last executing test programs: 1m0.429902398s ago: executing program 3 (id=3147): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="c2", 0x1, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) shutdown(r0, 0x1) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f00000003c0)={r2}, &(0x7f00000006c0)=0x10) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000300)={r3}, &(0x7f0000000340)=0x8) 1m0.210605139s ago: executing program 3 (id=3151): r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r0, 0x118, 0x1, &(0x7f0000000080)=0xfffffffd, 0x4) 59.929227374s ago: executing program 3 (id=3156): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f0000000140)={{@host}, 0x1}) 59.141326221s ago: executing program 3 (id=3159): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000a80)=[{&(0x7f000004ca80)=""/102397, 0x18ffd}, {0x0}], 0x2, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000002a00)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0000002071a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe0000000085000000a3000000b700000000000000950001000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050505f8e6fb0fd7ddcb12b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7131b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc8136bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b001000000a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5b787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72323cc924e627f2f4b775dd4e9e3070756f97a6791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdfa2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa802000000872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b9243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00c75367966130b547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b0600000000000000564a2b49b745f3bf2cf7908b6d7d748308eea09fb4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da2022f23daec61854f640f701db0276652f6c74f20675eb781925441578f93046aaddea8ec4ca37f71c2710a7e58ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e4fe9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eee46eb20c20bb82aa31771cd379ec83554cea5e6539d85b980e358d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f9166965a53beb05142e1b1550a8cb7852f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9d95fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b9617432e251d14b283f7d82761c26e329555f9290af4100000000000000749efd3f63655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b0000000032a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002157a3609b6ff9843ee19ec647249a9375de5858818f3c2432e6ced4380217ac51a84a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3bbdc8c17a23692759ccf5a205111b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c8e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd809269f816fa748b20ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a996d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f9289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f05714a1d3ef29acd4d49b62339c10c2ec0dac4728288e78980c1184d8223edbccbf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc30935455f6de5b64bcdfaf8ac04ce96c421e5dbc85e168d3559ab13df98163e39e4065e65a2f43412535d6f7c09830f3a0865356602363c690d2755768612bb7330a8b285f2584892eaff1889a61ee0c2a6d1831d41805707bb43991d40feb5dd070000000000006ed70faa6f42ab4065dfa5227deb52b2a3730558dcacc145d5bcffe5f90f85b0a27b0439b5e9edf1856b4a09d4cc333e7c4893bd8c434414335e34390c9ad847d8d26c90ce53214d7083f10cf25b5f2381d83e30dc622453251b7189282e6e40557a8645fdf27c2b474b4200ddafa6538cdb45cc93dbebd91d1fbbd6ebb081c6efb001adc641e929750452932cd0f8d7a0c9f8de0d64d7a9751d93b973b9cce1aaed8b00681cac4332bcaf97864627698e395ae0cd2ee505bf472e11b2dbfcbcb793872e261f626818555f6fa3bdb302ba1089ba5ec8e66d0ae72da2bc09ab98a8e711a39d438cf5f59eebe3d71331850cfd587b35e58d5b23f065642ff58a5a71213c9ceeb40f81f24832863e3d26d167290c0c5bb9c8ae9b201ffde31b7d6ad3d27347b38befa07be186b0c7ad6fdec572a3fb2568de245f1bde56391c95d80a5479575fa7c13f1e1589dc3501c88cac9155fd5b62306f5c4aa74c2994055353dac64a2d38671b000000000000"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040)}, 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r1, 0xe0, &(0x7f0000001980)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000140)={r2}, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r3, 0x108, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f09df33c9f7b986", 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 56.993281441s ago: executing program 4 (id=3163): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=@can_delroute={0x34, 0x19, 0x1, 0x0, 0x0, {}, [@CGW_CS_XOR={0x8, 0x5, {0x0, 0x40}}, @CGW_MOD_SET={0x15, 0x4, {{{}, 0x0, 0x0, 0x0, 0x0, "2d2fd7ac2612dea2"}, 0x1}}]}, 0x34}}, 0x0) 56.901173889s ago: executing program 4 (id=3165): syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000100)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) 56.693124887s ago: executing program 3 (id=3168): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_AUTHENTICATE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)={0x50, r2, 0x11, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @key_params=[@NL80211_ATTR_MAC={0xa, 0x6, @device_b}], @key_params=[@NL80211_ATTR_KEY={0xc, 0x50, 0x0, 0x1, [@NL80211_KEY_DEFAULT_MGMT={0x4}, @NL80211_KEY_DEFAULT={0x4}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random}]]}, 0x50}}, 0x0) 56.54953909s ago: executing program 3 (id=3172): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 56.086353147s ago: executing program 4 (id=3177): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(0xffffffffffffffff, 0x7a8, &(0x7f0000000040)={{@my=0x1}}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'macvlan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="4c00000010000100000000000000000080dcba2e", @ANYRES32=r2, @ANYBLOB="00000000000000002c0012800c0001006d6163766c616e001c00028008000100040000000800070000000000080003"], 0x4c}}, 0x0) 56.026232827s ago: executing program 4 (id=3178): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000a80)=[{&(0x7f000004ca80)=""/102397, 0x18ffd}, {0x0}], 0x2, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000002a00)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0000002071a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe0000000085000000a3000000b700000000000000950001000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050505f8e6fb0fd7ddcb12b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7131b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc8136bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b001000000a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5b787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72323cc924e627f2f4b775dd4e9e3070756f97a6791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdfa2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa802000000872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b9243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00c75367966130b547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b0600000000000000564a2b49b745f3bf2cf7908b6d7d748308eea09fb4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da2022f23daec61854f640f701db0276652f6c74f20675eb781925441578f93046aaddea8ec4ca37f71c2710a7e58ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e4fe9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eee46eb20c20bb82aa31771cd379ec83554cea5e6539d85b980e358d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f9166965a53beb05142e1b1550a8cb7852f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9d95fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b9617432e251d14b283f7d82761c26e329555f9290af4100000000000000749efd3f63655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b0000000032a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002157a3609b6ff9843ee19ec647249a9375de5858818f3c2432e6ced4380217ac51a84a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3bbdc8c17a23692759ccf5a205111b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c8e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd809269f816fa748b20ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a996d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f9289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f05714a1d3ef29acd4d49b62339c10c2ec0dac4728288e78980c1184d8223edbccbf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc30935455f6de5b64bcdfaf8ac04ce96c421e5dbc85e168d3559ab13df98163e39e4065e65a2f43412535d6f7c09830f3a0865356602363c690d2755768612bb7330a8b285f2584892eaff1889a61ee0c2a6d1831d41805707bb43991d40feb5dd070000000000006ed70faa6f42ab4065dfa5227deb52b2a3730558dcacc145d5bcffe5f90f85b0a27b0439b5e9edf1856b4a09d4cc333e7c4893bd8c434414335e34390c9ad847d8d26c90ce53214d7083f10cf25b5f2381d83e30dc622453251b7189282e6e40557a8645fdf27c2b474b4200ddafa6538cdb45cc93dbebd91d1fbbd6ebb081c6efb001adc641e929750452932cd0f8d7a0c9f8de0d64d7a9751d93b973b9cce1aaed8b00681cac4332bcaf97864627698e395ae0cd2ee505bf472e11b2dbfcbcb793872e261f626818555f6fa3bdb302ba1089ba5ec8e66d0ae72da2bc09ab98a8e711a39d438cf5f59eebe3d71331850cfd587b35e58d5b23f065642ff58a5a71213c9ceeb40f81f24832863e3d26d167290c0c5bb9c8ae9b201ffde31b7d6ad3d27347b38befa07be186b0c7ad6fdec572a3fb2568de245f1bde56391c95d80a5479575fa7c13f1e1589dc3501c88cac9155fd5b62306f5c4aa74c2994055353dac64a2d38671b000000000000"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040)}, 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r1, 0xe0, &(0x7f0000001980)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000140)={r2}, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r3, 0x108, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f09df33c9f7b986", 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 55.752682946s ago: executing program 4 (id=3179): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x1c, 0x0, 0x0, 0x0, 0x0, {0x0, 0x7c}, [@typed={0x4}, @nested={0x4}]}, 0x1c}}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="200000007600010000000000000000000300000000004000080001"], 0x20}}, 0x0) 55.69207363s ago: executing program 4 (id=3180): r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) 8.651996201s ago: executing program 0 (id=3469): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000580)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES16], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x22, 0xf, {[@local=@item_4={0x3, 0x2, 0x0, "f896e404"}, @local=@item_012={0x1, 0x2, 0x0, 'e'}, @main=@item_012={0x2, 0x0, 0x9, "f792"}, @main=@item_4={0x3, 0x0, 0x0, "9ef12d19"}]}}, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCSUSAGE(r1, 0x4018480c, &(0x7f0000000100)={0x3, 0x200, 0x0, 0xc}) 5.614308478s ago: executing program 0 (id=3475): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000073000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x10, 0x10, &(0x7f00000002c0)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SG_IO(r2, 0x2285, &(0x7f0000000040)={0x53, 0x0, 0x6, 0x0, @buffer={0x300, 0x41001, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x0, 0x0, 0x0, 0x0}) 5.566215582s ago: executing program 0 (id=3476): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@ipv6_delrule={0x30, 0x21, 0x1, 0x0, 0x0, {}, [@FIB_RULE_POLICY=@FRA_UID_RANGE={0xc}, @FIB_RULE_POLICY=@FRA_IP_PROTO={0x5}]}, 0x30}}, 0x0) 5.473922858s ago: executing program 0 (id=3478): r0 = openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe2(&(0x7f0000000040), 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) openat$cgroup_ro(r0, 0x0, 0x7a05, 0x1700) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f00000003c0)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES64=r2, @ANYBLOB="0000200000977670aef4ff3f44384471e52be1ca714109000000000000002ce3c8c3907e0a31366e605719"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, 0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_open_dev$tty20(0xc, 0x4, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222}, 0x78) 4.2158672s ago: executing program 0 (id=3485): r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$binfmt_aout(r0, &(0x7f0000000380)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, 0x0) syz_open_pts(r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) close(r1) mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x10b091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000300)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x9101a, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000480)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0) mount$bind(&(0x7f0000000280)='./file0\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x2187017, 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00') sendfile(r2, r4, 0x0, 0x100800001) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x15) mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000140)=ANY=[@ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX]) 4.133189228s ago: executing program 0 (id=3486): r0 = openat$smackfs_cipsonum(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/doi\x00', 0x2, 0x0) preadv(r0, &(0x7f0000003080)=[{&(0x7f0000002fc0)=""/74, 0x4a}, {0x0}], 0x2, 0x80, 0x0) 1.721137198s ago: executing program 2 (id=3490): r0 = socket(0x2, 0x80805, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000280)={'ip6gre0\x00', &(0x7f00000003c0)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @private0, 0x7b11}}) 1.680704079s ago: executing program 2 (id=3491): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f00000077c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x2466512}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) ioctl(r2, 0xfffff000, 0x0) 1.550616481s ago: executing program 2 (id=3492): r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000000200)='.