 2 (id=24448): sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4048aecb, &(0x7f0000000000)) 459.760497ms ago: executing program 3 (id=24449): mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0) socket$inet(0x2, 0x1, 0x0) syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8000) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x80000000000, 0x0, 0xfffffffffffff30a, 0x3, 0x800}, &(0x7f0000000000)={0x1f, 0x0, 0x0, 0x0, 0x6, 0x0, 0xfffffffffffffffe, 0x9}, 0x0, 0x0, 0x0) 296.230643ms ago: executing program 3 (id=24450): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0xca000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0x3) 294.063468ms ago: executing program 2 (id=24451): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x201000, 0x1000}, 0x20) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) 289.754592ms ago: executing program 4 (id=24452): ioctl$HIDIOCGUSAGES(0xffffffffffffffff, 0xd01c4813, &(0x7f00000001c0)={{0x3, 0x200, 0x85c2, 0x1, 0x0, 0x4}, 0x348, [0x1, 0x84, 0x1, 0x9, 0x3, 0x9, 0xff, 0x7, 0x7, 0x0, 0x7, 0x5, 0x9c, 0x3, 0x6, 0xb9, 0x4, 0x6, 0x6, 0x7, 0x8, 0x8, 0x9, 0x1, 0x4c1b, 0x3, 0x7, 0x9, 0x4, 0x8295, 0x80000001, 0xb5, 0x8, 0x7, 0x8, 0x6, 0x7fffffff, 0x9, 0x1, 0x2, 0x4, 0x8, 0x2, 0x5, 0x81, 0xcc88, 0x2a6f, 0x10000, 0x6a, 0x0, 0x17, 0x800, 0xfc, 0x8, 0x2, 0x400, 0x0, 0xb22, 0x6, 0xc9a, 0xfff, 0x401, 0x8, 0x9c7d, 0x5, 0x0, 0x6, 0x7fff, 0x0, 0x3, 0xffff8382, 0x7fffffff, 0x1ff, 0x6, 0x9, 0x8, 0x0, 0xfffffffa, 0x8, 0x8c, 0x7, 0x400, 0x2, 0x2, 0x10, 0x6, 0x8000, 0xd3, 0x7f, 0x16cf, 0x1, 0x8, 0x2, 0xd7b, 0x9, 0x7fff, 0xffffff5c, 0x1, 0x666, 0x0, 0x8, 0x7, 0x3, 0x7, 0x3, 0x1, 0x4, 0x368, 0x8, 0x3, 0x580, 0x2, 0x6, 0x10, 0x70955bc4, 0x1, 0x2, 0xfffffffd, 0x2, 0x2, 0x3, 0xfffff38f, 0x2, 0xa000000, 0xeb, 0x5b2, 0x4, 0x960, 0x6, 0x79, 0x3, 0x30, 0x3, 0x7, 0x1, 0x7fff, 0xf2, 0x5, 0x7, 0xff, 0x4, 0x3, 0x12e4, 0x3, 0x0, 0x101, 0x200, 0x7, 0x40, 0x0, 0x1, 0x3, 0x2, 0xffffff00, 0x702, 0x7, 0x800, 0x81, 0xfffffff7, 0x7, 0x1, 0xd, 0x40, 0x10000, 0x3, 0xffffffff, 0x23db, 0x6, 0x0, 0x5, 0x7, 0xffffffff, 0x4, 0x7, 0x6, 0x2, 0x200040, 0xb7, 0x6, 0x638, 0x0, 0x800, 0x6, 0x6, 0x0, 0x8, 0x7, 0x2, 0x8, 0x2, 0xfffffffb, 0x2, 0x80, 0xffff7fff, 0x4, 0x200, 0x7f, 0x1, 0x5, 0x8, 0x1, 0xfffffffa, 0xc, 0x50c2, 0xc1ed, 0x401, 0x3, 0x7, 0x101, 0x800, 0x5, 0x5, 0x8, 0x1, 0x1, 0xfffffff8, 0xe9, 0x1, 0x7f, 0x7ff, 0x0, 0x7, 0xac, 0x80000000, 0x81, 0x80000001, 0x2, 0x80, 0x3ff, 0xa639, 0x0, 0x53647e6f, 0x2, 0xd792, 0x14b, 0x4, 0x3, 0xb36, 0xa, 0x1, 0x4, 0x94, 0x5f, 0x1, 0x8, 0xd8, 0x7fff, 0xf, 0x400, 0x7f, 0x80000001, 0xd08, 0x2, 0x1, 0x6, 0x9, 0x7d9, 0x1, 0x3, 0x3, 0x8, 0x6, 0x400, 0x86, 0x2, 0x1000, 0xbdf6, 0x41bf, 0xc, 0x2487005d, 0x2, 0x1, 0xaa1, 0x6, 0x80000001, 0x9, 0xe, 0x2, 0x0, 0x4, 0x401, 0x5, 0x87a0, 0x54, 0x5, 0x3, 0xf, 0x7fffffff, 0x0, 0x8d, 0xe, 0x3, 0xb6, 0x5, 0x9, 0x100, 0xfff, 0x10, 0x1, 0x6, 0xb7, 0x7, 0xfffffffa, 0x4, 0x5, 0x81, 0x6, 0x5, 0xdcdf, 0x7ff, 0x9, 0xffffffe3, 0x1ff, 0x3, 0xf1c, 0x8021, 0xffffffff, 0x70, 0x10000, 0x7, 0x4, 0x1, 0x0, 0x4, 0x7aed, 0x4, 0x8, 0xe, 0xffffffc0, 0x8b7, 0x5, 0x5, 0x200, 0x40, 0x3ff, 0x4, 0x0, 0xa, 0xc, 0x7, 0xe324, 0xf, 0x7, 0x97a, 0x7fff, 0xffffffff, 0x8, 0x7, 0x40000000, 0x7, 0x6, 0x7, 0x6f007526, 0xa, 0x80000000, 0x0, 0x200, 0xaeb, 0x315c, 0x9, 0x1000, 0xd, 0x5, 0x0, 0xf0f, 0x6, 0x20, 0x2, 0x9, 0x2, 0x9, 0x4, 0x6, 0xb37, 0x8, 0x5, 0x8, 0xa6b7, 0x10001, 0x2, 0x1, 0xf, 0x8, 0x8, 0x3ff, 0x1, 0x4, 0xbe, 0x1, 0x10001, 0x7fa, 0xe7ad, 0x4, 0x6, 0x6, 0x81, 0x10000, 0x3, 0xbd7, 0x71e5119d, 0x62, 0xffd, 0x5, 0x6, 0x4, 0xc, 0x3, 0x7, 0x400, 0x4, 0x400277e, 0xe1, 0x3, 0x4, 0x3, 0x4, 0x6, 0xbf, 0x7, 0x6, 0x8, 0x5, 0x3ff, 0x9ad9, 0x8, 0x1, 0x0, 0x3, 0x42f4, 0x2, 0x9, 0x6, 0x40, 0x1000, 0x82, 0x4, 0x1000, 0x8, 0x3d, 0x2, 0xe, 0x4, 0x3, 0xfffffffc, 0x4, 0x8, 0x10, 0x6, 0x9, 0xffffffff, 0x10, 0x0, 0x1, 0x9225, 0x3be, 0xd, 0x401, 0x81, 0x13, 0x5, 0x3b1, 0x1, 0x9f18, 0x2, 0x8f86, 0x417db73f, 0x7, 0x1, 0x7, 0x5, 0x3, 0x6, 0x7, 0x0, 0xd, 0x0, 0x7, 0x7, 0x2, 0x8, 0x5, 0x0, 0xab, 0x5, 0x94, 0xb3ab, 0x5ae, 0x2, 0x40, 0x5, 0x0, 0x8001, 0x8, 0x800, 0xb, 0xa4, 0x50, 0x8, 0x99, 0x10, 0x5, 0x100, 0xfffff800, 0x5, 0xca, 0x3, 0x4, 0x6, 0x7ff, 0x6e15d2ec, 0x7, 0x5, 0x8, 0x7ba, 0x21c0, 0xe64, 0x6, 0x7, 0x6d4, 0x5, 0x3, 0x7fff, 0x121, 0x9, 0xe6d7, 0x1000, 0x1ff, 0x42db5dac, 0xffff, 0x6, 0xfffffff8, 0x3ff, 0xfcf, 0x1000, 0x7, 0x2, 0x2, 0x6, 0x7, 0x2, 0x7, 0x80000001, 0x7, 0x8, 0x7, 0xfffff000, 0xfffffffe, 0x5, 0x5, 0x7, 0x80000001, 0x4, 0x2, 0x53f, 0x8, 0x6, 0x0, 0xfffffff8, 0x6, 0x8, 0x9, 0x8, 0x6d, 0x48, 0x8001, 0x1, 0x1, 0x2e7a, 0x8, 0x4, 0x10000, 0x5, 0x1ff, 0x1, 0x8, 0xfffffffd, 0xc217, 0x6, 0x59a, 0x2, 0x3, 0xba7a, 0x6d9c7f55, 0x4, 0x9, 0x1000, 0x3, 0x10001, 0x2, 0x2, 0x7, 0x6, 0x2, 0x1, 0x27a, 0x9, 0x2, 0xde26, 0x99, 0xfffffffe, 0x5, 0x1, 0xdba4b27, 0x6, 0x100, 0x0, 0x9, 0x7, 0x1, 0x7ff, 0x0, 0x2, 0xffff9369, 0x4, 0xff, 0x6, 0xed1, 0x80, 0x0, 0x3, 0x80000001, 0xe, 0x9, 0x1, 0xffff, 0x6, 0x9, 0x4, 0xef3, 0x1, 0xfffffffb, 0x7, 0x40, 0x6, 0x4, 0x9, 0x7f, 0x3, 0x1, 0x3, 0x2, 0xc15e, 0x6, 0x0, 0x6, 0x8, 0xffffffff, 0x8, 0x401, 0x0, 0x10, 0x3, 0x2, 0x4, 0x50d, 0x3, 0x4b, 0x7, 0x0, 0x2, 0x75, 0x80, 0x1, 0xdb, 0x401, 0x6, 0x1, 0x3, 0x6, 0xbf0d, 0x18, 0x1, 0x5, 0x95, 0x7fff, 0xe7, 0xa, 0x4, 0x0, 0xffffff16, 0x10, 0xae25, 0x908, 0x78e, 0x6, 0x1, 0xb2b7, 0xc, 0x7, 0x0, 0x5, 0x9, 0x8, 0x73, 0x9, 0xfffffffe, 0x5df, 0x1, 0x7, 0x81, 0xffffffaa, 0x3, 0x6, 0xd, 0xffffc4e6, 0xffff0001, 0x0, 0x5, 0x10001, 0x2, 0x3, 0x0, 0x6, 0x4, 0x3, 0x8, 0x3, 0x8, 0x5, 0x3, 0xc3f, 0x0, 0x2, 0x6, 0x6, 0xaed, 0x4, 0x9, 0x7, 0x7, 0x8, 0xff, 0x8001, 0x5, 0x9, 0x4, 0xc2, 0x80000000, 0x80000000, 0x4, 0x8, 0xab84, 0xb4, 0xfffffc00, 0x908b, 0x8, 0xc9, 0xfffffffe, 0x1, 0x3, 0x8, 0xfffffffb, 0x0, 0xf8, 0xfffffff0, 0x637, 0x6, 0x4, 0xa, 0x80, 0xfffffff9, 0xfffffb6f, 0x0, 0x120e, 0x7, 0x0, 0x6, 0x2, 0x1000, 0x6, 0x6, 0x2, 0xd, 0x3ff, 0x5e18, 0xf, 0x9ebe, 0x7, 0x2, 0x1, 0x7, 0x7, 0x9e, 0x8, 0xedd3, 0x9, 0x1, 0xffffffff, 0x5, 0x1ff, 0x8, 0x1, 0x5, 0x2, 0x40, 0xe, 0x4, 0xc, 0xc65, 0x40, 0x7, 0xbb7d, 0x10, 0x2, 0x1ff, 0x8, 0x6, 0x80, 0x2, 0xf, 0x7, 0x80000000, 0x6e0, 0x1, 0x5, 0xd1, 0x9, 0x8, 0xfffffe00, 0x0, 0x1, 0x4, 0xe449, 0x4, 0x40, 0x10, 0x1000, 0x0, 0xca, 0xffff, 0x10001, 0xfffff891, 0x5, 0xfe, 0x200, 0xffffff81, 0xfffffff8, 0x4, 0x101, 0x68f0, 0xbfb, 0xdfe2, 0x0, 0x4, 0x9e74, 0x8, 0x7, 0x3ff, 0x80, 0xde7, 0x5, 0x51, 0x0, 0xb, 0x3, 0xad, 0x8, 0x2, 0x1, 0x8000, 0x4, 0x7, 0x8, 0x4, 0x10, 0x80000000, 0x6, 0x1400000, 0xf7, 0x8, 0x81, 0x4, 0x6790, 0x9, 0xfa6, 0x400, 0x7f, 0x3ff, 0x4, 0x2, 0x9, 0x6, 0x9107, 0x1, 0xcac, 0x40, 0x7, 0xc, 0x1, 0x5, 0x7, 0xb923, 0x2, 0xffff3818, 0x3, 0x1, 0x5, 0xe39, 0x4, 0x6, 0x7ff, 0xfff, 0x5, 0x5, 0x1, 0x101, 0xfffffff9, 0x3, 0x1, 0x400, 0xe59, 0x6, 0x8, 0x3ff, 0x6, 0x3ff, 0x9, 0x2, 0x6, 0x12dd, 0x0, 0x10, 0x6, 0x40, 0x0, 0xffffff80, 0x3, 0x0, 0x1, 0x7, 0x997, 0x7, 0x7fffffff, 0x81, 0x1, 0xe, 0x7e, 0x9, 0x3, 0x5, 0x7c, 0x4, 0x9, 0x3, 0x0, 0x1ff, 0x4, 0x926a, 0x9, 0x6, 0xea, 0x9, 0x9, 0xc0000, 0xf4d, 0x80000001, 0x1, 0x2, 0x1, 0x3, 0x7fff, 0x3, 0x1, 0x5851, 0x9fc, 0x0, 0x6, 0xcf4, 0x6, 0x1, 0xffb8, 0x0, 0x10001, 0x7, 0x8, 0x7b, 0x6, 0x89, 0xfffc0000, 0x9, 0x1, 0x4, 0xb, 0x9, 0x3, 0x5, 0xc2, 0x5, 0x2, 0x9, 0x3, 0x2c33, 0x5, 0x4, 0x0, 0x5, 0x9, 0x1, 0xa, 0x819, 0x5, 0x4, 0xeaa8, 0xb, 0x5, 0x8000, 0xffff, 0x8, 0x7fff, 0xe, 0x3, 0x6, 0xffffffff, 0x7, 0xba, 0x1, 0x2, 0xc7c, 0x8, 0xdc, 0x3, 0x5, 0x6, 0x1]}) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00008feff0)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x4, 0x0, &(0x7f00008feff0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="020d0000100000002f3144e8edffffff03000600ff18000002004909000100000000000000001e0e080012000200010000d200000000000030006c540203009f7eae02000000adb20200000000f52c000000cdff00000001020014bb000001000000002300001300030005000020000002"], 0x80}}, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f00000000c0), 0x2c8, 0x0) 192.65766ms ago: executing program 2 (id=24453): r0 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x2, 0x5, @loopback={0xfec0ffff00000000}}, 0x1c) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000240)={0x2, {{0xa, 0x4e20, 0x0, @mcast2, 0xde9a}}, {{0xa, 0x4e22, 0x200, @mcast2, 0x80000000}}}, 0x108) syz_emit_ethernet(0x6e, &(0x7f0000000b40)={@local, @random="8c00defa00", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "00048e", 0x38, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @time_exceed={0x2, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "050006", 0x97a, 0x3a, 0xff, @mcast1, @mcast2, [], "0c2f706796c36390"}}}}}}}, 0x0) 192.394345ms ago: executing program 4 (id=24454): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0x7, 0x7ffc0001}]}) r0 = socket(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000480)={0xa, 0x4e21, 0x6, @ipv4={'\x00', '\xff\xff', @remote}, 0x4000002}, 0x1c) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) setsockopt$sock_int(r0, 0x1, 0x35, &(0x7f0000000040)=0x2000007, 0x4) 134.955278ms ago: executing program 2 (id=24455): bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x2, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x41000, 0xd, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = syz_io_uring_setup(0x4175, &(0x7f0000000180)={0x0, 0x1bf58, 0x10000, 0x2, 0x2d0}, &(0x7f0000000440), &(0x7f0000000400)) io_uring_enter(r0, 0x7b1d, 0xe93c, 0xc, 0x0, 0x0) io_uring_register$IORING_REGISTER_NAPI(r0, 0x1b, &(0x7f00000000c0)={0x5, 0x6}, 0x1) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) 134.614318ms ago: executing program 4 (id=24456): mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000006c0)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) fcntl$lock(r0, 0x24, &(0x7f0000000040)={0x1}) 133.655417ms ago: executing program 2 (id=24457): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0xf) ioctl$TCFLSH(r1, 0x400455c8, 0x0) bind$bt_hci(r0, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6) 58.46995ms ago: executing program 4 (id=24458): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x8) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x8) dup3(r0, r1, 0x80000) 0s ago: executing program 3 (id=24459): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000000)={0x40, r2, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_STA_EXT_CAPABILITY={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x200000c0}, 0x0) kernel console output (not intermixed with test programs): all=240 compat=1 ip=0xf7fb1579 code=0x7ffc0000 [ 924.257774][ T40] audit: type=1326 audit(870.354:23547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19579 comm="syz.9.21435" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb1598 code=0x7ffc0000 [ 924.264435][ T40] audit: type=1326 audit(870.354:23548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19579 comm="syz.9.21435" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x7ffc0000 [ 924.271129][ T40] audit: type=1326 audit(870.354:23549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19579 comm="syz.9.21435" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x7ffc0000 [ 924.277658][ T40] audit: type=1326 audit(870.354:23550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19579 comm="syz.9.21435" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb1598 code=0x7ffc0000 [ 924.558367][T19626] netlink: 830 bytes leftover after parsing attributes in process `syz.4.21455'. [ 924.911323][T19663] bridge: RTM_NEWNEIGH with invalid state 0x8 [ 924.945852][T19669] binder: 19668:19669 ioctl c0306201 80000040 returned -14 [ 925.248617][T19683] binder: 19682:19683 ioctl c0306201 80000400 returned -11 [ 925.279252][T19689] loop9: detected capacity change from 0 to 7 [ 925.284745][T19689] Dev loop9: unable to read RDB block 7 [ 925.286742][T19689] loop9: unable to read partition table [ 925.289162][T19689] loop9: partition table beyond EOD, truncated [ 925.291501][T19689] loop_reread_partitions: partition scan of loop9 (被x ) failed (rc=-5) [ 925.313933][ T1148] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 925.511487][T19703] netlink: 'syz.2.21490': attribute type 9 has an invalid length. [ 925.514172][T19703] netlink: 8 bytes leftover after parsing attributes in process `syz.2.21490'. [ 925.793622][T19723] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 925.797070][T19723] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off. [ 925.801893][T19723] overlayfs: failed to get uuid (187/file0, err=-13); falling back to uuid=null. [ 925.879942][T19732] netlink: 4 bytes leftover after parsing attributes in process `syz.4.21505'. [ 925.883410][T19733] netlink: 8 bytes leftover after parsing attributes in process `syz.3.21506'. [ 926.058637][T19751] netlink: 'syz.2.21513': attribute type 14 has an invalid length. [ 926.665509][ T29] usb 14-1: new high-speed USB device number 11 using dummy_hcd [ 926.846581][ T29] usb 14-1: Using ep0 maxpacket: 16 [ 926.850046][ T29] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 926.854393][ T29] usb 14-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 926.859533][ T29] usb 14-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 926.863100][ T29] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 926.869915][ T29] usb 14-1: config 0 descriptor?? [ 927.306574][ T29] usbhid 14-1:0.0: can't add hid device: -71 [ 927.310163][ T29] usbhid 14-1:0.0: probe with driver usbhid failed with error -71 [ 927.314983][ T29] usb 14-1: USB disconnect, device number 11 [ 927.349013][ T34] usb 9-1: new high-speed USB device number 10 using dummy_hcd [ 927.381698][T19838] : renamed from vlan0 (while UP) [ 927.530766][ T34] usb 9-1: Using ep0 maxpacket: 16 [ 927.533758][ T34] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 927.536916][ T34] usb 9-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 927.539910][ T34] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 927.547616][ T34] usb 9-1: config 0 descriptor?? [ 927.551745][ T34] input: bcm5974 as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/input/input63 [ 927.768433][ T5334] bcm5974 9-1:0.0: could not read from device [ 927.835953][ T34] bcm5974 9-1:0.0: could not read from device [ 927.915701][ T34] input: failed to attach handler mousedev to device input63, error: -5 [ 927.924779][ T5334] bcm5974 9-1:0.0: could not read from device [ 927.932141][ T34] usb 9-1: USB disconnect, device number 10 [ 928.084011][T19851] __nla_validate_parse: 1 callbacks suppressed [ 928.084022][T19851] netlink: 4 bytes leftover after parsing attributes in process `syz.9.21560'. [ 928.358613][ T7199] kernel read not supported for file /dsp (pid: 7199 comm: kworker/0:6) [ 928.640646][T19884] kvm: kvm [19883]: vcpu0, guest rIP: 0xfff0 Unhandled RDMSR(0x40000006) [ 929.446051][T19941] kvm_intel: kvm [19940]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x3 [ 930.061930][T19960] netlink: 28 bytes leftover after parsing attributes in process `syz.9.21608'. [ 930.226131][T19054] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 930.657667][T20013] input: syz0 as /devices/virtual/input/input64 [ 930.821244][T20027] bridge0: entered allmulticast mode [ 930.921198][T20031] netlink: 4 bytes leftover after parsing attributes in process `syz.9.21643'. [ 931.102251][ T7886] e1000 0000:00:06.0 eth0: Reset adapter [ 931.152635][T20050] netlink: 4 bytes leftover after parsing attributes in process `syz.4.21651'. [ 933.411986][ T7886] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX [ 934.576849][T20060] input: syz1 as /devices/virtual/input/input65 [ 934.889675][T20098] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 934.947187][ T1148] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 935.994466][T20146] tipc: Enabling of bearer rejected, already enabled [ 936.105156][T20148] netlink: 360 bytes leftover after parsing attributes in process `syz.9.21695'. [ 936.192858][T20157] netlink: 'syz.3.21698': attribute type 10 has an invalid length. [ 936.196149][T20157] netlink: 40 bytes leftover after parsing attributes in process `syz.3.21698'. [ 936.272101][T20157] team0: Port device geneve0 added [ 936.433723][T20179] loop5: detected capacity change from 0 to 7 [ 936.438556][T20179] Dev loop5: unable to read RDB block 7 [ 936.440496][T20179] loop5: AHDI p1 [ 936.441729][T20179] loop5: partition table partially beyond EOD, truncated [ 936.531340][T20185] netlink: 24 bytes leftover after parsing attributes in process `syz.3.21712'. [ 937.722651][T20208] tap0: tun_chr_ioctl cmd 1074025672 [ 937.724480][T20208] tap0: ignored: set checksum enabled [ 938.221992][ T6184] usb 14-1: new low-speed USB device number 12 using dummy_hcd [ 938.386726][ T6184] usb 14-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 938.390905][ T6184] usb 14-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 938.395156][ T6184] usb 14-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8 [ 938.398790][ T6184] usb 14-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 938.402134][ T6184] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 938.422952][T20225] raw-gadget.1 