last executing test programs: 6m40.166067968s ago: executing program 0 (id=424): r0 = socket(0x2d, 0x2, 0x0) connect$qrtr(r0, &(0x7f0000000300)={0x2d, 0xffffffffffffffff, 0x4001}, 0xc) connect$qrtr(r0, &(0x7f0000000300)={0x2d, 0xffffffff, 0x2}, 0xc) 6m40.009311534s ago: executing program 0 (id=428): r0 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x58, r0, 0x1, 0x70bd29, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x44, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x22}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x20064}, @IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}]}]}, 0x58}}, 0x0) 6m39.857849864s ago: executing program 0 (id=431): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0x1, 0x1, 0x7fffffff}}) ioctl$SNDRV_TIMER_IOCTL_INFO(r0, 0x80e85411, 0x0) 6m39.757811222s ago: executing program 0 (id=433): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000080)={0x7f, 0x221, 0x203, 0xa5, 0x45ae, 0x4, 0xfffffffd, 0xa2f}, 0x20) sendto$inet(r0, &(0x7f0000000100)="ab", 0xff80, 0x2000c8d4, &(0x7f00000000c0)={0x2, 0x4e22, @local}, 0x10) 6m39.609144573s ago: executing program 0 (id=436): r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x10) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) 6m39.439057437s ago: executing program 0 (id=447): timer_create(0x3, 0x0, &(0x7f00000014c0)=0x0) timer_settime(r0, 0x0, &(0x7f0000001500)={{0x77359400}, {0x0, 0x989680}}, 0x0) timer_delete(r0) 6m24.405962179s ago: executing program 32 (id=447): timer_create(0x3, 0x0, &(0x7f00000014c0)=0x0) timer_settime(r0, 0x0, &(0x7f0000001500)={{0x77359400}, {0x0, 0x989680}}, 0x0) timer_delete(r0) 6m11.463634645s ago: executing program 2 (id=744): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ff9000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0x8001, 0x4, 0xfffffff9}, 0x14) syz_io_uring_setup(0x2, &(0x7f0000000040)={0x0, 0x800389b, 0xc000, 0x1, 0x323}, 0x0, 0x0, &(0x7f0000000000)) 6m11.319270626s ago: executing program 2 (id=745): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) mbind(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x800004000000056, 0x3) 6m11.102573714s ago: executing program 2 (id=749): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x2}, @NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0x13}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}}, 0x0) 6m10.903308802s ago: executing program 2 (id=752): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) sendfile(r1, r0, &(0x7f00000000c0)=0x58, 0x5) 6m9.851370938s ago: executing program 2 (id=754): r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x10) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) 6m9.752855514s ago: executing program 2 (id=755): r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) recvmmsg(r0, &(0x7f0000001480)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000001c0)=[{0xfffffffffffffffd}], 0x1}}], 0x2, 0x20, 0x0) ppoll(&(0x7f0000000040)=[{r0, 0x1}], 0x1, 0x0, 0x0, 0x0) 5m54.660608291s ago: executing program 33 (id=755): r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) recvmmsg(r0, &(0x7f0000001480)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000001c0)=[{0xfffffffffffffffd}], 0x1}}], 0x2, 0x20, 0x0) ppoll(&(0x7f0000000040)=[{r0, 0x1}], 0x1, 0x0, 0x0, 0x0) 5m20.069686257s ago: executing program 1 (id=1279): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="020d000014000000000000000000000005000600000000000a0080ff00000000fc0100000000000000000000000000000000000000000000050005"], 0xa0}}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d080010000000e8fe55a1180015000600142603600e120500210000000401a8001600a400014020", 0x39}], 0x1}, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xfe33) 5m19.81714391s ago: executing program 1 (id=1282): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r1 = socket$inet6(0xa, 0x800000000000002, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x4c881, &(0x7f0000000540)={0xa, 0x4e24, 0x10, @local}, 0x1c) close_range(r0, 0xffffffffffffffff, 0x200000000000000) 5m19.514125283s ago: executing program 1 (id=1284): unshare(0x26020600) creat(&(0x7f0000000e40)='./file1\x00', 0x18) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x100, 0x108) fallocate(r0, 0x20, 0x0, 0x8000) 5m19.244157261s ago: executing program 1 (id=1287): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x20000, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000440)='./file0\x00', 0x0, 0x2a05004, 0x0) 5m18.967304273s ago: executing program 1 (id=1289): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]}) r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x20004, r0}) lseek(r2, 0x2, 0x2) 5m17.004737901s ago: executing program 1 (id=1317): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_VERDICT_BATCH(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000002c0)={0x14, 0x3, 0x3, 0x101}, 0x14}, 0x1, 0x0, 0x0, 0x94f7cfd7d57de2ec}, 0x0) 5m16.669394756s ago: executing program 34 (id=1317): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_VERDICT_BATCH(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000002c0)={0x14, 0x3, 0x3, 0x101}, 0x14}, 0x1, 0x0, 0x0, 0x94f7cfd7d57de2ec}, 0x0) 2m46.02174208s ago: executing program 5 (id=3172): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000050cb5340450c10108e492940a80909021b00090000000009040002010035040009058dff86"], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x10000) syz_usb_disconnect(r0) read(r1, 0x0, 0x0) 2m44.099411598s ago: executing program 5 (id=3196): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xe}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/vmstat\x00', 0x0, 0x0) lseek(r0, 0x9, 0x0) 2m43.972938924s ago: executing program 5 (id=3198): r0 = socket$kcm(0x29, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000700)="b5", 0x1}], 0x1}, 0x84) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/kcm\x00') preadv(r1, &(0x7f0000000100)=[{&(0x7f0000000000)=""/250, 0xfa}], 0x1, 0x185, 0x0) 2m43.760517793s ago: executing program 5 (id=3204): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000040)={r1, 0xfffff800}, 0x8) 2m43.458073343s ago: executing program 5 (id=3209): mknodat$loop(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x6000, 0x1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) ioctl$FUSE_DEV_IOC_CLONE(r0, 0x8004e500, &(0x7f0000000000)=r0) 2m43.348873171s ago: executing program 5 (id=3212): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x15, 0x0, &(0x7f0000000280)) 2m27.882742622s ago: executing program 35 (id=3212): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x15, 0x0, &(0x7f0000000280)) 2m23.562449352s ago: executing program 3 (id=3424): r0 = inotify_init() r1 = syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x40240) ioctl$CEC_S_MODE(r1, 0x40046109, &(0x7f0000000080)=0x12) close_range(r0, 0xffffffffffffffff, 0x0) 2m23.404987561s ago: executing program 3 (id=3425): r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$IOCTL_VMCI_DATAGRAM_SEND(0xffffffffffffffff, 0x7ab, &(0x7f0000000040)={&(0x7f0000000280)={{@local}, {@local, 0x6}, 0x400, "787c2ce2fba15d4e9f8e96bc11e2ca247a20c3e26661b174fe1825253be9e8480cb4f3524914f59ba189c1429727ef39b4164f93bb821987b3b7f73495bc8e745304668e0e46798c7f5917ea8428d41cab5612336f04000300000000008e9c1c86a394feb64fb06f77dadbcb20fc62741432b7dca37007d68e98fe46135d6a1c5ed42102f58daa5211319db84aa9abac734be47c908dc3ffa3aa7b61ec16d3d1209fc618f6c4532ea582628502ac46d167db6d53d8f3184df68414e6b6ec0109664c570e155654e03d58dadd0e5a7bab42bbb4a9afdefc115eb1609e7b50dbd94b94ba09000000000000001c9e4a41d3e16af21d6c897a1121bc14de16e78d6d7f2ae79db44e302539fd926e0b91e0fc589e2fa19b218d0508b5ce3ad40d03936693ca5aa41ddc07cf492874569ab037e0530e38245b98131ae0c9afd871df5f51331938764f5a7dd96890edd467b2fbc335ed081729b5ea722a98b34d0dac6de995de4ee263c81b2567b3f87e0897857edd5d7e97d61fc67076eab4846010d4828cc879f95cddb69ff6438f2a109285c46d8224c36069d30c3c9cf4a6800ae224111136bd9c1e06c4bfc4685d7bb6a72345772b3ce9bf105490743dc4b700f24ce6b250b95e6c383fe44967a55d140baf0ec339e3815b29a2246cb5c953048c43266485bbd9d0caecf00e9501a4433b54930cba54e06607ada2f5d818e4804294fcf53058e58e0d33d4aa6dc943811056908fe9116e65cdddac1d2fb24d1eacee389af38b7e5a7056d0de50c6b49fb38388cf28c2d6dd3dbbab84ffbef4b0c02a77f018e8a9749a557909e6aa96185d268dad7744b094d8c6134b89efe26674d65f908f9c3a8c201f661fc26efe0eff248d3a473fe32a5b3643bfad8f186c2af3fbaa1d38560c1244c79a0e48893eefb792af281650f34f6c2d9a6c622aba234b63586713cb66179a0897d98ee5228569c32c1a682807c8db7eb197ccbbd6549db86a6a9aebbf5dc14060f22e2b07d6166f43c25ae0c88be7a4dc38e7ed08972a355b0e5d6fc43b8e5594fa6b36a36a44bb94b75eaff11dc17105f54beda54da2a1ea1acfab354745057dd2e7725f2c8450b19fdf37e19f6ce43449e9191f5a5beb4a1bc176f6130052e83acefd8ff18d592bb75f15f86c9113e4bd67ad420c33ae706cdc10060277b83ef30a50d4ac19c9a791b309377aa20a4743bbb799abc3ba58071b628c9ba8103bbfe389939e55296ec9b4f8d3a03aff30ce9aa0dd6e5158a672be8f3da8349ed4ad82f6ca67ee29e8b234840cf7846e604e5b8135abd94d71fe0a79180e75d4e193ea8df466c087b660fe984943751a9f6df8545699701d478c2b3daa949155770e74835bcd972de27afd20b02ce0e504c15b0237437200"}, 0x418, 0x7fffffff}) capset(0x0, 0x0) write$apparmor_exec(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="737461636b203aae86ad47aa0d9495e6d80f7bde2d18ffb36cf152aed2d408fb58e305fc8e2f2f7d91f81b621cc4214d4a27e1614fbee0beac8f4a045070b770212d46d4a2df096b791f2a4ba218e12cb76aa24945b70a7c9dd5edeac52b5a876f73cfbe66371a72f11f3d9544d6b59b4a5541dcef5cbf11ffff37dfd147c8a3e5098a207be806ea7167101f8c1b5c8fe41e170fd0c775dbc5be0b6d3ab625ab702e5b1dc15f9c4b3d09be812f340e681e0694f5badf640da3fdfc2f929b4c2beb9a592c577287b6021bfeec24146c7f95608bb60a736207a09d9f47e89c4044eadde57cdefd15f25b822d2eaf2205df0d6b71b63ee0b63cb598f26509af36983578f6f4198a0843cc1b1bd780015007ab9709cc6211e3b5c685b972b5c5e95f054a7a9fe149282f679c8466b9734e3850ec98419dd0c887715902f9e7802842085bc606f30c2654869e9e3701fd0fc69137fe165592689465eebd5cafad7c29de2adadec42a818d8ee389ca1fe33a1ef23617c89116a3a458b56612e4c36c43a9150d5331adbb0beb01a062b1f1349fc2ecea76cb7c40cdfe378185f3099b1d71414d0fda5a47f8593260cc0bd723a4cca81435f041321635f91bcb15aac48883a9617fb4e58c19b18cf3a7e1299a07f45325fcd05a7c30f47e77073dcc584f7e0516cb74c55a0a2a30dc9f3163868f7c233ad1fff87a3c2a30f1312c3ad0fb71cc6433e9bd7c3209de0cba9552f5c7c04f24eccf206bdb745564539dd62d655a33d40a507660668c30f7720280c86c104e58d30d6cb65814e00b55ff9a33f3ed375dfb4b47d89a599f31a0d612827a8f6e2a73eb376e11160ddbc0d79e3a11d5a99fa9c98f559efeb1e0a196d6da225f8c145334989fae4eafc05bbad0dc880e923d6b2ed2890eed8255bd2f8296b8d689762aa02e1399045bc0cbec07ec937f2e6dfac960460574e2e00dc39221a4a0c31dbbfa4973e8b056afe87bdfe6bc1405d9ae867d05316247465aceddf5c95825d73a9b119dab89ac982fff04e5d140a8391bd6f1831a9b7519ba86abc94993fe918a1b640d57e276027d9ef49006523593"], 0x564) 2m23.345994637s ago: executing program 3 (id=3426): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="d80000001c0081044e81f782db44b904021d080201000000040000a118000c", 0x1f}], 0x1, 0x0, 0x0, 0x7400}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d080010000000e8fe55a1180015000600142603600e120500210000000401a8001600a400014020", 0x39}], 0x1}, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xfe33) 2m23.120429524s ago: executing program 3 (id=3427): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x1d0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0) 2m23.009567381s ago: executing program 3 (id=3428): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0x4000009b}]}) 2m21.700178705s ago: executing program 3 (id=3436): r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x800, 0x0, 0x3, 0x1}, 0x20) setresuid(0xee01, 0xee01, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000380)={@initdev={0xfe, 0x88, '\x00', 0xfe, 0x0}, 0x800, 0x0, 0x3}, 0x20) 2m21.24513746s ago: executing program 36 (id=3436): r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x800, 0x0, 0x3, 0x1}, 0x20) setresuid(0xee01, 0xee01, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000380)={@initdev={0xfe, 0x88, '\x00', 0xfe, 0x0}, 0x800, 0x0, 0x3}, 0x20) 2m5.514782112s ago: executing program 7 (id=3469): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000200)={'vxcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000380)={0x1d, r1, 0x0, {0x0, 0x0, 0x1}, 0x2}, 0x18) sendmsg$can_j1939(r0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x1d, 0x0, 0x0, {0x2, 0x0, 0x3}}, 0x18, &(0x7f00000004c0)={0x0}, 0x1, 0x0, 0x0, 0x48044}, 0x0) 2m5.462669258s ago: executing program 7 (id=3470): r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xc, &(0x7f0000000040)=@assoc_value={0x0}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000600)={r2, @in={{0x2, 0x4e22, @empty}}, 0x9, 0x3, 0x5, 0xe00000, 0xf9dfad1668439959, 0x0, 0x2}, &(0x7f0000000280)=0x9c) 2m5.32567064s ago: executing program 7 (id=3472): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0) sendmsg$NFT_MSG_GETOBJ_RESET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000640)=ANY=[@ANYBLOB="20000000150a030900000000000000000000000809000100"], 0x20}, 0x1, 0x0, 0x0, 0x8009}, 0x0) 2m5.216930294s ago: executing program 7 (id=3474): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) umount2(&(0x7f0000000380)='./file0\x00', 0x4) 2m5.116441s ago: executing program 7 (id=3475): r0 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x22c01) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x3c, 0x2, 0x6, 0x201, 0x0, 0x0, {0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x3c}}, 0x0) setreuid(0x0, 0xee00) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)=ANY=[@ANYRES64=r0]) 2m3.854450518s ago: executing program 7 (id=3487): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x6) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000080)={0x101a57, 0x9, 0x6, 0xa, 0xf7, '\r\x00', 0x1, 0x7}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0xa) 2m3.610836312s ago: executing program 37 (id=3487): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x6) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000080)={0x101a57, 0x9, 0x6, 0xa, 0xf7, '\r\x00', 0x1, 0x7}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0xa) 8.52397545s ago: executing program 8 (id=4950): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000200)=@name={0x1e, 0x2, 0x0, {{0x42}, 0x4}}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) sendmsg$tipc(r1, &(0x7f0000000500)={&(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x1, {0x42, 0x1, 0x2}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x20000000}, 0x8d4) 8.370321465s ago: executing program 8 (id=4953): setreuid(0xffffffffffffffff, 0xee00) setfsuid(0x0) r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x1) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000040)={0x0, 0x0, 0x4}) 8.265540933s ago: executing program 8 (id=4955): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000100), r0) sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x44, r2, 0x40d, 0x70bd27, 0x25dfdbfc, {}, [@IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0xc632}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x2}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x1a}]}, 0x44}, 0x1, 0x0, 0x0, 0x4008085}, 0x800) 8.174070944s ago: executing program 8 (id=4958): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) rename(&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='./file1\x00') 7.973945857s ago: executing program 8 (id=4962): setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000280)={{{@in=@local, @in=@rand_addr=0x64010101, 0xfffd, 0xfffe, 0x0, 0x0, 0x2, 0x20}, {0x0, 0x0, 0x2, 0x0, 0xffffffffffff235b, 0x0, 0x9, 0x1000000}, {}, 0x0, 0x0, 0x1, 0x0, 0x2}, {{@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x4d5, 0x6c}, 0x2, @in6=@loopback, 0x0, 0x2, 0x0, 0x0, 0xffdffffc, 0x1000000}}, 0xe8) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x10002, 0x2, 0x5000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="9402000021000100fcffffff00000000ac1414aae5fffff8b49ed9825133a900fc0100000000000000070000000000000000add500200000000000801aeaaec1", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000700004e6706362632874776f666973682900000000000000000000000480000000000000000000000000000000000000000000000000000000000000000000000000000040010000dc06216ef2c68e9f6da05d886dbc3273ef99796b36698e2bd5179c3eea5474fc78c9720bfc4f90a708001f0001000000cc0111"], 0x294}}, 0x0) 6.625823047s ago: executing program 8 (id=4983): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0x6a5, 0x0, 0xfffffffffffffffd}]}) 6.118439632s ago: executing program 38 (id=4983): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0x6a5, 0x0, 0xfffffffffffffffd}]}) 3.710186847s ago: executing program 4 (id=5005): r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000140), 0x82084, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000001c0)=0xa) read(r0, &(0x7f0000001a00)=""/1, 0x1) 3.592510883s ago: executing program 4 (id=5007): r0 = socket$inet(0x2, 0x802, 0x1) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @local}, 0x10) write(r0, &(0x7f0000000080)="08008edf773c8000", 0xfd) recvmmsg(r0, &(0x7f00000016c0)=[{{0x0, 0x0, 0x0}, 0x9}], 0x1, 0x0, 0x0) 3.494043369s ago: executing program 4 (id=5009): r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x3, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x0, 0x1, {}, {0x4, 0x8, 0x0, 0x0, 0x5, 0x0, '|^b!'