last executing test programs: 1.813449652s ago: executing program 4 (id=3204): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0xfff) syz_emit_ethernet(0x4a, &(0x7f0000000240)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000006340)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a35f2", 0x14, 0x6, 0x0, @remote, @local={0x5}, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 1.680176895s ago: executing program 4 (id=3208): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000d7c900000900000001"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r2}, 0x10) geteuid() 1.603288364s ago: executing program 3 (id=3210): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x4, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000000)={r2, 0x1}, &(0x7f0000000040)=0x8) 1.597522916s ago: executing program 4 (id=3211): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x1, 0x4, 0x6, 0x3, 0x0, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10) 1.464888721s ago: executing program 4 (id=3213): r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x41) pwrite64(r0, &(0x7f00000000c0)="97", 0x1, 0x0) r1 = inotify_init1(0x0) inotify_add_watch(r1, &(0x7f0000000000)='./bus\x00', 0xa0000091) copy_file_range(r0, 0x0, r0, &(0x7f0000000080)=0x32, 0x1, 0x0) 1.37350128s ago: executing program 0 (id=3215): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x20, 0x10, 0x403, 0x6101, 0x0, {0x0, 0x0, 0x0, 0x0, 0xff7f}}, 0x20}}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="24000000200001032abd7000ffdbdf250a000018"], 0x24}, 0x1, 0x0, 0x0, 0x240480d4}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800000021000100"], 0x28}}, 0x0) 1.373090803s ago: executing program 4 (id=3216): r0 = socket$kcm(0x29, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000)='e\xf4E\x88-\x00', 0x0) pwritev(r1, &(0x7f0000000040)=[{&(0x7f0000000480)="db", 0x1}], 0x1, 0x4000001, 0x0) sendfile(r0, r1, 0x0, 0x8000fb00) sendmmsg(r0, &(0x7f0000001e00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x40) 1.193618196s ago: executing program 0 (id=3219): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0) setgroups(0x0, &(0x7f0000000080)) chdir(&(0x7f0000000400)='./file0\x00') unlink(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 1.128175341s ago: executing program 0 (id=3220): bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'md5\x00'}, 0x58) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x27}, 0x74) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r1, &(0x7f0000000000)={0x27}, 0x74) 1.033180815s ago: executing program 0 (id=3223): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_tracing={0x1a, 0x0, 0x0, 0x0, 0x772d, 0x57, &(0x7f0000000180)=""/87, 0x41100, 0xe, '\x00', 0x0, 0x17, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2261a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x9, @void, @value}, 0x94) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000180)={0x1d7, @time={0x65757900}}) 923.961317ms ago: executing program 1 (id=3226): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000001c40)=ANY=[@ANYBLOB="85000000a800000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x8, 0x10002, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0c000000040000000400000009"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000001280), 0xffffffff, r1}, 0x38) 810.088416ms ago: executing program 1 (id=3227): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='io.stat\x00', 0x26e1, 0x0) r1 = socket$kcm(0x2, 0x2, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0xf, &(0x7f00000002c0), 0x161) sendmsg$inet(r1, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x31, &(0x7f0000000640)=r0, 0x4) 783.67456ms ago: executing program 0 (id=3228): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000240)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001300)={&(0x7f00000002c0)='net_dev_start_xmit\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000017c0)=ANY=[@ANYBLOB="b702000009000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2e6405000000000065060400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000002c3f2cc2b7956244cef7baf48e6d2885a09a87507ebfc75b5b0f4e4309ebcdac5f7a860c008cbdd3b4c3b7f28754860c9c781f6410457253e89ad528d985636a86ec0f68f59cd1159a2c2e85d726859a919cc9548a349980d1ccdce27f94bc074c27f81078545c146a0857153b7b8f00034debae58a4ab415b0d7ff0575cc272cd3d7e8d974927676468ff2d86e0ffac94792ed9cf6b40b3cf252a47c05ae8a70d57cc3e067d1867b54d24e20000000000000020009ebf84d3b042d6e432cd080e3b57239f0127473e6ba922aff649609d40b47ec331ccba3cf96f9483ff19a6471bf5abc742d9cbcfb964b11b31034694a6aad86cf08a6c7b2235dc99de9aa3e6b77c7a2877261ed32da90864987f30926c9013eec3b86836ae50447aa5a79f40c235000000453302712c3d8fc4e2b61adb0695e800000000d4f4e91f0000002c33df424d1bafe5725c8a404724f8a4f1cda7997b65954f74097579b91da309b887af2485c2d9ab09b506000000000000000bf7b2ff4602aec1eea200000064881c5630521a08e051374cf05c921a06fb7818000000009dc8d95e0e5b365d10e1004dae58b3b5b89709b0ff47b200000000004000cbef88811dc8c1b27ac7d9a6bb70f60eb9c01dd2fc79b85e4d961498f3a80131d21d856177a2189f45d011ef1da5c6d57bb8fd387ccea9c3899a914e47e82f040000009d81003f927355408f87264797d3fa970949793b94329d580500d1f91c0d22587e05a61e3d8576ca168e88d7a9af95b04a37c27bfffab9abbb31fa8c0080258cfa6d3f166e695f3c56490aeef464d9965d70a50f1282619344f223548e75fa39643adac1322c87ca253ff2fb1882760d6feab16bacdf83c11816dbe959ebc5ec479c8319f73e2249eab0486b110702a481d3b51976a52303056e800b4ae5acc2df636a65eb1d672bf2000000cda8462cc9b16624998be65683321e970000000009b8e20762c1bf4a3eb6769f2b23e842bacd9c685edea0ffa3e975424f8ede49e61a4de808a38ba3512d64dc71867df4eee3f1ff791cf7c9862f98b45852e4b2f78721b978a2df2f2a29a387c6f0576b36038f819286eca99a6a434811cf2a117d775fe986a49fb82cf5f15972d5ab18f1045384501adabb20f7b0e15ff47f1744e2341b59034959a1289ba6e243668e6735305707e3de7652bfc5b60c76deff43a1d6fd6a4180ab723735abbeffe7f2ec3a0bb86f9eddfc0f3d1d503d7a54b49e1ae6c5aa620d27e91aa0aa0ed6fcacfc91fbb4c256409e54daefbb107c381fa729ff5f3907d93430da178d685d7730f5e129438a5214f722096d29863301b0b811f69145d3fbd78a9059e454474f92e65828b018174a9f4738b8c71fbdeac26ab95e02f9a847182766964976b1fccdb9f35721e43e33883cf16ed1343fb7429eb395123b0a4262b7023c22039b9002589a378ed4c6267965af78b861bd025312538cec97966b8973d4e299d9802264d06e40ae118e1d242d1128dcedeb44030df12ef68f78215d65f96eb55db8cbcb060008000d988374f85451a694ffe38a1d03916ff1eec72b31c98d42e1a1bda1290de1a499a5a385b31112a48ba3e6d6849914c1788a7aca37177cc341fff44fec5c5e0abae01c439a1b0311e074e81ae9993b5b3459553e4ece78d4c1501c70f5d81e0725d5b273755c0000000000000000aa4234ff82182952a76233d18e7d49638aeb04e7a9e9e7eafb7c255372795d2d192a0a33cab0f5bf2e93e0544fcdf2df2bc6ce96e5a11993d54f97a23754ac828674dbb93c0ad345715be4a13678b01edf76d8a923655800a2c88cce004505ab45d8f5f88aa887bbce5c18970428516f6099bdbb2cd7a2356397f1a0a23e662e2a6c4834400cbaa41c3c574e6e6aefb7a68da5ec1ae49f968bbe0e0bf9878516f553639f5b4828e92019b61f5874be1c7cdd9482df50bc24a8a1fa10d291390eb84e26a2e8dbeaa45604b05a116c1210a7540bf81005044273f5a8ffc538db289350eb248e483bd8920efcf30a798c2b636243e0a37262ca47dfeefa753ba528f7ba77e825051ce69b4475d7d714ba0c636e6ae9f710411d30ef424aeaabe057c7df6ff8f767bcd9012e1047c686f5ccb76ab3a5df53cbc22ba7ea8f6a8e220bb4d83de1e4dc19d6c1be841503850803bc2c2d5e0e34270a7f1cca0c6c53a8e5f891f7a793a70da62d6d88fbb90d220acc687931b42d6be83ab870da3c0a567f5e65ec0457f4ad2a4ec0b671b36388afd5520a8483a4b11f7d02a41b315f0f9e59f47668d68a74838d6976e12fd45200014041dffacbf60892ec8bd7560686f137a806d3dfaba900b47cac62f828342fff009adb5b2251461a1b9d6ba625b8fe04e69a1a4be2696f0000000086e172932e03000000000000005942e1b9d6dc28ab8e19e1111dd893e801015642faf21eef40d6e7de3ef62c4bc5ff17e7aeb2841098f845d1cc9ec4eee79c298fb0ba939b13707044e2e9cc0d350438c1c8c6bb9a38c6ac5ca0d9cf1f3d6915f25cb26edfc28b3079b97df32601240e454db103fb0c4a14c16837394d2b3673a3f160d3a7b83ecd0509ce9eba0c7bf7843799b1b56a234f9eaab8a3f14f1472bb6aaeb8ac9ee4054605558ab31f339f6a4caf2ee2fd01f34dca3300000000000000000000000000000000f59f8e6e00000000c44130098d833a24000000000095e6f945ba9a941cef5e70b8c152321e24b5b29bcf374dcf5a29a35d76e6e2bf8df95462690a4fc9ec8129e92b6ebb4b40a992a75d3c5954d0bfc87db24d856359079b29b3c374d081c300b2cfaa596d24e800ef8e2201f2fb7a9946f89f9f31f7cbd603fd7f8898c70b5c65f2e28f22e1a79a6af3a54861b07f124642e98389557affbdede09b5566a4a1ee73b20846810030a754acddcdafe3ceeeebc0b5f2fedfe7d198e3067f3dbac9441a9ab8409cbbb7e15b9ae3944097de34de2001c8533a3766e6e4c4c4702ccb932a27a3962814cd6aa8fc684beeaa3932efae3a9052be8eec1e95f6ad8d41dd34829503ba4b66e27154cb6e34aa13450522df1723130b6fb9bec59ae347c93f00e40e293c98d849a33f773c743728992f40faccd5c23130a1c6bfd6fc661bca1598137ddd1090ded672f5a48a40cab3f640c8241a364cbde0f188eec7da7bccafbd5bf28a46f0eecc6b550471b0b0770c6a5a411c0e0b19e15a461e7c6833ba936e214b013f2819ec6572a43b5cd32b11d7e4f8dcf8f7820a17b7b2ee6178a03351dd25091e46bfd82a3979b9cad109fd6217cd52aa81bdabd50826a674bd16b8f7e6aed12a305366599f5f029a7b24558c02750500002f1c19d16a6f391906000000cc0bbbfb8c698ecc137d96711100e0108d3bd2afed0b279ebf0527552a9331e646c424b14ffbb815622bfd2f635855bed1b164d0a56bd104be069854111c5b26ec3c652b5f0a6b9676dae987ec23456ba05a4dfb15321ef6b76e7e547a688c67ab531cfc784c9f940d9fb0464a6cce635e14b80dc5c1c64e75e6bd5355d84f8df272f18f58c570e7afd83ee77f157c146aa747b728969aeb4aba1d8f9de14275bf4a53e95235ae13768ab3fb8ab6ea50e884c2ea98e6400bf0c5ae2887cd1da0e57ccfdf5eca2b455247efcc13102846c0a85f20c80007c0ce6efce627b95b8ad3003385de97101678fb2163ecea6e70a77a6fbc089e31a5ccece932229b8f79faa6863d6857c3d9a9710f9f8ad16eeb8342278f311cbc226498028234d21466892983378fe64acbb44f694cd78e43c74aa75505cb1c91b189f8f89f233a05f5cd4e173a373178557843dd705268f74a9e5429945503195aefd6706b584d8408c9652b3fe68500747f7ee8375fa559c3ad195d3795df1a8364cd13acc3256ee4634c73eeb6954d0fcf09ab84df0b8900e0c6fea2ccb600ae7a4b128cae19df160e7c207b89132d1d5bdc9ffc79f0549b82df521817651d5fead5128205b92ccdccc69407ab556217af277af911dbd456dfc43dd061b6c91485dcc208cf0b3d0bf851de413f5de5ec015e296914afab6411109355e027ce04990d9aae251b9deb11b7db45b9f15b7b55d8fdbedd9e6cf891205694f02be8b9ea8ecd41308a0e1b93ae3435bfa88b440b1f701b4d0fc49c82193f27f8023b630ea97edbf3bf421a0a1a2b4ac7bb30bcd1cdd172c0df37408fd6827bb03e8742fc1c7a2befd1299928c5f79e846a8dc7ca648d960a759e6711b69776896a9656d59af6d44bc5348229fa84ae78af8421a22c4b4c17a3d24a4a0104000000000000d77cc4eef51c2b417c8c7458ddd7dd9d1a863bf0a9e1a30a19020490038017a5c7e474c83302a2c2b5c976dacf3dda7191c757f208000000000000005f7ed983f65723fbb36b9b51abb0dbcd33570000000000000000251aa4f139d0485ffcf89f01639fd1579a3802f720a0215c720a97071f5065a23642a58275dbca444b00e2e5835185d5d5b2796eb0fe32cf3b0633f58ecc7648c3c6efe82f93a3008052416512eea30ea9472e0b456a652883c0907323cf03be193ad0438cdef7a98a1671a1918df310dc4bfd61c3db4819ab1c57b348a8ff1ed36364a20fe846f11d045de81f069bac8425b31c5d08b433562ffb318c1285011f9b78b2401989384311101e452f54661ecdb2514a6ae50dbdd422de0f0f8c670000000000390be79688f80c4c314cb1b14afcaa5d23f9032e0ec51f45f447d6a7c798fcf7e60e2180e289410801e4f03a0e140f388f25b92da1025d8409e171a2336ed71cca86eb4658fe06df286e0e20276b0618eeffd05774f15686cd9d3182ca2fec863875f305fed6baf48a594db12582a38cfdffffffffffffff0cf8d920517835fe7d09cfcb624f6931f1cc6f6b71f58de9ddc38e0c43992f6bc57a718d0cfd197b5324b4e05ef1caa96db3ae1f2f2e5791faba2ebbe1a6faf21f2748fb1fb6743c3ca8af4e6b02518c9b7fdc1b5721eb1c3ed98db25536f74ac7861afc94544e52dcb5c60460a05802e3b437ac977bfa26b887a2443e8d559c58187f004eb82b07937df6e96f77ed551926bec4e0188fae10a35d1c5f1768ac6be829be1827f9df303160df18597efba46f1babc3d74adc31ca71bdab9079e4288881b434484eadde9da6b81802842abd462d546c59d87acc014f81d3414759bda12d2a2c6bc1bfa807bd3101eb227184a61107b6d0618e2a3b842671e084ac3f0ff94dc48b51601247318ab4d1c5106458000000000008000000000000cfee0107e6c2fe8639d926829fdbbd86bf591a8c3c235d8939af9d923f648165881a6c29997234406200b3b1c321cc158dbe17123eace3000000000000000000000000000000000000796de6ae4ae40bdf9a6e8c5dc29562262af9cd54e8e3ecc7e3c8cba0ecc791683496c4e5c1a5729714d9f9031f49b400cd2667b4ea6df54809615a4f973f93e6ccec72f16ff998e29ed99df733680a9d5cea57f99cc139b6ea9014f3000000000000000000000000000000000000feeab45a4046a622b0dceb413e4e39b7317e92cbed46b41ab5115bfb542c933783d750852dfdc6656aaf15e10615a88821f2f1bc53969b52d6852755e7681ad5beda80b38ccd34116b99f50b4fdd967b3f20f260455412b675639a26c76840cce40e323bde9d673fceda0ad6981565c8a183d928903b4f4472dde41b6dcd75314c31e704dfcb222c8359fe88944f852242270c932abfaeece0843d708f5cd25b2a63ae1e79723c1c3c013836b47da0a35d0f34c0705caae54024cf8ade6396ff44482284f415e5769d9ae8688a8d5516690aae9ce1c785262734723519b042a161e6efabf263a46ba92254a51ff6502470f3038cf6d8d991931cfd82ea97e1b596133e7754908d912d1054d174f5a731c019f152a5ca2e48599b6d563bfcd8c0950f4292769217a6e309452b14e64ae64ad58ced33582a1b3d2e0c300059fb1ee78cdddb827293de267d64bf47c3c8c419683c948e46de8cea0b232da00ff39ebef3b73b3d6fbeecd3f9ff06b7e08ed8ce2b9b9cf2e08975f5959fa7028f68c525ab173c0c553d21bd1e9176abdf799e7a08d2f3c14e1ca99d525bc3af0ca0f48f145c65b10dfc67803aab67f6b631d3d7e237fec4bc6eacc364b7cdd925973705d40c5a614e354d9b92357845d15ea41ad3e3a98396131f835e17f0cbfbdc59453991e689f9ce19bd4a3b4121e5a8b5dbb519b5556cb70603ceac0b7ca02cb05a01afa3164ca428add947673cdba49a0e6e8aeeddf52c0f0ef224c69a3c96c2fddf56d74c4ae7"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r2, 0x20e, 0xe40, 0xfd000004, &(0x7f00000004c0)="b9180bb76003070c009e40f086dd1fff290000003b0020010010ac14142ee0080001c699da153f0ae0e6e380f60115f683317585d7472ce0ab4439f0f570ff155bc5f73ba3f8bb99a6e8ded1ce485cf058105cd981b42493481cd659416a2e10c9119664f36eb00b333c20c9ec0c222d644bdcb178c1cc53d6960fbb842d6a33dfcde3a1e1848135214baf139753866cadcbe3ce52505e992818cc452bee339d9ab076f484020eaa348a21d7911e4c44905256ec2cc54cca47a198b00c10aff62a4bed43a2ebcad92743fb22c593f28fd4bb7c703cde9cae0569d4c8d9a823f2c12863f7a6c0cf88ed22aae4f6f084508833b61429a25773eedf63dd9f33d430f2a0a30a7761db16fe0f743b95ded898c28aac1256ce2751b3d738899b8b19d9052b7f13ff94", 0x0, 0x31, 0x6000000000000000, 0xfffffffffffffe7e, 0x1d4}, 0x28) 671.604477ms ago: executing program 1 (id=3230): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f00000000c0)={0x80042, 0x7, 0x1}, 0x10) sendmsg$tipc(r0, &(0x7f0000002340)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x4}}, 0x10, 0x0}, 0x0) 641.175004ms ago: executing program 3 (id=3231): r0 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x2) connect$vsock_stream(r0, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) shutdown(r0, 0x0) poll(&(0x7f0000000300)=[{r0}], 0x1, 0x0) 551.895956ms ago: executing program 0 (id=3232): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x38011, r0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RGETLOCK(r1, &(0x7f0000000000)=ANY=[], 0x200002e6) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 518.420609ms ago: executing program 3 (id=3233): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@newlink={0x40, 0x10, 0xffffff1f, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2410}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x40}}, 0x4000) 476.61662ms ago: executing program 1 (id=3234): r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000180)={'vcan0\x00', 0x0}) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000011c0)=0x7c6b, 0x4) setsockopt$CAN_RAW_LOOPBACK(r0, 0x65, 0x3, &(0x7f0000000000), 0x4) sendmsg$can_raw(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x1d, r1}, 0x10, &(0x7f0000000100)={&(0x7f00000000c0)=@can={{}, 0x4, 0x0, 0x0, 0x0, "978e8676a8cfd89c"}, 0x10}}, 0x20008081) 440.202905ms ago: executing program 2 (id=3235): r0 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r0, &(0x7f0000000040), 0xc) r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) write$binfmt_aout(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="03010000b5"], 0xc8) writev(r0, &(0x7f0000000180)=[{&(0x7f0000002680)="1e", 0xfdef}], 0x1) 391.780678ms ago: executing program 4 (id=3236): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r1 = dup(r0) open$dir(&(0x7f0000000000)='./file0\x00', 0x40, 0x14) r2 = fanotify_init(0x13, 0x181000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000480)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) 370.620005ms ago: executing program 1 (id=3237): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = dup3(r0, r1, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_VENDOR(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000006700000008000100000000000c00b10000008001230000000800c3"], 0x38}}, 0x10) 301.214352ms ago: executing program 2 (id=3238): socket(0x10, 0x3, 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000b00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000b40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000040)={0x30, r1, 0x1, 0x0, 0xfffffffe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_AIRTIME_WEIGHT={0x6, 0x112, 0x7f}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x30}, 0x1, 0x0, 0x0, 0x4}, 0x0) 255.712423ms ago: executing program 3 (id=3239): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r0, @ANYBLOB="0000000002000000b705000008000000850000005e00000095"], &(0x7f0000000300)='GPL\x00', 0x4, 0xff9, &(0x7f00000014c0)=""/4089, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 227.598488ms ago: executing program 1 (id=3240): r0 = socket(0x40000000015, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4) bind$inet(r0, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) recvmmsg(r0, &(0x7f0000001340)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=""/58, 0x3a}, 0x7ff}], 0x1, 0x60010020, 0x0) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10) 210.684774ms ago: executing program 2 (id=3241): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r1, 0x0, 0x0}, 0x10) 190.699113ms ago: executing program 3 (id=3242): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$batadv(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000640)={0x14, r2, 0x703, 0x0, 0x0, {0xb}}, 0x14}}, 0x0) 106.745291ms ago: executing program 2 (id=3243): r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x3, &(0x7f0000000040)={{}, {0x77359400}}, 0x0) clock_settime(0x0, &(0x7f0000003c80)={0x77359400}) clock_gettime(0x6, &(0x7f0000000080)={0x0, 0x0}) timerfd_settime(r0, 0x3, &(0x7f0000000000)={{}, {r1, r2+60000000}}, 0x0) 106.057874ms ago: executing program 3 (id=3244): mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, 0x0, 0x0) 19.825711ms ago: executing program 2 (id=3245): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="d4000000", @ANYRES16=r1, @ANYBLOB="010000000000040000004400000008000300", @ANYRES32=r3, @ANYBLOB="0a0018000303030303030000080026006c09000005002400020000009c005a80"], 0xd4}}, 0x0) 0s ago: executing program 2 (id=3246): sendmsg$inet(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={0xffffffffffffffff, 0x0, 0x0, 0x2}, 0x20) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x70cb0}], 0xc}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) kernel