last executing test programs: 1m0.4933676s ago: executing program 3 (id=202): socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) sendmsg(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x80) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r2, 0xffffffffffffffff, 0x0) 1m0.151981997s ago: executing program 3 (id=206): r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000600)={0xb, 0x1, 0x9, 0x3, r3}, 0x10) 1m0.00458841s ago: executing program 3 (id=208): getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x4}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000013000/0x4000)=nil, 0x3000, 0x3}) 58.453034736s ago: executing program 3 (id=224): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x41) umount2(&(0x7f0000000200)='./file0/../file0/../file0/../file0\x00', 0x1) 58.267427347s ago: executing program 3 (id=227): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d0000000200000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x14, 0x0, 0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0) syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x3c01}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000004c0)={0x14, 0x0, &(0x7f0000000280)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0) 57.976540949s ago: executing program 3 (id=228): r0 = socket(0xa, 0x5, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000001c0)=[@in6={0xa, 0x4e24, 0xf1, @empty, 0x19f49a9}], 0x1c) r1 = dup(r0) sendmsg$inet_sctp(r1, &(0x7f00000000c0)={&(0x7f0000000000)=@in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x2a}}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000300)="d9", 0x1}], 0x1, &(0x7f0000000280)=[@dstaddrv4={0x18, 0x84, 0x7, @initdev={0xac, 0x1e, 0x1, 0x0}}], 0x18, 0x48d5}, 0x8050) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000100)={0x0, @in6={{0xa, 0x4e24, 0x4, @local, 0x8001}}, 0x7, 0x7fff, 0x5, 0x4, 0x0, 0x8001, 0x2d}, 0x9c) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r1, 0x84, 0x65, 0x0, 0x0) 57.620572858s ago: executing program 32 (id=228): r0 = socket(0xa, 0x5, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000001c0)=[@in6={0xa, 0x4e24, 0xf1, @empty, 0x19f49a9}], 0x1c) r1 = dup(r0) sendmsg$inet_sctp(r1, &(0x7f00000000c0)={&(0x7f0000000000)=@in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x2a}}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000300)="d9", 0x1}], 0x1, &(0x7f0000000280)=[@dstaddrv4={0x18, 0x84, 0x7, @initdev={0xac, 0x1e, 0x1, 0x0}}], 0x18, 0x48d5}, 0x8050) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000100)={0x0, @in6={{0xa, 0x4e24, 0x4, @local, 0x8001}}, 0x7, 0x7fff, 0x5, 0x4, 0x0, 0x8001, 0x2d}, 0x9c) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r1, 0x84, 0x65, 0x0, 0x0) 5.364820597s ago: executing program 5 (id=647): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10) recvmmsg(r1, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) 5.084397159s ago: executing program 5 (id=652): r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x100000a, 0x5d032, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000100), 0xc06620, 0x4) syz_io_uring_submit(r0, 0x0, 0x0) 4.789554404s ago: executing program 0 (id=657): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, &(0x7f0000000040)={0x14, &(0x7f0000000100)={0x40, 0xe, 0x3, {0x3, 0x8, '7'}}, 0x0}, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r1, 0x5b02, 0x0) 4.270838891s ago: executing program 2 (id=663): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000015000103000000001c0000000a"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r2], 0x20}, 0x1, 0x0, 0x0, 0x80d5}, 0x0) readv(r0, &(0x7f0000000040)=[{&(0x7f00000038c0)=""/4118, 0x1016}], 0x1) 4.083954297s ago: executing program 5 (id=665): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0xf, {[@main=@item_4={0x3, 0x0, 0x8, '\t\x00'}, @local=@item_4={0x3, 0x2, 0x0, "93bf0280"}, @main=@item_4={0x3, 0x0, 0xb, "7488dffc"}]}}, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r1, 0xc018480b, 0x0) 3.871300064s ago: executing program 1 (id=668): r0 = fsopen(&(0x7f0000000000)='proc\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x1) fchdir(r1) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x2100, 0x0) getdents(r2, 0x0, 0x58) 3.673578025s ago: executing program 1 (id=670): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000140)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}], 0x10) r1 = socket$inet_sctp(0x2, 0x1, 0x84) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000080)={r2, 0x9, 0x7fff}, 0x8) 3.483210444s ago: executing program 4 (id=671): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) pwritev2(0xffffffffffffffff, &(0x7f00000001c0), 0x0, 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) 3.320786037s ago: executing program 2 (id=672): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg$inet(r0, &(0x7f0000000dc0)=[{{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f00000003c0)="8d64", 0x2}], 0x1, &(0x7f0000000e80)=[@ip_retopts={{0xc}}], 0xc}}], 0x1, 0x4048841) 3.142037132s ago: executing program 2 (id=673): r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x3, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000000)=0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c0000002d00090027bd70000000000004000000080018000bac"], 0x1c}, 0x1, 0x0, 0x0, 0x42804}, 0x84) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) 3.084495407s ago: executing program 4 (id=674): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x6) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f00000000c0)={0xffff, 0x0, 0x2, 0x8001}, 0x10) writev(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='w', 0x1}], 0x1) 2.951369434s ago: executing program 4 (id=675): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x60042, 0x0) write$binfmt_elf64(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="7f454c460e02fab7ff7f00000000000002000300fffeffffdf020000000000004000000000000000030300ef0000000000000000080038000100040004000d00030000000080000000000000000000000700000000000000080000000000400005000000000000000204"], 0x78) ioctl$SNDCTL_SEQ_SYNC(r2, 0x5101) 2.741344392s ago: executing program 4 (id=676): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd30", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$NFNL_MSG_ACCT_DEL(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14, 0x3, 0x7, 0x201, 0x0, 0x0, {0x2, 0x0, 0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x20000810}, 0x4800) recvmmsg(r1, &(0x7f0000000980)=[{{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000740)=""/96, 0x7}, {&(0x7f0000000940)=""/53, 0x35}], 0x2}, 0x7fff}, {{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000840)=""/116, 0x74}], 0x1}, 0x9}], 0x2, 0x10000, 0x0) 2.684964186s ago: executing program 1 (id=677): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000280)="db", 0x1}], 0x1}, 0x41) recvmsg(r0, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x10001) sendmsg$inet(r1, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000001c0)="04", 0x1}], 0x1}, 0x41) recvmsg(r0, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x2) recvmsg$unix(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x61) 2.624572715s ago: executing program 4 (id=678): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x8082, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, &(0x7f0000000040)={0x1, 0x7, 0x89, &(0x7f0000000340)=[0x5, 0x0, 0xa, 0x4, 0xe6b4, 0x0, 0xfffffffffffffffc, 0x4, 0x8, 0x2, 0x2, 0x400000000008, 0x3, 0x10000000002, 0xffffffffffff8001, 0x5, 0x7fffffff, 0x7, 0x3, 0x9883, 0x5, 0x106, 0x8, 0x2, 0x7, 0x5, 0x1, 0x1fd, 0x5, 0x6, 0x1, 0x5, 0x5, 0x2, 0x101, 0x40, 0xfffffffffffffff8, 0x4, 0x9, 0x81, 0x0, 0x6, 0xc00, 0x2e2, 0x101, 0x6, 0x3, 0x8, 0xf7, 0x400, 0x2, 0x9, 0x7fff, 0xec, 0x1, 0x8, 0x94f, 0x5, 0x7fffffffffffffff, 0x0, 0xffffffffffffffff, 0xa, 0x12, 0xa, 0x5, 0xa8, 0x1, 0x7, 0x7fffffffffffffff, 0xc9, 0x7, 0xe54, 0xae8e, 0x1e30fa4c, 0x8, 0xfffffffffffffffd, 0x4, 0x9f, 0x10003, 0x7, 0xfffffffffffffad7, 0x4, 0x10000, 0x3, 0xd, 0x4, 0x1, 0x100, 0x7, 0xe, 0x3, 0x400000403, 0x5, 0x21, 0xfffffffffffffbff, 0xfffffffffffffffe, 0x401, 0x8, 0x6, 0x2, 0x79, 0x2000000000b, 0x10000, 0xe, 0x2, 0x48, 0x3, 0xfffffffffffffff9, 0x0, 0x4, 0xa, 0x2, 0x9, 0x4, 0xfffc, 0x1, 0x8, 0xd, 0x4, 0x22, 0x6, 0x80000000, 0x401, 0xfffe, 0x300, 0x80000000007, 0xea8, 0x1]}) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000000)=ANY=[@ANYBLOB=')']) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x3b, 0x0, 0x100000001}]}) 2.570260774s ago: executing program 2 (id=679): r0 = socket$inet_udplite(0x2, 0x2, 0x88) io_uring_setup(0x39e1, &(0x7f0000000bc0)={0x0, 0x49fd, 0x12, 0x400, 0x720}) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x10000) openat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x88040, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x88040, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2.314598492s ago: executing program 4 (id=680): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io(r1, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000040)='P') 1.756644062s ago: executing program 1 (id=681): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xcc}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendmmsg$inet6(r0, &(0x7f0000002ec0)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x280020}, 0x1c, &(0x7f00000000c0)=[{&(0x7f0000000540)='\x00', 0x1}], 0x1}}], 0x1, 0x20008050) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000440), 0x4) 1.639729226s ago: executing program 0 (id=682): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe5, 0x10}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0xfffd}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd25, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0x1}, {0x1, 0xfff1}, {0xf, 0x6}}}, 0x24}}, 0x0) 1.59040381s ago: executing program 2 (id=683): timer_create(0x0, &(0x7f0000000200)={0x0, 0x21}, &(0x7f0000000300)) r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) read$ptp(r0, 0x0, 0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0xffff, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) 1.536050315s ago: executing program 1 (id=684): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg$inet(r0, &(0x7f0000000dc0)=[{{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f00000003c0)="8d64", 0x2}], 0x1, &(0x7f0000000e80)=[@ip_retopts={{0xc}}], 0xc}}], 0x1, 0x4048841) 1.406458605s ago: executing program 0 (id=685): r0 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r0, &(0x7f0000000000)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e23, 0x100, @remote, 0xffffffff}}, 0x24) r1 = syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5883, 0x0, 0x0, 0xfffffdfc}, &(0x7f0000000040)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) 1.373075339s ago: executing program 1 (id=686): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbee7, 0x8031, 0xffffffffffffffff, 0x0) socket$kcm(0x2c, 0x3, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xe1, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f005dd1be0ffff00fe3a21632f77fbac14141de007031762079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d", 0x0, 0x8, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x17, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) 898.581357ms ago: executing program 0 (id=687): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000040)=0x9, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000003500)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000fc0)=""/49, 0x31}, 0xc89}], 0x1, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x42, &(0x7f0000000100)=0x5, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 711.695223ms ago: executing program 5 (id=688): r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x7d}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) madvise(&(0x7f00000ee000/0x2000)=nil, 0x2000, 0x8) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) read(r0, &(0x7f00000000c0)=""/175, 0x20) 590.156787ms ago: executing program 0 (id=689): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4138ae84, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000000000e006"]) 249.230476ms ago: executing program 5 (id=690): memfd_create(&(0x7f0000000000)='\x01\xfd\xae.+\xa6\x8c\x02\xea\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d \x97\xf5G\x97A\xc2\xd8\xf0Uq\xe6+\xa5l\x94\xfb\x04!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\r\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\xa1\xdf\xb4\xc0\xe6\xc4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xe9k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb<3\xaf\xcb\x8cP\xef\x84\x91\x87\x8b\xb5Z\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\xebR\xc0\xc6\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f?\x00\x00\x00\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xffY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xd5\x01\x1b\xd1\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96\xb8\x1b\x13pA\x19\tf\x12\x88\xc8\x9c\xc9Cn\xd4\xa4\x85G\'+\xcc\xbf\r\xa9\x10Klb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fE\xc5\xe6\xe8Mb\xc6\x82\x82\xcc\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01O\xd3r\xa2\xa9u\x93y\x9d\xc4K mC\x97\x1c\x91\xd7\xf3\x13)`\xfb\xbf\xd3\xcc\x8d\x0e\x1f\x80\x0f\xcag\xd5J\xd7\x99\x02B\xd9\xdb;\xbd\x05\xc8\x9a\xe9(\xb7\xd1\xce\xba\xf8\xc0\x1fPc\x8d\xfceY\xf8j9\xc4\v\xb5\x82\xbaI,\xf5\xbd\a\a\xa2\x83\x99]/@\xbc(*v%\xa1\xd9\xfb\v\xdc\xed\xa3\x93\x16\x0e\xa8\x96\x10\xfc\xae\xc6X@f\x17\xf4\xb78\xa6\n\xaa\xe5m5\x9d\x14\xd7\x91Q\xb5\x11\x88\x89i\x94,]\x91\x13\xa6~O\xcdV\xf36,\x8a\xc9P\xbd\xf6\x16\x99_\x01\x0f0/\xe1Yi\x00=nz\x1d\xbd\xb0\x85W\xeaU\xea\x03)!\xf2\xfa\x04\xecf\xad\xb5\x94\x97\xbb\xae7\xbf\vQpi\xf3x\x80\xf0\xd3B\x17\xbc\xf2H\xeej\xc4\xdd\xb31\xdc\xb3\x19\x12<\xf7\xca\x12\x86\x15kZ\xb4t\x87;\xfb\x97\xc6\xb4\xf5\xa6\x9b-|EW$\x0e\xb2\xef\xebW/\xff`)M\xe3\x99\xe5\xe2M\x8dxD\xbf!\b\xf4o-\xab\xe0\x1eN\xdb\x94x\xe9:\x92#\x80\x91\xc0\x04\xfd}\xd6\xd6\x0f4/\x13\xf2q\xbc&\xd0p\xe6\xe6\x01V\xf3Lc\xfd\"\xa5V\xce\x9b\xd9\xd3\xc2(Q+\xd0\x00\x00\x00\x00\xf9\x17\n\x9bHw\xfb1\x8e\xa0^\xe0\xbd\xfa\xb8\x9f\xb3~\xab\x1c\x85\x85\x91\xa6\xba\xc9\x81\xaa\xfc<\x18\xf0\xb7\xe0\x95,F\x94\x89\x13\xc1\xad\xaeU\x8bb\xbbc\xa1\xb7a5\xf2\"\xb0\xfb\x1c7ZH\x96\xc66\xd5\xe6r\x19\xb4\xd0\x80\'`\x8a\xe9.