}, 0x0, 0x1, {0x0}, 0x2}) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000340)=@mmap={0x0, 0x2, 0x4, 0xffffff7f, 0x101, {}, {0x0, 0xc, 0x0, 0x0, 0x0, 0x0, "186856f3"}}) 3.301557919s ago: executing program 4 (id=5011): mkdir(&(0x7f0000000940)='./file0\x00', 0x51) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x1) 3.182373857s ago: executing program 4 (id=5012): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x8142, 0x0) r1 = dup(r0) ioctl$SG_BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000240)={'\x00', 0xedd, 0x75, 0x2, 0x4010009, 0x7}) ioctl$BLKTRACESTART(r1, 0x1274, 0x0) 2.508878835s ago: executing program 4 (id=5016): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'wp256-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e", 0xc2}], 0x3}], 0x1, 0x40800) 2.09245941s ago: executing program 39 (id=5016): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'wp256-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e", 0xc2}], 0x3}], 0x1, 0x40800) 2.084121974s ago: executing program 9 (id=5018): fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000380)={0x2}) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$getregset(0x4205, r0, 0x202, &(0x7f0000000240)={&(0x7f0000000180)=""/120, 0xffffffffffffff28}) 1.87800979s ago: executing program 9 (id=5019): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x103100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000180)={0x1, 0x0, [{0xc0000100, 0x0, 0x2}]}) 1.647410345s ago: executing program 9 (id=5020): r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10) sendmsg$can_bcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="0100000053000000ffffffff00000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}, 0x1, 0x0, 0x0, 0x881}, 0x0) 1.021293249s ago: executing program 9 (id=5022): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000040)={0x2c, r0, 0x801, 0x0, 0xfffffffe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0x10, 0x50, 0x0, 0x1, [@NL80211_KEY_DEFAULT_MGMT={0x4}, @NL80211_KEY_DEFAULT_TYPES={0x8, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}]}]}, 0x2c}}, 0x0) 821.262517ms ago: executing program 6 (id=5023): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0xa, @loopback, 0x2}, 0x1c) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x56202329, @empty, 0x4000005}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000680)="4137a29b582bd471798f15f967e7f8118e1abf61ebd7d146a12a42f6ffd2340daaa8dcf6da818cc0efac75e8c35abbde7a18e0226b424f5557c71db5d327baccef203377178ddb12221cdaf45711a2535ae87e6ab62ecba71b6f2ac0f6c9ead0ec52116d305204537900daaad0d6e4dd9d3ad654711b72964f28b8b5d231d709bf3cd4a0477ef446e7da5eaa15cc39e9c57d89217e33a93e080000000000000086448a8e871cf560229a3cc36317ac47bae1596458badc9ebde2c707dea2e18f859e20f7595cce0a88485e5223b2c8fc383e37cbbfe8353e2a8eb6dc65d76746a31d8f206f3152176a502d3e582a31933e40cff645d93afca045741f99af1cba5b3b6dd6c2edd5e6c4505ae594aa23cbc8a143512180028d9b3984a2517ac9a15154460ff0f654df3f8cf1c13455cb5f440a67de7a6dad269c76e2625c35222985a47aa3b920d97dea05c43bc937361d33781f8057097ca11a9d90eea3d8ae56f0e57f3a6f32f8786e165305301a3d86367337d2651a27b8c222f349491648ba165a6ed9a1e5e5397a1ee963651c2d9c79d6d5b34941375b6b53abcc7882c4e57a63de2e32c30e41030f24ae6efee9e3446eab3b5407cc20f581095dde95241e3853c4864ea7ecd07888956d9375b9ef74be4454d7693b53ed6bd0644cd93945b2eb35a6ac7c34aa11facf27ca4463e2bb1eef7126a982f0de190da6ca5b992c9fecf37053894f4b8001fa9902cb9544f8394c96faa2767c0a", 0x219}], 0x1}}], 0x1, 0x4000001) 748.738959ms ago: executing program 9 (id=5024): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000080)=[@in6={0xa, 0x4e23, 0x2, @remote, 0x5}], 0x1c) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="5c00000014006b03000000d86e6c1d0002847ea622fb564500004e23e3f58e76110165f450e71b0075e3002500028d459e37000f0000000000bf9367b47e51f60a64c9f4d4938037e786a6d0bdd700"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 623.362841ms ago: executing program 6 (id=5025): r0 = creat(&(0x7f0000000040)='./file0\x00', 0x4b) close(r0) syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x59f2a7f1, 0x0, [], [0x4], [0x0, 0x0, 0x8], [0x2]}) 573.385572ms ago: executing program 9 (id=5026): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_MON_GET(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)={0x14, r1, 0x32b, 0x70bd26, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x24000800}, 0x4000) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) 507.249445ms ago: executing program 6 (id=5027): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$uinput_user_dev(r0, &(0x7f0000000240)={'syz0\x00', {0x508, 0x7, 0x7, 0x1}, 0x4a, [0x5f11bec3, 0x3, 0x5, 0x40, 0x0, 0x3, 0x0, 0x7d, 0x80013, 0x5, 0x0, 0x6, 0x0, 0x0, 0x4000000, 0x2, 0x1a4, 0xfffff605, 0x3, 0x0, 0x46e9, 0x7ff, 0xe2b, 0x7, 0x681c1eb5, 0x11e, 0x0, 0x2, 0x0, 0xe9, 0x0, 0xffff, 0x9, 0x4, 0x0, 0x3, 0x0, 0x0, 0x5de82a4e, 0x0, 0x0, 0x20000, 0x4, 0xfffffffe, 0x1, 0x0, 0x8000, 0x7, 0x0, 0xe0, 0x3fd, 0x5, 0xfffffff7, 0x0, 0xf685, 0x0, 0x1ab9, 0x0, 0x2, 0x0, 0xfffffffb, 0x1c15d73a, 0x2], [0x0, 0x1, 0x0, 0x0, 0x4, 0x1, 0x8, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x5, 0x0, 0x7, 0x10000, 0x0, 0x4, 0x10001, 0x75, 0x0, 0x4, 0x0, 0xd, 0x80000000, 0x0, 0x61c2, 0x9, 0x0, 0x9, 0x2, 0xff, 0x2, 0x10001, 0x3, 0x0, 0x7, 0xfffffffb, 0xffffff00, 0x0, 0x10, 0x0, 0x0, 0x0, 0x1, 0xffff, 0x9, 0x441238ca, 0x0, 0x0, 0x0, 0xfffffff9, 0x2, 0x7fffffff, 0x6, 0x9], [0x0, 0xc50, 0x3, 0x9f5, 0x0, 0xa02, 0x1c75, 0xf51, 0x6, 0x40, 0x0, 0x21, 0x20000, 0x0, 0x6, 0x0, 0x0, 0x0, 0x205, 0x5, 0xfffffffd, 0xc, 0x0, 0x200, 0xcc0, 0x401, 0x6, 0x6, 0x0, 0x0, 0xffffff7f, 0x80, 0x921, 0x2f, 0x0, 0x4, 0x0, 0x0, 0x15960318, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x5, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0xfffffffe, 0x4, 0x0, 0x6574, 0x7, 0x0, 0xcd55, 0xfb], [0x0, 0x6, 0x0, 0x2, 0x1, 0xffffffff, 0x5, 0x200, 0xffffffff, 0xd63, 0x6, 0x0, 0x0, 0x0, 0xfffffffa, 0xfa3, 0x3ff, 0x8, 0x4, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x194e, 0x0, 0xe793, 0x4ad, 0x0, 0x0, 0x80000001, 0x3, 0x0, 0x0, 0x101, 0x0, 0x1, 0x0, 0x40, 0x8000010, 0x0, 0x5, 0x0, 0x0, 0x7fff, 0x6, 0x800, 0x5, 0xd, 0x0, 0x40000000, 0x0, 0x4, 0x45d, 0x4, 0x0, 0xfff, 0xb2, 0xa, 0xb]}, 0x45c) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x12, r0, 0x0) timerfd_settime(0xffffffffffffffff, 0x3, &(0x7f0000000380)={{0x0, 0x989680}}, 0x0) 453.22194ms ago: executing program 6 (id=5028): r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x109301) ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"}) ioctl$USBDEVFS_ALLOW_SUSPEND(r0, 0x5522) syz_open_dev$usbfs(&(0x7f0000000040), 0x206, 0x3601) 412.696244ms ago: executing program 6 (id=5029): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeed, 0x8031, 0xffffffffffffffff, 0xf6d0d000) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0xf0ffffff) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000002, 0x28011, r0, 0xf5ce9000) 0s ago: executing program 6 (id=5030): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, &(0x7f0000003580)={0x2, 0x4e21, @dev}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x4) connect$inet(r0, &(0x7f0000000280)={0x2, 0x4e22, @empty}, 0x10) kernel console output (not intermixed with test programs): 2][ T38] audit: type=1326 audit(1776393387.581:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13107 comm="syz.5.3042" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc19868c819 code=0x0 [ 348.499955][ T5881] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 348.588268][T13130] tipc: Enabled bearer , priority 10 [ 348.650418][ T5881] usb 5-1: Using ep0 maxpacket: 16 [ 348.652725][ T5881] usb 5-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 25 [ 348.652759][ T5881] usb 5-1: config 0 interface 0 has no altsetting 0 [ 348.652792][ T5881] usb 5-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice= 0.00 [ 348.652815][ T5881] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 348.681555][ T5881] usb 5-1: config 0 descriptor?? [ 349.115940][T13149] netlink: 'syz.6.3059': attribute type 27 has an invalid length. [ 349.115962][T13149] netlink: 'syz.6.3059': attribute type 1 has an invalid length. [ 349.169455][ T5881] greenasia 0003:0E8F:0012.001D: invalid report_size 12084 [ 349.169479][ T5881] greenasia 0003:0E8F:0012.001D: item 0 2 1 7 parsing failed [ 349.186837][ T5881] greenasia 0003:0E8F:0012.001D: parse failed [ 349.186911][ T5881] greenasia 0003:0E8F:0012.001D: probe with driver greenasia failed with error -22 [ 349.217273][T13151] sctp: [Deprecated]: syz.6.3061 (pid 13151) Use of struct sctp_assoc_value in delayed_ack socket option. [ 349.217273][T13151] Use struct sctp_sack_info instead [ 349.352744][ T8589] usb 5-1: USB disconnect, device number 17 [ 349.762013][ T32] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 349.767252][ T9] tipc: Node number set to 2886997007 [ 349.911398][ T32] usb 4-1: Using ep0 maxpacket: 32 [ 349.913396][ T32] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 349.913446][ T32] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 349.913478][ T32] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 349.913491][ T32] usb 4-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 349.913505][ T32] usb 4-1: config 0 interface 0 has no altsetting 0 [ 349.913523][ T32] usb 4-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 349.913536][ T32] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 350.002173][ T32] usb 4-1: config 0 descriptor?? [ 350.146590][T13185] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 350.146612][T13185] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 350.458213][ T32] hid-thrustmaster 0003:044F:B65D.001E: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.3-1/input0 [ 350.458492][ T32] hid-thrustmaster 0003:044F:B65D.001E: Wrong number of endpoints? [ 350.534548][ T38] audit: type=1326 audit(1776393390.311:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13199 comm="syz.5.3082" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc19868c819 code=0x0 [ 350.645769][ C1] hid-thrustmaster 0003:044F:B65D.001E: Unknown packet type 0x0, unable to proceed further with wheel init [ 350.848088][ T5914] usb 4-1: USB disconnect, device number 20 [ 350.921752][ T9] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 351.073137][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9865, setting to 1024 [ 351.073175][ T9] usb 7-1: New USB device found, idVendor=0b05, idProduct=1abe, bcdDevice= 0.00 [ 351.073188][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 351.076258][ T9] usb 7-1: config 0 descriptor?? [ 351.078332][T13204] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 351.505204][ T9] hid (null): global environment stack underflow [ 351.525320][ T9] hid_parser_main: 57 callbacks suppressed [ 351.525396][ T9] asus 0003:0B05:1ABE.001F: unknown main item tag 0x0 [ 351.525426][ T9] asus 0003:0B05:1ABE.001F: unknown main item tag 0x0 [ 351.525449][ T9] asus 0003:0B05:1ABE.001F: unknown main item tag 0x0 [ 351.525473][ T9] asus 0003:0B05:1ABE.001F: unknown main item tag 0x0 [ 351.525499][ T9] asus 0003:0B05:1ABE.001F: unknown main item tag 0x0 [ 351.525524][ T9] asus 0003:0B05:1ABE.001F: unknown main item tag 0x0 [ 351.525549][ T9] asus 0003:0B05:1ABE.001F: unknown main item tag 0x0 [ 351.525576][ T9] asus 0003:0B05:1ABE.001F: unknown main item tag 0x0 [ 351.525600][ T9] asus 0003:0B05:1ABE.001F: unknown main item tag 0x0 [ 351.525623][ T9] asus 0003:0B05:1ABE.001F: unknown main item tag 0x0 [ 351.533986][ T9] asus 0003:0B05:1ABE.001F: global environment stack underflow [ 351.534005][ T9] asus 0003:0B05:1ABE.001F: item 0 1 1 11 parsing failed [ 351.534779][ T9] asus 0003:0B05:1ABE.001F: Asus hid parse failed: -22 [ 351.534879][ T9] asus 0003:0B05:1ABE.001F: probe with driver asus failed with error -22 [ 351.733486][ T9] usb 7-1: USB disconnect, device number 12 [ 351.778009][ T38] audit: type=1800 audit(1776393391.511:27): pid=13221 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3091" name="file1" dev="tmpfs" ino=4393 res=0 errno=0 [ 351.918319][T13226] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 352.138731][T13234] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3097'. [ 352.169942][ T37] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 352.321710][ T37] usb 4-1: Using ep0 maxpacket: 16 [ 352.323989][ T37] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 352.324021][ T37] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 352.324059][ T37] usb 4-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00 [ 352.324082][ T37] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 352.374808][ T37] usb 4-1: config 0 descriptor?? [ 352.872663][ T37] ntrig 0003:1B96:0008.0020: hidraw0: USB HID v0.00 Device [HID 1b96:0008] on usb-dummy_hcd.3-1/input0 [ 353.037172][ T37] ntrig 0003:1B96:0008.0020: Firmware version: 2.2.30.12.3 (4be5 8bc9) [ 353.314195][ T5881] usb 4-1: USB disconnect, device number 21 [ 353.963134][T13287] netlink: 'syz.4.3121': attribute type 11 has an invalid length. [ 353.963156][T13287] netlink: 199828 bytes leftover after parsing attributes in process `syz.4.3121'. [ 354.225692][T13294] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.3122'. [ 355.172994][T13319] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3135'. [ 356.983868][T13373] bridge0: port 1(bridge_slave_0) entered disabled state [ 357.555091][T13393] netlink: 190972 bytes leftover after parsing attributes in process `syz.6.3168'. [ 358.104527][ T9] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 358.284606][ T9] usb 6-1: too many configurations: 9, using maximum allowed: 8 [ 358.288001][ T9] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 358.288056][ T9] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 358.288082][ T9] usb 6-1: config 0 interface 0 has no altsetting 0 [ 358.289152][ T9] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 358.289199][ T9] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 358.289223][ T9] usb 6-1: config 0 interface 0 has no altsetting 0 [ 358.302137][ T9] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 358.302191][ T9] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 358.302218][ T9] usb 6-1: config 0 interface 0 has no altsetting 0 [ 358.312341][ T9] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 358.312392][ T9] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 358.312418][ T9] usb 6-1: config 0 interface 0 has no altsetting 0 [ 358.313452][ T9] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 358.313498][ T9] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 358.313523][ T9] usb 6-1: config 0 interface 0 has no altsetting 0 [ 358.318822][ T9] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 358.318875][ T9] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 358.318902][ T9] usb 6-1: config 0 interface 0 has no altsetting 0 [ 358.325717][ T9] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 358.325768][ T9] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 358.325793][ T9] usb 6-1: config 0 interface 0 has no altsetting 0 [ 358.335261][ T9] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 358.335312][ T9] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 358.335337][ T9] usb 6-1: config 0 interface 0 has no altsetting 0 [ 358.343861][ T9] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 358.343888][ T9] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 358.343907][ T9] usb 6-1: Product: syz [ 358.343920][ T9] usb 6-1: Manufacturer: syz [ 358.343934][ T9] usb 6-1: SerialNumber: syz [ 358.403497][T13413] netlink: 1 bytes leftover after parsing attributes in process `syz.6.3178'. [ 358.461061][ T9] usb 6-1: config 0 descriptor?? [ 358.626261][ T9] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0 [ 358.786072][ T9] usb 6-1: USB disconnect, device number 8 [ 358.870158][ T9] yurex 6-1:0.0: USB YUREX #0 now disconnected [ 359.203944][T13433] netlink: 190972 bytes leftover after parsing attributes in process `syz.3.3187'. [ 359.240436][T13435] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3188'. [ 359.441219][ T38] audit: type=1400 audit(1776393399.221:28): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3A50302D302D353A2050434D204361707475726520302D302D35203A20534C4156450A50302D302D363A2050434D20506C61796261636B20302D302D36203A20534C4156450A50302D302D373A2050434D204361707475726520302D302D37203A20534C4156450A50302D302D383A2050434D20506C61796261636B20302D302D38203A20534C4156450A50302D302D393A2050434D204361707475726520302D302D39203A20534C4156450A50302D302D31303A2050434D20506C61796261636B20302D302D3130203A20534C4156450A50302D302D31313A2050434D204361707475726520302D302D3131203A pid=13442 comm="syz.4.3192" [ 360.670186][T13490] pim6reg: entered allmulticast mode [ 360.677227][T13490] pim6reg: left allmulticast mode [ 360.784126][T13492] netlink: 'syz.3.3216': attribute type 2 has an invalid length. [ 360.784141][T13492] netlink: 'syz.3.3216': attribute type 5 has an invalid length. [ 361.568953][T13524] netlink: 'syz.3.3230': attribute type 83 has an invalid length. [ 361.579955][ T60] Bluetooth: hci0: command 0x0c1a tx timeout [ 361.580017][ T5823] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 362.215271][T13551] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 363.179992][ T5881] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 363.299992][ T37] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 363.330279][ T5881] usb 5-1: Using ep0 maxpacket: 16 [ 363.331888][ T5881] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 363.331912][ T5881] usb 5-1: config 0 has no interface number 0 [ 363.331945][ T5881] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 363.331959][ T5881] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 363.331980][ T5881] usb 5-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 363.331992][ T5881] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 363.336160][ T5881] usb 5-1: config 0 descriptor?? [ 363.489822][ T37] usb 4-1: Using ep0 maxpacket: 8 [ 363.492119][ T37] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 363.492151][ T37] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 363.492173][ T37] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 363.492208][ T37] usb 4-1: New USB device found, idVendor=0079, idProduct=0006, bcdDevice= 0.00 [ 363.492221][ T37] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 363.498157][ T37] usb 4-1: config 0 descriptor?? [ 363.912215][ T37] dragonrise 0003:0079:0006.0022: unbalanced collection at end of report description [ 363.932075][ T37] dragonrise 0003:0079:0006.0022: parse failed [ 363.932137][ T37] dragonrise 0003:0079:0006.0022: probe with driver dragonrise failed with error -22 [ 363.962260][ T5881] uclogic 0003:28BD:0071.0021: pen parameters not found [ 363.962291][ T5881] uclogic 0003:28BD:0071.0021: interface is invalid, ignoring [ 363.975417][ T5881] usb 5-1: USB disconnect, device number 18 [ 364.113407][ T37] usb 4-1: USB disconnect, device number 22 [ 364.469873][ T32] usb 7-1: new full-speed USB device number 13 using dummy_hcd [ 364.637706][ T32] usb 7-1: config 150 has an invalid interface number: 204 but max is 1 [ 364.637734][ T32] usb 7-1: config 150 has no interface number 0 [ 364.637778][ T32] usb 7-1: config 150 interface 204 has no altsetting 0 [ 364.648596][ T32] usb 7-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb [ 364.648628][ T32] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 364.648649][ T32] usb 7-1: Product: syz [ 364.648662][ T32] usb 7-1: Manufacturer: syz [ 364.648676][ T32] usb 7-1: SerialNumber: syz [ 364.927583][ T32] xr_serial 7-1:150.204: xr_serial converter detected [ 365.006383][ T38] audit: type=1800 audit(1776393404.771:29): pid=13601 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3267" name=6D656D66643A1033717D329ACEAF03DF795BD9FF5238F41C0869E45ED5FDA90DAC374194A0 dev="tmpfs" ino=34 res=0 errno=0 [ 365.356329][ T37] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 365.528787][ T32] xr_serial ttyUSB0: Failed to set reg 0x0d: -71 [ 365.528845][ T32] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71 [ 365.532668][ T37] usb 4-1: unable to get BOS descriptor or descriptor too short [ 365.564278][ T37] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0102, bcdDevice= 0.40 [ 365.564308][ T37] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 365.564329][ T37] usb 4-1: Product: syz [ 365.564343][ T37] usb 4-1: Manufacturer: syz [ 365.564357][ T37] usb 4-1: SerialNumber: syz [ 365.642505][ T32] usb 7-1: USB disconnect, device number 13 [ 365.653964][ T32] xr_serial 7-1:150.204: device disconnected [ 366.428088][ T37] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -71 [ 366.493705][ T37] usb 4-1: USB disconnect, device number 23 [ 366.529917][T13628] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3278'. [ 366.530497][T13628] bridge0: port 1(bridge_slave_0) entered blocking state [ 366.530718][T13628] bridge0: port 1(bridge_slave_0) entered forwarding state [ 366.814448][T13636] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3283'. [ 367.195385][T13652] loop4: detected capacity change from 0 to 65536 [ 367.270368][T13652] loop4: detected capacity change from 65536 to 523370496 [ 367.779877][ T5881] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 367.896723][T13670] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3298'. [ 367.930249][ T5881] usb 7-1: Using ep0 maxpacket: 16 [ 367.933955][ T5881] usb 7-1: config 0 has an invalid interface number: 251 but max is 0 [ 367.933982][ T5881] usb 7-1: config 0 has no interface number 0 [ 367.934023][ T5881] usb 7-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 367.934049][ T5881] usb 7-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 367.936392][ T5881] usb 7-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 367.936418][ T5881] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 367.936437][ T5881] usb 7-1: Product: syz [ 367.936450][ T5881] usb 7-1: Manufacturer: syz [ 367.936464][ T5881] usb 7-1: SerialNumber: syz [ 368.017945][ T5881] usb 7-1: config 0 descriptor?? [ 368.018649][T13662] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 368.018737][T13662] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 368.228190][T13662] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 368.228297][T13662] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 368.839954][ T5881] asix 7-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 368.839984][ T5881] asix 7-1:0.251 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 368.840268][ T5881] asix 7-1:0.251: probe with driver asix failed with error -71 [ 368.894338][ T5881] usb 7-1: USB disconnect, device number 14 [ 369.726505][T13726] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3324'. [ 369.781773][ T8589] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 369.921722][ T5823] Bluetooth: hci0: unknown advertising packet type: 0x75 [ 369.921755][ T5823] Bluetooth: hci0: Dropping invalid advertising data [ 369.921772][ T5823] Bluetooth: hci0: Malformed LE Event: 0x02 [ 369.954881][ T8589] usb 5-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 369.954903][ T8589] usb 5-1: config 0 interface 0 has no altsetting 0 [ 369.954922][ T8589] usb 5-1: New USB device found, idVendor=048d, idProduct=ce50, bcdDevice= 0.00 [ 369.954935][ T8589] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 369.969336][ T8589] usb 5-1: config 0 descriptor?? [ 370.302588][ T5881] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 370.384779][ T8589] hid_parser_main: 304 callbacks suppressed [ 370.384803][ T8589] asus 0003:048D:CE50.0023: unknown main item tag 0x0 [ 370.384833][ T8589] asus 0003:048D:CE50.0023: unknown main item tag 0x0 [ 370.384858][ T8589] asus 0003:048D:CE50.0023: unknown main item tag 0x0 [ 370.384883][ T8589] asus 0003:048D:CE50.0023: unknown main item tag 0x0 [ 370.384908][ T8589] asus 0003:048D:CE50.0023: unknown main item tag 0x0 [ 370.384934][ T8589] asus 0003:048D:CE50.0023: unknown main item tag 0x0 [ 370.384959][ T8589] asus 0003:048D:CE50.0023: unknown main item tag 0x0 [ 370.384983][ T8589] asus 0003:048D:CE50.0023: unknown main item tag 0x0 [ 370.385006][ T8589] asus 0003:048D:CE50.0023: unknown main item tag 0x0 [ 370.385030][ T8589] asus 0003:048D:CE50.0023: unknown main item tag 0x0 [ 370.388921][ T8589] asus 0003:048D:CE50.0023: hidraw0: USB HID v0.00 Device [HID 048d:ce50] on usb-dummy_hcd.4-1/input0 [ 370.451094][ T5881] usb 4-1: Using ep0 maxpacket: 16 [ 370.481977][ T5881] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 370.482009][ T5881] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 10 [ 370.482048][ T5881] usb 4-1: New USB device found, idVendor=0c70, idProduct=f003, bcdDevice= 0.00 [ 370.482070][ T5881] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 370.538332][ T5881] usb 4-1: config 0 descriptor?? [ 370.593040][ T8589] usb 5-1: USB disconnect, device number 19 [ 370.759259][T13738] fido_id[13738]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 370.981936][ T38] audit: type=1326 audit(1776393410.761:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13744 comm="syz.6.3333" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5e2ecfc819 code=0x0 [ 370.983539][ T5881] aquacomputer_d5next 0003:0C70:F003.0024: hidraw0: USB HID v0.0a Device [HID 0c70:f003] on usb-dummy_hcd.3-1/input0 [ 371.213131][ T5881] usb 4-1: USB disconnect, device number 24 [ 371.484583][T13758] skbuff: bad partial csum: csum=65535/2 headroom=4 headlen=65543 [ 371.806214][T13770] netlink: 128 bytes leftover after parsing attributes in process `syz.3.3344'. [ 371.936076][T13777] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3346'. [ 372.207410][T13790] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3352'. [ 372.292145][T13794] loop5: detected capacity change from 0 to 7 [ 372.297931][T13794] Dev loop5: unable to read RDB block 7 [ 372.297972][T13794] loop5: AHDI p1 [ 372.298001][T13794] loop5: partition table partially beyond EOD, truncated [ 372.536395][T13802] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3358'. [ 372.829052][T13813] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 372.829329][T13813] syzkaller1: linktype set to 786 [ 373.065519][T13820] hugetlbfs: syz.4.3366 (13820): Using mlock ulimits for SHM_HUGETLB is obsolete [ 373.460347][ T38] audit: type=1326 audit(1776393413.231:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13834 comm="syz.4.3375" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff43504c819 code=0x0 [ 374.351574][ T8589] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 374.502238][ T8589] usb 7-1: New USB device found, idVendor=041e, idProduct=400c, bcdDevice=af.98 [ 374.502269][ T8589] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 374.518510][ T8589] usb 7-1: config 0 descriptor?? [ 374.536965][ T8589] pwc: Creative Labs Webcam 5 detected. [ 374.969885][ T5881] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 375.131819][ T5881] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 375.131852][ T5881] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 375.131889][ T5881] usb 5-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 375.131914][ T5881] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 375.136487][ T8589] pwc: recv_control_msg error -71 req 02 val 2b00 [ 375.145685][ T5881] usb 5-1: config 0 descriptor?? [ 375.200995][ T8589] pwc: recv_control_msg error -71 req 02 val 2700 [ 375.201538][ T8589] pwc: recv_control_msg error -71 req 04 val 1600 [ 375.201962][ T8589] pwc: recv_control_msg error -71 req 02 val 2c00 [ 375.202365][ T8589] pwc: recv_control_msg error -71 req 04 val 1000 [ 375.202795][ T8589] pwc: recv_control_msg error -71 req 04 val 1300 [ 375.203322][ T8589] pwc: recv_control_msg error -71 req 04 val 1400 [ 375.203777][ T8589] pwc: recv_control_msg error -71 req 02 val 2000 [ 375.204208][ T8589] pwc: recv_control_msg error -71 req 02 val 2100 [ 375.204719][ T8589] pwc: recv_control_msg error -71 req 06 val 0600 [ 375.205245][ T8589] pwc: recv_control_msg error -71 req 04 val 1500 [ 375.205811][ T8589] pwc: recv_control_msg error -71 req 02 val 2500 [ 375.206452][ T8589] pwc: recv_control_msg error -71 req 02 val 2400 [ 375.206950][ T8589] pwc: recv_control_msg error -71 req 02 val 2600 [ 375.207492][ T8589] pwc: recv_control_msg error -71 req 02 val 2900 [ 375.208225][ T8589] pwc: recv_control_msg error -71 req 02 val 2800 [ 375.254710][ T8589] pwc: recv_control_msg error -71 req 04 val 1100 [ 375.293605][ T8589] pwc: recv_control_msg error -71 req 04 val 1200 [ 375.311357][ T8589] pwc: Failed to power off camera (-71) [ 375.341778][ T8589] pwc: Registered as video103. [ 375.345248][ T8589] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input21 [ 375.386292][ T8589] usb 7-1: USB disconnect, device number 15 [ 375.673085][ T5881] hid_parser_main: 66 callbacks suppressed [ 375.673110][ T5881] hid-led 0003:27B8:01ED.0025: unknown main item tag 0x0 [ 375.673147][ T5881] hid-led 0003:27B8:01ED.0025: unknown main item tag 0x0 [ 375.673174][ T5881] hid-led 0003:27B8:01ED.0025: unknown main item tag 0x0 [ 375.673200][ T5881] hid-led 0003:27B8:01ED.0025: unknown main item tag 0x0 [ 375.673225][ T5881] hid-led 0003:27B8:01ED.0025: unknown main item tag 0x0 [ 375.835791][ T5881] hid-led 0003:27B8:01ED.0025: probe with driver hid-led failed with error -71 [ 375.935260][T13886] input: syz1 as /devices/virtual/input/input22 [ 376.080179][ T5881] usb 5-1: USB disconnect, device number 20 [ 376.331165][ T60] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 376.389676][ T60] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 376.393728][ T60] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 376.415410][ T60] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 376.418912][ T60] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 376.459098][ T8589] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 376.571645][T13901] netlink: 'syz.4.3403': attribute type 83 has an invalid length. [ 376.633924][ T8589] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 376.633955][ T8589] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 376.741389][ T8589] usb 4-1: config 0 descriptor?? [ 376.928317][ T9] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 376.967417][ T8589] udl 4-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 377.081550][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 377.090644][ T9] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 377.090686][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 377.108756][ T9] usb 5-1: config 0 descriptor?? [ 377.128887][T13907] netlink: 1 bytes leftover after parsing attributes in process `syz.6.3407'. [ 377.319628][ T9] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 377.356430][ T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 377.368812][ T9] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 377.368867][ T9] usb 5-1: media controller created [ 377.434946][ T8589] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2 [ 377.434971][ T8589] [drm] Initialized udl on minor 2 [ 377.506826][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 377.668660][ T9] az6027: usb out operation failed. (-71) [ 377.669045][ T9] az6027: usb out operation failed. (-71) [ 377.669058][ T9] stb0899_attach: Driver disabled by Kconfig [ 377.669068][ T9] az6027: no front-end attached [ 377.669068][ T9] [ 377.669409][ T9] az6027: usb out operation failed. (-71) [ 377.669422][ T9] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 377.706347][ T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input23 [ 377.731608][ T8589] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 1 failed err ffffffb9 [ 377.810159][ T8589] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 377.862628][ T9] dvb-usb: schedule remote query interval to 400 msecs. [ 377.862653][ T9] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 377.959210][ T37] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 377.973612][ T8589] usb 4-1: USB disconnect, device number 25 [ 377.976208][ T37] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 377.987857][ T9] usb 5-1: USB disconnect, device number 21 [ 378.155714][ T1333] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.155801][ T1333] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.558997][T13926] loop4: detected capacity change from 0 to 7 [ 378.559598][T13926] buffer_io_error: 11 callbacks suppressed [ 378.559613][T13926] Buffer I/O error on dev loop4, logical block 0, async page read [ 378.563550][T13926] Buffer I/O error on dev loop4, logical block 0, async page read [ 378.563664][T13926] Buffer I/O error on dev loop4, logical block 0, async page read [ 378.563762][T13926] Buffer I/O error on dev loop4, logical block 0, async page read [ 378.563928][T13926] Buffer I/O error on dev loop4, logical block 0, async page read [ 378.564036][T13926] Buffer I/O error on dev loop4, logical block 0, async page read [ 378.572083][T13926] Buffer I/O error on dev loop4, logical block 0, async page read [ 378.572178][T13926] ldm_validate_partition_table(): Disk read failed. [ 378.572233][T13926] Buffer I/O error on dev loop4, logical block 0, async page read [ 378.572324][T13926] Buffer I/O error on dev loop4, logical block 0, async page read [ 378.572415][T13926] Buffer I/O error on dev loop4, logical block 0, async page read [ 378.572556][T13926] Dev loop4: unable to read RDB block 0 [ 378.572817][T13926] loop4: unable to read partition table [ 378.573194][T13926] loop4: partition table beyond EOD, truncated [ 378.573212][T13926] loop_reread_partitions: partition scan of loop4 (Sj %`ր5) failed (rc=-5) [ 378.625856][ T5823] Bluetooth: hci3: command tx timeout [ 378.651650][ T9] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 378.731333][T13923] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(4) [ 378.731361][T13923] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 378.731445][T13923] vhci_hcd vhci_hcd.0: Device attached [ 378.941920][ T5914] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 378.962825][T13926] support for the xor transformation has been removed. [ 379.069862][ T32] usb 45-1: new low-speed USB device number 2 using vhci_hcd [ 379.130215][ T5914] usb 7-1: Using ep0 maxpacket: 8 [ 379.134028][ T5914] usb 7-1: config 0 has no interfaces? [ 379.134064][ T5914] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 379.134087][ T5914] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 379.160444][ T5914] usb 7-1: config 0 descriptor?? [ 379.405382][ T5914] usb 7-1: USB disconnect, device number 16 [ 379.480997][T13929] vhci_hcd: connection closed [ 379.481271][ T160] vhci_hcd vhci_hcd.6: stop threads [ 379.481296][ T160] vhci_hcd vhci_hcd.6: release socket [ 379.508025][T13932] block nbd2: server does not support multiple connections per device. [ 379.514429][T13932] block nbd2: shutting down sockets [ 379.529904][ T32] usb 45-1: device descriptor read/64, error -71 [ 379.529980][ T160] vhci_hcd vhci_hcd.6: disconnect device [ 379.801513][T13894] chnl_net:caif_netlink_parms(): no params data found [ 379.831296][ T32] vhci_hcd vhci_hcd.6: vhci_device speed not set [ 380.060341][ T8589] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 380.112718][T13894] bridge0: port 1(bridge_slave_0) entered blocking state [ 380.113093][T13894] bridge0: port 1(bridge_slave_0) entered disabled state [ 380.113372][T13894] bridge_slave_0: entered allmulticast mode [ 380.116687][T13894] bridge_slave_0: entered promiscuous mode [ 380.124759][T13894] bridge0: port 2(bridge_slave_1) entered blocking state [ 380.125096][T13894] bridge0: port 2(bridge_slave_1) entered disabled state [ 380.125345][T13894] bridge_slave_1: entered allmulticast mode [ 380.131177][T13894] bridge_slave_1: entered promiscuous mode [ 380.210190][T13894] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 380.215431][T13894] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 380.220235][ T8589] usb 5-1: Using ep0 maxpacket: 32 [ 380.222338][ T8589] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 380.222364][ T8589] usb 5-1: config 0 has no interface number 0 [ 380.225112][ T8589] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 380.225138][ T8589] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 380.225157][ T8589] usb 5-1: Product: syz [ 380.225169][ T8589] usb 5-1: Manufacturer: syz [ 380.225182][ T8589] usb 5-1: SerialNumber: syz [ 380.250272][ T8589] usb 5-1: config 0 descriptor?? [ 380.277407][ T8589] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 380.338321][ T38] audit: type=1400 audit(1776393420.111:32): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147C8A3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435F041 [ 380.440287][T13960] netlink: 100 bytes leftover after parsing attributes in process `syz.3.3426'. [ 380.440309][T13960] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 380.510263][ T8589] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 380.702269][ T5823] Bluetooth: hci3: command tx timeout [ 380.732765][T13894] team0: Port device team_slave_0 added [ 380.747300][ T8589] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 380.796746][T13894] team0: Port device team_slave_1 added [ 380.906152][ C1] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 380.906874][ T8589] usb 5-1: USB disconnect, device number 22 [ 380.944985][ T8589] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 380.985694][ T8589] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 380.994254][ T8589] quatech2 5-1:0.51: device disconnected [ 381.066141][T13894] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 381.066156][T13894] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 381.066183][T13894] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 381.075645][T13894] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 381.075661][T13894] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 381.075685][T13894] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 381.295048][T13894] hsr_slave_0: entered promiscuous mode [ 381.297390][T13894] hsr_slave_1: entered promiscuous mode [ 381.469064][T13974] loop5: detected capacity change from 0 to 7 [ 381.940107][ T8589] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 382.093342][ T8589] usb 5-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 382.093372][ T8589] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 382.108310][ T8589] usb 5-1: config 0 descriptor?? [ 382.117464][ T8589] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 382.169334][T13974] Dev loop5: unable to read RDB block 7 [ 382.169377][T13974] loop5: unable to read partition table [ 382.169575][T13974] loop5: partition table beyond EOD, truncated [ 382.197582][T13974] loop_reread_partitions: partition scan of loop5 (Wý) failed (rc=-5) [ 382.541238][ T8589] cpia1 5-1:0.0: unexpected state after lo power cmd: 00 [ 382.732433][ T60] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 382.781462][ T5143] Bluetooth: hci3: command tx timeout [ 382.781680][ T60] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 382.786874][ T60] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 382.788611][ T60] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 382.816000][ T60] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 382.951549][ T8589] gspca_cpia1: usb_control_msg 02, error -71 [ 382.952035][ T8589] gspca_cpia1: usb_control_msg 05, error -71 [ 382.952057][ T8589] cpia1 5-1:0.0: unexpected systemstate: 00 [ 382.959496][ T8589] usb 5-1: USB disconnect, device number 23 [ 383.264215][ T3533] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 383.771131][ T3533] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 384.117516][T13997] misc userio: Begin command sent, but we're already running [ 384.293710][ T3533] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 384.743495][ T3533] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 384.846667][T13894] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 384.861595][ T5823] Bluetooth: hci3: command tx timeout [ 384.883321][T13894] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 384.891933][T13894] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 384.931769][T13894] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 384.935133][T13894] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 385.013951][T13894] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 385.016265][T13894] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 385.052798][T13894] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 385.100618][ T5823] Bluetooth: hci2: command tx timeout [ 385.449899][T13981] chnl_net:caif_netlink_parms(): no params data found [ 385.780326][ T3533] bridge_slave_1: left allmulticast mode [ 385.780605][ T3533] bridge0: port 2(bridge_slave_1) entered disabled state [ 385.841028][ T3533] bridge_slave_0: left allmulticast mode [ 385.841048][ T3533] bridge_slave_0: left promiscuous mode [ 385.841211][ T3533] bridge0: port 1(bridge_slave_0) entered disabled state [ 386.701314][ T3533] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 386.781325][ T3533] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 386.802042][ T3533] bond0 (unregistering): Released all slaves [ 387.017052][ T3533] tipc: Disabling bearer [ 387.017672][ T3533] tipc: Left network mode [ 387.019399][T13981] bridge0: port 1(bridge_slave_0) entered blocking state [ 387.020865][T13981] bridge0: port 1(bridge_slave_0) entered disabled state [ 387.021127][T13981] bridge_slave_0: entered allmulticast mode [ 387.024761][T13981] bridge_slave_0: entered promiscuous mode [ 387.094866][T13981] bridge0: port 2(bridge_slave_1) entered blocking state [ 387.095031][T13981] bridge0: port 2(bridge_slave_1) entered disabled state [ 387.095214][T13981] bridge_slave_1: entered allmulticast mode [ 387.097061][T13981] bridge_slave_1: entered promiscuous mode [ 387.179835][ T5823] Bluetooth: hci2: command tx timeout [ 387.226895][T13981] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 387.234391][T13981] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 387.350758][T13981] team0: Port device team_slave_0 added [ 387.355632][T13981] team0: Port device team_slave_1 added [ 387.529505][T13981] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 387.529517][T13981] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 387.529531][T13981] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 387.604080][T13981] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 387.604096][T13981] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 387.604120][T13981] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 388.452550][T13981] hsr_slave_0: entered promiscuous mode [ 388.454528][T13981] hsr_slave_1: entered promiscuous mode [ 388.456104][T13981] debugfs: 'hsr0' already exists in 'hsr' [ 388.456127][T13981] Cannot create hsr debugfs directory [ 388.473728][ T5489] 8021q: adding VLAN 0 to HW filter on device eth13 [ 388.695472][T13894] 8021q: adding VLAN 0 to HW filter on device bond0 [ 389.198276][T13894] 8021q: adding VLAN 0 to HW filter on device team0 [ 389.259903][ T5823] Bluetooth: hci2: command tx timeout [ 389.385430][ T3254] bridge0: port 1(bridge_slave_0) entered blocking state [ 389.385685][ T3254] bridge0: port 1(bridge_slave_0) entered forwarding state [ 389.567086][ T3533] hsr_slave_0: left promiscuous mode [ 389.619962][ T3533] hsr_slave_1: left promiscuous mode [ 389.620714][ T3533] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 389.620731][ T3533] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 389.669498][ T3533] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 389.669524][ T3533] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 389.762585][ T3533] veth1_macvtap: left promiscuous mode [ 389.762654][ T3533] veth0_macvtap: left promiscuous mode [ 389.778902][ T3533] veth1_vlan: left promiscuous mode [ 389.778979][ T3533] veth0_vlan: left promiscuous mode [ 390.520589][ T3533] team0 (unregistering): Port device team_slave_1 removed [ 390.570486][ T3533] team0 (unregistering): Port device C removed [ 390.804786][ T5489] 8021q: adding VLAN 0 to HW filter on device eth14 [ 390.822386][ T94] bridge0: port 2(bridge_slave_1) entered blocking state [ 390.823837][ T94] bridge0: port 2(bridge_slave_1) entered forwarding state [ 391.356899][ T5823] Bluetooth: hci2: command tx timeout [ 391.497010][T13981] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 391.591892][T13981] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 391.595182][T13981] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 391.692363][T13981] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 391.696609][T13981] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 391.776583][T13981] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 391.787802][T13981] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 391.846937][T13981] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 392.145775][T13894] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 392.328395][T13981] 8021q: adding VLAN 0 to HW filter on device bond0 [ 392.343591][ T3533] IPVS: stop unused estimator thread 0... [ 392.393271][ T5489] 8021q: adding VLAN 0 to HW filter on device eth15 [ 392.428980][T13981] 8021q: adding VLAN 0 to HW filter on device team0 [ 392.448049][ T3630] bridge0: port 1(bridge_slave_0) entered blocking state [ 392.448177][ T3630] bridge0: port 1(bridge_slave_0) entered forwarding state [ 392.480474][ T3630] bridge0: port 2(bridge_slave_1) entered blocking state [ 392.480697][ T3630] bridge0: port 2(bridge_slave_1) entered forwarding state [ 393.034506][T13981] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 393.154110][T13894] veth0_vlan: entered promiscuous mode [ 393.173429][T13894] veth1_vlan: entered promiscuous mode [ 393.349332][T13894] veth0_macvtap: entered promiscuous mode [ 393.372843][T13894] veth1_macvtap: entered promiscuous mode [ 393.493949][ T5489] 8021q: adding VLAN 0 to HW filter on device eth16 [ 393.534881][T13894] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 393.621993][T13894] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 393.657825][ T3533] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 393.670422][ T3533] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 393.672962][ T3533] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 393.673846][ T3533] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 394.289294][T13981] veth0_vlan: entered promiscuous mode [ 394.602659][T13981] veth1_vlan: entered promiscuous mode [ 394.704790][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 394.704807][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 394.886028][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 394.886048][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 394.906424][T13981] veth0_macvtap: entered promiscuous mode [ 394.933544][T13981] veth1_macvtap: entered promiscuous mode [ 395.042013][T13981] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 395.076151][T13981] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 395.103901][ T42] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.105794][ T42] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.105829][ T42] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.105869][ T42] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 396.327142][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 396.327162][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 396.370695][ T32] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 396.492743][ T3497] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 396.492763][ T3497] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 396.557756][ T32] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 396.557790][ T32] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 396.557816][ T32] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121 [ 396.574444][ T32] usb 5-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 396.574475][ T32] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 396.574495][ T32] usb 5-1: Product: syz [ 396.574509][ T32] usb 5-1: Manufacturer: syz [ 396.574524][ T32] usb 5-1: SerialNumber: syz [ 396.639112][ T32] usb 5-1: config 0 descriptor?? [ 396.640723][T14119] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 396.640849][T14119] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 396.661840][ T32] usb 5-1: ucan: probing device on interface #0 [ 397.169974][ T5914] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 397.369833][ T5914] usb 7-1: Using ep0 maxpacket: 8 [ 397.374983][ T5914] usb 7-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 397.375013][ T5914] usb 7-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 397.375034][ T5914] usb 7-1: Product: syz [ 397.375048][ T5914] usb 7-1: Manufacturer: syz [ 397.375062][ T5914] usb 7-1: SerialNumber: syz [ 397.390070][ T5914] usb 7-1: config 0 descriptor?? [ 397.403640][ T5914] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd [ 397.551163][ T32] ucan 5-1:0.0 can0: registered device [ 397.551943][ T32] ucan 5-1:0.0 can0: firmware string: unknown [ 397.569588][ T32] usb 5-1: USB disconnect, device number 24 [ 397.870540][T14144] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3464'. [ 398.128315][ T5914] input: gspca_zc3xx as /devices/platform/dummy_hcd.6/usb7/7-1/input/input25 [ 398.339866][ T5914] usb 7-1: USB disconnect, device number 17 [ 398.418951][T14158] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3472'. [ 400.189176][T14193] rtc_cmos PNP0B00:00: Alarms can be up to one day in the future [ 400.452351][ T5143] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 400.459041][ T5143] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 400.481616][ T5143] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 400.490896][ T5143] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 400.525131][ T820] rtc_cmos PNP0B00:00: Alarms can be up to one day in the future [ 400.538028][ T5143] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 400.564004][ T160] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 400.593071][ T820] rtc_cmos PNP0B00:00: Alarms can be up to one day in the future [ 400.593352][ T820] rtc_cmos PNP0B00:00: Alarms can be up to one day in the future [ 400.593601][ T820] rtc_cmos PNP0B00:00: Alarms can be up to one day in the future [ 400.593617][ T820] rtc rtc0: __rtc_set_alarm: err=-22 [ 401.154828][T14217] netlink: 'syz.8.3498': attribute type 10 has an invalid length. [ 401.342681][ T60] Bluetooth: hci5: command 0x1003 tx timeout [ 401.345127][ T5823] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 401.762182][T14217] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 401.764784][T14217] team0: Port device netdevsim0 added [ 402.005997][T14228] ucma_write: process 31 (syz.8.3501) changed security contexts after opening file descriptor, this is not allowed. [ 402.072115][ T160] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 402.159874][ T5914] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 402.311288][ T5914] usb 5-1: Using ep0 maxpacket: 16 [ 402.313402][ T5914] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 402.313432][ T5914] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 402.313466][ T5914] usb 5-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 402.313487][ T5914] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 402.322763][ T5914] usb 5-1: config 0 descriptor?? [ 402.459022][ T160] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 402.866954][ T5823] Bluetooth: hci3: command tx timeout [ 402.921767][T14231] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 402.952470][ T5914] usb 5-1: string descriptor 0 read error: -71 [ 402.976683][ T5914] usb 5-1: Max retries (5) exceeded reading string descriptor 200 [ 402.976736][ T5914] letsketch 0003:6161:4D15.0026: probe with driver letsketch failed with error -32 [ 402.997288][ T5914] usb 5-1: USB disconnect, device number 25 [ 403.137356][T14233] netlink: 104 bytes leftover after parsing attributes in process `syz.8.3504'. [ 403.138966][ T160] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 403.905939][T14199] chnl_net:caif_netlink_parms(): no params data found [ 404.416399][T14269] Invalid logical block size (65536) [ 404.676537][T14199] bridge0: port 1(bridge_slave_0) entered blocking state [ 404.682410][T14199] bridge0: port 1(bridge_slave_0) entered disabled state [ 404.682720][T14199] bridge_slave_0: entered allmulticast mode [ 404.692665][T14199] bridge_slave_0: entered promiscuous mode [ 404.759203][T14199] bridge0: port 2(bridge_slave_1) entered blocking state [ 404.761868][T14199] bridge0: port 2(bridge_slave_1) entered disabled state [ 404.762177][T14199] bridge_slave_1: entered allmulticast mode [ 404.789073][T14199] bridge_slave_1: entered promiscuous mode [ 404.941190][ T5823] Bluetooth: hci3: command tx timeout [ 405.121362][T14199] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 405.245268][T14199] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 405.299961][ T8589] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 405.453469][ T8589] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 405.453494][ T8589] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 405.494906][ T8589] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 405.494937][ T8589] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 405.494957][ T8589] usb 7-1: SerialNumber: syz [ 405.593934][T14199] team0: Port device team_slave_0 added [ 405.655426][T14199] team0: Port device team_slave_1 added [ 405.759074][ T8589] usb 7-1: 0:2 : does not exist [ 405.858494][ T8589] usb 7-1: USB disconnect, device number 18 [ 406.070424][T14320] program syz.8.3532 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 406.446178][T14199] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 406.446195][T14199] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 406.446221][T14199] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 406.471136][T14199] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 406.471153][T14199] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 406.471179][T14199] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 407.021152][ T5823] Bluetooth: hci3: command tx timeout [ 407.263123][T14199] hsr_slave_0: entered promiscuous mode [ 407.265356][T14199] hsr_slave_1: entered promiscuous mode [ 407.268201][T14199] debugfs: 'hsr0' already exists in 'hsr' [ 407.268225][T14199] Cannot create hsr debugfs directory [ 407.399070][T14358] Context (ID=0x0) not attached to queue pair (handle=0x0:0x0) [ 407.467336][T14360] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 407.640142][ T160] bridge_slave_1: left allmulticast mode [ 407.640163][ T160] bridge_slave_1: left promiscuous mode [ 407.640421][ T160] bridge0: port 2(bridge_slave_1) entered disabled state [ 407.704696][ T160] bridge_slave_0: left allmulticast mode [ 407.704716][ T160] bridge_slave_0: left promiscuous mode [ 407.705276][ T160] bridge0: port 1(bridge_slave_0) entered disabled state [ 408.570885][ T160] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 408.630364][ T160] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 408.656671][ T160] bond0 (unregistering): Released all slaves [ 409.099791][ T5823] Bluetooth: hci3: command tx timeout [ 411.619812][ T9] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 411.769824][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 411.776449][ T9] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 130, using maximum allowed: 30 [ 411.776497][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 130 [ 411.776538][ T9] usb 5-1: New USB device found, idVendor=17ef, idProduct=6062, bcdDevice= 0.00 [ 411.776561][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 411.860093][ T9] usb 5-1: config 0 descriptor?? [ 412.399009][ T9] lenovo 0003:17EF:6062.0027: unknown main item tag 0x0 [ 412.399033][ T9] lenovo 0003:17EF:6062.0027: unknown main item tag 0x0 [ 412.399049][ T9] lenovo 0003:17EF:6062.0027: unknown main item tag 0x0 [ 412.399064][ T9] lenovo 0003:17EF:6062.0027: unknown main item tag 0x0 [ 412.399078][ T9] lenovo 0003:17EF:6062.0027: unknown main item tag 0x0 [ 412.399095][ T9] lenovo 0003:17EF:6062.0027: unknown main item tag 0x0 [ 412.399110][ T9] lenovo 0003:17EF:6062.0027: unknown main item tag 0x0 [ 412.399124][ T9] lenovo 0003:17EF:6062.0027: unknown main item tag 0x0 [ 412.399138][ T9] lenovo 0003:17EF:6062.0027: unknown main item tag 0x0 [ 412.399153][ T9] lenovo 0003:17EF:6062.0027: unknown main item tag 0x0 [ 412.579362][ T9] lenovo 0003:17EF:6062.0027: hidraw0: USB HID v0.0a Device [HID 17ef:6062] on usb-dummy_hcd.4-1/input0 [ 412.595496][ T9] usb 5-1: USB disconnect, device number 26 [ 412.786382][T14454] fido_id[14454]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 413.065897][ T5489] 8021q: adding VLAN 0 to HW filter on device eth17 [ 413.134055][T14463] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3587'. [ 413.254509][ T160] hsr_slave_0: left promiscuous mode [ 413.279954][ T160] hsr_slave_1: left promiscuous mode [ 413.318544][ T160] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 413.318571][ T160] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 413.355554][ T160] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 413.355578][ T160] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 413.611367][ T160] veth1_macvtap: left promiscuous mode [ 413.611468][ T160] veth0_macvtap: left promiscuous mode [ 413.611865][ T160] veth1_vlan: left promiscuous mode [ 413.612070][ T160] veth0_vlan: left promiscuous mode [ 414.600653][ T160] team0 (unregistering): Port device team_slave_1 removed [ 414.650454][ T160] team0 (unregistering): Port device team_slave_0 removed [ 415.069617][T14496] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3601'. [ 415.554250][T14513] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3605'. [ 415.727850][T14199] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 415.862786][T14199] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 415.863634][T14199] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 415.960936][T14199] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 415.977819][T14199] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 416.112980][T14199] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 416.113840][T14199] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 416.158436][T14199] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 417.215224][T14199] 8021q: adding VLAN 0 to HW filter on device bond0 [ 417.318388][T14199] 8021q: adding VLAN 0 to HW filter on device team0 [ 417.345609][ T3572] bridge0: port 1(bridge_slave_0) entered blocking state [ 417.345848][ T3572] bridge0: port 1(bridge_slave_0) entered forwarding state [ 417.385856][ T3533] bridge0: port 2(bridge_slave_1) entered blocking state [ 417.386020][ T3533] bridge0: port 2(bridge_slave_1) entered forwarding state [ 417.762026][T14580] netlink: 128 bytes leftover after parsing attributes in process `syz.8.3622'. [ 418.492437][T14199] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 418.863165][T14625] netdevsim netdevsim6 netdevsim0: IPsec offload requires 128 bit authentication [ 419.237233][T14199] veth0_vlan: entered promiscuous mode [ 419.266971][ T5489] 8021q: adding VLAN 0 to HW filter on device eth18 [ 419.305765][T14199] veth1_vlan: entered promiscuous mode [ 419.483280][T14199] veth0_macvtap: entered promiscuous mode [ 419.539037][T14199] veth1_macvtap: entered promiscuous mode [ 419.705489][T14199] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 419.778934][T14199] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 419.855247][ T2206] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 419.875329][ T2206] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 419.876642][ T2206] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 419.877938][ T2206] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 421.372881][T14681] netlink: 128 bytes leftover after parsing attributes in process `syz.4.3649'. [ 421.378474][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 421.378494][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 421.583516][ T5489] 8021q: adding VLAN 0 to HW filter on device eth19 [ 421.717318][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 421.717338][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 423.129089][T14748] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 423.225010][ T5489] 8021q: adding VLAN 0 to HW filter on device eth20 [ 423.853318][T14774] bridge0: port 2(bridge_slave_1) entered disabled state [ 423.865785][T14774] bridge0: port 1(bridge_slave_0) entered disabled state [ 424.764462][ T9] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 424.799945][ T8589] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 424.909863][ T9] usb 10-1: Using ep0 maxpacket: 16 [ 424.912643][ T9] usb 10-1: config 0 interface 0 altsetting 64 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 424.912669][ T9] usb 10-1: config 0 interface 0 has no altsetting 0 [ 424.912688][ T9] usb 10-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 424.912700][ T9] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 424.945181][ T9] usb 10-1: config 0 descriptor?? [ 424.977203][ T8589] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 424.977233][ T8589] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 424.977253][ T8589] usb 5-1: Product: syz [ 424.977266][ T8589] usb 5-1: Manufacturer: syz [ 424.977280][ T8589] usb 5-1: SerialNumber: syz [ 425.169881][ T5914] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 425.366974][ T5914] usb 7-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 425.367061][ T5914] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 425.367082][ T5914] usb 7-1: Product: syz [ 425.367096][ T5914] usb 7-1: Manufacturer: syz [ 425.367110][ T5914] usb 7-1: SerialNumber: syz [ 425.522057][ T9] mcp2221 0003:04D8:00DD.0028: USB HID v0.01 Device [HID 04d8:00dd] on usb-dummy_hcd.9-1/input0 [ 425.878615][ T8589] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 425.878686][ T8589] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 425.897491][ T5914] rtl8150 7-1:1.0: couldn't reset the device [ 425.897859][ T5914] rtl8150 7-1:1.0: probe with driver rtl8150 failed with error -5 [ 426.001194][ T5914] usb 7-1: USB disconnect, device number 19 [ 426.031561][ T8589] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 426.062619][ T8589] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -71 [ 426.119922][ T8589] usb 5-1: USB disconnect, device number 27 [ 426.126579][ T9] usb 10-1: USB disconnect, device number 2 [ 427.315423][T14831] kvm: kvm [14829]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010006) = 0xffffffffffffffff [ 427.928142][T14851] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 427.929630][T14853] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3718'. [ 429.611307][ T9] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 429.683758][T14925] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3750'. [ 429.733052][T14925] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3750'. [ 429.770987][ T9] usb 9-1: Using ep0 maxpacket: 16 [ 429.773317][ T9] usb 9-1: unable to get BOS descriptor or descriptor too short [ 429.778128][ T9] usb 9-1: New USB device found, idVendor=0ac8, idProduct=c301, bcdDevice=d4.05 [ 429.778151][ T9] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 429.778167][ T9] usb 9-1: Product: syz [ 429.778178][ T9] usb 9-1: Manufacturer: syz [ 429.778189][ T9] usb 9-1: SerialNumber: syz [ 430.020470][ T9] gspca_main: vc032x-2.14.0 probing 0ac8:c301 [ 430.608079][ T9] gspca_vc032x: reg_r err -71 [ 430.608113][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 430.608124][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 430.608133][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 430.608142][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 430.608150][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 430.608158][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 430.608167][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 430.608174][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 430.608182][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 430.608190][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 430.608198][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 430.608206][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 430.608214][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 430.608222][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 430.608231][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 430.608239][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 430.608247][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 430.608255][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 430.608263][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 430.608275][ T9] gspca_vc032x: Unknown sensor... [ 430.608354][ T9] vc032x 9-1:12.0: probe with driver vc032x failed with error -22 [ 430.619627][ T9] usb 9-1: USB disconnect, device number 2 [ 431.585230][ T8589] IPVS: starting estimator thread 0... [ 431.751828][T14986] IPVS: using max 8 ests per chain, 19200 per kthread [ 431.890058][ T37] usb 10-1: new high-speed USB device number 3 using dummy_hcd [ 432.082821][ T37] usb 10-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 432.082873][ T37] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 432.082899][ T37] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 432.082921][ T37] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 432.085384][ T37] usb 10-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 432.085411][ T37] usb 10-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 432.085430][ T37] usb 10-1: Manufacturer: syz [ 432.170510][ T37] usb 10-1: config 0 descriptor?? [ 432.508950][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 432.647854][ T37] hid_parser_main: 31 callbacks suppressed [ 432.647870][ T37] appleir 0003:05AC:8243.0029: unknown main item tag 0x0 [ 432.842980][ T37] appleir 0003:05AC:8243.0029: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.9-1/input0 [ 433.282241][ T5914] usb 10-1: USB disconnect, device number 3 [ 433.350235][T15037] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 433.350235][T15037] The task syz.8.3796 (15037) triggered the difference, watch for misbehavior. [ 433.963257][T15059] netlink: 12 bytes leftover after parsing attributes in process `syz.9.3808'. [ 434.020185][T15062] overlayfs: workdir and upperdir must be separate subtrees [ 434.271388][T15071] program syz.8.3812 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 435.616549][T15127] TCP: TCP_TX_DELAY enabled [ 437.061379][T15193] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 437.061406][T15193] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off. [ 437.061614][T15193] overlayfs: failed to set uuid (643/file0, err=-13); falling back to uuid=null. [ 438.250386][ T5914] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 438.283507][T15239] program syz.9.3865 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 438.370442][ T37] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 438.402589][ T5914] usb 7-1: New USB device found, idVendor=05d1, idProduct=2021, bcdDevice= 9.00 [ 438.402733][ T5914] usb 7-1: New USB device strings: Mfr=0, Product=16, SerialNumber=0 [ 438.402755][ T5914] usb 7-1: Product: syz [ 438.449330][ T5914] usb 7-1: config 0 descriptor?? [ 438.469357][ T5914] ftdi_sio 7-1:0.0: FTDI USB Serial Device converter detected [ 438.491273][ T5914] usb 7-1: Detected FT232H [ 438.523190][ T37] usb 9-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 438.523222][ T37] usb 9-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 438.523245][ T37] usb 9-1: config 0 interface 0 has no altsetting 0 [ 438.523275][ T37] usb 9-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00 [ 438.523297][ T37] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 438.544257][ T37] usb 9-1: config 0 descriptor?? [ 438.675495][ T5914] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 439.030443][ T37] uclogic 0003:5543:0522.002A: unknown main item tag 0x0 [ 439.030507][ T37] uclogic 0003:5543:0522.002A: unknown main item tag 0x0 [ 439.030534][ T37] uclogic 0003:5543:0522.002A: unknown main item tag 0x0 [ 439.030558][ T37] uclogic 0003:5543:0522.002A: unknown main item tag 0x0 [ 439.030583][ T37] uclogic 0003:5543:0522.002A: unknown main item tag 0x0 [ 439.030608][ T37] uclogic 0003:5543:0522.002A: unknown main item tag 0x0 [ 439.030630][ T37] uclogic 0003:5543:0522.002A: unknown main item tag 0x0 [ 439.030653][ T37] uclogic 0003:5543:0522.002A: unknown main item tag 0x0 [ 439.030677][ T37] uclogic 0003:5543:0522.002A: unknown main item tag 0x0 [ 439.030700][ T37] uclogic 0003:5543:0522.002A: unknown main item tag 0x0 [ 439.038187][ T37] uclogic 0003:5543:0522.002A: hidraw0: USB HID vff.fa Device [HID 5543:0522] on usb-dummy_hcd.8-1/input0 [ 439.079658][ T5914] ftdi_sio 7-1:0.0: GPIO initialisation failed: -71 [ 439.148272][ T5914] usb 7-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 439.161115][ T5914] usb 7-1: USB disconnect, device number 20 [ 439.196062][ T5914] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 439.196896][ T5914] ftdi_sio 7-1:0.0: device disconnected [ 439.244757][ T37] usb 9-1: USB disconnect, device number 3 [ 439.475393][T15264] input: syz1 as /devices/virtual/input/input28 [ 439.501590][ T5823] Bluetooth: hci3: command 0x0405 tx timeout [ 439.586137][ T1333] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.586224][ T1333] ieee802154 phy1 wpan1: encryption failed: -22 [ 439.898970][T15277] netlink: 'syz.9.3880': attribute type 2 has an invalid length. [ 439.898990][T15277] netlink: 'syz.9.3880': attribute type 4 has an invalid length. [ 441.088042][T15322] netlink: 20 bytes leftover after parsing attributes in process `syz.9.3902'. [ 441.269579][T15330] netlink: 20 bytes leftover after parsing attributes in process `syz.8.3906'. [ 441.392070][T15336] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3908'. [ 441.846671][T15354] netlink: 'syz.4.3919': attribute type 2 has an invalid length. [ 441.846693][T15354] netlink: 'syz.4.3919': attribute type 4 has an invalid length. [ 443.190644][T15392] netlink: 212336 bytes leftover after parsing attributes in process `syz.9.3932'. [ 443.310111][ C1] sd 0:0:1:0: [sda] tag#9636 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 443.310155][ C1] sd 0:0:1:0: [sda] tag#9636 CDB: Write(6) 0a 00 00 00 00 00 00 00 fe 80 00 00 [ 443.412860][T15400] netlink: 64 bytes leftover after parsing attributes in process `syz.8.3937'. [ 443.888930][T15419] netlink: 56 bytes leftover after parsing attributes in process `syz.9.3945'. [ 443.969862][ T37] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 444.127657][ T37] usb 9-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 444.127689][ T37] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 444.138541][ T37] usb 9-1: config 0 descriptor?? [ 444.148716][ T37] cp210x 9-1:0.0: cp210x converter detected [ 444.387853][T15438] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3956'. [ 444.757301][ T37] cp210x 9-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 444.757351][ T37] cp210x 9-1:0.0: GPIO initialisation failed: -71 [ 444.813534][ T37] usb 9-1: cp210x converter now attached to ttyUSB0 [ 444.840159][ T37] usb 9-1: USB disconnect, device number 4 [ 444.928326][ T37] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 444.933614][ T37] cp210x 9-1:0.0: device disconnected [ 444.940861][T15452] tipc: New replicast peer: 255.255.255.255 [ 445.023407][T15452] tipc: Enabled bearer , priority 10 [ 445.256835][T15466] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.3968'. [ 445.370764][ T5854] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 445.520300][ T5854] usb 7-1: Using ep0 maxpacket: 32 [ 445.526255][ T5854] usb 7-1: config 2 has an invalid interface number: 88 but max is 0 [ 445.526282][ T5854] usb 7-1: config 2 has no interface number 0 [ 445.526324][ T5854] usb 7-1: config 2 interface 88 altsetting 7 bulk endpoint 0x6 has invalid maxpacket 256 [ 445.526350][ T5854] usb 7-1: config 2 interface 88 has no altsetting 0 [ 445.529583][ T5854] usb 7-1: New USB device found, idVendor=0557, idProduct=2009, bcdDevice=c7.1e [ 445.529611][ T5854] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 445.529631][ T5854] usb 7-1: Product: syz [ 445.529644][ T5854] usb 7-1: Manufacturer: syz [ 445.529658][ T5854] usb 7-1: SerialNumber: syz [ 445.612207][T15460] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 445.839281][T15460] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 446.454193][ T5854] asix 7-1:2.88 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 446.454469][ T5854] asix 7-1:2.88: probe with driver asix failed with error -71 [ 446.486523][ T5854] usb 7-1: USB disconnect, device number 21 [ 446.809866][ T1241] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 446.959809][ T1241] usb 5-1: Using ep0 maxpacket: 32 [ 446.963035][ T1241] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 446.963068][ T1241] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 446.963095][ T1241] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 446.963137][ T1241] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 446.963162][ T1241] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 447.039800][ T1241] usb 5-1: config 0 descriptor?? [ 447.040803][T15496] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 447.078553][ T1241] hub 5-1:0.0: USB hub found [ 447.283373][ T1241] hub 5-1:0.0: 2 ports detected [ 447.925407][ T1241] usb 5-1: USB disconnect, device number 28 [ 448.346153][T15545] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4006'. [ 449.369841][ T37] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 449.529832][ T37] usb 9-1: Using ep0 maxpacket: 16 [ 449.533351][ T37] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 449.533383][ T37] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 449.537078][ T37] usb 9-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 449.537107][ T37] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 449.537127][ T37] usb 9-1: Product: syz [ 449.537141][ T37] usb 9-1: Manufacturer: syz [ 449.537155][ T37] usb 9-1: SerialNumber: syz [ 449.632993][ T37] usb 9-1: config 0 descriptor?? [ 449.644004][ T37] em28xx 9-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 449.644037][ T37] em28xx 9-1:0.0: Audio interface 0 found (Vendor Class) [ 449.879884][ T5830] usb 7-1: new full-speed USB device number 22 using dummy_hcd [ 450.042984][ T5830] usb 7-1: too many endpoints for config 0 interface 0 altsetting 2: 254, using maximum allowed: 30 [ 450.043035][ T5830] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 450.043086][ T5830] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 450.043097][ T5830] usb 7-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 450.043111][ T5830] usb 7-1: config 0 interface 0 has no altsetting 0 [ 450.043130][ T5830] usb 7-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00 [ 450.043142][ T5830] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 450.075831][ T5830] usb 7-1: config 0 descriptor?? [ 450.276709][T15608] Set syz0 is full, maxelem 0 reached [ 450.290217][ T37] em28xx 9-1:0.0: chip ID is em28178 [ 450.506127][ T5830] hid_parser_main: 19 callbacks suppressed [ 450.506150][ T5830] ryos 0003:1E7D:3138.002B: unknown main item tag 0x0 [ 450.506180][ T5830] ryos 0003:1E7D:3138.002B: unknown main item tag 0x0 [ 450.506207][ T5830] ryos 0003:1E7D:3138.002B: unknown main item tag 0x0 [ 450.506232][ T5830] ryos 0003:1E7D:3138.002B: unknown main item tag 0x0 [ 450.506257][ T5830] ryos 0003:1E7D:3138.002B: unknown main item tag 0x0 [ 450.519550][ T37] usb 9-1: USB disconnect, device number 5 [ 450.531514][ T37] em28xx 9-1:0.0: Disconnecting em28xx [ 450.550833][ T5830] ryos 