console output (not intermixed with test programs): audit: type=1326 audit(1736574358.424:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7922 comm="syz.2.862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f508cd85d29 code=0x7ffc0000 [ 128.889347][ T29] audit: type=1326 audit(1736574358.424:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7922 comm="syz.2.862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f508cd85d29 code=0x7ffc0000 [ 128.910720][ C1] vkms_vblank_simulate: vblank timer overrun [ 128.916853][ T29] audit: type=1326 audit(1736574358.424:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7922 comm="syz.2.862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f508cd85d29 code=0x7ffc0000 [ 128.938483][ T29] audit: type=1326 audit(1736574358.424:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7922 comm="syz.2.862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f508cd85d29 code=0x7ffc0000 [ 128.959876][ C1] vkms_vblank_simulate: vblank timer overrun [ 128.960915][ T7925] netlink: 132 bytes leftover after parsing attributes in process `syz.4.864'. [ 128.966279][ T29] audit: type=1326 audit(1736574358.424:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7922 comm="syz.2.862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f508cd85d29 code=0x7ffc0000 [ 128.966316][ T29] audit: type=1326 audit(1736574358.424:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7922 comm="syz.2.862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=297 compat=0 ip=0x7f508cd85d29 code=0x7ffc0000 [ 129.020369][ T29] audit: type=1326 audit(1736574358.424:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7922 comm="syz.2.862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f508cd85d29 code=0x7ffc0000 [ 129.629454][ T7957] misc userio: Invalid payload size [ 129.854532][ T7967] IPVS: sh: SCTP 127.0.0.1:0 - no destination available [ 129.906792][ T7970] netlink: 'syz.2.885': attribute type 7 has an invalid length. [ 129.968389][ T7968] af_packet: tpacket_rcv: packet too big, clamped from 22 to 4294967286. macoff=82 [ 130.116133][ T7978] netlink: 'syz.2.889': attribute type 1 has an invalid length. [ 130.144615][ T7978] netlink: 4 bytes leftover after parsing attributes in process `syz.2.889'. [ 130.325795][ T7990] netlink: 12 bytes leftover after parsing attributes in process `syz.4.896'. [ 130.536179][ T8002] unknown channel width for channel at 909000KHz? [ 130.798274][ T8016] bridge0: port 3(vlan2) entered blocking state [ 130.818668][ T8016] bridge0: port 3(vlan2) entered disabled state [ 130.835772][ T8016] vlan2: entered allmulticast mode [ 130.854518][ T8016] gretap0: entered allmulticast mode [ 130.876001][ T8016] vlan2: entered promiscuous mode [ 130.890733][ T8016] gretap0: entered promiscuous mode [ 130.896877][ T8016] bridge0: port 3(vlan2) entered blocking state [ 130.903779][ T8016] bridge0: port 3(vlan2) entered forwarding state [ 131.103846][ T8027] netlink: 52 bytes leftover after parsing attributes in process `syz.4.912'. [ 131.521780][ T8037] netlink: 8 bytes leftover after parsing attributes in process `syz.3.917'. [ 131.537505][ T8037] netlink: 8 bytes leftover after parsing attributes in process `syz.3.917'. [ 131.558316][ T8037] gtp0: entered promiscuous mode [ 131.573797][ T8037] gtp0: entered allmulticast mode [ 131.826304][ T8055] ip6t_rpfilter: only valid in 'raw' or 'mangle' table, not '' [ 131.859458][ T5905] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 132.011615][ T5905] usb 5-1: New USB device found, idVendor=59cc, idProduct=980d, bcdDevice=b4.8e [ 132.021132][ T5905] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.040519][ T5905] usb 5-1: config 0 descriptor?? [ 132.057815][ T5905] usb-storage 5-1:0.0: USB Mass Storage device detected [ 132.069613][ T973] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 132.229399][ T973] usb 4-1: Using ep0 maxpacket: 8 [ 132.242973][ T973] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 132.261859][ T5905] usb 5-1: USB disconnect, device number 9 [ 132.264511][ T973] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 132.293096][ T973] usb 4-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52 [ 132.325644][ T973] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.339328][ T973] usb 4-1: Product: syz [ 132.343616][ T973] usb 4-1: Manufacturer: syz [ 132.358929][ T973] usb 4-1: SerialNumber: syz [ 132.368658][ T973] usb 4-1: config 0 descriptor?? [ 132.739367][ T5870] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 132.811244][ T973] usb 4-1: USB disconnect, device number 7 [ 132.892566][ T8093] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode [ 132.911758][ T5870] usb 2-1: Using ep0 maxpacket: 8 [ 132.915469][ T8093] macvlan3: entered allmulticast mode [ 132.923475][ T5870] usb 2-1: config 0 has an invalid interface number: 143 but max is 0 [ 132.933122][ T5870] usb 2-1: config 0 has no interface number 0 [ 132.944476][ T5870] usb 2-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b [ 132.954037][ T8093] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode [ 132.961723][ T5870] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.973788][ T5870] usb 2-1: config 0 descriptor?? [ 132.979542][ T8093] mac80211_hwsim hwsim4 wlan0: left allmulticast mode [ 132.995837][ T8093] mac80211_hwsim hwsim4 wlan0: left promiscuous mode [ 133.062247][ T8097] bridge_slave_0: left allmulticast mode [ 133.067958][ T8097] bridge_slave_0: left promiscuous mode [ 133.076542][ T8097] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.091519][ T5870] viperboard 2-1:0.143: version 0.00 found at bus 002 address 008 [ 133.107294][ T8097] bridge_slave_1: left allmulticast mode [ 133.114875][ T8097] bridge_slave_1: left promiscuous mode [ 133.126478][ T8097] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.127910][ T5870] viperboard-i2c viperboard-i2c.2.auto: failure setting i2c_bus_freq to 100 [ 133.158938][ T5870] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5 [ 133.173851][ T8097] bond0: (slave bond_slave_0): Releasing backup interface [ 133.198125][ T8097] bond0: (slave bond_slave_1): Releasing backup interface [ 133.232737][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.243482][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.294391][ T5905] usb 2-1: USB disconnect, device number 8 [ 133.295533][ T8097] team0: Port device team_slave_0 removed [ 133.347949][ T8097] team0: Port device team_slave_1 removed [ 133.355106][ T8097] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 133.363471][ T8097] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 133.374153][ T8097] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 133.386484][ T8097] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 133.413532][ T8097] bond0: (slave wlan1): Releasing backup interface [ 133.433775][ T8097] vlan2: left allmulticast mode [ 133.438784][ T8097] gretap0: left allmulticast mode [ 133.451487][ T8097] vlan2: left promiscuous mode [ 133.456443][ T8097] gretap0: left promiscuous mode [ 133.465292][ T8097] bridge0: port 3(vlan2) entered disabled state [ 133.795292][ T8114] netlink: 8 bytes leftover after parsing attributes in process `syz.0.950'. [ 134.167582][ T8133] netlink: 28 bytes leftover after parsing attributes in process `syz.0.958'. [ 134.328448][ T8136] netlink: 'syz.2.960': attribute type 21 has an invalid length. [ 134.387449][ T8136] netlink: 156 bytes leftover after parsing attributes in process `syz.2.960'. [ 134.482867][ T8136] netlink: 'syz.2.960': attribute type 21 has an invalid length. [ 134.501213][ T8136] netlink: 156 bytes leftover after parsing attributes in process `syz.2.960'. [ 134.737926][ T8156] program syz.3.970 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 134.788164][ T5870] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 134.817294][ T8161] netlink: 'syz.2.971': attribute type 1 has an invalid length. [ 134.839566][ T8161] netlink: 224 bytes leftover after parsing attributes in process `syz.2.971'. [ 134.961054][ T5870] usb 5-1: Using ep0 maxpacket: 32 [ 134.992949][ T5870] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 135.040583][ T5870] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 135.065293][ T5870] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 135.103942][ T5870] usb 5-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 135.137958][ T5870] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.150894][ T5870] usb 5-1: config 0 descriptor?? [ 135.414044][ T8180] gretap1: entered promiscuous mode [ 135.571136][ T5870] hid (null): report_id 0 is invalid [ 135.649354][ T5870] input: HID 0458:5011 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5011.000B/input/input14 [ 135.714549][ T8192] netlink: 4 bytes leftover after parsing attributes in process `syz.0.987'. [ 135.735165][ T5870] input: HID 0458:5011 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5011.000B/input/input15 [ 135.812684][ T5870] kye 0003:0458:5011.000B: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.4-1/input0 [ 135.855157][ T5870] usb 5-1: USB disconnect, device number 10 [ 136.114756][ T8212] netlink: 'syz.1.996': attribute type 10 has an invalid length. [ 136.142757][ T8212] bridge0: port 2(bridge_slave_1) entered disabled state [ 136.150319][ T8212] bridge0: port 1(bridge_slave_0) entered disabled state [ 136.168452][ T8217] netlink: 4 bytes leftover after parsing attributes in process `syz.1.996'. [ 136.200179][ T8212] bridge0: port 2(bridge_slave_1) entered blocking state [ 136.207352][ T8212] bridge0: port 2(bridge_slave_1) entered forwarding state [ 136.215476][ T8212] bridge0: port 1(bridge_slave_0) entered blocking state [ 136.222652][ T8212] bridge0: port 1(bridge_slave_0) entered forwarding state [ 136.253403][ T8212] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 136.264715][ T8217] bridge_slave_1: left allmulticast mode [ 136.288215][ T8217] bridge_slave_1: left promiscuous mode [ 136.297561][ T8217] bridge0: port 2(bridge_slave_1) entered disabled state [ 136.317814][ T8217] bridge_slave_0: left allmulticast mode [ 136.326115][ T8217] bridge_slave_0: left promiscuous mode [ 136.335318][ T8217] bridge0: port 1(bridge_slave_0) entered disabled state [ 136.362139][ T8217] bond0: (slave bridge0): Releasing backup interface [ 136.479203][ T5905] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 136.652497][ T5905] usb 4-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice= 0.00 [ 136.673794][ T5905] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.688630][ T5905] usb 4-1: config 0 descriptor?? [ 137.117069][ T5905] playstation 0003:054C:0DF2.000C: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.3-1/input0 [ 137.178432][ T8251] netlink: 'syz.1.1014': attribute type 1 has an invalid length. [ 137.309570][ T5905] playstation 0003:054C:0DF2.000C: Invalid reportID received, expected 9 got 0 [ 137.318900][ T5905] playstation 0003:054C:0DF2.000C: Failed to retrieve DualSense pairing info: -22 [ 137.328548][ T5905] playstation 0003:054C:0DF2.000C: Failed to get MAC address from DualSense [ 137.343497][ T5905] playstation 0003:054C:0DF2.000C: Failed to create dualsense. [ 137.362778][ T5905] playstation 0003:054C:0DF2.000C: probe with driver playstation failed with error -22 [ 137.544302][ T8] usb 4-1: USB disconnect, device number 8 [ 137.679799][ T5905] usb 5-1: new full-speed USB device number 11 using dummy_hcd [ 137.846802][ T5905] usb 5-1: config 0 has an invalid interface number: 133 but max is 0 [ 137.856329][ T5905] usb 5-1: config 0 has no interface number 0 [ 137.865559][ T5905] usb 5-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 137.875141][ T5905] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.883736][ T5905] usb 5-1: Product: syz [ 137.888170][ T5905] usb 5-1: Manufacturer: syz [ 137.892917][ T5905] usb 5-1: SerialNumber: syz [ 137.899856][ T5905] usb 5-1: config 0 descriptor?? [ 137.974959][ T5832] Bluetooth: hci0: command 0x0401 tx timeout [ 137.981154][ T5823] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 138.957756][ T5905] keyspan 5-1:0.133: Keyspan 1 port adapter converter detected [ 138.966618][ T5905] keyspan 5-1:0.133: found no endpoint descriptor for endpoint 81 [ 138.974641][ T5905] keyspan 5-1:0.133: found no endpoint descriptor for endpoint 1 [ 138.982549][ T5905] keyspan 5-1:0.133: found no endpoint descriptor for endpoint 2 [ 138.993467][ T5905] usb 5-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 139.136095][ T8] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 139.172925][ T5905] usb 5-1: USB disconnect, device number 11 [ 139.190007][ T5905] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 139.200199][ T5905] keyspan 5-1:0.133: device disconnected [ 139.312449][ T8305] serio: Serial port ptm0 [ 139.318290][ T8] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 139.339505][ T8] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 139.349532][ T8] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 139.358602][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.376333][ T8285] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 139.388853][ T8] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 139.556736][ T5910] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 139.611616][ T973] usb 3-1: USB disconnect, device number 11 [ 139.712213][ T5910] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 139.728780][ T5910] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.741029][ T5910] usb 2-1: config 0 descriptor?? [ 139.749513][ T5910] cp210x 2-1:0.0: cp210x converter detected [ 140.017873][ T8330] netlink: 'syz.3.1049': attribute type 1 has an invalid length. [ 140.027573][ T8330] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1049'. [ 140.346900][ T8345] netlink: 'syz.4.1055': attribute type 10 has an invalid length. [ 140.378038][ T8345] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.385578][ T8345] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.412372][ T8346] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1055'. [ 140.438873][ T8345] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.446093][ T8345] bridge0: port 2(bridge_slave_1) entered forwarding state [ 140.453609][ T8345] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.461068][ T8345] bridge0: port 1(bridge_slave_0) entered forwarding state [ 140.481852][ T8345] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 140.497881][ T8346] bridge_slave_1: left allmulticast mode [ 140.529400][ T8346] bridge_slave_1: left promiscuous mode [ 140.535181][ T8346] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.565882][ T5910] cp210x 2-1:0.0: failed to get vendor val 0x370c size 15: -71 [ 140.575674][ T5910] cp210x 2-1:0.0: GPIO initialisation failed: -71 [ 140.580786][ T8353] syz.3.1059 uses obsolete (PF_INET,SOCK_PACKET) [ 140.589175][ T8346] bridge_slave_0: left allmulticast mode [ 140.589719][ T5910] usb 2-1: cp210x converter now attached to ttyUSB0 [ 140.599081][ T8346] bridge_slave_0: left promiscuous mode [ 140.615812][ T5910] usb 2-1: USB disconnect, device number 9 [ 140.625440][ T5910] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 140.633924][ T5910] cp210x 2-1:0.0: device disconnected [ 140.645095][ T8346] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.692363][ T8357] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1061'. [ 140.693483][ T8346] bond0: (slave bridge0): Releasing backup interface [ 140.911108][ T5829] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 141.069509][ T5829] usb 3-1: Using ep0 maxpacket: 16 [ 141.078209][ T5829] usb 3-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90 [ 141.087551][ T5829] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.096393][ T5829] usb 3-1: Product: syz [ 141.102010][ T5829] usb 3-1: Manufacturer: syz [ 141.106650][ T5829] usb 3-1: SerialNumber: syz [ 141.117938][ T5829] usb 3-1: config 0 descriptor?? [ 141.126348][ T5829] ums-onetouch 3-1:0.0: USB Mass Storage device detected [ 141.220113][ T8] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 141.346700][ T5910] usb 3-1: USB disconnect, device number 12 [ 141.379444][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 141.386154][ T8] usb 5-1: config 0 has an invalid interface number: 143 but max is 0 [ 141.399337][ T8] usb 5-1: config 0 has no interface number 0 [ 141.405491][ T8] usb 5-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b [ 141.414991][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.425107][ T8] usb 5-1: config 0 descriptor?? [ 141.542640][ T8] viperboard 5-1:0.143: version 0.00 found at bus 005 address 012 [ 141.566143][ T8] viperboard-i2c viperboard-i2c.2.auto: failure setting i2c_bus_freq to 100 [ 141.579330][ T8] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5 [ 141.737520][ T8389] io-wq is not configured for unbound workers [ 142.055693][ T8404] loop2: detected capacity change from 0 to 524287999 [ 142.186968][ T5966] usb 5-1: USB disconnect, device number 12 [ 142.342139][ T8] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 142.389587][ T973] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 142.502271][ T8] usb 3-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice= 0.00 [ 142.523042][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.545977][ T8] usb 3-1: config 0 descriptor?? [ 142.569577][ T973] usb 4-1: Using ep0 maxpacket: 16 [ 142.583284][ T973] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 142.599390][ T973] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 142.615093][ T973] usb 4-1: Product: syz [ 142.619845][ T973] usb 4-1: Manufacturer: syz [ 142.624639][ T973] usb 4-1: SerialNumber: syz [ 142.641395][ T973] usb 4-1: config 0 descriptor?? [ 142.886729][ T973] usb 4-1: USB disconnect, device number 9 [ 142.977609][ T8] playstation 0003:054C:0DF2.000D: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.2-1/input0 [ 143.176554][ T8] playstation 0003:054C:0DF2.000D: Invalid byte count transferred, expected 20 got 0 [ 143.196923][ T8] playstation 0003:054C:0DF2.000D: Failed to retrieve DualSense pairing info: -22 [ 143.216703][ T8437] hsr0: left promiscuous mode [ 143.226081][ T8] playstation 0003:054C:0DF2.000D: Failed to get MAC address from DualSense [ 143.249189][ T8] playstation 0003:054C:0DF2.000D: Failed to create dualsense. [ 143.270608][ T8] playstation 0003:054C:0DF2.000D: probe with driver playstation failed with error -22 [ 143.314039][ T8441] bond0: (slave bond_slave_0): Releasing backup interface [ 143.365182][ T8441] bond0: (slave bond_slave_1): Releasing backup interface [ 143.394491][ T8441] team0: Port device team_slave_0 removed [ 143.413975][ T8] usb 3-1: USB disconnect, device number 13 [ 143.446522][ T8441] team0: Port device team_slave_1 removed [ 143.461876][ T8441] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 143.476861][ T8441] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 143.497849][ T8441] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 143.506350][ T8441] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 143.989494][ T5966] usb 4-1: new full-speed USB device number 10 using dummy_hcd [ 144.047669][ T8465] input: syz1 as /devices/virtual/input/input16 [ 144.108644][ T8467] netlink: 'syz.1.1110': attribute type 1 has an invalid length. [ 144.149734][ T8467] netlink: 'syz.1.1110': attribute type 4 has an invalid length. [ 144.164377][ T8467] netlink: 212 bytes leftover after parsing attributes in process `syz.1.1110'. [ 144.170141][ T5966] usb 4-1: config 0 has an invalid interface number: 5 but max is 0 [ 144.189407][ T5966] usb 4-1: config 0 has no interface number 0 [ 144.196064][ T5966] usb 4-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b [ 144.205515][ T5966] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.218384][ T5966] usb 4-1: config 0 descriptor?? [ 144.225358][ T5966] ums-realtek 4-1:0.5: USB Mass Storage device detected [ 144.334669][ T8475] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 144.344089][ T8475] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 144.353169][ T8475] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 144.362220][ T8475] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 144.392711][ T8477] input: syz0 as /devices/virtual/input/input17 [ 144.440856][ T5966] usb 4-1: USB disconnect, device number 10 [ 144.919390][ T5966] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 145.005944][ T8497] sg_write: process 520 (syz.1.1124) changed security contexts after opening file descriptor, this is not allowed. [ 145.019068][ T8497] program syz.1.1124 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 145.199405][ T5966] usb 5-1: Using ep0 maxpacket: 16 [ 145.206122][ T5966] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 145.217448][ T5966] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 145.247993][ T5966] usb 5-1: New USB device found, idVendor=046d, idProduct=c295, bcdDevice= 0.00 [ 145.258118][ T5966] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.268390][ T5966] usb 5-1: config 0 descriptor?? [ 145.379639][ T5870] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 145.549506][ T5870] usb 4-1: Using ep0 maxpacket: 16 [ 145.556578][ T5870] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 145.567742][ T5870] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 145.577578][ T5870] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 145.591619][ T5870] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 145.600857][ T5870] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.615754][ T5870] usb 4-1: config 0 descriptor?? [ 145.666046][ T8528] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1138'. [ 145.695067][ T5966] logitech 0003:046D:C295.000E: hidraw0: USB HID v0.00 Device [HID 046d:c295] on usb-dummy_hcd.4-1/input0 [ 145.717092][ T5966] logitech 0003:046D:C295.000E: no inputs found [ 145.799483][ T25] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 145.900804][ T973] usb 5-1: USB disconnect, device number 13 [ 145.949573][ T25] usb 3-1: Using ep0 maxpacket: 32 [ 145.956778][ T25] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 145.965092][ T25] usb 3-1: config 0 has no interface number 0 [ 145.973223][ T25] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 145.982641][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.991034][ T5910] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 145.998727][ T25] usb 3-1: Product: syz [ 146.003192][ T25] usb 3-1: Manufacturer: syz [ 146.008230][ T25] usb 3-1: SerialNumber: syz [ 146.014305][ T25] usb 3-1: config 0 descriptor?? [ 146.022037][ T25] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 146.034430][ T5870] microsoft 0003:045E:07DA.000F: unknown main item tag 0x0 [ 146.041912][ T5870] microsoft 0003:045E:07DA.000F: unknown main item tag 0x0 [ 146.049206][ T5870] microsoft 0003:045E:07DA.000F: unknown main item tag 0x0 [ 146.056476][ T5870] microsoft 0003:045E:07DA.000F: unknown main item tag 0x0 [ 146.063809][ T5870] microsoft 0003:045E:07DA.000F: unknown main item tag 0x0 [ 146.073564][ T5870] microsoft 0003:045E:07DA.000F: unknown main item tag 0x0 [ 146.081007][ T5870] microsoft 0003:045E:07DA.000F: unknown main item tag 0x0 [ 146.088672][ T5870] microsoft 0003:045E:07DA.000F: unknown main item tag 0x0 [ 146.096125][ T5870] microsoft 0003:045E:07DA.000F: unknown main item tag 0x0 [ 146.103404][ T5870] microsoft 0003:045E:07DA.000F: unknown main item tag 0x0 [ 146.113598][ T5870] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.000F/input/input18 [ 146.161231][ T5910] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 146.172366][ T5910] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 146.183415][ T5910] usb 2-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 146.194879][ T5870] microsoft 0003:045E:07DA.000F: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 146.206900][ T5910] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.218122][ T5910] usb 2-1: config 0 descriptor?? [ 146.227298][ T25] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 146.238998][ T25] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 146.247306][ T5966] usb 4-1: USB disconnect, device number 11 [ 146.639026][ C1] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 146.639649][ T5966] usb 3-1: USB disconnect, device number 14 [ 146.659110][ T5910] isku 0003:1E7D:319C.0010: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.1-1/input0 [ 146.662149][ T5966] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 146.704491][ T5966] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 146.716434][ T5966] quatech2 3-1:0.51: device disconnected [ 147.078745][ T5910] usb 2-1: USB disconnect, device number 10 [ 149.232210][ T25] hid-generic 0005:15C2:8001.0011: item fetching failed at offset 0/1 [ 149.277509][ T25] hid-generic 0005:15C2:8001.0011: probe with driver hid-generic failed with error -22 [ 149.840375][ T8676] vlan2: entered promiscuous mode [ 149.845719][ T8676] vlan2: entered allmulticast mode [ 149.870784][ T8676] syz_tun: entered allmulticast mode [ 149.876458][ T8676] syz_tun: entered promiscuous mode [ 149.890609][ T8676] team0: Port device vlan2 added [ 150.090648][ T8682] ptrace attach of "./syz-executor exec"[8683] was attempted by "./syz-executor exec"[8682] [ 150.599427][ T973] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 150.769375][ T973] usb 4-1: Using ep0 maxpacket: 8 [ 150.789798][ T29] kauditd_printk_skb: 2 callbacks suppressed [ 150.789816][ T29] audit: type=1400 audit(1736574380.464:307): lsm=SMACK fn=smack_key_permission action=denied subject="w" object="_" requested=w pid=8701 comm="syz.1.1215" key_serial=812577520 key_desc="_uid_ses.0" [ 150.893835][ T973] usb 4-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 150.939425][ T973] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.009462][ T973] usb 4-1: Product: syz [ 151.049499][ T973] usb 4-1: Manufacturer: syz [ 151.054178][ T973] usb 4-1: SerialNumber: syz [ 151.138437][ T973] usb 4-1: config 0 descriptor?? [ 151.439450][ T5905] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 151.446251][ T973] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 151.637508][ T973] gspca_sunplus: reg_w_riv err -71 [ 151.668730][ T973] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 151.694211][ T973] usb 4-1: USB disconnect, device number 12 [ 151.694871][ T8644] Set syz1 is full, maxelem 65536 reached [ 151.732522][ T5905] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 151.741942][ T5905] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.759052][ T5905] usb 3-1: config 0 descriptor?? [ 151.768678][ T5905] cp210x 3-1:0.0: cp210x converter detected [ 152.193742][ T5905] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 152.235938][ T5905] usb 3-1: cp210x converter now attached to ttyUSB0 [ 152.445707][ T5905] usb 3-1: USB disconnect, device number 15 [ 152.458021][ T5905] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 152.569519][ T5905] cp210x 3-1:0.0: device disconnected [ 154.117117][ T8771] program syz.4.1245 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 154.242207][ T8775] syz_tun: entered allmulticast mode [ 154.274522][ T8775] dvmrp8: entered allmulticast mode [ 154.282002][ T8773] syz_tun: left allmulticast mode [ 154.287606][ T8773] dvmrp8: left allmulticast mode [ 154.454672][ T8785] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 154.491765][ T8785] netdevsim netdevsim1 netdevsim0: left promiscuous mode [ 154.513115][ T8791] input: syz0 as /devices/virtual/input/input19 [ 155.525200][ T8850] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1280'. [ 155.539241][ T8852] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 156.509494][ T5910] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 156.578600][ T8844] syz.1.1278 (8844): drop_caches: 2 [ 156.679627][ T5910] usb 5-1: Using ep0 maxpacket: 16 [ 156.686414][ T5910] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 156.697625][ T5910] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 156.707909][ T5910] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 156.721662][ T5910] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 156.730825][ T5910] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.742534][ T5910] usb 5-1: config 0 descriptor?? [ 156.919807][ T973] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 156.930486][ T8892] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1300'. [ 157.108792][ T973] usb 3-1: too many configurations: 15, using maximum allowed: 8 [ 157.143456][ T973] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 157.153506][ T973] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.165049][ T5910] microsoft 0003:045E:07DA.0012: ignoring exceeding usage max [ 157.172965][ T973] usb 3-1: Product: syz [ 157.179330][ T973] usb 3-1: Manufacturer: syz [ 157.188552][ T973] usb 3-1: SerialNumber: syz [ 157.199228][ T5910] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0012/input/input20 [ 157.219472][ T973] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 157.243433][ T5910] microsoft 0003:045E:07DA.0012: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 157.272378][ T5870] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 157.431600][ T973] usb 5-1: USB disconnect, device number 14 [ 157.527020][ T25] usb 3-1: USB disconnect, device number 16 [ 158.359407][ T5870] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 158.380051][ T5870] ath9k_htc: Failed to initialize the device [ 158.408198][ T25] usb 3-1: ath9k_htc: USB layer deinitialized [ 158.966004][ T8972] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1335'. [ 159.433276][ T8997] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0 [ 159.468564][ T8997] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0 [ 159.487961][ T8997] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0 [ 159.507341][ T8997] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0 [ 159.532980][ T8997] netdevsim netdevsim2 netdevsim0: unset [1, 1] type 2 family 0 port 20004 - 0 [ 159.546442][ T8997] netdevsim netdevsim2 netdevsim1: unset [1, 1] type 2 family 0 port 20004 - 0 [ 159.569783][ T8997] netdevsim netdevsim2 netdevsim2: unset [1, 1] type 2 family 0 port 20004 - 0 [ 159.588965][ T8997] netdevsim netdevsim2 netdevsim3: unset [1, 1] type 2 family 0 port 20004 - 0 [ 159.690906][ T9009] nbd: nbd3 already in use [ 160.246824][ T9028] netlink: 'syz.1.1363': attribute type 4 has an invalid length. [ 161.211248][ T9068] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1382'. [ 161.343083][ T9079] netlink: 'syz.1.1386': attribute type 1 has an invalid length. [ 161.726114][ T29] audit: type=1326 audit(1736574391.394:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9092 comm="syz.3.1392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f890e585d29 code=0x7ffc0000 [ 161.776812][ T29] audit: type=1326 audit(1736574391.394:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9092 comm="syz.3.1392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f890e585d29 code=0x7ffc0000 [ 161.829699][ T29] audit: type=1326 audit(1736574391.414:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9092 comm="syz.3.1392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7f890e585d29 code=0x7ffc0000 [ 161.882932][ T29] audit: type=1326 audit(1736574391.414:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9092 comm="syz.3.1392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f890e585d29 code=0x7ffc0000 [ 161.949637][ T29] audit: type=1326 audit(1736574391.414:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9092 comm="syz.3.1392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f890e585d29 code=0x7ffc0000 [ 161.974394][ T9102] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 162.108989][ T52] Bluetooth: hci5: Frame reassembly failed (-84) [ 162.154467][ T35] Bluetooth: hci5: received HCILL_GO_TO_SLEEP_ACK in state 0 [ 162.242264][ T973] IPVS: starting estimator thread 0... [ 162.339500][ T9119] IPVS: using max 23 ests per chain, 55200 per kthread [ 162.474896][ T9131] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1407'. [ 162.594139][ T9138] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1410'. [ 163.586608][ T9181] syz.2.1428: attempt to access beyond end of device [ 163.586608][ T9181] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 163.605792][ T9181] FAT-fs (nbd2): unable to read boot sector [ 164.109549][ T5832] Bluetooth: hci5: command 0x1003 tx timeout [ 164.110287][ T5823] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 164.959514][ T29] audit: type=1326 audit(1736574394.614:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9217 comm="syz.1.1444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad49b85d29 code=0x7ffc0000 [ 164.981145][ T29] audit: type=1326 audit(1736574394.614:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9217 comm="syz.1.1444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad49b85d29 code=0x7ffc0000 [ 165.059700][ T29] audit: type=1326 audit(1736574394.724:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9217 comm="syz.1.1444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fad49b85d29 code=0x7ffc0000 [ 165.082079][ T29] audit: type=1326 audit(1736574394.724:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9217 comm="syz.1.1444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad49b85d29 code=0x7ffc0000 [ 165.103784][ T29] audit: type=1326 audit(1736574394.724:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9217 comm="syz.1.1444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fad49b7cce7 code=0x7ffc0000 [ 165.384499][ T9232] xt_CT: You must specify a L4 protocol and not use inversions on it [ 165.514945][ T9240] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1455'. [ 165.547376][ T9240] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1455'. [ 165.573975][ T9223] netlink: 'syz.2.1448': attribute type 1 has an invalid length. [ 165.589877][ T9223] netlink: 'syz.2.1448': attribute type 2 has an invalid length. [ 165.597759][ T9223] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1448'. [ 165.619484][ T973] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 165.806818][ T973] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 165.828299][ T973] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 165.848533][ T973] usb 2-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00 [ 165.857957][ T973] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.878691][ T973] usb 2-1: config 0 descriptor?? [ 166.168192][ T9270] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1470'. [ 166.304158][ T973] hid-generic 0003:05AC:4262.0013: unbalanced delimiter at end of report description [ 166.324703][ T973] hid-generic 0003:05AC:4262.0013: probe with driver hid-generic failed with error -22 [ 166.339479][ T25] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 166.459127][ T9283] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1476'. [ 166.470448][ T9283] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1476'. [ 166.527196][ T25] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 166.544045][ T5870] usb 2-1: USB disconnect, device number 11 [ 166.560483][ T25] usb 4-1: New USB device found, idVendor=1d34, idProduct=0004, bcdDevice= 0.00 [ 166.570758][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.580983][ T25] usb 4-1: config 0 descriptor?? [ 166.601536][ T25] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 166.814622][ T5905] usb 4-1: USB disconnect, device number 13 [ 167.769966][ T9344] random: crng reseeded on system resumption [ 168.819731][ T5870] usb 2-1: new full-speed USB device number 12 using dummy_hcd [ 169.028796][ T5870] usb 2-1: unable to get BOS descriptor or descriptor too short [ 169.038713][ T5870] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 169.046534][ T5870] usb 2-1: can't read configurations, error -71 [ 169.179851][ T8] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 169.259599][ T973] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 169.329553][ T8] usb 5-1: Using ep0 maxpacket: 32 [ 169.340586][ T8] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 169.348730][ T8] usb 5-1: config 0 has no interface number 0 [ 169.386352][ T8] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 169.395876][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 169.404546][ T8] usb 5-1: Product: syz [ 169.408761][ T8] usb 5-1: Manufacturer: syz [ 169.416279][ T8] usb 5-1: SerialNumber: syz [ 169.426008][ T8] usb 5-1: config 0 descriptor?? [ 169.431647][ T9423] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1537'. [ 169.433314][ T8] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 169.449902][ T973] usb 3-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 169.449934][ T973] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.485902][ T973] usb 3-1: config 0 descriptor?? [ 169.496742][ T973] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 169.613450][ T9427] CUSE: unknown device info "" [ 169.618388][ T9427] CUSE: unknown device info "" [ 169.628653][ T9427] CUSE: unknown device info "," [ 169.635696][ T8] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 169.637560][ T9427] CUSE: unknown device info "@" [ 169.647641][ T8] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 169.656444][ T9427] CUSE: unknown device info "(" [ 169.669385][ T9427] CUSE: DEVNAME unspecified [ 169.691284][ T9429] netlink: 'syz.1.1540': attribute type 14 has an invalid length. [ 170.056364][ C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 170.065259][ T5966] usb 5-1: USB disconnect, device number 15 [ 170.074515][ T5966] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 170.099052][ T5966] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 170.111384][ T973] gspca_cpia1: usb_control_msg 01, error -71 [ 170.117420][ T973] cpia1 3-1:0.0: only firmware version 1 is supported (got: 0) [ 170.119805][ T5966] quatech2 5-1:0.51: device disconnected [ 170.151531][ T973] usb 3-1: USB disconnect, device number 17 [ 170.980629][ T9466] Bluetooth: hci0: load_link_keys: too big key_count value 5888 [ 171.134343][ T9474] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1561'. [ 171.866438][ T9509] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1575'. [ 172.018849][ T9516] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 172.245557][ T9530] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1585'. [ 172.349694][ T5966] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 172.529419][ T5966] usb 5-1: Using ep0 maxpacket: 16 [ 172.563402][ T5966] usb 5-1: config 0 has an invalid interface number: 41 but max is 0 [ 172.571822][ T5966] usb 5-1: config 0 has no interface number 0 [ 172.578122][ T5966] usb 5-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 172.606657][ T5966] usb 5-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 172.628893][ T5966] usb 5-1: config 0 interface 41 has no altsetting 0 [ 172.637903][ T5966] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 172.653062][ T5966] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 172.662534][ T5966] usb 5-1: Product: syz [ 172.667141][ T5966] usb 5-1: Manufacturer: syz [ 172.675355][ T5966] usb 5-1: SerialNumber: syz [ 172.690847][ T5966] usb 5-1: config 0 descriptor?? [ 172.696542][ T9521] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 172.723713][ T9521] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 172.861110][ T9558] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1597'. [ 172.957094][ T9521] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 172.968785][ T9521] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 173.272937][ T9567] block nbd1: shutting down sockets [ 173.382695][ T5966] Error reading MAC address [ 173.395437][ T5966] sr9700 5-1:0.41: probe with driver sr9700 failed with error -71 [ 173.440484][ T5966] usb 5-1: USB disconnect, device number 16 [ 173.733527][ T9585] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1610'. [ 173.900402][ T973] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 173.971410][ T9594] ip6gretap1: entered promiscuous mode [ 173.987050][ T9594] ip6gretap1: entered allmulticast mode [ 174.059448][ T5870] usb 3-1: new low-speed USB device number 18 using dummy_hcd [ 174.069390][ T973] usb 4-1: Using ep0 maxpacket: 32 [ 174.088601][ T973] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 174.109783][ T973] usb 4-1: config 0 has no interface number 0 [ 174.132169][ T973] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 174.141759][ T973] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.167135][ T973] usb 4-1: Product: syz [ 174.171451][ T973] usb 4-1: Manufacturer: syz [ 174.176102][ T973] usb 4-1: SerialNumber: syz [ 174.202073][ T973] usb 4-1: config 0 descriptor?? [ 174.210397][ T973] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 174.233002][ T5870] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 174.249609][ T5870] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 174.264298][ T5870] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 174.276404][ T9605] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1619'. [ 174.292248][ T5870] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 174.302747][ T5870] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 174.314041][ T5870] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.343816][ T5870] hub 3-1:1.0: bad descriptor, ignoring hub [ 174.350232][ T5870] hub 3-1:1.0: probe with driver hub failed with error -5 [ 174.358003][ T5870] cdc_wdm 3-1:1.0: skipping garbage [ 174.375214][ T5870] cdc_wdm 3-1:1.0: skipping garbage [ 174.404542][ T5870] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 174.420337][ T973] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 174.435879][ T5870] cdc_wdm 3-1:1.0: Unknown control protocol [ 174.459935][ T973] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 174.531868][ T9616] serio: Serial port ptm0 [ 174.653290][ T9581] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 174.669714][ T9581] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 174.699745][ T973] usb 3-1: USB disconnect, device number 18 [ 174.890785][ C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 174.891481][ T8] usb 4-1: USB disconnect, device number 14 [ 174.925393][ T8] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 174.963251][ T8] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 174.987185][ T8] quatech2 4-1:0.51: device disconnected [ 175.039409][ T973] usb 3-1: new full-speed USB device number 19 using dummy_hcd [ 175.090941][ T9638] sctp: [Deprecated]: syz.4.1634 (pid 9638) Use of int in max_burst socket option deprecated. [ 175.090941][ T9638] Use struct sctp_assoc_value instead [ 175.198247][ T973] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 175.219367][ T973] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 175.228700][ T973] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 175.255423][ T973] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 175.295119][ T973] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 175.322415][ T973] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.355987][ T973] hub 3-1:1.0: bad descriptor, ignoring hub [ 175.379979][ T973] hub 3-1:1.0: probe with driver hub failed with error -5 [ 175.399987][ T973] cdc_wdm 3-1:1.0: skipping garbage [ 175.405380][ T973] cdc_wdm 3-1:1.0: skipping garbage [ 175.438596][ T973] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 175.454985][ T973] cdc_wdm 3-1:1.0: Unknown control protocol [ 175.689985][ T5905] usb 3-1: USB disconnect, device number 19 [ 175.923582][ T9675] netlink: 'syz.1.1650': attribute type 12 has an invalid length. [ 176.292904][ T9699] netlink: 'syz.2.1660': attribute type 1 has an invalid length. [ 176.304443][ T9699] netlink: 'syz.2.1660': attribute type 4 has an invalid length. [ 176.316318][ T9699] netlink: 188 bytes leftover after parsing attributes in process `syz.2.1660'. [ 176.345719][ T9699] NCSI netlink: No device for ifindex 458760 [ 176.369781][ T5905] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 176.529468][ T5905] usb 4-1: Using ep0 maxpacket: 16 [ 176.541203][ T5905] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid maxpacket 18273, setting to 1024 [ 176.582540][ T5905] usb 4-1: config 0 interface 0 has no altsetting 0 [ 176.599436][ T5905] usb 4-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 176.620464][ T5905] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.655431][ T5905] usb 4-1: config 0 descriptor?? [ 176.665825][ T9688] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 176.822268][ T9725] Cannot find del_set index 0 as target [ 177.110898][ T5905] cougar 0003:060B:500A.0014: usage count exceeds max: fixing up report descriptor [ 177.121925][ T5905] cougar 0003:060B:500A.0014: unexpected long global item [ 177.131613][ T5905] cougar 0003:060B:500A.0014: parse failed [ 177.137565][ T5905] cougar 0003:060B:500A.0014: probe with driver cougar failed with error -22 [ 177.326546][ T5905] usb 4-1: USB disconnect, device number 15 [ 177.495028][ T9762] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1691'. [ 177.511156][ T9762] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1691'. [ 177.794371][ T9781] binder: 9780:9781 ioctl 40046205 0 returned -22 [ 177.929493][ T46] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 178.090800][ T46] usb 5-1: Using ep0 maxpacket: 32 [ 178.098112][ T46] usb 5-1: config 0 has no interfaces? [ 178.106705][ T46] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 178.116881][ T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.125820][ T46] usb 5-1: Product: syz [ 178.130386][ T973] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 178.139162][ T46] usb 5-1: Manufacturer: syz [ 178.145079][ T46] usb 5-1: SerialNumber: syz [ 178.151785][ T46] usb 5-1: config 0 descriptor?? [ 178.179542][ T5870] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 178.242321][ T9797] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1705'. [ 178.301231][ T973] usb 4-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 178.311785][ T973] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.328872][ T973] usb 4-1: config 0 descriptor?? [ 178.345447][ T5870] usb 2-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 178.374955][ T5870] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.394174][ T5870] usb 2-1: Product: syz [ 178.404324][ T5870] usb 2-1: Manufacturer: syz [ 178.414472][ T5870] usb 2-1: SerialNumber: syz [ 178.430012][ T5870] usb 2-1: config 0 descriptor?? [ 178.442555][ T5870] i2c-tiny-usb 2-1:0.0: version 6d.cc found at bus 002 address 014 [ 178.451933][ T25] usb 5-1: USB disconnect, device number 17 [ 178.844107][ T5870] (null): failure reading functionality [ 178.858726][ T5870] i2c i2c-1: failure reading functionality [ 178.881323][ T5870] i2c i2c-1: connected i2c-tiny-usb device [ 178.903901][ T5870] usb 2-1: USB disconnect, device number 14 [ 179.162500][ T973] pegasus 4-1:0.0: probe with driver pegasus failed with error -71 [ 179.198068][ T973] usb 4-1: USB disconnect, device number 16 [ 179.989006][ T9830] Bluetooth: hci5: Frame reassembly failed (-84) [ 180.002226][ T11] Bluetooth: hci5: Frame reassembly failed (-84) [ 180.519400][ T973] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 180.694180][ T973] usb 2-1: unable to get BOS descriptor or descriptor too short [ 180.716500][ T973] usb 2-1: config 6 has an invalid interface number: 200 but max is 0 [ 180.745421][ T973] usb 2-1: config 6 has no interface number 0 [ 180.758734][ T973] usb 2-1: config 6 interface 200 has no altsetting 0 [ 180.791436][ T973] usb 2-1: New USB device found, idVendor=05d8, idProduct=810c, bcdDevice=18.5f [ 180.811052][ T973] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 180.819164][ T973] usb 2-1: Product: syz [ 180.849442][ T973] usb 2-1: Manufacturer: syz [ 180.864356][ T973] usb 2-1: SerialNumber: syz [ 181.369640][ T9850] program syz.4.1728 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 181.673466][ T973] dvb-usb: found a 'Artec T14 - USB2.0 DVB-T' in warm state. [ 181.692922][ T973] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 181.706448][ T973] dvbdev: DVB: registering new adapter (Artec T14 - USB2.0 DVB-T) [ 181.714788][ T973] usb 2-1: media controller created [ 181.731994][ T973] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 181.799915][ T5905] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 181.866632][ T973] dvb-usb: bulk message failed: -71 (6/0) [ 181.873714][ T973] dvb-usb: bulk message failed: -71 (6/0) [ 181.884434][ T973] dvb-usb: no frontend was attached by 'Artec T14 - USB2.0 DVB-T' [ 181.907537][ T25] hid-generic 0005:0B57:07FF.0015: hidraw0: BLUETOOTH HID v0.8b Device [syz1] on aa:aa:aa:aa:aa:aa [ 181.932629][ T973] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input21 [ 181.956189][ T973] dvb-usb: schedule remote query interval to 150 msecs. [ 181.969450][ T5905] usb 5-1: Using ep0 maxpacket: 16 [ 181.978310][ T5905] usb 5-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice=29.82 [ 181.982607][ T973] dvb-usb: Artec T14 - USB2.0 DVB-T successfully initialized and connected. [ 181.988971][ T5905] usb 5-1: New USB device strings: Mfr=83, Product=5, SerialNumber=10 [ 182.004757][ T5905] usb 5-1: Product: syz [ 182.008934][ T5905] usb 5-1: Manufacturer: syz [ 182.013888][ T5905] usb 5-1: SerialNumber: syz [ 182.020659][ T5905] usb 5-1: config 0 descriptor?? [ 182.028815][ T5905] usb 5-1: selecting invalid altsetting 1 [ 182.043178][ T5832] Bluetooth: hci5: command 0x1003 tx timeout [ 182.050509][ T5823] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 182.084618][ T5905] snd-usb-audio 5-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 182.091483][ T973] usb 2-1: USB disconnect, device number 15 [ 182.162430][ T973] dvb-usb: Artec T14 - USB2.0 DVB-T successfully deinitialized and disconnected. [ 182.237883][ T5905] usb 5-1: USB disconnect, device number 18 [ 182.569503][ T25] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 182.631070][ T9877] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1740'. [ 182.731321][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 182.752950][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 182.797577][ T25] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 182.827342][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.858684][ T25] usb 3-1: config 0 descriptor?? [ 183.304578][ T25] usbhid 3-1:0.0: can't add hid device: -71 [ 183.321842][ T25] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 183.353349][ T25] usb 3-1: USB disconnect, device number 20 [ 183.369523][ T8] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 183.529466][ T8] usb 5-1: Using ep0 maxpacket: 16 [ 183.538660][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 183.550649][ T8] usb 5-1: New USB device found, idVendor=17ef, idProduct=60ee, bcdDevice= 0.00 [ 183.569614][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.578401][ T9899] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1749'. [ 183.600448][ T8] usb 5-1: config 0 descriptor?? [ 184.022300][ T8] lenovo 0003:17EF:60EE.0016: unknown main item tag 0x0 [ 184.053379][ T8] lenovo 0003:17EF:60EE.0016: unknown main item tag 0x0 [ 184.066215][ T8] lenovo 0003:17EF:60EE.0016: unknown main item tag 0x0 [ 184.074785][ T8] lenovo 0003:17EF:60EE.0016: unknown main item tag 0x0 [ 184.086908][ T8] lenovo 0003:17EF:60EE.0016: unknown main item tag 0x0 [ 184.112683][ T8] lenovo 0003:17EF:60EE.0016: hidraw1: USB HID v0.00 Device [HID 17ef:60ee] on usb-dummy_hcd.4-1/input0 [ 184.417270][ T8] lenovo 0003:17EF:60EE.0016: Failed to switch middle button: -71 [ 184.436597][ T8] lenovo 0003:17EF:60EE.0016: Fn-lock setting failed: -71 [ 184.459732][ T8] lenovo 0003:17EF:60EE.0016: Sensitivity setting failed: -71 [ 184.479451][ T8] usb 5-1: USB disconnect, device number 19 [ 185.052425][ T9962] netlink: 'syz.1.1777': attribute type 10 has an invalid length. [ 185.079519][ T9962] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1777'. [ 185.096252][ T9962] batadv0: entered promiscuous mode [ 185.101939][ T9962] batadv0: entered allmulticast mode [ 185.107587][ T9968] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1777'. [ 185.109503][ T25] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 185.125429][ T9962] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 185.142254][ T9964] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1778'. [ 185.279615][ T25] usb 3-1: Using ep0 maxpacket: 16 [ 185.297859][ T25] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 185.326785][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 185.369282][ T25] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 185.402421][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 185.426256][ T25] usb 3-1: Product: syz [ 185.444741][ T25] usb 3-1: Manufacturer: syz [ 185.459463][ T25] usb 3-1: SerialNumber: syz [ 185.479149][ T25] usb 3-1: config 0 descriptor?? [ 185.506939][ T25] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 185.538943][ T25] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class) [ 186.116951][ T25] em28xx 3-1:0.0: chip ID is em28178 [ 186.324526][ T25] usb 3-1: USB disconnect, device number 21 [ 186.331527][ T25] em28xx 3-1:0.0: Disconnecting em28xx [ 186.339723][ T973] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 186.348453][ T25] em28xx 3-1:0.0: Freeing device [ 186.525538][ T973] usb 2-1: unable to get BOS descriptor or descriptor too short [ 186.534516][ T973] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 186.542262][ T973] usb 2-1: can't read configurations, error -71 [ 187.060718][T10007] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1797'. [ 187.669386][ T5966] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 187.833797][ T5966] usb 4-1: New USB device found, idVendor=056a, idProduct=0302, bcdDevice= 0.00 [ 187.849354][ T5966] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 187.870007][ T5966] usb 4-1: config 0 descriptor?? [ 187.935832][T10044] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 187.952050][T10044] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 188.465155][T10070] Invalid option length (1048261) for dns_resolver key [ 188.500904][ T5966] usb 4-1: USB disconnect, device number 17 [ 188.962633][ T5966] kernel write not supported for file /amidi2 (pid: 5966 comm: kworker/0:8) [ 189.304622][T10107] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1841'. [ 189.315270][T10107] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1841'. [ 189.484250][T10117] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1847'. [ 189.763433][T10137] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1851'. [ 190.714777][T10177] program syz.0.1875 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 190.750290][ T5822] Bluetooth: hci4: command tx timeout [ 191.100840][T10186] input: syz1 as /devices/virtual/input/input22 [ 191.709720][ T5822] Bluetooth: hci0: command 0x0401 tx timeout [ 191.715835][ T5822] Bluetooth: hci2: command 0x0406 tx timeout [ 191.719357][ T5133] Bluetooth: hci1: command 0x0406 tx timeout [ 191.722416][ T5822] Bluetooth: hci3: command 0x0406 tx timeout [ 192.919106][T10281] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1922'. [ 192.928604][T10281] bridge_slAve_0: renamed from lo (while UP) [ 193.459416][ T5905] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 193.619504][ T5905] usb 4-1: Using ep0 maxpacket: 16 [ 193.626509][ T5905] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 193.646488][ T5905] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 193.678233][ T5905] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00 [ 193.699617][ T5905] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 193.720570][ T5905] usb 4-1: config 0 descriptor?? [ 193.984612][T10322] netlink: 272 bytes leftover after parsing attributes in process `syz.4.1941'. [ 194.139793][ T5905] konepure 0003:1E7D:2DB4.0018: unknown main item tag 0x2 [ 194.164480][ T5905] konepure 0003:1E7D:2DB4.0018: hidraw1: USB HID v0.00 Device [HID 1e7d:2db4] on usb-dummy_hcd.3-1/input0 [ 194.452585][ T973] usb 4-1: USB disconnect, device number 18 [ 194.555412][T10333] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 194.569620][T10333] syzkaller1: linktype set to 780 [ 194.675034][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.297335][T10356] tipc: New replicast peer: 255.255.255.255 [ 195.314211][ T5966] kernel write not supported for file /fb0 (pid: 5966 comm: kworker/0:8) [ 195.317553][T10356] tipc: Enabled bearer , priority 10 [ 195.569411][ T8] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 195.615063][T10375] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1966'. [ 195.731038][ T8] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 195.742168][ T8] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 195.753113][ T8] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 195.769498][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 195.784314][ T8] usb 4-1: SerialNumber: syz [ 195.975643][T10392] netlink: 'syz.1.1973': attribute type 21 has an invalid length. [ 195.986218][T10392] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1973'. [ 195.995427][T10392] netlink: 'syz.1.1973': attribute type 4 has an invalid length. [ 196.008518][ T8] usb 4-1: 0:2 : does not exist [ 196.015983][T10392] netlink: 'syz.1.1973': attribute type 5 has an invalid length. [ 196.027986][T10392] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1973'. [ 196.042600][ T8] usb 4-1: USB disconnect, device number 19 [ 196.432131][ T25] tipc: Node number set to 1603460864 [ 196.710377][ T25] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 196.879386][ T25] usb 5-1: Using ep0 maxpacket: 32 [ 196.886435][ T25] usb 5-1: config 0 has an invalid interface number: 202 but max is 0 [ 196.909383][ T25] usb 5-1: config 0 has no interface number 0 [ 196.935354][ T25] usb 5-1: config 0 interface 202 altsetting 0 endpoint 0x2 has invalid maxpacket 1023, setting to 64 [ 196.964448][ T25] usb 5-1: config 0 interface 202 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 196.986750][ T25] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16 [ 197.010520][ T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.027738][ T25] usb 5-1: Product: syz [ 197.050573][ T25] usb 5-1: Manufacturer: syz [ 197.068253][ T25] usb 5-1: SerialNumber: syz [ 197.088110][ T25] usb 5-1: config 0 descriptor?? [ 197.128450][ T25] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 197.351680][ T5910] usb 5-1: USB disconnect, device number 20 [ 197.354465][ T11] usb 5-1: Failed to submit usb control message: -71 [ 197.387436][ T11] usb 5-1: unable to send the bmi data to the device: -71 [ 197.396762][ T11] usb 5-1: unable to get target info from device [ 197.403539][ T11] usb 5-1: could not get target info (-71) [ 197.410260][ T11] usb 5-1: could not probe fw (-71) [ 197.869397][ T5837] Bluetooth: hci4: command tx timeout [ 198.299725][T10485] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2014'. [ 198.308863][T10485] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2014'. [ 198.323551][T10485] vlan3: entered allmulticast mode [ 198.339504][ T5910] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 198.342872][T10488] netlink: 277 bytes leftover after parsing attributes in process `syz.0.2013'. [ 198.505347][ T5910] usb 5-1: Using ep0 maxpacket: 32 [ 198.530127][ T5910] usb 5-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 198.549398][ T5910] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 198.555956][ T5905] kernel write not supported for file /input/event2 (pid: 5905 comm: kworker/0:6) [ 198.557475][ T5910] usb 5-1: Product: syz [ 198.589541][ T5910] usb 5-1: Manufacturer: syz [ 198.597570][T10501] kernel read not supported for file / lhOb~h3JyxvL=QRnFGrqςû~QV7"qHd0%NnyD (pid: 10501 comm: syz.1.2017) [ 198.614804][ T5910] usb 5-1: SerialNumber: syz [ 198.626467][ T5910] usb 5-1: config 0 descriptor?? [ 198.637607][ T5910] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 198.646572][ T29] kauditd_printk_skb: 5 callbacks suppressed [ 198.646589][ T29] audit: type=1800 audit(1736574428.314:323): pid=10501 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.2017" name=BD16206C684F62EDF17EE501D168FEB51D9093339E8F064AC7C879FB78D0EEC3FC76F74CAA3D51E452FA6EC1B746477282A5F28F71F0CF82C3BB7E517F567F37B6B7227148E11197C964309DFA86F888B989FD254E6E79B503831CDD4402 dev="mqueue" ino=27288 res=0 errno=0 [ 198.687704][ C1] vkms_vblank_simulate: vblank timer overrun [ 198.884270][ T5910] gspca_ov534_9: reg_w failed -71 [ 199.309501][ T5910] gspca_ov534_9: Unknown sensor 0000 [ 199.309580][ T5910] ov534_9 5-1:0.0: probe with driver ov534_9 failed with error -22 [ 199.351513][ T5910] usb 5-1: USB disconnect, device number 21 [ 199.660836][T10538] netlink: 'syz.3.2036': attribute type 8 has an invalid length. [ 199.668689][T10538] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2036'. [ 200.328679][ T5837] Bluetooth: hci4: adv larger than maximum supported [ 200.526886][T10567] vivid-004: ================= START STATUS ================= [ 200.557793][T10567] vivid-004: Radio HW Seek Mode: Bounded [ 200.568252][T10567] vivid-004: Radio Programmable HW Seek: false [ 200.585824][T10567] vivid-004: RDS Rx I/O Mode: Block I/O [ 200.592012][T10567] vivid-004: Generate RBDS Instead of RDS: false [ 200.598401][T10567] vivid-004: RDS Reception: true [ 200.603736][T10567] vivid-004: RDS Program Type: 0 inactive [ 200.613746][T10567] vivid-004: RDS PS Name: inactive [ 200.628516][T10567] vivid-004: RDS Radio Text: inactive [ 200.639415][T10567] vivid-004: RDS Traffic Announcement: false inactive [ 200.664504][T10567] vivid-004: RDS Traffic Program: false inactive [ 200.671340][T10567] vivid-004: RDS Music: false inactive [ 200.679929][T10567] vivid-004: ================== END STATUS ================== [ 200.827872][T10574] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 201.071072][T10587] netlink: 1028 bytes leftover after parsing attributes in process `syz.4.2056'. [ 201.089745][T10587] sch_tbf: burst 0 is lower than device bridge_slave_0 mtu (1514) ! [ 201.418144][T10595] netlink: 165 bytes leftover after parsing attributes in process `syz.3.2061'. [ 202.119990][T10625] netlink: zone id is out of range [ 202.146320][T10625] openvswitch: netlink: ufid size 20 bytes exceeds the range (1, 16) [ 202.159212][T10625] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 202.999093][T10658] ALSA: mixer_oss: invalid index 20000 [ 203.364668][T10672] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2095'. [ 203.486727][T10678] netlink: 'syz.3.2098': attribute type 21 has an invalid length. [ 203.506148][T10678] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2098'. [ 203.533100][T10678] netlink: 'syz.3.2098': attribute type 4 has an invalid length. [ 203.556851][T10678] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2098'. [ 203.609756][T10681] program syz.0.2102 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 203.721759][T10686] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2103'. [ 203.749763][T10686] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2103'. [ 204.209427][ T5910] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 204.367953][T10718] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2117'. [ 204.381632][ T5910] usb 3-1: Using ep0 maxpacket: 16 [ 204.420804][ T5910] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 204.445913][ T5910] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 204.471452][ T5910] usb 3-1: Product: syz [ 204.475674][ T5910] usb 3-1: Manufacturer: syz [ 204.489428][ T5910] usb 3-1: SerialNumber: syz [ 204.499538][T10724] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2120'. [ 204.529110][ T5910] r8152-cfgselector 3-1: Unknown version 0x0000 [ 204.535625][ T5910] r8152-cfgselector 3-1: config 0 descriptor?? [ 204.626465][T10728] overlay: Unknown parameter ' [ 204.626465][T10728] time [ 204.626465][T10728] string [ 204.626465][T10728] statistic [ 204.626465][T10728] state [ 204.626465][T10728] realm [ 204.626465][T10728] rateest [ 204.626465][T10728] quota [ 204.626465][T10728] pkttype [ 204.626465][T10728] physdev [ 204.626465][T10728] cgroup [ 204.626465][T10728] cgroup [ 204.626465][T10728] cgroup [ 204.626465][T10728] owner [ 204.626465][T10728] nfacct [ 204.626465][T10728] nfacct [ 204.626465][T10728] mac [ 204.626465][T10728] limit [ 204.626465][T10728] ipvs [ 204.626465][T10728] helper [ 204.626465][T10728] devgroup [ 204.626465][T10728] cpu [ 204.626465][T10728] conntrack [ 204.626465][T10728] conntrack [ 204.626465][T10728] conntrack [ 204.626465][T10728] connlabel [ 204.626465][T10728] connbytes [ 204.626465][T10728] comment [ 204.626465][T10728] bpf [ 204.626465][T10728] bpf [ 204.626465][T10728] connmark [ 204.626465][T10728] mark [ 204.626465][T10728] rpfilter [ 204.626465][T10728] ah [ 204.626465][T10728] tcpmss [ 204.626465][T10728] socket [ 204.626465][T10728] socket [ 204.626465][T10728] socket [ 204.626465][T10728] socket [ 204.626465][T10728] sctp [ 204.626465][T10728] recent [ 204.626465][T10728] recent [ 204.626465][T10728] policy [ 204.626465][T10728] osf [ 204.626465][T10728] multiport [ 204.626465][T10728] length [ 204.626465][T10728] l2tp [ 204.626465][T10728] iprange [ 204.626465][T10728] ipcomp [ 204.626465][T10728] ttl [ 204.626465][T10728] hashlimit [ 204.626465][T10728] hashlimit [ 204.626465][T10728] hashlimit [ 204.626465][T10728] esp [ 204.626465][T10728] ecn [ 204.626465][T10728] tos [ 204.626465][T10728] dscp [ 204.626465][T10728] dccp [ 204.626465][T10728] connlimit [ 204.626465][T10728] cluster [ 204.626465][T10728] addrtype [ 204.626465][T10728] addrtype [ 204.626465][T10728] set [ 204.626465][T10728] set [ 204.626465][T10728] set [ 204.626465][T10728] set [ 204.626465][T10728] set [ 204.626465][T10728] icmp [ 204.956366][T10735] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2125'. [ 205.047193][ T5910] r8152-cfgselector 3-1: USB disconnect, device number 22 [ 206.737984][T10817] tipc: Started in network mode [ 206.753202][T10817] tipc: Node identity fffffeff, cluster identity 7 [ 206.785426][T10817] tipc: Node number set to 4294967039 [ 207.257126][T10849] netlink: 'syz.0.2175': attribute type 1 has an invalid length. [ 207.292766][T10849] netlink: 100 bytes leftover after parsing attributes in process `syz.0.2175'. [ 207.491399][ T5870] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 207.651426][ T5870] usb 2-1: Using ep0 maxpacket: 32 [ 207.667311][ T5870] usb 2-1: unable to get BOS descriptor or descriptor too short [ 207.695702][ T5870] usb 2-1: config 7 has an invalid interface number: 187 but max is 0 [ 207.726268][ T5870] usb 2-1: config 7 has no interface number 0 [ 207.752106][ T5870] usb 2-1: config 7 interface 187 has no altsetting 0 [ 207.804392][ T5870] usb 2-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 207.827658][ T5870] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.853460][ T5870] usb 2-1: Product: syz [ 207.867238][ T5870] usb 2-1: Manufacturer: syz [ 207.875062][ T5870] usb 2-1: SerialNumber: syz [ 208.118535][ T5870] usb 2-1: Limiting number of CPorts to U8_MAX [ 208.137942][ T5870] usb 2-1: Not enough endpoints found in device, aborting! [ 208.341331][ T5870] usb 2-1: USB disconnect, device number 18 [ 208.452959][T10889] pimreg3: entered allmulticast mode [ 208.476383][T10888] pimreg3: left allmulticast mode [ 208.893931][T10910] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2189'. [ 209.509457][ T29] audit: type=1326 audit(1736574439.174:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10938 comm="syz.1.2197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad49b85d29 code=0x7ffc0000 [ 209.561025][ T29] audit: type=1326 audit(1736574439.174:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10938 comm="syz.1.2197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad49b85d29 code=0x7ffc0000 [ 209.637171][ T29] audit: type=1326 audit(1736574439.174:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10938 comm="syz.1.2197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fad49b85d29 code=0x7ffc0000 [ 209.680818][ T29] audit: type=1326 audit(1736574439.174:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10938 comm="syz.1.2197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad49b85d29 code=0x7ffc0000 [ 209.718742][ T29] audit: type=1326 audit(1736574439.174:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10938 comm="syz.1.2197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fad49b7cce7 code=0x7ffc0000 [ 209.744795][ T29] audit: type=1326 audit(1736574439.174:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10938 comm="syz.1.2197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fad49b21f29 code=0x7ffc0000 [ 209.795742][ T29] audit: type=1326 audit(1736574439.174:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10938 comm="syz.1.2197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fad49b7cce7 code=0x7ffc0000 [ 209.828958][ T29] audit: type=1326 audit(1736574439.174:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10938 comm="syz.1.2197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fad49b21f29 code=0x7ffc0000 [ 209.864054][ T29] audit: type=1326 audit(1736574439.174:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10938 comm="syz.1.2197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fad49b7cce7 code=0x7ffc0000 [ 209.895361][ T29] audit: type=1326 audit(1736574439.174:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10938 comm="syz.1.2197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fad49b21f29 code=0x7ffc0000 [ 210.154434][T10964] 8021q: adding VLAN 0 to HW filter on device bond0 [ 210.167599][T10964] bond0: (slave rose0): Enslaving as an active interface with an up link [ 210.200857][ T5870] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 210.232908][ T5910] kernel write not supported for file /snd/seq (pid: 5910 comm: kworker/1:6) [ 210.369908][ T5870] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 210.409893][ T5870] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 210.441007][ T5870] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 210.467000][ T5870] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 210.479674][ T5870] usb 3-1: SerialNumber: syz [ 210.524776][T10985] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2220'. [ 210.696976][ T5870] usb 3-1: 0:2 : does not exist [ 210.704674][ T5870] usb 3-1: unit 255 not found! [ 210.735190][ T5870] usb 3-1: USB disconnect, device number 23 [ 210.793920][T10998] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 210.802910][T10998] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 210.811964][T10998] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 210.820827][T10998] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 211.045989][T11017] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2228'. [ 211.061885][T11014] netlink: 'syz.4.2233': attribute type 3 has an invalid length. [ 211.089243][T11014] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2233'. [ 211.528502][T11042] netlink: 'syz.2.2244': attribute type 6 has an invalid length. [ 212.570773][ T5910] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 212.812563][ T5910] usb 3-1: Using ep0 maxpacket: 16 [ 212.820406][ T5910] usb 3-1: config index 0 descriptor too short (expected 16456, got 72) [ 212.820437][ T5910] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 212.820458][ T5910] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 212.820477][ T5910] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 212.820496][ T5910] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 212.820516][ T5910] usb 3-1: config 0 has no interface number 0 [ 212.820558][ T5910] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 212.820588][ T5910] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 212.820610][ T5910] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 212.820636][ T5910] usb 3-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 212.820661][ T5910] usb 3-1: config 0 interface 125 has no altsetting 0 [ 212.820681][ T5910] usb 3-1: config 0 interface 125 has no altsetting 2 [ 212.831353][ T5910] usb 3-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 212.831389][ T5910] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 212.831411][ T5910] usb 3-1: Product: syz [ 212.831428][ T5910] usb 3-1: Manufacturer: syz [ 212.831443][ T5910] usb 3-1: SerialNumber: syz [ 212.833410][ T5910] usb 3-1: config 0 descriptor?? [ 212.835781][ T5910] usb 3-1: selecting invalid altsetting 2 [ 213.068342][ C1] usb 3-1: async_complete: urb error -71 [ 213.068453][ C1] usb 3-1: async_complete: urb error -71 [ 213.068518][ C1] usb 3-1: async_complete: urb error -71 [ 213.068573][ C1] usb 3-1: async_complete: urb error -71 [ 213.070547][ T5910] get_1284_register: usb error -71 [ 213.070633][ T5910] uss720 3-1:0.125: probe with driver uss720 failed with error -71 [ 213.073619][ T5910] usb 3-1: USB disconnect, device number 24 [ 214.110777][T11154] binder: 11153:11154 ioctl c0306201 20000940 returned -14 [ 214.296307][ T8] IPVS: starting estimator thread 0... [ 214.389481][T11163] IPVS: using max 21 ests per chain, 50400 per kthread [ 214.716419][T11190] bridge_slave_0: default FDB implementation only supports local addresses [ 214.869005][T11201] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2312'. [ 215.026576][T11210] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2317'. [ 215.308288][ T29] kauditd_printk_skb: 124 callbacks suppressed [ 215.308306][ T29] audit: type=1326 audit(1736574444.974:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11223 comm="syz.3.2325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f890e585d29 code=0x7ffc0000 [ 215.387497][ T29] audit: type=1326 audit(1736574444.974:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11223 comm="syz.3.2325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=209 compat=0 ip=0x7f890e585d29 code=0x7ffc0000 [ 215.432895][ T29] audit: type=1326 audit(1736574444.974:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11223 comm="syz.3.2325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f890e585d29 code=0x7ffc0000 [ 215.542534][T11230] tmpfs: Bad value for 'mpol' [ 215.771010][ T29] audit: type=1326 audit(1736574445.444:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11243 comm="syz.1.2334" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fad49b85d29 code=0x0 [ 215.799869][ T25] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 215.971209][ T25] usb 4-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33 [ 215.981189][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 215.999916][ T25] usb 4-1: config 0 descriptor?? [ 216.010234][ T25] gspca_main: sunplus-2.14.0 probing 055f:c420 [ 216.331590][T11261] input: syz0 as /devices/virtual/input/input24 [ 216.461026][T11267] loop4: detected capacity change from 0 to 8 [ 216.470330][T11267] Dev loop4: unable to read RDB block 8 [ 216.476050][T11267] loop4: unable to read partition table [ 216.500123][T11267] loop4: partition table beyond EOD, truncated [ 216.506658][T11267] loop_reread_partitions: partition scan of loop4 (被x ) failed (rc=-5) [ 216.625333][T11275] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2347'. [ 216.736816][T11278] could not allocate digest TFM handle EW| rQt`qt/Ѧ6@a A\bT|z.ZBi [ 216.736816][T11278] qf!