\a\xa6g\x13\xe5\t\x11', 0x6) open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)) fsopen(&(0x7f0000000000)='nfs\x00', 0x0) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[]) 93.795032ms ago: executing program 2 (id=691): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]}) syz_clone3(0x0, 0xa272d8de) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000003c0)) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000500)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) 42.695916ms ago: executing program 5 (id=692): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback, 0x2}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4) ioctl$int_in(r0, 0x5452, &(0x7f0000000180)=0x1) writev(r0, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1) 0s ago: executing program 0 (id=693): open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) r0 = open(&(0x7f0000000380)='./bus\x00', 0x40, 0x0) r1 = creat(&(0x7f0000000200)='./bus\x00', 0x84) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000240)=ANY=[@ANYBLOB='+\x00\x00\x00', @ANYRES32=r0], 0x2b) sendfile(r2, r0, 0x0, 0x4000000053d2) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.247' (ED25519) to the list of known hosts. [ 83.227296][ T5828] cgroup: Unknown subsys name 'net' [ 83.343762][ T5828] cgroup: Unknown subsys name 'cpuset' [ 83.353247][ T5828] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 85.075220][ T5828] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 88.864266][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 88.873786][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 88.881773][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 88.909621][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 88.917646][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 88.950307][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 88.963355][ T5841] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 88.972586][ T5841] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 88.980937][ T5841] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 88.981711][ T5845] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 88.996079][ T5841] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 89.010451][ T5841] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 89.020051][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 89.032541][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 89.050655][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 89.059419][ T5845] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 89.059519][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 89.075285][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 89.077452][ T5840] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 89.084186][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 89.097321][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 89.121430][ T5840] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 89.130082][ T5162] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 89.137450][ T5162] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 89.146575][ T5162] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 89.854689][ T5855] chnl_net:caif_netlink_parms(): no params data found [ 89.944055][ T5853] chnl_net:caif_netlink_parms(): no params data found [ 90.013008][ T5852] chnl_net:caif_netlink_parms(): no params data found [ 90.095521][ T5854] chnl_net:caif_netlink_parms(): no params data found [ 90.135062][ T5856] chnl_net:caif_netlink_parms(): no params data found [ 90.227512][ T5855] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.235419][ T5855] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.242953][ T5855] bridge_slave_0: entered allmulticast mode [ 90.250912][ T5855] bridge_slave_0: entered promiscuous mode [ 90.317484][ T5855] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.324679][ T5855] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.333010][ T5855] bridge_slave_1: entered allmulticast mode [ 90.341226][ T5855] bridge_slave_1: entered promiscuous mode [ 90.448343][ T5853] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.455661][ T5853] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.463637][ T5853] bridge_slave_0: entered allmulticast mode [ 90.472405][ T5853] bridge_slave_0: entered promiscuous mode [ 90.481303][ T5853] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.488485][ T5853] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.495795][ T5853] bridge_slave_1: entered allmulticast mode [ 90.503884][ T5853] bridge_slave_1: entered promiscuous mode [ 90.517863][ T5852] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.525129][ T5852] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.532800][ T5852] bridge_slave_0: entered allmulticast mode [ 90.540259][ T5852] bridge_slave_0: entered promiscuous mode [ 90.615083][ T5852] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.622778][ T5852] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.630920][ T5852] bridge_slave_1: entered allmulticast mode [ 90.639147][ T5852] bridge_slave_1: entered promiscuous mode [ 90.649634][ T5855] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.717083][ T5855] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.742433][ T5856] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.749793][ T5856] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.757059][ T5856] bridge_slave_0: entered allmulticast mode [ 90.765824][ T5856] bridge_slave_0: entered promiscuous mode [ 90.775850][ T5853] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.789668][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.796851][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.804520][ T5854] bridge_slave_0: entered allmulticast mode [ 90.812028][ T5854] bridge_slave_0: entered promiscuous mode [ 90.821883][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.829040][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.837140][ T5854] bridge_slave_1: entered allmulticast mode [ 90.845317][ T5854] bridge_slave_1: entered promiscuous mode [ 90.880283][ T5856] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.887520][ T5856] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.895170][ T5856] bridge_slave_1: entered allmulticast mode [ 90.902535][ T5856] bridge_slave_1: entered promiscuous mode [ 90.928014][ T5853] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.975652][ T5852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.990555][ T5855] team0: Port device team_slave_0 added [ 91.043742][ T5852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.055179][ T5855] team0: Port device team_slave_1 added [ 91.077777][ T5856] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.090247][ T5853] team0: Port device team_slave_0 added [ 91.099000][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.113159][ T5851] Bluetooth: hci1: command tx timeout [ 91.117287][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.157706][ T5856] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.179718][ T5843] Bluetooth: hci4: command tx timeout [ 91.181264][ T5851] Bluetooth: hci0: command tx timeout [ 91.185461][ T5843] Bluetooth: hci3: command tx timeout [ 91.191433][ T5846] Bluetooth: hci2: command tx timeout [ 91.207740][ T5853] team0: Port device team_slave_1 added [ 91.244112][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.251222][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.278163][ T5855] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.291824][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.298977][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.325401][ T5855] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.380544][ T5852] team0: Port device team_slave_0 added [ 91.396736][ T5856] team0: Port device team_slave_0 added [ 91.419006][ T5854] team0: Port device team_slave_0 added [ 91.427614][ T5852] team0: Port device team_slave_1 added [ 91.452022][ T5856] team0: Port device team_slave_1 added [ 91.458809][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.465998][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.493833][ T5853] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.507006][ T5854] team0: Port device team_slave_1 added [ 91.562915][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.570501][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.597742][ T5853] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.637182][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.644363][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.670372][ T5852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.724012][ T5855] hsr_slave_0: entered promiscuous mode [ 91.731554][ T5855] hsr_slave_1: entered promiscuous mode [ 91.738689][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.746714][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.773062][ T5852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.784713][ T5856] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.792140][ T5856] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.818115][ T5856] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.831040][ T5856] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.838023][ T5856] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.864070][ T5856] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.884441][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.891461][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.917675][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.982570][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.992272][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.018705][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.067417][ T43] cfg80211: failed to load regulatory.db [ 92.104943][ T5853] hsr_slave_0: entered promiscuous mode [ 92.113822][ T5853] hsr_slave_1: entered promiscuous mode [ 92.120385][ T5853] debugfs: 'hsr0' already exists in 'hsr' [ 92.126236][ T5853] Cannot create hsr debugfs directory [ 92.195417][ T5856] hsr_slave_0: entered promiscuous mode [ 92.202308][ T5856] hsr_slave_1: entered promiscuous mode [ 92.208488][ T5856] debugfs: 'hsr0' already exists in 'hsr' [ 92.214404][ T5856] Cannot create hsr debugfs directory [ 92.291523][ T5854] hsr_slave_0: entered promiscuous mode [ 92.298056][ T5854] hsr_slave_1: entered promiscuous mode [ 92.305414][ T5854] debugfs: 'hsr0' already exists in 'hsr' [ 92.311293][ T5854] Cannot create hsr debugfs directory [ 92.346467][ T5852] hsr_slave_0: entered promiscuous mode [ 92.353489][ T5852] hsr_slave_1: entered promiscuous mode [ 92.360018][ T5852] debugfs: 'hsr0' already exists in 'hsr' [ 92.365795][ T5852] Cannot create hsr debugfs directory [ 92.883478][ T5855] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 92.935223][ T5855] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 92.952571][ T5855] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 92.977698][ T5855] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 93.048705][ T5856] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 93.061366][ T5856] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 93.091246][ T5856] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 93.107975][ T5856] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 93.181003][ T5846] Bluetooth: hci1: command tx timeout [ 93.186669][ T5853] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 93.204350][ T5853] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 93.232440][ T5853] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 93.246287][ T5853] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 93.263232][ T5846] Bluetooth: hci0: command tx timeout [ 93.263783][ T5851] Bluetooth: hci3: command tx timeout [ 93.271473][ T5846] Bluetooth: hci2: command tx timeout [ 93.275441][ T5843] Bluetooth: hci4: command tx timeout [ 93.416171][ T5852] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 93.466397][ T5852] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 93.477516][ T5852] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 93.491026][ T5852] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 93.557551][ T5854] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 93.573066][ T5854] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 93.594481][ T5854] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 93.606026][ T5854] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 93.628409][ T5855] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.697725][ T5856] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.724850][ T5855] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.767257][ T5853] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.783025][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.790360][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.825368][ T5856] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.838390][ T2991] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.845607][ T2991] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.894050][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.901248][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.922752][ T5853] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.947511][ T3019] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.954709][ T3019] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.974503][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.981707][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.047085][ T3019] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.054349][ T3019] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.084674][ T5852] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.152262][ T5852] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.186303][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.231994][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.239191][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.297389][ T5854] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.314128][ T5855] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.334410][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.341628][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.357546][ T3019] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.364841][ T3019] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.410803][ T2991] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.417997][ T2991] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.483216][ T5856] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.511978][ T5855] veth0_vlan: entered promiscuous mode [ 94.552119][ T5853] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.597795][ T5855] veth1_vlan: entered promiscuous mode [ 94.677861][ T5856] veth0_vlan: entered promiscuous mode [ 94.741181][ T5853] veth0_vlan: entered promiscuous mode [ 94.753895][ T5855] veth0_macvtap: entered promiscuous mode [ 94.765143][ T5852] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.777385][ T5856] veth1_vlan: entered promiscuous mode [ 94.793267][ T5855] veth1_macvtap: entered promiscuous mode [ 94.821497][ T5853] veth1_vlan: entered promiscuous mode [ 94.862922][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.881759][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.921425][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.956778][ T5852] veth0_vlan: entered promiscuous mode [ 94.981368][ T5853] veth0_macvtap: entered promiscuous mode [ 94.997508][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.007194][ T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.017336][ T5853] veth1_macvtap: entered promiscuous mode [ 95.032320][ T5856] veth0_macvtap: entered promiscuous mode [ 95.041275][ T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.053495][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.065446][ T5852] veth1_vlan: entered promiscuous mode [ 95.085612][ T5856] veth1_macvtap: entered promiscuous mode [ 95.162834][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.206496][ T5852] veth0_macvtap: entered promiscuous mode [ 95.217438][ T5856] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.253146][ T5856] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.264756][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.272372][ T5843] Bluetooth: hci1: command tx timeout [ 95.294912][ T5852] veth1_macvtap: entered promiscuous mode [ 95.313690][ T5854] veth0_vlan: entered promiscuous mode [ 95.334747][ T2934] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.341129][ T5843] Bluetooth: hci4: command tx timeout [ 95.348916][ T5843] Bluetooth: hci3: command tx timeout [ 95.354997][ T5851] Bluetooth: hci2: command tx timeout [ 95.355314][ T5846] Bluetooth: hci0: command tx timeout [ 95.376887][ T2934] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.387046][ T2991] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.398443][ T2991] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.426450][ T2934] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.461773][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.476034][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.486905][ T2934] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.496517][ T2934] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.528324][ T2991] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.537733][ T5854] veth1_vlan: entered promiscuous mode [ 95.543340][ T2991] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.554548][ T2934] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.565149][ T2934] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.611359][ T2934] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.620979][ T2934] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.644421][ T2934] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.658249][ T2934] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.692112][ T5855] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 95.711799][ T2934] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.759920][ T2991] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.767869][ T2991] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.887163][ T5854] veth0_macvtap: entered promiscuous mode [ 95.956503][ T2991] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.966613][ T2991] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.001284][ T5854] veth1_macvtap: entered promiscuous mode [ 96.032079][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.044473][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.161765][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.174112][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.192637][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.244398][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.335630][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.344144][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.353875][ T2934] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.365692][ T2934] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.384784][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.396963][ T2934] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.407420][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.418090][ T2934] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.703631][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.729572][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.842253][ T3019] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.861118][ T3019] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.864643][ T24] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 96.899627][ T30] audit: type=1326 audit(1759323293.576:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5942 comm="syz.3.4" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf700e539 code=0x0 [ 96.976509][ T5948] syz.1.10 uses obsolete (PF_INET,SOCK_PACKET) [ 97.018952][ T5948] vxcan1: tx address claim with different name [ 97.094762][ T24] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 97.131981][ T24] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 97.173099][ T24] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 97.199872][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 97.242363][ T24] usb 3-1: Product: syz [ 97.246611][ T24] usb 3-1: Manufacturer: syz [ 97.279817][ T24] usb 3-1: SerialNumber: syz [ 97.340333][ T5846] Bluetooth: hci1: command tx timeout [ 97.419901][ T5846] Bluetooth: hci3: command tx timeout [ 97.420852][ T5851] Bluetooth: hci2: command tx timeout [ 97.425447][ T5846] Bluetooth: hci4: command tx timeout [ 97.431389][ T5843] Bluetooth: hci0: command tx timeout [ 97.534936][ T24] usb 3-1: 0:2 : does not exist [ 97.554596][ T24] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 97.623460][ T24] usb 3-1: USB disconnect, device number 2 [ 97.808134][ T5857] udevd[5857]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 97.836688][ T5960] netlink: 8 bytes leftover after parsing attributes in process `syz.1.13'. [ 98.583116][ T2991] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.628398][ T30] audit: type=1326 audit(1759323295.306:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5976 comm="syz.2.23" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7fc00000 [ 98.703178][ T2991] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.729642][ T43] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 98.816977][ T2991] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.891696][ T43] usb 2-1: Using ep0 maxpacket: 8 [ 98.905445][ T43] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 98.924277][ T43] usb 2-1: config 0 has no interface number 0 [ 98.938286][ T43] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 98.972080][ T43] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 98.995709][ T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.040738][ T43] usb 2-1: config 0 descriptor?? [ 99.081404][ T43] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 99.096152][ T2991] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.186587][ T30] audit: type=1326 audit(1759323295.866:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5976 comm="syz.2.23" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf709e539 code=0x7fc00000 [ 99.209591][ T5987] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 99.353190][ T5928] usb 2-1: USB disconnect, device number 2 [ 99.399238][ T5987] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 99.428200][ T5987] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 99.455027][ T5987] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 99.482227][ T5987] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 99.516208][ T5987] usb 5-1: SerialNumber: syz [ 99.520560][ T5999] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 99.556294][ T5999] block device autoloading is deprecated and will be removed. [ 99.780984][ T5851] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 99.792683][ T5987] usb 5-1: 0:2 : does not exist [ 99.810544][ T5851] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 99.819860][ T5851] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 99.829694][ T5851] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 99.838779][ T5851] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 99.840995][ T2991] bridge_slave_1: left allmulticast mode [ 99.904837][ T2991] bridge_slave_1: left promiscuous mode [ 99.911983][ T2991] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.952130][ T5987] usb 5-1: USB disconnect, device number 2 [ 99.989383][ T43] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 99.998341][ T2991] bridge_slave_0: left allmulticast mode [ 100.034078][ T6012] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 100.040535][ T2991] bridge_slave_0: left promiscuous mode [ 100.084723][ T2991] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.098752][ T6008] udevd[6008]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 100.130553][ T30] audit: type=1326 audit(1759323296.816:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6011 comm="syz.1.35" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f56539 code=0x0 [ 100.179560][ T43] usb 4-1: Using ep0 maxpacket: 16 [ 100.189214][ T43] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 100.201501][ T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 100.232848][ T43] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 100.244544][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.255304][ T43] usb 4-1: Product: syz [ 100.260721][ T43] usb 4-1: Manufacturer: syz [ 100.265621][ T43] usb 4-1: SerialNumber: syz [ 100.283298][ T43] usb 4-1: config 0 descriptor?? [ 100.302504][ T43] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 100.312202][ T43] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class) [ 100.654399][ T30] audit: type=1326 audit(1759323297.336:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6018 comm="syz.4.38" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffe539 code=0x7ffc0000 [ 100.656021][ T2991] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 100.696551][ T2991] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 100.708423][ T30] audit: type=1326 audit(1759323297.376:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6018 comm="syz.4.38" exe="/root/syz-executor" sig=0 arch=40000003 syscall=5 compat=1 ip=0xf6ffe539 code=0x7ffc0000 [ 100.735414][ T2991] bond0 (unregistering): Released all slaves [ 100.753973][ T30] audit: type=1326 audit(1759323297.376:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6018 comm="syz.4.38" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffe539 code=0x7ffc0000 [ 100.777326][ T30] audit: type=1326 audit(1759323297.376:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6018 comm="syz.4.38" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffe539 code=0x7ffc0000 [ 100.805617][ T30] audit: type=1326 audit(1759323297.376:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6018 comm="syz.4.38" exe="/root/syz-executor" sig=0 arch=40000003 syscall=296 compat=1 ip=0xf6ffe539 code=0x7ffc0000 [ 100.828259][ T30] audit: type=1326 audit(1759323297.376:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6018 comm="syz.4.38" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffe539 code=0x7ffc0000 [ 100.932616][ T43] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 100.954703][ T43] em28xx 4-1:0.0: Config register raw data: 0xfffffffb [ 101.171175][ T43] em28xx 4-1:0.0: AC97 chip type couldn't be determined [ 101.178189][ T43] em28xx 4-1:0.0: No AC97 audio processor [ 101.313483][ T43] usb 4-1: USB disconnect, device number 2 [ 101.484055][ T43] em28xx 4-1:0.0: Disconnecting em28xx [ 101.520992][ T43] em28xx 4-1:0.0: Freeing device [ 101.912579][ T5851] Bluetooth: hci0: command tx timeout [ 102.272694][ T6047] netlink: 136 bytes leftover after parsing attributes in process `syz.4.44'. [ 102.293838][ T6047] A link change request failed with some changes committed already. Interface ip6_vti0 may have been left with an inconsistent configuration, please check. [ 102.431735][ T2991] hsr_slave_0: left promiscuous mode [ 102.446121][ T2991] hsr_slave_1: left promiscuous mode [ 102.455107][ T2991] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 102.507936][ T2991] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 102.555360][ T2991] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 102.579456][ T2991] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 102.643162][ T2991] veth1_macvtap: left promiscuous mode [ 102.649172][ T2991] veth0_macvtap: left promiscuous mode [ 102.687729][ T2991] veth1_vlan: left promiscuous mode [ 102.705247][ T2991] veth0_vlan: left promiscuous mode [ 103.877097][ T2991] team0 (unregistering): Port device team_slave_1 removed [ 103.990858][ T5851] Bluetooth: hci0: command tx timeout [ 104.075470][ T2991] team0 (unregistering): Port device team_slave_0 removed [ 105.055417][ T6010] chnl_net:caif_netlink_parms(): no params data found [ 105.429946][ T6100] binder: 6099:6100 ioctl c0306201 800003c0 returned -14 [ 106.005247][ T6010] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.039699][ T6010] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.060683][ T5851] Bluetooth: hci0: command tx timeout [ 106.079552][ T6010] bridge_slave_0: entered allmulticast mode [ 106.098181][ T6010] bridge_slave_0: entered promiscuous mode [ 106.374605][ T6010] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.423399][ T6122] input: syz1 as /devices/virtual/input/input5 [ 106.436727][ T6010] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.444802][ T6010] bridge_slave_1: entered allmulticast mode [ 106.494985][ T6010] bridge_slave_1: entered promiscuous mode [ 106.915704][ T6010] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 107.095141][ T6010] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 107.338044][ T6010] team0: Port device team_slave_0 added [ 107.359448][ T6010] team0: Port device team_slave_1 added [ 107.484299][ T6010] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 107.493835][ T6010] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.520541][ T6010] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 107.542079][ T6010] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 107.572443][ T6010] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.682692][ T6010] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 108.073192][ T6010] hsr_slave_0: entered promiscuous mode [ 108.115910][ T6010] hsr_slave_1: entered promiscuous mode [ 108.139474][ T5851] Bluetooth: hci0: command tx timeout [ 108.151195][ T6010] debugfs: 'hsr0' already exists in 'hsr' [ 108.186190][ T6010] Cannot create hsr debugfs directory [ 109.955396][ T6010] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 110.025121][ T6010] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 110.093755][ T6010] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 110.195852][ T6010] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 110.499834][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 110.504679][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 110.612300][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 110.645543][ T6232] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 110.653506][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 110.704116][ T6010] 8021q: adding VLAN 0 to HW filter on device bond0 [ 110.729496][ T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!! [ 110.739217][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 110.843330][ T6010] 8021q: adding VLAN 0 to HW filter on device team0 [ 110.908985][ T2961] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.916226][ T2961] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.955041][ T6240] vcan0: tx drop: invalid da for name 0x0000000000000002 [ 110.968850][ T2961] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.976096][ T2961] bridge0: port 2(bridge_slave_1) entered forwarding state [ 111.072574][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 111.072592][ T30] audit: type=1326 audit(1759323307.756:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6242 comm="syz.1.103" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f56539 code=0x0 [ 111.357049][ T6010] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 111.558136][ T6010] veth0_vlan: entered promiscuous mode [ 111.604682][ T6010] veth1_vlan: entered promiscuous mode [ 111.696930][ T6010] veth0_macvtap: entered promiscuous mode [ 111.716693][ T6010] veth1_macvtap: entered promiscuous mode [ 111.776779][ T6010] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.861843][ T6010] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.929606][ T61] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.986301][ T30] audit: type=1326 audit(1759323308.666:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6267 comm="syz.2.111" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf709e539 code=0x0 [ 112.046125][ T61] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.101035][ T61] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.158894][ T2961] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.580764][ T3019] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.624836][ T3019] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.694151][ T6290] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.119'. [ 112.775972][ T2961] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.823019][ T2961] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.051276][ T6300] netlink: 'syz.0.25': attribute type 11 has an invalid length. [ 113.970638][ T6332] netlink: 4 bytes leftover after parsing attributes in process `syz.2.136'. [ 114.590068][ T6353] Zero length message leads to an empty skb [ 116.289430][ T9] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 116.396025][ T6396] loop3: detected capacity change from 0 to 1 [ 116.409259][ T6396] Dev loop3: unable to read RDB block 1 [ 116.416272][ T6396] loop3: unable to read partition table [ 116.422701][ T6396] loop3: partition table beyond EOD, truncated [ 116.429051][ T6396] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5) [ 116.429602][ T24] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 116.449581][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 116.475514][ T5987] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 116.495220][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 116.507285][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 116.521267][ T9] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 116.532773][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.573395][ T9] usb 3-1: config 0 descriptor?? [ 116.609524][ T24] usb 5-1: Using ep0 maxpacket: 32 [ 116.622710][ T24] usb 5-1: config 0 has an invalid interface number: 184 but max is 0 [ 116.636139][ T24] usb 5-1: config 0 has no interface number 0 [ 116.643685][ T24] usb 5-1: config 0 interface 184 has no altsetting 0 [ 116.664112][ T24] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 116.684335][ T5987] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 116.697466][ T5987] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 116.700564][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.712224][ T5987] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 116.724934][ T24] usb 5-1: Product: syz [ 116.728833][ T5987] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 116.735924][ T24] usb 5-1: Manufacturer: syz [ 116.751425][ T5987] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 116.751592][ T24] usb 5-1: SerialNumber: syz [ 116.762196][ T5987] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 116.775680][ T5987] usb 4-1: Manufacturer: syz [ 116.798540][ T24] usb 5-1: config 0 descriptor?? [ 116.828209][ T24] smsc75xx v1.0.0 [ 116.833431][ T5987] usb 4-1: config 0 descriptor?? [ 117.031365][ T9] savu 0003:1E7D:2D5A.0001: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0 [ 117.293278][ T5987] appleir 0003:05AC:8243.0002: unknown main item tag 0x0 [ 117.331044][ T43] usb 3-1: USB disconnect, device number 3 [ 117.338394][ T5987] appleir 0003:05AC:8243.0002: hiddev1,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 117.451489][ T24] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 117.470251][ T24] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 117.538433][ T5919] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 117.695963][ T10] usb 4-1: USB disconnect, device number 3 [ 117.719589][ T5919] usb 2-1: Using ep0 maxpacket: 8 [ 117.743149][ T5919] usb 2-1: config 150 has an invalid interface number: 204 but max is 1 [ 117.755160][ T5919] usb 2-1: config 150 has no interface number 0 [ 117.764126][ T5919] usb 2-1: config 150 interface 204 has no altsetting 0 [ 117.776141][ T5919] usb 2-1: config 150 interface 1 has no altsetting 0 [ 117.797159][ T5919] usb 2-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb [ 117.808223][ T5919] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.818715][ T5919] usb 2-1: Product: syz [ 117.825907][ T5919] usb 2-1: Manufacturer: syz [ 117.834247][ T5919] usb 2-1: SerialNumber: syz [ 117.885865][ T24] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000010: -71 [ 117.920535][ T24] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to write HW_CFG: -71 [ 117.952394][ T24] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 117.978857][ T24] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -71 [ 118.022629][ T24] usb 5-1: USB disconnect, device number 3 [ 118.077722][ T5919] xr_serial 2-1:150.204: xr_serial converter detected [ 118.784968][ T30] audit: type=1800 audit(1759323315.466:22): pid=6437 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.177" name="memory.events" dev="tmpfs" ino=184 res=0 errno=0 [ 118.906874][ T5919] usb 2-1: xr_serial converter now attached to ttyUSB0 [ 119.130431][ T5919] usb 2-1: USB disconnect, device number 3 [ 119.151469][ T5919] xr_serial ttyUSB0: xr_serial converter now disconnected from ttyUSB0 [ 119.185686][ T5919] xr_serial 2-1:150.204: device disconnected [ 119.940370][ T6477] input: syz1 as /devices/virtual/input/input6 [ 119.959537][ T5919] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 120.110794][ T6479] netlink: 4 bytes leftover after parsing attributes in process `syz.0.192'. [ 120.180806][ T6479] netlink: 72 bytes leftover after parsing attributes in process `syz.0.192'. [ 120.211252][ T5919] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 120.242852][ T5919] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 120.254300][ T5919] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 120.263527][ T5919] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.274679][ T5919] usb 5-1: config 0 descriptor?? [ 120.560128][ T0] NOHZ tick-stop error: local softirq work is pending, handler #340!!! [ 120.709914][ T5919] cm6533_jd 0003:0D8C:0022.0003: unknown main item tag 0x0 [ 120.739691][ T5919] cm6533_jd 0003:0D8C:0022.0003: unknown main item tag 0x0 [ 120.766796][ T5919] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0D8C:0022.0003/input/input7 [ 120.898177][ T5919] cm6533_jd 0003:0D8C:0022.0003: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0 [ 120.965081][ T5919] usb 5-1: USB disconnect, device number 4 [ 121.178286][ T6497] fido_id[6497]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 121.339844][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 121.509452][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 121.517376][ T9] usb 1-1: config 0 has an invalid interface number: 115 but max is 0 [ 121.537370][ T9] usb 1-1: config 0 has no interface number 0 [ 121.559670][ T9] usb 1-1: config 0 interface 115 has no altsetting 0 [ 121.577279][ T9] usb 1-1: New USB device found, idVendor=5032, idProduct=0fa0, bcdDevice=c1.79 [ 121.599347][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.629145][ T9] usb 1-1: Product: syz [ 121.648695][ T9] usb 1-1: Manufacturer: syz [ 121.658032][ T9] usb 1-1: SerialNumber: syz [ 121.684500][ T9] usb 1-1: config 0 descriptor?? [ 121.703374][ T9] dvb-usb: found a 'Grandtec USB1.1 DVB-T' in cold state, will try to load a firmware [ 121.741748][ T9] usb 1-1: Direct firmware load for dvb-usb-dibusb-5.0.0.11.fw failed with error -2 [ 121.765571][ T9] usb 1-1: Falling back to sysfs fallback for: dvb-usb-dibusb-5.0.0.11.fw [ 122.539970][ T5843] Bluetooth: hci0: command 0x0405 tx timeout [ 123.389441][ T24] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 123.560840][ T24] usb 3-1: too many configurations: 9, using maximum allowed: 8 [ 123.582249][ T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 123.599423][ T24] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 123.619684][ T24] usb 3-1: config 0 interface 0 has no altsetting 0 [ 123.630224][ T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 123.650138][ T24] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 123.669442][ T24] usb 3-1: config 0 interface 0 has no altsetting 0 [ 123.677407][ T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 123.689416][ T24] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 123.709409][ T24] usb 3-1: config 0 interface 0 has no altsetting 0 [ 123.730063][ T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 123.740883][ T24] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 123.769365][ T24] usb 3-1: config 0 interface 0 has no altsetting 0 [ 123.777537][ T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 123.788355][ T24] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 123.819526][ T24] usb 3-1: config 0 interface 0 has no altsetting 0 [ 123.880381][ T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 123.893980][ T24] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 123.906013][ T24] usb 3-1: config 0 interface 0 has no altsetting 0 [ 123.914239][ T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 123.929882][ T24] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 123.963557][ T24] usb 3-1: config 0 interface 0 has no altsetting 0 [ 123.973004][ T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 123.992320][ T24] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 124.029405][ T24] usb 3-1: config 0 interface 0 has no altsetting 0 [ 124.039780][ T24] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 124.077952][ T24] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 124.090430][ T24] usb 3-1: Product: syz [ 124.099407][ T24] usb 3-1: Manufacturer: syz [ 124.104192][ T24] usb 3-1: SerialNumber: syz [ 124.129834][ T24] usb 3-1: config 0 descriptor?? [ 124.149711][ T24] yurex 3-1:0.0: USB YUREX device now attached to Yurex #0 [ 124.486444][ T5843] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 124.496033][ T5843] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 124.504279][ T5843] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 124.514957][ T5843] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 124.523557][ T5843] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 124.654188][ C1] usb 3-1: yurex_control_callback - control failed: -71 [ 124.665584][ T24] usb 3-1: USB disconnect, device number 4 [ 124.684767][ T6579] yurex 3-1:0.0: yurex_write - failed to send bulk msg, error -19 [ 124.745896][ T24] yurex 3-1:0.0: USB YUREX #0 now disconnected [ 125.308366][ T6583] chnl_net:caif_netlink_parms(): no params data found [ 125.890387][ T5987] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 125.967029][ T6583] bridge0: port 1(bridge_slave_0) entered blocking state [ 125.978323][ T6583] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.998846][ T6583] bridge_slave_0: entered allmulticast mode [ 126.008832][ T6583] bridge_slave_0: entered promiscuous mode [ 126.015979][ T5928] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 126.030883][ T6583] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.038711][ T6583] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.046353][ T6583] bridge_slave_1: entered allmulticast mode [ 126.055713][ T6583] bridge_slave_1: entered promiscuous mode [ 126.079393][ T5987] usb 2-1: Using ep0 maxpacket: 32 [ 126.090478][ T5987] usb 2-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 126.100966][ T5987] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.121545][ T5987] usb 2-1: config 0 descriptor?? [ 126.142332][ T5987] gspca_main: sunplus-2.14.0 probing 041e:400b [ 126.165373][ T6583] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 126.179134][ T6583] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 126.188973][ T6625] pim6reg1: entered promiscuous mode [ 126.189890][ T5928] usb 5-1: Using ep0 maxpacket: 8 [ 126.196921][ T6625] pim6reg1: entered allmulticast mode [ 126.212348][ T5928] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 126.233513][ T5928] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 126.242786][ T5928] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.260883][ T5928] usb 5-1: config 0 descriptor?? [ 126.304838][ T6583] team0: Port device team_slave_0 added [ 126.315173][ T6583] team0: Port device team_slave_1 added [ 126.382558][ T6583] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 126.399665][ T6583] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 126.425840][ T6583] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 126.440499][ T6583] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 126.447616][ T6583] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 126.450747][ T6627] netlink: 4 bytes leftover after parsing attributes in process `syz.2.250'. [ 126.482213][ T6583] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 126.505275][ T5928] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 126.624646][ T5843] Bluetooth: hci1: command tx timeout [ 126.701087][ T6583] hsr_slave_0: entered promiscuous mode [ 126.710847][ T6583] hsr_slave_1: entered promiscuous mode [ 126.718066][ T6583] debugfs: 'hsr0' already exists in 'hsr' [ 126.724011][ T6583] Cannot create hsr debugfs directory [ 127.162379][ T6583] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 127.177634][ T6583] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 127.192559][ T6583] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 127.206831][ T6583] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 127.315274][ T5953] usb 5-1: USB disconnect, device number 5 [ 127.355580][ T5987] gspca_sunplus: reg_w_riv err -71 [ 127.384018][ T5987] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 127.412701][ T5987] usb 2-1: USB disconnect, device number 4 [ 127.480918][ T6583] 8021q: adding VLAN 0 to HW filter on device bond0 [ 127.556191][ T6583] 8021q: adding VLAN 0 to HW filter on device team0 [ 127.576824][ T2991] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.584036][ T2991] bridge0: port 1(bridge_slave_0) entered forwarding state [ 127.634325][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.641574][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 127.878187][ T6583] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 128.039676][ T6583] veth0_vlan: entered promiscuous mode [ 128.092073][ T6583] veth1_vlan: entered promiscuous mode [ 128.198821][ T6583] veth0_macvtap: entered promiscuous mode [ 128.235782][ T6583] veth1_macvtap: entered promiscuous mode [ 128.291468][ T6583] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 128.333036][ T6583] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 128.373331][ T2991] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.401274][ T2991] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.458235][ T2991] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.493451][ T2991] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.595892][ T6678] KVM: debugfs: duplicate directory 6678-5 [ 128.699656][ T5843] Bluetooth: hci1: command tx timeout [ 128.775243][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.811513][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.881856][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.918759][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.457187][ T6691] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 129.460110][ T5953] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 129.489464][ T5919] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 129.528372][ T6691] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 129.584647][ T6691] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 129.614417][ T6691] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 129.619646][ T5953] usb 5-1: Using ep0 maxpacket: 8 [ 129.625405][ T6691] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 129.642358][ T5919] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 129.654136][ T5953] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 129.655148][ T6691] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 129.662819][ T5919] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 129.662852][ T5919] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.671541][ T5919] usb 3-1: config 0 descriptor?? [ 129.699436][ T5953] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 129.709222][ T5953] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 129.719396][ T5953] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 129.733603][ T5953] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 129.749107][ T5953] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 129.758290][ T5953] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.773813][ T6691] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 129.782241][ T6691] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 129.803474][ T6691] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 129.816613][ T6691] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 129.827410][ T6691] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 129.841219][ T6691] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 129.889181][ T6691] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 129.907307][ T6691] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 129.916563][ T6691] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 129.944745][ T5919] usbhid 3-1:0.0: can't add hid device: -71 [ 129.953868][ T5919] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 129.967929][ T5919] usb 3-1: USB disconnect, device number 5 [ 130.005719][ T5953] usb 5-1: GET_CAPABILITIES returned 0 [ 130.014243][ T5953] usbtmc 5-1:16.0: can't read capabilities [ 130.298759][ T6711] syzkaller0: tun_chr_ioctl cmd 1074025678 [ 130.308713][ T6711] syzkaller0: group set to 0 [ 130.381778][ T6695] usbtmc 5-1:16.0: usb_control_msg returned -71 [ 130.388734][ T5906] usb 5-1: USB disconnect, device number 6 [ 130.459609][ T5953] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 130.639411][ T5953] usb 3-1: Using ep0 maxpacket: 32 [ 130.646481][ T5953] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 130.667765][ T5953] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 130.699018][ T5953] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.734131][ T5953] usb 3-1: config 0 descriptor?? [ 130.746850][ T5953] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 130.780759][ T5953] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 131.243066][ T5927] usb 3-1: USB disconnect, device number 6 [ 131.266873][ T5927] ldusb 3-1:0.0: LD USB Device #0 now disconnected [ 131.499443][ T5851] Bluetooth: hci2: command 0x0c1a tx timeout [ 131.605125][ T6743] loop6: detected capacity change from 0 to 7 [ 131.614698][ T6743] loop6: [CUMANA/ADFS] p1 [ADFS] p1 [ 131.623988][ T6743] loop6: partition table partially beyond EOD, truncated [ 131.633653][ T6743] loop6: p1 size 1585496431 extends beyond EOD, truncated [ 131.662065][ T5851] Bluetooth: hci3: command 0x0c1a tx timeout [ 131.736269][ T5857] udevd[5857]: inotify_add_watch(7, /dev/loop6p1, 10) failed: No such file or directory [ 131.819645][ T5851] Bluetooth: hci0: command 0x0405 tx timeout [ 131.827148][ T5851] Bluetooth: hci4: command 0x0c1a tx timeout [ 131.899804][ T5851] Bluetooth: hci1: command 0x0419 tx timeout [ 132.005761][ T6751] input: syz0 as /devices/virtual/input/input8 [ 133.046014][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.059579][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.361340][ T5927] usb 5-1: new full-speed USB device number 7 using dummy_hcd [ 133.553432][ T5927] usb 5-1: config 0 has an invalid interface number: 128 but max is 0 [ 133.579568][ T5851] Bluetooth: hci2: command 0x0c1a tx timeout [ 133.580002][ T5927] usb 5-1: config 0 has no interface number 0 [ 133.618015][ T5927] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 133.657293][ T5927] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.696923][ T5927] usb 5-1: Product: syz [ 133.720205][ T5927] usb 5-1: Manufacturer: syz [ 133.724891][ T5927] usb 5-1: SerialNumber: syz [ 133.739777][ T5851] Bluetooth: hci3: command 0x0c1a tx timeout [ 133.753348][ T5927] usb 5-1: config 0 descriptor?? [ 133.899885][ T5851] Bluetooth: hci4: command 0x0c1a tx timeout [ 133.906011][ T5843] Bluetooth: hci0: command 0x0405 tx timeout [ 133.979798][ T5851] Bluetooth: hci1: command 0x0419 tx timeout [ 134.105758][ T6791] kvm: user requested TSC rate below hardware speed [ 134.618580][ T5927] usb 5-1: Firmware: major: 0, minor: 0, hardware type: ATUSB (0) [ 134.675778][ T5927] usb 5-1: Firmware version (0.0) predates our first public release. [ 134.693765][ T5927] usb 5-1: Please update to version 0.2 or newer [ 134.899430][ T5919] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 134.945346][ T5927] usb 5-1: USB disconnect, device number 7 [ 135.101296][ T5919] usb 3-1: Using ep0 maxpacket: 8 [ 135.150695][ T5919] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 135.158961][ T5919] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 135.214717][ T5919] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 135.262277][ T5919] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 135.283100][ T5919] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 135.341851][ T5919] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 135.368253][ T5919] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.632310][ T5919] usb 3-1: GET_CAPABILITIES returned 0 [ 135.637898][ T5919] usbtmc 3-1:16.0: can't read capabilities [ 135.660489][ T5851] Bluetooth: hci2: command 0x0c1a tx timeout [ 135.839363][ T5851] Bluetooth: hci3: command 0x0c1a tx timeout [ 135.941674][ T5919] usb 3-1: USB disconnect, device number 7 [ 135.979607][ T5851] Bluetooth: hci4: command 0x0c1a tx timeout [ 135.979618][ T5843] Bluetooth: hci0: command 0x0405 tx timeout [ 136.059585][ T5843] Bluetooth: hci1: command 0x0419 tx timeout [ 136.735216][ T6832] netlink: 16 bytes leftover after parsing attributes in process `syz.2.326'. [ 136.878130][ T6835] netlink: 16 bytes leftover after parsing attributes in process `syz.2.326'. [ 137.039684][ T6836] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 137.125748][ T6839] bridge_slave_0: left allmulticast mode [ 137.185422][ T6839] bridge_slave_0: left promiscuous mode [ 137.209210][ T6839] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.321638][ T6839] bridge_slave_1: left allmulticast mode [ 137.339953][ T6839] bridge_slave_1: left promiscuous mode [ 137.367165][ T6839] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.591277][ T6839] bond0: (slave bond_slave_0): Releasing backup interface [ 137.782354][ T6839] bond0: (slave bond_slave_1): Releasing backup interface [ 137.914142][ T6839] team0: Port device team_slave_0 removed [ 137.948481][ T6839] team0: Port device team_slave_1 removed [ 138.013305][ T6839] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 138.129807][ T6839] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 138.140492][ T5843] Bluetooth: hci1: command 0x0419 tx timeout [ 138.230302][ T6839] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 138.237902][ T6839] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 138.894806][ T6862] netlink: 20 bytes leftover after parsing attributes in process `syz.0.336'. [ 138.956914][ T6862] netlink: 4 bytes leftover after parsing attributes in process `syz.0.336'. [ 139.953299][ T6880] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 139.962401][ T5953] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 140.139474][ T5953] usb 3-1: Using ep0 maxpacket: 8 [ 140.154579][ T5953] usb 3-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 140.171808][ T5953] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.189062][ T5953] usb 3-1: Product: syz [ 140.198162][ T5953] usb 3-1: Manufacturer: syz [ 140.208655][ T5953] usb 3-1: SerialNumber: syz [ 140.234890][ T5843] Bluetooth: hci1: command 0x0419 tx timeout [ 140.255275][ T5953] usb 3-1: config 0 descriptor?? [ 140.273040][ T5953] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 140.528799][ T5906] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 140.668401][ T30] audit: type=1326 audit(1759323337.346:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6888 comm="syz.4.349" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf6ffe539 code=0x0 [ 140.689669][ C0] vkms_vblank_simulate: vblank timer overrun [ 140.729758][ T5906] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 140.749481][ T5906] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 140.802524][ T5906] usb 2-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 140.816972][ T5906] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.833805][ T5906] usb 2-1: Product: syz [ 140.840501][ T5906] usb 2-1: Manufacturer: syz [ 140.845244][ T5906] usb 2-1: SerialNumber: syz [ 140.870212][ T5906] usb 2-1: config 0 descriptor?? [ 140.886962][ T6885] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 140.914904][ T6885] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 141.148155][ T6885] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 141.160777][ T6885] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 141.288832][ T6901] netlink: 1347 bytes leftover after parsing attributes in process `syz.5.351'. [ 141.568615][ T5953] gspca_sonixj: reg_w1 err -71 [ 141.579892][ T5906] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00 [ 141.642075][ T5953] sonixj 3-1:0.0: probe with driver sonixj failed with error -71 [ 141.671155][ T5953] usb 3-1: USB disconnect, device number 8 [ 141.784121][ T5906] dm9601 2-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID [ 141.804945][ T5906] usb 2-1: USB disconnect, device number 5 [ 141.967018][ T6912] kvm: vcpu 512: requested lapic timer restore with starting count register 0x390=1814518830 (232258410240 ns) > initial count (2458284544 ns). Using initial count to start timer. [ 142.479474][ T5953] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 142.490173][ T5987] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 142.642998][ T5953] usb 3-1: config index 0 descriptor too short (expected 23569, got 27) [ 142.659468][ T5953] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 142.665827][ T5987] usb 5-1: Using ep0 maxpacket: 8 [ 142.688809][ T5953] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 142.700445][ T5953] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 142.705976][ T5987] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 142.714633][ T5953] usb 3-1: Manufacturer: syz [ 142.718922][ T5987] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 142.732495][ T5987] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 142.740929][ T5953] usb 3-1: config 0 descriptor?? [ 142.744738][ T5987] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 142.779376][ T5987] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 142.826405][ T5987] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 142.839806][ T5919] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 142.851585][ T5987] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 142.870166][ T5987] usb 5-1: config 168 interface 0 has no altsetting 0 [ 142.878351][ T5987] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 142.888709][ T5987] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 142.899388][ T5953] rc_core: IR keymap rc-hauppauge not found [ 142.900756][ T5987] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 142.905819][ T5953] Registered IR keymap rc-empty [ 142.920752][ T5987] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 142.948396][ T5953] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 142.958818][ T5987] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 142.958852][ T5987] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 143.000194][ T5953] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input9 [ 143.025885][ T5987] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 143.026954][ C1] igorplugusb 3-1:0.0: Error: urb status = -32 [ 143.040313][ T5987] usb 5-1: config 168 interface 0 has no altsetting 0 [ 143.052692][ T5919] usb 2-1: Using ep0 maxpacket: 16 [ 143.065436][ T5987] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 143.071072][ T5919] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 143.073279][ T5987] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 143.097256][ T5919] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 143.138102][ T5953] usb 3-1: USB disconnect, device number 9 [ 143.140448][ T5987] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 143.165047][ T5919] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 143.193775][ T5919] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.207101][ T5919] usb 2-1: Product: syz [ 143.221119][ T5987] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 143.239362][ T5919] usb 2-1: Manufacturer: syz [ 143.244191][ T5919] usb 2-1: SerialNumber: syz [ 143.277191][ T5987] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 143.319742][ T5987] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 143.338281][ T5987] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 143.358568][ T5987] usb 5-1: config 168 interface 0 has no altsetting 0 [ 143.374218][ T5987] usb 5-1: string descriptor 0 read error: -22 [ 143.381380][ T5987] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 143.408137][ T5987] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.435074][ T5987] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 143.474457][ T5919] usb 2-1: 0:2 : does not exist [ 143.502551][ T5919] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 143.531557][ T5919] usb 2-1: USB disconnect, device number 6 [ 143.567852][ T5857] udevd[5857]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 143.767601][ T6944] netlink: 16 bytes leftover after parsing attributes in process `syz.0.370'. [ 143.814391][ T6944] netlink: 16 bytes leftover after parsing attributes in process `syz.0.370'. [ 143.987438][ T6951] IPVS: Scheduler module ip_vs_ not found [ 144.019619][ T5953] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 144.129471][ T5919] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 144.183830][ T5953] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 144.206969][ T5953] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 144.232948][ T5953] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 144.244029][ T5953] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.274667][ T6946] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 144.299985][ T5919] usb 3-1: Using ep0 maxpacket: 16 [ 144.320442][ T5919] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 144.334800][ T5953] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 144.352935][ T5919] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 144.387234][ T5919] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 144.463913][ T5919] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 144.503791][ T5919] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.583162][ T5919] usb 3-1: config 0 descriptor?? [ 144.607908][ T5953] usb 6-1: USB disconnect, device number 2 [ 144.776389][ T6965] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 144.802174][ T6965] bridge0: port 1(bridge_slave_0) entered listening state [ 145.040890][ T5919] microsoft 0003:045E:07DA.0004: ignoring exceeding usage max [ 145.186104][ T5919] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0004/input/input10 [ 145.386489][ T5987] usb 5-1: USB disconnect, device number 8 [ 145.738013][ T7001] bridge_slave_0: left allmulticast mode [ 145.779858][ T7001] bridge_slave_0: left promiscuous mode [ 145.785710][ T7001] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.825426][ T7007] loop2: detected capacity change from 0 to 7 [ 145.865322][ T7007] Dev loop2: unable to read RDB block 7 [ 145.888631][ T7007] loop2: unable to read partition table [ 145.915510][ T7007] loop2: partition table beyond EOD, truncated [ 145.925585][ T7001] bridge_slave_1: left allmulticast mode [ 145.931035][ T5919] microsoft 0003:045E:07DA.0004: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 145.959865][ T7007] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 146.044349][ T7001] bridge_slave_1: left promiscuous mode [ 146.089674][ T5919] usb 3-1: USB disconnect, device number 10 [ 146.135687][ T7001] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.269066][ T7001] bond0: (slave bond_slave_0): Releasing backup interface [ 146.299052][ T7014] fido_id[7014]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory [ 146.373984][ T7001] bond0: (slave bond_slave_1): Releasing backup interface [ 146.604591][ T7001] team0: Port device team_slave_0 removed [ 146.743279][ T7001] team0: Port device team_slave_1 removed [ 146.785989][ T7001] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 146.849728][ T7001] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 146.899797][ T7001] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 146.912965][ T7001] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 149.449246][ T7102] binder: 7100:7102 ioctl c0306201 800003c0 returned -14 [ 151.701997][ T7135] netlink: 8 bytes leftover after parsing attributes in process `syz.2.426'. [ 152.469585][ T7158] netlink: 4 bytes leftover after parsing attributes in process `syz.1.436'. [ 152.492992][ T7158] netlink: 4 bytes leftover after parsing attributes in process `syz.1.436'. [ 152.604531][ T7162] netlink: 4 bytes leftover after parsing attributes in process `syz.4.438'. [ 153.609171][ T7169] capability: warning: `syz.2.442' uses deprecated v2 capabilities in a way that may be insecure [ 154.284483][ T7202] netlink: 4 bytes leftover after parsing attributes in process `syz.4.454'. [ 154.300593][ T7202] netlink: 4 bytes leftover after parsing attributes in process `syz.4.454'. [ 154.490410][ T5927] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 154.520257][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 154.556918][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 154.599741][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 154.679615][ T5927] usb 3-1: Using ep0 maxpacket: 8 [ 154.692525][ T5927] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 154.711654][ T5927] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 154.734472][ T5927] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 154.772550][ T5927] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 154.796720][ T5927] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 154.810596][ T5927] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 154.829808][ T5927] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.065927][ T5927] usb 3-1: usb_control_msg returned -32 [ 155.075548][ T5927] usbtmc 3-1:16.0: can't read capabilities [ 155.411875][ T7231] netlink: 'syz.5.464': attribute type 4 has an invalid length. [ 155.435048][ T7231] netlink: 152 bytes leftover after parsing attributes in process `syz.5.464'. [ 155.464303][ T7231] netlink: 6 bytes leftover after parsing attributes in process `syz.5.464'. [ 155.476121][ T7231] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 155.833067][ T7248] usbtmc 3-1:16.0: usb_clear_halt returned -32 [ 156.027311][ T5906] usb 3-1: USB disconnect, device number 11 [ 157.024161][ T7293] trusted_key: syz.1.486 sent an empty control message without MSG_MORE. [ 157.466554][ T7316] netlink: 16 bytes leftover after parsing attributes in process `syz.4.489'. [ 157.909568][ T7332] netlink: 4 bytes leftover after parsing attributes in process `syz.1.495'. [ 157.933371][ T7332] netlink: 4 bytes leftover after parsing attributes in process `syz.1.495'. [ 159.084638][ T7366] macvtap1: entered promiscuous mode [ 159.090613][ T7366] macvtap1: entered allmulticast mode [ 159.096612][ T7366] dummy0: entered promiscuous mode [ 159.102835][ T7366] dummy0: entered allmulticast mode [ 159.111351][ T7366] team0: Device macvtap1 failed to register rx_handler [ 159.124489][ T7366] dummy0: left allmulticast mode [ 159.144453][ T7366] dummy0: left promiscuous mode [ 159.395956][ T7375] netlink: 20 bytes leftover after parsing attributes in process `syz.2.511'. [ 159.437115][ T7375] netlink: 20 bytes leftover after parsing attributes in process `syz.2.511'. [ 159.665086][ T7386] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=3356708090 (26853664720 ns) > initial count (9735166528 ns). Using initial count to start timer. [ 159.692296][ T7386] kvm: Disabled LAPIC found during irq injection [ 159.769482][ T5919] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 159.960726][ T5919] usb 5-1: Using ep0 maxpacket: 32 [ 159.973501][ T5919] usb 5-1: config 0 has an invalid interface number: 184 but max is 0 [ 160.001618][ T5919] usb 5-1: config 0 has no interface number 0 [ 160.008093][ T5919] usb 5-1: config 0 interface 184 has no altsetting 0 [ 160.018441][ T5919] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 160.033834][ T5919] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.043190][ T5919] usb 5-1: Product: syz [ 160.047482][ T5919] usb 5-1: Manufacturer: syz [ 160.057492][ T5919] usb 5-1: SerialNumber: syz [ 160.090088][ T5919] usb 5-1: config 0 descriptor?? [ 160.130275][ T5919] smsc75xx v1.0.0 [ 160.389493][ T24] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 160.559399][ T24] usb 3-1: Using ep0 maxpacket: 16 [ 160.593039][ T24] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 160.618179][ T7395] netlink: 4 bytes leftover after parsing attributes in process `syz.0.519'. [ 160.635996][ T24] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 160.651416][ T24] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 160.710872][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.731160][ T24] usb 3-1: Product: syz [ 160.735446][ T24] usb 3-1: Manufacturer: syz [ 160.780251][ T24] usb 3-1: SerialNumber: syz [ 161.028547][ T24] usb 3-1: 0:2 : does not exist [ 161.064375][ T24] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 161.151058][ T24] usb 3-1: USB disconnect, device number 12 [ 161.189898][ T5919] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): EEPROM read operation timeout [ 161.304556][ T5857] udevd[5857]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 161.395519][ T5919] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 161.424982][ T5919] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 161.463744][ T5919] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 161.520567][ T5919] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 161.547547][ T5919] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -71 [ 161.573022][ T5919] usb 5-1: USB disconnect, device number 9 [ 162.092282][ T10] IPVS: starting estimator thread 0... [ 162.174545][ T7429] kvm: user requested TSC rate below hardware speed [ 162.199466][ T7426] IPVS: using max 27 ests per chain, 64800 per kthread [ 162.550090][ T10] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 162.729332][ T10] usb 6-1: Using ep0 maxpacket: 16 [ 162.754631][ T10] usb 6-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 162.790636][ T10] usb 6-1: config 0 interface 0 has no altsetting 0 [ 162.814464][ T10] usb 6-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 162.840606][ T7454] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 