gadget.9: fail, usb_ep_enable returned -22 [ 938.430982][ T6184] hub 14-1:1.0: bad descriptor, ignoring hub [ 938.433431][ T6184] hub 14-1:1.0: probe with driver hub failed with error -5 [ 938.438149][ T6184] cdc_wdm 14-1:1.0: skipping garbage [ 938.440302][ T6184] cdc_wdm 14-1:1.0: skipping garbage [ 938.443262][ T6184] cdc_wdm 14-1:1.0: cdc-wdm0: USB WDM device [ 938.445848][ T6184] cdc_wdm 14-1:1.0: Unknown control protocol [ 938.552224][T20282] netlink: 4 bytes leftover after parsing attributes in process `syz.2.21753'. [ 938.711524][ T40] kauditd_printk_skb: 390 callbacks suppressed [ 938.711538][ T40] audit: type=1326 audit(883.945:23941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20289 comm="syz.2.21757" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000 [ 938.723196][ T40] audit: type=1326 audit(883.955:23942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20289 comm="syz.2.21757" exe="/syz-executor" sig=0 arch=40000003 syscall=425 compat=1 ip=0xf7fb3579 code=0x7ffc0000 [ 938.731435][ T40] audit: type=1326 audit(883.955:23943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20289 comm="syz.2.21757" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf7fb3579 code=0x7ffc0000 [ 938.740282][ T40] audit: type=1326 audit(883.955:23944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20289 comm="syz.2.21757" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf7fb3579 code=0x7ffc0000 [ 938.749876][ T40] audit: type=1326 audit(883.955:23945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20289 comm="syz.2.21757" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000 [ 938.757665][ T40] audit: type=1326 audit(883.955:23946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20289 comm="syz.2.21757" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000 [ 938.769017][ T40] audit: type=1326 audit(883.955:23947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20289 comm="syz.2.21757" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fb3579 code=0x7ffc0000 [ 938.776244][ T40] audit: type=1326 audit(883.955:23948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20289 comm="syz.2.21757" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000 [ 938.783592][ T40] audit: type=1326 audit(883.955:23949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20289 comm="syz.2.21757" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000 [ 938.791333][ T40] audit: type=1326 audit(883.955:23950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20289 comm="syz.2.21757" exe="/syz-executor" sig=0 arch=40000003 syscall=3 compat=1 ip=0xf7fb3579 code=0x7ffc0000 [ 938.835628][ C1] cdc_wdm 14-1:1.0: nonzero urb status received: -71 [ 938.838365][ C1] cdc_wdm 14-1:1.0: wdm_int_callback - 0 bytes [ 938.841203][ C1] cdc_wdm 14-1:1.0: nonzero urb status received: -71 [ 938.844113][ C1] cdc_wdm 14-1:1.0: wdm_int_callback - 0 bytes [ 938.846756][ C1] cdc_wdm 14-1:1.0: nonzero urb status received: -71 [ 938.848984][ C1] cdc_wdm 14-1:1.0: wdm_int_callback - 0 bytes [ 938.851676][ C1] cdc_wdm 14-1:1.0: nonzero urb status received: -71 [ 938.854529][ C1] cdc_wdm 14-1:1.0: wdm_int_callback - 0 bytes [ 938.857343][ C1] cdc_wdm 14-1:1.0: nonzero urb status received: -71 [ 938.860157][ C1] cdc_wdm 14-1:1.0: wdm_int_callback - 0 bytes [ 938.862955][ C1] cdc_wdm 14-1:1.0: nonzero urb status received: -71 [ 938.865632][ C1] cdc_wdm 14-1:1.0: wdm_int_callback - 0 bytes [ 938.868250][ C1] cdc_wdm 14-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 938.971784][ T7886] usb 14-1: USB disconnect, device number 12 [ 939.195428][T20310] bond1 (unregistering): Released all slaves [ 940.063654][T20357] netlink: 'syz.3.21787': attribute type 10 has an invalid length. [ 940.066834][T20357] netlink: 55 bytes leftover after parsing attributes in process `syz.3.21787'. [ 940.620856][T20375] netlink: 4 bytes leftover after parsing attributes in process `syz.4.21797'. [ 940.893010][T20397] netlink: 8 bytes leftover after parsing attributes in process `syz.3.21806'. [ 941.941669][ T7199] usb 9-1: new high-speed USB device number 11 using dummy_hcd [ 942.102803][ T7199] usb 9-1: Using ep0 maxpacket: 8 [ 942.108284][ T7199] usb 9-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 942.112075][ T7199] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 942.145137][ T7199] pvrusb2: Hardware description: Terratec Grabster AV400 [ 942.147686][ T7199] pvrusb2: ********** [ 942.149144][ T7199] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 942.152238][ T7199] pvrusb2: Important functionality might not be entirely working. [ 942.154607][ T7199] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 942.160541][ T7199] pvrusb2: ********** [ 942.347195][ T2484] pvrusb2: Invalid write control endpoint [ 942.367981][ T2484] pvrusb2: Invalid write control endpoint [ 942.370128][ T2484] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 942.373327][ T2484] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 942.375785][ T2484] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 942.378924][ T2484] pvrusb2: Device being rendered inoperable [ 942.382264][ T2484] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 942.384651][ T2484] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 942.388547][ T2484] pvrusb2: Attached sub-driver cx25840 [ 942.390363][ T2484] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 942.394207][ T2484] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 942.562846][T20457] pvrusb2: Killing an I2C write to 6 that is too large (desired=63 limit=61) [ 942.566419][ T7886] usb 9-1: USB disconnect, device number 11 [ 943.081685][T20527] netlink: 4 bytes leftover after parsing attributes in process `syz.3.21864'. [ 943.424985][T20546] netlink: 'syz.4.21873': attribute type 9 has an invalid length. [ 943.704250][T20570] netlink: 12 bytes leftover after parsing attributes in process `syz.9.21885'. [ 944.193654][T20611] netlink: 'syz.9.21903': attribute type 23 has an invalid length. [ 944.196258][T20611] netlink: 8 bytes leftover after parsing attributes in process `syz.9.21903'. [ 944.218852][ T29] usb 9-1: new high-speed USB device number 12 using dummy_hcd [ 944.391162][ T29] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 944.395456][ T29] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 944.399111][ T29] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 944.402955][ T29] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 944.407787][T20593] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 944.412360][ T29] usb 9-1: Quirk or no altset; falling back to MIDI 1.0 [ 944.629987][T13999] usb 9-1: USB disconnect, device number 12 [ 945.276058][T20658] netlink: 4 bytes leftover after parsing attributes in process `syz.3.21925'. [ 945.427681][ T912] hid_parser_main: 19 callbacks suppressed [ 945.427699][ T912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 945.433381][ T912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 945.436507][ T912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 945.440503][ T912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 945.443744][ T912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 945.446933][ T912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 945.450519][ T912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 945.453660][ T912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 945.456801][ T912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 945.463641][ T912] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 945.468601][ T912] hid-generic 0000:0000:0000.000B: hidraw0: HID v0.00 Device [Zw[ba|\rn)A#6oү?aIs5hV3(; [ 945.468601][ T912] ѝP$zɷX$w[SRezxuSrl[5l'ZCz2] on tDKY縣Ϫ򞿹,UOp{"ixA[ewÒ}ZXA [ 945.489423][T20665] tipc: Started in network mode [ 945.491663][T20665] tipc: Node identity ac14140f, cluster identity 4711 [ 945.494713][T20665] tipc: New replicast peer: 255.255.255.255 [ 945.498164][T20665] tipc: Enabled bearer , priority 10 [ 945.503392][T20665] netlink: 12 bytes leftover after parsing attributes in process `syz.2.21929'. [ 945.507367][T20665] tipc: Disabling bearer [ 945.524059][T20667] netlink: 56 bytes leftover after parsing attributes in process `syz.3.21927'. [ 945.559545][T20664] fido_id[20664]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 945.667976][T20682] sp0: Synchronizing with TNC [ 945.715510][T15070] usb 14-1: new high-speed USB device number 13 using dummy_hcd [ 945.905304][T15070] usb 14-1: New USB device found, idVendor=046d, idProduct=c087, bcdDevice= 0.00 [ 945.908762][T15070] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 945.914871][T15070] usb 14-1: config 0 descriptor?? [ 946.139793][T15070] usbhid 14-1:0.0: can't add hid device: -71 [ 946.142723][T15070] usbhid 14-1:0.0: probe with driver usbhid failed with error -71 [ 946.146217][T15070] usb 14-1: USB disconnect, device number 13 [ 947.084032][T13999] usb 9-1: new high-speed USB device number 13 using dummy_hcd [ 947.244743][T13999] usb 9-1: Using ep0 maxpacket: 16 [ 947.250506][T13999] usb 9-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 947.254053][T13999] usb 9-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 947.256685][T13999] usb 9-1: Product: syz [ 947.258156][T13999] usb 9-1: Manufacturer: syz [ 947.259754][T13999] usb 9-1: SerialNumber: syz [ 947.262373][T13999] usb 9-1: config 0 descriptor?? [ 947.485224][T15070] usb 9-1: USB disconnect, device number 13 [ 947.780682][ T9980] Bluetooth: hci1: command tx timeout [ 947.891543][ T40] kauditd_printk_skb: 11 callbacks suppressed [ 947.891561][ T40] audit: type=1326 audit(892.532:23962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20776 comm="syz.3.21980" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 947.912721][ T40] audit: type=1326 audit(892.532:23963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20776 comm="syz.3.21980" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 947.919445][ T40] audit: type=1326 audit(892.532:23964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20776 comm="syz.3.21980" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff7598 code=0x7ffc0000 [ 947.926116][ T40] audit: type=1326 audit(892.532:23965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20776 comm="syz.3.21980" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 947.932784][ T40] audit: type=1326 audit(892.532:23966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20776 comm="syz.3.21980" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 947.940260][ T40] audit: type=1326 audit(892.532:23967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20776 comm="syz.3.21980" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff7598 code=0x7ffc0000 [ 947.948162][ T40] audit: type=1326 audit(892.532:23968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20776 comm="syz.3.21980" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 947.955645][ T40] audit: type=1326 audit(892.532:23969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20776 comm="syz.3.21980" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 947.962420][ T40] audit: type=1326 audit(892.532:23970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20776 comm="syz.3.21980" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff7598 code=0x7ffc0000 [ 947.969197][ T40] audit: type=1326 audit(892.532:23971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20776 comm="syz.3.21980" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 948.392658][T20808] netlink: 8 bytes leftover after parsing attributes in process `syz.9.21994'. [ 948.395852][T20808] netlink: 12 bytes leftover after parsing attributes in process `syz.9.21994'. [ 949.983919][T20800] Set syz1 is full, maxelem 65536 reached [ 949.996284][T20845] Set syz1 is full, maxelem 1023 reached [ 950.792487][T20894] netlink: 20 bytes leftover after parsing attributes in process `syz.3.22033'. [ 951.004969][T20911] comedi comedi3: comedi_test: 10 microvolt, 2046 microsecond waveform attached [ 951.023089][T20914] No control pipe specified [ 951.574253][T15070] usb 14-1: new high-speed USB device number 14 using dummy_hcd [ 951.645581][T20947] misc userio: Can't change port type on an already running userio instance [ 951.677976][T20949] binder: Binderfs stats mode cannot be changed during a remount [ 951.734245][T15070] usb 14-1: Using ep0 maxpacket: 8 [ 951.737782][T15070] usb 14-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 951.740682][T15070] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 951.751197][T15070] pvrusb2: Hardware description: Terratec Grabster AV400 [ 951.754141][T15070] pvrusb2: ********** [ 951.757240][T15070] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 951.760432][T15070] pvrusb2: Important functionality might not be entirely working. [ 951.763258][T15070] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 951.766849][T15070] pvrusb2: ********** [ 951.782505][T20953] Bluetooth: MGMT ver 1.23 [ 951.784026][T20953] Bluetooth: hci1: too big key_count value 11787 [ 951.932940][T20955] netlink: 4 bytes leftover after parsing attributes in process `syz.4.22059'. [ 951.974523][ T2484] pvrusb2: Invalid write control endpoint [ 952.002429][ T2484] pvrusb2: Invalid write control endpoint [ 952.004484][ T2484] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 952.007605][ T2484] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 952.011653][ T2484] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 952.015009][ T2484] pvrusb2: Device being rendered inoperable [ 952.016825][ T2484] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 952.019019][ T2484] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 952.021984][ T2484] pvrusb2: Attached sub-driver cx25840 [ 952.024185][ T2484] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 952.028010][ T2484] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 952.195150][T20940] pvrusb2: Attempted to execute control transfer when device not ok [ 952.201618][ T912] usb 14-1: USB disconnect, device number 14 [ 952.408881][T20978] netlink: 4 bytes leftover after parsing attributes in process `syz.4.22070'. [ 952.417580][T20978] netlink: 216 bytes leftover after parsing attributes in process `syz.4.22070'. [ 952.422593][T20978] netlink: 216 bytes leftover after parsing attributes in process `syz.4.22070'. [ 952.703021][T20996] bridge0: entered promiscuous mode [ 952.705486][T20996] macvlan4: entered promiscuous mode [ 952.973508][T21016] netlink: 12 bytes leftover after parsing attributes in process `syz.2.22090'. [ 953.062372][T21022] netlink: 'syz.4.22092': attribute type 6 has an invalid length. [ 953.130887][T21032] netlink: 96 bytes leftover after parsing attributes in process `syz.9.22098'. [ 953.683747][T21074] netlink: 4 bytes leftover after parsing attributes in process `syz.4.22116'. [ 954.151401][T21108] bad cache= option: nonetype : aead [ 954.151401][T21108] async : yes [ 954.151401][T21108] blocksize : 1 [ 954.151401][T21108] ivsize : 8 [ 954.151401][T21108] maxauthsize : 16 [ 954.151401][T21108] geniv : [ 954.151401][T21108] [ 954.151401][T21108] name : rfc4543(gcm(aes)) [ 954.151401][T21108] driver : rfc4543(gcm_base(ctr(aes-aesni) [ 954.151401][T21108] [ 954.165394][T21108] CIFS: VFS: bad cache= option: nonetype : aead [ 954.165394][T21108] async : yes [ 954.165394][T21108] blocksize : 1 [ 954.165394][T21108] ivsize : 8 [ 954.165394][T21108] maxauthsize : 16 [ 954.165394][T21108] geniv : [ 954.165394][T21108] [ 954.165394][T21108] name : rfc4543(gcm(aes)) [ 954.165394][T21108] driver : rfc4543(gcm_base(ctr(aes-aesni) [ 954.182494][T21108] CIFS mount error: No usable UNC path provided in device string! [ 954.182494][T21108] [ 954.185797][T21108] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 954.364470][T21118] macvlan0: entered promiscuous mode [ 954.371386][T21118] netlink: 'syz.2.22137': attribute type 1 has an invalid length. [ 954.374499][T21118] netlink: 'syz.2.22137': attribute type 2 has an invalid length. [ 954.492424][ T6184] usb 9-1: new high-speed USB device number 14 using dummy_hcd [ 954.663454][ T6184] usb 9-1: Using ep0 maxpacket: 8 [ 954.667114][ T6184] usb 9-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 954.670779][ T6184] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 954.685414][ T6184] pvrusb2: Hardware description: Terratec Grabster AV400 [ 954.688331][ T6184] pvrusb2: ********** [ 954.689919][ T6184] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 954.693886][ T6184] pvrusb2: Important functionality might not be entirely working. [ 954.699200][ T6184] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 954.703571][ T6184] pvrusb2: ********** [ 954.903585][ T2484] pvrusb2: Invalid write control endpoint [ 954.931787][ T2484] pvrusb2: Invalid write control endpoint [ 954.933713][ T2484] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 954.936883][ T2484] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 954.939191][ T2484] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 954.943200][ T2484] pvrusb2: Device being rendered inoperable [ 954.946223][ T2484] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 954.948917][ T2484] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 954.955804][ T2484] pvrusb2: Attached sub-driver cx25840 [ 954.957643][ T2484] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 954.960999][ T2484] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 955.119308][ T6184] usb 9-1: USB disconnect, device number 14 [ 955.928428][T21151] trusted_key: encrypted_key: keyword 'noad' not recognized [ 956.160265][ T64] Bluetooth: hci2: command 0xfc11 tx timeout [ 956.160302][ T9980] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 956.557303][T21174] ref_ctr_offset mismatch. inode: 0xf25 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x30656c69662f2e [ 956.762488][T21183] netlink: 12 bytes leftover after parsing attributes in process `syz.9.22166'. [ 956.766235][T21183] netlink: 12 bytes leftover after parsing attributes in process `syz.9.22166'. [ 957.098687][T21199] netlink: 28 bytes leftover after parsing attributes in process `syz.4.22173'. [ 957.281339][T21212] sit0: entered promiscuous mode [ 957.284466][T21212] netlink: 'syz.9.22179': attribute type 1 has an invalid length. [ 957.287646][T21212] netlink: 1 bytes leftover after parsing attributes in process `syz.9.22179'. [ 957.832053][T21227] netlink: 'syz.9.22184': attribute type 2 has an invalid length. [ 957.838123][T21227] !: entered promiscuous mode [ 957.845517][T21227] netlink: 'syz.9.22184': attribute type 2 has an invalid length. [ 957.848087][T21227] !: left promiscuous mode [ 958.483687][T13975] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 959.114597][T21283] netlink: 4 bytes leftover after parsing attributes in process `syz.4.22209'. [ 959.179653][ T40] kauditd_printk_skb: 50 callbacks suppressed [ 959.179664][ T40] audit: type=1800 audit(903.093:24022): pid=21289 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.22211" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0 [ 959.668407][T21313] netlink: 4 bytes leftover after parsing attributes in process `syz.4.22221'. [ 959.741086][T21317] input: syz0 as /devices/virtual/input/input69 [ 959.870398][T21329] netlink: 16 bytes leftover after parsing attributes in process `syz.9.22229'. [ 962.022312][T21431] loop5: detected capacity change from 0 to 1 [ 962.025306][T19054] Dev loop5: unable to read RDB block 1 [ 962.027152][T19054] loop5: unable to read partition table [ 962.029046][T19054] loop5: partition table beyond EOD, truncated [ 962.032065][T21431] Dev loop5: unable to read RDB block 1 [ 962.033850][T21431] loop5: unable to read partition table [ 962.035676][T21431] loop5: partition table beyond EOD, truncated [ 962.037692][T21431] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 962.042368][T21433] netlink: 'syz.4.22278': attribute type 12 has an invalid length. [ 962.045585][T21433] netlink: 'syz.4.22278': attribute type 29 has an invalid length. [ 962.048842][T21433] netlink: 'syz.4.22278': attribute type 2 has an invalid length. [ 962.056599][T21433] netlink: 'syz.4.22278': attribute type 2 has an invalid length. [ 962.059248][T21433] netlink: 'syz.4.22278': attribute type 1 has an invalid length. [ 962.062072][T21433] netlink: 'syz.4.22278': attribute type 37 has an invalid length. [ 962.065034][T21433] netlink: 'syz.4.22278': attribute type 2 has an invalid length. [ 962.068399][T21433] bridge0: port 1(bridge_slave_0) entered disabled state [ 962.070996][T21433] netlink: 59 bytes leftover after parsing attributes in process `syz.4.22278'. [ 962.507417][T21460] loop7: detected capacity change from 0 to 7 [ 962.514250][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 962.518057][ C2] buffer_io_error: 46 callbacks suppressed [ 962.518066][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 962.522748][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 962.525710][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 962.528376][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 962.531457][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 962.534136][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 962.537067][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 962.539700][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 962.543000][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 962.546129][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 962.549319][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 962.553431][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 962.556687][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 962.559213][T19054] ldm_validate_partition_table(): Disk read failed. [ 962.562051][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 962.565059][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 962.567992][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 962.571008][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 962.573581][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 962.576616][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 962.580608][T19054] Dev loop7: unable to read RDB block 0 [ 962.583027][T19054] loop7: unable to read partition table [ 962.585696][T19054] loop7: partition table beyond EOD, truncated [ 962.595348][T21460] ldm_validate_partition_table(): Disk read failed. [ 962.599787][T21460] Dev loop7: unable to read RDB block 0 [ 962.602068][T21460] loop7: unable to read partition table [ 962.604025][T21460] loop7: partition table beyond EOD, truncated [ 962.607042][T21460] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 962.634852][T21470] netlink: 8 bytes leftover after parsing attributes in process `syz.4.22295'. [ 962.660450][T21464] support for the xor transformation has been removed. [ 962.667027][ T5349] ldm_validate_partition_table(): Disk read failed. [ 962.672305][ T5349] Dev loop7: unable to read RDB block 0 [ 962.674491][ T5349] loop7: unable to read partition table [ 962.676899][ T5349] loop7: partition table beyond EOD, truncated [ 962.968000][ T6201] kernel read not supported for file /bluetooth/6lowpan_control (pid: 6201 comm: kworker/1:4) [ 963.091843][T21499] sp0: Synchronizing with TNC [ 963.687174][ T40] audit: type=1326 audit(1163.301:24023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21551 comm="syz.3.22334" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7ff7579 code=0x0 [ 963.885011][T13999] kernel read not supported for file /dsp (pid: 13999 comm: kworker/3:6) [ 963.921095][T21562] netlink: 212340 bytes leftover after parsing attributes in process `syz.4.22338'. [ 963.924497][T21562] openvswitch: netlink: Port 167772160 exceeds max allowable 65535 [ 964.287173][ T6201] usb 14-1: new high-speed USB device number 15 using dummy_hcd [ 964.447623][ T6201] usb 14-1: Using ep0 maxpacket: 16 [ 964.450896][ T6201] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 964.456389][ T6201] usb 14-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 964.459988][ T6201] usb 14-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 964.462801][ T6201] usb 14-1: Product: syz [ 964.464302][ T6201] usb 14-1: Manufacturer: syz [ 964.465911][ T6201] usb 14-1: SerialNumber: syz [ 964.469218][ T6201] usb 14-1: config 0 descriptor?? [ 964.473780][ T6201] em28xx 14-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 964.476895][ T6201] em28xx 14-1:0.0: DVB interface 0 found: bulk [ 964.769090][ T6201] em28xx 14-1:0.0: unknown em28xx chip ID (0) [ 964.848263][ T6201] em28xx 14-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 964.850930][ T6201] em28xx 14-1:0.0: board has no eeprom [ 964.929199][ T6201] em28xx 14-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 964.931818][ T6201] em28xx 14-1:0.0: dvb set to bulk mode. [ 964.936650][ T6201] usb 14-1: USB disconnect, device number 15 [ 964.939291][ T6201] em28xx 14-1:0.0: Disconnecting em28xx [ 964.941473][ T29] em28xx 14-1:0.0: Binding DVB extension [ 965.003648][ T29] em28xx 14-1:0.0: Registering input extension [ 965.012855][ T6201] em28xx 14-1:0.0: Closing input extension [ 965.027910][ T6201] em28xx 14-1:0.0: Freeing device [ 965.214455][T21599] debugfs: 'ttyS3' already exists in 'caif_serial' [ 965.850332][T21627] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 967.450774][T21746] netlink: 184 bytes leftover after parsing attributes in process `syz.2.22420'. [ 967.581827][T21762] sctp: [Deprecated]: syz.9.22428 (pid 21762) Use of struct sctp_assoc_value in delayed_ack socket option. [ 967.581827][T21762] Use struct sctp_sack_info instead [ 967.596945][T21764] loop9: detected capacity change from 0 to 7 [ 967.604381][T19054] loop9: [CUMANA/ADFS] p1 [ADFS] p1 [ 967.606293][T19054] loop9: partition table partially beyond EOD, truncated [ 967.609043][T19054] loop9: p1 size 2437361653 extends beyond EOD, truncated [ 967.616849][T21764] loop9: [CUMANA/ADFS] p1 [ADFS] p1 [ 967.618757][T21764] loop9: partition table partially beyond EOD, truncated [ 967.621246][T21764] loop9: p1 size 2437361653 extends beyond EOD, truncated [ 967.637010][T21758] nbd0: detected capacity change from 0 to 127 [ 967.646510][T19054] udevd[19054]: inotify_add_watch(7, /dev/loop9p1, 10) failed: No such file or directory [ 967.651309][ T9980] block nbd0: Receive control failed (result -104) [ 967.675812][T19054] udevd[19054]: inotify_add_watch(7, /dev/loop9p1, 10) failed: No such file or directory [ 967.855400][T21788] netlink: 7 bytes leftover after parsing attributes in process `syz.3.22438'. [ 968.123227][T14012] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 968.660270][T21830] netlink: 4 bytes leftover after parsing attributes in process `syz.2.22459'. [ 969.646447][T21870] netlink: 'syz.4.22475': attribute type 8 has an invalid length. [ 969.756895][T21878] Attempt to restore checkpoint with obsolete wellknown handles [ 969.856863][ T40] audit: type=1326 audit(1169.075:24024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21881 comm="syz.9.22482" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x7ffc0000 [ 969.864091][ T40] audit: type=1326 audit(1169.085:24025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21881 comm="syz.9.22482" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7fb1579 code=0x7ffc0000 [ 969.870656][ T40] audit: type=1326 audit(1169.085:24026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21881 comm="syz.9.22482" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x7ffc0000 [ 969.878035][ T40] audit: type=1326 audit(1169.085:24027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21881 comm="syz.9.22482" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x7ffc0000 [ 970.063836][T21902] input: syz0 as /devices/virtual/input/input71 [ 970.222729][ T912] e1000 0000:00:06.0 eth0: Reset adapter [ 971.265029][ T25] block nbd0: Connection timed out, retrying (0/1 alive) [ 971.269852][ T25] block nbd0: Connection timed out, retrying (0/1 alive) [ 971.272698][ T25] block nbd0: Connection timed out, retrying (0/1 alive) [ 971.274968][ T25] block nbd0: Connection timed out, retrying (0/1 alive) [ 971.278993][ T148] block nbd0: Dead connection, failed to find a fallback [ 971.281623][ T148] block nbd0: shutting down sockets [ 971.283661][ T148] blk_print_req_error: 40 callbacks suppressed [ 971.283670][ T148] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 971.291350][ T148] buffer_io_error: 40 callbacks suppressed [ 971.291359][ T148] Buffer I/O error on dev nbd0, logical block 2, async page read [ 971.295757][ T148] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 971.300175][ T148] Buffer I/O error on dev nbd0, logical block 1, async page read [ 971.302970][ T148] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 971.306127][ T148] Buffer I/O error on dev nbd0, logical block 0, async page read [ 971.308860][ T148] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 971.311995][ T148] Buffer I/O error on dev nbd0, logical block 3, async page read [ 971.316469][T20270] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 971.320564][T20270] Buffer I/O error on dev nbd0, logical block 0, async page read [ 971.323043][T20270] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 971.325971][T20270] Buffer I/O error on dev nbd0, logical block 1, async page read [ 971.328479][T20270] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 971.331540][T20270] Buffer I/O error on dev nbd0, logical block 2, async page read [ 971.333992][T20270] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 971.336939][T20270] Buffer I/O error on dev nbd0, logical block 3, async page read [ 971.339652][T20270] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 971.342610][T20270] Buffer I/O error on dev nbd0, logical block 0, async page read [ 971.345086][T20270] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 971.348091][T20270] Buffer I/O error on dev nbd0, logical block 1, async page read [ 971.350940][T20270] ldm_validate_partition_table(): Disk read failed. [ 971.353499][T20270] Dev nbd0: unable to read RDB block 0 [ 971.355863][T20270] nbd0: unable to read partition table [ 971.360026][T20270] ldm_validate_partition_table(): Disk read failed. [ 971.362465][T20270] Dev nbd0: unable to read RDB block 0 [ 971.364546][T20270] nbd0: unable to read partition table [ 972.506042][ T9980] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 972.506084][ T64] Bluetooth: hci2: command 0x1003 tx timeout [ 972.592640][ T912] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX [ 973.813245][T21938] netlink: 4 bytes leftover after parsing attributes in process `syz.9.22506'. [ 974.153592][T21980] program syz.4.22523 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 974.375613][T22003] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 974.903590][ T6184] usb 14-1: new high-speed USB device number 16 using dummy_hcd [ 975.085638][ T6184] usb 14-1: Using ep0 maxpacket: 16 [ 975.088854][ T6184] usb 14-1: config 0 has an invalid interface number: 132 but max is 0 [ 975.091453][ T6184] usb 14-1: config 0 has no interface number 0 [ 975.095257][ T6184] usb 14-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25 [ 975.098173][ T6184] usb 14-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 975.100714][ T6184] usb 14-1: Product: syz [ 975.102077][ T6184] usb 14-1: Manufacturer: syz [ 975.103755][ T6184] usb 14-1: SerialNumber: syz [ 975.106787][ T6184] usb 14-1: config 0 descriptor?? [ 975.109627][ T6184] hub 14-1:0.132: bad descriptor, ignoring hub [ 975.111696][ T6184] hub 14-1:0.132: probe with driver hub failed with error -5 [ 975.118706][ T6184] input: bcm5974 as /devices/platform/dummy_hcd.9/usb14/14-1/14-1:0.132/input/input72 [ 975.849018][T22064] input: syz0 as /devices/virtual/input/input73 [ 976.032477][T22087] mkiss: ax0: crc mode is auto. [ 976.315747][ T6184] usb 9-1: new high-speed USB device number 15 using dummy_hcd [ 976.476318][ T6184] usb 9-1: Using ep0 maxpacket: 8 [ 976.479882][ T6184] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 976.483809][ T6184] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 976.489632][ T6184] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 976.493145][ T6184] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 976.497520][ T6184] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 976.501056][ T6184] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 976.527757][T22114] netlink: 'syz.3.22589': attribute type 3 has an invalid length. [ 976.530897][T22114] netlink: 56 bytes leftover after parsing attributes in process `syz.3.22589'. [ 976.723260][ T6184] usb 9-1: GET_CAPABILITIES returned 0 [ 976.726340][ T6184] usbtmc 9-1:16.0: can't read capabilities [ 976.789574][T22131] can0: slcan on ttyS3. [ 976.797137][T22133] netlink: 56 bytes leftover after parsing attributes in process `syz.3.22598'. [ 976.925913][T22131] can0 (unregistered): slcan off ttyS3. [ 976.939486][ T912] usb 9-1: USB disconnect, device number 15 [ 977.293398][T22147] block nbd1: server does not support multiple connections per device. [ 977.300690][T22147] block nbd1: shutting down sockets [ 977.504124][ T912] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 978.679628][T22178] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 978.679886][T22180] netlink: 4 bytes leftover after parsing attributes in process `syz.2.22620'. [ 978.992240][ T6201] kernel read not supported for file /bluetooth/6lowpan_control (pid: 6201 comm: kworker/1:4) [ 979.346715][ T29] usb 14-1: USB disconnect, device number 16 [ 980.479158][ T912] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 980.556253][T22236] vhci_hcd vhci_hcd.0: pdev(9) rhport(0) sockfd(5) [ 980.558984][T22236] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 980.563775][T22236] vhci_hcd vhci_hcd.0: Device attached [ 980.569472][T22237] vhci_hcd: connection closed [ 980.569641][ T1148] vhci_hcd vhci_hcd.9: stop threads [ 980.572945][ T1148] vhci_hcd vhci_hcd.9: release socket [ 980.574726][ T1148] vhci_hcd vhci_hcd.9: disconnect device [ 981.496852][ T40] audit: type=1326 audit(1179.952:24028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22254 comm="syz.9.22653" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x0 [ 981.725476][T22286] netlink: 4 bytes leftover after parsing attributes in process `syz.3.22666'. [ 981.730269][T22286] netlink: 4 bytes leftover after parsing attributes in process `syz.3.22666'. [ 982.070061][T22304] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.22674'. [ 982.573795][T22320] sp0: Synchronizing with TNC [ 982.961420][ T29] usb 9-1: new high-speed USB device number 16 using dummy_hcd [ 983.092391][T22342] overlayfs: upper fs does not support file handles, falling back to index=off. [ 983.101046][T22342] overlayfs: NFS export requires "index=on", falling back to nfs_export=off. [ 983.132901][ T29] usb 9-1: Using ep0 maxpacket: 16 [ 983.138582][ T29] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 983.144465][ T29] usb 9-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 983.147915][ T29] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 983.151112][ T29] usb 9-1: Product: syz [ 983.152554][ T29] usb 9-1: Manufacturer: syz [ 983.154005][ T29] usb 9-1: SerialNumber: syz [ 983.156826][ T29] usb 9-1: config 0 descriptor?? [ 983.160279][ T29] em28xx 9-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 983.163124][ T29] em28xx 9-1:0.0: DVB interface 0 found: bulk [ 983.443363][ T29] em28xx 9-1:0.0: unknown em28xx chip ID (0) [ 983.509415][ T29] em28xx 9-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 983.512210][ T29] em28xx 9-1:0.0: board has no eeprom [ 983.571292][ T29] em28xx 9-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 983.573857][ T29] em28xx 9-1:0.0: dvb set to bulk mode. [ 983.578776][ T6201] em28xx 9-1:0.0: Binding DVB extension [ 983.583255][ T29] usb 9-1: USB disconnect, device number 16 [ 983.585772][ T29] em28xx 9-1:0.0: Disconnecting em28xx [ 983.609869][ T6201] em28xx 9-1:0.0: Registering input extension [ 983.611959][ T29] em28xx 9-1:0.0: Closing input extension [ 983.620268][ T29] em28xx 9-1:0.0: Freeing device [ 983.832371][T22370] netlink: 'syz.9.22703': attribute type 10 has an invalid length. [ 983.838260][T22370] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 984.161325][T22382] netlink: 8 bytes leftover after parsing attributes in process `syz.2.22707'. [ 984.175757][T22384] random: crng reseeded on system resumption [ 984.494069][T22402] input: syz0 as /devices/virtual/input/input75 [ 984.496902][T22402] input: failed to attach handler leds to device input75, error: -6 [ 984.623465][T22416] Bluetooth: hci0: service_discovery: expected 4 bytes, got 7 bytes [ 985.819063][ T7886] usb 9-1: new high-speed USB device number 17 using dummy_hcd [ 985.992783][ T7886] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 985.997011][ T7886] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 986.000208][ T7886] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 986.005478][ T7886] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 986.008290][ T7886] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 986.012196][ T7886] usb 9-1: config 0 descriptor?? [ 986.823919][ T7886] hid_parser_main: 6 callbacks suppressed [ 986.823975][ T7886] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 986.829609][ T7886] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 986.832639][ T7886] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 986.835062][ T7886] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 986.837531][ T7886] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 986.839962][ T7886] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 986.842912][ T7886] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 986.845219][ T7886] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 986.847850][ T7886] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 986.850167][ T7886] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 986.856099][ T7886] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 987.105051][ T6201] usb 9-1: USB disconnect, device number 17 [ 987.160355][T22499] fido_id[22499]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb9/report_descriptor': No such file or directory [ 987.407511][T22501] netlink: 'syz.9.22763': attribute type 10 has an invalid length. [ 987.411877][T22501] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 987.415226][T22501] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 987.627534][T22501] bond0: (slave batadv0): Releasing backup interface [ 987.843733][T22513] binder: 22512:22513 ioctl c0306201 800003c0 returned -22 [ 987.902691][T22519] netlink: 212368 bytes leftover after parsing attributes in process `syz.9.22772'. [ 988.445374][T22561] kvm: user requested TSC rate below hardware speed [ 988.710481][T22585] netlink: 4 bytes leftover after parsing attributes in process `syz.4.22801'. [ 989.040299][T13999] usb 9-1: new high-speed USB device number 18 using dummy_hcd [ 989.221790][T13999] usb 9-1: Using ep0 maxpacket: 8 [ 989.231074][T13999] usb 9-1: config index 0 descriptor too short (expected 301, got 45) [ 989.235838][T13999] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 989.240870][T13999] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 989.247284][T13999] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 989.258111][T13999] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 989.262431][T13999] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 989.265214][T13999] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 989.495933][T13999] usb 9-1: GET_CAPABILITIES returned 0 [ 989.497731][T13999] usbtmc 9-1:16.0: can't read capabilities [ 989.712689][T13999] usb 9-1: USB disconnect, device number 18 [ 989.793801][T22628] syzkaller1: entered promiscuous mode [ 989.795921][T22628] syzkaller1: entered allmulticast mode [ 989.867896][T22634] netlink: 276 bytes leftover after parsing attributes in process `syz.3.22823'. [ 989.872499][T22634] netlink: 276 bytes leftover after parsing attributes in process `syz.3.22823'. [ 989.965736][T22638] netlink: 4 bytes leftover after parsing attributes in process `syz.9.22825'. [ 990.790693][T22684] IPVS: sync thread started: state = MASTER, mcast_ifn = sit0, syncid = 4, id = 0 [ 990.877995][T22689] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.22844'. [ 990.901731][ T912] usb 9-1: new high-speed USB device number 19 using dummy_hcd [ 991.063578][ T912] usb 9-1: Using ep0 maxpacket: 8 [ 991.066844][ T912] usb 9-1: config 0 has an invalid interface number: 55 but max is 0 [ 991.069325][ T912] usb 9-1: config 0 has no interface number 0 [ 991.071206][ T912] usb 9-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 991.075035][ T912] usb 9-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 991.078611][ T912] usb 9-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 991.081895][ T912] usb 9-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 991.085930][ T912] usb 9-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 991.088712][ T912] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 991.092329][ T912] usb 9-1: config 0 descriptor?? [ 991.096257][ T912] ldusb 9-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 991.315215][ T912] usb 9-1: USB disconnect, device number 19 [ 991.319247][ T912] ldusb 9-1:0.55: LD USB Device #0 now disconnected [ 991.684269][T13974] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 992.217830][T22726] block nbd1: server does not support multiple connections per device. [ 992.220488][T22726] block nbd1: shutting down sockets [ 992.369683][T22739] netlink: 7 bytes leftover after parsing attributes in process `syz.9.22866'. [ 992.445261][T22743] netlink: 4 bytes leftover after parsing attributes in process `syz.4.22868'. [ 992.451585][T22743] netlink: 16 bytes leftover after parsing attributes in process `syz.4.22868'. [ 992.840723][T22767] syzkaller1: entered promiscuous mode [ 992.843103][T22767] syzkaller1: entered allmulticast mode [ 994.020928][T22780] batman_adv: batadv0: Adding interface: bond1 [ 994.022948][T22780] batman_adv: batadv0: The MTU of interface bond1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 994.030802][T22780] batman_adv: batadv0: Not using interface bond1 (retrying later): interface not active [ 994.311914][T22804] input: syz0 as /devices/virtual/input/input76 [ 994.776870][T22830] netlink: 68 bytes leftover after parsing attributes in process `syz.4.22908'. [ 994.779715][T22830] netlink: 68 bytes leftover after parsing attributes in process `syz.4.22908'. [ 996.222122][T22858] trusted_key: syz.9.22918 sent an empty control message without MSG_MORE. [ 996.263363][T22864] loop7: detected capacity change from 0 to 7 [ 996.265784][ C0] blk_print_req_error: 138 callbacks suppressed [ 996.265794][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 996.270838][ C0] buffer_io_error: 138 callbacks suppressed [ 996.270846][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 996.275280][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 996.278336][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 996.281441][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 996.284554][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 996.287470][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 996.291136][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 996.293998][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 996.296870][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 996.299535][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 996.302591][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 996.305160][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 996.308220][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 996.310719][T22864] ldm_validate_partition_table(): Disk read failed. [ 996.313210][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 996.316264][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 996.319014][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 996.322302][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 996.325008][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 996.328761][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 996.332126][T22864] Dev loop7: unable to read RDB block 0 [ 996.335241][T22864] loop7: unable to read partition table [ 996.337755][T22864] loop7: partition table beyond EOD, truncated [ 996.340326][T22864] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 996.397778][T22866] support for the xor transformation has been removed. [ 996.451615][T22868] netlink: 20 bytes leftover after parsing attributes in process `syz.9.22922'. [ 996.601003][T22874] netlink: 8 bytes leftover after parsing attributes in process `syz.4.22925'. [ 996.964701][ T912] e1000 0000:00:06.0 eth0: Reset adapter [ 997.035324][T22899] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 997.040059][T22899] overlayfs: fs on './file0' does not support file handles, falling back to xino=off. [ 997.103676][ T912] e1000 0000:00:06.0 eth0: Reset adapter [ 999.467110][ T912] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX [ 1000.566389][T22911] input: syz1 as /devices/virtual/input/input77 [ 1000.941603][ T912] e1000 0000:00:06.0 eth0: Reset adapter [ 1001.080483][ T6184] usb 14-1: new high-speed USB device number 17 using dummy_hcd [ 1001.080745][ T912] e1000 0000:00:06.0 eth0: Reset adapter [ 1001.186546][T22944] IPVS: You probably need to specify IP address on multicast interface. [ 1001.191357][T22944] IPVS: Error connecting to the multicast addr [ 1001.240746][ T6184] usb 14-1: Using ep0 maxpacket: 16 [ 1001.244052][ T6184] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1001.247498][ T6184] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1001.250558][ T6184] usb 14-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1001.255384][ T6184] usb 14-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 1001.258395][ T6184] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1001.259453][T22958] netlink: 'syz.4.22961': attribute type 1 has an invalid length. [ 1001.262144][ T6184] usb 14-1: config 0 descriptor?? [ 1001.278115][T22958] bond2: entered promiscuous mode [ 1001.280707][T22958] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1001.491371][T22958] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1001.494352][T22958] bond2: (slave gre1): The slave device specified does not support setting the MAC address [ 1001.497474][T22958] bond2: (slave gre1): Setting fail_over_mac to active for active-backup mode [ 1001.508493][T22958] bond2: (slave gre1): making interface the new active one [ 1001.510805][T22958] gre1: entered promiscuous mode [ 1001.513130][T22958] bond2: (slave gre1): Enslaving as an active interface with an up link [ 1001.647132][ T91] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1001.705333][ T6184] hid_parser_main: 5 callbacks suppressed [ 1001.705352][ T6184] shield 0003:0955:7214.000D: unknown main item tag 0x0 [ 1001.710593][ T6184] shield 0003:0955:7214.000D: unknown main item tag 0x0 [ 1001.713686][ T6184] shield 0003:0955:7214.000D: unknown main item tag 0x0 [ 1001.716707][ T6184] shield 0003:0955:7214.000D: unknown main item tag 0x0 [ 1001.719792][ T6184] shield 0003:0955:7214.000D: unknown main item tag 0x0 [ 1001.725851][ T6184] input: HID 0955:7214 Haptics as /devices/virtual/input/input78 [ 1001.740960][ T6184] shield 0003:0955:7214.000D: Registered Thunderstrike controller [ 1001.744159][ T6184] shield 0003:0955:7214.000D: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.9-1/input0 [ 1001.916804][ T7199] shield 0003:0955:7214.000D: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 1001.917151][T13999] usb 14-1: USB disconnect, device number 17 [ 1001.922081][ T7199] shield 0003:0955:7214.000D: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 1001.935535][ T7199] shield 0003:0955:7214.000D: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 1001.940096][ T7199] shield 0003:0955:7214.000D: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 1003.401078][ T912] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX [ 1004.448910][T22964] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.22964'. [ 1004.852847][T22987] netlink: 212348 bytes leftover after parsing attributes in process `syz.9.22973'. [ 1004.890350][T22989] netlink: 4 bytes leftover after parsing attributes in process `syz.9.22974'. [ 1005.186836][T22989] bond1: Invalid ad_actor_system MAC address. [ 1005.188982][T22989] bond1: option ad_actor_system: invalid value (68719607821) [ 1005.218740][T22989] bond1 (unregistering): Released all slaves [ 1005.636042][T23019] netlink: 'syz.3.22985': attribute type 2 has an invalid length. [ 1005.638542][T23019] netlink: 'syz.3.22985': attribute type 2 has an invalid length. [ 1005.641174][T23019] netlink: 'syz.3.22985': attribute type 2 has an invalid length. [ 1005.742549][T23027] netlink: 4 bytes leftover after parsing attributes in process `syz.9.22989'. [ 1005.754359][T23029] netlink: 'syz.4.22990': attribute type 4 has an invalid length. [ 1008.630351][T23138] macvlan2: entered promiscuous mode [ 1011.059253][T23231] veth0_to_bridge: entered promiscuous mode [ 1011.063608][T23230] veth0_to_bridge: left promiscuous mode [ 1011.450672][T23252] netlink: 20 bytes leftover after parsing attributes in process `syz.3.23087'. [ 1011.947940][T23284] netlink: 'syz.2.23099': attribute type 27 has an invalid length. [ 1012.161945][T23284] bridge0: port 2(bridge_slave_1) entered disabled state [ 1012.164491][T23284] bridge0: port 1(bridge_slave_0) entered disabled state [ 1012.630089][T23284] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1012.662334][T23284] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1012.685499][T23284] macvlan0: left promiscuous mode [ 1013.353214][T23284] macvlan4: left promiscuous mode [ 1013.359400][ T9882] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1013.362534][ T9882] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1013.382221][ T9882] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1013.386326][ T9882] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1013.473296][T23335] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.23122'. [ 1014.176918][T23359] smc: net device bond0 applied user defined pnetid SYZ0 [ 1014.211510][T23365] netlink: 4 bytes leftover after parsing attributes in process `syz.9.23133'. [ 1014.658059][T23389] syzkaller1: entered promiscuous mode [ 1014.660379][T23389] syzkaller1: entered allmulticast mode [ 1014.684050][T23391] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1014.686995][T23391] IPv6: NLM_F_CREATE should be set when creating new route [ 1014.720591][T23393] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.23146'. [ 1014.948397][T23406] input: syz0 as /devices/virtual/input/input79 [ 1015.090972][ T40] audit: type=1326 audit(1467.360:24029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23417 comm="syz.2.23156" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000 [ 1015.099995][ T40] audit: type=1326 audit(1467.360:24030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23417 comm="syz.2.23156" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000 [ 1015.107828][ T40] audit: type=1326 audit(1467.379:24031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23417 comm="syz.2.23156" exe="/syz-executor" sig=0 arch=40000003 syscall=312 compat=1 ip=0xf7fb3579 code=0x7ffc0000 [ 1015.114806][ T40] audit: type=1326 audit(1467.379:24032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23417 comm="syz.2.23156" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000 [ 1015.122592][ T40] audit: type=1326 audit(1467.379:24033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23417 comm="syz.2.23156" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000 [ 1015.185663][T23426] netlink: 24 bytes leftover after parsing attributes in process `syz.2.23160'. [ 1015.292559][T23438] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.23165'. [ 1015.385866][T23446] syzkaller1: entered promiscuous mode [ 1015.387653][T23446] syzkaller1: entered allmulticast mode [ 1015.882057][T23480] veth0: entered promiscuous mode [ 1015.884291][T23480] veth0: left promiscuous mode [ 1016.282501][ T9] usb 14-1: new high-speed USB device number 18 using dummy_hcd [ 1016.293042][T13999] usb 9-1: new high-speed USB device number 20 using dummy_hcd [ 1016.452560][ T9] usb 14-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1016.454769][T13999] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1016.455756][ T9] usb 14-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1016.460271][T13999] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1016.462961][ T9] usb 14-1: Product: syz [ 1016.462971][ T9] usb 14-1: Manufacturer: syz [ 1016.462978][ T9] usb 14-1: SerialNumber: syz [ 1016.467486][T13999] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1016.472338][ T9] usb 14-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1016.473802][T13999] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1016.487775][T13999] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1016.498205][T13999] usb 9-1: config 0 descriptor?? [ 1016.509199][ T7199] usb 14-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1016.764599][T23490] random: crng reseeded on system resumption [ 1016.792939][T23490] netlink: 64 bytes leftover after parsing attributes in process `syz.9.23186'. [ 1016.827370][T23512] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1016.863150][ T9] usb 14-1: USB disconnect, device number 18 [ 1016.952554][T13999] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 1017.236386][ T6184] usb 9-1: USB disconnect, device number 20 [ 1017.416748][ T6184] Process accounting resumed [ 1017.430242][T23525] Process accounting resumed [ 1017.597827][ T7199] ath9k_htc 14-1:1.0: ath9k_htc: Target is unresponsive [ 1017.602903][ T7199] ath9k_htc: Failed to initialize the device [ 1017.605838][ T9] usb 14-1: ath9k_htc: USB layer deinitialized [ 1017.683054][T23539] bridge_slave_0: left allmulticast mode [ 1017.684934][T23539] bridge_slave_0: left promiscuous mode [ 1017.686904][T23539] bridge0: port 1(bridge_slave_0) entered disabled state [ 1017.795319][T23539] bridge_slave_1: left allmulticast mode [ 1017.800414][T23539] bridge_slave_1: left promiscuous mode [ 1017.803092][T23539] bridge0: port 2(bridge_slave_1) entered disabled state [ 1017.869454][ T40] audit: type=1326 audit(1469.961:24034): auid=4294967295 uid=0 gid=60928 ses=4294967295 subj=unconfined pid=23547 comm="syz.4.23211" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f06579 code=0x0 [ 1017.898629][T23539] bond0: (slave bond_slave_0): Releasing backup interface [ 1017.961687][T23539] bond0: (slave bond_slave_1): Releasing backup interface [ 1018.047456][T23539] team0: Port device team_slave_0 removed [ 1018.100329][T23539] team0: Port device team_slave_1 removed [ 1018.102631][T23539] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1018.179494][T23539] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1018.239774][T23539] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 1018.247675][ T7886] usb 14-1: new high-speed USB device number 19 using dummy_hcd [ 1018.294576][T23564] netlink: 20 bytes leftover after parsing attributes in process `syz.2.23218'. [ 1018.422409][ T7886] usb 14-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 1018.426442][ T7886] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1018.429846][ T7886] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1018.440427][ T7886] usb 14-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 1018.445653][ T7886] usb 14-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 1018.448841][ T7886] usb 14-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 1018.451699][ T7886] usb 14-1: Manufacturer: syz [ 1018.456115][ T7886] usb 14-1: config 0 descriptor?? [ 1018.893893][ T7886] appleir 0003:05AC:8243.000F: unknown main item tag 0x0 [ 1018.898056][ T7886] appleir 0003:05AC:8243.000F: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.9-1/input0 [ 1019.171021][ T912] usb 14-1: USB disconnect, device number 19 [ 1019.993150][ T9] usb 14-1: new high-speed USB device number 20 using dummy_hcd [ 1020.152981][ T9] usb 14-1: Using ep0 maxpacket: 8 [ 1020.157997][ T9] usb 14-1: config 0 interface 0 has no altsetting 0 [ 1020.160365][ T9] usb 14-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 1020.163560][ T9] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1020.168993][ T9] usb 14-1: config 0 descriptor?? [ 1020.539625][T23636] netlink: 4 bytes leftover after parsing attributes in process `syz.3.23252'. [ 1020.611015][ T9] mcp2221 0003:04D8:00DD.0010: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.9-1/input0 [ 1020.825312][T15070] usb 14-1: USB disconnect, device number 20 [ 1021.106464][ T6201] kernel read not supported for file /dsp (pid: 6201 comm: kworker/1:4) [ 1021.384934][T23659] netlink: 240 bytes leftover after parsing attributes in process `syz.2.23261'. [ 1021.388592][T23659] netlink: 424 bytes leftover after parsing attributes in process `syz.2.23261'. [ 1021.488661][T23639] ceph: No mds server is up or the cluster is laggy [ 1021.551128][ T64] block nbd2: Receive control failed (result -107) [ 1021.598425][T23668] block nbd2: shutting down sockets [ 1021.954377][ T7199] libceph: connect (1)[c::]:6789 error -101 [ 1021.956520][ T7199] libceph: mon0 (1)[c::]:6789 connect error [ 1022.044590][ T6122] Bluetooth: hci1: command 0x0405 tx timeout [ 1022.229444][ T7199] libceph: connect (1)[c::]:6789 error -101 [ 1022.231599][ T7199] libceph: mon0 (1)[c::]:6789 connect error [ 1022.774126][ T7199] libceph: connect (1)[c::]:6789 error -101 [ 1022.776382][ T7199] libceph: mon0 (1)[c::]:6789 connect error [ 1022.826472][T23700] ceph: No mds server is up or the cluster is laggy [ 1022.958723][ T9980] block nbd9: Receive control failed (result -107) [ 1023.008678][T23711] block nbd9: shutting down sockets [ 1023.224253][T23727] netlink: 12 bytes leftover after parsing attributes in process `syz.4.23289'. [ 1023.631703][ T9980] block nbd4: Receive control failed (result -107) [ 1023.705860][T23740] block nbd4: shutting down sockets [ 1023.926091][ T64] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1023.926638][ T9980] Bluetooth: hci2: command 0xfc11 tx timeout [ 1024.289590][T13999] usb 9-1: new high-speed USB device number 21 using dummy_hcd [ 1024.451857][T13999] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1024.460633][T13999] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1024.464704][T13999] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1024.469998][T13999] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1024.473861][T13999] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1024.479790][T13999] usb 9-1: config 0 descriptor?? [ 1024.618649][T23759] netlink: 12 bytes leftover after parsing attributes in process `syz.2.23303'. [ 1024.853805][ T91] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1024.936202][T13999] plantronics 0003:047F:FFFF.0011: unknown main item tag 0x0 [ 1024.942142][T13999] plantronics 0003:047F:FFFF.0011: unknown main item tag 0x0 [ 1024.952384][T13999] plantronics 0003:047F:FFFF.0011: unknown main item tag 0x0 [ 1024.954788][T13999] plantronics 0003:047F:FFFF.0011: unknown main item tag 0x0 [ 1024.957170][T13999] plantronics 0003:047F:FFFF.0011: unknown main item tag 0x0 [ 1024.959551][T13999] plantronics 0003:047F:FFFF.0011: unknown main item tag 0x0 [ 1024.961912][T13999] plantronics 0003:047F:FFFF.0011: unknown main item tag 0x0 [ 1024.967987][T13999] plantronics 0003:047F:FFFF.0011: unknown main item tag 0x0 [ 1024.970393][T13999] plantronics 0003:047F:FFFF.0011: unknown main item tag 0x0 [ 1024.972974][T13999] plantronics 0003:047F:FFFF.0011: unknown main item tag 0x0 [ 1024.986511][T13999] plantronics 0003:047F:FFFF.0011: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 1025.224868][T13999] usb 9-1: USB disconnect, device number 21 [ 1025.242082][ T6201] libceph: connect (1)[c::]:6789 error -101 [ 1025.244669][ T6201] libceph: mon0 (1)[c::]:6789 connect error [ 1025.487703][ T7199] usb 14-1: new high-speed USB device number 21 using dummy_hcd [ 1025.529877][ T6201] libceph: connect (1)[c::]:6789 error -101 [ 1025.531972][ T6201] libceph: mon0 (1)[c::]:6789 connect error [ 1025.651247][ T7199] usb 14-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 1025.655818][ T7199] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1025.660588][ T7199] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1025.664200][ T7199] usb 14-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 1025.669701][ T7199] usb 14-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 1025.673536][ T7199] usb 14-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 1025.676953][ T7199] usb 14-1: Manufacturer: syz [ 1025.680923][ T7199] usb 14-1: config 0 descriptor?? [ 1026.088049][ T6201] libceph: connect (1)[c::]:6789 error -101 [ 1026.090688][ T6201] libceph: mon0 (1)[c::]:6789 connect error [ 1026.100782][T23777] ceph: No mds server is up or the cluster is laggy [ 1026.122724][ T7199] appleir 0003:05AC:8243.0012: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.9-1/input0 [ 1026.408851][ T7199] usb 14-1: USB disconnect, device number 21 [ 1028.164807][T23851] overlayfs: failed lookup in lower (newroot/1086, name='file0', err=-40): overlapping layers [ 1028.525719][T23868] loop5: detected capacity change from 0 to 7 [ 1028.535258][T23868] Dev loop5: unable to read RDB block 7 [ 1028.538040][T23868] loop5: unable to read partition table [ 1028.540259][T23868] loop5: partition table beyond EOD, truncated [ 1028.542747][T23868] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 1029.223125][T23892] netlink: 4 bytes leftover after parsing attributes in process `syz.2.23358'. [ 1029.503212][T23908] netlink: 'syz.4.23366': attribute type 19 has an invalid length. [ 1029.996739][T23937] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.23379'. [ 1029.998410][T23939] netlink: 20 bytes leftover after parsing attributes in process `syz.4.23378'. [ 1030.473478][T23977] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.23397'. [ 1030.559962][T23985] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1030.563445][T23985] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 1030.682664][ T64] Bluetooth: hci3: command 0x0406 tx timeout [ 1030.778136][T13999] kernel write not supported for file /sequencer (pid: 13999 comm: kworker/3:6) [ 1031.344981][T24049] syzkaller1: entered promiscuous mode [ 1031.352392][T24049] syzkaller1: entered allmulticast mode [ 1032.466685][T24116] netlink: 'syz.3.23460': attribute type 1 has an invalid length. [ 1032.683954][T24125] netlink: 16 bytes leftover after parsing attributes in process `syz.4.23464'. [ 1032.727284][T24128] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.23465'. [ 1032.911498][T24149] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve1, syncid = 10802, id = 0 [ 1033.642009][T24161] netlink: 212368 bytes leftover after parsing attributes in process `syz.9.23482'. [ 1033.751963][T24165] netlink: 24 bytes leftover after parsing attributes in process `syz.2.23481'. [ 1033.943717][ T7886] usb 14-1: new high-speed USB device number 22 using dummy_hcd [ 1034.109657][T24171] overlayfs: missing 'lowerdir' [ 1034.125655][ T7886] usb 14-1: config index 0 descriptor too short (expected 45, got 36) [ 1034.128970][ T7886] usb 14-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1034.133617][ T7886] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1034.142710][ T7886] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1034.147052][ T7886] usb 14-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1034.151246][ T7886] usb 14-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1034.154630][ T7886] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1034.158714][ T7886] usb 14-1: config 0 descriptor?? [ 1034.165563][T24163] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 1034.601145][T24185] vlan0: entered allmulticast mode [ 1034.603217][T24185] macvtap0: entered allmulticast mode [ 1034.605300][T24185] veth0_macvtap: entered allmulticast mode [ 1034.612130][ T7886] hid_parser_main: 6 callbacks suppressed [ 1034.612142][ T7886] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 1034.616298][ T7886] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 1034.618741][ T7886] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 1034.620997][ T7886] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 1034.623379][ T7886] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 1034.625735][ T7886] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 1034.639314][ T7886] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 1034.641640][ T7886] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 1034.643974][ T7886] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 1034.646242][ T7886] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 1034.650776][ T7886] plantronics 0003:047F:FFFF.0013: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.9-1/input0 [ 1034.887121][T13999] usb 14-1: USB disconnect, device number 22 [ 1034.927447][ T7199] usb 9-1: new high-speed USB device number 22 using dummy_hcd [ 1035.087141][ T7199] usb 9-1: Using ep0 maxpacket: 8 [ 1035.090742][ T7199] usb 9-1: config 0 interface 0 has no altsetting 0 [ 1035.093212][ T7199] usb 9-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 1035.096356][ T7199] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1035.101601][ T7199] usb 9-1: config 0 descriptor?? [ 1035.365895][T13999] hid-generic 0000:0000:0000.0014: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1035.507558][T24228] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4) [ 1035.509607][T24228] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1035.512307][T24228] vhci_hcd vhci_hcd.0: Device attached [ 1035.520653][T24230] vhci_hcd: connection closed [ 1035.520886][T13976] vhci_hcd vhci_hcd.2: stop threads [ 1035.525147][T13976] vhci_hcd vhci_hcd.2: release socket [ 1035.527482][T13976] vhci_hcd vhci_hcd.2: disconnect device [ 1035.541881][ T7199] mcp2221 0003:04D8:00DD.0015: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0 [ 1035.755804][T24187] i2c i2c-2: unsupported multi-msg i2c transaction [ 1035.761946][ T7886] usb 9-1: USB disconnect, device number 22 [ 1036.189498][T24247] netlink: 4 bytes leftover after parsing attributes in process `syz.2.23518'. [ 1036.194732][T24247] netlink: 72 bytes leftover after parsing attributes in process `syz.2.23518'. [ 1036.537783][T24270] 9pnet: p9_errstr2errno: server reported unknown error  [ 1036.795511][ T7199] hid-generic 0000:0000:0000.0016: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1036.886763][T24281] input: syz1 as /devices/virtual/input/input81 [ 1037.349137][T24302] netlink: 4 bytes leftover after parsing attributes in process `syz.4.23541'. [ 1037.585163][T24308] syzkaller1: entered promiscuous mode [ 1037.586955][T24308] syzkaller1: entered allmulticast mode [ 1038.261466][T24343] netlink: 4 bytes leftover after parsing attributes in process `syz.4.23559'. [ 1038.274952][T24343] netlink: 4 bytes leftover after parsing attributes in process `syz.4.23559'. [ 1038.520716][ T40] audit: type=1326 audit(1489.286:24035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24360 comm="syz.3.23567" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x0 [ 1040.861431][T24424] syzkaller1: entered promiscuous mode [ 1040.863828][T24424] syzkaller1: entered allmulticast mode [ 1041.251354][T15070] hid_parser_main: 7 callbacks suppressed [ 1041.251366][T15070] hid-generic 