%$pWk /s}/Δ7 ]=_8G [ 216.856649][ T25] gspca_sunplus: reg_w_riv err -71 [ 216.861968][ T25] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 216.876895][ T25] usb 4-1: USB disconnect, device number 20 [ 217.170456][T11299] netlink: 1 bytes leftover after parsing attributes in process `syz.4.2358'. [ 217.695287][ T29] audit: type=1326 audit(1736574447.324:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11323 comm="syz.2.2369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f508cd85d29 code=0x7ffc0000 [ 217.717589][ T29] audit: type=1326 audit(1736574447.324:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11323 comm="syz.2.2369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f508cd85d29 code=0x7ffc0000 [ 217.739442][ T29] audit: type=1326 audit(1736574447.324:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11323 comm="syz.2.2369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f508cd85d29 code=0x7ffc0000 [ 217.761778][ T29] audit: type=1326 audit(1736574447.324:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11323 comm="syz.2.2369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f508cd85d63 code=0x7ffc0000 [ 217.783490][ T29] audit: type=1326 audit(1736574447.324:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11323 comm="syz.2.2369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f508cd85d63 code=0x7ffc0000 [ 217.805540][ T29] audit: type=1326 audit(1736574447.334:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11323 comm="syz.2.2369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f508cd85d29 code=0x7ffc0000 [ 218.089701][ T25] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 218.249532][ T25] usb 4-1: Using ep0 maxpacket: 16 [ 218.260008][ T25] usb 4-1: New USB device found, idVendor=0456, idProduct=f000, bcdDevice=f3.7f [ 218.279661][ T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 218.299107][ T25] usb 4-1: Product: syz [ 218.304268][ T25] usb 4-1: Manufacturer: syz [ 218.320104][ T25] usb 4-1: SerialNumber: syz [ 218.327716][ T25] usb 4-1: config 0 descriptor?? [ 218.345508][ T25] ftdi_sio 4-1:0.0: Ignoring interface reserved for JTAG [ 218.572997][ T5870] usb 4-1: USB disconnect, device number 21 [ 218.689673][ T25] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 218.874270][ T25] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 218.895410][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 218.919835][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 218.939138][ T25] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 218.960498][ T25] usb 3-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00 [ 218.975556][ T8] kernel write not supported for file /817/attr/keycreate (pid: 8 comm: kworker/0:0) [ 218.979427][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.001185][ T25] usb 3-1: config 0 descriptor?? [ 219.119783][ T5870] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 219.207559][T11381] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2393'. [ 219.311456][ T5870] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 219.322052][ T5870] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 219.350476][ T5870] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 219.359978][ T5870] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 219.369600][ T5870] usb 5-1: SerialNumber: syz [ 219.451758][ T25] hid-picolcd 0003:04D8:C002.0019: item fetching failed at offset 5/7 [ 219.469016][ T25] hid-picolcd 0003:04D8:C002.0019: device report parse failed [ 219.493641][ T25] hid-picolcd 0003:04D8:C002.0019: probe with driver hid-picolcd failed with error -22 [ 219.508319][T11392] (unnamed net_device) (uninitialized): (slave bond_slave_1): Device is not our slave [ 219.522264][T11392] (unnamed net_device) (uninitialized): option active_slave: invalid value (bond_slave_1) [ 219.626410][ T5870] usb 5-1: 0:2 : does not exist [ 219.669456][ T5870] usb 5-1: USB disconnect, device number 22 [ 219.734826][ T25] usb 3-1: USB disconnect, device number 25 [ 220.153412][T11423] ax25_connect(): syz.3.2413 uses autobind, please contact jreuter@yaina.de [ 220.494927][T11443] tap0: tun_chr_ioctl cmd 2147767521 [ 222.608097][ T29] kauditd_printk_skb: 38 callbacks suppressed [ 222.608117][ T29] audit: type=1326 audit(1736574452.264:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11533 comm="syz.2.2463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f508cd85d29 code=0x7ffc0000 [ 222.637526][ T29] audit: type=1326 audit(1736574452.264:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11533 comm="syz.2.2463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f508cd85d29 code=0x7ffc0000 [ 222.659564][ T29] audit: type=1326 audit(1736574452.264:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11533 comm="syz.2.2463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f508cd85d29 code=0x7ffc0000 [ 222.681331][ T29] audit: type=1326 audit(1736574452.264:509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11533 comm="syz.2.2463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f508cd85d29 code=0x7ffc0000 [ 222.703276][ T29] audit: type=1326 audit(1736574452.264:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11533 comm="syz.2.2463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f508cd85d29 code=0x7ffc0000 [ 222.725546][ T29] audit: type=1326 audit(1736574452.264:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11533 comm="syz.2.2463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f508cd85d29 code=0x7ffc0000 [ 222.749728][ T29] audit: type=1326 audit(1736574452.264:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11533 comm="syz.2.2463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f508cd7cce7 code=0x7ffc0000 [ 222.771362][ T29] audit: type=1326 audit(1736574452.264:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11533 comm="syz.2.2463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f508cd21f29 code=0x7ffc0000 [ 222.793517][ T29] audit: type=1326 audit(1736574452.264:514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11533 comm="syz.2.2463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f508cd7cce7 code=0x7ffc0000 [ 222.815104][ T29] audit: type=1326 audit(1736574452.264:515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11533 comm="syz.2.2463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f508cd21f29 code=0x7ffc0000 [ 222.896209][T11542] netlink: 428 bytes leftover after parsing attributes in process `syz.1.2467'. [ 222.905967][T11542] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2467'. [ 223.472029][T11561] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 223.589573][ T25] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 223.800467][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 223.830205][T11578] program syz.0.2483 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 223.831112][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 223.879393][ T25] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 223.909193][ T25] usb 4-1: New USB device found, idVendor=1770, idProduct=ff00, bcdDevice= 0.00 [ 223.939404][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.971264][ T25] usb 4-1: config 0 descriptor?? [ 223.989617][ T5905] usb 3-1: new full-speed USB device number 26 using dummy_hcd [ 224.168769][ T5905] usb 3-1: config index 0 descriptor too short (expected 35577, got 27) [ 224.191497][ T5905] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 224.201072][ T5905] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 224.210229][ T5905] usb 3-1: config 1 has no interface number 0 [ 224.216518][ T5905] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 224.230752][ T5905] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 224.248558][ T5905] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 224.276668][ T5905] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 224.297351][ T5905] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found [ 224.379125][ T5910] kernel write not supported for file /snd/midiC2D0 (pid: 5910 comm: kworker/1:6) [ 224.398557][ T25] gt683r_led 0003:1770:FF00.001A: hidraw1: USB HID v0.00 Device [HID 1770:ff00] on usb-dummy_hcd.3-1/input0 [ 224.605841][ T5910] usb 4-1: USB disconnect, device number 22 [ 224.617331][ T25] gt683r_led 0003:1770:FF00.001A: failed to send set report request: -19 [ 224.848963][ T5905] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached [ 225.083953][ T5910] usb 3-1: USB disconnect, device number 26 [ 225.091140][ T5910] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected [ 225.971823][T11650] netlink: zone id is out of range [ 225.976995][T11650] netlink: zone id is out of range [ 225.989504][T11650] netlink: zone id is out of range [ 225.999084][T11650] netlink: zone id is out of range [ 226.018747][T11650] netlink: zone id is out of range [ 226.360087][T11661] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2519'. [ 228.460201][ T5910] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 228.612367][ T5910] usb 4-1: config 0 has an invalid interface number: 117 but max is 0 [ 228.634396][ T5910] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 228.650771][ T5910] usb 4-1: config 0 has no interface number 0 [ 228.657171][ T5910] usb 4-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 228.677911][ T5910] usb 4-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 228.703032][ T5910] usb 4-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 228.718087][ T5910] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 228.726642][ T5910] usb 4-1: Product: syz [ 228.731299][ T5910] usb 4-1: Manufacturer: syz [ 228.735988][ T5910] usb 4-1: SerialNumber: syz [ 228.775529][ T5910] usb 4-1: config 0 descriptor?? [ 229.358988][T11751] 9p: Unknown Cache mode or invalid value f [ 229.414378][ T5910] usb 4-1: USB disconnect, device number 23 [ 229.653275][T11772] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2566'. [ 229.761446][T11778] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 230.046092][T11793] Bluetooth: MGMT ver 1.23 [ 230.685632][T11826] misc userio: No port type given on /dev/userio [ 230.730693][T11829] sctp: [Deprecated]: syz.2.2590 (pid 11829) Use of struct sctp_assoc_value in delayed_ack socket option. [ 230.730693][T11829] Use struct sctp_sack_info instead [ 230.801789][T11832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 230.834243][T11832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.870765][T11832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 230.899380][T11832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 231.160812][T11844] delete_channel: no stack [ 231.279216][T11848] tap0: tun_chr_ioctl cmd 1074025677 [ 231.285040][T11848] tap0: linktype set to 769 [ 234.029674][ T8] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 234.199637][ T8] usb 5-1: Using ep0 maxpacket: 32 [ 234.206597][ T8] usb 5-1: config 0 interface 0 has no altsetting 0 [ 234.221815][ T8] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 234.236821][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.247649][ T8] usb 5-1: Product: syz [ 234.252811][ T8] usb 5-1: Manufacturer: syz [ 234.257764][ T8] usb 5-1: SerialNumber: syz [ 234.264740][ T8] usb 5-1: config 0 descriptor?? [ 234.458768][T11962] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2649'. [ 234.520941][T11964] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2650'. [ 234.554367][T11964] netem: unknown loss type 13 [ 234.565171][T11964] netem: change failed [ 234.705461][ T8] gs_usb 5-1:0.0: Configuring for 1 interfaces [ 234.715238][T11974] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2654'. [ 235.110415][T11990] sctp: [Deprecated]: syz.1.2663 (pid 11990) Use of struct sctp_assoc_value in delayed_ack socket option. [ 235.110415][T11990] Use struct sctp_sack_info instead [ 235.131304][ T8] gs_usb 5-1:0.0: Disabling termination support for channel 0 (-EPROTO) [ 235.140681][ T8] gs_usb 5-1:0.0: Couldn't get extended bit timing const for channel 0 (-EPROTO) [ 235.150706][ T8] gs_usb 5-1:0.0: probe with driver gs_usb failed with error -71 [ 235.162687][ T8] usb 5-1: USB disconnect, device number 23 [ 235.461069][T12010] sctp: [Deprecated]: syz.2.2672 (pid 12010) Use of struct sctp_assoc_value in delayed_ack socket option. [ 235.461069][T12010] Use struct sctp_sack_info instead [ 235.704088][T12023] hsr0: entered promiscuous mode [ 235.715769][T12023] hsr0: left promiscuous mode [ 235.759470][ T25] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 235.920968][ T25] usb 2-1: config 0 has an invalid interface number: 117 but max is 0 [ 235.935918][ T25] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 235.959160][ T25] usb 2-1: config 0 has no interface number 0 [ 235.965424][ T25] usb 2-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 235.975910][ T25] usb 2-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 235.992937][ T25] usb 2-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 236.002692][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 236.011152][ T25] usb 2-1: Product: syz [ 236.015661][ T25] usb 2-1: Manufacturer: syz [ 236.023679][ T25] usb 2-1: SerialNumber: syz [ 236.042495][ T25] usb 2-1: config 0 descriptor?? [ 236.097548][T12041] sch_fq: defrate 2 ignored. [ 236.187059][T12045] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2688'. [ 236.206122][T12045] veth0_macvtap: left promiscuous mode [ 236.275889][T12049] pim6reg: entered allmulticast mode [ 236.301561][T12046] pim6reg: left allmulticast mode [ 236.447707][T12056] block nbd4: NBD_DISCONNECT [ 236.510286][ T8] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 236.669687][ T8] usb 4-1: Using ep0 maxpacket: 16 [ 236.681154][ T8] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 236.692673][ T25] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.117/input/input27 [ 236.703669][ T8] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87 [ 236.736797][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 152, changing to 11 [ 236.765180][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 8285, setting to 1024 [ 236.819901][ T8] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 236.898168][ T8] usb 4-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89 [ 236.909834][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 236.917872][ T8] usb 4-1: Product: syz [ 236.922441][ T8] usb 4-1: Manufacturer: syz [ 236.927097][ T8] usb 4-1: SerialNumber: syz [ 236.929713][ T25] usb 2-1: USB disconnect, device number 19 [ 236.950575][ T8] usb 4-1: config 0 descriptor?? [ 237.220359][ T8] appledisplay 4-1:0.0: Error while getting initial brightness: -110 [ 237.233958][ T8] appledisplay 4-1:0.0: probe with driver appledisplay failed with error -110 [ 237.416330][T12092] netlink: 'syz.2.2709': attribute type 1 has an invalid length. [ 237.428468][ T8] usb 4-1: USB disconnect, device number 24 [ 238.275370][T12144] openvswitch: netlink: nsh attribute has 65512 unknown bytes. [ 238.286512][T12144] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 238.439950][ T5829] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 238.612863][ T5829] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 238.629402][ T5829] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 238.647676][ T5829] usb 2-1: Product: syz [ 238.657792][ T5829] usb 2-1: Manufacturer: syz [ 238.667915][ T5829] usb 2-1: SerialNumber: syz [ 238.680833][ T5829] usb 2-1: config 0 descriptor?? [ 238.712836][T12162] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 238.910318][ T5910] usb 2-1: USB disconnect, device number 20 [ 239.078099][T12178] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2746'. [ 239.349511][ T25] usb 5-1: new full-speed USB device number 24 using dummy_hcd [ 239.416098][T12195] trusted_key: syz.2.2755 sent an empty control message without MSG_MORE. [ 239.514546][ T25] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 239.539360][ T25] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x1D, changing to 0xD [ 239.562108][ T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 4097, setting to 64 [ 239.589345][ T25] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 239.618939][ T25] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 239.629079][ T25] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 239.649420][ T25] usb 5-1: Manufacturer: syz [ 239.676641][ T25] usb 5-1: config 0 descriptor?? [ 239.700498][T12179] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 239.723931][ T25] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 239.838439][T12214] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 239.936568][ T5829] usb 5-1: USB disconnect, device number 24 [ 240.540750][T12253] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2781'. [ 241.020346][T12277] program syz.1.2793 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 241.048032][ T29] kauditd_printk_skb: 15 callbacks suppressed [ 241.048052][ T29] audit: type=1400 audit(1736574470.714:531): lsm=SMACK fn=smack_inode_permission action=denied subject="y" object="_" requested=wx pid=12278 comm="syz.2.2794" name="557" dev="tmpfs" ino=2841 [ 241.355006][ T29] audit: type=1326 audit(1736574471.024:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12287 comm="syz.3.2798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f890e585d29 code=0x7ffc0000 [ 241.407459][ T29] audit: type=1326 audit(1736574471.024:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12287 comm="syz.3.2798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f890e585d29 code=0x7ffc0000 [ 241.430430][ T5829] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 241.477622][ T29] audit: type=1326 audit(1736574471.044:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12287 comm="syz.3.2798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=129 compat=0 ip=0x7f890e585d29 code=0x7ffc0000 [ 241.560978][ T29] audit: type=1326 audit(1736574471.044:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12287 