\x00', 0x22000440) mknod(&(0x7f0000000140)='./file0\x00', 0x1000, 0x0) r1 = open(&(0x7f0000000140)='./file0\x00', 0x2, 0x0) write$FUSE_IOCTL(r1, &(0x7f0000000100)={0x20}, 0x20) mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x0) open(&(0x7f00000002c0)='./bus\x00', 0x0, 0x0) r2 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) tee(r2, r3, 0x3, 0x0) 1.495822815s ago: executing program 2 (id=3493): r0 = openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe2(&(0x7f0000000040), 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) openat$cgroup_ro(r0, 0x0, 0x7a05, 0x1700) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f00000003c0)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES64=r2, @ANYBLOB="0000200000977670aef4ff3f44384471e52be1ca714109000000000000002ce3c8c3907e0a31366e605719"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, 0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_open_dev$tty20(0xc, 0x4, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222}, 0x78) 1.313568738s ago: executing program 1 (id=3495): r0 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000080)) ioctl$PAGEMAP_SCAN(r0, 0x80111500, 0x0) 1.178480608s ago: executing program 1 (id=3496): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = dup(r1) ioctl$TIOCL_SETSEL(r2, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x0, 0x0, 0x101}}) 1.175145123s ago: executing program 1 (id=3497): creat(&(0x7f0000000000)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r0, 0x4c03, 0x0) 371.465539ms ago: executing program 1 (id=3498): r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b63d25a80648c2594f90124fc60100c064001000009053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000) 267.377515ms ago: executing program 1 (id=3499): r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$binfmt_aout(r0, &(0x7f0000000380)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, 0x0) syz_open_pts(r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) close(r1) mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x10b091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000300)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x9101a, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000480)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0) mount$bind(&(0x7f0000000280)='./file0\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x2187017, 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00') sendfile(r2, r4, 0x0, 0x100800001) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x15) mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000140)=ANY=[@ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX]) 230.075255ms ago: executing program 2 (id=3500): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f00000004c0), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x8b}, [@ldst]}, &(0x7f0000003ff6)='GPL\x00', 0xa, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2}, 0x48) 153.729297ms ago: executing program 1 (id=3501): r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000000200)='.\x00', 0x22000440) mknod(&(0x7f0000000140)='./file0\x00', 0x1000, 0x0) r1 = open(&(0x7f0000000140)='./file0\x00', 0x2, 0x0) write$FUSE_IOCTL(r1, &(0x7f0000000100)={0x20}, 0x20) mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x0) open(&(0x7f00000002c0)='./bus\x00', 0x0, 0x0) r2 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) tee(r2, r3, 0x3, 0x0) 0s ago: executing program 2 (id=3502): r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r0, 0x106, 0x1, 0x0, 0xffffffffffffffff) kernel console output (not intermixed with test programs): 07194][ T5494] bridge_slave_0: left promiscuous mode [ 328.320420][ T9510] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 328.335852][ T9510] syz.1.1578: attempt to access beyond end of device [ 328.335852][ T9510] loop1: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 328.350444][ T9510] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512 [ 328.360561][ T9510] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 328.368293][ T9510] UDF-fs: Scanning with blocksize 2048 failed [ 328.375839][ T9510] syz.1.1578: attempt to access beyond end of device [ 328.375839][ T9510] loop1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 328.389887][ T9510] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 328.399709][ T9510] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512 [ 328.409366][ T9510] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 328.417117][ T9510] UDF-fs: Scanning with blocksize 4096 failed [ 328.424500][ T9510] UDF-fs: warning (device loop1): udf_fill_super: No partition found (1) [ 328.437515][ T5494] bridge0: port 1(bridge_slave_0) entered disabled state [ 330.891877][ T5494] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 330.943817][ T5494] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 331.027476][ T5494] bond0 (unregistering): Released all slaves [ 331.109206][ T9515] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1582'. [ 331.527127][ T29] audit: type=1326 audit(1720317382.135:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9524 comm="syz.1.1585" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5711975bd9 code=0x0 [ 331.586855][ T9518] bridge0: port 3(syz_tun) entered blocking state [ 331.604799][ T9518] bridge0: port 3(syz_tun) entered disabled state [ 331.616354][ T9518] syz_tun: entered allmulticast mode [ 331.651845][ T9518] syz_tun: entered promiscuous mode [ 331.691459][ T9518] bridge0: port 3(syz_tun) entered blocking state [ 331.699389][ T9518] bridge0: port 3(syz_tun) entered forwarding state [ 332.418621][ T785] libceph: connect (1)[c::]:6789 error -101 [ 332.490474][ T785] libceph: mon0 (1)[c::]:6789 connect error [ 332.533599][ T9531] ceph: No mds server is up or the cluster is laggy [ 332.823114][ T9526] netlink: 'syz.1.1585': attribute type 3 has an invalid length. [ 332.885744][ T9257] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 333.035953][ T5494] hsr_slave_0: left promiscuous mode [ 333.060994][ T5494] hsr_slave_1: left promiscuous mode [ 333.073032][ T9542] Bluetooth: MGMT ver 1.22 [ 333.080869][ T5494] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 333.110738][ T5494] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 333.122047][ T5494] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 333.137962][ T5494] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 333.220862][ T5494] veth1_macvtap: left promiscuous mode [ 333.231439][ T5494] veth0_macvtap: left promiscuous mode [ 333.247469][ T5494] veth1_vlan: left promiscuous mode [ 333.259282][ T5494] veth0_vlan: left promiscuous mode [ 334.417146][ T5494] team0 (unregistering): Port device team_slave_1 removed [ 334.468958][ T5494] team0 (unregistering): Port device team_slave_0 removed [ 335.691374][ T9564] ceph: No mds server is up or the cluster is laggy [ 335.936826][ T9548] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1588'. [ 336.010524][ T9245] veth0_vlan: entered promiscuous mode [ 336.095596][ T9245] veth1_vlan: entered promiscuous mode [ 336.102667][ T9571] Process accounting resumed [ 336.128017][ T5085] Bluetooth: hci3: Malformed HCI Event [ 336.144330][ T5085] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 336.227474][ T9257] veth0_vlan: entered promiscuous mode [ 336.320622][ T9257] veth1_vlan: entered promiscuous mode [ 336.346304][ T9245] veth0_macvtap: entered promiscuous mode [ 336.386601][ T9245] veth1_macvtap: entered promiscuous mode [ 336.487233][ T9257] veth0_macvtap: entered promiscuous mode [ 336.509904][ T9245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 336.548818][ T9245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.566752][ T9245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 336.589258][ T9245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.600571][ T9245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 336.620583][ T9245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.630693][ T9245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 336.650934][ T9245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.663457][ T9245] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 336.675886][ T9245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 336.707695][ T9245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.727915][ T9245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 336.758976][ T9245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.797296][ T9245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 336.822298][ T9245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.851907][ T9245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 336.882100][ T9245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.902301][ T9245] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 336.953563][ T5094] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 336.976630][ T5094] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 337.144447][ T5094] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 337.167180][ T5094] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 337.178360][ T5094] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 337.187163][ T5094] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 337.326432][ T9257] veth1_macvtap: entered promiscuous mode [ 337.558325][ T9245] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 337.679188][ T9245] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 337.714669][ T9245] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 337.723729][ T9245] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 338.010638][ T9257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 338.097874][ T9257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 338.118059][ T9257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 338.128795][ T9257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 338.138733][ T9257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 338.156261][ T9257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 338.168849][ T9257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 338.179715][ T9257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 338.192566][ T9257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 338.208699][ T9257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 338.232415][ T9257] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 338.383249][ T9257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 338.438417][ T9257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 338.462603][ T9257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 338.473514][ T9257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 338.493517][ T9257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 338.507698][ T9257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 338.528204][ T9257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 338.688454][ T9257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 338.797219][ T9257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 338.878499][ T9257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 338.941438][ T5135] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 339.304479][ T5094] Bluetooth: hci2: command tx timeout [ 339.324979][ T9257] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 339.400892][ T9257] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 339.424239][ T9257] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 339.433334][ T9257] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 339.442567][ T9257] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 339.491346][ T5135] usb 4-1: Using ep0 maxpacket: 16 [ 339.520903][ T5135] usb 4-1: New USB device found, idVendor=1943, idProduct=2250, bcdDevice= 0.01 [ 339.551266][ T5135] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 339.567949][ T5494] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 339.585852][ T5135] usb 4-1: Product: syz [ 339.603215][ T5135] usb 4-1: Manufacturer: syz [ 339.622238][ T5135] usb 4-1: SerialNumber: syz [ 339.624301][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 339.633743][ T5135] usb 4-1: config 0 descriptor?? [ 339.652378][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 339.676422][ T5135] go7007 4-1:0.0: Sensoray 2250 found [ 339.708992][ T5135] go7007 4-1:0.0: probe with driver go7007 failed with error -12 [ 339.739782][ T5494] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 339.910428][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 339.942908][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 