last executing test programs: 1m31.973181204s ago: executing program 2 (id=2095): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000240)={0x0, 0x11, 0x1, "a4"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) 1m28.866008675s ago: executing program 2 (id=2117): setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0xe501, 0x3, 0x458, 0x320, 0x6affffff, 0x3403000b, 0x320, 0x7, 0x3f8, 0x230, 0x230, 0x3f8, 0x223, 0x3, 0x0, {[{{@ip={@remote, @local, 0x0, 0x0, 'veth1_macvtap\x00', 'veth1_to_team\x00', {}, {}, 0x6c}, 0x0, 0x2a0, 0x2e8, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x1, [{0x6}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x40000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0xffff}, {}, {}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x5}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x2}, {}, {}, {}, {}, {}, {}, {}, {0x1000}]}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x2, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x558ac59, 'syz0\x00', 'syz1\x00', {0x5}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x4b8) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x1, 0xf000, 0x0, 0x2400c042}, 0x4040020) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000e0ff00000000000000bd0000000000000000000000e4ec010000000040000000000000000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000067ff0000000000000005"], 0x310) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000640)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff01000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011000000000000000000000000000000000000000000000000000000000000000000fdff000000008100000000000000000000000000000000e1ff0000000001"], 0x110) 1m28.726565644s ago: executing program 2 (id=2118): r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r1, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x20) r2 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r2, &(0x7f00000024c0)={0xa, 0x7, 0x0, @loopback, 0x8, 0x2}, 0x20) close_range(r0, 0xffffffffffffffff, 0x0) 1m28.544954603s ago: executing program 2 (id=2119): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000400)='./file0/file0\x00', &(0x7f0000000380)='./file0\x00', 0x0, 0x3125899, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x202) 1m28.440078598s ago: executing program 2 (id=2120): mount(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 1m28.220921503s ago: executing program 2 (id=2122): r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_udp_encap(r1, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4) syz_emit_ethernet(0x86, &(0x7f0000000240)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x3c, 0x78, 0x0, 0x0, 0xfc, 0x11, 0x0, @empty, @broadcast}, {0x0, 0x4e20, 0x64, 0x0, @wg=@response={0x2, 0x2, 0x0, "6b23c14dda246395dbe408a8260b0bd1305264cae3e56f52c890f03e803167f3", "489aa050cadfa199cc70b6068be89e94", {"fadaccd5e1d979c03653f66fe6898e52", "7e48c77864e4817fa2bcd4e8ef80c296"}}}}}}}, 0x0) 1m27.92828742s ago: executing program 32 (id=2122): r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_udp_encap(r1, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4) syz_emit_ethernet(0x86, &(0x7f0000000240)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x3c, 0x78, 0x0, 0x0, 0xfc, 0x11, 0x0, @empty, @broadcast}, {0x0, 0x4e20, 0x64, 0x0, @wg=@response={0x2, 0x2, 0x0, "6b23c14dda246395dbe408a8260b0bd1305264cae3e56f52c890f03e803167f3", "489aa050cadfa199cc70b6068be89e94", {"fadaccd5e1d979c03653f66fe6898e52", "7e48c77864e4817fa2bcd4e8ef80c296"}}}}}}}, 0x0) 4.180916012s ago: executing program 4 (id=3091): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 3.980238073s ago: executing program 4 (id=3096): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x1, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3a66505}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000c40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000100)={{0x1, 0x1}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r2, 0x40505412, &(0x7f00000005c0)={0x4, 0x8, 0x7f, 0x0, 0xd}) 3.759990301s ago: executing program 4 (id=3101): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x8000001c) r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r1, 0x402, 0x1a) r2 = open(&(0x7f0000000100)='./file1\x00', 0x141242, 0x1b4) write$tcp_mem(r2, &(0x7f00000002c0)={0x101, 0x20, 0x17fffffff, 0x20, 0xfffffffffffffff9}, 0x48) 3.619202047s ago: executing program 4 (id=3105): r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000140)={{0x12, 0x1, 0x150, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6, 0x24, 0x1a, 0x0, 0x8}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x0, 0x0, 0x20}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000000c0)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x0, 0x0, 0xffd, 0xa, 0x4000, 0x0, 0xfffc, 0x0, 0x804, 0x0, 0x5, 0x7}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000d40)={0x2c, 0x0, &(0x7f0000000bc0)={0x0, 0x3, 0xb, @string={0xb, 0x3, "9d739517e9f7a89636"}}, 0x0, 0x0, 0x0}, 0x0) 3.588709491s ago: executing program 1 (id=3106): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty, 0xffffffff}, 0x1c) 3.49503519s ago: executing program 1 (id=3109): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x2409c8c5, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) sendto$inet6(r0, &(0x7f0000000e80)="0d0ad7c36d6617110e434332d6ac582208222cfb7c37ce1148f448455bc37f5f70c92774dcb201629979039d7c8943b207e5bdf9ab8eed9ace110469c51f4f211dd9fad815eb5b273ac04e1edc679bcdf0a0d24482de5454be9003cb80714a95e136bb704ee58e707d1e69b3c3a1c2c37f9c0402e14abdeb32086a49aff25e5c0f0131d59b4783316b9fa2c71c51ce76942d5f519145c9e3bf0d4182b4a62970b2ce81d35a7afc8384b387b8e21f2051d90d92323a710cabe5275d335b64453e759251a140de480541d8dd7662a14296a59eba99b95bfdf5b22992c323865b471d13ad79867e2692fd4eece299a81e2b33336b6801f51c2ae8d73e4df90c9bd70cd535b72cbdf67754acdc44b3780450308d9c5527c3314eb7b2cc38b61e96403a30a8ba0c8a357aa04d3c62bc51bcf55cf214f44a909b29c30c18c3a43c86472612086664a80f2aa8490e58352732acb96eb46deab42895d1957a6029ad86e7a5ced6bde89c158aaee721954beeebe5973059007f7dd5459029af6d3f1d73d35f07d19b7cedfc80d1d7ef37f8b113f564afd0f093202929fef43e788619ca522c7f679dd2f27949d879b4dab46581a0e054b4ed1db37e43f528748b56ec5a54b7af198d4ae551046f7814fe3a5cbc1cc7cb6655fc198939b049f3c02443148c588e34d6ebef81096b4e48f468016d2bde0828664c0874d71e2d88b3bc04079d4a504255a83c3f07a4f1c3e5a4c66f55f36e51e344392487c8299d8d1bfb568780c0d57df48990cb5d6b35c3f7445f80312186d8598faf61072d4eefc961fb5a7e72b971c8f94a8346effd27362cee8d72a98b55e317de280d2d63ee83ca7140b7913122d402c536d914c8510c81d08f0ad1c952f5b7ad5e7ef72d7c58cb4d5bafbea535b381df6ebe94c62cf782cf7ab81c017c296a88ca91d641b45748d230cf5e87e5dbee4764ea4d131ae022e6bbf3ffc3ea7b264737d9db44354bfffa63d79bc403d3ac23fb615edc382d18b0daf1bbb2fbd708d1830ddac1c3f098b8cb1ef9a0019d804bf5d953110f12f3b9a8b9b7e0c61cb5d34116add1fc9a92721ffa5fdc83e1488cf88aa6e56ad2dd55e0aadd827cc7b4e7242f01241f49e905e5e7451092c28c3f6560a6a0002e5d91fc253a5a8fd8f27e42f4f02f5849528b7d93df9b0c568022acaff410e797e88d2f8eeadbba66e423335b843df734d203fa62a861b712da8f33d5ea721767871aa2cd53e659e505507de9a54d7e6fa3c20bbfb28cd6dd2b314dabbb59e9ce15c0a94ec3b3efc54eaaa27bd7576a687dcaf58dc182662539943014a02e76dc89f48c9f83cc7199038418f965ad3dc866098b89cabcac8691b0f51ffb71902337e49293309c4480a8f1b32411cc1b55a0ec0fe2c2572fe9d488a25bfc12ba74048e1d7beee93321c7aa49ea17cb9728dc46e5272154b3b995feacbacb8885621b335274af4df9365f8c8121ff323b572d320c8fc46acd6218b9579d43005e7b0506ccb14d9a0dac4cc6efaf5366c44342eaea8b5a11457f5afbea913ce4975ab67e6a85bc46e714ca5741da38a7cceb9e85d77fd03f83f7a5ecc7241e69e2bda327f769b48ba5f13662585c72778d12bd0e9a62a3d0dbe376d1aee81e6845c2cf23f42c458ae5668c8d387bf9ab224bc9703f1c08347be810d2f19278fe8d97560b3c9f1816667d0461a25e778eb1404dcaac1ed0a6a0745f3a5d2dc1b6babf98f5135d531cb26334ef2fec4c78c95b7193935139664fc65f17b047eb3dc39e251ba52ce33f8099719f1a789db1690347355e7b02d4c522692b9597fd31abb90f973ae4eb0bd0d900cdd887ff01d4845d7f0aee39b220a65a5aeee0fd386054070723c841c042d5339cc6325f07f0f733d124c6524f388ef7419f42c06278b8fceaa3a16b202dfb539b129762397e29cdd679ca6240272fa0c3e2e8c0a27aaa407f30b4024d0638dfca1bc9483db3ccc2880f", 0x5c6, 0x6d91fb6102d8910c, 0x0, 0xfffffffffffffe38) sendto$inet6(r0, 0x0, 0x0, 0x40000, 0x0, 0x0) recvfrom(r0, &(0x7f0000001a80)=""/4063, 0xfdf, 0x0, 0x0, 0x0) 3.447918601s ago: executing program 3 (id=3110): syz_emit_ethernet(0xae, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6000021000783afdfe8000000000000000000000000000bbff020000000000000000b4c70000000000009078000000000000000000000000180b00d414ce8ad4000aa78ce54006598080a8030037004023493b87aafaffffffffffffff23"], 0x0) r0 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0) syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000140)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc38, &(0x7f0000000080)=ANY=[]) memfd_create(0x0, 0x2) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) 3.400593496s ago: executing program 1 (id=3112): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x7, @remote, 0x5}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000a00)=[{{&(0x7f0000000140)={0xa, 0xfffc, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c, &(0x7f0000001900)=[{&(0x7f0000000280)="ad", 0x1}], 0x1}}, {{&(0x7f00000001c0)={0xa, 0x4e20, 0x79, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3}, 0x1c, &(0x7f0000000880)=[{&(0x7f0000000200)="ec", 0x1}], 0x1}}], 0x2, 0x0) r1 = socket$netlink(0x10, 0x3, 0x4) writev(r1, &(0x7f0000000080)=[{&(0x7f0000000e40)="480000001400190d09004beafd0d36020a8447000b4e230f00004e20a2bc560119d7004f19dfb7f393d7359031033f817f00000000000000000101ff05c00e030002000000ffff01", 0x48}], 0x1) syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), r1) 3.295435293s ago: executing program 1 (id=3114): r0 = socket$kcm(0x29, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef42d430f6296b72a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed40000000022278d00031e5388ee5c867ddd58211d6ece3ccb0cd2b6d3cffd962867a3a2f624f992daa94a6a556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409e011f1264d43f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7000026a4e739c60f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf3f704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eedd9068ca1457870eb30d219e23ccc8e06dddeb61799257ab5000013c86ba99523d61a00000000c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb8629aeec90e6d1857da822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae200f279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f34a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be10ba7dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2db484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b00ffffff7f000000000801f71d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cf0d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67856ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e2b8e7370baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b09000000d31df213c802d74797056fd3bca8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221fff0f0000705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f14fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008f3a20b49fe7636806867283e35cff8d00e7b251bab3cf6377a24f8e8d4bda7503674bc94bf7f4d2fa6f25944bf0a186436d9f6831995976328a1fdc78492c65c1434855dc35c3cf7cf9610c5387794443c99b304799114132362849c3fa85d6379729ff9094933db0cfbe8887c50b87e1469fdf454cef4cbc5f7bf384000000000000a4e8c1a25f47c440144a9776be6cb40aafdb9d3cc8f6a6050974e1c4000000000000008b753f4e1bef9556efcc087a99dbf231167013a4b2eaf6338a0b100c98a331dffc09"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r2 = socket$kcm(0x2, 0x1, 0x0) sendmsg$inet(r2, &(0x7f0000000900)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000040)={r2, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000680)={r2, r1}) 2.344980391s ago: executing program 1 (id=3121): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000400)={0x1c, &(0x7f00000002c0)={0x20, 0x9, 0x4, "67c8a427"}, 0x0, 0x0}) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0) 1.453437855s ago: executing program 0 (id=3127): r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) listen(r0, 0xda90) r1 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0x2}) accept4(r0, 0x0, 0x0, 0x0) 1.392066238s ago: executing program 3 (id=3128): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="05000000050000000100000004"], 0x48) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000140)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='tlb_flush\x00', r1}, 0x10) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) 1.280583833s ago: executing program 4 (id=3130): connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x47f, @rand_addr=0x64010102}, 0x2, 0x3, 0x3, 0x3}}, 0x26) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x73, 0xfffff034}, {0x50, 0x0, 0x5, 0x2}, {0x6, 0x0, 0x2, 0xffffffff}]}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2686dd4c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 1.165018193s ago: executing program 3 (id=3131): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000000)={0xf, 0x5, 0x8}) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000140)={0x3, 0x1, 0x46}) 1.007309158s ago: executing program 5 (id=3133): r0 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0) r1 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000480)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x6, 0x2a}) ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r2, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000340)={r3, 0x0, 0x0, 0x0, 0x1, [0x0], [0x0, 0x7], [0x0, 0x80000002, 0x2], [0x0, 0x0, 0x1, 0x1]}) ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f00000000c0)={0x0, 0x8c1, 0x80, 0x20203843, 0x2, [0x2, 0x0, r4], [0x810003, 0x0, 0x7], [0x5, 0x0, 0xffffffff, 0xe], [0x2, 0x0, 0x0, 0x1]}) 787.410883ms ago: executing program 5 (id=3134): syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SHUTDOWN={0x22, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x1}) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) write$6lowpan_enable(0xffffffffffffffff, &(0x7f00000002c0)='1', 0x1) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f00000001c0)={0x400, 0x1, &(0x7f0000000340)=[r1], &(0x7f0000000040)=[0x1], &(0x7f0000000200), &(0x7f00000002c0)}) 720.990323ms ago: executing program 4 (id=3135): r0 = io_uring_setup(0x3f1, &(0x7f0000000140)={0x0, 0x0, 0x3000}) r1 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) bind$llc(r1, &(0x7f0000000080)={0x1a, 0x0, 0x0, 0x6}, 0x10) listen(r1, 0x0) accept4$x25(r1, 0x0, 0x0, 0x80800) poll(&(0x7f0000000080)=[{r0, 0x200}], 0x1, 0x6) 720.656776ms ago: executing program 3 (id=3136): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4138ae84, &(0x7f0000000c40)=@x86={0xbb, 0x7f, 0x86, 0x0, 0x7, 0x80, 0x5, 0x5, 0x2, 0xd, 0xa, 0x7e, 0x0, 0x7, 0x4b842ab3, 0x5, 0x1, 0x9, 0xd0, '\x00', 0x59, 0x80000000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 648.288129ms ago: executing program 5 (id=3137): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x1e1a00, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x2005, 0x2}) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4048aecb, &(0x7f0000000080)) 496.574433ms ago: executing program 0 (id=3138): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x3) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000002c0)={@in6={{0xa, 0x4e22, 0x80, @private1, 0x2}}, 0x0, 0x0, 0x46, 0x0, "f8290acb60351d4886fe034e840e390c34dc97a20a0ed8614a5a1f1fb54e64ea3ecfd2ca7ae337d89002aa54521c7d44cdcfe108e297042ff52849dd9323172abded95c733b50e526489dbd285bb9a55"}, 0xd8) syz_emit_ethernet(0x36, &(0x7f0000000180)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0) 392.962544ms ago: executing program 5 (id=3139): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000018c0), r1) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000000c0)={'wpan0\x00', 0x0}) sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x2c, r2, 0x1, 0x70bd2a, 0x25dfdbf7, {}, [@IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0x8}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r4}, @IEEE802154_ATTR_LLSEC_ENABLED={0x5, 0x29, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000010}, 0x4000004) 390.250285ms ago: executing program 3 (id=3140): r0 = memfd_create(&(0x7f00000008c0)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x0) ftruncate(r0, 0x80079a0) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) sendfile(r0, r0, 0x0, 0x200001) 380.507864ms ago: executing program 0 (id=3141): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c) shutdown(r0, 0x1) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={0x0}, &(0x7f00000002c0)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000380)={r2}, &(0x7f0000000400)=0x8) 322.852406ms ago: executing program 5 (id=3142): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x2) mkdir(&(0x7f0000000040)='./bus\x00', 0x149) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@userxattr}]}) r0 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00') pread64(r0, &(0x7f0000000400)=""/207, 0xcf, 0x4eb) 212.936157ms ago: executing program 0 (id=3143): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x10080, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000001c0)={r2, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x90}, 0x9c) 182.55976ms ago: executing program 0 (id=3144): r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x0, &(0x7f0000000140), 0x0, 0x4) ioctl$UFFDIO_CONTINUE(r1, 0x8010aa01, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3000000}) 181.224111ms ago: executing program 5 (id=3145): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xbd, 0x16, 0xf, 0x40, 0x8086, 0x110, 0xbfad, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xa0, 0x12, 0x24}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000002c0)={0x1c, &(0x7f00000003c0)={0x20, 0xa}, 0x0, 0x0}) 24.946976ms ago: executing program 3 (id=3146): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$inet(r1, &(0x7f0000000b80)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="cc", 0x1}], 0x1}}], 0x1, 0x24008804) accept4(r1, 0x0, 0x0, 0x800) 316.884µs ago: executing program 1 (id=3147): r0 = inotify_init() inotify_add_watch(r0, &(0x7f00000000c0)='.