0003:1E7D:3138.002B: hidraw0: USB HID v0.00 Device [HID 1e7d:3138] on usb-dummy_hcd.6-1/input0 [ 450.606860][ T37] em28xx 9-1:0.0: Freeing device [ 450.878870][ T5830] usb 7-1: USB disconnect, device number 22 [ 451.243961][T15628] netlink: 100 bytes leftover after parsing attributes in process `syz.4.4043'. [ 451.743828][T15651] netlink: 28 bytes leftover after parsing attributes in process `syz.9.4055'. [ 452.102425][T15663] bridge0: port 2(bridge_slave_1) entered disabled state [ 452.128343][T15663] bridge0: port 1(bridge_slave_0) entered disabled state [ 453.235823][T15709] netlink: 64 bytes leftover after parsing attributes in process `syz.4.4091'. [ 453.303022][T15714] netlink: 164 bytes leftover after parsing attributes in process `syz.9.4085'. [ 453.626455][ C1] sd 0:0:1:0: [sda] tag#9625 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 453.626506][ C1] sd 0:0:1:0: [sda] tag#9625 CDB: Write(6) 0a 00 00 00 00 00 00 00 fe 80 00 00 [ 454.232661][ T37] usb 10-1: new high-speed USB device number 4 using dummy_hcd [ 454.414721][ T37] usb 10-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 454.414751][ T37] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 454.414770][ T37] usb 10-1: Product: syz [ 454.414784][ T37] usb 10-1: Manufacturer: syz [ 454.414797][ T37] usb 10-1: SerialNumber: syz [ 454.483288][ T5830] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 454.670045][ T5830] usb 7-1: Using ep0 maxpacket: 16 [ 454.674401][ T5830] usb 7-1: config 0 interface 0 altsetting 64 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 454.674434][ T5830] usb 7-1: config 0 interface 0 has no altsetting 0 [ 454.674825][ T5830] usb 7-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 454.674850][ T5830] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 454.733269][ T5830] usb 7-1: config 0 descriptor?? [ 454.917955][ T37] rtl8150 10-1:1.0: couldn't reset the device [ 454.918855][ T37] rtl8150 10-1:1.0: probe with driver rtl8150 failed with error -5 [ 455.052404][ T37] usb 10-1: USB disconnect, device number 4 [ 455.075122][T15761] bridge0: port 3(veth1_macvtap) entered blocking state [ 455.075469][T15761] bridge0: port 3(veth1_macvtap) entered disabled state [ 455.075764][T15761] veth1_macvtap: entered allmulticast mode [ 455.112747][T15761] veth1_macvtap: left allmulticast mode [ 455.273859][ T5830] mcp2221 0003:04D8:00DD.002C: USB HID v0.01 Device [HID 04d8:00dd] on usb-dummy_hcd.6-1/input0 [ 455.529793][ T5914] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 455.674973][ T5830] usb 7-1: USB disconnect, device number 23 [ 455.682248][ T5914] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 455.682276][ T5914] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 455.717236][ T5914] usb 5-1: config 0 descriptor?? [ 455.737942][ T5914] cp210x 5-1:0.0: cp210x converter detected [ 455.906225][T15777] netlink: 8 bytes leftover after parsing attributes in process `syz.9.4115'. [ 455.906252][T15777] netlink: 8 bytes leftover after parsing attributes in process `syz.9.4115'. [ 456.057473][T15779] netlink: 12 bytes leftover after parsing attributes in process `syz.8.4116'. [ 456.170856][T15781] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 456.357172][ T5914] cp210x 5-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 456.357225][ T5914] cp210x 5-1:0.0: GPIO initialisation failed: -71 [ 456.503331][ T5914] usb 5-1: cp210x converter now attached to ttyUSB0 [ 456.540986][ T5914] usb 5-1: USB disconnect, device number 29 [ 456.567751][ T5914] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 456.578193][ T5914] cp210x 5-1:0.0: device disconnected [ 457.348596][T15809] netlink: 64 bytes leftover after parsing attributes in process `syz.8.4128'. [ 457.351734][T15811] netlink: 164 bytes leftover after parsing attributes in process `syz.6.4129'. [ 457.744804][T15826] netlink: 56 bytes leftover after parsing attributes in process `syz.8.4135'. [ 458.170122][ T5914] usb 10-1: new full-speed USB device number 5 using dummy_hcd [ 458.340191][ T5914] usb 10-1: too many endpoints for config 0 interface 0 altsetting 2: 254, using maximum allowed: 30 [ 458.340237][ T5914] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 458.340263][ T5914] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 458.340284][ T5914] usb 10-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 458.340310][ T5914] usb 10-1: config 0 interface 0 has no altsetting 0 [ 458.340344][ T5914] usb 10-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00 [ 458.340367][ T5914] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 458.510195][ T5914] usb 10-1: config 0 descriptor?? [ 458.799880][ T37] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 458.958852][ T37] usb 9-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 458.958883][ T37] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 458.958902][ T37] usb 9-1: Product: syz [ 458.958915][ T37] usb 9-1: Manufacturer: syz [ 458.958927][ T37] usb 9-1: SerialNumber: syz [ 458.999557][ T5914] ryos 0003:1E7D:3138.002D: unknown main item tag 0x0 [ 458.999593][ T5914] ryos 0003:1E7D:3138.002D: unknown main item tag 0x0 [ 458.999619][ T5914] ryos 0003:1E7D:3138.002D: unknown main item tag 0x0 [ 458.999644][ T5914] ryos 0003:1E7D:3138.002D: unknown main item tag 0x0 [ 458.999987][ T5914] ryos 0003:1E7D:3138.002D: unknown main item tag 0x0 [ 459.053468][ T5914] ryos 0003:1E7D:3138.002D: hidraw0: USB HID v0.00 Device [HID 1e7d:3138] on usb-dummy_hcd.9-1/input0 [ 459.214822][ T5914] usb 10-1: USB disconnect, device number 5 [ 459.347539][T15854] fido_id[15854]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.9/usb10/report_descriptor': No such file or directory [ 459.728796][T15865] program syz.6.4153 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 459.930395][ T37] lan78xx 9-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 459.930452][ T37] lan78xx 9-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 459.931319][ T37] lan78xx 9-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 459.996213][ T37] lan78xx 9-1:1.0: probe with driver lan78xx failed with error -71 [ 460.004005][ T37] usb 9-1: USB disconnect, device number 6 [ 460.102326][ T5914] usb 10-1: new high-speed USB device number 6 using dummy_hcd [ 460.254507][ T5914] usb 10-1: New USB device found, idVendor=05d1, idProduct=2021, bcdDevice= 9.00 [ 460.254539][ T5914] usb 10-1: New USB device strings: Mfr=0, Product=16, SerialNumber=0 [ 460.254559][ T5914] usb 10-1: Product: syz [ 460.300567][ T5914] usb 10-1: config 0 descriptor?? [ 460.304764][ T5914] ftdi_sio 10-1:0.0: FTDI USB Serial Device converter detected [ 460.306581][ T5914] usb 10-1: Detected FT232H [ 460.488217][T15886] netlink: 64 bytes leftover after parsing attributes in process `syz.6.4165'. [ 460.512545][ T5914] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 460.916221][ T5914] ftdi_sio 10-1:0.0: GPIO initialisation failed: -71 [ 460.929789][ T5914] usb 10-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 460.939339][ T5914] usb 10-1: USB disconnect, device number 6 [ 460.954493][ T5914] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 460.956824][ T5914] ftdi_sio 10-1:0.0: device disconnected [ 460.989236][T15899] tipc: Started in network mode [ 460.989267][T15899] tipc: Node identity ac14140f, cluster identity 4711 [ 460.989563][T15899] tipc: New replicast peer: 255.255.255.255 [ 461.084382][T15899] tipc: Enabled bearer , priority 10 [ 461.481371][T15919] netlink: 'syz.6.4180': attribute type 2 has an invalid length. [ 461.597991][T15921] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4189'. [ 461.703194][T15928] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4183'. [ 462.099857][ T5914] tipc: Node number set to 2886997007 [ 462.178561][T15947] tap0: tun_chr_ioctl cmd 1074025675 [ 462.178583][T15947] tap0: persist enabled [ 462.411487][T15958] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4198'. [ 462.529833][ T5830] usb 7-1: new high-speed USB device number 24 using dummy_hcd [ 462.603285][T15964] netlink: 128 bytes leftover after parsing attributes in process `syz.4.4201'. [ 462.603308][T15964] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 462.713722][ T5830] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 462.713773][ T5830] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 462.713798][ T5830] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 462.713818][ T5830] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 462.715074][ T5830] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 462.715101][ T5830] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 462.715121][ T5830] usb 7-1: Manufacturer: syz [ 462.794997][ T5830] usb 7-1: config 0 descriptor?? [ 463.244606][ T5830] appleir 0003:05AC:8243.002E: unknown main item tag 0x0 [ 463.273403][ T5830] appleir 0003:05AC:8243.002E: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.6-1/input0 [ 463.516444][ T37] usb 7-1: USB disconnect, device number 24 [ 463.987527][T16012] tap0: tun_chr_ioctl cmd 1074025675 [ 463.987550][T16012] tap0: persist enabled [ 464.680052][ T5914] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 464.700692][T16040] netlink: 'syz.8.4237': attribute type 83 has an invalid length. [ 464.832667][ T5914] usb 7-1: config 1 has an invalid descriptor of length 21, skipping remainder of the config [ 464.832694][ T5914] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 464.833632][ T5914] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 464.833654][ T5914] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 464.833664][ T5914] usb 7-1: SerialNumber: syz [ 465.084502][ T5914] usb 7-1: 0:2 : does not exist [ 465.084644][ T5914] usb 7-1: unit 108 not found! [ 465.084661][ T5914] usb 7-1: unit 219 not found! [ 465.084675][ T5914] usb 7-1: unit 169 not found! [ 465.315217][T16053] sit0: entered allmulticast mode [ 465.354731][T16053] sit0: entered promiscuous mode [ 465.481859][ T5914] usb 7-1: USB disconnect, device number 25 [ 465.746356][ T5825] udevd[5825]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 465.760914][T16061] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.4246'. [ 465.844078][T16063] kvm: kvm [16062]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010006) = 0xffffffffffffffff [ 466.806159][T16090] netlink: 'syz.6.4260': attribute type 2 has an invalid length. [ 466.806182][T16090] netlink: 'syz.6.4260': attribute type 4 has an invalid length. [ 467.139087][T16102] netlink: 92 bytes leftover after parsing attributes in process `syz.4.4271'. [ 468.157504][T16142] vxcan0: tx address claim with dest, not broadcast [ 468.366707][T16150] sit0: entered allmulticast mode [ 468.389191][T16152] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4288'. [ 468.411402][T16154] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4289'. [ 468.502238][T16155] sit0: entered promiscuous mode [ 469.390718][T16184] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 470.029415][T16210] netlink: 212368 bytes leftover after parsing attributes in process `syz.9.4314'. [ 470.443135][ T5823] Bluetooth: hci0: unexpected event for opcode 0x200f [ 470.938963][T16245] netlink: 40 bytes leftover after parsing attributes in process `syz.6.4329'. [ 470.938985][T16245] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4329'. [ 472.099359][T16293] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 472.763123][T16317] netlink: 72 bytes leftover after parsing attributes in process `syz.9.4364'. [ 473.593746][ T5823] Bluetooth: hci3: unexpected event for opcode 0x1003 [ 473.739799][ T37] usb 5-1: new full-speed USB device number 30 using dummy_hcd [ 473.894126][ T37] usb 5-1: config 246 has an invalid interface number: 166 but max is 0 [ 473.894155][ T37] usb 5-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config [ 473.894174][ T37] usb 5-1: config 246 has no interface number 0 [ 473.894216][ T37] usb 5-1: config 246 interface 166 altsetting 118 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 473.894243][ T37] usb 5-1: config 246 interface 166 has no altsetting 0 [ 473.946006][ T37] usb 5-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 9.63 [ 473.946034][ T37] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 473.946053][ T37] usb 5-1: Product: syz [ 473.946066][ T37] usb 5-1: Manufacturer: syz [ 473.946089][ T37] usb 5-1: SerialNumber: syz [ 474.633644][ T37] usb 5-1: Limiting number of CPorts to U8_MAX [ 474.698402][ T37] usb 5-1: Not enough endpoints found in device, aborting! [ 474.844352][ T5914] usb 5-1: USB disconnect, device number 30 [ 475.385976][T16386] program syz.8.4396 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 475.796068][T16402] input: syz0 as /devices/virtual/input/input29 [ 476.033974][T16411] netlink: 56 bytes leftover after parsing attributes in process `syz.8.4406'. [ 476.745837][T16439] netlink: 26332 bytes leftover after parsing attributes in process `syz.6.4419'. [ 477.326141][T16463] netlink: 164 bytes leftover after parsing attributes in process `syz.6.4429'. [ 477.670466][ T5823] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 477.670660][ T5823] Bluetooth: hci3: Injecting HCI hardware error event [ 477.679369][ T60] Bluetooth: hci3: hardware error 0x00 [ 478.274661][T16502] input: syz0 as /devices/virtual/input/input30 [ 478.817527][T16521] lo: entered promiscuous mode [ 478.849955][T16521] lo: left promiscuous mode [ 479.353273][T16546] netlink: 'syz.8.4468': attribute type 4 has an invalid length. [ 479.353294][T16546] netlink: 17 bytes leftover after parsing attributes in process `syz.8.4468'. [ 479.355836][T16546] netlink: 14601 bytes leftover after parsing attributes in process `syz.8.4468'. [ 479.597075][T16551] pim6reg: entered allmulticast mode [ 479.612744][T16550] pim6reg: left allmulticast mode [ 479.728543][T16558] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4474'. [ 479.980297][ T60] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 480.087843][ T60] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 480.405444][T16585] loop7: detected capacity change from 0 to 7 [ 480.426840][ C0] blk_print_req_error: 11 callbacks suppressed [ 480.426863][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 480.426891][ C0] buffer_io_error: 14 callbacks suppressed [ 480.426902][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 480.456483][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 480.456513][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 480.456784][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 480.456806][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 480.471477][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 480.471511][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 480.471717][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 480.471739][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 480.472022][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 480.472154][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 480.473730][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 480.473763][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 480.474515][T16585] ldm_validate_partition_table(): Disk read failed. [ 480.477322][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 480.477349][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 480.478274][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 480.478299][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 480.478547][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 480.478569][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 480.478843][T16585] Dev loop7: unable to read RDB block 0 [ 480.486048][T16585] loop7: unable to read partition table [ 480.486269][T16585] loop7: partition table beyond EOD, truncated [ 480.486298][T16585] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 480.804821][T16591] netlink: 'syz.4.4490': attribute type 4 has an invalid length. [ 480.804842][T16591] netlink: 17 bytes leftover after parsing attributes in process `syz.4.4490'. [ 480.807248][T16591] netlink: 14601 bytes leftover after parsing attributes in process `syz.4.4490'. [ 481.549859][ T37] usb 7-1: new high-speed USB device number 26 using dummy_hcd [ 481.704280][ T37] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 481.704322][ T37] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 481.704342][ T37] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 481.704383][ T37] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 481.704404][ T37] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 481.769598][ T37] usb 7-1: config 0 descriptor?? [ 481.780439][ T37] hub 7-1:0.0: USB hub found [ 482.003448][ T37] hub 7-1:0.0: 9 ports detected [ 482.003850][T16634] team0: No ports can be present during mode change [ 482.004332][ T37] hub 7-1:0.0: insufficient power available to use all downstream ports [ 482.217211][ T37] hub 7-1:0.0: hub_hub_status failed (err = -71) [ 482.217236][ T37] hub 7-1:0.0: config failed, can't get hub status (err -71) [ 482.302674][ T37] usb 7-1: USB disconnect, device number 26 [ 483.523223][T16667] loop4: detected capacity change from 0 to 7 [ 483.530651][T16667] ldm_validate_partition_table(): Disk read failed. [ 483.536260][T16667] Dev loop4: unable to read RDB block 0 [ 483.536523][T16667] loop4: unable to read partition table [ 483.536696][T16667] loop4: partition table beyond EOD, truncated [ 483.536715][T16667] loop_reread_partitions: partition scan of loop4 (Sj %`ր5) failed (rc=-5) [ 483.980989][ T1241] usb 7-1: new full-speed USB device number 27 using dummy_hcd [ 484.194123][ T1241] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 484.194162][ T1241] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 484.194204][ T1241] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 484.194226][ T1241] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 484.543967][ T1241] usb 7-1: GET_CAPABILITIES returned 0 [ 484.543995][ T1241] usbtmc 7-1:16.0: can't read capabilities [ 484.755273][ T5894] usb 7-1: USB disconnect, device number 27 [ 484.954129][T16693] batadv_slave_1: entered promiscuous mode [ 484.962952][T16692] batadv_slave_1: left promiscuous mode [ 485.080256][T16699] pim6reg: entered allmulticast mode [ 485.105347][T16698] pim6reg: left allmulticast mode [ 486.569771][ T5854] usb 9-1: new high-speed USB device number 7 using dummy_hcd [ 486.721687][ T5854] usb 9-1: Using ep0 maxpacket: 16 [ 486.725552][ T5854] usb 9-1: config index 0 descriptor too short (expected 51443, got 18) [ 486.727761][ T5854] usb 9-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 486.727789][ T5854] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 