340.030104][ T9612] tmpfs: Unknown parameter 'N' [ 340.066796][ T5494] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 340.223316][ T5494] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 340.316049][ T9585] chnl_net:caif_netlink_parms(): no params data found [ 340.881494][ T5678] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 340.881519][ T5678] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 341.344573][ T5094] Bluetooth: hci2: command tx timeout [ 341.777088][ T5172] usb 4-1: USB disconnect, device number 16 [ 341.943386][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 341.943413][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 341.974882][ T5494] bridge_slave_1: left allmulticast mode [ 341.974914][ T5494] bridge_slave_1: left promiscuous mode [ 341.975195][ T5494] bridge0: port 2(bridge_slave_1) entered disabled state [ 341.978062][ T5494] bridge_slave_0: left allmulticast mode [ 341.978098][ T5494] bridge_slave_0: left promiscuous mode [ 341.978290][ T5494] bridge0: port 1(bridge_slave_0) entered disabled state [ 342.944316][ T9645] capability: warning: `syz.4.1621' uses 32-bit capabilities (legacy support in use) [ 343.100248][ T9646] program syz.4.1621 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 343.421579][ T5094] Bluetooth: hci2: command tx timeout [ 343.566541][ T5494] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 343.599448][ T5494] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 343.619615][ T5494] bond0 (unregistering): Released all slaves [ 343.644866][ T9585] bridge0: port 1(bridge_slave_0) entered blocking state [ 343.652486][ T9585] bridge0: port 1(bridge_slave_0) entered disabled state [ 343.659846][ T9585] bridge_slave_0: entered allmulticast mode [ 343.673353][ T9585] bridge_slave_0: entered promiscuous mode [ 343.682659][ T9585] bridge0: port 2(bridge_slave_1) entered blocking state [ 343.689975][ T9585] bridge0: port 2(bridge_slave_1) entered disabled state [ 343.710856][ T9585] bridge_slave_1: entered allmulticast mode [ 343.720547][ T9585] bridge_slave_1: entered promiscuous mode [ 343.784302][ T9653] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1624'. [ 343.949371][ T9656] capability: warning: `syz.0.1493' uses deprecated v2 capabilities in a way that may be insecure [ 344.043975][ T9585] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 344.133630][ T9585] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 344.543094][ T9585] team0: Port device team_slave_0 added [ 344.594812][ T5494] hsr_slave_0: left promiscuous mode [ 344.595903][ T5494] hsr_slave_1: left promiscuous mode [ 344.597297][ T5494] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 344.597351][ T5494] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 344.602169][ T5494] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 344.602204][ T5494] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 344.656439][ T5494] veth1_macvtap: left promiscuous mode [ 344.656535][ T5494] veth0_macvtap: left promiscuous mode [ 344.656741][ T5494] veth1_vlan: left promiscuous mode [ 344.656891][ T5494] veth0_vlan: left promiscuous mode [ 345.492855][ T5094] Bluetooth: hci2: command tx timeout [ 345.979730][ T5494] team0 (unregistering): Port device team_slave_1 removed [ 346.020127][ T9685] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1636'. [ 346.086671][ T5494] team0 (unregistering): Port device team_slave_0 removed [ 346.845117][ T9585] team0: Port device team_slave_1 added [ 347.040216][ T9585] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 347.058813][ T9585] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 347.109007][ T9585] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 347.139418][ T9701] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1643'. [ 347.185716][ T9585] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 347.205090][ T9585] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 347.250734][ T9705] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 347.267515][ T9585] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 347.299719][ T9702] bond0: entered promiscuous mode [ 347.330120][ T9702] bond_slave_0: entered promiscuous mode [ 347.373058][ T9702] bond_slave_1: entered promiscuous mode [ 347.388868][ T9702] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 347.433360][ T9702] bond0: left promiscuous mode [ 347.443789][ T9702] bond_slave_0: left promiscuous mode [ 347.468647][ T9702] bond_slave_1: left promiscuous mode [ 347.745336][ T9709] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1646'. [ 348.526683][ T9585] hsr_slave_0: entered promiscuous mode [ 348.588853][ T9585] hsr_slave_1: entered promiscuous mode [ 348.639129][ T9585] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 348.671238][ T9585] Cannot create hsr debugfs directory [ 349.060005][ T9736] xt_cgroup: invalid path, errno=-2 [ 349.412416][ T9741] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1659'. [ 349.511508][ T9750] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1661'. [ 349.712563][ T9764] binder: 9763:9764 ioctl 4018620d 0 returned -22 [ 349.720191][ T9764] binder: 9763:9764 ioctl c0306201 20000380 returned -11 [ 349.777458][ T9764] block device autoloading is deprecated and will be removed. [ 349.817229][ T9764] bio_check_eod: 2 callbacks suppressed [ 349.817254][ T9764] syz.2.1666: attempt to access beyond end of device [ 349.817254][ T9764] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 349.924314][ T9585] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 349.960328][ T9585] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 349.985222][ T9585] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 350.015242][ T9585] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 350.336275][ T9585] 8021q: adding VLAN 0 to HW filter on device bond0 [ 350.388651][ T9585] 8021q: adding VLAN 0 to HW filter on device team0 [ 350.427503][ T785] bridge0: port 1(bridge_slave_0) entered blocking state [ 350.434768][ T785] bridge0: port 1(bridge_slave_0) entered forwarding state [ 350.502054][ T785] bridge0: port 2(bridge_slave_1) entered blocking state [ 350.509266][ T785] bridge0: port 2(bridge_slave_1) entered forwarding state [ 350.834568][ T9585] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 351.306398][ T9585] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 351.475206][ T9585] veth0_vlan: entered promiscuous mode [ 351.508969][ T9585] veth1_vlan: entered promiscuous mode [ 351.822736][ T9585] veth0_macvtap: entered promiscuous mode [ 351.875079][ T9585] veth1_macvtap: entered promiscuous mode [ 352.024089][ T9585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 352.073352][ T9585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 352.335229][ T9585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 352.349326][ T9585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 352.368303][ T9820] ipt_rpfilter: unknown options [ 352.381229][ T9585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 352.700691][ T9585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 352.819198][ T9585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 352.933776][ T9585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 352.981454][ T9585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 353.019954][ T9585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 353.080124][ T9585] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 353.135640][ T9585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 353.193123][ T9585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 353.221560][ T9585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 353.243633][ T9585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 353.253900][ T9585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 353.264771][ T9585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 353.274717][ T9585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 353.285404][ T9585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 353.296399][ T9585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 353.307185][ T9585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 353.319365][ T9585] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 353.454510][ T9585] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 353.469769][ T9585] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 353.481553][ T9585] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 353.490569][ T9585] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 353.800546][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 353.829398][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 353.928142][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 353.947877][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 354.440784][ T9854] ipt_rpfilter: unknown options [ 354.882011][ T9866] cgroup: Unknown subsys name 'fowner>00000000000000016384' [ 354.895220][ T9866] netlink: 'syz.4.1701': attribute type 1 has an invalid length. [ 356.167912][ T9872] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1704'. [ 356.455218][ T9875] syz.1.1602: attempt to access beyond end of device [ 356.455218][ T9875] loop1: rw=0, sector=64, nr_sectors = 1 limit=0 [ 356.509721][ T5172] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 356.550970][ T9875] syz.1.1602: attempt to access beyond end of device [ 356.550970][ T9875] loop1: rw=0, sector=256, nr_sectors = 1 limit=0 [ 356.608607][ T9875] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 356.626609][ T9875] syz.1.1602: attempt to access beyond end of device [ 356.626609][ T9875] loop1: rw=0, sector=512, nr_sectors = 1 limit=0 [ 356.640617][ T9875] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512 [ 356.651633][ T9875] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 356.659447][ T9875] UDF-fs: Scanning with blocksize 512 failed [ 356.914012][ T9875] syz.1.1602: attempt to access beyond end of device [ 356.914012][ T9875] loop1: rw=0, sector=64, nr_sectors = 2 limit=0 [ 357.198495][ T9875] syz.1.1602: attempt to access beyond end of device [ 357.198495][ T9875] loop1: rw=0, sector=512, nr_sectors = 2 limit=0 [ 357.276565][ T9875] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 357.329941][ T9875] syz.1.1602: attempt to access beyond end of device [ 357.329941][ T9875] loop1: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 357.389534][ T9875] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512 [ 357.435218][ T9875] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 357.444500][ T9875] UDF-fs: Scanning with blocksize 1024 failed [ 357.451489][ T9875] syz.1.1602: attempt to access beyond end of device [ 357.451489][ T9875] loop1: rw=0, sector=64, nr_sectors = 4 limit=0 [ 357.472043][ T9875] syz.1.1602: attempt to access beyond end of device [ 357.472043][ T9875] loop1: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 357.485212][ T9875] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 357.495750][ T9875] syz.1.1602: attempt to access beyond end of device [ 357.495750][ T9875] loop1: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 357.508055][ T9900] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1714'. [ 357.518303][ T9875] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512 [ 357.528396][ T9900] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1714'. [ 357.541428][ T5172] usb 5-1: Using ep0 maxpacket: 32 [ 357.554265][ T9875] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 357.571263][ T5172] usb 5-1: config 1 interface 0 has no altsetting 0 [ 357.589931][ T9875] UDF-fs: Scanning with blocksize 2048 failed [ 357.598490][ T5172] usb 5-1: New USB device found, idVendor=0925, idProduct=8888, bcdDevice= 0.40 [ 357.612261][ T9875] syz.1.1602: attempt to access beyond end of device [ 357.612261][ T9875] loop1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 357.629943][ T5172] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 357.649826][ T5172] usb 5-1: Product: Ц [ 357.659498][ T9875] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 357.711146][ T5172] usb 5-1: Manufacturer: 㡘 [ 357.720773][ T5172] usb 5-1: SerialNumber: щ [ 357.725797][ T9875] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512 [ 357.738963][ T9875] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 357.750108][ T5172] usb 5-1: can't set config #1, error -71 [ 357.759293][ T5172] usb 5-1: USB disconnect, device number 11 [ 357.770053][ T9875] UDF-fs: Scanning with blocksize 4096 failed [ 357.790485][ T9875] UDF-fs: warning (device loop1): udf_fill_super: No partition found (1) [ 358.056207][ T9919] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1722'. [ 358.397994][ T9932] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1728'. [ 358.425166][ T9932] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1728'. [ 358.675767][ T9942] cgroup: Unknown subsys name 'fowner>00000000000000016384' [ 358.686763][ T9942] netlink: 'syz.4.1730': attribute type 1 has an invalid length. [ 359.504726][ T9] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 359.741221][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 359.763210][ T9] usb 5-1: config 1 interface 0 has no altsetting 0 [ 359.791518][ T9] usb 5-1: New USB device found, idVendor=0925, idProduct=8888, bcdDevice= 0.40 [ 359.800633][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 359.829415][ T9] usb 5-1: Product: Ц [ 359.843578][ T9] usb 5-1: Manufacturer: 㡘 [ 359.899772][ T9] usb 5-1: SerialNumber: щ [ 360.682395][ T9974] mmap: syz.1.1745 (9974): VmData 54161408 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 365.621472][ T9] usbhid 5-1:1.0: can't add hid device: -71 [ 365.772430][ T9] usbhid 5-1:1.0: probe with driver usbhid failed with error -71 [ 365.783568][ T9] usb 5-1: USB disconnect, device number 12 [ 366.184140][T10013] MTD: Couldn't look up './file0': -15 [ 370.044478][T10059] input: syz0 as /devices/virtual/input/input15 [ 370.393927][T10075] netlink: 188 bytes leftover after parsing attributes in process `syz.4.1780'. [ 370.418908][T10075] netlink: 'syz.4.1780': attribute type 1 has an invalid length. [ 370.491545][ T5139] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 370.695891][ T5139] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 255, changing to 11 [ 370.717449][ T5139] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 370.742442][ T5139] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 370.778448][ T5139] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 370.806264][ T5139] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 370.849112][ T5139] usb 2-1: config 0 descriptor?? [ 370.877518][T10068] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 371.053431][T10087] sp0: Synchronizing with TNC [ 371.327694][ T5139] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 371.370034][ T5139] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 371.431171][ T5139] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 371.461605][ T5139] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 371.469080][ T5139] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 371.533460][ T5139] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 371.566499][ T5139] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving [ 371.605537][ T5139] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 371.644894][ T5139] usb 2-1: USB disconnect, device number 11 [ 372.763566][T10112] netlink: 188 bytes leftover after parsing attributes in process `syz.0.1792'. [ 372.795485][T10112] netlink: 'syz.0.1792': attribute type 1 has an invalid length. [ 373.016653][ T5094] Bluetooth: hci1: unexpected event 0x04 length: 11 > 10 [ 373.045627][T10098] bridge0: port 3(syz_tun) entered disabled state [ 373.137116][T10098] bridge0: port 2(bridge_slave_1) entered disabled state [ 373.146127][T10098] bridge0: port 1(bridge_slave_0) entered disabled state [ 374.870747][T10098] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 374.954100][T10098] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 375.091239][ T5094] Bluetooth: hci1: command tx timeout [ 375.318778][T10098] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 375.338885][T10098] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 375.351865][T10098] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 375.361655][T10098] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 375.974504][ T5094] Bluetooth: hci3: command 0x0406 tx timeout [ 376.538789][T10206] fuse: Unknown parameter '0xffffffffffffffff' [ 377.800431][T10217] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.1828'. [ 378.161198][T10164] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 378.261908][T10209] bridge0: port 2(bridge_slave_1) entered disabled state [ 378.269795][T10209] bridge0: port 1(bridge_slave_0) entered disabled state [ 378.370983][T10164] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 378.393402][T10164] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 378.413219][T10164] usb 3-1: config 0 descriptor?? [ 378.428007][T10164] cp210x 3-1:0.0: cp210x converter detected [ 378.836304][T10220] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 378.851853][T10220] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 379.014839][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.021713][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.117706][ T5085] Bluetooth: hci3: unknown advertising packet type: 0x34 [ 379.117833][ T5085] Bluetooth: hci3: unknown advertising packet type: 0x35 [ 379.118855][T10236] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 379.228182][T10236] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 379.646372][T10209] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 379.759279][T10209] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 380.098829][T10209] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 380.115894][T10209] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 380.125128][T10209] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 380.135269][T10209] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 380.451899][T10164] cp210x 3-1:0.0: failed to get vendor val 0x3711 size 2: -71 [ 380.460660][T10164] cp210x 3-1:0.0: GPIO initialisation failed: -71 [ 380.504827][T10164] usb 3-1: cp210x converter now attached to ttyUSB0 [ 380.537863][T10164] usb 3-1: USB disconnect, device number 11 [ 380.563026][T10164] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 380.589308][T10251] cgroup: noprefix used incorrectly [ 380.595695][T10164] cp210x 3-1:0.0: device disconnected [ 382.062961][T10280] netlink: 'syz.4.1852': attribute type 37 has an invalid length. [ 382.262254][T10280] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1852'. [ 382.529989][T10294] netlink: 'syz.4.1858': attribute type 5 has an invalid length. [ 382.851406][ T5094] Bluetooth: hci1: command 0x0406 tx timeout [ 382.935929][T10312] cgroup: noprefix used incorrectly [ 382.995365][T10316] xt_NFQUEUE: number of total queues is 0 [ 383.942023][ T5085] Bluetooth: hci1: ISO packet for unknown connection handle 200 [ 384.109712][T10345] xt_NFQUEUE: number of total queues is 0 [ 384.123978][T10344] vlan2: entered promiscuous mode [ 384.129201][T10344] dummy0: entered promiscuous mode [ 384.145382][T10344] vlan2: entered allmulticast mode [ 384.150659][T10344] dummy0: entered allmulticast mode [ 384.179948][T10335] futex_wake_op: syz.3.1877 tries to shift op by -1; fix this program [ 384.216514][T10344] dummy0: left allmulticast mode [ 384.233089][T10344] dummy0: left promiscuous mode [ 384.651440][T10133] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 384.775608][T10373] xt_NFQUEUE: number of total queues is 0 [ 384.857675][T10133] usb 2-1: Using ep0 maxpacket: 8 [ 384.878510][T10133] usb 2-1: New USB device found, idVendor=046d, idProduct=0850, bcdDevice=6b.da [ 384.898526][T10133] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 385.081393][ T5085] Bluetooth: hci1: command 0x0406 tx timeout [ 385.171292][ T5085] Bluetooth: hci2: command 0x0406 tx timeout [ 385.622169][T10133] usb 2-1: config 0 descriptor?? [ 385.873798][ T5085] Bluetooth: hci3: unexpected event for opcode 0x2060 [ 386.046783][T10382] usb usb9: usbfs: interface 0 claimed by hub while 'syz.1.1882' sets config #0 [ 386.061489][ T5167] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 386.189500][T10133] usb 2-1: string descriptor 0 read error: -71 [ 386.210485][T10133] gspca_main: STV06xx-2.14.0 probing 046d:0850 [ 386.228908][T10133] usb 2-1: unknown interface protocol 0xe6, assuming v1 [ 386.237766][T10133] usb 2-1: cannot find UAC_HEADER [ 386.264584][ T5167] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 386.287890][ T5167] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 386.302824][T10133] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 386.304905][ T5167] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 386.324975][ T5167] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 386.364321][T10133] usb 2-1: USB disconnect, device number 12 [ 386.370177][ T5167] usb 4-1: config 0 descriptor?? [ 387.251346][T10133] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 387.441180][T10133] usb 2-1: Using ep0 maxpacket: 32 [ 387.448840][T10133] usb 2-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91 [ 387.461568][T10133] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 387.479150][T10133] usb 2-1: config 0 descriptor?? [ 387.491825][T10133] gspca_main: sunplus-2.14.0 probing 0458:7006 [ 387.822043][ T5085] Bluetooth: hci2: command 0x0406 tx timeout [ 387.862896][T10130] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 388.069692][T10130] usb 3-1: New USB device found, idVendor=03eb, idProduct=21fe, bcdDevice=e4.5a [ 388.085718][T10130] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 388.098803][T10130] usb 3-1: Product: syz [ 388.104580][T10130] usb 3-1: Manufacturer: syz [ 388.112809][T10130] usb 3-1: SerialNumber: syz [ 388.127487][T10130] usb 3-1: config 0 descriptor?? [ 388.140045][T10130] igorplugusb 3-1:0.0: incorrect number of endpoints [ 388.391369][ T5142] usb 3-1: USB disconnect, device number 12 [ 388.411917][T10405] xt_NFQUEUE: number of total queues is 0 [ 388.474946][T10407] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1904'. [ 388.691288][ T5167] usb 4-1: string descriptor 0 read error: -71 [ 388.711880][ T5167] uclogic 0003:256C:006D.000A: failed retrieving string descriptor #200: -71 [ 388.720805][ T5167] uclogic 0003:256C:006D.000A: failed retrieving pen parameters: -71 [ 388.747939][ T5167] uclogic 0003:256C:006D.000A: failed probing pen v2 parameters: -71 [ 388.767059][ T5167] uclogic 0003:256C:006D.000A: failed probing parameters: -71 [ 388.784937][ T5167] uclogic 0003:256C:006D.000A: probe with driver uclogic failed with error -71 [ 388.822489][ T5167] usb 4-1: USB disconnect, device number 17 [ 389.153580][T10431] xt_NFQUEUE: number of total queues is 0 [ 389.167407][T10133] usb 2-1: USB disconnect, device number 13 [ 392.599285][T10521] overlayfs: failed to resolve './file0': -2 [ 394.766369][T10569] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 395.445082][T10569] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 396.681263][T10133] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 396.885659][T10133] usb 4-1: Using ep0 maxpacket: 32 [ 396.887377][T10610] netlink: 'syz.4.1984': attribute type 4 has an invalid length. [ 396.909356][T10133] usb 4-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91 [ 396.927795][T10133] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 396.954510][T10133] usb 4-1: config 0 descriptor?? [ 396.964692][T10133] gspca_main: sunplus-2.14.0 probing 0458:7006 [ 397.229808][ T5094] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 398.651398][T10130] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 398.831815][T10130] usb 3-1: Using ep0 maxpacket: 32 [ 399.139672][T10130] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 400.582882][ T5167] usb 4-1: USB disconnect, device number 18 [ 400.821864][T10130] usb 3-1: string descriptor 0 read error: -71 [ 400.828275][T10130] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=a6.13 [ 400.845371][T10130] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 400.869165][T10130] usb 3-1: config 0 descriptor?? [ 400.875984][T10130] usb 3-1: can't set config #0, error -71 [ 400.889434][T10130] usb 3-1: USB disconnect, device number 13 [ 400.931291][ T5094] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 400.940118][ T5094] Bluetooth: hci0: Injecting HCI hardware error event [ 400.951248][ T5094] Bluetooth: hci0: hardware error 0x00 [ 401.044455][T10663] tipc: Started in network mode [ 401.053969][T10663] tipc: Node identity ff010000000000000000000000000001, cluster identity 4711 [ 401.106379][T10663] tipc: Enabling of bearer rejected, failed to enable media [ 403.135927][ T5094] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 403.543872][T10697] tipc: Enabling of bearer rejected, failed to enable media [ 404.382531][T10708] netlink: 'syz.2.2019': attribute type 4 has an invalid length. [ 404.427745][T10708] netlink: 'syz.2.2019': attribute type 4 has an invalid length. [ 404.468250][T10708] netlink: 126008 bytes leftover after parsing attributes in process `syz.2.2019'. [ 404.929641][T10723] syzkaller0: entered promiscuous mode [ 404.956576][T10723] syzkaller0: entered allmulticast mode [ 406.118594][T10742] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 64993 [ 406.185440][T10138] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 406.403830][T10138] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 406.421111][T10138] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 406.435390][T10138] usb 2-1: config 0 descriptor?? [ 406.651281][T10164] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 406.861239][T10164] usb 5-1: Using ep0 maxpacket: 8 [ 406.879463][T10164] usb 5-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=28.d4 [ 406.886202][T10138] usb 2-1: Cannot set MAC address [ 406.896402][T10164] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 406.906546][T10138] MOSCHIP usb-ethernet driver 2-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 406.926996][T10164] usb 5-1: Product: syz [ 406.947445][T10164] usb 5-1: Manufacturer: syz [ 