\x00', 0x5000009) openat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x103a42, 0x0) inotify_add_watch(r0, &(0x7f0000000340)='./file0\x00', 0x203) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r1, 0xffffffffffffffff, 0x0) 0s ago: executing program 0 (id=3148): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="000000000000000000e8ffffffffffff050000", @ANYRES32], 0x48) r0 = socket(0x200000000000011, 0x2, 0x1) bind$packet(r0, &(0x7f0000000080)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xd50, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2608004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) kernel console output (not intermixed with test programs): 927 code=0x7ffc0000 [ 189.702337][ T30] audit: type=1326 audit(1748335905.677:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8467 comm="syz.3.1059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f26e772ab39 code=0x7ffc0000 [ 189.832452][ T30] audit: type=1326 audit(1748335905.677:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8467 comm="syz.3.1059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f26e7785927 code=0x7ffc0000 [ 189.882585][ T8472] netlink: 6 bytes leftover after parsing attributes in process `syz.0.1060'. [ 189.888710][ T30] audit: type=1326 audit(1748335905.677:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8467 comm="syz.3.1059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f26e772ab39 code=0x7ffc0000 [ 189.942930][ T30] audit: type=1326 audit(1748335905.677:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8467 comm="syz.3.1059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f26e7785927 code=0x7ffc0000 [ 189.978686][ T30] audit: type=1326 audit(1748335905.677:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8467 comm="syz.3.1059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f26e772ab39 code=0x7ffc0000 [ 190.038858][ T30] audit: type=1326 audit(1748335905.677:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8467 comm="syz.3.1059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f26e7785927 code=0x7ffc0000 [ 190.066113][ T30] audit: type=1326 audit(1748335905.677:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8467 comm="syz.3.1059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f26e772ab39 code=0x7ffc0000 [ 190.165058][ T30] audit: type=1326 audit(1748335905.677:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8467 comm="syz.3.1059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f26e7785927 code=0x7ffc0000 [ 190.251934][ T30] audit: type=1326 audit(1748335905.677:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8467 comm="syz.3.1059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f26e772ab39 code=0x7ffc0000 [ 190.273438][ C1] vkms_vblank_simulate: vblank timer overrun [ 190.695082][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 191.426941][ T8510] input: syz0 as /devices/virtual/input/input16 [ 192.157326][ T5916] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 192.325147][ T5916] usb 4-1: Using ep0 maxpacket: 16 [ 192.346100][ T5916] usb 4-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 192.373154][ T5916] usb 4-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 192.399804][ T5916] usb 4-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 192.415135][ T8544] vxcan3: entered allmulticast mode [ 192.434940][ T5916] usb 4-1: config 7 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 192.474173][ T5916] usb 4-1: config 7 interface 0 has no altsetting 0 [ 192.530708][ T5916] usb 4-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 192.547995][ T5916] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 193.038519][ T5916] input: HID 0458:5010 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:7.0/0003:0458:5010.0014/input/input17 [ 193.202002][ T5916] kye 0003:0458:5010.0014: input,hiddev0,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.3-1/input0 [ 193.285393][ T5916] usb 4-1: USB disconnect, device number 15 [ 193.944242][ T8582] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 194.084748][ T5816] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 194.234727][ T5816] usb 2-1: Using ep0 maxpacket: 32 [ 194.243246][ T5816] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 194.261300][ T5816] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.281216][ T5816] usb 2-1: config 0 descriptor?? [ 194.359935][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.367534][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.494382][ T5816] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 194.513942][ T5816] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 194.534347][ T5816] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 194.542267][ T5816] usb 2-1: media controller created [ 194.588497][ T5816] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 194.651881][ T8609] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1122'. [ 194.708528][ T5816] az6027: usb out operation failed. (-71) [ 194.724364][ T5816] az6027: usb out operation failed. (-71) [ 194.739967][ T5816] stb0899_attach: Driver disabled by Kconfig [ 194.753523][ T5816] az6027: no front-end attached [ 194.753523][ T5816] [ 194.768208][ T5916] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 194.779263][ T5816] az6027: usb out operation failed. (-71) [ 194.792410][ T5816] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 194.801931][ T5816] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input18 [ 194.829524][ T5816] dvb-usb: schedule remote query interval to 400 msecs. [ 194.842603][ T5816] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 194.852921][ T5816] usb 2-1: USB disconnect, device number 12 [ 194.910814][ T5816] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 194.929062][ T5916] usb 5-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 194.947597][ T5916] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.964830][ T5916] usb 5-1: Product: syz [ 194.973060][ T5916] usb 5-1: Manufacturer: syz [ 194.977887][ T5916] usb 5-1: SerialNumber: syz [ 194.993508][ T5916] usb 5-1: config 0 descriptor?? [ 196.027655][ T5916] usb 5-1: f81604_read: reg: 100f failed: -EPROTO [ 196.047432][ T5916] usb 5-1: f81604_read: reg: 200f failed: -EPROTO [ 196.055770][ T5916] usb 5-1: USB disconnect, device number 12 [ 196.063747][ T5916] usb 5-1: f81604_read: reg: 100f failed: -ENODEV [ 196.122653][ T5916] usb 5-1: f81604_read: reg: 200f failed: -ENODEV [ 196.643964][ T8662] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1145'. [ 196.674005][ T8662] netlink: 112 bytes leftover after parsing attributes in process `syz.3.1145'. [ 196.694320][ T8662] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1145'. [ 197.095800][ T8686] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1156'. [ 197.118432][ T8686] netlink: 'syz.3.1156': attribute type 32 has an invalid length. [ 197.153341][ T8686] bond0: option coupled_control: mode dependency failed, not supported in mode balance-rr(0) [ 197.169631][ T8688] input: syz1 as /devices/virtual/input/input19 [ 198.444739][ T5916] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 198.494864][ T5816] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 198.596936][ T5916] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 198.616995][ T5916] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 198.638078][ T5916] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 198.654747][ T5816] usb 4-1: Using ep0 maxpacket: 16 [ 198.664906][ T5916] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 198.674078][ T5916] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.684470][ T5816] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 198.707636][ T5916] usb 2-1: config 0 descriptor?? [ 198.728604][ T5816] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 198.755780][ T5816] usb 4-1: config 0 interface 0 has no altsetting 0 [ 198.762474][ T5816] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 198.776643][ T5816] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.792412][ T5816] usb 4-1: config 0 descriptor?? [ 199.129492][ T5885] kernel write not supported for file /sequencer2 (pid: 5885 comm: kworker/1:6) [ 199.141833][ T5916] plantronics 0003:047F:FFFF.0015: No inputs registered, leaving [ 199.162448][ T5916] plantronics 0003:047F:FFFF.0015: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 199.239600][ T5816] hid (null): unknown global tag 0xd [ 199.247908][ T5816] hid (null): global environment stack underflow [ 199.254421][ T5816] hid (null): unknown global tag 0xd [ 199.260125][ T5816] hid (null): invalid report_size 20669 [ 199.450832][ T5916] usb 4-1: USB disconnect, device number 16 [ 200.233364][ T8778] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 201.221579][ T978] usb 2-1: USB disconnect, device number 13 [ 201.635507][ T8826] batadv_slave_0: entered promiscuous mode [ 201.665891][ T8825] batadv_slave_0: left promiscuous mode [ 202.205731][ T8847] netlink: 136 bytes leftover after parsing attributes in process `syz.3.1228'. [ 202.234718][ T8847] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 202.271028][ T8851] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 202.271028][ T8851] The task syz.1.1227 (8851) triggered the difference, watch for misbehavior. [ 202.370380][ T30] kauditd_printk_skb: 108 callbacks suppressed [ 202.370399][ T30] audit: type=1326 audit(1748335918.437:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8854 comm="syz.3.1231" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f26e778e969 code=0x0 [ 202.726439][ T8864] binder: 8863:8864 ioctl c0306201 200000000540 returned -14 [ 202.832651][ T8866] loop8: detected capacity change from 0 to 8 [ 202.843301][ T8866] Dev loop8: unable to read RDB block 8 [ 202.851770][ T8866] loop8: unable to read partition table [ 202.859595][ T8866] loop8: partition table beyond EOD, truncated [ 202.868455][ T8866] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 203.312341][ T8878] syz.1.1241 (8878) used obsolete PPPIOCDETACH ioctl [ 204.943790][ T8949] netlink: 11 bytes leftover after parsing attributes in process `syz.2.1274'. [ 205.916392][ T8984] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1290'. [ 205.946760][ T8984] netlink: 'syz.1.1290': attribute type 7 has an invalid length. [ 205.954573][ T8984] netlink: 'syz.1.1290': attribute type 8 has an invalid length. [ 205.996320][ T8984] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1290'. [ 206.041796][ T8984] gretap0: entered promiscuous mode [ 206.056095][ T8984] batadv_slave_1: entered promiscuous mode [ 206.851655][ T9021] overlayfs: failed to clone upperpath [ 206.955739][ T9027] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 207.765857][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 208.165453][ T9072] overlayfs: invalid origin (0000) [ 208.511090][ T9083] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1331'. [ 209.068613][ T9104] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1340'. [ 210.004336][ T9133] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 210.185627][ T9138] netlink: 'syz.4.1354': attribute type 10 has an invalid length. [ 210.193510][ T9138] netlink: 55 bytes leftover after parsing attributes in process `syz.4.1354'. [ 210.248510][ T9139] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 210.817252][ T9152] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1360'. [ 210.892340][ T9152] bridge0: port 3(vlan2) entered blocking state [ 210.926157][ T9152] bridge0: port 3(vlan2) entered disabled state [ 210.950090][ T9152] vlan2: entered allmulticast mode [ 210.963871][ T9152] dummy0: entered allmulticast mode [ 211.000464][ T9152] vlan2: entered promiscuous mode [ 211.022572][ T9152] dummy0: entered promiscuous mode [ 211.441851][ T9172] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1367'. [ 211.693009][ T9175] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1372'. [ 211.729548][ T9175] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1372'. [ 211.968250][ T9185] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1374'. [ 213.456923][ T978] kernel write not supported for file /snd/midiC2D0 (pid: 978 comm: kworker/0:2) [ 213.590814][ T9275] openvswitch: netlink: IPv4 tun info is not correct [ 213.810069][ T9283] netlink: 'syz.2.1419': attribute type 4 has an invalid length. [ 213.821944][ T9283] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1419'. [ 213.964195][ T9297] netlink: 'syz.2.1424': attribute type 29 has an invalid length. [ 213.997847][ T9297] netlink: 'syz.2.1424': attribute type 29 has an invalid length. [ 214.016758][ T9297] netlink: 500 bytes leftover after parsing attributes in process `syz.2.1424'. [ 214.045358][ T9297] unsupported nla_type 58 [ 214.202776][ C1] sd 0:0:1:0: [sda] tag#4612 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 214.213476][ C1] sd 0:0:1:0: [sda] tag#4612 CDB: Write(6) 0a 00 4e 23 00 00 00 00 00 00 00 00 [ 214.826033][ T9335] input: syz1 as /devices/virtual/input/input20 [ 215.155595][ T9345] input: syz0 as /devices/virtual/input/input21 [ 215.179854][ T9345] input: failed to attach handler leds to device input21, error: -6 [ 215.671167][ T9364] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1456'. [ 216.631290][ T9392] use of bytesused == 0 is deprecated and will be removed in the future, [ 216.675007][ T9392] use the actual size instead. [ 216.810177][ T9397] input: syz0 as /devices/virtual/input/input22 [ 217.079795][ T9408] loop6: detected capacity change from 0 to 63 [ 217.115001][ T9408] Buffer I/O error on dev loop6, logical block 0, lost async page write [ 217.160415][ T9408] Buffer I/O error on dev loop6, logical block 1, lost async page write [ 217.219225][ T9408] Buffer I/O error on dev loop6, logical block 2, lost async page write [ 217.254928][ T9408] Buffer I/O error on dev loop6, logical block 3, lost async page write [ 217.274859][ T9408] Buffer I/O error on dev loop6, logical block 4, lost async page write [ 217.304184][ T9414] Buffer I/O error on dev loop6, logical block 0, lost async page write [ 217.331756][ T9408] Buffer I/O error on dev loop6, logical block 5, lost async page write [ 217.350563][ T9408] Buffer I/O error on dev loop6, logical block 6, lost async page write [ 217.533017][ T9426] lo: entered promiscuous mode [ 217.549449][ T9426] lo: entered allmulticast mode [ 217.560988][ T9425] lo: left allmulticast mode [ 217.576801][ T9425] lo: left promiscuous mode [ 218.570180][ T9468] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 218.719442][ T9474] netlink: 'syz.2.1501': attribute type 10 has an invalid length. [ 219.424560][ T9514] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1519'. [ 219.574907][ T978] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 219.736738][ T978] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 219.748801][ T978] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 219.767465][ T978] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 219.789816][ T978] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 219.804306][ T978] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 219.813885][ T978] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.825270][ T978] usb 5-1: config 0 descriptor?? [ 220.263430][ T978] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 220.272430][ T978] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 220.291680][ T978] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 220.310654][ T978] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 220.319988][ T978] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 220.331088][ T978] plantronics 0003:047F:FFFF.0017: No inputs registered, leaving [ 220.362032][ T9541] Bluetooth: hci5: Frame reassembly failed (-84) [ 220.362944][ T978] plantronics 0003:047F:FFFF.0017: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 220.527177][ T24] usb 5-1: USB disconnect, device number 13 [ 221.422860][ T24] kernel write not supported for file /725/loginuid (pid: 24 comm: kworker/1:0) [ 221.994855][ T30] audit: type=1326 audit(1748335938.057:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9601 comm="syz.3.1552" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f26e778e969 code=0x0 [ 222.324746][ T5883] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 222.339135][ T9629] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 222.436110][ T5829] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 222.442623][ T5831] Bluetooth: hci5: command 0x1003 tx timeout [ 222.514880][ T5883] usb 2-1: Using ep0 maxpacket: 16 [ 222.522355][ T5883] usb 2-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 222.535888][ T5883] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.547879][ T5883] usb 2-1: config 0 descriptor?? [ 222.558342][ T5883] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 223.590808][ T978] usb 2-1: USB disconnect, device number 14 [ 224.445917][ T9724] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1597'. [ 224.491309][ T9726] netlink: 596 bytes leftover after parsing attributes in process `syz.1.1596'. [ 224.502098][ T9720] netlink: 'syz.1.1596': attribute type 29 has an invalid length. [ 224.531822][ T9725] netlink: 'syz.1.1596': attribute type 29 has an invalid length. [ 225.331349][ T9767] input: syz1 as /devices/virtual/input/input23 [ 225.560770][ T9779] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 225.571888][ T9779] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 225.694741][ T5904] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 225.859667][ T5904] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 225.872323][ T5904] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 225.884115][ T5904] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 225.898704][ T5904] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 225.912648][ T5904] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 225.924804][ T5904] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 225.938951][ T5904] usb 2-1: config 0 descriptor?? [ 226.247707][ T9788] Invalid ELF header magic: != ELF [ 226.367112][ T5904] plantronics 0003:047F:FFFF.0018: ignoring exceeding usage max [ 226.387945][ T5904] plantronics 0003:047F:FFFF.0018: No inputs registered, leaving [ 226.410110][ T5904] plantronics 0003:047F:FFFF.0018: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 227.584283][ T9828] netlink: 'syz.4.1642': attribute type 1 has an invalid length. [ 227.725934][ T9836] netlink: 'syz.4.1646': attribute type 29 has an invalid length. [ 227.764797][ T9836] netlink: 'syz.4.1646': attribute type 29 has an invalid length. [ 227.784537][ T9836] netlink: 500 bytes leftover after parsing attributes in process `syz.4.1646'. [ 228.507652][ T5883] usb 2-1: USB disconnect, device number 15 [ 228.835223][ T9] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 228.984896][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 229.003015][ T9] usb 4-1: config 0 has an invalid interface number: 29 but max is 0 [ 229.008359][ T9868] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1658'. [ 229.037921][ T9] usb 4-1: config 0 has no interface number 0 [ 229.075978][ T9] usb 4-1: New USB device found, idVendor=050d, idProduct=2102, bcdDevice=70.d0 [ 229.103157][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.143746][ T9] usb 4-1: Product: syz [ 229.164091][ T9] usb 4-1: Manufacturer: syz [ 229.169981][ T9] usb 4-1: SerialNumber: syz [ 229.188177][ T9] usb 4-1: config 0 descriptor?? [ 229.473087][ T978] usb 4-1: USB disconnect, device number 17 [ 229.726067][ T9884] input: syz0 as /devices/virtual/input/input24 [ 231.204977][ T24] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 231.395734][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 231.404288][ T24] usb 4-1: config 0 has an invalid interface number: 12 but max is 0 [ 231.420736][ T24] usb 4-1: config 0 has no interface number 0 [ 231.434721][ T24] usb 4-1: config 0 interface 12 has no altsetting 0 [ 231.450816][ T24] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 231.473330][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 231.491393][ T24] usb 4-1: Product: syz [ 231.503990][ T24] usb 4-1: Manufacturer: syz [ 231.514038][ T24] usb 4-1: SerialNumber: syz [ 231.531162][ T24] usb 4-1: config 0 descriptor?? [ 231.869079][ T9966] Bluetooth: hci0: invalid length 0, exp 2 for type 3 [ 231.930141][ T9969] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1700'. [ 232.140900][ T5904] libceph: connect (1)[c::]:6789 error -22 [ 232.148910][ T5904] libceph: mon0 (1)[c::]:6789 connect error [ 232.169111][ T9980] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns [ 232.178308][ T9980] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 232.457190][ T978] libceph: connect (1)[c::]:6789 error -22 [ 232.464412][ T978] libceph: mon0 (1)[c::]:6789 connect error [ 232.549218][ T30] audit: type=1326 audit(1748335948.617:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9995 comm="syz.1.1711" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f713158e969 code=0x0 [ 232.776387][T10005] netlink: 'syz.2.1716': attribute type 4 has an invalid length. [ 232.777709][ T24] f81534 4-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 232.792443][T10005] netlink: 'syz.2.1716': attribute type 4 has an invalid length. [ 232.797354][ T24] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71 [ 232.808371][ T24] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 232.808767][T10007] af_packet: tpacket_rcv: packet too big, clamped from 64993 to 3952. macoff=96 [ 232.816636][ T24] f81534 4-1:0.12: probe with driver f81534 failed with error -71 [ 232.840146][ T24] usb 4-1: USB disconnect, device number 18 [ 232.896723][ T9976] ceph: No mds server is up or the cluster is laggy [ 233.824788][ T9] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 233.974931][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 233.991576][ T9] usb 2-1: config index 0 descriptor too short (expected 17170, got 18) [ 234.002135][ T9] usb 2-1: config 0 has too many interfaces: 63, using maximum allowed: 32 [ 234.027235][ T9] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 63 [ 234.055001][ T9] usb 2-1: New USB device found, idVendor=07ab, idProduct=fc01, bcdDevice=8d.90 [ 234.085720][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.093787][ T9] usb 2-1: Product: syz [ 234.142716][ T9] usb 2-1: Manufacturer: syz [ 234.151844][ T9] usb 2-1: SerialNumber: syz [ 234.174839][ T5904] usb 5-1: new full-speed USB device number 14 using dummy_hcd [ 234.257891][ T9] usb 2-1: config 0 descriptor?? [ 234.310488][ T9] ums-freecom 2-1:0.0: USB Mass Storage device detected [ 234.370376][ T5904] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 234.432827][ T5904] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 234.469443][ T5904] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 234.491349][ T5904] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 234.506496][ T5904] usb 5-1: config 0 descriptor?? [ 234.524569][T10035] xt_hashlimit: size too large, truncated to 1048576 [ 234.999783][ T5883] usb 2-1: USB disconnect, device number 16 [ 235.138436][ T5904] usb 5-1: string descriptor 0 read error: -22 [ 235.341540][ T5904] uclogic 0003:256C:006D.0019: interface is invalid, ignoring [ 235.361860][ T5904] usb 5-1: USB disconnect, device number 14 [ 235.735869][T10075] netlink: 'syz.1.1743': attribute type 1 has an invalid length. [ 235.894133][T10075] 8021q: adding VLAN 0 to HW filter on device bond1 [ 236.034946][T10078] 8021q: adding VLAN 0 to HW filter on device bond1 [ 236.042215][T10078] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 236.056934][T10078] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 236.588442][ T5885] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 236.753760][ T5885] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 236.776854][ T5885] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 236.806869][ T5885] usb 5-1: Product: syz [ 236.814795][ T5885] usb 5-1: Manufacturer: syz [ 236.819451][ T5885] usb 5-1: SerialNumber: syz [ 236.853931][ T5885] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 236.944430][ T24] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 237.281932][T10125] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 239.645659][T10166] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 240.143546][ T5885] usb 5-1: USB disconnect, device number 15 [ 240.149619][ T24] usb 5-1: Service connection timeout for: 256 [ 240.170230][ T24] ath9k_htc 5-1:1.0: ath9k_htc: Unable to initialize HTC services [ 240.181404][ T24] ath9k_htc: Failed to initialize the device [ 240.189317][ T5885] usb 5-1: ath9k_htc: USB layer deinitialized [ 240.394710][ T5883] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 240.556356][ T5883] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 240.582902][ T5883] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 240.616476][ T5883] usb 2-1: config 0 descriptor?? [ 240.642044][ T5883] usb 2-1: can't set config #0, error -71 [ 240.654985][ T5883] usb 2-1: USB disconnect, device number 17 [ 241.075174][ T24] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 241.154022][T10209] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 241.257132][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 241.277585][ T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 241.292209][ T24] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 241.316035][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.342323][ T24] usb 5-1: config 0 descriptor?? [ 241.350992][ T24] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 242.564313][ T24] gspca_vc032x: reg_w err -71 [ 242.569278][ T24] vc032x 5-1:0.0: probe with driver vc032x failed with error -71 [ 242.581072][ T24] usb 5-1: USB disconnect, device number 16 [ 243.503404][T10268] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1824'. [ 243.585222][T10268] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 243.594274][T10268] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 243.603068][T10268] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 243.611903][T10268] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 243.638210][T10268] vxlan0: entered promiscuous mode [ 244.238170][T10280] bridge0: port 2(bridge_slave_1) entered disabled state [ 244.247439][T10280] bridge0: port 1(bridge_slave_0) entered disabled state [ 244.486164][T10289] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1832'. [ 244.502477][T10289] macsec1: entered allmulticast mode [ 244.507944][T10289] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode [ 244.545270][T10289] mac80211_hwsim hwsim4 wlan0: left allmulticast mode [ 245.056968][T10304] netlink: 140 bytes leftover after parsing attributes in process `syz.0.1839'. [ 245.092223][T10304] netlink: 140 bytes leftover after parsing attributes in process `syz.0.1839'. [ 245.915503][ T9] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 246.065998][T10332] overlayfs: failed to clone lowerpath [ 246.074846][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 246.083391][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 246.119225][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 246.135219][ T9] usb 4-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 246.146266][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.172083][ T9] usb 4-1: config 0 descriptor?? [ 247.230450][ T9] letsketch 0003:6161:4D15.001A: Device info: 꿨 [ 247.480014][ T9] usb 4-1: Max retries (5) exceeded reading string descriptor 201 [ 247.506348][ T9] letsketch 0003:6161:4D15.001A: probe with driver letsketch failed with error -71 [ 247.525696][ T9] usb 4-1: USB disconnect, device number 19 [ 247.781098][T10401] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 247.804882][ T5883] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 247.900838][T10407] netlink: 'syz.4.1886': attribute type 3 has an invalid length. [ 247.909323][T10407] netlink: 'syz.4.1886': attribute type 1 has an invalid length. [ 247.918148][T10407] netlink: 191172 bytes leftover after parsing attributes in process `syz.4.1886'. [ 247.974883][ T5883] usb 2-1: Using ep0 maxpacket: 16 [ 247.990585][ T5883] usb 2-1: too many configurations: 123, using maximum allowed: 8 [ 248.015162][ T5883] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 248.036052][ T5883] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 248.060156][ T5883] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 248.079634][ T5883] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 248.101882][ T5883] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 248.118566][ T5883] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 248.127128][T10415] tls_set_device_offload_rx: netdev not found [ 248.132558][ T5883] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 248.155938][ T5883] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 248.176242][ T5883] usb 2-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 248.189656][ T5883] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=45 [ 248.198866][ T5883] usb 2-1: SerialNumber: syz [ 248.207442][ T5883] usb 2-1: config 0 descriptor?? [ 248.223133][ T5883] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input25 [ 248.345940][ T9] usb 4-1: new full-speed USB device number 20 using dummy_hcd [ 248.373138][T10424] netlink: 'syz.0.1893': attribute type 10 has an invalid length. [ 248.382270][T10424] syz_tun: entered promiscuous mode [ 248.395236][T10424] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 248.413778][T10424] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1893'. [ 248.439664][ T5171] bcm5974 2-1:0.0: could not read from device [ 248.464554][ T5171] bcm5974 2-1:0.0: could not read from device [ 248.475478][ T5883] usb 2-1: USB disconnect, device number 18 [ 248.506864][ T9] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 248.525100][ T9] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 248.554919][ T9] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 248.571726][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 248.809125][ T9] usb 4-1: usb_control_msg returned -32 [ 248.814911][ T9] usbtmc 4-1:16.0: can't read capabilities [ 249.164845][ T9] usb 5-1: new low-speed USB device number 17 using dummy_hcd [ 249.264900][ T5916] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 249.326607][ T9] usb 5-1: config 0 has no interfaces? [ 249.338657][ T9] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 249.349002][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 249.362324][ T9] usb 5-1: config 0 descriptor?? [ 249.424671][ T5916] usb 2-1: Using ep0 maxpacket: 8 [ 249.431741][ T5916] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 249.441067][ T5916] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 249.457136][ T5916] pvrusb2: Hardware description: Terratec Grabster AV400 [ 249.464241][ T5916] pvrusb2: ********** [ 249.468332][ T5916] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 249.478614][ T5916] pvrusb2: Important functionality might not be entirely working. [ 249.486790][ T5916] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 249.498167][ T5916] pvrusb2: ********** [ 249.579775][ T5883] usb 5-1: USB disconnect, device number 17 [ 249.659960][ T2341] pvrusb2: Invalid write control endpoint [ 249.703118][ T2341] pvrusb2: Invalid write control endpoint [ 249.709098][ T2341] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 249.719798][ T2341] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 249.727463][ T2341] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 249.739992][ T2341] pvrusb2: Device being rendered inoperable [ 249.746196][ T2341] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 249.753279][ T2341] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 249.761481][ T2341] pvrusb2: Attached sub-driver cx25840 [ 249.767033][ T2341] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 249.779063][ T2341] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 249.864165][T10443] pvrusb2: Attempted to execute control transfer when device not ok [ 249.875316][ T5883] usb 2-1: USB disconnect, device number 19 [ 250.086636][T10456] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1907'. [ 251.178015][ T5916] usb 4-1: USB disconnect, device number 20 [ 251.808761][T10510] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1928'. [ 251.823010][T10512] kvm: Disabled LAPIC found during irq injection [ 251.861583][T10510] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 252.043468][T10510] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 252.170691][T10521] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1932'. [ 252.262338][T10523] netlink: 'syz.3.1934': attribute type 29 has an invalid length. [ 252.286884][T10523] netlink: 'syz.3.1934': attribute type 29 has an invalid length. [ 252.306528][T10523] netlink: 500 bytes leftover after parsing attributes in process `syz.3.1934'. [ 254.154885][T10586] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1961'. [ 255.136631][ T5883] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 255.299713][ T5883] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 255.322551][ T5883] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 255.344735][ T5883] usb 2-1: Product: syz [ 255.354738][ T5883] usb 2-1: Manufacturer: syz [ 255.372356][ T5883] usb 2-1: SerialNumber: syz [ 255.803264][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.936736][T10657] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1990'. [ 256.434780][ T5883] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 256.444809][ T5883] cdc_ncm 2-1:1.0: dwNtbInMaxSize=3 is too small. Using 2048 [ 256.464702][ T5883] cdc_ncm 2-1:1.0: setting rx_max = 2048 [ 256.670124][ T5883] cdc_ncm 2-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 256.724911][ T5883] usb 2-1: USB disconnect, device number 20 [ 256.732462][ T5883] cdc_ncm 2-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM (NO ZLP) [ 257.999595][T10715] 9pnet: p9_errstr2errno: server reported unknown error @L O!L8iHѡ2m-9Vm [ 258.257888][T10737] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2023'. [ 258.267393][T10737] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2023'. [ 258.276903][ T9] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 258.434884][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 258.442055][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 258.462507][ T9] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 258.492813][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 258.524188][ T9] usb 5-1: config 0 descriptor?? [ 258.765028][ T9] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 259.149799][ T5883] usb 5-1: USB disconnect, device number 18 [ 259.897975][T10796] input: syz0 as /devices/virtual/input/input26 [ 260.074687][ T9] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 260.199280][T10810] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 260.247550][ T9] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 260.279353][ T9] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 260.310780][ T9] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 260.323286][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.345915][T10789] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 260.354966][ T5904] usb 2-1: new full-speed USB device number 21 using dummy_hcd [ 260.369104][ T9] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 260.526994][ T5904] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 260.544658][ T5904] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 260.556244][ T5904] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 260.574751][ T5904] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 260.582850][ T5904] usb 2-1: Product: syz [ 260.594722][ T5904] usb 2-1: Manufacturer: syz [ 260.599376][ T5904] usb 2-1: SerialNumber: syz [ 260.625969][ T9] usb 4-1: USB disconnect, device number 21 [ 260.822834][ T5904] usb 2-1: 0:2 : does not exist [ 260.871236][ T5904] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 260.915093][ T5904] usb 2-1: USB disconnect, device number 21 [ 261.145440][T10834] batadv_slave_1: entered promiscuous mode [ 261.269584][T10832] batadv_slave_1: left promiscuous mode [ 261.567532][T10849] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2072'. [ 264.314080][T10926] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 264.684925][ T9] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 264.854879][ T5904] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 264.862781][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 264.874679][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 264.888133][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 264.908023][ T9] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 264.924813][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.947291][ T9] usb 2-1: config 0 descriptor?? [ 264.966601][ T9] hub 2-1:0.0: USB hub found [ 265.036907][ T5904] usb 4-1: config 0 has an invalid interface number: 117 but max is 0 [ 265.045614][ T5904] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 265.066288][ T5904] usb 4-1: config 0 has no interface number 0 [ 265.072541][ T5904] usb 4-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 265.113145][ T5904] usb 4-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 265.153769][ T5904] usb 4-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 265.187916][ T9] hub 2-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 265.226733][ T5904] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 265.285869][ T5904] usb 4-1: Product: syz [ 265.290125][ T5904] usb 4-1: Manufacturer: syz [ 265.295060][ T5904] usb 4-1: SerialNumber: syz [ 265.303184][ T5904] usb 4-1: config 0 descriptor?? [ 265.610383][ T9] hid-generic 0003:046D:C31C.001B: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.1-1/input0 [ 265.992078][ T5883] usb 2-1: USB disconnect, device number 22 [ 266.013913][ T24] usb 4-1: USB disconnect, device number 22 [ 266.855017][T10955] 9pnet: p9_errstr2errno: server reported unknown error @L O! [ 267.181012][T10963] netlink: 'syz.0.2128': attribute type 39 has an invalid length. [ 267.190005][ T9615] bridge_slave_1: left allmulticast mode [ 267.204979][ T9615] bridge_slave_1: left promiscuous mode [ 267.216095][ T9615] bridge0: port 2(bridge_slave_1) entered disabled state [ 267.258005][ T9615] bridge_slave_0: left allmulticast mode [ 267.270583][ T9615] bridge_slave_0: left promiscuous mode [ 267.283711][ T9615] bridge0: port 1(bridge_slave_0) entered disabled state [ 267.466473][ T5831] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 267.476406][ T5831] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 267.487282][ T5831] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 267.500013][ T5831] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 267.518406][ T5831] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 267.534239][ T5829] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 267.548084][ T5829] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 267.567930][ T5829] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 267.582315][ T5829] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 267.599146][ T5829] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 267.699656][ T9615] bridge0 (unregistering): left promiscuous mode [ 268.137865][ T9615] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 268.162469][ T9615] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 268.189807][ T9615] bond0 (unregistering): Released all slaves [ 268.327499][ T9615] tipc: Disabling bearer [ 268.341377][ T9615] tipc: Left network mode [ 268.480333][T10998] Invalid ELF header magic: != ELF [ 268.887145][T11011] overlayfs: failed to verify upper root origin [ 269.049179][ T9615] hsr_slave_0: left promiscuous mode [ 269.069227][ T9615] hsr_slave_1: left promiscuous mode [ 269.082000][ T9615] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 269.099622][ T9615] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 269.284820][ T5883] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 269.457211][ T5883] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 269.486065][ T5883] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 269.496831][ T5883] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 269.521113][ T5883] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 269.530443][ T5883] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 269.576951][ T5883] usb 2-1: config 0 descriptor?? [ 269.641579][ T30] audit: type=1326 audit(1748335985.707:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11034 comm="syz.4.2158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1de98e969 code=0x7ffc0000 [ 269.663851][ T5831] Bluetooth: hci1: command tx timeout [ 269.696406][ T30] audit: type=1326 audit(1748335985.707:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11034 comm="syz.4.2158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe1de92ab39 code=0x7ffc0000 [ 269.789111][ T30] audit: type=1326 audit(1748335985.707:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11034 comm="syz.4.2158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1de98e969 code=0x7ffc0000 [ 269.874976][ T30] audit: type=1326 audit(1748335985.707:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11034 comm="syz.4.2158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe1de92ab39 code=0x7ffc0000 [ 269.940574][ T30] audit: type=1326 audit(1748335985.707:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11034 comm="syz.4.2158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe1de92ab39 code=0x7ffc0000 [ 269.970842][ T30] audit: type=1326 audit(1748335985.707:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11034 comm="syz.4.2158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe1de92ab39 code=0x7ffc0000 [ 270.005723][ T30] audit: type=1326 audit(1748335985.707:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11034 comm="syz.4.2158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1de98e969 code=0x7ffc0000 [ 270.021066][ T5883] plantronics 0003:047F:FFFF.001C: No inputs registered, leaving [ 270.062791][ T30] audit: type=1326 audit(1748335985.707:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11034 comm="syz.4.2158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe1de92ab39 code=0x7ffc0000 [ 270.097760][ T30] audit: type=1326 audit(1748335985.707:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11034 comm="syz.4.2158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1de98e969 code=0x7ffc0000 [ 270.108847][ T5883] plantronics 0003:047F:FFFF.001C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 270.157954][ T30] audit: type=1326 audit(1748335985.707:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11034 comm="syz.4.2158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe1de92ab39 code=0x7ffc0000 [ 270.291631][ T24] kernel write not supported for file bpf-prog (pid: 24 comm: kworker/1:0) [ 270.318836][ T24] usb 2-1: USB disconnect, device number 23 [ 270.335987][ T9615] team0 (unregistering): Port device team_slave_1 removed [ 270.390581][ T9615] team0 (unregistering): Port device team_slave_0 removed [ 270.998137][T11029] all: renamed from bridge_slave_0 (while UP) [ 271.034376][T10970] chnl_net:caif_netlink_parms(): no params data found [ 271.706207][T10970] bridge0: port 1(bridge_slave_0) entered blocking state [ 271.724415][ T5831] Bluetooth: hci1: command tx timeout [ 271.737891][T10970] bridge0: port 1(bridge_slave_0) entered disabled state [ 271.749366][T10970] bridge_slave_0: entered allmulticast mode [ 271.758049][T10970] bridge_slave_0: entered promiscuous mode [ 271.767001][T10970] bridge0: port 2(bridge_slave_1) entered blocking state [ 271.776630][T10970] bridge0: port 2(bridge_slave_1) entered disabled state [ 271.784193][T10970] bridge_slave_1: entered allmulticast mode [ 271.792480][T10970] bridge_slave_1: entered promiscuous mode [ 271.856637][T10970] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 271.886450][T10970] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 271.935291][ T9] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 272.047091][T10970] team0: Port device team_slave_0 added [ 272.054063][ T9615] IPVS: stop unused estimator thread 0... [ 272.079608][T10970] team0: Port device team_slave_1 added [ 272.117233][ T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 272.128337][ T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 272.150105][ T9] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 272.180553][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 272.203845][ T9] usb 4-1: SerialNumber: syz [ 272.280274][ T12] nci: nci_extract_activation_params_iso_dep: unsupported activation_rf_tech_and_mode 0x6 [ 272.288199][T10970] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 272.299939][T10970] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 272.326144][T10970] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 272.339496][T10970] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 272.346539][T10970] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 272.375031][T10970] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 272.436506][ T9] usb 4-1: 0:2 : does not exist [ 272.481172][ T9] usb 4-1: USB disconnect, device number 23 [ 272.547788][T10970] hsr_slave_0: entered promiscuous mode [ 272.564050][T10970] hsr_slave_1: entered promiscuous mode [ 272.578143][T10970] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 272.594644][T10970] Cannot create hsr debugfs directory [ 272.770103][T11117] trusted_key: syz.0.2191 sent an empty control message without MSG_MORE. [ 272.985283][T10970] 8021q: adding VLAN 0 to HW filter on device bond0 [ 273.042066][T10970] 8021q: adding VLAN 0 to HW filter on device team0 [ 273.068212][ T9615] bridge0: port 1(bridge_slave_0) entered blocking state [ 273.075471][ T9615] bridge0: port 1(bridge_slave_0) entered forwarding state [ 273.095495][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 273.102712][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 273.274733][ T9] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 273.447542][ T9] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 273.459129][T10970] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 273.468632][ T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 273.479339][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 273.491470][ T9] usb 2-1: Product: syz [ 273.495945][ T9] usb 2-1: Manufacturer: syz [ 273.500928][ T9] usb 2-1: SerialNumber: syz [ 273.737213][ T9] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 24 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 273.796016][ T5831] Bluetooth: hci1: command tx timeout [ 273.934237][ T9] usb 2-1: USB disconnect, device number 24 [ 273.986574][ T9] usblp0: removed [ 274.009101][T11157] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2200'. [ 274.322877][T10970] veth0_vlan: entered promiscuous mode [ 274.369330][T10970] veth1_vlan: entered promiscuous mode [ 274.438025][T10970] veth0_macvtap: entered promiscuous mode [ 274.486464][T10970] veth1_macvtap: entered promiscuous mode [ 274.512022][T10970] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 274.542902][T10970] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 274.869938][T11181] netlink: 'syz.1.2210': attribute type 1 has an invalid length. [ 274.881115][T11181] netlink: 'syz.1.2210': attribute type 2 has an invalid length. [ 274.897094][T11181] netlink: 'syz.1.2210': attribute type 4 has an invalid length. [ 274.907273][T11181] netlink: 130872 bytes leftover after parsing attributes in process `syz.1.2210'. [ 275.143738][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 275.165369][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 275.256673][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 275.265419][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 275.356504][ T5904] usb 2-1: new full-speed USB device number 25 using dummy_hcd [ 275.547309][ T5904] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 275.572724][ T5904] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 275.593198][ T5904] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 275.612676][ T5904] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 275.632266][ T5904] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 275.649908][ T5904] usb 2-1: Product: syz [ 275.654386][ T5904] usb 2-1: Manufacturer: syz [ 275.659245][ T5904] usb 2-1: SerialNumber: syz [ 275.670567][T11185] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 275.768452][T11208] netlink: 1347 bytes leftover after parsing attributes in process `syz.0.2221'. [ 275.875268][ T5831] Bluetooth: hci1: command tx timeout [ 276.701982][ T5904] cdc_mbim 2-1:1.0: bind() failure [ 276.724537][ T5904] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 276.743397][ T5904] cdc_ncm 2-1:1.1: bind() failure [ 276.906361][ T5883] usb 2-1: USB disconnect, device number 25 [ 277.903842][T11295] Bluetooth: hci0: invalid length 0, exp 2 for type 16 [ 279.170871][T11327] team0: entered promiscuous mode [ 279.190299][T11327] team_slave_0: entered promiscuous mode [ 279.209257][T11327] team_slave_1: entered promiscuous mode [ 279.308185][T11327] batadv_slave_0: entered promiscuous mode [ 279.342663][T11326] batadv_slave_0: left promiscuous mode [ 279.355178][T11326] team0: left promiscuous mode [ 279.360176][T11326] team_slave_0: left promiscuous mode [ 279.395479][T11326] team_slave_1: left promiscuous mode [ 279.576158][T11330] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2271'. [ 280.264847][ T5816] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 280.424769][ T5816] usb 2-1: Using ep0 maxpacket: 16 [ 280.438075][ T5816] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 280.464736][ T5816] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 280.489952][ T5816] usb 2-1: New USB device found, idVendor=1770, idProduct=ff00, bcdDevice= 0.00 [ 280.520805][ T5816] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 280.545640][ T5816] usb 2-1: config 0 descriptor?? [ 280.668111][T11349] netlink: 'syz.0.2279': attribute type 10 has an invalid length. [ 280.685527][T11349] bridge0: port 2(bridge_slave_1) entered disabled state [ 280.693392][T11349] bridge0: port 1(bridge_slave_0) entered disabled state [ 280.728110][T11349] bridge0: port 2(bridge_slave_1) entered blocking state [ 280.735541][T11349] bridge0: port 2(bridge_slave_1) entered forwarding state [ 280.743150][T11349] bridge0: port 1(bridge_slave_0) entered blocking state [ 280.750436][T11349] bridge0: port 1(bridge_slave_0) entered forwarding state [ 280.800991][T11349] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 281.000665][ T5816] gt683r_led 0003:1770:FF00.001D: collection stack underflow [ 281.024927][ T5816] gt683r_led 0003:1770:FF00.001D: item 0 1 0 12 parsing failed [ 281.037386][ T5816] gt683r_led 0003:1770:FF00.001D: hid parsing failed [ 281.054448][ T5816] gt683r_led 0003:1770:FF00.001D: probe with driver gt683r_led failed with error -22 [ 281.210405][ T9] usb 2-1: USB disconnect, device number 26 [ 282.092300][T11373] syzkaller1: entered promiscuous mode [ 282.114692][T11373] syzkaller1: entered allmulticast mode [ 282.188453][ T5816] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 282.375153][ T5816] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 282.419523][ T5816] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 282.470422][ T5816] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 282.482467][ T5816] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 282.497116][ T5816] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 282.524705][ T5816] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 282.552262][ T5816] usb 4-1: config 0 descriptor?? [ 282.757489][ T24] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 282.930830][ T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 282.959212][ T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 282.988385][ T5816] plantronics 0003:047F:FFFF.001E: No inputs registered, leaving [ 283.000879][ T24] usb 6-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 283.025866][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 283.040344][ T5816] plantronics 0003:047F:FFFF.001E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 283.056018][ T24] usb 6-1: config 0 descriptor?? [ 283.543814][ T24] hid-steam 0003:28DE:1142.001F: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.5-1/input0 [ 283.614804][ T24] hid-steam 0003:28DE:1142.001F: Steam wireless receiver connected [ 283.653500][ T24] hid-steam 0003:28DE:1142.0020: hidraw1: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.5-1/input0 [ 283.820330][ T5816] usb 4-1: USB disconnect, device number 24 [ 283.835120][ T5883] usb 6-1: USB disconnect, device number 2 [ 283.857232][ T5883] hid-steam 0003:28DE:1142.001F: Steam wireless receiver disconnected [ 283.934925][ T24] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 284.104705][ T24] usb 2-1: Using ep0 maxpacket: 8 [ 284.137803][ T24] usb 2-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 284.158640][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 284.204394][ T24] usb 2-1: Product: syz [ 284.211007][ T24] usb 2-1: Manufacturer: syz [ 284.224621][ T24] usb 2-1: SerialNumber: syz [ 284.244136][ T24] usb 2-1: config 0 descriptor?? [ 284.268309][ T24] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 284.520932][T11427] Bluetooth: hci0: invalid length 0, exp 2 for type 6 [ 284.954675][ T5916] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 285.110629][ T5916] usb 6-1: config 0 has no interfaces? [ 285.116408][ T5916] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 285.264646][ T5916] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.276042][ T5916] usb 6-1: config 0 descriptor?? [ 285.664688][ T5916] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 285.712215][T11437] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 285.731673][T11437] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 285.751246][ T9] usb 6-1: USB disconnect, device number 3 [ 285.824704][ T5916] usb 5-1: Using ep0 maxpacket: 32 [ 285.836667][ T5916] usb 5-1: config 0 has an invalid interface number: 132 but max is 0 [ 285.852531][ T5916] usb 5-1: config 0 has no interface number 0 [ 285.865209][ T5916] usb 5-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 285.904061][ T5916] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 285.915529][ T5916] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 285.932034][ T5916] usb 5-1: Product: syz [ 285.936808][ T5916] usb 5-1: Manufacturer: syz [ 285.941467][ T5916] usb 5-1: SerialNumber: syz [ 285.956159][ T5916] usb 5-1: config 0 descriptor?? [ 285.965908][ T5916] em28xx 5-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 285.984702][ T5916] em28xx 5-1:0.132: Video interface 132 found: [ 286.379512][ T5916] em28xx 5-1:0.132: unknown em28xx chip ID (0) [ 286.714534][ T5904] usb 2-1: USB disconnect, device number 27 [ 287.285597][T11500] bond_slave_0: entered promiscuous mode [ 287.291652][T11500] bond_slave_1: entered promiscuous mode [ 287.297517][T11500] bridge0: entered promiscuous mode [ 287.309345][T11500] macvlan2: entered allmulticast mode [ 287.316185][T11500] bond0: entered allmulticast mode [ 287.330354][T11500] bond_slave_0: entered allmulticast mode [ 287.348952][T11500] bond_slave_1: entered allmulticast mode [ 287.361659][T11500] syz_tun: entered allmulticast mode [ 287.372848][T11500] bridge0: entered allmulticast mode [ 287.393732][T11500] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 287.429091][T11500] bridge0: port 3(macvlan2) entered blocking state [ 287.458928][T11500] bridge0: port 3(macvlan2) entered disabled state [ 287.489987][T11500] bond0: left allmulticast mode [ 287.496049][T11500] bond_slave_0: left allmulticast mode [ 287.503020][T11500] bond_slave_1: left allmulticast mode [ 287.511564][T11500] syz_tun: left allmulticast mode [ 287.519497][T11500] bridge0: left allmulticast mode [ 287.556332][ T5916] em28xx 5-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 287.559604][T11500] bond_slave_0: left promiscuous mode [ 287.571013][T11500] bond_slave_1: left promiscuous mode [ 287.576602][T11500] bridge0: left promiscuous mode [ 287.600179][T11513] netlink: zone id is out of range [ 287.610360][ T5916] em28xx 5-1:0.132: board has no eeprom [ 287.622745][T11455] em28xx 5-1:0.132: failed to trigger write to i2c address 0x28 (error=-5) [ 287.647465][T11513] netlink: del zone limit has 4 unknown bytes [ 287.655062][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 287.695484][ T5916] em28xx 5-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 287.712648][ T5916] em28xx 5-1:0.132: analog set to bulk mode. [ 287.742124][ T5904] em28xx 5-1:0.132: Registering V4L2 extension [ 287.765330][ T5916] usb 5-1: USB disconnect, device number 19 [ 287.786324][ T5916] em28xx 5-1:0.132: Disconnecting em28xx [ 288.187676][ T5904] em28xx 5-1:0.132: Config register raw data: 0xffffffed [ 288.246073][ T5904] em28xx 5-1:0.132: AC97 chip type couldn't be determined [ 288.269795][ T5904] em28xx 5-1:0.132: No AC97 audio processor [ 288.292195][ T5904] usb 5-1: Decoder not found [ 288.297929][ T5904] em28xx 5-1:0.132: failed to create media graph [ 288.304555][ T5904] em28xx 5-1:0.132: V4L2 device video103 deregistered [ 288.379063][ T5904] em28xx 5-1:0.132: Remote control support is not available for this card. [ 288.423444][ T5916] em28xx 5-1:0.132: Closing input extension [ 288.463775][ T5916] em28xx 5-1:0.132: Freeing device [ 288.475301][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 288.813267][ T30] kauditd_printk_skb: 51 callbacks suppressed [ 288.813287][ T30] audit: type=1326 audit(1748336004.877:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11543 comm="syz.3.2354" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f26e778e969 code=0x0 [ 288.855062][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 288.866670][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 289.316485][T11556] netlink: 'syz.1.2359': attribute type 1 has an invalid length. [ 289.327902][T11556] netlink: 'syz.1.2359': attribute type 10 has an invalid length. [ 289.341291][T11556] netlink: 236 bytes leftover after parsing attributes in process `syz.1.2359'. [ 289.430849][T11561] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 289.956849][T11584] netlink: 372 bytes leftover after parsing attributes in process `syz.3.2371'. [ 290.486244][ T5883] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 290.636957][ T5883] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 290.653467][ T5883] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 290.691846][ T5883] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 290.714624][ T5883] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 290.754325][ T5883] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 290.771805][ T5883] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 290.783153][T11610] netlink: 'syz.5.2383': attribute type 1 has an invalid length. [ 290.801618][ T5883] usb 4-1: Manufacturer: syz [ 290.809424][T11610] netlink: 16150 bytes leftover after parsing attributes in process `syz.5.2383'. [ 290.836220][ T5883] usb 4-1: config 0 descriptor?? [ 291.110410][T11619] kvm: vcpu 512: requested lapic timer restore with starting count register 0x390=1531215282 (3062430564 ns) > initial count (1473793136 ns). Using initial count to start timer. [ 291.261276][ T5883] appleir 0003:05AC:8243.0021: unknown main item tag 0x0 [ 291.293534][ T5883] appleir 0003:05AC:8243.0021: No inputs registered, leaving [ 291.338032][T11625] netlink: 51 bytes leftover after parsing attributes in process `syz.0.2390'. [ 291.350333][ T5883] appleir 0003:05AC:8243.0021: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 291.584775][ T24] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 291.682094][T11642] unknown channel width for channel at 909000KHz? [ 291.691610][T11642] unknown channel width for channel at 909000KHz? [ 291.699842][T11642] unknown channel width for channel at 909000KHz? [ 291.756141][ T24] usb 6-1: Using ep0 maxpacket: 32 [ 291.765434][ T24] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 291.781978][ T5916] usb 4-1: USB disconnect, device number 25 [ 291.783560][ T24] usb 6-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 291.809213][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 291.824755][ T24] usb 6-1: Product: syz [ 291.828997][ T24] usb 6-1: Manufacturer: syz [ 291.833843][ T24] usb 6-1: SerialNumber: syz [ 291.845622][ T24] usb 6-1: config 0 descriptor?? [ 291.922531][T11654] bond0: (slave syz_tun): Releasing backup interface [ 291.937287][T11654] bond0: (slave bridge0): Releasing backup interface [ 291.939830][ T5883] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 291.952893][T11654] bridge0: port 2(bridge_slave_1) entered disabled state [ 291.960274][T11654] bridge0: port 1(bridge_slave_0) entered disabled state [ 291.986138][ T30] audit: type=1326 audit(1748336008.057:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11655 comm="syz.1.2405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f713152ab39 code=0x7ffc0000 [ 292.012159][T11654] bridge0: adding interface bridge0 with same address as a received packet (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 292.021814][ T30] audit: type=1326 audit(1748336008.057:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11655 comm="syz.1.2405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f713152ab39 code=0x7ffc0000 [ 292.024528][T11654] bridge0: adding interface bridge0 with same address as a received packet (addr:aa:aa:aa:aa:aa:0c, vlan:1) [ 292.046552][T11657] netlink: 'syz.0.2404': attribute type 10 has an invalid length. [ 292.080062][ T30] audit: type=1326 audit(1748336008.057:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11655 comm="syz.1.2405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f713152ab39 code=0x7ffc0000 [ 292.110859][ T30] audit: type=1326 audit(1748336008.057:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11655 comm="syz.1.2405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f713152ab39 code=0x7ffc0000 [ 292.140533][ T30] audit: type=1326 audit(1748336008.057:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11655 comm="syz.1.2405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f713152ab39 code=0x7ffc0000 [ 292.162387][ T5883] usb 5-1: Using ep0 maxpacket: 16 [ 292.175954][ T5883] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 292.192657][ T5883] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 292.203442][ T5883] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 292.224303][ T30] audit: type=1326 audit(1748336008.057:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11655 comm="syz.1.2405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f713152ab39 code=0x7ffc0000 [ 292.252294][ T5883] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 292.269782][T11654] bridge_slave_0: left allmulticast mode [ 292.279206][T11654] bridge_slave_0: left promiscuous mode [ 292.290150][T11654] bridge0: port 1(bridge_slave_0) entered disabled state [ 292.299025][ T5883] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 292.307457][ T30] audit: type=1326 audit(1748336008.057:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11655 comm="syz.1.2405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f713152ab39 code=0x7ffc0000 [ 292.338664][ T5883] usb 5-1: config 0 descriptor?? [ 292.345788][T11654] bridge_slave_1: left allmulticast mode [ 292.353823][T11654] bridge_slave_1: left promiscuous mode [ 292.365163][T11654] bridge0: port 2(bridge_slave_1) entered disabled state [ 292.372566][ T30] audit: type=1326 audit(1748336008.057:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11655 comm="syz.1.2405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f713152ab39 code=0x7ffc0000 [ 292.424156][T11654] bond0: (slave bond_slave_0): Releasing backup interface [ 292.459100][T11654] bond0: (slave bond_slave_1): Releasing backup interface [ 292.487299][ T30] audit: type=1326 audit(1748336008.057:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11655 comm="syz.1.2405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f713152ab39 code=0x7ffc0000 [ 292.509726][ C1] vkms_vblank_simulate: vblank timer overrun [ 292.694665][T11654] team0: Port device team_slave_0 removed [ 292.726736][T11654] team0: Port device team_slave_1 removed [ 292.739196][T11654] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 292.762934][T11654] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 292.772597][T11654] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 292.773254][ T5883] HID 045e:07da: Invalid code 65791 type 1 [ 292.791042][T11654] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 292.802107][ T5883] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0022/input/input30 [ 292.822759][ T5883] microsoft 0003:045E:07DA.0022: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 292.844512][T11662] xt_CT: No such helper "snmp_trap" [ 292.888772][T11657] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 292.977054][ T5816] usb 5-1: USB disconnect, device number 20 [ 293.868133][T11691] bridge0: entered promiscuous mode [ 293.882978][T11691] batman_adv: batadv0: Adding interface: macsec1 [ 293.901208][T11691] batman_adv: batadv0: The MTU of interface macsec1 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 293.948248][T11691] batman_adv: batadv0: Interface activated: macsec1 [ 293.955504][ T978] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 294.134851][ T978] usb 4-1: Using ep0 maxpacket: 8 [ 294.160421][ T978] usb 4-1: config 135 has an invalid interface number: 230 but max is 0 [ 294.191337][ T978] usb 4-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 294.217143][T11694] vlan3: entered allmulticast mode [ 294.222785][T11694] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 294.224821][ T978] usb 4-1: config 135 has no interface number 0 [ 294.249862][ T978] usb 4-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 294.290846][ T978] usb 4-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 294.311244][ T978] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 294.329370][ T978] usb 4-1: Product: syz [ 294.350501][ T978] usb 4-1: Manufacturer: syz [ 294.364383][ T978] usb 4-1: SerialNumber: syz [ 294.406881][ T978] usb 4-1: Found UVC 0.00 device syz (18ec:3288) [ 294.413687][ T5816] usb 6-1: USB disconnect, device number 4 [ 294.440239][ T978] usb 4-1: No valid video chain found. [ 294.735426][ T978] usb 4-1: USB disconnect, device number 26 [ 294.914178][T11713] loop0: detected capacity change from 0 to 7 [ 294.942059][T11713] Dev loop0: unable to read RDB block 7 [ 294.954782][T11713] loop0: unable to read partition table [ 294.960687][T11713] loop0: partition table beyond EOD, truncated [ 294.995060][T11713] loop_reread_partitions: partition scan of loop0 (被xڬdƤݡ [ 294.995060][T11713] ) failed (rc=-5) [ 295.886310][T11754] overlayfs: failed to set uuid (474/file1, err=-1); falling back to uuid=null. [ 295.909427][T11754] overlayfs: failed to verify upper root origin [ 296.198763][T11766] netlink: 120 bytes leftover after parsing attributes in process `syz.0.2450'. [ 296.432872][T11772] 9pnet: p9_errstr2errno: server reported unknown error [ 298.260365][T11811] netlink: 'syz.3.2468': attribute type 1 has an invalid length. [ 299.684212][T11811] bond1: entered allmulticast mode [ 299.727871][T11811] 8021q: adding VLAN 0 to HW filter on device bond1 [ 299.812919][T11814] bond1: (slave ip6gretap1): making interface the new active one [ 299.828533][T11814] ip6gretap1: entered allmulticast mode [ 299.842261][T11814] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 300.728897][T11865] input: syz0 as /devices/virtual/input/input31 [ 300.742180][T11863] lo: entered promiscuous mode [ 300.765952][T11863] lo: entered