486.727809][ T5854] usb 9-1: Product: syz [ 486.727822][ T5854] usb 9-1: Manufacturer: syz [ 486.727831][ T5854] usb 9-1: SerialNumber: syz [ 486.735289][T16737] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4555'. [ 486.787302][ T5854] r8152-cfgselector 9-1: Unknown version 0x0000 [ 486.787319][ T5854] r8152-cfgselector 9-1: config 0 descriptor?? [ 487.172515][ T5854] r8152-cfgselector 9-1: Needed 2 retries to read version [ 487.466034][ T5854] r8152-cfgselector 9-1: USB disconnect, device number 7 [ 487.706172][T16752] batadv_slave_1: entered promiscuous mode [ 487.707190][T16751] batadv_slave_1: left promiscuous mode [ 487.768766][ T60] Bluetooth: hci0: unexpected event for opcode 0x0c7d [ 487.962293][T16760] program syz.6.4565 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 488.090655][T16764] loop4: detected capacity change from 0 to 7 [ 488.091299][T16764] buffer_io_error: 34 callbacks suppressed [ 488.091315][T16764] Buffer I/O error on dev loop4, logical block 0, async page read [ 488.091420][T16764] Buffer I/O error on dev loop4, logical block 0, async page read [ 488.091519][T16764] Buffer I/O error on dev loop4, logical block 0, async page read [ 488.091613][T16764] Buffer I/O error on dev loop4, logical block 0, async page read [ 488.091714][T16764] Buffer I/O error on dev loop4, logical block 0, async page read [ 488.091818][T16764] Buffer I/O error on dev loop4, logical block 0, async page read [ 488.092178][T16764] Buffer I/O error on dev loop4, logical block 0, async page read [ 488.092248][T16764] ldm_validate_partition_table(): Disk read failed. [ 488.092524][T16764] Buffer I/O error on dev loop4, logical block 0, async page read [ 488.092627][T16764] Buffer I/O error on dev loop4, logical block 0, async page read [ 488.092722][T16764] Buffer I/O error on dev loop4, logical block 0, async page read [ 488.092878][T16764] Dev loop4: unable to read RDB block 0 [ 488.093137][T16764] loop4: unable to read partition table [ 488.093342][T16764] loop4: partition table beyond EOD, truncated [ 488.093370][T16764] loop_reread_partitions: partition scan of loop4 (Sj %`ր5) failed (rc=-5) [ 488.101930][T16744] syz.4.4556 (16744) used greatest stack depth: 18528 bytes left [ 489.138858][ T38] audit: type=1326 audit(1776394296.918:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16766 comm="syz.8.4569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefcac2c819 code=0x7fc00000 [ 489.331619][T16801] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 490.094553][T16829] overlayfs: invalid origin (0000) [ 490.305920][T16837] netlink: 204 bytes leftover after parsing attributes in process `syz.8.4601'. [ 490.306330][T16837] netlink: 204 bytes leftover after parsing attributes in process `syz.8.4601'. [ 490.571973][ T38] audit: type=1326 audit(1776394298.358:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16816 comm="syz.4.4591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff43504c819 code=0x7fc00000 [ 491.278964][T16866] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4614'. [ 491.420031][ T5894] usb 9-1: new high-speed USB device number 8 using dummy_hcd [ 491.607248][ T5894] usb 9-1: Using ep0 maxpacket: 32 [ 491.609214][ T5894] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 491.609243][ T5894] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 491.609279][ T5894] usb 9-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 491.609301][ T5894] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 491.670525][ T5894] usb 9-1: config 0 descriptor?? [ 492.167363][ T5894] ft260 0003:0403:6030.002F: unknown main item tag 0x0 [ 492.167402][ T5894] ft260 0003:0403:6030.002F: unknown main item tag 0x0 [ 492.290362][ T5854] usb 7-1: new high-speed USB device number 28 using dummy_hcd [ 492.326059][ T5894] ft260 0003:0403:6030.002F: chip code: 0000 0000 [ 492.510089][ T5854] usb 7-1: Using ep0 maxpacket: 8 [ 492.515113][ T5854] usb 7-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 492.515143][ T5854] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 492.567767][ T5894] ft260 0003:0403:6030.002F: failed to retrieve system status [ 492.567954][ T5854] pvrusb2: Hardware description: Terratec Grabster AV400 [ 492.567971][ T5854] pvrusb2: ********** [ 492.567978][ T5854] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 492.567990][ T5854] pvrusb2: Important functionality might not be entirely working. [ 492.567998][ T5854] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 492.568009][ T5854] pvrusb2: ********** [ 492.568157][ T5894] ft260 0003:0403:6030.002F: probe with driver ft260 failed with error -71 [ 492.641844][ T5894] usb 9-1: USB disconnect, device number 8 [ 492.823938][ T2364] pvrusb2: Invalid write control endpoint [ 492.969375][ T5830] usb 7-1: USB disconnect, device number 28 [ 493.277712][ T2364] pvrusb2: Invalid write control endpoint [ 493.277728][ T2364] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 493.277738][ T2364] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 493.277745][ T2364] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 493.277759][ T2364] pvrusb2: Device being rendered inoperable [ 493.287503][ T2364] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 493.287575][ T2364] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 493.294286][ T2364] pvrusb2: Attached sub-driver cx25840 [ 493.294309][ T2364] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 493.294319][ T2364] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 493.910174][ T5854] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 494.066121][ T5854] usb 5-1: Using ep0 maxpacket: 8 [ 494.068252][ T5854] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 494.068278][ T5854] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 494.139490][ T5854] pvrusb2: Hardware description: Terratec Grabster AV400 [ 494.139508][ T5854] pvrusb2: ********** [ 494.139515][ T5854] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 494.139527][ T5854] pvrusb2: Important functionality might not be entirely working. [ 494.139535][ T5854] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 494.139547][ T5854] pvrusb2: ********** [ 494.345315][ T2364] pvrusb2: Invalid write control endpoint [ 494.536666][ T2364] pvrusb2: Invalid write control endpoint [ 494.536676][ T2364] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 494.536682][ T2364] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 494.536686][ T2364] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 494.536691][ T2364] pvrusb2: Device being rendered inoperable [ 494.586493][ T2364] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 494.586549][ T2364] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 494.593493][T16902] pvrusb2: Attempted to execute control transfer when device not ok [ 494.609441][ T5830] usb 5-1: USB disconnect, device number 31 [ 494.631540][ T2364] pvrusb2: Attached sub-driver cx25840 [ 494.631555][ T2364] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 494.631564][ T2364] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 495.197316][T16928] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4640'. [ 495.461611][T16936] tipc: Started in network mode [ 495.461640][T16936] tipc: Node identity ac14140f, cluster identity 4711 [ 495.461959][T16936] tipc: New replicast peer: 255.255.255.255 [ 495.466768][T16936] tipc: Enabled bearer , priority 10 [ 495.520618][T16939] binder: 16938:16939 ioctl c018620c 200000000280 returned -1 [ 495.897838][T16951] serio: Serial port ttyS3 [ 496.018498][T16960] tipc: Started in network mode [ 496.018525][T16960] tipc: Node identity ac14140f, cluster identity 4711 [ 496.018804][T16960] tipc: New replicast peer: 255.255.255.255 [ 496.029252][T16960] tipc: Enabled bearer , priority 10 [ 496.294164][T16968] netlink: 'syz.9.4660': attribute type 2 has an invalid length. [ 496.294184][T16968] netlink: 'syz.9.4660': attribute type 11 has an invalid length. [ 496.294197][T16968] netlink: 112 bytes leftover after parsing attributes in process `syz.9.4660'. [ 496.461312][ T5830] tipc: Node number set to 2886997007 [ 496.543571][T16978] netlink: 'syz.9.4666': attribute type 6 has an invalid length. [ 496.543585][T16978] netlink: 'syz.9.4666': attribute type 7 has an invalid length. [ 497.019200][T17000] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 512 [ 497.140261][ T5830] tipc: Node number set to 2886997007 [ 497.453170][T17020] netlink: 132 bytes leftover after parsing attributes in process `syz.8.4686'. [ 497.516099][T17022] netlink: 16 bytes leftover after parsing attributes in process `syz.9.4687'. [ 497.612355][T17024] netlink: 132 bytes leftover after parsing attributes in process `syz.6.4696'. [ 497.658192][T17026] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 512 [ 498.167253][T17051] netlink: 'syz.6.4701': attribute type 4 has an invalid length. [ 498.334175][ T820] usb 10-1: new high-speed USB device number 7 using dummy_hcd [ 498.482353][ T820] usb 10-1: Using ep0 maxpacket: 32 [ 498.485612][ T820] usb 10-1: config 0 has an invalid interface number: 12 but max is 0 [ 498.485646][ T820] usb 10-1: config 0 has no interface number 0 [ 498.485688][ T820] usb 10-1: config 0 interface 12 has no altsetting 0 [ 498.503016][ T820] usb 10-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 498.503043][ T820] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 498.503062][ T820] usb 10-1: Product: syz [ 498.503075][ T820] usb 10-1: Manufacturer: syz [ 498.503089][ T820] usb 10-1: SerialNumber: syz [ 498.557610][ T820] usb 10-1: config 0 descriptor?? [ 498.579337][T17066] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4710'. [ 498.709846][T17071] loop8: detected capacity change from 0 to 1 [ 498.904996][T17071] Dev loop8: unable to read RDB block 1 [ 498.905039][T17071] loop8: unable to read partition table [ 498.905256][T17071] loop8: partition table beyond EOD, truncated [ 498.905288][T17071] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 499.107341][ T38] audit: type=1326 audit(1776394306.888:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17081 comm="syz.8.4717" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fefcac2c819 code=0x0 [ 499.404979][ T820] f81534 10-1:0.12: f81534_set_register: reg: 1002 data: 0 failed: -71 [ 499.405048][ T820] f81534 10-1:0.12: f81534_find_config_idx: read failed: -71 [ 499.405064][ T820] f81534 10-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 499.405152][ T820] f81534 10-1:0.12: probe with driver f81534 failed with error -71 [ 499.465650][ T820] usb 10-1: USB disconnect, device number 7 [ 499.554624][T17091] tap0: tun_chr_ioctl cmd 1074025672 [ 499.554654][T17091] tap0: ignored: set checksum enabled [ 499.873909][T17103] loop8: detected capacity change from 0 to 1 [ 499.875218][T17103] Dev loop8: unable to read RDB block 1 [ 499.875245][T17103] loop8: unable to read partition table [ 499.879476][T17103] loop8: partition table beyond EOD, truncated [ 499.879521][T17103] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 501.026641][ T1333] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.026742][ T1333] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.049485][T17136] netlink: 56 bytes leftover after parsing attributes in process `syz.8.4739'. [ 502.389913][ T1241] usb 10-1: new high-speed USB device number 8 using dummy_hcd [ 502.443707][T17204] IPVS: persistence engine module ip_vs_pe_ not found [ 502.541471][ T1241] usb 10-1: Using ep0 maxpacket: 16 [ 502.545587][ T1241] usb 10-1: New USB device found, idVendor=0d8c, idProduct=0102, bcdDevice= 0.40 [ 502.545611][ T1241] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 502.545622][ T1241] usb 10-1: Product: syz [ 502.545629][ T1241] usb 10-1: Manufacturer: syz [ 502.545637][ T1241] usb 10-1: SerialNumber: syz [ 502.914243][T17222] Bluetooth: hci1: too big key_count value 65025 [ 503.230937][T17231] netlink: 65039 bytes leftover after parsing attributes in process `syz.8.4784'. [ 503.398023][ T1241] snd-usb-audio 10-1:1.0: probe with driver snd-usb-audio failed with error -71 [ 503.411823][ T1241] usb 10-1: USB disconnect, device number 8 [ 503.579935][ T820] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 503.741913][ T820] usb 5-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 503.745568][ T820] usb 5-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 503.745595][ T820] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 503.745615][ T820] usb 5-1: Product: syz [ 503.745628][ T820] usb 5-1: Manufacturer: syz [ 503.745641][ T820] usb 5-1: SerialNumber: syz [ 503.776815][ T820] usb 5-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state [ 504.263307][ T820] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 504.263751][ T820] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0) [ 504.263800][ T820] usb 5-1: media controller created [ 504.288260][ T820] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 504.426764][ T820] usb 5-1: USB disconnect, device number 32 [ 504.819580][T17274] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4802'. [ 504.820001][ T10] usb 10-1: new high-speed USB device number 9 using dummy_hcd [ 504.926776][T17277] overlay: ./file0 is not a directory [ 504.972236][ T10] usb 10-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 504.972268][ T10] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 504.978714][ T10] usb 10-1: config 0 descriptor?? [ 505.005671][ T10] cp210x 10-1:0.0: cp210x converter detected [ 505.248764][T17287] overlayfs: workdir and upperdir must reside under the same mount [ 505.431638][ T10] cp210x 10-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 505.442007][ T10] usb 10-1: cp210x converter now attached to ttyUSB0 [ 505.621879][ T820] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 505.666536][ T5894] usb 10-1: USB disconnect, device number 9 [ 505.678488][ T5894] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 505.769937][ T820] usb 5-1: Using ep0 maxpacket: 32 [ 505.772739][ T820] usb 5-1: config 0 has an invalid interface number: 85 but max is 0 [ 505.772764][ T820] usb 5-1: config 0 has no interface number 0 [ 505.772809][ T820] usb 5-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 505.772836][ T820] usb 5-1: config 0 interface 85 has no altsetting 0 [ 505.775334][ T820] usb 5-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 505.775363][ T820] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 505.775383][ T820] usb 5-1: Product: syz [ 505.775396][ T820] usb 5-1: Manufacturer: syz [ 505.775410][ T820] usb 5-1: SerialNumber: syz [ 505.784863][ T820] usb 5-1: config 0 descriptor?? [ 505.871278][ T5894] cp210x 10-1:0.0: device disconnected [ 506.398848][ T820] appletouch 5-1:0.85: Geyser mode initialized. [ 506.408295][ T820] input: appletouch as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.85/input/input32 [ 506.747344][ C1] appletouch 5-1:0.85: atp_complete: usb_submit_urb failed with result -1 [ 506.760735][ T820] usb 5-1: USB disconnect, device number 33 [ 507.008222][ T820] appletouch 5-1:0.85: input: appletouch disconnected [ 507.934393][T17361] netlink: 'syz.9.4840': attribute type 1 has an invalid length. [ 507.934597][T17361] netlink: 'syz.9.4840': attribute type 2 has an invalid length. [ 507.934612][T17361] netlink: 'syz.9.4840': attribute type 1 has an invalid length. [ 507.973936][T17364] netlink: 16 bytes leftover after parsing attributes in process `syz.8.4842'. [ 508.021106][T17367] netlink: 'syz.9.4843': attribute type 19 has an invalid length. [ 508.021128][T17367] netlink: 180 bytes leftover after parsing attributes in process `syz.9.4843'. [ 508.069795][ T820] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 508.244602][ T820] usb 5-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 508.244632][ T820] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 508.267060][ T820] usb 5-1: config 0 descriptor?? [ 508.287869][ T820] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 508.685466][ T820] cpia1 5-1:0.0: unexpected state after lo power cmd: 00 [ 508.893971][ T820] gspca_cpia1: usb_control_msg 01, error -32 [ 508.894404][ T820] gspca_cpia1: usb_control_msg 01, error -71 [ 508.894420][ T820] cpia1 5-1:0.0: only firmware version 1 is supported (got: 0) [ 508.933124][ T820] usb 5-1: USB disconnect, device number 34 [ 509.080330][T17396] loop2: detected capacity change from 0 to 7 [ 509.097883][T17396] Dev loop2: unable to read RDB block 7 [ 509.097910][T17396] loop2: unable to read partition table [ 509.098028][T17396] loop2: partition table beyond EOD, truncated [ 509.098055][T17396] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 509.429798][ T1241] usb 10-1: new high-speed USB device number 10 using dummy_hcd [ 509.579943][ T1241] usb 10-1: Using ep0 maxpacket: 8 [ 509.582446][ T1241] usb 10-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 509.582464][ T1241] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 509.617275][ T1241] pvrusb2: Hardware description: Terratec Grabster AV400 [ 509.617290][ T1241] pvrusb2: ********** [ 509.617296][ T1241] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 509.617306][ T1241] pvrusb2: Important functionality might not be entirely working. [ 509.617314][ T1241] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 509.617322][ T1241] pvrusb2: ********** [ 509.780651][ T38] audit: type=1326 audit(1776394317.568:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17388 comm="syz.8.4853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefcac2c819 code=0x7fc00000 [ 509.834251][ T2364] pvrusb2: Invalid write control endpoint [ 510.054949][T17401] pvrusb2: Invalid write control endpoint [ 510.058973][ T5854] usb 10-1: USB disconnect, device number 10 [ 510.186362][ T2364] pvrusb2: Invalid write control endpoint [ 510.186378][ T2364] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 510.186386][ T2364] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 510.186393][ T2364] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 510.186403][ T2364] pvrusb2: Device being rendered inoperable [ 510.189069][ T2364] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 510.189109][ T2364] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 510.362294][ T2364] pvrusb2: Attached sub-driver cx25840 [ 510.362310][ T2364] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 510.362320][ T2364] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 511.048083][ T38] audit: type=1326 audit(1776394318.828:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17443 comm="syz.9.4878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07eee4c819 code=0x7ffc0000 [ 511.048133][ T38] audit: type=1326 