406.961118][T10164] usb 5-1: SerialNumber: syz [ 406.970631][T10138] usb 2-1: USB disconnect, device number 14 [ 406.973746][T10164] usb 5-1: config 0 descriptor?? [ 406.985029][T10164] pn533_usb 5-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint [ 408.075513][T10130] usb 5-1: USB disconnect, device number 13 [ 408.233895][T10798] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2052'. [ 409.977472][T10830] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2064'. [ 411.230797][T10842] tmpfs: Bad value for 'nr_blocks' [ 412.725259][T10893] netlink: 'syz.2.2091': attribute type 8 has an invalid length. [ 413.382396][T10916] xt_CT: You must specify a L4 protocol and not use inversions on it [ 413.394206][T10912] xt_CT: No such helper "pptp" [ 413.666911][T10929] netlink: 'syz.2.2104': attribute type 8 has an invalid length. [ 414.022285][T10948] No control pipe specified [ 414.069019][T10950] netlink: 'syz.4.2113': attribute type 4 has an invalid length. [ 414.095513][T10950] netlink: 'syz.4.2113': attribute type 4 has an invalid length. [ 414.125486][T10950] netlink: 126008 bytes leftover after parsing attributes in process `syz.4.2113'. [ 414.230097][T10960] xt_CT: You must specify a L4 protocol and not use inversions on it [ 414.291940][T10954] xt_CT: No such helper "pptp" [ 414.474428][T10973] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 415.305861][T10999] QAT: Device 0 not found [ 417.680772][T11003] netlink: 'syz.1.2127': attribute type 7 has an invalid length. [ 417.688630][T11003] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2127'. [ 417.708469][T11003] netlink: 'syz.1.2127': attribute type 3 has an invalid length. [ 417.716482][T11003] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2127'. [ 418.273862][T11017] netlink: 'syz.2.2132': attribute type 1 has an invalid length. [ 418.443461][T11023] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 418.453041][T11023] bond1: (slave batadv1): Enslaving as a backup interface with an up link [ 418.560828][T11017] bond1 (unregistering): (slave batadv1): Releasing backup interface [ 418.616170][T11017] bond1 (unregistering): Released all slaves [ 418.768090][T11039] xt_CT: You must specify a L4 protocol and not use inversions on it [ 418.811714][T11032] xt_CT: No such helper "pptp" [ 419.510257][T11064] TCP: request_sock_TCP: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies. [ 422.804603][T11152] netlink: 'syz.1.2184': attribute type 7 has an invalid length. [ 422.812710][T11152] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2184'. [ 422.832593][T11152] netlink: 'syz.1.2184': attribute type 3 has an invalid length. [ 422.840412][T11152] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2184'. [ 422.933619][ T5142] kernel read not supported for file /rfkill (pid: 5142 comm: kworker/1:5) [ 424.169586][T11175] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2194'. [ 424.209896][T11175] netlink: 43 bytes leftover after parsing attributes in process `syz.0.2194'. [ 424.240373][ T5167] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 424.255201][T11175] netlink: 'syz.0.2194': attribute type 5 has an invalid length. [ 424.263615][T11175] netlink: 43 bytes leftover after parsing attributes in process `syz.0.2194'. [ 424.487062][ T5167] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 424.760839][ T5167] usb 5-1: New USB device found, idVendor=22b8, idProduct=4b48, bcdDevice=3f.f0 [ 425.011402][ T5167] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 425.070156][ T5167] usb 5-1: Product: syz [ 425.085547][ T5167] usb 5-1: Manufacturer: syz [ 425.090204][ T5167] usb 5-1: SerialNumber: syz [ 425.183368][ T5167] usb 5-1: config 0 descriptor?? [ 425.221612][ T5167] qmi_wwan 5-1:0.0: More than one union descriptor, skipping ... [ 425.261096][ T5167] qmi_wwan 5-1:0.0: probe with driver qmi_wwan failed with error -22 [ 425.496787][ T5167] usb 5-1: USB disconnect, device number 14 [ 428.240483][T11258] binder: 11257:11258 ioctl c018620c 200005c0 returned -22 [ 429.778007][T11291] binder: 11290:11291 ioctl c018620c 200005c0 returned -22 [ 430.021250][T10133] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 430.160115][ T29] audit: type=1800 audit(1720317480.765:201): pid=11301 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.2243" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0 [ 430.221517][T10133] usb 5-1: Using ep0 maxpacket: 16 [ 430.237043][T10133] usb 5-1: New USB device found, idVendor=0763, idProduct=1021, bcdDevice=48.e9 [ 430.256530][T10133] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 430.285178][T10133] usb 5-1: Product: syz [ 430.309821][T10133] usb 5-1: Manufacturer: syz [ 430.331326][T10133] usb 5-1: SerialNumber: syz [ 430.349605][T10133] usb 5-1: config 0 descriptor?? [ 430.450869][T10133] snd-usb-audio 5-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 430.632318][ T5167] usb 5-1: USB disconnect, device number 15 [ 430.883872][T11321] binder: 11320:11321 ioctl c018620c 200005c0 returned -22 [ 431.057389][ T5094] Bluetooth: hci3: unexpected event for opcode 0x0000 [ 431.958974][T11332] netlink: 'syz.3.2254': attribute type 1 has an invalid length. [ 432.341880][T11352] binder: 11351:11352 ioctl c018620c 200005c0 returned -22 [ 432.730863][ T29] audit: type=1800 audit(1720317483.335:202): pid=11360 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.2265" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0 [ 432.941311][T11365] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2266'. [ 432.959010][T11366] netlink: 'syz.4.2267': attribute type 1 has an invalid length. [ 433.107170][T11370] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 433.389114][T11381] binder: 11379:11381 ioctl c018620c 200005c0 returned -22 [ 433.466235][T11386] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.2276'. [ 433.499370][T11386] openvswitch: netlink: Geneve option length err (len 3060, max 255). [ 433.691132][ T29] audit: type=1326 audit(1720317484.295:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11394 comm="syz.1.2280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaadb75bd9 code=0x7ffc0000 [ 433.769376][ T29] audit: type=1326 audit(1720317484.295:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11394 comm="syz.1.2280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaadb75bd9 code=0x7ffc0000 [ 433.790937][ C1] vkms_vblank_simulate: vblank timer overrun [ 433.852122][ T29] audit: type=1326 audit(1720317484.335:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11394 comm="syz.1.2280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=172 compat=0 ip=0x7ffaadb75bd9 code=0x7ffc0000 [ 433.873694][ C1] vkms_vblank_simulate: vblank timer overrun [ 433.951596][ T29] audit: type=1326 audit(1720317484.335:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11394 comm="syz.1.2280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaadb75bd9 code=0x7ffc0000 [ 433.973192][ C1] vkms_vblank_simulate: vblank timer overrun [ 434.027028][T11405] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2283'. [ 434.047255][ T29] audit: type=1326 audit(1720317484.335:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11394 comm="syz.1.2280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaadb75bd9 code=0x7ffc0000 [ 434.677088][ T29] audit: type=1326 audit(1720317485.285:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11422 comm="syz.1.2292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaadb75bd9 code=0x7ffc0000 [ 434.717497][ T29] audit: type=1326 audit(1720317485.285:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11422 comm="syz.1.2292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaadb75bd9 code=0x7ffc0000 [ 434.739096][ C1] vkms_vblank_simulate: vblank timer overrun [ 435.139075][ T29] audit: type=1326 audit(1720317485.315:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11422 comm="syz.1.2292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=172 compat=0 ip=0x7ffaadb75bd9 code=0x7ffc0000 [ 435.591162][ T29] audit: type=1326 audit(1720317485.315:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11422 comm="syz.1.2292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaadb75bd9 code=0x7ffc0000 [ 435.620448][T11429] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 435.630850][T11429] team0: Port device batadv0 added [ 435.638006][ T29] audit: type=1326 audit(1720317485.315:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11422 comm="syz.1.2292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaadb75bd9 code=0x7ffc0000 [ 435.679530][T11432] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 436.031375][ T5142] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 436.209658][T10133] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 436.429398][T10133] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 436.517161][T10133] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 436.764646][T10133] usb 3-1: config 0 descriptor?? [ 436.788536][T10133] cp210x 3-1:0.0: cp210x converter detected [ 437.059404][ T5142] usb 5-1: config 0 has no interfaces? [ 437.079386][ T5142] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 437.094506][ T5142] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 437.110291][ T5142] usb 5-1: config 0 descriptor?? [ 437.182415][T10133] cp210x 3-1:0.0: failed to get vendor val 0x0010 size 3: -71 [ 437.196153][T10133] cp210x 3-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 437.206490][T10133] cp210x 3-1:0.0: GPIO initialisation failed: -71 [ 437.232163][T10133] usb 3-1: cp210x converter now attached to ttyUSB0 [ 437.269619][T10133] usb 3-1: USB disconnect, device number 14 [ 437.296912][T10133] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 437.341617][T10133] cp210x 3-1:0.0: device disconnected [ 437.504563][ T5085] Bluetooth: hci5: command 0x0406 tx timeout [ 437.554556][T11437] batadv0: entered promiscuous mode [ 437.568629][T11437] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 437.634510][T11437] team0: Device macvlan2 is up. Set it down before adding it as a team port [ 437.686221][T11437] batadv0: left promiscuous mode [ 437.777128][T11457] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2303'. [ 437.814808][T11457] veth1_macvtap: left promiscuous mode [ 437.820445][T11457] macsec0: entered promiscuous mode [ 437.836131][ T9] usb 5-1: USB disconnect, device number 16 [ 437.853880][T11457] macsec0: entered allmulticast mode [ 437.920282][T11458] veth1_macvtap: entered promiscuous mode [ 437.961332][T11458] veth1_macvtap: entered allmulticast mode [ 437.982176][T11458] macsec0: left promiscuous mode [ 438.274778][T11475] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 438.286471][T11477] overlay: Unknown parameter '\dev/input/event#' [ 439.524764][T11505] overlay: Unknown parameter '\dev/input/event#' [ 439.553822][T11498] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2319'. [ 439.601561][T11498] veth1_macvtap: left allmulticast mode [ 439.621511][T11498] veth1_macvtap: left promiscuous mode [ 439.627094][T11498] macsec0: entered promiscuous mode [ 439.693482][T11506] veth1_macvtap: entered promiscuous mode [ 439.713562][T11506] veth1_macvtap: entered allmulticast mode [ 439.740450][T11506] macsec0: left promiscuous mode [ 440.271002][T11540] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2333'. [ 440.461954][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.470026][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.600645][T11573] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2347'. [ 441.711741][T11563] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2341'. [ 441.725736][T11563] macsec0: entered promiscuous mode [ 441.740532][T11563] macsec0: entered allmulticast mode [ 441.760535][T11563] veth1_macvtap: entered allmulticast mode [ 441.781570][T11563] macsec0: left promiscuous mode [ 445.669930][T11653] UBIFS error (pid: 11653): cannot open "uuid=", error -22 [ 446.186557][T11679] netlink: del zone limit has 8 unknown bytes [ 449.440043][T11695] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2388'. [ 449.550018][T11693] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2387'. [ 449.581728][T11693] veth1_macvtap: left allmulticast mode [ 449.622892][T11693] veth1_macvtap: left promiscuous mode [ 449.628443][T11693] macsec0: entered promiscuous mode [ 449.670110][T11698] veth1_macvtap: entered promiscuous mode [ 449.692267][T11698] veth1_macvtap: entered allmulticast mode [ 449.721455][T11698] macsec0: left promiscuous mode [ 450.872000][T11720] UBIFS error (pid: 11720): cannot open "uuid=", error -22 [ 451.648728][T11750] UBIFS error (pid: 11750): cannot open "uuid=", error -22 [ 452.181421][T10164] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 452.811744][T10164] usb 3-1: Using ep0 maxpacket: 16 [ 452.847342][T10164] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 452.870087][T10164] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 452.894765][T10164] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 452.926024][T10164] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 452.948644][T10164] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64 [ 452.978498][T10164] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 452.997203][T10164] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 453.014972][T10164] usb 3-1: Product: syz [ 453.049989][T10164] usb 3-1: Manufacturer: syz [ 453.060044][T10164] usb 3-1: SerialNumber: syz [ 453.095095][T10164] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found [ 453.122365][T10164] cdc_ncm 3-1:1.0: bind() failure [ 453.139213][T10164] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 453.152960][T10164] cdc_ncm 3-1:1.1: bind() failure [ 453.401658][T10164] usb 3-1: USB disconnect, device number 15 [ 454.730174][T11785] netlink: del zone limit has 8 unknown bytes [ 455.420466][T11789] syz.2.2423[11789] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 455.420644][T11789] syz.2.2423[11789] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 455.496888][T11791] Unknown uid [ 455.628267][T11796] syz.1.2426[11796] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 455.628438][T11796] syz.1.2426[11796] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 456.748392][T11824] Unknown uid [ 456.828535][T11825] netlink: del zone limit has 8 unknown bytes [ 457.640108][T11831] syz.4.2438[11831] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 457.640278][T11831] syz.4.2438[11831] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 458.937148][T11850] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 459.187234][T11861] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 460.262145][T11874] syz.1.2456[11874] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 460.262328][T11874] syz.1.2456[11874] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 462.307760][T11898] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 462.492191][T11908] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request [ 462.504229][T11909] syz.4.2470[11909] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 462.504398][T11909] syz.4.2470[11909] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 462.543632][T11911] netlink: 188 bytes leftover after parsing attributes in process `syz.2.2472'. [ 463.529842][T11942] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request [ 463.554098][T11940] block nbd0: shutting down sockets [ 463.579883][T11938] block nbd0: NBD_DISCONNECT [ 463.611095][T11938] block nbd0: Send disconnect failed -32 [ 464.058412][T11971] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request [ 464.187314][T11973] xt_socket: unknown flags 0x8 [ 464.194697][T11973] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 465.338302][T11979] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2497'. [ 465.914834][T11990] sp0: Synchronizing with TNC [ 466.192900][T12004] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request [ 466.462432][T12015] vlan2: entered promiscuous mode [ 466.625210][T12026] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 466.778672][T12034] netdevsim netdevsim0 netdevsim1: Unsupported IPsec algorithm [ 467.171979][T12056] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 468.034833][T12084] netlink: 'syz.1.2544': attribute type 30 has an invalid length. [ 468.071283][T12086] input: syz1 as /devices/virtual/input/input16 [ 468.565638][ T29] audit: type=1326 audit(1720317519.175:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12087 comm="syz.0.2545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c28f75bd9 code=0x7fc00000 [ 468.686637][T12118] xt_socket: unknown flags 0x8 [ 470.562525][ T29] audit: type=1326 audit(1720317521.165:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12087 comm="syz.0.2545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0c28f75bd9 code=0x7fc00000 [ 471.232416][ T29] audit: type=1326 audit(1720317521.355:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12116 comm="syz.4.2556" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc7d6975bd9 code=0x0 [ 471.973732][T12153] dvmrp0: entered allmulticast mode [ 472.251444][ T29] audit: type=1326 audit(1720317522.795:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12148 comm="syz.4.2567" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc7d6975bd9 code=0x0 [ 473.396348][T12188] dvmrp0: entered allmulticast mode [ 475.554868][T12245] xt_socket: unknown flags 0x8 [ 476.772213][T12255] netlink: 14568 bytes leftover after parsing attributes in process `syz.1.2606'. [ 477.501175][ T9] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 477.781410][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 477.800479][ T9] usb 3-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 477.821221][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 477.851964][ T5135] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 478.750501][T12287] tty tty29: ldisc open failed (-12), clearing slot 28 [ 478.758338][T12288] tty tty1: ldisc open failed (-12), clearing slot 0 [ 478.883237][ T9] usb 3-1: config 0 descriptor?? [ 478.912847][ T9] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 478.951506][ T5135] usb 2-1: Using ep0 maxpacket: 32 [ 478.972314][ T5135] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 479.002324][ T5135] usb 2-1: New USB device found, idVendor=056a, idProduct=00c6, bcdDevice= 0.00 [ 479.021069][ T5135] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 479.053048][ T5135] usb 2-1: config 0 descriptor?? [ 479.062577][ T5135] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 480.791312][ T9] gspca_vc032x: reg_r err -71 [ 480.796168][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 480.814296][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 480.819833][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 480.825671][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 480.840238][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 480.845923][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 480.852033][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 480.879205][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 480.886175][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 480.901650][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 480.907124][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 480.913307][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 480.949984][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 480.957374][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 480.972796][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 480.978337][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 480.984223][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 480.998509][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 481.013149][ T9] gspca_vc032x: Unknown sensor... [ 481.018414][ T9] vc032x 3-1:0.0: probe with driver vc032x failed with error -22 [ 481.036991][ T9] usb 3-1: USB disconnect, device number 16 [ 482.202786][T12356] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 482.413645][T12364] xt_hashlimit: invalid rate [ 483.370820][ T5142] usb 2-1: USB disconnect, device number 15 [ 485.290748][T12394] overlayfs: failed to resolve './file1': -2 [ 485.344026][T12398] netlink: 'syz.0.2656': attribute type 2 has an invalid length. [ 488.226010][T12434] netlink: 'syz.3.2668': attribute type 2 has an invalid length. [ 488.377532][T12439] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 488.582066][T12442] binder: Bad value for 'max' [ 489.311564][T12463] netlink: 'syz.3.2680': attribute type 2 has an invalid length. [ 489.661377][ T5142] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 489.881617][ T5142] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 489.899376][ T5142] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.911736][ T5142] usb 4-1: config 0 descriptor?? [ 489.919504][ T5142] cp210x 4-1:0.0: cp210x converter detected [ 489.943097][T12470] fuse: Unknown parameter '\qE0xffffffffffffffff' [ 490.617573][T12477] evm: overlay not supported [ 491.041663][ T5142] usb 4-1: cp210x converter now attached to ttyUSB0 [ 491.281977][T10133] usb 4-1: USB disconnect, device number 19 [ 491.297698][T10133] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 491.320547][T10133] cp210x 4-1:0.0: device disconnected [ 492.097622][T12474] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2685'. [ 492.106755][T12474] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2685'. [ 492.116036][T12476] netlink: 'syz.4.2684': attribute type 21 has an invalid length. [ 492.127312][T12476] netlink: 156 bytes leftover after parsing attributes in process `syz.4.2684'. [ 492.339080][T12487] netlink: 'syz.0.2691': attribute type 2 has an invalid length. [ 492.803294][T12505] fuse: Unknown parameter '»4éœ0xffffffffffffffff' [ 493.560046][ T29] audit: type=1326 audit(1720317544.165:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12523 comm="syz.4.2706" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc7d6975bd9 code=0x0 [ 493.991445][T10133] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 494.195357][T10133] usb 4-1: Using ep0 maxpacket: 32 [ 494.213898][T10133] usb 4-1: New USB device found, idVendor=05f9, idProduct=ffff, bcdDevice=90.0e [ 494.238337][T10133] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 494.248623][T10133] usb 4-1: Product: syz [ 494.260531][T10133] usb 4-1: Manufacturer: syz [ 494.265271][T10133] usb 4-1: SerialNumber: syz [ 494.280429][T10133] usb 4-1: config 0 descriptor?? [ 494.288128][T10133] usbserial_generic 4-1:0.0: The "generic" usb-serial driver is only for testing and one-off prototypes. [ 494.300087][T10133] usbserial_generic 4-1:0.0: Tell linux-usb@vger.kernel.org to add your device to a proper driver. [ 494.310939][T10133] usbserial_generic 4-1:0.0: device has no bulk endpoints [ 494.320305][T10133] safe_serial 4-1:0.0: safe_serial converter detected [ 494.327447][T10133] safe_serial 4-1:0.0: probe with driver safe_serial failed with error -22 [ 494.501822][T10133] usb 4-1: USB disconnect, device number 20 [ 495.789603][T12561] netlink: 'syz.2.2721': attribute type 1 has an invalid length. [ 495.799203][T12561] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.2721'. [ 495.990346][T12569] netlink: 'syz.2.2725': attribute type 9 has an invalid length. [ 496.001100][T12569] netlink: 391 bytes leftover after parsing attributes in process `syz.2.2725'. [ 496.208148][T12581] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2729'. [ 496.440951][T12528] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2705'. [ 496.669899][T12594] netlink: 'syz.1.2736': attribute type 23 has an invalid length. [ 496.685828][T12594] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.2736'. [ 496.711372][ T29] audit: type=1326 audit(1720317547.315:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12590 comm="syz.2.2734" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f970e575bd9 code=0x0 [ 496.745088][T12599] xt_hashlimit: overflow, try lower: 1125899906842624/8 [ 496.887906][T12605] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2740'. [ 496.951174][T10133] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 497.236289][T10133] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 497.315190][T10133] usb 5-1: New USB device found, idVendor=fff0, idProduct=fff0, bcdDevice=39.78 [ 497.439258][T10133] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 497.540226][T10133] usb 5-1: Product: syz [ 497.629057][T10133] usb 5-1: Manufacturer: syz [ 497.692492][T10133] usb 5-1: SerialNumber: syz [ 497.842977][T10133] usb 5-1: config 0 descriptor?? [ 497.848515][T12616] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2744'. [ 497.871822][T10133] usbtest 5-1:0.0: couldn't get endpoints, -22 [ 497.887001][T10133] usbtest 5-1:0.0: probe with driver usbtest failed with error -22 [ 498.004468][T12625] netlink: 'syz.0.2748': attribute type 23 has an invalid length. [ 498.013797][T12625] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2748'. [ 498.217854][ T29] audit: type=1326 audit(1720317548.825:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12627 comm="syz.0.2749" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0c28f75bd9 code=0x0 [ 498.536872][T12643] xt_hashlimit: overflow, try lower: 1125899906842624/8 [ 499.683263][ T5167] usb 5-1: USB disconnect, device number 17 [ 501.226882][T12673] netlink: 'syz.0.2761': attribute type 21 has an invalid length. [ 501.235032][T12673] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2761'. [ 501.421842][T12675] syz.2.2763: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 501.422553][T12675] CPU: 1 PID: 12675 Comm: syz.2.2763 Not tainted 6.10.0-rc6-syzkaller-00215-g22f902dfc51e #0 [ 501.422583][T12675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 501.422603][T12675] Call Trace: [ 501.422614][T12675] [ 501.422625][T12675] dump_stack_lvl+0x241/0x360 [ 501.422674][T12675] ? __pfx_dump_stack_lvl+0x10/0x10 [ 501.422711][T12675] ? __pfx__printk+0x10/0x10 [ 501.422752][T12675] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 501.422789][T12675] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 501.422827][T12675] warn_alloc+0x278/0x410 [ 501.422857][T12675] ? stack_depot_save_flags+0x6e4/0x830 [ 