allmulticast mode [ 300.771521][T11863] lo: left allmulticast mode [ 300.792748][T11863] lo: left promiscuous mode [ 300.857100][T11867] tipc: Started in network mode [ 300.862080][T11867] tipc: Node identity 3eac818ccf8d, cluster identity 4711 [ 300.914302][T11867] tipc: Enabled bearer , priority 0 [ 300.981434][T11871] tipc: Disabling bearer [ 301.725532][T11902] bridge0: entered promiscuous mode [ 301.740928][T11902] macvtap1: entered allmulticast mode [ 301.766624][T11902] bridge0: entered allmulticast mode [ 301.788221][T11902] bridge0: port 3(macvtap1) entered blocking state [ 301.799401][T11902] bridge0: port 3(macvtap1) entered disabled state [ 301.812113][T11902] bridge0: left allmulticast mode [ 301.817499][T11902] bridge0: left promiscuous mode [ 302.108152][T11921] netlink: 76 bytes leftover after parsing attributes in process `syz.1.2513'. [ 302.295049][ T978] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 302.454820][ T978] usb 6-1: Using ep0 maxpacket: 16 [ 302.479906][ T978] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 302.501417][ T978] usb 6-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 302.510978][ T978] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 302.524170][ T978] usb 6-1: config 0 descriptor?? [ 302.537747][ T978] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input32 [ 302.804858][ T5916] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 302.835298][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout [ 302.842959][ T24] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 302.853096][ T24] Bluetooth: hci1: Error when powering off device on rfkill (-110) [ 302.872177][ T5171] bcm5974 6-1:0.0: could not read from device [ 302.896068][ T978] bcm5974 6-1:0.0: could not read from device [ 302.915196][ T5171] bcm5974 6-1:0.0: could not read from device [ 302.936882][ T978] input: failed to attach handler mousedev to device input32, error: -5 [ 302.953948][ T5171] bcm5974 6-1:0.0: could not read from device [ 302.964431][ T978] usb 6-1: USB disconnect, device number 5 [ 302.975483][ T5916] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 302.991798][ T5916] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 303.002981][ T5916] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 303.013375][ T5916] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 303.023215][ T5916] usb 2-1: SerialNumber: syz [ 303.258124][ T5916] usb 2-1: 0:2 : does not exist [ 303.283795][ T5916] usb 2-1: USB disconnect, device number 28 [ 303.397150][ T5904] hid-generic 0000:0003:0000.0023: unknown main item tag 0x0 [ 303.408546][ T5904] hid-generic 0000:0003:0000.0023: unknown main item tag 0x0 [ 303.426360][ T5904] hid-generic 0000:0003:0000.0023: hidraw0: HID v0.00 Device [syz1] on syz1 [ 303.854823][T11994] netem: change failed [ 303.902483][T11998] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2542'. [ 305.160659][T12043] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2559'. [ 305.195205][T12043] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2559'. [ 305.584670][ T5904] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 305.741371][ T5904] usb 6-1: config 0 has no interfaces? [ 305.752888][ T5904] usb 6-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 305.765006][ T5904] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 305.773162][ T5904] usb 6-1: Product: syz [ 305.777714][ T5904] usb 6-1: Manufacturer: syz [ 305.782364][ T5904] usb 6-1: SerialNumber: syz [ 305.791340][ T5904] usb 6-1: config 0 descriptor?? [ 305.793469][ T24] usb 4-1: new full-speed USB device number 27 using dummy_hcd [ 305.977750][ T24] usb 4-1: config 0 has no interfaces? [ 305.983319][ T24] usb 4-1: New USB device found, idVendor=0404, idProduct=0755, bcdDevice= 0.00 [ 305.996564][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 306.019599][ T24] usb 4-1: config 0 descriptor?? [ 306.090008][T12081] xt_hashlimit: max too large, truncated to 1048576 [ 306.106940][ T5904] usb 6-1: USB disconnect, device number 6 [ 306.242197][ T30] kauditd_printk_skb: 152 callbacks suppressed [ 306.242217][ T30] audit: type=1326 audit(1748336022.307:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12054 comm="syz.3.2565" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f26e778e969 code=0x0 [ 306.348986][ T24] usb 4-1: USB disconnect, device number 27 [ 306.394689][ T978] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 306.564689][ T978] usb 5-1: Using ep0 maxpacket: 32 [ 306.571641][ T978] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 306.582152][ T978] usb 5-1: config 0 has no interfaces? [ 306.587818][ T978] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 306.599938][ T978] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 306.612163][ T978] usb 5-1: config 0 descriptor?? [ 306.841935][ T978] usb 5-1: USB disconnect, device number 21 [ 309.117075][ C0] vcan0: j1939_tp_rxtimer: 0xffff888028397800: rx timeout, send abort [ 309.618457][ C0] vcan0: j1939_tp_rxtimer: 0xffff888028395000: rx timeout, send abort [ 309.626968][ C0] vcan0: j1939_tp_rxtimer: 0xffff888028397800: abort rx timeout. Force session deactivation [ 309.757098][T12161] 9pnet: p9_errstr2errno: server reported unknown error @$  [ 310.026789][T12167] hsr0: entered allmulticast mode [ 310.031890][T12167] hsr_slave_0: entered allmulticast mode [ 310.037641][T12167] hsr_slave_1: entered allmulticast mode [ 310.044533][T12167] hsr_slave_0: left promiscuous mode [ 310.056010][T12167] hsr_slave_1: left promiscuous mode [ 310.084174][T12167] hsr0 (unregistering): left allmulticast mode [ 310.126789][ C0] vcan0: j1939_tp_rxtimer: 0xffff888028395000: abort rx timeout. Force session deactivation [ 310.410441][ T24] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 310.596623][ T24] usb 2-1: Using ep0 maxpacket: 8 [ 310.613953][ T24] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 310.623799][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 310.638020][ T24] usb 2-1: Product: syz [ 310.642373][ T24] usb 2-1: Manufacturer: syz [ 310.648414][ T24] usb 2-1: SerialNumber: syz [ 310.662381][ T24] usb 2-1: config 0 descriptor?? [ 310.764873][ T5883] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 310.848501][T12183] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2618'. [ 310.864425][T12183] bridge0: port 2(bridge_slave_1) entered disabled state [ 310.872238][T12183] bridge0: port 1(bridge_slave_0) entered disabled state [ 310.884178][ T24] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 310.924819][ T5883] usb 6-1: Using ep0 maxpacket: 16 [ 310.935872][ T5883] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 310.951815][ T5883] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 310.962178][ T5883] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 310.980575][ T5883] usb 6-1: config 0 descriptor?? [ 311.096211][ T24] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 311.109160][ T24] usb 2-1: USB disconnect, device number 29 [ 311.399833][ T5883] hid (null): global environment stack underflow [ 311.421273][ T5883] mcp2221 0003:04D8:00DD.0024: global environment stack underflow [ 311.429593][ T5883] mcp2221 0003:04D8:00DD.0024: item 0 0 1 11 parsing failed [ 311.438182][ T5883] mcp2221 0003:04D8:00DD.0024: can't parse reports [ 311.445618][ T5883] mcp2221 0003:04D8:00DD.0024: probe with driver mcp2221 failed with error -22 [ 311.601688][ T5883] usb 6-1: USB disconnect, device number 7 [ 311.959597][ T30] audit: type=1326 audit(1748336028.027:649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12219 comm="syz.1.2634" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f713158e969 code=0x0 [ 312.301877][T12232] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2637'. [ 314.453755][T12304] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 314.768905][T12321] bridge0: port 4(macvlan2) entered blocking state [ 314.791028][T12321] bridge0: port 4(macvlan2) entered disabled state [ 314.813477][T12321] macvlan2: entered allmulticast mode [ 314.834924][T12321] macvlan2: entered promiscuous mode [ 314.943803][T12326] cgroup: fork rejected by pids controller in /syz5 [ 315.105152][ T5883] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 315.254842][ T5883] usb 2-1: Using ep0 maxpacket: 32 [ 315.263672][ T5883] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 102, changing to 10 [ 315.284640][ T5883] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024 [ 315.311764][ T5883] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 315.373120][ T5883] usb 2-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 315.392478][ T5883] usb 2-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 315.411263][ T5883] usb 2-1: Product: syz [ 315.434390][ T5883] usb 2-1: Manufacturer: syz [ 315.443903][ T5883] usb 2-1: SerialNumber: syz [ 315.467888][ T5883] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input33 [ 315.675095][ T5883] usb 2-1: USB disconnect, device number 30 [ 315.681081][ C1] appletouch 2-1:1.0: atp_complete: usb_submit_urb failed with result -19 [ 315.721646][ T5883] appletouch 2-1:1.0: input: appletouch disconnected [ 316.045486][ T5904] usb 5-1: new low-speed USB device number 22 using dummy_hcd [ 316.241939][ T5904] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 316.263166][ T5904] usb 5-1: config 0 has no interface number 0 [ 316.283444][ T5904] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 316.340020][ T5904] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 316.394477][ T5904] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 316.468975][ T5904] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 316.577308][ T5904] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 316.586598][T13258] overlayfs: failed to clone lowerpath [ 316.619206][ T5904] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 316.647627][T13258] overlayfs: failed to clone lowerpath [ 316.657593][ T5904] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 316.680962][ T5904] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 316.722420][ T5904] usb 5-1: config 0 descriptor?? [ 316.740907][T13230] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 316.752035][T13230] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 316.775644][ T5904] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 316.816834][T13267] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2694'. [ 316.949141][T13271] veth3: entered promiscuous mode [ 317.017582][ T5883] usb 5-1: USB disconnect, device number 22 [ 317.048272][ T5883] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 317.240440][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.304730][ T5916] usb 2-1: new full-speed USB device number 31 using dummy_hcd [ 317.466602][ T5916] usb 2-1: config 0 has an invalid interface number: 128 but max is 0 [ 317.475303][ T5916] usb 2-1: config 0 has no interface number 0 [ 317.484059][ T5916] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 317.493478][ T5916] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 317.501687][ T5916] usb 2-1: Product: syz [ 317.506122][ T5916] usb 2-1: Manufacturer: syz [ 317.524655][ T5916] usb 2-1: SerialNumber: syz [ 317.539996][ T5916] usb 2-1: config 0 descriptor?? [ 318.286342][ T978] usb 4-1: new full-speed USB device number 28 using dummy_hcd [ 318.470239][ T978] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 254, using maximum allowed: 30 [ 318.494666][ T978] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 318.504495][ T978] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 318.562976][ T5916] usb 2-1: non-Atmel transceiver xxxx3800 [ 318.572062][ T978] usb 4-1: New USB device found, idVendor=046d, idProduct=c30a, bcdDevice= 0.00 [ 318.602721][T13325] kvm: emulating exchange as write [ 318.608007][ T978] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 318.639136][ T978] usb 4-1: config 0 descriptor?? [ 318.763583][ T5916] usb 2-1: Firmware version (0.0) predates our first public release. [ 318.778284][ T5916] usb 2-1: Please update to version 0.2 or newer [ 318.787797][ T5916] usb 2-1: atusb_probe: initialization failed, error = -19 [ 318.810633][ T5916] usb 2-1: USB disconnect, device number 31 [ 318.811874][T13332] input: syz0 as /devices/virtual/input/input34 [ 318.932093][T13338] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2727'. [ 319.057185][ T978] logitech 0003:046D:C30A.0025: unknown main item tag 0x0 [ 319.067892][ T978] logitech 0003:046D:C30A.0025: unknown main item tag 0x0 [ 319.078468][ T978] logitech 0003:046D:C30A.0025: unknown main item tag 0x0 [ 319.089119][ T978] logitech 0003:046D:C30A.0025: unknown main item tag 0x0 [ 319.097396][ T978] logitech 0003:046D:C30A.0025: unknown main item tag 0x0 [ 319.111771][ T978] logitech 0003:046D:C30A.0025: hidraw0: USB HID vff.ff Device [HID 046d:c30a] on usb-dummy_hcd.3-1/input0 [ 319.259899][ T5883] usb 4-1: USB disconnect, device number 28 [ 320.074905][ T5883] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 320.214999][ T5816] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 320.264806][ T5883] usb 6-1: Using ep0 maxpacket: 8 [ 320.278176][ T5883] usb 6-1: config 135 has an invalid interface number: 230 but max is 0 [ 320.287004][ T5883] usb 6-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 320.302534][ T5883] usb 6-1: config 135 has no interface number 0 [ 320.312892][ T5883] usb 6-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 320.343428][ T5883] usb 6-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 320.353000][ T5883] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 320.361233][ T5883] usb 6-1: Product: syz [ 320.365794][ T5883] usb 6-1: Manufacturer: syz [ 320.370489][ T5883] usb 6-1: SerialNumber: syz [ 320.383231][ T5883] usb 6-1: Found UVC 0.00 device syz (18ec:3288) [ 320.390368][ T5883] usb 6-1: No valid video chain found. [ 320.407001][ T5816] usb 2-1: Using ep0 maxpacket: 32 [ 320.415329][ T5816] usb 2-1: config 0 has an invalid interface number: 132 but max is 0 [ 320.425056][ T5816] usb 2-1: config 0 has no interface number 0 [ 320.431299][ T5816] usb 2-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 320.455610][ T5816] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 320.469315][ T5816] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 320.477773][ T5816] usb 2-1: Product: syz [ 320.482097][ T5816] usb 2-1: Manufacturer: syz [ 320.487014][ T5816] usb 2-1: SerialNumber: syz [ 320.508694][ T5816] usb 2-1: config 0 descriptor?? [ 320.537302][ T5816] em28xx 2-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 320.567153][ T5816] em28xx 2-1:0.132: Video interface 132 found: [ 320.585501][ T5883] usb 6-1: USB disconnect, device number 8 [ 320.950643][ T5816] em28xx 2-1:0.132: unknown em28xx chip ID (0) [ 321.382132][T13413] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2760'. [ 321.394441][T13413] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2760'. [ 321.508763][ T978] usb 6-1: new full-speed USB device number 9 using dummy_hcd [ 321.595504][ T5816] em28xx 2-1:0.132: failed to trigger write to i2c address 0xa0 (error=-5) [ 321.606656][ T5816] em28xx 2-1:0.132: failed to read eeprom (err=-5) [ 321.613277][ T5816] em28xx 2-1:0.132: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5] [ 321.688518][ T978] usb 6-1: config 0 has an invalid interface number: 139 but max is 0 [ 321.695699][ T5816] em28xx 2-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 321.704668][ T978] usb 6-1: config 0 has no interface number 0 [ 321.707600][ T978] usb 6-1: New USB device found, idVendor=0711, idProduct=0210, bcdDevice=fd.d6 [ 321.715332][ T5816] em28xx 2-1:0.132: analog set to bulk mode. [ 321.732360][ T978] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 321.752612][ T5883] em28xx 2-1:0.132: Registering V4L2 extension [ 321.756959][ T978] usb 6-1: Product: syz [ 321.762388][ T5816] usb 2-1: USB disconnect, device number 32 [ 321.780184][T13425] input: syz0 as /devices/virtual/input/input35 [ 321.784607][ T978] usb 6-1: Manufacturer: syz [ 321.793595][ T978] usb 6-1: SerialNumber: syz [ 321.803359][ T5816] em28xx 2-1:0.132: Disconnecting em28xx [ 321.825782][ T978] usb 6-1: config 0 descriptor?? [ 321.956184][T13433] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2766'. [ 322.200671][ T5883] em28xx 2-1:0.132: Config register raw data: 0xffffffed [ 322.232158][ T978] mct_u232 6-1:0.139: MCT U232 converter detected [ 322.234873][ T5883] em28xx 2-1:0.132: AC97 chip type couldn't be determined [ 322.258655][ T978] mct_u232 ttyUSB0: expected endpoint missing [ 322.264738][ T24] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 322.269131][ T5883] em28xx 2-1:0.132: No AC97 audio processor [ 322.293813][ T978] usb 6-1: USB disconnect, device number 9 [ 322.311340][ T978] mct_u232 6-1:0.139: device disconnected [ 322.313347][ T5883] usb 2-1: Decoder not found [ 322.339157][ T5883] em28xx 2-1:0.132: failed to create media graph [ 322.515003][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 322.528141][ T5883] em28xx 2-1:0.132: V4L2 device video103 deregistered [ 322.537586][ T24] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 322.547943][ T5883] em28xx 2-1:0.132: Remote control support is not available for this card. [ 322.556706][ T24] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 322.567532][ T5816] em28xx 2-1:0.132: Closing input extension [ 322.574819][ T24] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 322.600207][ T5816] em28xx 2-1:0.132: Freeing device [ 322.613929][ T24] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 322.631780][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 322.641007][ T24] usb 5-1: Product: syz [ 322.649064][ T24] usb 5-1: Manufacturer: syz [ 322.654240][ T24] usb 5-1: SerialNumber: syz [ 323.072090][ T24] usb 5-1: 0:2 : does not exist [ 323.758615][ T24] usb 5-1: 1:0: failed to get current value for ch 0 (-22) [ 323.799535][ T24] usb 5-1: USB disconnect, device number 23 [ 323.984914][T13498] syz.1.2792: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 324.037940][T13498] CPU: 1 UID: 0 PID: 13498 Comm: syz.1.2792 Not tainted 6.15.0-syzkaller-01972-g914873bc7df9 #0 PREEMPT(full) [ 324.037974][T13498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 324.037992][T13498] Call Trace: [ 324.038000][T13498] [ 324.038014][T13498] dump_stack_lvl+0x189/0x250 [ 324.038050][T13498] ? lockdep_hardirqs_on+0x9c/0x150 [ 324.038073][T13498] ? __pfx_dump_stack_lvl+0x10/0x10 [ 324.038123][T13498] warn_alloc+0x214/0x310 [ 324.038160][T13498] ? stack_depot_save_flags+0x429/0x900 [ 324.038226][T13498] ? __pfx_warn_alloc+0x10/0x10 [ 324.038259][T13498] ? kasan_save_track+0x4f/0x80 [ 324.038284][T13498] ? xskq_create+0x56/0x170 [ 324.038303][T13498] ? xsk_init_queue+0xb0/0x110 [ 324.038321][T13498] ? xsk_setsockopt+0x43f/0x710 [ 324.038337][T13498] ? do_sock_setsockopt+0x25a/0x3e0 [ 324.038360][T13498] ? __x64_sys_setsockopt+0x18b/0x220 [ 324.038382][T13498] ? do_syscall_64+0xf6/0x220 [ 324.038404][T13498] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.038434][T13498] __vmalloc_node_range_noprof+0x125/0x1340 [ 324.038500][T13498] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 324.038539][T13498] ? __kasan_kmalloc+0x93/0xb0 [ 324.038568][T13498] vmalloc_user_noprof+0xad/0xf0 [ 324.038597][T13498] ? xskq_create+0xbf/0x170 [ 324.038620][T13498] xskq_create+0xbf/0x170 [ 324.038645][T13498] xsk_init_queue+0xb0/0x110 [ 324.038670][T13498] xsk_setsockopt+0x43f/0x710 [ 324.038694][T13498] ? __pfx_xsk_setsockopt+0x10/0x10 [ 324.038715][T13498] ? __lock_acquire+0xab9/0xd20 [ 324.038747][T13498] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 324.038776][T13498] ? __pfx_xsk_setsockopt+0x10/0x10 [ 324.038799][T13498] do_sock_setsockopt+0x25a/0x3e0 [ 324.038827][T13498] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 324.038849][T13498] ? __fget_files+0x2a/0x420 [ 324.038883][T13498] ? __fget_files+0x3a0/0x420 [ 324.038911][T13498] ? __fget_files+0x2a/0x420 [ 324.038950][T13498] __x64_sys_setsockopt+0x18b/0x220 [ 324.038983][T13498] do_syscall_64+0xf6/0x220 [ 324.039010][T13498] ? clear_bhb_loop+0x60/0xb0 [ 324.039036][T13498] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.039056][T13498] RIP: 0033:0x7f713158e969 [ 324.039074][T13498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 324.039092][T13498] RSP: 002b:00007f7132318038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 324.039114][T13498] RAX: ffffffffffffffda RBX: 00007f71317b5fa0 RCX: 00007f713158e969 [ 324.039130][T13498] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003 [ 324.039143][T13498] RBP: 00007f7131610ab1 R08: 0000000000000052 R09: 0000000000000000 [ 324.039156][T13498] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 324.039178][T13498] R13: 0000000000000000 R14: 00007f71317b5fa0 R15: 00007ffc8bc01818 [ 324.039213][T13498] [ 324.041249][T13498] Mem-Info: [ 324.336720][T13498] active_anon:4366 inactive_anon:30570 isolated_anon:0 [ 324.336720][T13498] active_file:18372 inactive_file:39036 isolated_file:0 [ 324.336720][T13498] unevictable:768 dirty:295 writeback:0 [ 324.336720][T13498] slab_reclaimable:6741 slab_unreclaimable:99972 [ 324.336720][T13498] mapped:29197 shmem:25350 pagetables:1220 [ 324.336720][T13498] sec_pagetables:0 bounce:0 [ 324.336720][T13498] kernel_misc_reclaimable:0 [ 324.336720][T13498] free:1290669 free_pcp:4939 free_cma:0 [ 324.386146][T13498] Node 0 active_anon:17464kB inactive_anon:122280kB active_file:73288kB inactive_file:156144kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:116788kB dirty:1180kB writeback:0kB shmem:99864kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:8192kB writeback_tmp:0kB kernel_stack:11432kB pagetables:4880kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 324.425027][T13498] Node 1 active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 324.464153][T13498] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 324.504819][T13498] lowmem_reserve[]: 0 2504 2504 2504 2504 [ 324.533043][T13498] Node 0 DMA32 free:1238300kB boost:0kB min:34304kB low:42880kB high:51456kB reserved_highatomic:0KB active_anon:17460kB inactive_anon:119976kB active_file:73208kB inactive_file:156128kB unevictable:1536kB writepending:1180kB present:3129332kB managed:2564156kB mlocked:0kB bounce:0kB free_pcp:13532kB local_pcp:10832kB free_cma:0kB [ 324.570409][T13498] lowmem_reserve[]: 0 0 0 0 0 [ 324.592721][T13498] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:4kB inactive_anon:4kB active_file:80kB inactive_file:16kB unevictable:0kB writepending:0kB present:1048580kB managed:112kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 324.623472][T13498] lowmem_reserve[]: 0 0 0 0 0 [ 324.639652][T13498] Node 1 Normal free:3905916kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:8792kB local_pcp:464kB free_cma:0kB [ 324.676966][T13498] lowmem_reserve[]: 0 0 0 0 0 [ 324.698850][T13498] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 324.752199][T13498] Node 0 DMA32: 894*4kB (UME) 317*8kB (UME) 190*16kB (UME) 345*32kB (UME) 177*64kB (UME) 119*128kB (UE) 65*256kB (UME) 82*512kB (UE) 39*1024kB (UME) 10*2048kB (UME) 267*4096kB (UM) = 1259424kB [ 324.837983][T13498] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 324.888535][T13498] Node 1 Normal: 12*4kB (UME) 18*8kB (UME) 7*16kB (UM) 30*32kB (UME) 37*64kB (UM) 25*128kB (UME) 11*256kB (UME) 6*512kB (UME) 4*1024kB (UME) 1*2048kB (E) 949*4096kB (M) = 3905968kB [ 324.931718][T13498] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 324.961089][T13498] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 324.987611][T13498] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 325.011269][T13498] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 325.043044][T13498] 76395 total pagecache pages [ 325.053242][T13498] 0 pages in swap cache [ 325.064303][T13498] Free swap = 124992kB [ 325.108246][T13498] Total swap = 124996kB [ 325.113525][T13498] 2097051 pages RAM [ 325.128478][T13498] 0 pages HighMem/MovableOnly [ 325.137669][T13498] 424353 pages reserved [ 325.152079][T13498] 0 pages cma reserved [ 325.194799][ T5916] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 325.365076][ T5916] usb 4-1: Using ep0 maxpacket: 16 [ 325.402137][ T5916] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 325.417209][ T5916] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 325.435868][ T5916] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 325.453296][ T5916] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 325.464271][ T5916] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 325.480403][ T5916] usb 4-1: config 0 descriptor?? [ 325.595144][ T5904] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 325.776796][ T5904] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 325.786095][ T5904] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 325.804754][ T5904] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 325.819777][ T5904] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 325.853603][ T5904] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 325.863147][ T5904] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 325.883130][ T5904] usb 2-1: Product: syz [ 325.896610][ T5904] usb 2-1: Manufacturer: syz [ 325.908031][ T5916] HID 045e:07da: Invalid code 65791 type 1 [ 325.941805][ T5916] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0026/input/input36 [ 325.972639][ T5904] cdc_wdm 2-1:1.0: skipping garbage [ 325.990711][ T5904] cdc_wdm 2-1:1.0: skipping garbage [ 326.013530][ T5916] microsoft 0003:045E:07DA.0026: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 326.032499][ T5904] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 326.044975][ T5904] cdc_wdm 2-1:1.0: Unknown control protocol [ 326.154306][ T5904] usb 4-1: USB disconnect, device number 29 [ 326.181544][ T5916] usb 2-1: USB disconnect, device number 33 [ 326.258436][T13552] bond0: entered promiscuous mode [ 326.263760][T13552] bridge0: entered promiscuous mode [ 326.271274][T13552] batadv0: entered promiscuous mode [ 326.277583][T13552] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 326.286572][T13552] Cannot create hsr debugfs directory [ 326.303126][T13552] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 326.319679][T13552] bond0: left promiscuous mode [ 326.325412][T13552] bridge0: left promiscuous mode [ 326.331610][T13552] batadv0: left promiscuous mode [ 327.526475][ T9] usb 4-1: new full-speed USB device number 30 using dummy_hcd [ 327.706720][ T9] usb 4-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config [ 327.732310][ T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 327.772242][ T9] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 327.807259][ T9] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 327.825119][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 327.856964][ T9] usb 4-1: Product: syz [ 327.861186][ T9] usb 4-1: Manufacturer: syz [ 327.868236][ T5916] libceph: connect (1)[c::]:6789 error -101 [ 327.874343][ T5916] libceph: mon0 (1)[c::]:6789 connect error [ 327.897655][ T9] usb 4-1: SerialNumber: syz [ 327.914044][ T9] usb 4-1: selecting invalid altsetting 1 [ 328.165298][ T5916] libceph: connect (1)[c::]:6789 error -101 [ 328.174109][ T5916] libceph: mon0 (1)[c::]:6789 connect error [ 328.612666][T13618] ceph: No mds server is up or the cluster is laggy [ 328.694849][ T5816] usb 2-1: new full-speed USB device number 34 using dummy_hcd [ 328.719478][ T9] cdc_ncm 4-1:1.0: SET_NTB_FORMAT failed [ 328.729531][ T30] audit: type=1326 audit(1748336044.787:650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13620 comm="syz.5.2841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac5ed8e969 code=0x7fc00000 [ 328.745185][ T9] usb 4-1: selecting invalid altsetting 1 [ 328.787353][T13647] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 328.799857][ T9] cdc_ncm 4-1:1.0: bind() failure [ 328.820286][ T9] usb 4-1: USB disconnect, device number 30 [ 328.859335][ T5816] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 328.872395][ T5816] usb 2-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 328.904924][ T5816] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 328.936736][ T5816] usb 2-1: config 0 descriptor?? [ 328.951284][T13645] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 329.048142][T13659] input: syz0 as /devices/virtual/input/input37 [ 329.382381][ T5816] elan 0003:04F3:0755.0027: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.1-1/input0 [ 329.572737][ T24] usb 2-1: USB disconnect, device number 34 [ 329.885287][ T5816] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 330.044762][ T5816] usb 6-1: Using ep0 maxpacket: 16 [ 330.057170][ T5816] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 330.066542][ T5816] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 330.076923][ T5816] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 330.090862][ T5816] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 330.114679][ T5816] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 330.124695][ T5816] usb 6-1: Product: syz [ 330.128897][ T5816] usb 6-1: Manufacturer: syz [ 330.149458][ T5816] usb 6-1: SerialNumber: syz [ 330.386997][ T5816] usb 6-1: 0:2 : does not exist [ 330.438044][ T5816] usb 6-1: USB disconnect, device number 10 [ 331.609880][T13703] vivid-002: disconnect [ 331.625708][T13699] vivid-002: reconnect [ 332.815032][ T5916] usb 2-1: new full-speed USB device number 35 using dummy_hcd [ 332.990275][ T5916] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 333.007005][ T5916] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 333.047467][ T5916] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 333.077151][ T5916] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 333.085514][ T5831] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 333.320688][ T5916] usb 2-1: usb_control_msg returned -32 [ 333.347888][ T5916] usbtmc 2-1:16.0: can't read capabilities [ 333.965702][ T30] audit: type=1800 audit(1748336050.037:651): pid=13799 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.2912" name="nullb0" dev="tmpfs" ino=1159 res=0 errno=0 [ 334.063930][T13803] overlayfs: failed to clone upperpath [ 334.262514][T13807] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2916'. [ 334.469027][T13814] veth1_to_team: entered promiscuous mode [ 334.702040][T13814] team0: Port device team_slave_1 removed [ 335.042354][T13827] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2925'. [ 335.517293][ T30] audit: type=1326 audit(1748336051.587:652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13840 comm="syz.3.2930" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f26e778e969 code=0x0 [ 335.635321][ T9] usb 2-1: USB disconnect, device number 35 [ 336.427151][T13862] loop2: detected capacity change from 0 to 7 [ 336.438892][T13862] Dev loop2: unable to read RDB block 7 [ 336.444637][T13862] loop2: unable to read partition table [ 336.450537][T13862] loop2: partition table beyond EOD, truncated [ 336.484629][T13862] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 336.572275][T13869] overlayfs: failed to clone upperpath [ 336.987120][T13887] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x2 [ 337.136360][T13888] cgroup: fork rejected by pids controller in /syz0 [ 337.204675][ T978] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 337.259011][T14007] netlink: 'syz.4.2955': attribute type 10 has an invalid length. [ 337.269325][T13960] bridge_slave_0: left allmulticast mode [ 337.279149][T13960] bridge_slave_0: left promiscuous mode [ 337.290085][T13960] bridge0: port 1(bridge_slave_0) entered disabled state [ 337.331744][T13960] bridge_slave_1: left allmulticast mode [ 337.337819][T13960] bridge_slave_1: left promiscuous mode [ 337.343844][T13960] bridge0: port 2(bridge_slave_1) entered disabled state [ 337.389388][ T978] usb 2-1: Using ep0 maxpacket: 8 [ 337.397765][T13960] bond0: (slave bond_slave_0): Releasing backup interface [ 337.427902][ T978] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 337.448066][ T978] usb 2-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00 [ 337.470008][ T978] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 337.506304][ T978] usb 2-1: config 0 descriptor?? [ 337.633625][T13960] bond0: (slave bond_slave_1): Releasing backup interface [ 337.728824][T13960] team0: Port device team_slave_0 removed [ 337.764778][ T5816] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 337.769129][T13960] team0: Port device team_slave_1 removed [ 337.791026][T13960] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 337.799509][T13960] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 337.819994][T13960] vlan2: left allmulticast mode [ 337.825628][T13960] dummy0: left allmulticast mode [ 337.831172][T13960] vlan2: left promiscuous mode [ 337.840847][T13960] dummy0: left promiscuous mode [ 337.865432][T13960] bridge0: port 3(vlan2) entered disabled state [ 337.880801][T13960] batman_adv: batadv0: Interface deactivated: macsec1 [ 337.890560][T13960] batman_adv: batadv0: Removing interface: macsec1 [ 337.900254][T13960] macvlan2: left allmulticast mode [ 337.906332][T13960] macvlan2: left promiscuous mode [ 337.911946][T13960] bridge0: port 4(macvlan2) entered disabled state [ 337.925111][ T5816] usb 6-1: Using ep0 maxpacket: 16 [ 337.941052][ T978] magicmouse 0003:05AC:0269.0028: unknown main item tag 0x0 [ 337.946439][ T5816] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 337.969825][ T978] magicmouse 0003:05AC:0269.0028: unknown main item tag 0x0 [ 337.976733][ T5816] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 337.994696][ T978] magicmouse 0003:05AC:0269.0028: unknown main item tag 0x0 [ 338.004261][ T5816] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 338.014903][ T978] magicmouse 0003:05AC:0269.0028: unknown main item tag 0x0 [ 338.022262][ T978] magicmouse 0003:05AC:0269.0028: unknown main item tag 0x0 [ 338.030737][ T5816] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 338.050284][ T5816] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 338.064296][ T978] magicmouse 0003:05AC:0269.0028: hidraw0: USB HID v0.01 Device [HID 05ac:0269] on usb-dummy_hcd.1-1/input0 [ 338.080703][ T5816] usb 6-1: Product: syz [ 338.092761][ T5816] usb 6-1: Manufacturer: syz [ 338.111053][ T5816] usb 6-1: SerialNumber: syz [ 338.134368][ T978] usb 2-1: USB disconnect, device number 36 [ 338.542050][ T5816] usb 6-1: 0:2 : does not exist [ 338.811312][ T5916] hid-generic 0000:0000:0000.0029: unknown main item tag 0x0 [ 338.839472][ T5916] hid-generic 