comm="syz.3.2798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f890e585d29 code=0x7ffc0000 [ 241.603904][ T5829] usb 2-1: config 0 has an invalid interface number: 98 but max is 0 [ 241.620004][ T5829] usb 2-1: config 0 has no interface number 0 [ 241.633262][ T5829] usb 2-1: config 0 interface 98 has no altsetting 0 [ 241.649768][ T29] audit: type=1326 audit(1736574471.044:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12287 comm="syz.3.2798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f890e585d29 code=0x7ffc0000 [ 241.674077][ T5829] usb 2-1: New USB device found, idVendor=1110, idProduct=9024, bcdDevice=db.24 [ 241.689670][ T5829] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.702143][ T5829] usb 2-1: Product: syz [ 241.706398][ T5829] usb 2-1: Manufacturer: syz [ 241.716472][ T5829] usb 2-1: SerialNumber: syz [ 241.723802][ T5829] usb 2-1: config 0 descriptor?? [ 241.869808][ T5910] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 241.951037][ T5829] usb 2-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9024) Rev (0XDB24): Eagle II [ 242.019604][ T5910] usb 3-1: Using ep0 maxpacket: 16 [ 242.026698][ T5910] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 242.041120][ T5910] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 242.052912][ T5910] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 242.079524][ T5910] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 242.101880][ T5910] usb 3-1: config 0 descriptor?? [ 242.308201][T12323] program syz.4.2812 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 242.529552][ T5910] corsair 0003:1B1C:1B02.001B: hidraw1: USB HID v0.00 Device [HID 1b1c:1b02] on usb-dummy_hcd.2-1/input0 [ 242.603592][ T5829] usb 2-1: reset high-speed USB device number 21 using dummy_hcd [ 242.664511][ T29] audit: type=1326 audit(1736574472.334:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12340 comm="syz.3.2822" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f890e585d29 code=0x0 [ 242.709743][ T25] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 242.721368][ T5910] corsair 0003:1B1C:1B02.001B: Read invalid backlight brightness: c5. [ 242.859593][ T25] usb 5-1: Using ep0 maxpacket: 16 [ 242.868478][ T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 242.883793][ T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 242.895007][ T25] usb 5-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 242.904444][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 242.914323][ T25] usb 5-1: config 0 descriptor?? [ 242.936465][ T5910] usb 3-1: USB disconnect, device number 27 [ 242.975158][ T5829] usb 2-1: [ueagle-atm] pre-firmware device, uploading firmware [ 242.986995][ T5829] usb 2-1: [ueagle-atm] loading firmware ueagle-atm/eagleII.fw [ 242.995762][ T8] usb 2-1: Direct firmware load for ueagle-atm/eagleII.fw failed with error -2 [ 243.010550][ T8] usb 2-1: Falling back to sysfs fallback for: ueagle-atm/eagleII.fw [ 243.180829][ T5910] usb 2-1: USB disconnect, device number 21 [ 243.336955][ T25] elan 0003:04F3:0755.001C: unknown main item tag 0x3 [ 243.350119][ T25] elan 0003:04F3:0755.001C: hidraw1: USB HID v0.00 Device [HID 04f3:0755] on usb-dummy_hcd.4-1/input0 [ 243.562089][ T5905] usb 5-1: USB disconnect, device number 25 [ 244.283697][T12403] hsr_slave_0: left promiscuous mode [ 244.320943][T12403] hsr_slave_1: left promiscuous mode [ 244.449428][ T5910] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 244.614753][ T5910] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 244.643283][ T5910] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 244.699462][ T5910] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 244.719470][ T5910] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.743049][ T5910] usb 5-1: config 0 descriptor?? [ 245.187515][ T5910] keytouch 0003:0926:3333.001D: fixing up Keytouch IEC report descriptor [ 245.250825][ T5910] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.001D/input/input28 [ 245.515909][ T5910] keytouch 0003:0926:3333.001D: input,hidraw1: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 245.584638][ T5910] usb 5-1: USB disconnect, device number 26 [ 245.635683][T12472] netem: incorrect gi model size [ 245.641921][T12472] netem: change failed [ 245.686290][T12475] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2878'. [ 246.029319][ T29] audit: type=1326 audit(1736574475.694:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12493 comm="syz.3.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f890e585d29 code=0x7ffc0000 [ 246.063518][ T29] audit: type=1326 audit(1736574475.694:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12493 comm="syz.3.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f890e585d29 code=0x7ffc0000 [ 246.085762][ T29] audit: type=1326 audit(1736574475.694:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12493 comm="syz.3.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f890e585d29 code=0x7ffc0000 [ 246.107658][ T29] audit: type=1326 audit(1736574475.694:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12493 comm="syz.3.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f890e585d29 code=0x7ffc0000 [ 246.129780][ T29] audit: type=1326 audit(1736574475.694:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12493 comm="syz.3.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=166 compat=0 ip=0x7f890e585d29 code=0x7ffc0000 [ 246.151507][ T29] audit: type=1326 audit(1736574475.714:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12493 comm="syz.3.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f890e585d29 code=0x7ffc0000 [ 246.173631][ T29] audit: type=1326 audit(1736574475.714:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12493 comm="syz.3.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f890e585d29 code=0x7ffc0000 [ 247.210900][T12521] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 247.230311][T12521] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 247.267257][T12521] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 247.293394][T12521] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 247.690366][T12546] netlink: 'syz.1.2909': attribute type 1 has an invalid length. [ 247.708443][T12546] netlink: 112 bytes leftover after parsing attributes in process `syz.1.2909'. [ 248.085319][T12568] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2919'. [ 248.094954][T12568] netlink: 344 bytes leftover after parsing attributes in process `syz.1.2919'. [ 248.121207][T12570] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2920'. [ 248.148849][T12570] netlink: 'syz.3.2920': attribute type 2 has an invalid length. [ 248.177501][T12572] IPv6: sit1: Disabled Multicast RS [ 249.298906][T12637] IPVS: Scheduler module ip_vs_ not found [ 249.917377][T12679] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2970'. [ 250.100024][T12694] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2973'. [ 251.111823][T12740] usb usb9: usbfs: interface 0 claimed by hub while 'syz.1.2997' sets config #0 [ 251.710372][T12769] syz.3.3010[12769] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 251.710475][T12769] syz.3.3010[12769] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 251.723204][T12769] syz.3.3010[12769] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 252.118530][T12787] program syz.4.3019 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 252.157844][ T5910] kernel read not supported for file /usbmon9 (pid: 5910 comm: kworker/1:6) [ 252.319434][T12796] tap0: tun_chr_ioctl cmd 1074025673 [ 252.529439][ T5910] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 252.537445][T12805] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 252.559469][T12805] syzkaller0: linktype set to 821 [ 252.699693][ T5910] usb 3-1: Using ep0 maxpacket: 8 [ 252.711240][ T5910] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 252.722852][ T5910] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 252.753055][ T5910] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 252.785968][ T5910] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 252.818531][ T5910] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 252.853142][ T5910] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 252.889237][ T5910] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 252.905944][ T5910] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 252.918101][ T5910] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 252.929656][ T5910] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 252.980066][ T5910] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 252.987573][ T5910] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 252.993086][T12821] delete_channel: no stack [ 253.004066][ T5910] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 253.015305][T12820] delete_channel: no stack [ 253.019583][ T5910] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 253.036026][ T5910] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 253.072596][ T5910] usb 3-1: string descriptor 0 read error: -22 [ 253.089956][ T5910] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 253.127793][ T5910] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 253.168153][ T5910] adutux 3-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 253.473342][ T5910] usb 3-1: USB disconnect, device number 28 [ 253.849457][ T25] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 254.039615][ T25] usb 2-1: Using ep0 maxpacket: 32 [ 254.070150][ T25] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 254.099724][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 254.119501][ T25] usb 2-1: Product: syz [ 254.123803][ T25] usb 2-1: Manufacturer: syz [ 254.128422][ T25] usb 2-1: SerialNumber: syz [ 254.152292][ T25] usb 2-1: config 0 descriptor?? [ 254.162501][ T25] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 254.407721][ T25] gspca_ov534_9: reg_w failed -71 [ 254.804427][ T29] audit: type=1326 audit(1736574484.474:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12889 comm="syz.4.3064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f93ec985d29 code=0x7ffc0000 [ 254.841276][ T29] audit: type=1326 audit(1736574484.474:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12889 comm="syz.4.3064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f93ec985d29 code=0x7ffc0000 [ 254.863395][ T25] gspca_ov534_9: Unknown sensor 0000 [ 254.863465][ T25] ov534_9 2-1:0.0: probe with driver ov534_9 failed with error -22 [ 254.910963][ T25] usb 2-1: USB disconnect, device number 22 [ 254.911671][ T29] audit: type=1326 audit(1736574484.504:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12889 comm="syz.4.3064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f93ec985d29 code=0x7ffc0000 [ 254.979762][ T29] audit: type=1326 audit(1736574484.504:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12889 comm="syz.4.3064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f93ec985d29 code=0x7ffc0000 [ 255.046986][ T29] audit: type=1326 audit(1736574484.504:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12889 comm="syz.4.3064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f93ec985d29 code=0x7ffc0000 [ 255.097389][ T29] audit: type=1326 audit(1736574484.504:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12889 comm="syz.4.3064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f93ec985d29 code=0x7ffc0000 [ 255.125924][ T29] audit: type=1326 audit(1736574484.504:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12889 comm="syz.4.3064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f93ec985d29 code=0x7ffc0000 [ 255.148477][ T29] audit: type=1326 audit(1736574484.504:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12889 comm="syz.4.3064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f93ec97cce7 code=0x7ffc0000 [ 255.170586][ T29] audit: type=1326 audit(1736574484.514:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12889 comm="syz.4.3064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f93ec921f29 code=0x7ffc0000 [ 255.220558][ T29] audit: type=1326 audit(1736574484.514:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12889 comm="syz.4.3064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f93ec985d29 code=0x7ffc0000 [ 255.579552][ T5905] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 255.743021][ T5905] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 255.776479][ T5905] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 255.800149][ T5905] usb 3-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00 [ 255.838011][ T5905] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.860512][ T5905] usb 3-1: config 0 descriptor?? [ 256.039140][T12932] libceph: resolve '0.0' (ret=-3): failed [ 256.125212][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.315427][ T5905] sony 0003:054C:024B.001E: unexpected long global item [ 256.323277][ T5905] sony 0003:054C:024B.001E: parse failed [ 256.330252][ T5905] sony 0003:054C:024B.001E: probe with driver sony failed with error -22 [ 256.570110][ T5905] usb 3-1: USB disconnect, device number 29 [ 257.619467][ T5829] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 257.699582][ T25] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 257.784322][ T5829] usb 3-1: Using ep0 maxpacket: 8 [ 257.792957][ T5829] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 257.802488][ T5829] usb 3-1: config 179 has no interface number 0 [ 257.812829][ T5829] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 257.848864][ T5829] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 257.869623][ T5829] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 257.877558][ T25] usb 4-1: Using ep0 maxpacket: 8 [ 257.881376][ T5829] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 257.887792][ T25] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 257.897374][ T5829] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 257.897426][ T5829] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 257.897451][ T5829] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 257.938219][T12998] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 257.981508][ T25] usb 4-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 257.991107][ T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 257.999158][ T25] usb 4-1: Product: syz [ 258.009522][ T25] usb 4-1: Manufacturer: syz [ 258.019664][ T25] usb 4-1: SerialNumber: syz [ 258.033510][ T25] usb 4-1: config 0 descriptor?? [ 258.051868][ T25] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 258.225896][ T5829] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input29 [ 258.434371][ T973] usb 3-1: USB disconnect, device number 30 [ 258.434371][ C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 258.434504][ C0] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 258.457496][ T973] xpad 3-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 258.750023][ T5910] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 258.869138][ T25] gspca_zc3xx: reg_w_i err -71 [ 258.924936][ T5910] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 258.935375][ T5910] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 258.948064][ T5910] usb 5-1: config 0 descriptor?? [ 258.958833][ T5910] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 258.970421][ T5829] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 259.141453][ T5829] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 259.159474][ T5829] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 259.182141][ T5829] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 259.191573][ T5829] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 259.200663][ T5829] usb 2-1: SerialNumber: syz [ 259.412674][T13060] tipc: Enabled bearer , priority 0 [ 259.422739][ T5829] usb 2-1: 0:2 : does not exist [ 259.429795][T13060] tipc: Disabling bearer [ 259.459554][ T25] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 259.473088][ T25] gspca_zc3xx 4-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 259.494939][ T25] usb 4-1: USB disconnect, device number 25 [ 259.775460][ T5910] gspca_stv06xx: I2C: Read error writing address: -71 [ 259.791459][ T5910] usb 5-1: USB disconnect, device number 27 [ 259.835353][ T973] usb 2-1: USB disconnect, device number 23 [ 260.029813][ T25] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 260.181792][ T25] usb 4-1: Using ep0 maxpacket: 16 [ 260.190699][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 260.201872][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 260.213629][ T25] usb 4-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 260.223081][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.240598][ T25] usb 4-1: config 0 descriptor?? [ 260.269813][ T5966] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 260.419465][ T5966] usb 3-1: Using ep0 maxpacket: 32 [ 260.439793][ T5966] usb 3-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 260.455714][ T5966] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.466305][ T5966] usb 3-1: config 0 descriptor?? [ 260.474541][ T5966] gspca_main: sunplus-2.14.0 probing 041e:400b [ 260.530469][T13095] loop2: detected capacity change from 0 to 7 [ 260.546908][T13095] Dev loop2: unable to read RDB block 7 [ 260.554885][T13095] loop2: unable to read partition table [ 260.560828][T13095] loop2: partition table beyond EOD, truncated [ 260.567096][T13095] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 260.668419][ T25] appleir 0003:05AC:8241.001F: unknown main item tag 0x0 [ 260.696322][ T25] appleir 0003:05AC:8241.001F: unknown main item tag 0x0 [ 260.704142][ T25] appleir 0003:05AC:8241.001F: unknown main item tag 0x0 [ 260.716256][ T25] appleir 0003:05AC:8241.001F: unknown main item tag 0x0 [ 260.734551][ T25] appleir 0003:05AC:8241.001F: unknown main item tag 0x0 [ 260.745231][ T25] appleir 0003:05AC:8241.001F: No inputs registered, leaving [ 260.771818][ T25] appleir 0003:05AC:8241.001F: hiddev0,hidraw1: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.3-1/input0 [ 260.977896][ T5905] usb 4-1: USB disconnect, device number 26 [ 261.085466][ T5966] gspca_sunplus: reg_r err -71 [ 261.099603][ T5966] sunplus 3-1:0.0: probe with driver sunplus failed with error -71 [ 261.112929][ T5966] usb 3-1: USB disconnect, device number 31 [ 261.434396][T13129] input: syz1 as /devices/virtual/input/input30 [ 263.949488][ T5837] Bluetooth: hci0: command 0x0401 tx timeout [ 263.959403][T13145] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 264.062090][T13180] tipc: Started in network mode [ 264.067126][T13180] tipc: Node identity 7, cluster identity 4711 [ 264.074446][T13180] tipc: Node number set to 7 [ 