audit(1776394318.828:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17443 comm="syz.9.4878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07eee4c819 code=0x7ffc0000 [ 511.109074][ T38] audit: type=1326 audit(1776394318.888:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17443 comm="syz.9.4878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07eee4c819 code=0x7ffc0000 [ 511.109124][ T38] audit: type=1326 audit(1776394318.888:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17443 comm="syz.9.4878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07eee4c819 code=0x7ffc0000 [ 511.109161][ T38] audit: type=1326 audit(1776394318.888:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17443 comm="syz.9.4878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f07eee0d04e code=0x7ffc0000 [ 511.109199][ T38] audit: type=1326 audit(1776394318.888:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17443 comm="syz.9.4878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07eee4c819 code=0x7ffc0000 [ 511.153791][ T38] audit: type=1326 audit(1776394318.938:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17443 comm="syz.9.4878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07eee4c819 code=0x7ffc0000 [ 511.187712][ T38] audit: type=1326 audit(1776394318.968:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17443 comm="syz.9.4878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07eee4c819 code=0x7ffc0000 [ 511.187761][ T38] audit: type=1326 audit(1776394318.968:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17443 comm="syz.9.4878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07eee4c819 code=0x7ffc0000 [ 512.391128][ T1241] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 512.551246][ T1241] usb 5-1: Using ep0 maxpacket: 32 [ 512.555618][ T1241] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 512.555644][ T1241] usb 5-1: config 0 has no interface number 0 [ 512.569803][ T1241] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 512.569831][ T1241] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 512.569849][ T1241] usb 5-1: Product: syz [ 512.569863][ T1241] usb 5-1: Manufacturer: syz [ 512.569876][ T1241] usb 5-1: SerialNumber: syz [ 512.654429][ T1241] usb 5-1: config 0 descriptor?? [ 512.666795][ T1241] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 512.890223][T17489] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 512.934639][T17489] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 512.967261][ T1241] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 513.048375][ T1241] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 513.142542][ C0] quatech-serial ttyUSB0: qt2_process_read_urb - xmit_empty message too short [ 513.367060][ C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 513.368697][ T5830] usb 5-1: USB disconnect, device number 35 [ 513.428060][ T5830] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 513.445855][ T5830] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 513.453541][ T5830] quatech2 5-1:0.51: device disconnected [ 514.192925][T17555] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4929'. [ 514.515039][T17570] sctp: Trying to GSO but underlying device doesn't support it. [ 515.122229][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 515.174787][T17599] smc: net device hsr0 applied user defined pnetid SYZ2 [ 515.179452][T17599] smc: net device hsr0 erased user defined pnetid SYZ2 [ 515.374611][T17607] program syz.8.4953 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 516.332258][T17643] netlink: 92 bytes leftover after parsing attributes in process `syz.6.4973'. [ 516.332279][T17643] netlink: 'syz.6.4973': attribute type 1 has an invalid length. [ 516.481585][T17649] netlink: 8 bytes leftover after parsing attributes in process `syz.9.4974'. [ 516.633657][T17652] netlink: 212340 bytes leftover after parsing attributes in process `syz.9.4977'. [ 516.633770][T17652] openvswitch: netlink: Port 167772160 exceeds max allowable 65535 [ 517.000502][T17648] netlink: 56 bytes leftover after parsing attributes in process `syz.6.4975'. [ 517.219473][T17667] netlink: 56 bytes leftover after parsing attributes in process `syz.6.4982'. [ 517.713711][T17671] netlink: 20 bytes leftover after parsing attributes in process `syz.6.4985'. [ 518.147409][ T5823] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 518.211327][ T5823] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 518.214114][ T5823] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 518.217969][ T5823] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 518.218834][ T5823] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 518.547047][ T2206] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 518.611515][T17682] netlink: 'syz.9.4989': attribute type 12 has an invalid length. [ 518.611539][T17682] netlink: 120 bytes leftover after parsing attributes in process `syz.9.4989'. [ 519.301483][ T2206] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 519.439883][ T5830] usb 7-1: new high-speed USB device number 29 using dummy_hcd [ 519.601729][T17706] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5001'. [ 519.638873][ T5830] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 519.638903][ T5830] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 519.666766][ T5830] usb 7-1: config 0 descriptor?? [ 519.696363][ T5830] cp210x 7-1:0.0: cp210x converter detected [ 519.922991][ T5830] usb 7-1: cp210x converter now attached to ttyUSB0 [ 520.058791][ T2206] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 520.379959][ T5823] Bluetooth: hci2: command tx timeout [ 520.615166][ T2206] team0: Port device netdevsim0 removed [ 520.617233][ T2206] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 521.268189][T17675] chnl_net:caif_netlink_parms(): no params data found [ 522.111790][T17675] bridge0: port 1(bridge_slave_0) entered blocking state [ 522.113229][ T60] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 522.114226][T17675] bridge0: port 1(bridge_slave_0) entered disabled state [ 522.114516][T17675] bridge_slave_0: entered allmulticast mode [ 522.135687][ T60] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 522.162765][ T60] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 522.198263][ T60] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 522.213670][ T60] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 522.236842][T17675] bridge_slave_0: entered promiscuous mode [ 522.367012][T17675] bridge0: port 2(bridge_slave_1) entered blocking state [ 522.375209][T17675] bridge0: port 2(bridge_slave_1) entered disabled state [ 522.376341][T17675] bridge_slave_1: entered allmulticast mode [ 522.398200][T17675] bridge_slave_1: entered promiscuous mode [ 522.467936][ T5830] usb 7-1: USB disconnect, device number 29 [ 522.477162][ T5823] Bluetooth: hci2: command tx timeout [ 522.516398][ T5830] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 522.517170][ T5830] cp210x 7-1:0.0: device disconnected [ 523.297411][ T2206] bridge_slave_1: left allmulticast mode [ 523.297786][ T2206] bridge0: port 2(bridge_slave_1) entered disabled state [ 523.390708][ T2206] bridge_slave_0: left allmulticast mode [ 523.390728][ T2206] bridge_slave_0: left promiscuous mode [ 523.390906][ T2206] bridge0: port 1(bridge_slave_0) entered disabled state [ 524.079931][ T39] INFO: task syz-executor:7987 blocked for more than 143 seconds. [ 524.079958][ T39] Tainted: G L syzkaller #0 [ 524.079969][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 524.079978][ T39] task:syz-executor state:D stack:21120 pid:7987 tgid:7987 ppid:1 task_flags:0x400140 flags:0x00080002 [ 524.080027][ T39] Call Trace: [ 524.080035][ T39] [ 524.080045][ T39] __schedule+0x169e/0x54f0 [ 524.080083][ T39] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 524.080109][ T39] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 524.080134][ T39] ? rt_spin_lock+0x1e0/0x400 [ 524.080152][ T39] ? __pfx___schedule+0x10/0x10 [ 524.080180][ T39] ? schedule+0x90/0x360 [ 524.080205][ T39] schedule+0x164/0x360 [ 524.080227][ T39] fuse_chan_wait_aborted+0x15b/0x250 [ 524.080249][ T39] ? __pfx_fuse_chan_wait_aborted+0x10/0x10 [ 524.080268][ T39] ? __pfx_autoremove_wake_function+0x10/0x10 [ 524.080289][ T39] ? __pfx_fuse_chan_abort+0x10/0x10 [ 524.080308][ T39] ? do_raw_spin_lock+0x12b/0x2f0 [ 524.080333][ T39] fuse_conn_destroy+0x1e7/0x3e0 [ 524.080359][ T39] ? __pfx_fuse_conn_destroy+0x10/0x10 [ 524.080380][ T39] ? lockdep_hardirqs_on+0x7a/0x110 [ 524.080406][ T39] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 524.080432][ T39] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 524.080465][ T39] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 524.080488][ T39] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 524.080512][ T39] ? lockdep_hardirqs_on+0x7a/0x110 [ 524.080536][ T39] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 524.080561][ T39] fuse_kill_sb_anon+0x1ef/0x270 [ 524.080602][ T39] deactivate_locked_super+0xbc/0x130 [ 524.080628][ T39] cleanup_mnt+0x437/0x4d0 [ 524.080652][ T39] ? _raw_spin_unlock_irq+0x23/0x50 [ 524.080681][ T39] task_work_run+0x1d9/0x270 [ 524.080709][ T39] ? __pfx_task_work_run+0x10/0x10 [ 524.080736][ T39] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 524.080756][ T39] exit_to_user_mode_loop+0xed/0x480 [ 524.080778][ T39] ? rcu_is_watching+0x15/0xb0 [ 524.080804][ T39] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 524.080824][ T39] do_syscall_64+0x33e/0xf80 [ 524.080847][ T39] ? trace_irq_disable+0x3b/0x140 [ 524.080867][ T39] ? clear_bhb_loop+0x40/0x90 [ 524.080888][ T39] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 524.080913][ T39] RIP: 0033:0x7fc19868da57 [ 524.080931][ T39] RSP: 002b:00007ffff4975768 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 524.080960][ T39] RAX: 0000000000000000 RBX: 00007fc198722048 RCX: 00007fc19868da57 [ 524.080977][ T39] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffff4975820 [ 524.080989][ T39] RBP: 00007ffff4975820 R08: 00007ffff4976820 R09: 00000000ffffffff [ 524.081002][ T39] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffff49768b0 [ 524.081015][ T39] R13: 00007fc198722048 R14: 00000000000580c9 R15: 00007ffff49768f0 [ 524.081046][ T39] [ 524.081108][ T39] [ 524.081108][ T39] Showing all locks held in the system: [ 524.081118][ T39] 7 locks held by ktimers/1/30: [ 524.081130][ T39] #0: ffffffff8e25f260 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 524.081286][ T39] #1: ffffffff8e3c8100 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 524.081329][ T39] #2: ffff8880b8726360 (&base->expiry_lock){+...}-{3:3}, at: __run_timer_base+0x120/0x9f0 [ 524.081374][ T39] #3: ffffffff8e3c8100 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 524.081418][ T39] #4: ffffc90000a4fa80 (&(&forw_packet_aggr->delayed_work)->timer){....}-{0:0}, at: __run_timer_base+0x76c/0x9f0 [ 524.081475][ T39] #5: ffffffff8e3c8100 (rcu_read_lock){....}-{1:3}, at: hsr_announce+0x89/0x370 [ 524.081517][ T39] #6: ffffffff8e25f260 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 524.081559][ T39] 1 lock held by khungtaskd/39: [ 524.081569][ T39] #0: ffffffff8e3c8100 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 524.081621][ T39] 3 locks held by kworker/u8:8/160: [ 524.081631][ T39] #0: ffff88801ae84138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x890/0x1710 [ 524.081670][ T39] #1: ffffc900039e7c40 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710 [ 524.081710][ T39] #2: ffffffff8f7a20f8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 524.081753][ T39] 3 locks held by kworker/1:2/820: [ 524.081763][ T39] #0: ffff88813fe47938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x890/0x1710 [ 524.081803][ T39] #1: ffffc900055a7c40 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710 [ 524.081843][ T39] #2: ffffffff8f7a20f8 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 [ 524.081899][ T39] 4 locks held by kworker/u8:10/2206: [ 524.081910][ T39] #0: ffff88801be86138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x890/0x1710 [ 524.081950][ T39] #1: ffffc90006fffc40 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710 [ 524.081987][ T39] #2: ffffffff8f793080 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf4/0x800 [ 524.082025][ T39] #3: ffffffff8f7a20f8 (rtnl_mutex){+.+.}-{4:4}, at: ops_undo_list+0x2a4/0x940 [ 524.082075][ T39] 1 lock held by dhcpcd/5489: [ 524.082085][ T39] #0: ffffffff8f7a20f8 (rtnl_mutex){+.+.}-{4:4}, at: devinet_ioctl+0x32b/0x1b30 [ 524.082134][ T39] 2 locks held by getty/5581: [ 524.082143][ T39] #0: ffff8880384a40a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 524.082190][ T39] #1: ffffc90003cbe2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x462/0x13a0 [ 524.082234][ T39] 1 lock held by syz-executor/7987: [ 524.082243][ T39] #0: ffff8880376f20d0 (&type->s_umount_key#58){+.+.}-{4:4}, at: deactivate_super+0xa9/0xe0 [ 524.082297][ T39] 1 lock held by syz-executor/17675: [ 524.082306][ T39] #0: ffffffff8f7a20f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x883/0x1bb0 [ 524.082356][ T39] 1 lock held by syz-executor/17748: [ 524.082366][ T39] #0: ffffffff8f7a20f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x883/0x1bb0 [ 524.082411][ T39] 4 locks held by syz.9.5026/17777: [ 524.082422][ T39] #0: ffffffff8f811cc0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 524.082472][ T39] #1: ffff88805f2ea928 (nlk_cb_mutex-GENERIC){+.+.}-{4:4}, at: __netlink_dump_start+0xfe/0x7e0 [ 524.082515][ T39] #2: ffffffff8f811ad8 (genl_mutex){+.+.}-{4:4}, at: genl_dumpit+0xdb/0x1b0 [ 524.082559][ T39] #3: ffffffff8f7a20f8 (rtnl_mutex){+.+.}-{4:4}, at: tipc_nl_node_dump_monitor+0x1a2/0x2f0 [ 524.082611][ T39] 2 locks held by syz.9.5026/17780: [ 524.082622][ T39] #0: ffffffff8f811cc0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 524.082691][ T39] #1: ffffffff8f811ad8 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10b/0x7a0 [ 524.082740][ T39] [ 524.082745][ T39] ============================================= [ 524.082745][ T39] [ 524.082760][ T39] NMI backtrace for cpu 0 [ 524.082783][ T39] CPU: 0 UID: 0 PID: 39 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 524.082807][ T39] Tainted: [L]=SOFTLOCKUP [ 524.082814][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 524.082825][ T39] Call Trace: [ 524.082832][ T39] [ 524.082840][ T39] dump_stack_lvl+0xe8/0x150 [ 524.082861][ T39] nmi_cpu_backtrace+0x274/0x2d0 [ 524.082883][ T39] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 524.082905][ T39] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 524.082928][ T39] sys_info+0x135/0x170 [ 524.082946][ T39] watchdog+0xfd3/0x1030 [ 524.082972][ T39] ? watchdog+0x1c9/0x1030 [ 524.082996][ T39] kthread+0x388/0x470 [ 524.083017][ T39] ? __pfx_watchdog+0x10/0x10 [ 524.083033][ T39] ? __pfx_kthread+0x10/0x10 [ 524.083057][ T39] ret_from_fork+0x514/0xb70 [ 524.083079][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 524.083098][ T39] ? __switch_to+0xc79/0x1410 [ 524.083125][ T39] ? __pfx_kthread+0x10/0x10 [ 524.083147][ T39] ret_from_fork_asm+0x1a/0x30 [ 524.083182][ T39] [ 524.083188][ T39] Sending NMI from CPU 0 to CPUs 1: [ 524.083214][ C1] NMI backtrace for cpu 1 [ 524.083228][ C1] CPU: 1 UID: 0 PID: 3572 Comm: kworker/u8:16 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 524.083249][ C1] Tainted: [L]=SOFTLOCKUP [ 524.083254][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 524.083263][ C1] Workqueue: events_unbound nsim_dev_trap_report_work [ 524.083287][ C1] RIP: 0010:lockdep_hardirqs_on_prepare+0xee/0x260 [ 524.083306][ C1] Code: f8 0b 00 00 45 31 ff 4d 89 f4 eb 13 49 ff c7 48 63 83 f0 0b 00 00 49 83 c4 28 49 39 c7 7d 44 49 83 ff 31 73 2d 41 8b 44 24 20 00 00 04 00 74 db 25 00 00 03 00 83 f8 01 ba 03 00 00 00 83 da [ 524.083319][ C1] RSP: 0018:ffffc9000e57f9e8 EFLAGS: 00000083 [ 524.083331][ C1] RAX: 000000000002000b RBX: ffff8880346e1ec0 RCX: ffffffff936c8bd0 [ 524.083342][ C1] RDX: 0000000000000002 RSI: ffff8880346e2b30 RDI: ffff8880346e1ec0 [ 524.083352][ C1] RBP: 1ffff110068dc554 R08: ffffffff8fcf3df7 R09: 1ffffffff1f9e7be [ 524.083362][ C1] R10: dffffc0000000000 R11: fffffbfff1f9e7bf R12: ffff8880346e2b58 [ 524.083373][ C1] R13: dffffc0000000000 R14: ffff8880346e2ab8 R15: 0000000000000004 [ 524.083384][ C1] FS: 0000000000000000(0000) GS:ffff888125b64000(0000) knlGS:0000000000000000 [ 524.083395][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 524.083405][ C1] CR2: 0000001b3411cff8 CR3: 0000000055c36000 CR4: 00000000003526f0 [ 524.083419][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 524.083428][ C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 524.083437][ C1] Call Trace: [ 524.083442][ C1] [ 524.083449][ C1] trace_hardirqs_on+0x28/0x40 [ 524.083466][ C1] __local_bh_enable_ip+0x1ae/0x2b0 [ 524.083480][ C1] ? nsim_dev_trap_report_work+0x72e/0xbc0 [ 524.083501][ C1] nsim_dev_trap_report_work+0x7f2/0xbc0 [ 524.083526][ C1] ? process_one_work+0x8b7/0x1710 [ 524.083539][ C1] process_one_work+0x9a3/0x1710 [ 524.083559][ C1] ? __pfx_process_one_work+0x10/0x10 [ 524.083572][ C1] ? do_raw_spin_lock+0x12b/0x2f0 [ 524.083592][ C1] worker_thread+0xba8/0x11e0 [ 524.083614][ C1] kthread+0x388/0x470 [ 524.083630][ C1] ? __pfx_worker_thread+0x10/0x10 [ 524.083644][ C1] ? __pfx_kthread+0x10/0x10 [ 524.083661][ C1] ret_from_fork+0x514/0xb70 [ 524.083675][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 524.083689][ C1] ? __switch_to+0xc79/0x1410 [ 524.083708][ C1] ? __pfx_kthread+0x10/0x10 [ 524.083728][ C1] ret_from_fork_asm+0x1a/0x30 [ 524.083749][ C1] [ 524.084221][ T39] Kernel panic - not syncing: hung_task: blocked tasks [ 524.084237][ T39] CPU: 0 UID: 0 PID: 39 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 524.084261][ T39] Tainted: [L]=SOFTLOCKUP [ 524.084268][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 524.084278][ T39] Call Trace: [ 524.084285][ T39] [ 524.084292][ T39] vpanic+0x56c/0xa60 [ 524.084318][ T39] ? __pfx_vpanic+0x10/0x10 [ 524.084348][ T39] panic+0xc5/0xd0 [ 524.084368][ T39] ? __pfx_panic+0x10/0x10 [ 524.084398][ T39] ? nmi_trigger_cpumask_backtrace+0x234/0x300 [ 524.084423][ T39] watchdog+0x102c/0x1030 [ 524.084449][ T39] ? watchdog+0x1c9/0x1030 [ 524.084481][ T39] kthread+0x388/0x470 [ 524.084504][ T39] ? __pfx_watchdog+0x10/0x10 [ 524.084521][ T39] ? __pfx_kthread+0x10/0x10 [ 524.084544][ T39] ret_from_fork+0x514/0xb70 [ 524.084566][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 524.084586][ T39] ? __switch_to+0xc79/0x1410 [ 524.084612][ T39] ? __pfx_kthread+0x10/0x10 [ 524.084636][ T39] ret_from_fork_asm+0x1a/0x30 [ 524.084671][ T39] [ 524.085027][ T39] Kernel Offset: disabled