0000:0000:0000.0029: hidraw0: HID v0.00 Device [syz1] on syz0 [ 339.428289][ T5816] usb 6-1: 1:0: failed to get current value for ch 0 (-22) [ 339.488127][ T5816] usb 6-1: USB disconnect, device number 11 [ 340.169307][T14866] cgroup: fork rejected by pids controller in /syz1 [ 340.176161][ T5916] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 340.377483][ T5916] usb 4-1: Using ep0 maxpacket: 16 [ 340.397643][ T5916] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 340.424130][ T5916] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 340.438076][ T5916] usb 4-1: New USB device found, idVendor=05ac, idProduct=0274, bcdDevice= 0.00 [ 340.461483][ T5916] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 340.492508][ T5916] usb 4-1: config 0 descriptor?? [ 340.952472][ T5916] apple 0003:05AC:0274.002A: unknown main item tag 0x4 [ 340.968511][ T5916] apple 0003:05AC:0274.002A: unexpected long global item [ 340.989134][ T5916] apple 0003:05AC:0274.002A: parse failed [ 341.014969][ T5916] apple 0003:05AC:0274.002A: probe with driver apple failed with error -22 [ 341.164527][ T5816] usb 4-1: USB disconnect, device number 31 [ 341.737231][T16231] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2988'. [ 341.878710][ T5916] libceph: connect (1)[c::]:6789 error -101 [ 341.893444][ T5916] libceph: mon0 (1)[c::]:6789 connect error [ 341.902208][T16236] ceph: No mds server is up or the cluster is laggy [ 342.803938][T16285] bridge_slave_0: left allmulticast mode [ 342.822025][T16285] bridge_slave_0: left promiscuous mode [ 342.844956][T16285] bridge0: port 1(bridge_slave_0) entered disabled state [ 342.887928][T16295] netlink: 'syz.3.3003': attribute type 10 has an invalid length. [ 342.970920][T16285] bridge_slave_1: left allmulticast mode [ 342.995776][T16285] bridge_slave_1: left promiscuous mode [ 343.001630][T16285] bridge0: port 2(bridge_slave_1) entered disabled state [ 343.071908][T16285] bond0: (slave bond_slave_0): Releasing backup interface [ 343.114523][T16285] bond_slave_0: left allmulticast mode [ 343.137337][T16285] bond0: (slave bond_slave_1): Releasing backup interface [ 343.170522][T16285] bond_slave_1: left allmulticast mode [ 343.185518][ T9] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 343.233177][T16285] team0: Port device team_slave_0 removed [ 343.240375][T16285] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 343.254806][T16285] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 343.305257][T16285] bond1: (slave ip6gretap1): Releasing active interface [ 343.312287][T16285] ip6gretap1: left allmulticast mode [ 343.379494][T16295] bridge0: entered allmulticast mode [ 343.391514][ T9] usb 6-1: config 0 has an invalid interface number: 255 but max is 0 [ 343.400828][ T9] usb 6-1: config 0 has no interface number 0 [ 343.416935][T16295] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 343.431945][ T9] usb 6-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 343.495030][ T9] usb 6-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 343.544633][ T9] usb 6-1: config 0 interface 255 has no altsetting 0 [ 343.551488][ T9] usb 6-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b [ 343.589171][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 343.623980][ T9] usb 6-1: config 0 descriptor?? [ 343.664094][ T9] ums-realtek 6-1:0.255: USB Mass Storage device detected [ 343.930080][ T24] usb 6-1: USB disconnect, device number 12 [ 344.115505][ T5883] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 344.274932][ T5883] usb 5-1: Using ep0 maxpacket: 8 [ 344.293178][ T5883] usb 5-1: config 0 has no interfaces? [ 344.304757][ T5883] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 344.334410][ T5883] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 344.358362][ T5883] usb 5-1: config 0 descriptor?? [ 344.582302][ T5883] usb 5-1: USB disconnect, device number 24 [ 345.351740][T16344] syzkaller1: entered promiscuous mode [ 345.371443][T16344] syzkaller1: entered allmulticast mode [ 345.513382][T16347] cgroup: fork rejected by pids controller in /syz3 [ 345.610472][T16464] bridge_slave_0: left allmulticast mode [ 345.616715][T16464] bridge_slave_0: left promiscuous mode [ 345.622752][T16464] bridge0: port 1(bridge_slave_0) entered disabled state [ 345.653572][T16540] netlink: 'syz.1.3025': attribute type 10 has an invalid length. [ 345.698774][T16618] 9pnet: p9_errstr2errno: server reported unknown error ../fil [ 345.806810][T16464] bridge_slave_1: left allmulticast mode [ 345.837461][T16464] bridge_slave_1: left promiscuous mode [ 345.849217][T16464] bridge0: port 2(bridge_slave_1) entered disabled state [ 345.910164][T16464] bond0: (slave bond_slave_0): Releasing backup interface [ 345.950542][T16464] bond0: (slave bond_slave_1): Releasing backup interface [ 346.022919][T16464] team0: Port device team_slave_0 removed [ 346.073825][T16464] team0: Port device team_slave_1 removed [ 346.100236][T16464] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 346.109078][T17048] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3029'. [ 346.137659][T16464] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 346.160287][T16464] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 346.174628][T16464] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 346.331967][T16540] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 346.959357][T17269] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3034'. [ 347.755048][ T5816] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 347.914698][ T5816] usb 5-1: Using ep0 maxpacket: 8 [ 347.935357][ T5816] usb 5-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 347.944939][ T5816] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 347.957329][ T5816] usb 5-1: Product: syz [ 347.963829][ T5816] usb 5-1: Manufacturer: syz [ 347.974770][ T5816] usb 5-1: SerialNumber: syz [ 347.985347][ T5816] usb 5-1: config 0 descriptor?? [ 348.002065][T17310] tipc: Started in network mode [ 348.013312][T17310] tipc: Node identity ac14140f, cluster identity 4711 [ 348.023226][T17310] tipc: New replicast peer: 255.255.255.255 [ 348.038943][T17310] tipc: Enabled bearer , priority 10 [ 348.049742][T17310] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3052'. [ 348.061166][T17310] tipc: Disabling bearer [ 348.409154][ T5816] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 348.434845][ T5816] gspca_sunplus: reg_w_riv err -71 [ 348.450430][ T5816] sunplus 5-1:0.0: probe with driver sunplus failed with error -71 [ 348.483846][ T5816] usb 5-1: USB disconnect, device number 25 [ 350.520168][T17402] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3089'. [ 351.365061][ T5816] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 351.399982][T17450] Bluetooth: hci0: invalid length 0, exp 2 for type 1 [ 351.467181][T17454] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 351.536329][ T5816] usb 5-1: Using ep0 maxpacket: 8 [ 351.543463][ T5816] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 351.564976][ T5916] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 351.568205][ T5816] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 351.586295][ T5816] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 351.598811][ T5816] usb 5-1: Product: syz [ 351.603473][ T5816] usb 5-1: Manufacturer: syz [ 351.609915][ T5816] usb 5-1: SerialNumber: syz [ 351.744758][ T5916] usb 4-1: Using ep0 maxpacket: 16 [ 351.759100][ T5916] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 351.781480][ T5916] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 351.805243][ T5916] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 351.821624][ T5916] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 351.832576][ T5916] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 351.851597][ T5916] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 351.861197][ T5916] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 351.874097][ T5916] usb 4-1: Manufacturer: syz [ 351.894907][ T5916] usb 4-1: config 0 descriptor?? [ 352.219619][ T5916] rc_core: IR keymap rc-hauppauge not found [ 352.238542][ T5916] Registered IR keymap rc-empty [ 352.243811][ T5916] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 352.285461][ T5916] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 352.325851][ T5916] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 352.353784][ T5916] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input38 [ 352.387767][ T5916] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 352.417653][ T5916] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 352.444797][ T5916] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 352.464807][ T5916] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 352.484965][ T5916] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 352.505556][ T5916] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 352.535065][ T5916] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 352.554709][ T5916] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 352.584873][ T5916] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 352.608091][ T5916] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 352.632251][ T5816] cdc_ncm 5-1:1.0: failed to get mac address [ 352.637075][ T5916] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 352.654124][ T5916] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 352.669147][ T5883] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 352.669799][ T5916] usb 4-1: USB disconnect, device number 32 [ 352.842349][ T5816] cdc_ncm 5-1:1.0: bind() failure [ 352.859322][ T5816] cdc_ncm 5-1:1.1: probe with driver cdc_ncm failed with error -71 [ 352.878687][ T5816] cdc_mbim 5-1:1.1: probe with driver cdc_mbim failed with error -71 [ 352.890743][ T5816] usbtest 5-1:1.1: probe with driver usbtest failed with error -71 [ 352.917151][ T5883] usb 2-1: Using ep0 maxpacket: 32 [ 352.935223][ T5883] usb 2-1: config 0 has an invalid interface number: 67 but max is 0 [ 352.943448][ T5883] usb 2-1: config 0 has no interface number 0 [ 352.955546][ T5816] usb 5-1: USB disconnect, device number 26 [ 352.988315][ T5883] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 352.998538][ T5883] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 353.006604][ T5883] usb 2-1: Product: syz [ 353.010924][ T5883] usb 2-1: Manufacturer: syz [ 353.016446][ T5883] usb 2-1: SerialNumber: syz [ 353.028933][ T5883] usb 2-1: config 0 descriptor?? [ 353.036994][ T5883] smsc95xx v2.0.0 [ 353.450442][ T5883] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 353.491928][ T5883] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 354.135672][ T5883] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000104: -71 [ 354.149215][ T5883] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -71 [ 354.159844][T17507] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 354.164449][ T5883] usb 2-1: USB disconnect, device number 37 [ 354.698688][T17531] ================================================================== [ 354.706796][T17531] BUG: KASAN: use-after-free in __crypto_shash_import+0x26a/0x2a0 [ 354.714715][T17531] Write of size 1 at addr ffff88815cf63b47 by task syz.3.3146/17531 [ 354.722712][T17531] [ 354.725041][T17531] CPU: 0 UID: 0 PID: 17531 Comm: syz.3.3146 Not tainted 6.15.0-syzkaller-01972-g914873bc7df9 #0 PREEMPT(full) [ 354.725062][T17531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 354.725072][T17531] Call Trace: [ 354.725079][T17531] [ 354.725086][T17531] dump_stack_lvl+0x189/0x250 [ 354.725111][T17531] ? __virt_addr_valid+0x1c8/0x5c0 [ 354.725132][T17531] ? rcu_is_watching+0x15/0xb0 [ 354.725149][T17531] ? __kasan_check_byte+0x12/0x40 [ 354.725170][T17531] ? __pfx_dump_stack_lvl+0x10/0x10 [ 354.725190][T17531] ? rcu_is_watching+0x15/0xb0 [ 354.725207][T17531] ? lock_release+0x4b/0x3e0 [ 354.725232][T17531] ? __virt_addr_valid+0x1c8/0x5c0 [ 354.725268][T17531] ? __virt_addr_valid+0x4a5/0x5c0 [ 354.725299][T17531] print_report+0xd2/0x2b0 [ 354.725323][T17531] ? __crypto_shash_import+0x26a/0x2a0 [ 354.725347][T17531] kasan_report+0x118/0x150 [ 354.725366][T17531] ? __local_bh_enable_ip+0x12d/0x1c0 [ 354.725386][T17531] ? __crypto_shash_import+0x26a/0x2a0 [ 354.725413][T17531] __crypto_shash_import+0x26a/0x2a0 [ 354.725439][T17531] crypto_shash_import+0x84/0x230 [ 354.725464][T17531] hash_accept+0x1fb/0x280 [ 354.725484][T17531] do_accept+0x48c/0x680 [ 354.725502][T17531] ? __pfx_do_accept+0x10/0x10 [ 354.725526][T17531] __sys_accept4+0x11c/0x1c0 [ 354.725542][T17531] ? __pfx___sys_accept4+0x10/0x10 [ 354.725562][T17531] __x64_sys_accept4+0x9a/0xb0 [ 354.725578][T17531] do_syscall_64+0xf6/0x220 [ 354.725597][T17531] ? clear_bhb_loop+0x60/0xb0 [ 354.725615][T17531] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 354.725630][T17531] RIP: 0033:0x7f26e778e969 [ 354.725644][T17531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 354.725657][T17531] RSP: 002b:00007f26e55f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120 [ 354.725673][T17531] RAX: ffffffffffffffda RBX: 00007f26e79b5fa0 RCX: 00007f26e778e969 [ 354.725684][T17531] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 354.725693][T17531] RBP: 00007f26e7810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 354.725702][T17531] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000000 [ 354.725712][T17531] R13: 0000000000000000 R14: 00007f26e79b5fa0 R15: 00007ffc492013e8 [ 354.725730][T17531] [ 354.725735][T17531] [ 354.953715][T17531] The buggy address belongs to the physical page: [ 354.960140][T17531] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x15cf63 [ 354.968991][T17531] flags: 0x57ff00000000000(node=1|zone=2|lastcpupid=0x7ff) [ 354.976199][T17531] raw: 057ff00000000000 ffffea000573d8c8 ffffea000573d8c8 0000000000000000 [ 354.984783][T17531] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 354.993366][T17531] page dumped because: kasan: bad access detected [ 354.999792][T17531] page_owner info is not present (never set?) [ 355.005875][T17531] [ 355.008197][T17531] Memory state around the buggy address: [ 355.013846][T17531] ffff88815cf63a00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 355.021907][T17531] ffff88815cf63a80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 355.030004][T17531] >ffff88815cf63b00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 355.038060][T17531] ^ [ 355.044218][T17531] ffff88815cf63b80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 355.052296][T17531] ffff88815cf63c00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 355.060356][T17531] ================================================================== [ 355.068670][ C0] vkms_vblank_simulate: vblank timer overrun [ 355.076650][ T5885] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 355.174816][T17531] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 355.182076][T17531] CPU: 0 UID: 0 PID: 17531 Comm: syz.3.3146 Not tainted 6.15.0-syzkaller-01972-g914873bc7df9 #0 PREEMPT(full) [ 355.193823][T17531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 355.203900][T17531] Call Trace: [ 355.207193][T17531] [ 355.210132][T17531] dump_stack_lvl+0x99/0x250 [ 355.214737][T17531] ? __asan_memcpy+0x40/0x70 [ 355.219331][T17531] ? __pfx_dump_stack_lvl+0x10/0x10 [ 355.224542][T17531] ? __pfx__printk+0x10/0x10 [ 355.229216][T17531] panic+0x2db/0x790 [ 355.233250][T17531] ? __pfx_panic+0x10/0x10 [ 355.237795][T17531] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 355.243707][T17531] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 355.250044][T17531] ? print_memory_metadata+0x314/0x400 [ 355.255606][T17531] ? __crypto_shash_import+0x26a/0x2a0 [ 355.261086][T17531] check_panic_on_warn+0x89/0xb0 [ 355.266042][T17531] ? __crypto_shash_import+0x26a/0x2a0 [ 355.271537][T17531] end_report+0x78/0x160 [ 355.275828][T17531] kasan_report+0x129/0x150 [ 355.280353][T17531] ? __local_bh_enable_ip+0x12d/0x1c0 [ 355.285737][T17531] ? __crypto_shash_import+0x26a/0x2a0 [ 355.291229][T17531] __crypto_shash_import+0x26a/0x2a0 [ 355.296536][T17531] crypto_shash_import+0x84/0x230 [ 355.301578][T17531] hash_accept+0x1fb/0x280 [ 355.306016][T17531] do_accept+0x48c/0x680 [ 355.310272][T17531] ? __pfx_do_accept+0x10/0x10 [ 355.315068][T17531] __sys_accept4+0x11c/0x1c0 [ 355.319674][T17531] ? __pfx___sys_accept4+0x10/0x10 [ 355.324803][T17531] __x64_sys_accept4+0x9a/0xb0 [ 355.329606][T17531] do_syscall_64+0xf6/0x220 [ 355.334121][T17531] ? clear_bhb_loop+0x60/0xb0 [ 355.338825][T17531] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.344804][T17531] RIP: 0033:0x7f26e778e969 [ 355.349237][T17531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 355.368877][T17531] RSP: 002b:00007f26e55f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120 [ 355.377316][T17531] RAX: ffffffffffffffda RBX: 00007f26e79b5fa0 RCX: 00007f26e778e969 [ 355.385485][T17531] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 355.393465][T17531] RBP: 00007f26e7810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 355.401447][T17531] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000000 [ 355.409465][T17531] R13: 0000000000000000 R14: 00007f26e79b5fa0 R15: 00007ffc492013e8 [ 355.417554][T17531] [ 355.420942][T17531] Kernel Offset: disabled [ 355.425274][T17531] Rebooting in 86400 seconds..