264.876736][T13145] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 264.890632][T13145] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 264.896707][T13145] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 264.905758][T13145] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 264.912080][T13145] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 264.918773][T13145] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 264.924840][T13145] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 264.932589][T13145] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 264.938619][T13145] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 264.971143][T13145] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 265.269555][ T46] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 265.429416][ T46] usb 5-1: Using ep0 maxpacket: 32 [ 265.440127][ T46] usb 5-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 265.453203][ T46] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 265.481597][ T46] usb 5-1: config 0 descriptor?? [ 265.492003][ T46] gspca_main: sunplus-2.14.0 probing 041e:400b [ 265.639181][ T46] gspca_sunplus: reg_w_riv err -71 [ 265.667258][ T46] sunplus 5-1:0.0: probe with driver sunplus failed with error -71 [ 265.678218][ T46] usb 5-1: USB disconnect, device number 28 [ 266.030236][ T5823] Bluetooth: hci0: command 0x0401 tx timeout [ 266.302406][T13247] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3215'. [ 266.332434][T13247] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3215'. [ 266.929110][ T5823] Bluetooth: hci2: command 0x0406 tx timeout [ 266.929125][ T5837] Bluetooth: hci1: command 0x0406 tx timeout [ 266.990306][ T5837] Bluetooth: hci4: command 0x0c1a tx timeout [ 266.990363][ T5823] Bluetooth: hci3: command 0x0406 tx timeout [ 267.265436][T13295] netlink: 'syz.1.3237': attribute type 177 has an invalid length. [ 267.288956][T13295] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3237'. [ 372.539300][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 372.546353][ C1] rcu: 0-...!: (1 GPs behind) idle=4164/1/0x4000000000000000 softirq=39450/39451 fqs=2 [ 372.557546][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P5834/1:b..l [ 372.565486][ C1] rcu: (detected by 1, t=10505 jiffies, g=42697, q=451 ncpus=2) [ 372.573231][ C1] Sending NMI from CPU 1 to CPUs 0: [ 372.573277][ C0] NMI backtrace for cpu 0 [ 372.573300][ C0] CPU: 0 UID: 0 PID: 13306 Comm: syz.1.3240 Not tainted 6.13.0-rc6-syzkaller-00231-g77a903cd8e5a #0 [ 372.573319][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 372.573335][ C0] RIP: 0010:kasan_check_range+0x1b7/0x290 [ 372.573367][ C0] Code: f5 4d 01 fb 48 8d 5d 07 48 85 ed 48 0f 49 dd 48 83 e3 f8 48 29 dd 74 12 41 80 3b 00 0f 85 a6 00 00 00 49 ff c3 48 ff cd 75 ee <5b> 41 5c 41 5e 41 5f 5d c3 cc cc cc cc 40 84 ed 75 5f f7 c5 00 ff [ 372.573381][ C0] RSP: 0018:ffffc90000007900 EFLAGS: 00000056 [ 372.573395][ C0] RAX: 0000000000000001 RBX: 1ffffffff284e310 RCX: ffffffff817aba2c [ 372.573407][ C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff94271880 [ 372.573418][ C0] RBP: 0000000000000000 R08: ffffffff94271887 R09: 1ffffffff284e310 [ 372.573432][ C0] R10: dffffc0000000000 R11: fffffbfff284e311 R12: ffff88807b438ac4 [ 372.573445][ C0] R13: 0000000000000019 R14: dffffc0000000001 R15: fffffbfff284e311 [ 372.573456][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 372.573470][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 372.573481][ C0] CR2: 00007f890f2a56c0 CR3: 0000000020b9e000 CR4: 00000000003526f0 [ 372.573496][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 372.573505][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 372.573516][ C0] Call Trace: [ 372.573523][ C0] [ 372.573533][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 372.573556][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 372.573575][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 372.573600][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 372.573622][ C0] ? nmi_handle+0x14f/0x5a0 [ 372.573639][ C0] ? nmi_handle+0x2a/0x5a0 [ 372.573657][ C0] ? kasan_check_range+0x1b7/0x290 [ 372.573677][ C0] ? default_do_nmi+0x63/0x160 [ 372.573695][ C0] ? exc_nmi+0x123/0x1f0 [ 372.573712][ C0] ? end_repeat_nmi+0xf/0x53 [ 372.573730][ C0] ? __lock_acquire+0x4ac/0x2100 [ 372.573747][ C0] ? kasan_check_range+0x1b7/0x290 [ 372.573768][ C0] ? kasan_check_range+0x1b7/0x290 [ 372.573796][ C0] ? kasan_check_range+0x1b7/0x290 [ 372.573817][ C0] [ 372.573823][ C0] [ 372.573829][ C0] __lock_acquire+0x4ac/0x2100 [ 372.573851][ C0] lock_acquire+0x1ed/0x550 [ 372.573866][ C0] ? debug_object_deactivate+0x158/0x390 [ 372.573893][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 372.573911][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 372.573935][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 372.573956][ C0] _raw_spin_lock_irqsave+0xd5/0x120 [ 372.573975][ C0] ? debug_object_deactivate+0x158/0x390 [ 372.573997][ C0] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 372.574020][ C0] debug_object_deactivate+0x158/0x390 [ 372.574044][ C0] ? __pfx_debug_object_deactivate+0x10/0x10 [ 372.574068][ C0] ? timerqueue_add+0x260/0x290 [ 372.574085][ C0] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 372.574106][ C0] debug_deactivate+0x1b/0x220 [ 372.574127][ C0] __hrtimer_run_queues+0x305/0xd30 [ 372.574153][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 372.574172][ C0] ? sched_clock+0x4a/0x70 [ 372.574193][ C0] ? read_tsc+0x9/0x20 [ 372.574212][ C0] ? ktime_get_update_offsets_now+0x393/0x3b0 [ 372.574231][ C0] hrtimer_interrupt+0x403/0xa40 [ 372.574259][ C0] __sysvec_apic_timer_interrupt+0x110/0x420 [ 372.574278][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 372.574299][ C0] [ 372.574304][ C0] [ 372.574310][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 372.574335][ C0] RIP: 0010:page_table_check_clear+0x1ec/0x550 [ 372.574358][ C0] Code: 2b 31 ff 89 ee e8 44 9d 90 ff 85 ed 0f 85 b3 01 00 00 48 8d 7b 04 be 04 00 00 00 e8 2e 74 f4 ff bd ff ff ff ff f0 0f c1 6b 04 <8d> 75 ff 31 ff e8 1a 9d 90 ff ff cd 0f 88 91 01 00 00 e8 cd 98 90 [ 372.574371][ C0] RSP: 0018:ffffc9001d2372a0 EFLAGS: 00000213 [ 372.574385][ C0] RAX: 0000000000000001 RBX: ffff88801e500308 RCX: ffffffff820ed8f2 [ 372.574396][ C0] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffff88801e50030c [ 372.574406][ C0] RBP: 0000000000000005 R08: ffff88801e50030f R09: 1ffff11003ca0061 [ 372.574417][ C0] R10: dffffc0000000000 R11: ffffed1003ca0062 R12: 0000000000000000 [ 372.574428][ C0] R13: ffff88801e5002c0 R14: 0000000000000000 R15: 1ffffffff347d1d4 [ 372.574443][ C0] ? page_table_check_clear+0x1e2/0x550 [ 372.574468][ C0] unmap_page_range+0x2c2e/0x4040 [ 372.574492][ C0] ? __lock_acquire+0x1397/0x2100 [ 372.574520][ C0] ? __pfx_unmap_page_range+0x10/0x10 [ 372.574546][ C0] ? mas_next_slot+0xdc6/0xea0 [ 372.574569][ C0] ? uprobe_munmap+0x183/0x460 [ 372.574587][ C0] ? unmap_single_vma+0x1bd/0x2b0 [ 372.574611][ C0] unmap_vmas+0x3cc/0x5f0 [ 372.574635][ C0] ? __pfx_unmap_vmas+0x10/0x10 [ 372.574664][ C0] ? tlb_gather_mmu_fullmm+0x160/0x210 [ 372.574686][ C0] exit_mmap+0x275/0xc20 [ 372.574707][ C0] ? __pfx_exit_mmap+0x10/0x10 [ 372.574729][ C0] ? __pfx_exit_aio+0x10/0x10 [ 372.574752][ C0] ? uprobe_clear_state+0x271/0x290 [ 372.574767][ C0] ? mm_update_next_owner+0xa2/0x8a0 [ 372.574789][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 372.574811][ C0] __mmput+0x115/0x3b0 [ 372.574833][ C0] exit_mm+0x220/0x310 [ 372.574850][ C0] ? __pfx_exit_mm+0x10/0x10 [ 372.574865][ C0] ? taskstats_exit+0x326/0xa60 [ 372.574883][ C0] do_exit+0x9ad/0x28e0 [ 372.574901][ C0] ? __pfx_do_exit+0x10/0x10 [ 372.574917][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 372.574940][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 372.574957][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 372.574973][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 372.574993][ C0] do_group_exit+0x207/0x2c0 [ 372.575009][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 372.575028][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 372.575049][ C0] get_signal+0x16b2/0x1750 [ 372.575076][ C0] ? __pfx_get_signal+0x10/0x10 [ 372.575099][ C0] arch_do_signal_or_restart+0x96/0x860 [ 372.575122][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 372.575142][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 372.575163][ C0] ? syscall_exit_to_user_mode+0xa3/0x340 [ 372.575186][ C0] syscall_exit_to_user_mode+0xce/0x340 [ 372.575208][ C0] do_syscall_64+0x100/0x230 [ 372.575230][ C0] ? clear_bhb_loop+0x35/0x90 [ 372.575246][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 372.575268][ C0] RIP: 0033:0x7fad49b85d29 [ 372.575286][ C0] Code: Unable to access opcode bytes at 0x7fad49b85cff. [ 372.575294][ C0] RSP: 002b:00007fad4a90b0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 372.575310][ C0] RAX: fffffffffffffe00 RBX: 00007fad49d76088 RCX: 00007fad49b85d29 [ 372.575322][ C0] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fad49d76088 [ 372.575332][ C0] RBP: 00007fad49d76080 R08: 0000000000000000 R09: 0000000000000000 [ 372.575342][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fad49d7608c [ 372.575352][ C0] R13: 0000000000000000 R14: 00007ffc7ac08b70 R15: 00007ffc7ac08c58 [ 372.575369][ C0] [ 372.576264][ C1] task:syz-executor state:R running task stack:20336 pid:5834 tgid:5834 ppid:5815 flags:0x00004000 [ 373.268817][ C1] Call Trace: [ 373.272105][ C1] [ 373.275052][ C1] __schedule+0x17fb/0x4be0 [ 373.279604][ C1] ? __pfx___schedule+0x10/0x10 [ 373.284481][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 373.290595][ C1] ? preempt_schedule+0xe1/0xf0 [ 373.295515][ C1] preempt_schedule_common+0x84/0xd0 [ 373.300833][ C1] preempt_schedule+0xe1/0xf0 [ 373.305530][ C1] ? __pfx_preempt_schedule+0x10/0x10 [ 373.310971][ C1] ? __page_table_check_ptes_set+0x30f/0x410 [ 373.316975][ C1] ? copy_pmd_range+0x6d6d/0x77a0 [ 373.322019][ C1] preempt_schedule_thunk+0x1a/0x30 [ 373.327236][ C1] _raw_spin_unlock+0x3e/0x50 [ 373.331950][ C1] copy_pmd_range+0x6dc8/0x77a0 [ 373.336843][ C1] ? is_bpf_text_address+0x26/0x2a0 [ 373.342072][ C1] ? __pfx_copy_pmd_range+0x10/0x10 [ 373.347295][ C1] ? look_up_lock_class+0x77/0x170 [ 373.352430][ C1] ? register_lock_class+0x102/0x980 [ 373.357739][ C1] ? __pfx_mas_destroy+0x10/0x10 [ 373.362699][ C1] ? mark_lock+0x9a/0x360 [ 373.367054][ C1] ? __lock_acquire+0x1397/0x2100 [ 373.372118][ C1] copy_page_range+0x99f/0xe90 [ 373.376921][ C1] ? __pfx_copy_page_range+0x10/0x10 [ 373.382226][ C1] ? __pfx_up_write+0x10/0x10 [ 373.386929][ C1] ? __rb_insert_augmented+0x2a4/0x6b0 [ 373.392408][ C1] ? __pfx_vma_interval_tree_augment_rotate+0x10/0x10 [ 373.399191][ C1] ? vma_interval_tree_augment_rotate+0x1b4/0x1c0 [ 373.405628][ C1] copy_mm+0x1126/0x1fd0 [ 373.409905][ C1] ? __pfx_copy_mm+0x10/0x10 [ 373.414528][ C1] ? __init_rwsem+0x122/0x160 [ 373.419240][ C1] ? copy_signal+0x51c/0x640 [ 373.423874][ C1] copy_process+0x1845/0x3d50 [ 373.428690][ C1] ? copy_process+0x9fa/0x3d50 [ 373.433510][ C1] ? __lock_acquire+0x1397/0x2100 [ 373.438565][ C1] ? __pfx_copy_process+0x10/0x10 [ 373.443623][ C1] kernel_clone+0x223/0x870 [ 373.448153][ C1] ? __pfx_kernel_clone+0x10/0x10 [ 373.453209][ C1] __x64_sys_clone+0x258/0x2a0 [ 373.457990][ C1] ? __pfx___x64_sys_clone+0x10/0x10 [ 373.463284][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 373.469302][ C1] ? exc_page_fault+0x590/0x8b0 [ 373.474183][ C1] ? do_syscall_64+0xb6/0x230 [ 373.478886][ C1] do_syscall_64+0xf3/0x230 [ 373.483412][ C1] ? clear_bhb_loop+0x35/0x90 [ 373.488104][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 373.494015][ C1] RIP: 0033:0x7f890e57c593 [ 373.498439][ C1] RSP: 002b:00007ffc597215a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 373.506867][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f890e57c593 [ 373.514849][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 373.522828][ C1] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001 [ 373.530807][ C1] R10: 00005555824497d0 R11: 0000000000000246 R12: 0000000000000000 [ 373.538786][ C1] R13: 0000000000041496 R14: 00007ffc59721730 R15: 00000000000002c6 [ 373.546817][ C1] [ 373.549867][ C1] rcu: rcu_preempt kthread starved for 10495 jiffies! g42697 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 373.561085][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 373.571061][ C1] rcu: RCU grace-period kthread stack dump: [ 373.576955][ C1] task:rcu_preempt state:R running task stack:25976 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 373.588727][ C1] Call Trace: [ 373.592016][ C1] [ 373.594958][ C1] __schedule+0x17fb/0x4be0 [ 373.599508][ C1] ? __pfx___schedule+0x10/0x10 [ 373.604377][ C1] ? __pfx_lock_release+0x10/0x10 [ 373.609424][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 373.615772][ C1] ? schedule+0x90/0x320 [ 373.620040][ C1] schedule+0x14b/0x320 [ 373.624217][ C1] schedule_timeout+0x15a/0x290 [ 373.629080][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 373.634466][ C1] ? __pfx_process_timeout+0x10/0x10 [ 373.639779][ C1] ? prepare_to_swait_event+0x330/0x350 [ 373.645349][ C1] rcu_gp_fqs_loop+0x2df/0x1330 [ 373.650211][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 373.655434][ C1] ? __pfx_rcu_watching_snap_recheck+0x10/0x10 [ 373.661601][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 373.666897][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 373.672811][ C1] ? finish_swait+0xd4/0x1e0 [ 373.677418][ C1] rcu_gp_kthread+0xa7/0x3b0 [ 373.682024][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 373.687232][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 373.693140][ C1] ? __kthread_parkme+0x169/0x1d0 [ 373.698218][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 373.703445][ C1] kthread+0x2f0/0x390 [ 373.707531][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 373.712743][ C1] ? __pfx_kthread+0x10/0x10 [ 373.717349][ C1] ret_from_fork+0x4b/0x80 [ 373.721774][ C1] ? __pfx_kthread+0x10/0x10 [ 373.726378][ C1] ret_from_fork_asm+0x1a/0x30 [ 373.731170][ C1] [ 373.734197][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 373.740524][ C1] CPU: 1 UID: 0 PID: 1799 Comm: kworker/u8:5 Not tainted 6.13.0-rc6-syzkaller-00231-g77a903cd8e5a #0 [ 373.751379][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 373.761445][ C1] Workqueue: events_unbound toggle_allocation_gate [ 373.767974][ C1] RIP: 0010:smp_call_function_many_cond+0x19f3/0x2c60 [ 373.774753][ C1] Code: 45 8b 65 00 44 89 e6 83 e6 01 31 ff e8 c6 e6 0b 00 41 83 e4 01 49 bc 00 00 00 00 00 fc ff df 75 07 e8 71 e2 0b 00 eb 38 f3 90 <42> 0f b6 04 23 84 c0 75 11 41 f7 45 00 01 00 00 00 74 1e e8 55 e2 [ 373.794368][ C1] RSP: 0018:ffffc90004b3f6e0 EFLAGS: 00000293 [ 373.800448][ C1] RAX: ffffffff81938f8b RBX: 1ffff110170c8c65 RCX: ffff888028f40000 [ 373.808430][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 373.816408][ C1] RBP: ffffc90004b3f8e0 R08: ffffffff81938f5a R09: 1ffffffff284e310 [ 373.824387][ C1] R10: dffffc0000000000 R11: fffffbfff284e311 R12: dffffc0000000000 [ 373.832367][ C1] R13: ffff8880b8646328 R14: ffff8880b873f940 R15: 0000000000000000 [ 373.840362][ C1] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 373.849296][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 373.855888][ C1] CR2: 00007f508daa56c0 CR3: 000000000e736000 CR4: 00000000003526f0 [ 373.863871][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 373.871852][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 373.879831][ C1] Call Trace: [ 373.883120][ C1] [ 373.885971][ C1] ? rcu_check_gp_kthread_starvation+0x278/0x310 [ 373.892326][ C1] ? print_other_cpu_stall+0x1481/0x15c0 [ 373.897983][ C1] ? __pfx_print_other_cpu_stall+0x10/0x10 [ 373.903815][ C1] ? kvm_check_and_clear_guest_paused+0x6a/0xd0 [ 373.910076][ C1] ? rcu_sched_clock_irq+0xa26/0x10e0 [ 373.915466][ C1] ? __pfx_rcu_sched_clock_irq+0x10/0x10 [ 373.921122][ C1] ? update_process_times+0x242/0x2f0 [ 373.926508][ C1] ? tick_nohz_handler+0x37c/0x500 [ 373.931636][ C1] ? __pfx_tick_nohz_handler+0x10/0x10 [ 373.937117][ C1] ? __hrtimer_run_queues+0x551/0xd30 [ 373.942523][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 373.948253][ C1] ? sched_clock+0x4a/0x70 [ 373.952688][ C1] ? read_tsc+0x9/0x20 [ 373.956776][ C1] ? ktime_get_update_offsets_now+0x393/0x3b0 [ 373.962857][ C1] ? hrtimer_interrupt+0x403/0xa40 [ 373.968006][ C1] ? __sysvec_apic_timer_interrupt+0x110/0x420 [ 373.974179][ C1] ? sysvec_apic_timer_interrupt+0xa1/0xc0 [ 373.980000][ C1] [ 373.982935][ C1] [ 373.985873][ C1] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 373.992048][ C1] ? smp_call_function_many_cond+0x19da/0x2c60 [ 373.998217][ C1] ? smp_call_function_many_cond+0x1a0b/0x2c60 [ 374.004389][ C1] ? smp_call_function_many_cond+0x19f3/0x2c60 [ 374.010570][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 374.015614][ C1] ? __pfx___text_poke+0x10/0x10 [ 374.020562][ C1] ? process_scheduled_works+0x976/0x1840 [ 374.026303][ C1] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 374.032644][ C1] ? __pfx___might_resched+0x10/0x10 [ 374.037953][ C1] ? __pfx___mutex_trylock_common+0x10/0x10 [ 374.043863][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 374.048902][ C1] on_each_cpu_cond_mask+0x3f/0x80 [ 374.054027][ C1] text_poke_bp_batch+0x352/0xb30 [ 374.059066][ C1] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 374.065065][ C1] ? arch_jump_label_transform_apply+0x17/0x30 [ 374.071234][ C1] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 374.076802][ C1] ? arch_jump_label_transform_queue+0x9b/0x100 [ 374.083066][ C1] ? process_scheduled_works+0x976/0x1840 [ 374.088803][ C1] text_poke_finish+0x30/0x50 [ 374.093493][ C1] arch_jump_label_transform_apply+0x1c/0x30 [ 374.099488][ C1] static_key_enable_cpuslocked+0x136/0x260 [ 374.105396][ C1] static_key_enable+0x1a/0x20 [ 374.110170][ C1] toggle_allocation_gate+0xbc/0x260 [ 374.115489][ C1] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 374.121398][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 374.127753][ C1] process_scheduled_works+0xa66/0x1840 [ 374.133338][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 374.139342][ C1] ? assign_work+0x364/0x3d0 [ 374.143950][ C1] worker_thread+0x870/0xd30 [ 374.148554][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 374.154462][ C1] ? __kthread_parkme+0x169/0x1d0 [ 374.159499][ C1] ? __pfx_worker_thread+0x10/0x10 [ 374.164619][ C1] kthread+0x2f0/0x390 [ 374.168701][ C1] ? __pfx_worker_thread+0x10/0x10 [ 374.173817][ C1] ? __pfx_kthread+0x10/0x10 [ 374.178415][ C1] ret_from_fork+0x4b/0x80 [ 374.182838][ C1] ? __pfx_kthread+0x10/0x10 [ 374.187439][ C1] ret_from_fork_asm+0x1a/0x30 [ 374.192231][ C1]