0000:3000000:0000.0017: unknown main item tag 0x4 [ 1041.259965][T15070] hid-generic 0000:3000000:0000.0017: unknown main item tag 0x2 [ 1041.262891][T15070] hid-generic 0000:3000000:0000.0017: unknown main item tag 0x0 [ 1041.265358][T15070] hid-generic 0000:3000000:0000.0017: unknown main item tag 0x0 [ 1041.267877][T15070] hid-generic 0000:3000000:0000.0017: unknown main item tag 0x0 [ 1041.270253][T15070] hid-generic 0000:3000000:0000.0017: unknown main item tag 0x0 [ 1041.272607][T15070] hid-generic 0000:3000000:0000.0017: unknown main item tag 0x0 [ 1041.275536][T15070] hid-generic 0000:3000000:0000.0017: unknown main item tag 0x0 [ 1041.278937][T15070] hid-generic 0000:3000000:0000.0017: unknown main item tag 0x0 [ 1041.281397][T15070] hid-generic 0000:3000000:0000.0017: unknown main item tag 0x0 [ 1041.284765][T15070] hid-generic 0000:3000000:0000.0017: hidraw0: HID v0.00 Device [sy] on syz0 [ 1042.131016][T24477] GUP no longer grows the stack in syz.9.23618 (24477): 80006000-8000a000 (80002000) [ 1042.136579][T24477] CPU: 3 UID: 0 PID: 24477 Comm: syz.9.23618 Tainted: G L syzkaller #0 PREEMPT(full) [ 1042.136597][T24477] Tainted: [L]=SOFTLOCKUP [ 1042.136601][T24477] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1042.136608][T24477] Call Trace: [ 1042.136612][T24477] [ 1042.136617][T24477] dump_stack_lvl+0x16c/0x1f0 [ 1042.136638][T24477] gup_vma_lookup+0x1d2/0x220 [ 1042.136655][T24477] __get_user_pages+0x241/0x3590 [ 1042.136674][T24477] ? find_held_lock+0x2b/0x80 [ 1042.136690][T24477] ? __pfx___get_user_pages+0x10/0x10 [ 1042.136709][T24477] get_user_pages_remote+0x243/0xab0 [ 1042.136724][T24477] ? mas_new_root+0x660/0x6e0 [ 1042.136742][T24477] ? __pfx_get_user_pages_remote+0x10/0x10 [ 1042.136759][T24477] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1042.136778][T24477] __access_remote_vm+0x24d/0x850 [ 1042.136794][T24477] ? do_raw_spin_lock+0x12c/0x2b0 [ 1042.136805][T24477] ? __pfx___access_remote_vm+0x10/0x10 [ 1042.136822][T24477] proc_pid_cmdline_read+0x4de/0x8e0 [ 1042.136835][T24477] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 1042.136846][T24477] ? rw_verify_area+0xcf/0x6c0 [ 1042.136860][T24477] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 1042.136869][T24477] vfs_readv+0x5c1/0x8b0 [ 1042.136885][T24477] ? __pfx_vfs_readv+0x10/0x10 [ 1042.136907][T24477] ? __fget_files+0x20e/0x3c0 [ 1042.136925][T24477] ? do_preadv+0x1a6/0x270 [ 1042.136937][T24477] do_preadv+0x1a6/0x270 [ 1042.136950][T24477] ? __pfx_do_preadv+0x10/0x10 [ 1042.136968][T24477] __do_fast_syscall_32+0xe8/0x680 [ 1042.136979][T24477] do_fast_syscall_32+0x32/0x80 [ 1042.136989][T24477] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1042.137002][T24477] RIP: 0023:0xf7fb1579 [ 1042.137011][T24477] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1042.137021][T24477] RSP: 002b:00000000f54a655c EFLAGS: 00000296 ORIG_RAX: 000000000000014d [ 1042.137031][T24477] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 1042.137037][T24477] RDX: 0000000000000001 RSI: 0000000000000300 RDI: 0000000000000000 [ 1042.137043][T24477] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1042.137049][T24477] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1042.137055][T24477] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1042.137067][T24477] [ 1042.280711][T24486] gre0: Master is either lo or non-ether device [ 1042.717943][T24505] netlink: 8 bytes leftover after parsing attributes in process `syz.9.23626'. [ 1042.731954][ T40] audit: type=1326 audit(1493.224:24036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24506 comm="syz.2.23630" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000 [ 1042.750955][ T40] audit: type=1326 audit(1493.224:24037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24506 comm="syz.2.23630" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb3598 code=0x7ffc0000 [ 1042.768063][ T40] audit: type=1326 audit(1493.234:24038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24506 comm="syz.2.23630" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb3598 code=0x7ffc0000 [ 1042.777843][ T40] audit: type=1326 audit(1493.234:24039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24506 comm="syz.2.23630" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000 [ 1042.786265][ T40] audit: type=1326 audit(1493.234:24040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24506 comm="syz.2.23630" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb3598 code=0x7ffc0000 [ 1042.794865][ T40] audit: type=1326 audit(1493.234:24041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24506 comm="syz.2.23630" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000 [ 1042.803835][ T40] audit: type=1326 audit(1493.234:24042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24506 comm="syz.2.23630" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000 [ 1042.813887][ T40] audit: type=1326 audit(1493.234:24043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24506 comm="syz.2.23630" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb3598 code=0x7ffc0000 [ 1042.822825][ T40] audit: type=1326 audit(1493.234:24044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24506 comm="syz.2.23630" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb3598 code=0x7ffc0000 [ 1045.072144][ T6201] usb 9-1: new high-speed USB device number 23 using dummy_hcd [ 1045.232902][ T6201] usb 9-1: Using ep0 maxpacket: 8 [ 1045.243440][ T6201] usb 9-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 1045.247230][ T6201] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1045.250558][ T6201] usb 9-1: Product: syz [ 1045.252320][ T6201] usb 9-1: Manufacturer: syz [ 1045.264566][ T6201] usb 9-1: SerialNumber: syz [ 1045.268632][ T6201] usb 9-1: config 0 descriptor?? [ 1045.493508][ T6201] usb 9-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1045.500580][ T6201] dvb_usb_rtl28xxu 9-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 1045.505695][ T6201] usb 9-1: USB disconnect, device number 23 [ 1045.672936][T13999] usb 14-1: new high-speed USB device number 23 using dummy_hcd [ 1046.121409][T24618] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1046.125386][T24618] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1046.130362][T13999] usb 14-1: unable to get BOS descriptor or descriptor too short [ 1046.136325][T13999] usb 14-1: unable to read config index 0 descriptor/start: -71 [ 1046.138797][T13999] usb 14-1: can't read configurations, error -71 [ 1047.039085][T24678] netlink: 8 bytes leftover after parsing attributes in process `syz.9.23709'. [ 1047.098804][ T40] kauditd_printk_skb: 71 callbacks suppressed [ 1047.098819][ T40] audit: type=1400 audit(1498.302:24116): apparmor="DENIED" operation="setprocattr" info="exec" error=-22 profile="unconfined" pid=24684 comm=FF [ 1047.548998][T24723] overlayfs: workdir and upperdir must reside under the same mount [ 1048.999971][ T40] audit: type=1326 audit(1500.079:24117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24779 comm="syz.9.23753" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x7ffc0000 [ 1049.016383][ T40] audit: type=1326 audit(1500.079:24118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24779 comm="syz.9.23753" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x7ffc0000 [ 1049.023342][ T40] audit: type=1326 audit(1500.079:24119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24779 comm="syz.9.23753" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fb1579 code=0x7ffc0000 [ 1049.030106][ T40] audit: type=1326 audit(1500.079:24120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24779 comm="syz.9.23753" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x7ffc0000 [ 1049.038397][ T40] audit: type=1326 audit(1500.079:24121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24779 comm="syz.9.23753" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x7ffc0000 [ 1049.046216][ T40] audit: type=1326 audit(1500.079:24122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24779 comm="syz.9.23753" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7fb1579 code=0x7ffc0000 [ 1049.176919][ T40] audit: type=1326 audit(1500.238:24123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24779 comm="syz.9.23753" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x7ffc0000 [ 1049.183955][ T40] audit: type=1326 audit(1500.238:24124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24779 comm="syz.9.23753" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x7ffc0000 [ 1050.389336][T24820] syzkaller1: entered promiscuous mode [ 1050.391906][T24820] syzkaller1: entered allmulticast mode [ 1050.839903][T24840] netlink: 'syz.3.23780': attribute type 10 has an invalid length. [ 1050.867047][T24840] syz_tun: entered promiscuous mode [ 1050.879653][T24840] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 1050.889943][T24845] netlink: 'syz.4.23782': attribute type 7 has an invalid length. [ 1050.893383][T24845] netlink: 'syz.4.23782': attribute type 8 has an invalid length. [ 1050.896664][T24845] netlink: 'syz.4.23782': attribute type 7 has an invalid length. [ 1050.900627][T24845] netlink: 208740 bytes leftover after parsing attributes in process `syz.4.23782'. [ 1051.127568][T24853] kvm: user requested TSC rate below hardware speed [ 1051.700129][T24874] netlink: 8 bytes leftover after parsing attributes in process `syz.9.23795'. [ 1052.170755][T13999] usb 14-1: new high-speed USB device number 25 using dummy_hcd [ 1052.343190][T13999] usb 14-1: config index 0 descriptor too short (expected 45, got 36) [ 1052.347021][T13999] usb 14-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1052.352779][T13999] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1052.356264][T13999] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1052.360278][T13999] usb 14-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1052.369409][T13999] usb 14-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1052.372808][T13999] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1052.377432][T13999] usb 14-1: config 0 descriptor?? [ 1052.380226][T24885] raw-gadget.1 gadget.9: fail, usb_ep_enable returned -22 [ 1052.827519][T13999] plantronics 0003:047F:FFFF.0018: reserved main item tag 0xd [ 1052.834641][T13999] plantronics 0003:047F:FFFF.0018: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.9-1/input0 [ 1053.104711][T13999] usb 14-1: USB disconnect, device number 25 [ 1053.789126][T24953] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1054.579877][T24993] bridge1: entered promiscuous mode [ 1055.067970][T13999] usb 14-1: new high-speed USB device number 26 using dummy_hcd [ 1055.204978][T25016] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 1055.210876][T25016] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 1055.250290][T13999] usb 14-1: too many configurations: 9, using maximum allowed: 8 [ 1055.254417][T13999] usb 14-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1055.258192][T13999] usb 14-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1055.263344][T13999] usb 14-1: config 0 interface 0 has no altsetting 0 [ 1055.267086][T13999] usb 14-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1055.270840][T13999] usb 14-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1055.275384][T13999] usb 14-1: config 0 interface 0 has no altsetting 0 [ 1055.279075][T13999] usb 14-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1055.284508][T13999] usb 14-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1055.288983][T13999] usb 14-1: config 0 interface 0 has no altsetting 0 [ 1055.294682][T13999] usb 14-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1055.298425][T13999] usb 14-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1055.302772][T13999] usb 14-1: config 0 interface 0 has no altsetting 0 [ 1055.306668][T13999] usb 14-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1055.310310][T13999] usb 14-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1055.315146][T13999] usb 14-1: config 0 interface 0 has no altsetting 0 [ 1055.318777][T13999] usb 14-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1055.322538][T13999] usb 14-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1055.327192][T13999] usb 14-1: config 0 interface 0 has no altsetting 0 [ 1055.330842][T13999] usb 14-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1055.334610][T13999] usb 14-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1055.339240][T13999] usb 14-1: config 0 interface 0 has no altsetting 0 [ 1055.343130][T13999] usb 14-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1055.347079][T13999] usb 14-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1055.351587][T13999] usb 14-1: config 0 interface 0 has no altsetting 0 [ 1055.356265][T13999] usb 14-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1055.360179][T13999] usb 14-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1055.363671][T13999] usb 14-1: Product: syz [ 1055.365487][T13999] usb 14-1: Manufacturer: syz [ 1055.367600][T13999] usb 14-1: SerialNumber: syz [ 1055.371663][T13999] usb 14-1: config 0 descriptor?? [ 1055.379684][T13999] yurex 14-1:0.0: USB YUREX device now attached to Yurex #0 [ 1055.414651][T25018] vlan1: entered allmulticast mode [ 1055.604221][T13999] usb 14-1: USB disconnect, device number 26 [ 1055.607263][T13999] yurex 14-1:0.0: USB YUREX #0 now disconnected [ 1055.626796][T25022] netlink: 4 bytes leftover after parsing attributes in process `syz.4.23860'. [ 1055.631103][T25022] netlink: 4 bytes leftover after parsing attributes in process `syz.4.23860'. [ 1056.037052][T25030] syzkaller1: entered promiscuous mode [ 1056.039539][T25030] syzkaller1: entered allmulticast mode [ 1056.584076][T25047] sctp: [Deprecated]: syz.9.23871 (pid 25047) Use of int in maxseg socket option. [ 1056.584076][T25047] Use struct sctp_assoc_value instead [ 1058.392723][ T9980] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1058.392791][ T64] Bluetooth: hci2: command 0x1003 tx timeout [ 1058.684198][T25075] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.23883'. [ 1058.711417][T25077] gfs2: error -5 reading superblock [ 1058.743471][T25081] netlink: 4 bytes leftover after parsing attributes in process `syz.3.23888'. [ 1058.748481][T25081] netlink: 4 bytes leftover after parsing attributes in process `syz.3.23888'. [ 1059.226966][T25094] netlink: 65039 bytes leftover after parsing attributes in process `syz.4.23894'. [ 1059.447893][T25098] team0 (unregistering): Port device team_slave_0 removed [ 1059.549694][T25098] team0 (unregistering): Port device team_slave_1 removed [ 1059.664887][T25102] io-wq is not configured for unbound workers [ 1059.670562][T25098] team0 (unregistering): Port device geneve0 removed [ 1060.594646][T25117] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1060.768241][T25130] netlink: 'syz.9.23911': attribute type 83 has an invalid length. [ 1060.771728][T25127] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 1060.883854][ T9980] Bluetooth: hci0: command 0x0c1a tx timeout [ 1061.167997][T25161] tipc: Enabled bearer , priority 0 [ 1061.226080][T25163] netlink: 4 bytes leftover after parsing attributes in process `syz.3.23925'. [ 1061.668095][T25182] netlink: 212336 bytes leftover after parsing attributes in process `syz.4.23933'. [ 1061.689118][T25184] netlink: 12 bytes leftover after parsing attributes in process `syz.3.23934'. [ 1062.251956][T13999] tipc: Node number set to 2886997007 [ 1063.183677][ T64] Bluetooth: hci1: link tx timeout [ 1063.188447][ T64] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 1063.202584][ T40] audit: type=1326 audit(1513.362:24125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25240 comm="syz.2.23961" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fb3579 code=0x0 [ 1063.695238][T13999] usb 9-1: new high-speed USB device number 24 using dummy_hcd [ 1063.806088][T25265] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 1063.856267][T13999] usb 9-1: too many configurations: 9, using maximum allowed: 8 [ 1063.860748][T13999] usb 9-1: config 0 has no interfaces? [ 1063.864061][T13999] usb 9-1: config 0 has no interfaces? [ 1063.868168][T13999] usb 9-1: config 0 has no interfaces? [ 1063.870923][T13999] usb 9-1: config 0 has no interfaces? [ 1063.873387][T13999] usb 9-1: config 0 has no interfaces? [ 1063.876068][T13999] usb 9-1: config 0 has no interfaces? [ 1063.878707][T13999] usb 9-1: config 0 has no interfaces? [ 1063.881270][T13999] usb 9-1: config 0 has no interfaces? [ 1063.884943][T13999] usb 9-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1063.888909][T13999] usb 9-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1063.891670][T13999] usb 9-1: Product: syz [ 1063.892834][T25269] netlink: 'syz.3.23973': attribute type 13 has an invalid length. [ 1063.893011][T13999] usb 9-1: Manufacturer: syz [ 1063.897879][T13999] usb 9-1: SerialNumber: syz [ 1063.901432][T13999] usb 9-1: config 