162.846170][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.897809][ T10] usb 6-1: config 0 descriptor?? [ 163.380906][ T10] nzxt-smart2 0003:1E71:2009.0005: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.5-1/input0 [ 163.791875][ T7475] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.550'. [ 163.793681][ T5906] usb 6-1: USB disconnect, device number 3 [ 164.172420][ T7482] netlink: 12 bytes leftover after parsing attributes in process `syz.0.552'. [ 164.205760][ T7482] netlink: 'syz.0.552': attribute type 18 has an invalid length. [ 164.261188][ T7482] vxlan0: entered promiscuous mode [ 164.273764][ T6990] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 164.282937][ T6990] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 164.316473][ T6990] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 164.337928][ T6990] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 164.939611][ T5987] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 165.100295][ T5987] usb 6-1: Using ep0 maxpacket: 32 [ 165.113263][ T5987] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40 [ 165.126834][ T5987] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.156701][ T5987] usb 6-1: config 0 descriptor?? [ 165.387026][ T5987] dvb-usb: found a 'Elgato EyeTV DTT' in warm state. [ 165.418510][ T5987] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 165.455570][ T5987] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT) [ 165.470560][ T5987] usb 6-1: media controller created [ 165.566254][ T5987] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 165.590001][ T7493] dib0700: tx buffer length is larger than 4. Not supported. [ 165.667188][ T5987] DVB: Unable to find symbol dib7000p_attach() [ 165.678631][ T5987] dvb-usb: no frontend was attached by 'Elgato EyeTV DTT' [ 165.770624][ T5987] rc_core: IR keymap rc-dib0700-rc5 not found [ 165.776767][ T5987] Registered IR keymap rc-empty [ 165.782844][ T5987] dvb-usb: could not initialize remote control. [ 165.789135][ T5987] dvb-usb: Elgato EyeTV DTT successfully initialized and connected. [ 165.810574][ T5987] usb 6-1: USB disconnect, device number 4 [ 165.891945][ T5987] dvb-usb: Elgato EyeTV DTT successfully deinitialized and disconnected. [ 166.569641][ T5987] usb 3-1: new full-speed USB device number 13 using dummy_hcd [ 166.751942][ T5987] usb 3-1: config 0 has an invalid interface number: 128 but max is 0 [ 166.778397][ T5987] usb 3-1: config 0 has no interface number 0 [ 166.797801][ T5987] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 166.836117][ T5987] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.856543][ T5987] usb 3-1: Product: syz [ 166.865228][ T5987] usb 3-1: Manufacturer: syz [ 166.877074][ T5987] usb 3-1: SerialNumber: syz [ 166.902387][ T5987] usb 3-1: config 0 descriptor?? [ 167.283696][ T7538] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 167.331502][ T5987] usb 3-1: Firmware: major: 84, minor: 103, hardware type: UNKNOWN (73) [ 167.550237][ T5987] usb 3-1: Read permanent extended address 52:39:35:8d:79:3e:bf:c5 from device [ 167.577401][ T5987] usb 3-1: atusb_probe: initialization failed, error = -524 [ 167.601230][ T5987] atusb 3-1:0.128: probe with driver atusb failed with error -524 [ 167.765087][ T10] usb 3-1: USB disconnect, device number 13 [ 167.864770][ T5906] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 168.025956][ T7557] netlink: 'syz.0.582': attribute type 22 has an invalid length. [ 168.035649][ T5906] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 168.058055][ T5906] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 168.084197][ T5906] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 168.099552][ T5906] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 168.139897][ T5906] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 168.181382][ T5906] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 168.204832][ T5906] usb 6-1: Manufacturer: syz [ 168.246517][ T5906] usb 6-1: config 0 descriptor?? [ 168.706197][ T5906] appleir 0003:05AC:8243.0006: unknown main item tag 0x0 [ 168.746714][ T5906] appleir 0003:05AC:8243.0006: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0 [ 169.666091][ T7601] netlink: 156 bytes leftover after parsing attributes in process `syz.4.601'. [ 169.923544][ T7606] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.604'. [ 170.284818][ T7618] netlink: 'syz.2.610': attribute type 1 has an invalid length. [ 170.613347][ T7623] bond1: (slave vti0): The slave device specified does not support setting the MAC address [ 170.642204][ T7623] bond1: (slave vti0): Setting fail_over_mac to active for active-backup mode [ 170.656322][ T7623] bond1: (slave vti0): making interface the new active one [ 170.665276][ T7623] bond1: (slave vti0): Enslaving as an active interface with an up link [ 170.863230][ T10] usb 6-1: USB disconnect, device number 5 [ 174.143976][ T7666] kvm: kvm [7664]: vcpu0, guest rIP: 0x8000000 Unhandled WRMSR(0x4000006f) = 0x6 [ 174.919594][ T10] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 175.104216][ T10] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 175.144965][ T10] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 175.165609][ T10] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 175.178162][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 175.187558][ T10] usb 3-1: SerialNumber: syz [ 175.433089][ T10] usb 3-1: 0:2 : does not exist [ 175.450597][ T10] usb 3-1: unit 16 not found! [ 175.490443][ T10] usb 3-1: USB disconnect, device number 14 [ 175.558828][ T7027] udevd[7027]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 176.249198][ T7722] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 176.404234][ T7727] netlink: 'syz.0.650': attribute type 1 has an invalid length. [ 176.422943][ T7727] netlink: 68 bytes leftover after parsing attributes in process `syz.0.650'. [ 176.548974][ T7737] netlink: 'syz.0.654': attribute type 2 has an invalid length. [ 176.558450][ T7737] netlink: 16 bytes leftover after parsing attributes in process `syz.0.654'. [ 176.726774][ T7744] netlink: 8 bytes leftover after parsing attributes in process `syz.4.656'. [ 176.760684][ T7744] netlink: 8 bytes leftover after parsing attributes in process `syz.4.656'. [ 177.709578][ T24] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 177.873226][ T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 177.916651][ T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 177.949379][ T24] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 177.979491][ T24] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 178.009581][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.029433][ T24] usb 6-1: config 0 descriptor?? [ 178.482441][ T24] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 179.449393][ T5987] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 179.611358][ T5987] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 179.622906][ T5987] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 179.633457][ T5987] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.646575][ T5987] usb 5-1: config 0 descriptor?? [ 179.881742][ T5987] usbhid 5-1:0.0: can't add hid device: -71 [ 179.904112][ T5987] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 179.934075][ T5987] usb 5-1: USB disconnect, device number 10 [ 180.153964][ T5928] usb 6-1: USB disconnect, device number 6 [ 180.431367][ T5987] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 180.601431][ T5987] usb 5-1: Using ep0 maxpacket: 16 [ 180.618023][ T5987] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 180.657292][ T5987] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 180.683892][ T5987] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.707420][ T5987] usb 5-1: config 0 descriptor?? [ 181.248188][ T5987] mcp2221 0003:04D8:00DD.0008: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0 [ 181.434680][ C0] ================================================================== [ 181.442811][ C0] BUG: KASAN: slab-out-of-bounds in mcp2221_raw_event+0x106a/0x1240 [ 181.450841][ C0] Read of size 1 at addr ffff8880591c7fff by task kworker/0:6/5987 [ 181.458766][ C0] [ 181.461151][ C0] CPU: 0 UID: 0 PID: 5987 Comm: kworker/0:6 Not tainted syzkaller #0 PREEMPT(full) [ 181.461181][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 181.461197][ C0] Workqueue: usb_hub_wq hub_event [ 181.461243][ C0] Call Trace: [ 181.461256][ C0] [ 181.461265][ C0] dump_stack_lvl+0x189/0x250 [ 181.461297][ C0] ? __kasan_check_byte+0x12/0x40 [ 181.461329][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 181.461357][ C0] ? lock_release+0x4b/0x3e0 [ 181.461384][ C0] ? __virt_addr_valid+0x4a5/0x5c0 [ 181.461427][ C0] print_report+0xca/0x240 [ 181.461453][ C0] ? mcp2221_raw_event+0x106a/0x1240 [ 181.461481][ C0] kasan_report+0x118/0x150 [ 181.461512][ C0] ? mcp2221_raw_event+0x106a/0x1240 [ 181.461543][ C0] mcp2221_raw_event+0x106a/0x1240 [ 181.461571][ C0] ? down_trylock+0x50/0xb0 [ 181.461598][ C0] hid_input_report+0x407/0x520 [ 181.461622][ C0] ? __pfx_mcp2221_raw_event+0x10/0x10 [ 181.461651][ C0] hid_irq_in+0x47e/0x6d0 [ 181.461681][ C0] __usb_hcd_giveback_urb+0x376/0x540 [ 181.461705][ C0] dummy_timer+0x862/0x4550 [ 181.461769][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 181.461804][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 181.461836][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 181.461869][ C0] __hrtimer_run_queues+0x529/0xc60 [ 181.461905][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 181.461930][ C0] ? read_tsc+0x9/0x20 [ 181.461951][ C0] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 181.461981][ C0] hrtimer_run_softirq+0x187/0x2b0 [ 181.462009][ C0] handle_softirqs+0x283/0x870 [ 181.462035][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 181.462061][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 181.462087][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 181.462118][ C0] __irq_exit_rcu+0xca/0x1f0 [ 181.462141][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 181.462169][ C0] irq_exit_rcu+0x9/0x30 [ 181.462191][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 181.462227][ C0] [ 181.462234][ C0] [ 181.462244][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 181.462269][ C0] RIP: 0010:lock_acquire+0x175/0x360 [ 181.462291][ C0] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 eb bf ae 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e [ 181.462309][ C0] RSP: 0018:ffffc900047865e0 EFLAGS: 00000206 [ 181.462331][ C0] RAX: c5e71bf9c36f1000 RBX: 0000000000000000 RCX: c5e71bf9c36f1000 [ 181.462349][ C0] RDX: ffffffff92fc8f00 RSI: ffffffff8d71ebcb RDI: ffffffff8b9ec2e0 [ 181.462366][ C0] RBP: ffffffff84c0dbc4 R08: 0000000000000008 R09: ffffffff957a35e0 [ 181.462382][ C0] R10: 00000000769c5311 R11: 000000006a46b7c3 R12: 0000000000000000 [ 181.462397][ C0] R13: ffffffff8e486e28 R14: 0000000000000001 R15: 0000000000000246 [ 181.462426][ C0] ? gpiochip_add_data_with_key+0x594/0x13b0 [ 181.462472][ C0] ? hid_add_device+0x398/0x540 [ 181.462499][ C0] ? usb_probe_interface+0x668/0xc30 [ 181.462533][ C0] ? __driver_probe_device+0x18c/0x2f0 [ 181.462566][ C0] __mutex_lock+0x187/0x1350 [ 181.462588][ C0] ? gpiochip_add_data_with_key+0x594/0x13b0 [ 181.462623][ C0] ? __device_attach_driver+0x2ce/0x530 [ 181.462652][ C0] ? bus_for_each_drv+0x24e/0x2e0 [ 181.462672][ C0] ? bus_probe_device+0x185/0x260 [ 181.462699][ C0] ? device_add+0x7b6/0xb50 [ 181.462722][ C0] ? usb_new_device+0xa39/0x16f0 [ 181.462747][ C0] ? hub_event+0x2958/0x4a20 [ 181.462776][ C0] ? process_scheduled_works+0xade/0x17b0 [ 181.462801][ C0] ? worker_thread+0x8a0/0xda0 [ 181.462825][ C0] ? kthread+0x711/0x8a0 [ 181.462853][ C0] ? ret_from_fork+0x436/0x7d0 [ 181.462875][ C0] ? ret_from_fork_asm+0x1a/0x30 [ 181.462909][ C0] ? gpiochip_add_data_with_key+0x594/0x13b0 [ 181.462946][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 181.462973][ C0] ? rcu_is_watching+0x15/0xb0 [ 181.463000][ C0] ? trace_kmalloc+0x1f/0xd0 [ 181.463026][ C0] ? gpiochip_add_data_with_key+0x44e/0x13b0 [ 181.463063][ C0] gpiochip_add_data_with_key+0x594/0x13b0 [ 181.463099][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 181.463135][ C0] ? devres_log+0x11e/0x330 [ 181.463169][ C0] devm_gpiochip_add_data_with_key+0x33/0xa0 [ 181.463195][ C0] mcp2221_probe+0x5da/0x880 [ 181.463223][ C0] hid_device_probe+0x39d/0x710 [ 181.463251][ C0] ? driver_sysfs_add+0x1fe/0x210 [ 181.463280][ C0] ? __pfx_hid_device_probe+0x10/0x10 [ 181.463303][ C0] really_probe+0x26d/0x9e0 [ 181.463335][ C0] __driver_probe_device+0x18c/0x2f0 [ 181.463365][ C0] driver_probe_device+0x4f/0x430 [ 181.463397][ C0] __device_attach_driver+0x2ce/0x530 [ 181.463442][ C0] bus_for_each_drv+0x24e/0x2e0 [ 181.463463][ C0] ? __pfx___device_attach_driver+0x10/0x10 [ 181.463491][ C0] ? __pfx_bus_for_each_drv+0x10/0x10 [ 181.463510][ C0] ? __lock_acquire+0xab9/0xd20 [ 181.463535][ C0] __device_attach+0x2b8/0x400 [ 181.463566][ C0] ? __pfx___device_attach+0x10/0x10 [ 181.463594][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 181.463626][ C0] bus_probe_device+0x185/0x260 [ 181.463648][ C0] device_add+0x7b6/0xb50 [ 181.463673][ C0] hid_add_device+0x398/0x540 [ 181.463700][ C0] usbhid_probe+0xe13/0x12a0 [ 181.463736][ C0] usb_probe_interface+0x668/0xc30 [ 181.463774][ C0] ? __pfx_usb_probe_interface+0x10/0x10 [ 181.463805][ C0] really_probe+0x26d/0x9e0 [ 181.463836][ C0] __driver_probe_device+0x18c/0x2f0 [ 181.463865][ C0] driver_probe_device+0x4f/0x430 [ 181.463894][ C0] __device_attach_driver+0x2ce/0x530 [ 181.463923][ C0] bus_for_each_drv+0x24e/0x2e0 [ 181.463943][ C0] ? __pfx___device_attach_driver+0x10/0x10 [ 181.463972][ C0] ? __pfx_bus_for_each_drv+0x10/0x10 [ 181.463997][ C0] __device_attach+0x2b8/0x400 [ 181.464023][ C0] ? __pfx___device_attach+0x10/0x10 [ 181.464050][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 181.464082][ C0] bus_probe_device+0x185/0x260 [ 181.464103][ C0] device_add+0x7b6/0xb50 [ 181.464141][ C0] usb_set_configuration+0x1a87/0x20e0 [ 181.464185][ C0] usb_generic_driver_probe+0x8d/0x150 [ 181.464215][ C0] usb_probe_device+0x1c4/0x390 [ 181.464248][ C0] ? __pfx_usb_probe_device+0x10/0x10 [ 181.464278][ C0] really_probe+0x26d/0x9e0 [ 181.464307][ C0] __driver_probe_device+0x18c/0x2f0 [ 181.464334][ C0] driver_probe_device+0x4f/0x430 [ 181.464363][ C0] __device_attach_driver+0x2ce/0x530 [ 181.464394][ C0] bus_for_each_drv+0x24e/0x2e0 [ 181.464423][ C0] ? __pfx___device_attach_driver+0x10/0x10 [ 181.464451][ C0] ? __pfx_bus_for_each_drv+0x10/0x10 [ 181.464476][ C0] __device_attach+0x2b8/0x400 [ 181.464503][ C0] ? __pfx___device_attach+0x10/0x10 [ 181.464533][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 181.464565][ C0] bus_probe_device+0x185/0x260 [ 181.464597][ C0] device_add+0x7b6/0xb50 [ 181.464623][ C0] usb_new_device+0xa39/0x16f0 [ 181.464656][ C0] ? __pfx_usb_new_device+0x10/0x10 [ 181.464682][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 181.464715][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 181.464738][ C0] hub_event+0x2958/0x4a20 [ 181.464794][ C0] ? __pfx_hub_event+0x10/0x10 [ 181.464823][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 181.464851][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 181.464890][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 181.464914][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 181.464938][ C0] process_scheduled_works+0xade/0x17b0 [ 181.464977][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 181.465009][ C0] worker_thread+0x8a0/0xda0 [ 181.465036][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 181.465071][ C0] ? __kthread_parkme+0x7b/0x200 [ 181.465100][ C0] kthread+0x711/0x8a0 [ 181.465131][ C0] ? __pfx_worker_thread+0x10/0x10 [ 181.465155][ C0] ? __pfx_kthread+0x10/0x10 [ 181.465183][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 181.465215][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 181.465234][ C0] ? __pfx_kthread+0x10/0x10 [ 181.465263][ C0] ret_from_fork+0x436/0x7d0 [ 181.465289][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 181.465316][ C0] ? __switch_to_asm+0x39/0x70 [ 181.465346][ C0] ? __switch_to_asm+0x33/0x70 [ 181.465376][ C0] ? __pfx_kthread+0x10/0x10 [ 181.465420][ C0] ret_from_fork_asm+0x1a/0x30 [ 181.465459][ C0] [ 181.465475][ C0] [ 182.261693][ C0] The buggy address belongs to the object at ffff8880591c7c80 [ 182.261693][ C0] which belongs to the cache userfaultfd_ctx_cache of size 560 [ 182.276629][ C0] The buggy address is located 335 bytes to the right of [ 182.276629][ C0] allocated 560-byte region [ffff8880591c7c80, ffff8880591c7eb0) [ 182.291297][ C0] [ 182.293642][ C0] The buggy address belongs to the physical page: [ 182.300062][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880591c4000 pfn:0x591c4 [ 182.310130][ C0] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 182.318640][ C0] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 182.326196][ C0] page_type: f5(slab) [ 182.330188][ C0] raw: 00fff00000000040 ffff888145296140 dead000000000122 0000000000000000 [ 182.338774][ C0] raw: ffff8880591c4000 0000000080170016 00000000f5000000 0000000000000000 [ 182.347380][ C0] head: 00fff00000000040 ffff888145296140 dead000000000122 0000000000000000 [ 182.356094][ C0] head: ffff8880591c4000 0000000080170016 00000000f5000000 0000000000000000 [ 182.364770][ C0] head: 00fff00000000002 ffffea0001647101 00000000ffffffff 00000000ffffffff [ 182.373461][ C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 182.382134][ C0] page dumped because: kasan: bad access detected [ 182.388568][ C0] page_owner tracks the page as allocated [ 182.394290][ C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6282, tgid 6280 (syz.3.117), ts 112463776421, free_ts 112169208808 [ 182.415585][ C0] post_alloc_hook+0x240/0x2a0 [ 182.420465][ C0] get_page_from_freelist+0x21e4/0x22c0 [ 182.426024][ C0] __alloc_frozen_pages_noprof+0x181/0x370 [ 182.431845][ C0] alloc_pages_mpol+0x232/0x4a0 [ 182.436705][ C0] allocate_slab+0x8a/0x370 [ 182.441212][ C0] ___slab_alloc+0xbeb/0x1420 [ 182.445901][ C0] kmem_cache_alloc_noprof+0x283/0x3c0 [ 182.451386][ C0] new_userfaultfd+0x8b/0x390 [ 182.456076][ C0] __ia32_sys_userfaultfd+0x81/0xa0 [ 182.461285][ C0] __do_fast_syscall_32+0xb6/0x2b0 [ 182.466410][ C0] do_fast_syscall_32+0x34/0x80 [ 182.471266][ C0] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 182.477614][ C0] page last free pid 6270 tgid 6270 stack trace: [ 182.483942][ C0] __free_frozen_pages+0xbc4/0xd30 [ 182.489069][ C0] stack_depot_save_flags+0x436/0x860 [ 182.494474][ C0] kasan_save_track+0x4f/0x80 [ 182.499160][ C0] __kasan_kmalloc+0x93/0xb0 [ 182.503757][ C0] __kmalloc_cache_noprof+0x230/0x3d0 [ 182.509139][ C0] tipc_topsrv_queue_evt+0xef/0x2d0 [ 182.514342][ C0] tipc_sub_report_overlap+0x4bd/0x8b0 [ 182.519815][ C0] tipc_nametbl_remove_publ+0xc86/0x1b60 [ 182.525473][ C0] tipc_nametbl_withdraw+0x8d/0x280 [ 182.530682][ C0] tipc_release+0x770/0x2190 [ 182.535287][ C0] sock_close+0xc0/0x240 [ 182.539560][ C0] __fput+0x44c/0xa70 [ 182.543553][ C0] task_work_run+0x1d1/0x260 [ 182.548186][ C0] exit_to_user_mode_loop+0xe9/0x110 [ 182.553510][ C0] __do_fast_syscall_32+0x1f4/0x2b0 [ 182.558739][ C0] do_fast_syscall_32+0x34/0x80 [ 182.563613][ C0] [ 182.565970][ C0] Memory state around the buggy address: [ 182.571603][ C0] ffff8880591c7e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 182.579667][ C0] ffff8880591c7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 182.587742][ C0] >ffff8880591c7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 182.595801][ C0] ^ [ 182.603804][ C0] ffff8880591c8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 182.611872][ C0] ffff8880591c8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 182.619939][ C0] ================================================================== [ 182.628027][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 182.635237][ C0] CPU: 0 UID: 0 PID: 5987 Comm: kworker/0:6 Not tainted syzkaller #0 PREEMPT(full) [ 182.644628][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 182.654695][ C0] Workqueue: usb_hub_wq hub_event [ 182.659756][ C0] Call Trace: [ 182.663043][ C0] [ 182.665891][ C0] dump_stack_lvl+0x99/0x250 [ 182.670504][ C0] ? __asan_memcpy+0x40/0x70 [ 182.675111][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 182.680379][ C0] ? __pfx__printk+0x10/0x10 [ 182.685005][ C0] vpanic+0x281/0x750 [ 182.689044][ C0] ? __pfx_print_hex_dump+0x10/0x10 [ 182.694276][ C0] ? __pfx_vpanic+0x10/0x10 [ 182.698814][ C0] panic+0xb9/0xc0 [ 182.702568][ C0] ? __pfx_panic+0x10/0x10 [ 182.707007][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 182.712929][ C0] ? mcp2221_raw_event+0x106a/0x1240 [ 182.718237][ C0] check_panic_on_warn+0x89/0xb0 [ 182.723218][ C0] ? mcp2221_raw_event+0x106a/0x1240 [ 182.728538][ C0] end_report+0x78/0x160 [ 182.732797][ C0] kasan_report+0x129/0x150 [ 182.737317][ C0] ? mcp2221_raw_event+0x106a/0x1240 [ 182.742620][ C0] mcp2221_raw_event+0x106a/0x1240 [ 182.747750][ C0] ? down_trylock+0x50/0xb0 [ 182.752266][ C0] hid_input_report+0x407/0x520 [ 182.757127][ C0] ? __pfx_mcp2221_raw_event+0x10/0x10 [ 182.762599][ C0] hid_irq_in+0x47e/0x6d0 [ 182.766946][ C0] __usb_hcd_giveback_urb+0x376/0x540 [ 182.772329][ C0] dummy_timer+0x862/0x4550 [ 182.776873][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 182.781826][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 182.786779][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 182.791736][ C0] __hrtimer_run_queues+0x529/0xc60 [ 182.796955][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 182.802681][ C0] ? read_tsc+0x9/0x20 [ 182.806761][ C0] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 182.812577][ C0] hrtimer_run_softirq+0x187/0x2b0 [ 182.817704][ C0] handle_softirqs+0x283/0x870 [ 182.822482][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 182.827263][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 182.832654][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 182.837885][ C0] __irq_exit_rcu+0xca/0x1f0 [ 182.842488][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 182.847706][ C0] irq_exit_rcu+0x9/0x30 [ 182.852043][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 182.857700][ C0] [ 182.860636][ C0] [ 182.863574][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 182.869908][ C0] RIP: 0010:lock_acquire+0x175/0x360 [ 182.875198][ C0] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 eb bf ae 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e [ 182.894810][ C0] RSP: 0018:ffffc900047865e0 EFLAGS: 00000206 [ 182.900889][ C0] RAX: c5e71bf9c36f1000 RBX: 0000000000000000 RCX: c5e71bf9c36f1000 [ 182.908863][ C0] RDX: ffffffff92fc8f00 RSI: ffffffff8d71ebcb RDI: ffffffff8b9ec2e0 [ 182.916844][ C0] RBP: ffffffff84c0dbc4 R08: 0000000000000008 R09: ffffffff957a35e0 [ 182.924824][ C0] R10: 00000000769c5311 R11: 000000006a46b7c3 R12: 0000000000000000 [ 182.932803][ C0] R13: ffffffff8e486e28 R14: 0000000000000001 R15: 0000000000000246 [ 182.940788][ C0] ? gpiochip_add_data_with_key+0x594/0x13b0 [ 182.946800][ C0] ? hid_add_device+0x398/0x540 [ 182.951663][ C0] ? usb_probe_interface+0x668/0xc30 [ 182.956968][ C0] ? __driver_probe_device+0x18c/0x2f0 [ 182.962439][ C0] __mutex_lock+0x187/0x1350 [ 182.967035][ C0] ? gpiochip_add_data_with_key+0x594/0x13b0 [ 182.973030][ C0] ? __device_attach_driver+0x2ce/0x530 [ 182.978615][ C0] ? bus_for_each_drv+0x24e/0x2e0 [ 182.983646][ C0] ? bus_probe_device+0x185/0x260 [ 182.988675][ C0] ? device_add+0x7b6/0xb50 [ 182.993191][ C0] ? usb_new_device+0xa39/0x16f0 [ 182.998165][ C0] ? hub_event+0x2958/0x4a20 [ 183.002850][ C0] ? process_scheduled_works+0xade/0x17b0 [ 183.008672][ C0] ? worker_thread+0x8a0/0xda0 [ 183.013442][ C0] ? kthread+0x711/0x8a0 [ 183.017787][ C0] ? ret_from_fork+0x436/0x7d0 [ 183.023078][ C0] ? ret_from_fork_asm+0x1a/0x30 [ 183.028032][ C0] ? gpiochip_add_data_with_key+0x594/0x13b0 [ 183.034120][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 183.039155][ C0] ? rcu_is_watching+0x15/0xb0 [ 183.043933][ C0] ? trace_kmalloc+0x1f/0xd0 [ 183.048541][ C0] ? gpiochip_add_data_with_key+0x44e/0x13b0 [ 183.054547][ C0] gpiochip_add_data_with_key+0x594/0x13b0 [ 183.060390][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 183.066746][ C0] ? devres_log+0x11e/0x330 [ 183.071285][ C0] devm_gpiochip_add_data_with_key+0x33/0xa0 [ 183.077282][ C0] mcp2221_probe+0x5da/0x880 [ 183.081889][ C0] hid_device_probe+0x39d/0x710 [ 183.086750][ C0] ? driver_sysfs_add+0x1fe/0x210 [ 183.091784][ C0] ? __pfx_hid_device_probe+0x10/0x10 [ 183.097163][ C0] really_probe+0x26d/0x9e0 [ 183.101679][ C0] __driver_probe_device+0x18c/0x2f0 [ 183.106980][ C0] driver_probe_device+0x4f/0x430 [ 183.112025][ C0] __device_attach_driver+0x2ce/0x530 [ 183.117409][ C0] bus_for_each_drv+0x24e/0x2e0 [ 183.122269][ C0] ? __pfx___device_attach_driver+0x10/0x10 [ 183.128190][ C0] ? __pfx_bus_for_each_drv+0x10/0x10 [ 183.133573][ C0] ? __lock_acquire+0xab9/0xd20 [ 183.138445][ C0] __device_attach+0x2b8/0x400 [ 183.143226][ C0] ? __pfx___device_attach+0x10/0x10 [ 183.148528][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 183.153833][ C0] bus_probe_device+0x185/0x260 [ 183.158695][ C0] device_add+0x7b6/0xb50 [ 183.163030][ C0] hid_add_device+0x398/0x540 [ 183.167719][ C0] usbhid_probe+0xe13/0x12a0 [ 183.172338][ C0] usb_probe_interface+0x668/0xc30 [ 183.177481][ C0] ? __pfx_usb_probe_interface+0x10/0x10 [ 183.183130][ C0] really_probe+0x26d/0x9e0 [ 183.187653][ C0] __driver_probe_device+0x18c/0x2f0 [ 183.192951][ C0] driver_probe_device+0x4f/0x430 [ 183.197987][ C0] __device_attach_driver+0x2ce/0x530 [ 183.203373][ C0] bus_for_each_drv+0x24e/0x2e0 [ 183.208237][ C0] ? __pfx___device_attach_driver+0x10/0x10 [ 183.214140][ C0] ? __pfx_bus_for_each_drv+0x10/0x10 [ 183.219521][ C0] __device_attach+0x2b8/0x400 [ 183.224302][ C0] ? __pfx___device_attach+0x10/0x10 [ 183.229606][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 183.234842][ C0] bus_probe_device+0x185/0x260 [ 183.239705][ C0] device_add+0x7b6/0xb50 [ 183.244046][ C0] usb_set_configuration+0x1a87/0x20e0 [ 183.249532][ C0] usb_generic_driver_probe+0x8d/0x150 [ 183.255007][ C0] usb_probe_device+0x1c4/0x390 [ 183.259873][ C0] ? __pfx_usb_probe_device+0x10/0x10 [ 183.265256][ C0] really_probe+0x26d/0x9e0 [ 183.269771][ C0] __driver_probe_device+0x18c/0x2f0 [ 183.275069][ C0] driver_probe_device+0x4f/0x430 [ 183.280104][ C0] __device_attach_driver+0x2ce/0x530 [ 183.285501][ C0] bus_for_each_drv+0x24e/0x2e0 [ 183.290369][ C0] ? __pfx___device_attach_driver+0x10/0x10 [ 183.296275][ C0] ? __pfx_bus_for_each_drv+0x10/0x10 [ 183.301747][ C0] __device_attach+0x2b8/0x400 [ 183.306527][ C0] ? __pfx___device_attach+0x10/0x10 [ 183.311846][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 183.317065][ C0] bus_probe_device+0x185/0x260 [ 183.321924][ C0] device_add+0x7b6/0xb50 [ 183.326264][ C0] usb_new_device+0xa39/0x16f0 [ 183.331050][ C0] ? __pfx_usb_new_device+0x10/0x10 [ 183.336272][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 183.341497][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 183.346706][ C0] hub_event+0x2958/0x4a20 [ 183.351156][ C0] ? __pfx_hub_event+0x10/0x10 [ 183.355931][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 183.361663][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 183.366874][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 183.372599][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 183.378344][ C0] process_scheduled_works+0xade/0x17b0 [ 183.383935][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 183.389954][ C0] worker_thread+0x8a0/0xda0 [ 183.394573][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 183.400946][ C0] ? __kthread_parkme+0x7b/0x200 [ 183.405901][ C0] kthread+0x711/0x8a0 [ 183.409990][ C0] ? __pfx_worker_thread+0x10/0x10 [ 183.415114][ C0] ? __pfx_kthread+0x10/0x10 [ 183.419718][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 183.424931][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 183.430322][ C0] ? __pfx_kthread+0x10/0x10 [ 183.435359][ C0] ret_from_fork+0x436/0x7d0 [ 183.439966][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 183.445103][ C0] ? __switch_to_asm+0x39/0x70 [ 183.449894][ C0] ? __switch_to_asm+0x33/0x70 [ 183.454698][ C0] ? __pfx_kthread+0x10/0x10 [ 183.459326][ C0] ret_from_fork_asm+0x1a/0x30 [ 183.464142][ C0] [ 183.467982][ C0] Kernel Offset: disabled [ 183.472320][ C0] Rebooting in 86400 seconds..