501.422893][T12675] ? __vmalloc_node_range_noprof+0x10b/0x1460 [ 501.422928][T12675] ? __pfx_warn_alloc+0x10/0x10 [ 501.422968][T12675] ? kasan_save_track+0x3f/0x80 [ 501.423011][T12675] ? __kasan_kmalloc+0x98/0xb0 [ 501.423058][T12675] ? xsk_setsockopt+0x598/0x950 [ 501.423098][T12675] ? do_sock_setsockopt+0x3af/0x720 [ 501.423134][T12675] ? __sys_setsockopt+0x1ae/0x250 [ 501.423172][T12675] ? __x64_sys_setsockopt+0xb5/0xd0 [ 501.423200][T12675] ? do_syscall_64+0xf3/0x230 [ 501.423234][T12675] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.423278][T12675] __vmalloc_node_range_noprof+0x130/0x1460 [ 501.423367][T12675] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 501.423407][T12675] ? __kasan_kmalloc+0x98/0xb0 [ 501.423442][T12675] ? xskq_create+0x54/0x170 [ 501.423480][T12675] vmalloc_user_noprof+0x74/0x80 [ 501.423513][T12675] ? xskq_create+0xb6/0x170 [ 501.423545][T12675] xskq_create+0xb6/0x170 [ 501.423581][T12675] xsk_init_queue+0xa1/0x100 [ 501.423618][T12675] xsk_setsockopt+0x598/0x950 [ 501.423653][T12675] ? __pfx_xsk_setsockopt+0x10/0x10 [ 501.423689][T12675] ? __pfx_lock_acquire+0x10/0x10 [ 501.423716][T12675] ? __fget_files+0x29/0x470 [ 501.423742][T12675] ? __pfx_lock_release+0x10/0x10 [ 501.423766][T12675] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 501.423789][T12675] ? security_socket_setsockopt+0x87/0xb0 [ 501.423828][T12675] ? __pfx_xsk_setsockopt+0x10/0x10 [ 501.423858][T12675] do_sock_setsockopt+0x3af/0x720 [ 501.423896][T12675] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 501.423925][T12675] ? __fget_files+0x29/0x470 [ 501.423952][T12675] ? __fget_files+0x3f6/0x470 [ 501.423991][T12675] __sys_setsockopt+0x1ae/0x250 [ 501.424027][T12675] __x64_sys_setsockopt+0xb5/0xd0 [ 501.424062][T12675] do_syscall_64+0xf3/0x230 [ 501.424098][T12675] ? clear_bhb_loop+0x35/0x90 [ 501.424136][T12675] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.424171][T12675] RIP: 0033:0x7f970e575bd9 [ 501.424203][T12675] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 501.424225][T12675] RSP: 002b:00007f970f2a0048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 501.424252][T12675] RAX: ffffffffffffffda RBX: 00007f970e7041e8 RCX: 00007f970e575bd9 [ 501.424272][T12675] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000006 [ 501.424289][T12675] RBP: 00007f970e5e4aa1 R08: 0000000000000020 R09: 0000000000000000 [ 501.424311][T12675] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000 [ 501.424328][T12675] R13: 000000000000006e R14: 00007f970e7041e8 R15: 00007ffd55dbbe48 [ 501.424366][T12675] [ 501.424376][T12675] Mem-Info: [ 501.424393][T12675] active_anon:1738 inactive_anon:9769 isolated_anon:0 [ 501.424393][T12675] active_file:5308 inactive_file:34909 isolated_file:0 [ 501.424393][T12675] unevictable:0 dirty:294 writeback:0 [ 501.424393][T12675] slab_reclaimable:8333 slab_unreclaimable:104290 [ 501.424393][T12675] mapped:21941 shmem:8474 pagetables:865 [ 501.424393][T12675] sec_pagetables:0 bounce:0 [ 501.424393][T12675] kernel_misc_reclaimable:0 [ 501.424393][T12675] free:1373517 free_pcp:2945 free_cma:0 [ 501.424458][T12675] Node 0 active_anon:6952kB inactive_anon:37540kB active_file:21160kB inactive_file:139636kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:87764kB dirty:1176kB writeback:0kB shmem:32360kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11112kB pagetables:3460kB sec_pagetables:0kB all_unreclaimable? no [ 501.424524][T12675] Node 1 active_anon:0kB inactive_anon:1536kB active_file:72kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 501.424584][T12675] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 501.424653][T12675] lowmem_reserve[]: 0 2571 2571 0 0 [ 501.424708][T12675] Node 0 DMA32 free:1532328kB boost:0kB min:35108kB low:43884kB high:52660kB reserved_highatomic:0KB active_anon:6948kB inactive_anon:37508kB active_file:20896kB inactive_file:139584kB unevictable:0kB writepending:1176kB present:3129332kB managed:2659872kB mlocked:0kB bounce:0kB free_pcp:11772kB local_pcp:4568kB free_cma:0kB [ 501.424782][T12675] lowmem_reserve[]: 0 0 0 0 0 [ 501.424834][T12675] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:4kB inactive_anon:32kB active_file:264kB inactive_file:52kB unevictable:0kB writepending:0kB present:1048576kB managed:360kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 501.424900][T12675] lowmem_reserve[]: 0 0 0 0 0 [ 501.424953][T12675] Node 1 Normal free:3946380kB boost:0kB min:54788kB low:68484kB high:82180kB reserved_highatomic:0KB active_anon:0kB inactive_anon:1536kB active_file:72kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4109120kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 501.425021][T12675] lowmem_reserve[]: 0 0 0 0 0 [ 501.425077][T12675] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 501.425325][T12675] Node 0 DMA32: 4*4kB (UE) 159*8kB (UE) 170*16kB (UE) 314*32kB (UE) 47*64kB (UE) 8*128kB (UME) 3*256kB (E) 2*512kB (ME) 1*1024kB (E) 2*2048kB (M) 368*4096kB (UM) = 1532328kB [ 501.425558][T12675] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 501.425710][T12675] Node 1 Normal: 3*4kB (U) 2*8kB (U) 7*16kB (U) 12*32kB (U) 10*64kB (UM) 8*128kB (U) 3*256kB (UM) 4*512kB (UM) 3*1024kB (U) 1*2048kB (U) 961*4096kB (M) = 3946380kB [ 501.425944][T12675] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 501.425965][T12675] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 501.425987][T12675] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 501.426007][T12675] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 501.426028][T12675] 48687 total pagecache pages [ 501.426043][T12675] 0 pages in swap cache [ 501.426054][T12675] Free swap = 124516kB [ 501.426064][T12675] Total swap = 124996kB [ 501.426075][T12675] 2097051 pages RAM [ 501.426085][T12675] 0 pages HighMem/MovableOnly [ 501.426095][T12675] 400873 pages reserved [ 501.426105][T12675] 0 pages cma reserved [ 502.423420][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.488026][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.845318][ T5094] Bluetooth: hci2: link tx timeout [ 502.851481][ T5094] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa [ 502.864867][ T5085] Bluetooth: hci2: link tx timeout [ 502.870223][ T5085] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa [ 503.631418][ T5085] Bluetooth: hci2: link tx timeout [ 503.636699][ T5085] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa [ 503.644589][ T5085] Bluetooth: hci2: link tx timeout [ 503.649835][ T5085] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa [ 506.310121][ T5085] Bluetooth: hci2: command 0x0406 tx timeout [ 506.901592][T12751] xt_CT: You must specify a L4 protocol and not use inversions on it [ 509.501285][ T9] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 509.708179][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xC2 has invalid maxpacket 54557, setting to 1024 [ 509.741216][ T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC2 has invalid maxpacket 1024 [ 509.778378][ T9] usb 4-1: New USB device found, idVendor=fff0, idProduct=fff0, bcdDevice=39.78 [ 509.822253][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 509.867828][ T9] usb 4-1: Product: syz [ 509.892054][ T9] usb 4-1: Manufacturer: syz [ 510.836183][ T9] usb 4-1: SerialNumber: syz [ 510.843896][ T9] usb 4-1: config 0 descriptor?? [ 510.852246][T12813] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 510.896314][ T9] usbtest 4-1:0.0: couldn't get endpoints, -22 [ 510.919668][ T9] usbtest 4-1:0.0: probe with driver usbtest failed with error -22 [ 511.252682][ T5094] Bluetooth: hci5: unexpected subevent 0x01 length: 25 > 18 [ 511.325150][T12852] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 511.346156][ T9] usb 4-1: USB disconnect, device number 21 [ 511.513897][T12862] fuse: Invalid rootmode [ 513.412489][ T5094] Bluetooth: hci5: command 0x0406 tx timeout [ 514.140725][T12900] tc_dump_action: action bad kind [ 514.272563][T12906] input: syz0 as /devices/virtual/input/input17 [ 514.355026][T12908] input: syz0 as /devices/virtual/input/input18 [ 514.561206][T10133] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 514.791203][T10133] usb 4-1: Using ep0 maxpacket: 32 [ 514.856489][T10133] usb 4-1: New USB device found, idVendor=09e1, idProduct=5121, bcdDevice=cc.be [ 515.096991][T10133] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 515.121087][T10133] usb 4-1: Product: syz [ 515.126299][T10133] usb 4-1: Manufacturer: syz [ 515.141046][T10133] usb 4-1: SerialNumber: syz [ 515.148234][T10133] usb 4-1: config 0 descriptor?? [ 515.913216][T12900] netlink: 'syz.3.2855': attribute type 12 has an invalid length. [ 516.005398][T12900] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2855'. [ 516.263654][T10133] int51x1 4-1:0.0: probe with driver int51x1 failed with error -71 [ 516.304466][T10133] usb 4-1: USB disconnect, device number 22 [ 516.749897][T12957] netlink: 92 bytes leftover after parsing attributes in process `syz.1.2879'. [ 516.788699][T12961] netlink: 'syz.2.2881': attribute type 1 has an invalid length. [ 517.055179][T10133] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 517.271284][T10133] usb 2-1: Using ep0 maxpacket: 32 [ 517.294766][T10133] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 30130, setting to 1024 [ 517.333890][T12982] 9pnet: p9_errstr2errno: server reported unknown error /kernel/yama/ptrace_scope [ 517.336903][T10133] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024 [ 517.375541][T10133] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 517.385114][T10133] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 517.393469][T10133] usb 2-1: Product: syz [ 517.397953][T10133] usb 2-1: Manufacturer: syz [ 517.402888][T10133] usb 2-1: SerialNumber: syz [ 517.426872][T12957] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 517.669676][T10133] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 16 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 517.988912][T10133] usb 2-1: USB disconnect, device number 16 [ 518.010885][T10133] usblp0: removed [ 518.651947][T13023] netlink: 4580 bytes leftover after parsing attributes in process `syz.0.2904'. [ 518.684821][T13023] netlink: 4580 bytes leftover after parsing attributes in process `syz.0.2904'. [ 519.053249][T13039] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2911'. [ 519.102682][T13039] netdevsim netdevsim3 : renamed from netdevsim0 (while UP) [ 519.892178][T13054] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 520.246488][T13074] 9pnet: p9_errstr2errno: server reported unknown error /kernel/yama/ptrace_scope [ 522.516806][T13103] A link change request failed with some changes committed already. Interface veth1_macvtap may have been left with an inconsistent configuration, please check. [ 522.816292][ T29] audit: type=1804 audit(1720317576.427:220): pid=13106 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.2934" name="/newroot/235/bus/file1" dev="overlay" ino=1301 res=1 errno=0 [ 523.471568][T13138] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 524.360019][T13152] Bluetooth: hci3: unsupported parameter 512 [ 524.366592][T13152] Bluetooth: hci3: invalid length 0, exp 2 for type 2 [ 524.969357][T13184] Bluetooth: hci3: unsupported parameter 512 [ 524.981136][T13184] Bluetooth: hci3: invalid length 0, exp 2 for type 2 [ 525.542194][ T5085] Bluetooth: hci1: unexpected subevent 0x01 length: 25 > 18 [ 525.590743][T13206] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 525.708929][T13213] veth0_vlan: entered allmulticast mode [ 527.458939][T13277] netlink: 188 bytes leftover after parsing attributes in process `syz.3.3010'. [ 527.476964][T13277] netlink: 'syz.3.3010': attribute type 1 has an invalid length. [ 527.571910][T12935] Bluetooth: hci1: command 0x0406 tx timeout [ 528.031510][ T5135] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 528.148499][T13306] netlink: 188 bytes leftover after parsing attributes in process `syz.0.3024'. [ 528.159125][T13306] netlink: 'syz.0.3024': attribute type 1 has an invalid length. [ 528.242555][ T5135] usb 5-1: Using ep0 maxpacket: 32 [ 528.276170][ T5135] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36 [ 528.297293][ T5135] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 528.306851][ T5135] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 528.318004][ T5135] usb 5-1: Product: syz [ 528.325398][ T5135] usb 5-1: Manufacturer: syz [ 528.330271][ T5135] usb 5-1: SerialNumber: syz [ 528.600614][ T5135] usb 5-1: config 0 descriptor?? [ 528.608763][T13288] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 528.623637][ T5135] hub 5-1:0.0: bad descriptor, ignoring hub [ 528.633761][ T5135] hub 5-1:0.0: probe with driver hub failed with error -5 [ 528.647612][ T5135] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input19 [ 528.691325][T13323] binder: 13322:13323 ioctl 894b 20000380 returned -22 [ 528.917516][T13327] overlayfs: failed to get index nlink (file1/bus, err=-61) [ 528.978672][T10133] usb 5-1: USB disconnect, device number 18 [ 528.978753][ C1] usbtouchscreen 5-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 529.420359][T13339] netlink: 'syz.2.3034': attribute