0 descriptor?? [ 1064.347096][T25262] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1064.350324][T25262] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1064.355932][ T7886] usb 9-1: USB disconnect, device number 24 [ 1064.379426][ T64] Bluetooth: hci2: command 0x1003 tx timeout [ 1064.379502][ T9980] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1064.722003][ T1140] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1064.736373][T25281] netlink: 28 bytes leftover after parsing attributes in process `syz.9.23978'. [ 1064.740028][T25281] netlink: 32 bytes leftover after parsing attributes in process `syz.9.23978'. [ 1064.746091][T25281] netlink: 28 bytes leftover after parsing attributes in process `syz.9.23978'. [ 1065.405769][ T9980] Bluetooth: hci1: command 0x0405 tx timeout [ 1065.458030][ T40] audit: type=1326 audit(1515.476:24126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25299 comm="syz.9.23986" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x7ffc0000 [ 1065.490059][ T40] audit: type=1326 audit(1515.485:24127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25299 comm="syz.9.23986" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x7ffc0000 [ 1065.501252][ T40] audit: type=1326 audit(1515.485:24128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25299 comm="syz.9.23986" exe="/syz-executor" sig=0 arch=40000003 syscall=164 compat=1 ip=0xf7fb1579 code=0x7ffc0000 [ 1065.509009][ T40] audit: type=1326 audit(1515.485:24129): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=unconfined pid=25299 comm="syz.9.23986" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x7ffc0000 [ 1065.516101][ T40] audit: type=1326 audit(1515.485:24130): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=unconfined pid=25299 comm="syz.9.23986" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x7ffc0000 [ 1065.797377][ T6122] Bluetooth: hci1: unexpected event for opcode 0x0c26 [ 1066.016920][ T91] Bluetooth: hci2: received HCILL_GO_TO_SLEEP_ACK in state 1 [ 1066.027257][ T91] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1066.150822][ T7886] kernel read not supported for file /dsp (pid: 7886 comm: kworker/2:5) [ 1066.560308][ T7886] usb 9-1: new high-speed USB device number 25 using dummy_hcd [ 1066.731647][ T7886] usb 9-1: Using ep0 maxpacket: 16 [ 1066.736168][ T7886] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1066.740428][ T7886] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1066.744341][ T7886] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 1066.749517][ T7886] usb 9-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 1066.753369][ T7886] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1066.758406][ T7886] usb 9-1: config 0 descriptor?? [ 1066.818362][T25345] netlink: 28 bytes leftover after parsing attributes in process `syz.9.24007'. [ 1067.198225][ T7886] input: HID 05ac:8241 as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/0003:05AC:8241.0019/input/input83 [ 1067.273079][ T7886] appleir 0003:05AC:8241.0019: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.4-1/input0 [ 1067.296389][T25353] netlink: 4 bytes leftover after parsing attributes in process `syz.9.24011'. [ 1067.417388][T13999] usb 9-1: USB disconnect, device number 25 [ 1067.469373][ T1138] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1067.717517][T25364] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 1068.238723][ T9980] Bluetooth: hci2: command 0x1003 tx timeout [ 1068.239426][ T6122] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1068.338283][T25382] netlink: 4 bytes leftover after parsing attributes in process `syz.2.24024'. [ 1068.440641][ T40] audit: type=1326 audit(1518.264:24131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25385 comm="syz.9.24026" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fb1579 code=0x0 [ 1069.279716][T25425] kvm: user requested TSC rate below hardware speed [ 1069.384266][ T7886] kernel read not supported for file /sequencer (pid: 7886 comm: kworker/2:5) [ 1070.212414][T25454] Bluetooth: MGMT ver 1.23 [ 1071.134425][T25456] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1071.137521][T25456] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 1071.139600][T25456] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1071.141716][T25456] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1071.200842][T25456] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1071.202916][T25456] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1071.950176][T25517] binder_alloc: binder_alloc_mmap_handler: 25516 80ffd000-80ffe000 already mapped failed -16 [ 1071.982345][T25519] netlink: 4 bytes leftover after parsing attributes in process `syz.9.24083'. [ 1072.504577][ T6122] Bluetooth: hci0: command 0x0c1a tx timeout [ 1072.504753][T25547] netlink: 4 bytes leftover after parsing attributes in process `syz.4.24097'. [ 1072.724306][T25564] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 1072.729348][T25564] overlayfs: overlapping lowerdir path [ 1072.770315][ T40] audit: type=1326 audit(1522.314:24132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25565 comm="syz.3.24106" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7ff7579 code=0x0 [ 1072.979709][T25583] syzkaller1: entered promiscuous mode [ 1072.981548][T25583] syzkaller1: entered allmulticast mode [ 1073.359818][ T6122] Bluetooth: hci3: command 0x0406 tx timeout [ 1073.361390][ T64] Bluetooth: hci6: command 0x0c1a tx timeout [ 1073.370246][ T64] Bluetooth: hci1: command 0x0405 tx timeout [ 1073.430507][T25597] input: syz0 as /devices/virtual/input/input84 [ 1073.436025][T25598] netlink: 'syz.9.24120': attribute type 13 has an invalid length. [ 1073.532540][ T64] Bluetooth: hci2: command 0x1003 tx timeout [ 1073.536384][ T9980] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1073.539490][ T40] audit: type=1326 audit(1523.034:24133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25600 comm="syz.4.24121" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f06579 code=0x0 [ 1075.132889][T25650] netlink: 'syz.2.24139': attribute type 13 has an invalid length. [ 1075.583267][ T9980] Bluetooth: hci1: command 0x0405 tx timeout [ 1075.583372][ T64] Bluetooth: hci3: command 0x0406 tx timeout [ 1075.586251][T25625] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1075.590330][T25625] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 1075.592669][T25625] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1075.595305][T25625] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1075.850851][ T7886] usb 9-1: new high-speed USB device number 26 using dummy_hcd [ 1076.021492][ T7886] usb 9-1: Using ep0 maxpacket: 8 [ 1076.024393][ T7886] usb 9-1: config index 0 descriptor too short (expected 301, got 45) [ 1076.026967][ T7886] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1076.029984][ T7886] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1076.033126][ T7886] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1076.036164][ T7886] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1076.040164][ T7886] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1076.043089][ T7886] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1076.267200][ T7886] usb 9-1: GET_CAPABILITIES returned 0 [ 1076.269786][ T7886] usbtmc 9-1:16.0: can't read capabilities [ 1076.484968][T13999] usb 9-1: USB disconnect, device number 26 [ 1076.558170][T25655] syzkaller1: entered promiscuous mode [ 1076.559985][T25655] syzkaller1: entered allmulticast mode [ 1076.951594][ T9980] Bluetooth: hci0: command 0x0c1a tx timeout [ 1077.663722][T25688] netlink: 48 bytes leftover after parsing attributes in process `syz.2.24158'. [ 1077.758514][T25698] netlink: 4 bytes leftover after parsing attributes in process `syz.4.24161'. [ 1077.764518][T25698] netlink: 4 bytes leftover after parsing attributes in process `syz.4.24161'. [ 1077.806912][ T6122] Bluetooth: hci3: command 0x0406 tx timeout [ 1077.806913][ T64] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1077.810129][ T6122] Bluetooth: hci6: command 0x0c1a tx timeout [ 1077.810187][ T6122] Bluetooth: hci2: command 0x1003 tx timeout [ 1077.820047][ T9980] Bluetooth: hci1: command 0x0405 tx timeout [ 1078.086474][T25722] syzkaller1: entered promiscuous mode [ 1078.088247][T25722] syzkaller1: entered allmulticast mode [ 1078.519132][T25747] vimc link validate: Scaler:src:16x16 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 1079.721464][T25773] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1080.053254][ T6122] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1080.057984][ T6122] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1080.064549][ T6122] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1080.068479][ T6122] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1080.073579][ T6122] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1080.145884][ T1138] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1080.470143][ T1138] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1080.517460][T25795] veth0: entered promiscuous mode [ 1080.526425][T25793] veth0: left promiscuous mode [ 1080.737582][ T1138] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1081.111072][ T1138] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1081.242741][T25785] chnl_net:caif_netlink_parms(): no params data found [ 1081.380506][T25785] bridge0: port 1(bridge_slave_0) entered blocking state [ 1081.383268][T25785] bridge0: port 1(bridge_slave_0) entered disabled state [ 1081.385782][T25785] bridge_slave_0: entered allmulticast mode [ 1081.388620][T25785] bridge_slave_0: entered promiscuous mode [ 1081.391897][T25785] bridge0: port 2(bridge_slave_1) entered blocking state [ 1081.394030][T25785] bridge0: port 2(bridge_slave_1) entered disabled state [ 1081.396184][T25785] bridge_slave_1: entered allmulticast mode [ 1081.399390][T25785] bridge_slave_1: entered promiscuous mode [ 1082.264888][ T64] Bluetooth: hci0: command tx timeout [ 1083.152408][ T1138] bond0 (unregistering): (slave bridge_slave_1): Releasing backup interface [ 1083.173990][ T1138] bond0 (unregistering): Released all slaves [ 1083.221024][T25785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1083.266608][T25785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1083.283812][T25785] team0: Port device team_slave_0 added [ 1083.291434][T25785] team0: Port device team_slave_1 added [ 1083.304546][T25785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1083.306783][T25785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1083.315390][T25785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1083.319021][ T1138] tipc: Disabling bearer [ 1083.321099][ T1138] tipc: Left network mode [ 1083.321468][T25785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1083.325239][T25785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1083.333383][T25785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1083.356434][T25785] hsr_slave_0: entered promiscuous mode [ 1083.358630][T25785] hsr_slave_1: entered promiscuous mode [ 1084.488531][ T64] Bluetooth: hci0: command tx timeout [ 1086.148351][T25887] Bluetooth: MGMT ver 1.23 [ 1086.240698][T25893] binder: 25891:25893 ioctl c0306201 0 returned -14 [ 1086.530446][ T1138] hsr_slave_0: left promiscuous mode [ 1086.573155][ T1138] hsr_slave_1: left promiscuous mode [ 1086.616473][ T1138] veth1_vlan: left allmulticast mode [ 1086.618485][ T1138] veth1_macvtap: left promiscuous mode [ 1086.620605][ T1138] veth0_macvtap: left promiscuous mode [ 1086.622512][ T1138] veth1_vlan: left promiscuous mode [ 1086.624200][ T1138] veth0_vlan: left promiscuous mode [ 1086.701908][ T64] Bluetooth: hci0: command tx timeout [ 1088.842628][T25928] netlink: 7 bytes leftover after parsing attributes in process `syz.3.24260'. [ 1088.876313][T25930] serio: Serial port ptm0 [ 1088.925048][ T64] Bluetooth: hci0: command tx timeout [ 1090.932899][T25939] netlink: 8 bytes leftover after parsing attributes in process `syz.2.24263'. [ 1090.936637][T25939] netlink: 4 bytes leftover after parsing attributes in process `syz.2.24263'. [ 1090.939975][T25939] netlink: 'syz.2.24263': attribute type 13 has an invalid length. [ 1090.942673][T25939] netlink: 'syz.2.24263': attribute type 12 has an invalid length. [ 1091.159400][ T64] Bluetooth: hci0: command tx timeout [ 1091.794317][T25785] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1091.890688][T25785] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1091.983204][T25785] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1092.089951][T25785] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1092.422799][T25953] netlink: 8 bytes leftover after parsing attributes in process `syz.3.24268'. [ 1092.426940][T25953] lo: Caught tx_queue_len zero misconfig [ 1092.574378][T25785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1092.586047][T25785] 8021q: adding VLAN 0 to HW filter on device team0 [ 1092.591624][ T1139] bridge0: port 1(bridge_slave_0) entered blocking state [ 1092.594844][ T1139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1092.625456][ T1139] bridge0: port 2(bridge_slave_1) entered blocking state [ 1092.628508][ T1139] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1092.747627][ T1138] IPVS: stop unused estimator thread 0... [ 1092.862637][T25785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1093.069296][T25785] veth0_vlan: entered promiscuous mode [ 1093.077437][T25785] veth1_vlan: entered promiscuous mode [ 1093.101530][T25785] veth0_macvtap: entered promiscuous mode [ 1093.107846][T25785] veth1_macvtap: entered promiscuous mode [ 1093.123556][T25785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1093.134167][T25785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1093.143129][T14012] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1093.146695][T14012] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1093.151900][T14012] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1093.155569][T14012] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1093.296077][ T1139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1093.298728][ T1139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1093.312871][T14012] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1093.315582][T14012] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1093.788426][T26028] netlink: 212320 bytes leftover after parsing attributes in process `syz.4.24294'. [ 1094.020429][T26032] sit0: entered promiscuous mode [ 1094.027106][T26032] netlink: 'syz.4.24296': attribute type 1 has an invalid length. [ 1094.029982][T26032] netlink: 1 bytes leftover after parsing attributes in process `syz.4.24296'. [ 1095.054778][T26057] Bluetooth: hci0: expected 2 bytes, got 7 bytes [ 1095.403601][ T7886] usb 11-1: new high-speed USB device number 6 using dummy_hcd [ 1095.574641][ T7886] usb 11-1: Using ep0 maxpacket: 16 [ 1095.578442][ T7886] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1095.582933][ T7886] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1095.593708][ T7886] usb 11-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1095.600050][ T7886] usb 11-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 1095.603830][ T7886] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1095.609272][ T7886] usb 11-1: config 0 descriptor?? [ 1096.052367][ T7886] hid_parser_main: 6 callbacks suppressed [ 1096.052380][ T7886] shield 0003:0955:7214.001A: unknown main item tag 0x0 [ 1096.057662][ T7886] shield 0003:0955:7214.001A: unknown main item tag 0x0 [ 1096.060661][ T7886] shield 0003:0955:7214.001A: unknown main item tag 0x0 [ 1096.063559][ T7886] shield 0003:0955:7214.001A: unknown main item tag 0x0 [ 1096.068938][ T7886] shield 0003:0955:7214.001A: unknown main item tag 0x0 [ 1096.076246][ T7886] input: HID 0955:7214 Haptics as /devices/virtual/input/input85 [ 1096.084572][ T7886] shield 0003:0955:7214.001A: Registered Thunderstrike controller [ 1096.091078][ T7886] shield 0003:0955:7214.001A: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.6-1/input0 [ 1096.095854][T26085] batadv_slave_1: entered promiscuous mode [ 1096.099659][T26084] batadv_slave_1: left promiscuous mode [ 1096.265869][T26062] netlink: 'syz.6.24310': attribute type 2 has an invalid length. [ 1096.268522][T26062] netlink: 244 bytes leftover after parsing attributes in process `syz.6.24310'. [ 1096.272774][ T6202] shield 0003:0955:7214.001A: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 1096.272886][ T6201] usb 11-1: USB disconnect, device number 6 [ 1096.277146][ T6202] shield 0003:0955:7214.001A: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 1096.284336][ T6202] shield 0003:0955:7214.001A: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 1096.289633][ T6202] shield 0003:0955:7214.001A: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 1096.871430][T26118] netlink: 68 bytes leftover after parsing attributes in process `syz.3.24333'. [ 1097.255715][T26136] netlink: 212916 bytes leftover after parsing attributes in process `syz.4.24341'. [ 1097.983392][T26150] netlink: 4 bytes leftover after parsing attributes in process `syz.3.24347'. [ 1098.320796][T26159] pim6reg1: entered promiscuous mode [ 1098.323988][T26159] pim6reg1: entered allmulticast mode [ 1098.669175][ T40] audit: type=1326 audit(1546.541:24134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26167 comm="syz.6.24354" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f16579 code=0x0 [ 1098.931585][ T1139] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1099.241501][T15070] usb 9-1: new full-speed USB device number 27 using dummy_hcd [ 1099.403185][T15070] usb 9-1: config 0 has an invalid interface number: 8 but max is 0 [ 1099.405769][T15070] usb 9-1: config 0 has no interface number 0 [ 1099.408028][T15070] usb 9-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 1099.411691][T15070] usb 9-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1099.415433][T15070] usb 9-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1099.420021][T15070] usb 9-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 1099.423308][T15070] usb 9-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 1099.425912][T15070] usb 9-1: Product: syz [ 1099.427398][T15070] usb 9-1: SerialNumber: syz [ 1099.430921][T15070] usb 9-1: config 0 descriptor?? [ 1099.437084][T15070] cm109 9-1:0.8: invalid payload size 0, expected 4 [ 1099.441316][T15070] input: CM109 USB driver as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.8/input/input86 [ 1099.659173][ C1] cm109 9-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 1099.912991][ C1] cm109 9-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1099.916178][ C1] cm109 9-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1099.918787][ C1] cm109 9-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1099.921734][ C1] cm109 9-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1099.924764][ C1] cm109 9-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1099.926635][T13999] usb 9-1: USB disconnect, device number 27 [ 1099.927590][ C1] cm109 9-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 1099.960272][T13999] cm109 9-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 1100.733364][T26241] netlink: 8 bytes leftover after parsing attributes in process `syz.2.24386'. [ 1100.740085][T26241] gtp0: entered promiscuous mode [ 1100.741711][T26241] gtp0: entered allmulticast mode [ 1101.579207][T26261] kvm: user requested TSC rate below hardware speed [ 1102.441057][T26285] batadv_slave_1: entered promiscuous mode [ 1102.444068][T26284] batadv_slave_1: left promiscuous mode [ 1102.455110][T26281] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 1102.459322][T26281] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1102.461529][T26281] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1102.463531][T26281] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1102.577717][T26281] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1102.580657][T26281] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1102.666725][T26281] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1103.131476][T26320] syzkaller1: entered promiscuous mode [ 1103.133303][T26320] syzkaller1: entered allmulticast mode [ 1103.507310][T26324] netlink: 20 bytes leftover after parsing attributes in process `syz.4.24423'. [ 1103.767265][T26338] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1104.415876][T15070] usb 11-1: new high-speed USB device number 7 using dummy_hcd [ 1104.576232][T15070] usb 11-1: Using ep0 maxpacket: 32 [ 1104.582683][ T40] audit: type=1326 audit(1552.069:24135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26389 comm="syz.4.24454" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000 [ 1104.583499][T15070] usb 11-1: config index 0 descriptor too short (expected 29220, got 36) [ 1104.591267][ T40] audit: type=1326 audit(1552.069:24136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26389 comm="syz.4.24454" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000 [ 1104.595700][T15070] usb 11-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 1104.601657][ T40] audit: type=1326 audit(1552.088:24137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26389 comm="syz.4.24454" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000 [ 1104.605215][T15070] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 1104.612743][ T40] audit: type=1326 audit(1552.088:24138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26389 comm="syz.4.24454" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000 [ 1104.612768][ T40] audit: type=1326 audit(1552.088:24139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26389 comm="syz.4.24454" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f06579 code=0x7ffc0000 [ 1104.616448][T15070] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1104.625055][ T40] audit: type=1326 audit(1552.088:24140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26389 comm="syz.4.24454" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000 [ 1104.630905][T15070] usb 11-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1104.634642][ T40] audit: type=1326 audit(1552.088:24141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26389 comm="syz.4.24454" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000 [ 1104.641430][T15070] usb 11-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 1104.645003][ T40] audit: type=1326 audit(1552.097:24142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26389 comm="syz.4.24454" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000 [ 1104.665668][ T40] audit: type=1326 audit(1552.097:24143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26389 comm="syz.4.24454" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000 [ 1104.674148][ T9980] Bluetooth: hci1: command 0x0405 tx timeout [ 1104.674189][ T9980] Bluetooth: hci6: command 0x0c1a tx timeout [ 1104.674384][T14006] Bluetooth: hci3: command 0x0406 tx timeout [ 1104.676700][ T40] audit: type=1326 audit(1552.097:24144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26389 comm="syz.4.24454" exe="/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf7f06579 code=0x7ffc0000 [ 1104.682323][T15070] usb 11-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 1104.693081][T15070] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1104.696971][T15070] usb 11-1: config 0 descriptor?? [ 1104.757820][ T64] Bluetooth: hci0: command 0x0c1a tx timeout [ 1104.803843][T26399] ------------[ cut here ]------------ [ 1104.806393][T26399] intf 08:02:11:00:00:00 [link=0]: bad STA 08:02:11:00:00:01 bandwidth 20 MHz (0) > channel config 5 MHz (6) [ 1104.810018][T26399] WARNING: drivers/net/wireless/virtual/mac80211_hwsim.c:2693 at mac80211_hwsim_sta_rc_update+0x5e4/0x850, CPU#2: syz.3.24459/26399 [ 1104.814394][T26399] Modules linked in: [ 1104.817069][T26399] CPU: 2 UID: 0 PID: 26399 Comm: syz.3.24459 Tainted: G L syzkaller #0 PREEMPT(full) [ 1104.820556][T26399] Tainted: [L]=SOFTLOCKUP [ 1104.822303][T26399] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1104.825901][T26399] RIP: 0010:mac80211_hwsim_sta_rc_update+0x607/0x850 [ 1104.827982][T26399] Code: 48 8d 3d 6c 70 ae 09 48 8b 4c 24 10 48 8b 44 24 20 89 da 44 8b 89 b8 01 00 00 41 54 48 8d b0 72 05 00 00 41 55 44 8b 44 24 14 <67> 48 0f b9 3a 58 5a e9 39 fc ff ff e8 f8 25 d8 fa e8 53 5f 8f 04 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1104.834576][T26399] RSP: 0018:ffffc90002d77138 EFLAGS: 00010246 [ 1104.836988][T26399] RAX: ffff888058356a60 RBX: 0000000000000000 RCX: ffff888052798ec0 [ 1104.839458][T26399] RDX: 0000000000000000 RSI: ffff888058356fd2 RDI: ffffffff9094a840 [ 1104.842245][T26399] RBP: dffffc0000000000 R08: 0000000000000014 R09: 0000000000000000 [ 1104.845324][T26399] R10: 0000000000000006 R11: ffff888027a40b30 R12: 0000000000000006 [ 1104.847813][T26399] R13: 0000000000000005 R14: ffff888052799088 R15: ffff888062653100 [ 1104.850277][T26399] FS: 0000000000000000(0000) GS:ffff8880978f9000(0063) knlGS:00000000f54e6b40 [ 1104.853789][T26399] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 1104.855963][T26399] CR2: 00000000f54e5528 CR3: 0000000055dee000 CR4: 0000000000352ef0 [ 1104.858473][T26399] Call Trace: [ 1104.859552][T26399] [ 1104.860655][T26399] mac80211_hwsim_sta_add+0xc9/0x290 [ 1104.862765][T26399] ? __pfx_mac80211_hwsim_sta_add+0x10/0x10 [ 1104.865023][T26399] drv_sta_state+0x90d/0x17c0 [ 1104.866552][T26399] sta_info_insert_rcu+0x121b/0x3070 [ 1104.868217][T26399] sta_info_insert+0x16/0xd0 [ 1104.869696][T26399] ieee80211_add_station+0x46d/0x6c0 [ 1104.871491][T26399] nl80211_new_station+0x14ed/0x1c60 [ 1104.873147][T26399] ? __rtnl_unlock+0x68/0xf0 [ 1104.874632][T26399] ? __pfx_nl80211_new_station+0x10/0x10 [ 1104.876445][T26399] ? nl80211_pre_doit+0x1b0/0xb10 [ 1104.878062][T26399] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1104.879935][T26399] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1104.882199][T26399] ? genl_get_cmd+0x194/0x580 [ 1104.883942][T26399] ? bpf_lsm_capable+0x9/0x10 [ 1104.885348][T26399] ? security_capable+0x7e/0x260 [ 1104.887025][T26399] ? ns_capable+0xd7/0x110 [ 1104.889416][T26399] genl_rcv_msg+0x55c/0x800 [ 1104.890850][T26399] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1104.892581][T26399] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 1104.894375][T26399] ? __pfx_nl80211_new_station+0x10/0x10 [ 1104.896200][T26399] ? __pfx_nl80211_post_doit+0x10/0x10 [ 1104.898124][T26399] netlink_rcv_skb+0x158/0x420 [ 1104.899668][T26399] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1104.901311][T26399] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1104.903221][T26399] ? netlink_deliver_tap+0x1ae/0xd30 [ 1104.904989][T26399] genl_rcv+0x28/0x40 [ 1104.906291][T26399] netlink_unicast+0x5aa/0x870 [ 1104.908118][T26399] ? __pfx_netlink_unicast+0x10/0x10 [ 1104.909837][T26399] netlink_sendmsg+0x8c8/0xdd0 [ 1104.911630][T26399] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1104.913463][T26399] ? aa_sock_msg_perm.constprop.0+0x100/0x1b0 [ 1104.915881][T26399] ____sys_sendmsg+0xa5d/0xc30 [ 1104.917490][T26399] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1104.919419][T26399] ? get_compat_msghdr+0x11a/0x170 [ 1104.921197][T26399] ? __pfx_futex_wake_mark+0x10/0x10 [ 1104.922957][T26399] ___sys_sendmsg+0x134/0x1d0 [ 1104.924498][T26399] ? __pfx____sys_sendmsg+0x10/0x10 [ 1104.926250][T26399] ? futex_private_hash_put+0x160/0x1b0 [ 1104.928041][T26399] ? find_held_lock+0x2b/0x80 [ 1104.929684][T26399] __sys_sendmsg+0x16d/0x220 [ 1104.931176][T26399] ? __pfx___sys_sendmsg+0x10/0x10 [ 1104.932809][T26399] ? __ia32_sys_futex_time32+0x1d9/0x460 [ 1104.934710][T26399] ? fput+0x70/0xf0 [ 1104.935953][T26399] __do_fast_syscall_32+0xe8/0x680 [ 1104.937647][T26399] do_fast_syscall_32+0x32/0x80 [ 1104.939233][T26399] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1104.941882][T26399] RIP: 0023:0xf7ff7579 [ 1104.943548][T26399] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1104.951355][T26399] RSP: 002b:00000000f54e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 1104.954049][T26399] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080001080 [ 1104.956676][T26399] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1104.959268][T26399] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1104.961904][T26399] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1104.964431][T26399] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1104.966983][T26399] [ 1104.968008][T26399] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1104.970349][T26399] CPU: 2 UID: 0 PID: 26399 Comm: syz.3.24459 Tainted: G L syzkaller #0 PREEMPT(full) [ 1104.973857][T26399] Tainted: [L]=SOFTLOCKUP [ 1104.975379][T26399] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1104.978851][T26399] Call Trace: [ 1104.979951][T26399] [ 1104.980922][T26399] dump_stack_lvl+0x3d/0x1f0 [ 1104.982432][T26399] vpanic+0x640/0x6f0 [ 1104.983733][T26399] ? mac80211_hwsim_sta_rc_update+0x5e4/0x850 [ 1104.985705][T26399] panic+0xca/0xd0 [ 1104.986925][T26399] ? __pfx_panic+0x10/0x10 [ 1104.988363][T26399] check_panic_on_warn+0xab/0xb0 [ 1104.990030][T26399] __warn+0x108/0x3c0 [ 1104.991364][T26399] __report_bug+0x2a0/0x520 [ 1104.992833][T26399] ? mac80211_hwsim_sta_rc_update+0x5e4/0x850 [ 1104.994819][T26399] ? __pfx___report_bug+0x10/0x10 [ 1104.996461][T26399] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1104.998357][T26399] report_bug_entry+0xe1/0x290 [ 1104.999936][T26399] ? mac80211_hwsim_sta_rc_update+0x607/0x850 [ 1105.001852][T26399] handle_bug+0x18a/0x260 [ 1105.003265][T26399] exc_invalid_op+0x17/0x50 [ 1105.004813][T26399] asm_exc_invalid_op+0x1a/0x20 [ 1105.006407][T26399] RIP: 0010:mac80211_hwsim_sta_rc_update+0x607/0x850 [ 1105.008531][T26399] Code: 48 8d 3d 6c 70 ae 09 48 8b 4c 24 10 48 8b 44 24 20 89 da 44 8b 89 b8 01 00 00 41 54 48 8d b0 72 05 00 00 41 55 44 8b 44 24 14 <67> 48 0f b9 3a 58 5a e9 39 fc ff ff e8 f8 25 d8 fa e8 53 5f 8f 04 [ 1105.014696][T26399] RSP: 0018:ffffc90002d77138 EFLAGS: 00010246 [ 1105.016641][T26399] RAX: ffff888058356a60 RBX: 0000000000000000 RCX: ffff888052798ec0 [ 1105.019153][T26399] RDX: 0000000000000000 RSI: ffff888058356fd2 RDI: ffffffff9094a840 [ 1105.021720][T26399] RBP: dffffc0000000000 R08: 0000000000000014 R09: 0000000000000000 [ 1105.024215][T26399] R10: 0000000000000006 R11: ffff888027a40b30 R12: 0000000000000006 [ 1105.026760][T26399] R13: 0000000000000005 R14: ffff888052799088 R15: ffff888062653100 [ 1105.029274][T26399] mac80211_hwsim_sta_add+0xc9/0x290 [ 1105.031035][T26399] ? __pfx_mac80211_hwsim_sta_add+0x10/0x10 [ 1105.032912][T26399] drv_sta_state+0x90d/0x17c0 [ 1105.034491][T26399] sta_info_insert_rcu+0x121b/0x3070 [ 1105.036179][T26399] sta_info_insert+0x16/0xd0 [ 1105.037713][T26399] ieee80211_add_station+0x46d/0x6c0 [ 1105.039389][T26399] nl80211_new_station+0x14ed/0x1c60 [ 1105.041148][T26399] ? __rtnl_unlock+0x68/0xf0 [ 1105.042656][T26399] ? __pfx_nl80211_new_station+0x10/0x10 [ 1105.044495][T26399] ? nl80211_pre_doit+0x1b0/0xb10 [ 1105.046121][T26399] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1105.047910][T26399] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1105.049882][T26399] ? genl_get_cmd+0x194/0x580 [ 1105.051483][T26399] ? bpf_lsm_capable+0x9/0x10 [ 1105.053003][T26399] ? security_capable+0x7e/0x260 [ 1105.054688][T26399] ? ns_capable+0xd7/0x110 [ 1105.056104][T26399] genl_rcv_msg+0x55c/0x800 [ 1105.057582][T26399] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1105.059237][T26399] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 1105.061016][T26399] ? __pfx_nl80211_new_station+0x10/0x10 [ 1105.062896][T26399] ? __pfx_nl80211_post_doit+0x10/0x10 [ 1105.064675][T26399] netlink_rcv_skb+0x158/0x420 [ 1105.066225][T26399] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1105.067863][T26399] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1105.069751][T26399] ? netlink_deliver_tap+0x1ae/0xd30 [ 1105.072100][T26399] genl_rcv+0x28/0x40 [ 1105.073666][T26399] netlink_unicast+0x5aa/0x870 [ 1105.075290][T26399] ? __pfx_netlink_unicast+0x10/0x10 [ 1105.076807][T26399] netlink_sendmsg+0x8c8/0xdd0 [ 1105.078586][T26399] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1105.080248][T26399] ? aa_sock_msg_perm.constprop.0+0x100/0x1b0 [ 1105.082172][T26399] ____sys_sendmsg+0xa5d/0xc30 [ 1105.083677][T26399] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1105.085432][T26399] ? get_compat_msghdr+0x11a/0x170 [ 1105.087145][T26399] ? __pfx_futex_wake_mark+0x10/0x10 [ 1105.089004][T26399] ___sys_sendmsg+0x134/0x1d0 [ 1105.090610][T26399] ? __pfx____sys_sendmsg+0x10/0x10 [ 1105.092700][T26399] ? futex_private_hash_put+0x160/0x1b0 [ 1105.095061][T26399] ? find_held_lock+0x2b/0x80 [ 1105.097079][T26399] __sys_sendmsg+0x16d/0x220 [ 1105.099062][T26399] ? __pfx___sys_sendmsg+0x10/0x10 [ 1105.101219][T26399] ? __ia32_sys_futex_time32+0x1d9/0x460 [ 1105.103438][T26399] ? fput+0x70/0xf0 [ 1105.104874][T26399] __do_fast_syscall_32+0xe8/0x680 [ 1105.106621][T26399] do_fast_syscall_32+0x32/0x80 [ 1105.108155][T26399] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1105.110129][T26399] RIP: 0023:0xf7ff7579 [ 1105.111433][T26399] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1105.118185][T26399] RSP: 002b:00000000f54e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 1105.121423][T26399] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080001080 [ 1105.124477][T26399] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1105.127065][T26399] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1105.129468][T26399] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1105.131971][T26399] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1105.134491][T26399] [ 1105.136125][T26399] Kernel Offset: disabled [ 1105.137605][T26399] Rebooting in 86400 seconds..