type 10 has an invalid length. [ 529.454534][T13339] netlink: 210880 bytes leftover after parsing attributes in process `syz.2.3034'. [ 529.607082][T13342] netlink: 188 bytes leftover after parsing attributes in process `syz.0.3036'. [ 529.713769][T13342] netlink: 'syz.0.3036': attribute type 1 has an invalid length. [ 530.330296][T13347] netlink: 144 bytes leftover after parsing attributes in process `syz.0.3038'. [ 530.970696][T13383] netlink: 'syz.4.3052': attribute type 10 has an invalid length. [ 530.987695][T13383] netlink: 210880 bytes leftover after parsing attributes in process `syz.4.3052'. [ 531.655358][ T5142] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 531.854003][ T5142] usb 4-1: Using ep0 maxpacket: 8 [ 531.872101][ T5142] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 531.893485][ T5142] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 531.926564][ T5142] usb 4-1: config 0 descriptor?? [ 532.207257][T13410] kvm: kvm [13409]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0xfe00000000 [ 532.240203][T13410] kvm: kvm [13409]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x27e00000080 [ 532.264954][T13410] kvm: kvm [13409]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x187) = 0x3ef00000000 [ 532.310751][T13410] kvm: kvm [13409]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0xde00000500 [ 532.332895][T13410] kvm: kvm [13409]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x27d00000500 [ 532.481641][T13431] binder: 13428:13431 ioctl 894b 20000380 returned -22 [ 533.521222][ T5142] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 533.573851][ T5142] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 533.617711][ T5142] asix 4-1:0.0: probe with driver asix failed with error -71 [ 533.665330][ T5142] usb 4-1: USB disconnect, device number 23 [ 536.281247][ T5137] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 536.473528][ T5137] usb 5-1: Using ep0 maxpacket: 16 [ 536.487753][ T5137] usb 5-1: config 0 has an invalid interface number: 215 but max is 0 [ 536.497715][ T5137] usb 5-1: config 0 has no interface number 0 [ 536.518534][ T5137] usb 5-1: config 0 interface 215 altsetting 0 endpoint 0x4 has an invalid bInterval 0, changing to 7 [ 536.531528][T13467] Device name cannot be null; rc = [-22] [ 536.549800][ T5137] usb 5-1: New USB device found, idVendor=04ca, idProduct=3008, bcdDevice=e6.00 [ 536.571125][ T5142] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 536.577650][ T5137] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 537.571212][ T5137] usb 5-1: Product: syz [ 537.575498][ T5137] usb 5-1: Manufacturer: syz [ 537.580143][ T5137] usb 5-1: SerialNumber: syz [ 537.620651][ T5137] usb 5-1: config 0 descriptor?? [ 537.903793][ T5142] usb 2-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=14.d4 [ 537.914235][ T5142] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 537.927587][ T5142] usb 2-1: config 0 descriptor?? [ 538.946650][T10138] usb 5-1: USB disconnect, device number 19 [ 539.121686][T13464] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 539.130454][T13464] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 539.180722][ T5142] gs_usb 2-1:0.0: Couldn't send data format (err=-71) [ 539.209143][ T5142] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -71 [ 539.231670][T12935] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 539.281327][ T5142] usb 2-1: USB disconnect, device number 17 [ 540.471233][ T5135] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 540.671221][ T5135] usb 4-1: Using ep0 maxpacket: 32 [ 540.695720][ T5135] usb 4-1: config 4 has an invalid interface number: 222 but max is 0 [ 540.728389][ T5135] usb 4-1: config 4 has no interface number 0 [ 540.757024][ T5135] usb 4-1: config 4 interface 222 altsetting 255 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 540.807280][ T5135] usb 4-1: config 4 interface 222 altsetting 255 endpoint 0x81 has invalid wMaxPacketSize 0 [ 540.867369][ T5135] usb 4-1: config 4 interface 222 has no altsetting 0 [ 540.901946][ T5135] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 540.944846][ T5135] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 540.998535][ T5135] hub 4-1:4.222: USB hub found [ 541.010417][T13505] syz.2.3096 (13505): drop_caches: 2 [ 541.353352][ T5135] hub 4-1:4.222: 2 ports detected [ 541.359223][ T5135] hub 4-1:4.222: Using single TT (err -22) [ 541.484442][T13529] netlink: 76 bytes leftover after parsing attributes in process `syz.1.3106'. [ 541.494445][T13529] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3106'. [ 541.506804][T13529] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3106'. [ 542.102945][ T5135] hub 4-1:4.222: hub_hub_status failed (err = -71) [ 542.111279][ T5135] hub 4-1:4.222: config failed, can't get hub status (err -71) [ 542.156498][ T5135] usb 4-1: USB disconnect, device number 24 [ 542.504930][T13550] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3117'. [ 542.855674][T10164] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 543.101827][T13563] netlink: 76 bytes leftover after parsing attributes in process `syz.4.3121'. [ 543.111185][T13563] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3121'. [ 543.120374][T13563] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3121'. [ 543.717860][T10133] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 543.911579][T10164] usb 2-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=14.d4 [ 543.922379][T10164] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 543.934288][T10164] usb 2-1: config 0 descriptor?? [ 544.001397][T10133] usb 4-1: Using ep0 maxpacket: 32 [ 544.018144][T10133] usb 4-1: config 4 has an invalid interface number: 222 but max is 0 [ 544.031180][T10133] usb 4-1: config 4 has no interface number 0 [ 544.055939][T10133] usb 4-1: config 4 interface 222 altsetting 255 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 544.071838][T10133] usb 4-1: config 4 interface 222 altsetting 255 endpoint 0x81 has invalid wMaxPacketSize 0 [ 544.097681][T10133] usb 4-1: config 4 interface 222 has no altsetting 0 [ 544.117159][T10133] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 544.141610][T10133] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 544.159477][T13543] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 544.168943][T13543] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 544.172692][T10133] hub 4-1:4.222: USB hub found [ 544.196978][T12935] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 544.258113][T10164] gs_usb 2-1:0.0: Couldn't send data format (err=-71) [ 544.268107][T10164] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -71 [ 544.285751][T10164] usb 2-1: USB disconnect, device number 18 [ 544.421700][T10133] hub 4-1:4.222: 2 ports detected [ 544.443085][T10133] hub 4-1:4.222: Using single TT (err -22) [ 544.523043][T13585] Failed to get privilege flags for destination (handle=0x2:0x0) [ 544.633475][T10133] hub 4-1:4.222: hub_hub_status failed (err = -71) [ 544.640064][T10133] hub 4-1:4.222: config failed, can't get hub status (err -71) [ 544.726261][T10133] usb 4-1: USB disconnect, device number 25 [ 545.371629][T10164] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 545.474768][T13615] Failed to get privilege flags for destination (handle=0x2:0x0) [ 545.561311][T10164] usb 5-1: Using ep0 maxpacket: 8 [ 545.590034][T10164] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 545.615747][T10164] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 545.635253][T10164] usb 5-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00 [ 545.837266][T10164] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 545.868185][T10164] usb 5-1: config 0 descriptor?? [ 546.929134][T13628] serio: Serial port pts0 [ 547.468068][ T9] usb 5-1: USB disconnect, device number 20 [ 547.782131][T13649] Failed to get privilege flags for destination (handle=0x2:0x0) [ 550.363256][ T2472] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 550.400674][ T2472] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 550.453671][T13681] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 550.480093][T13686] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 550.599335][T13694] Failed to get privilege flags for destination (handle=0x2:0x0) [ 551.510927][T13700] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 552.251833][T13774] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3186'. [ 552.291716][ T29] audit: type=1326 audit(1720317861.897:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13769 comm="syz.2.3186" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f970e575bd9 code=0x0 [ 552.395588][T13743] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 552.411325][T13743] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 552.700074][T13743] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 552.718062][T13743] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 552.746969][T13743] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 552.753325][T13743] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 552.982492][T13743] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 552.999184][T13743] Bluetooth: hci5: Error when powering off device on rfkill (-4) [ 553.033137][T13743] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 553.041588][T13743] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 553.633827][ T5137] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 553.848112][ T5137] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 553.864989][ T5137] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 553.894481][ T5137] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 553.930696][ T5137] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 553.956349][ T5137] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 553.985003][ T5137] usb 3-1: config 0 descriptor?? [ 554.246741][T13834] netlink: 'syz.1.3194': attribute type 3 has an invalid length. [ 554.415946][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.431653][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.439205][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.470109][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.486887][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.500839][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.516744][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.527123][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.543778][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.556710][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.571669][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.579331][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.596521][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.607719][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.622961][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.630538][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.644511][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.656967][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.668789][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.685685][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.700174][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.710353][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.724814][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.737665][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.749193][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.757183][T10138] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 554.775288][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.790323][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.809578][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.817842][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.833364][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.851980][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.859492][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.881462][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.889331][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.912269][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.919764][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.927649][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.961183][T10138] usb 2-1: Using ep0 maxpacket: 8 [ 554.966555][ T5137] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 554.982149][T10138] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 554.997665][ T5137] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving [ 555.010586][T10138] usb 2-1: New USB device found, idVendor=0bda, idProduct=0139, bcdDevice=db.d0 [ 555.026704][T10138] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 555.035756][ T5137] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 555.051018][T10138] usb 2-1: config 0 descriptor?? [ 555.068911][ T5137] usb 3-1: USB disconnect, device number 17 [ 555.161899][T10138] rtsx_usb 2-1:0.0: probe with driver rtsx_usb failed with error -22 [ 555.434323][ T5142] usb 2-1: USB disconnect, device number 19 [ 555.942612][T13887] netlink: 'syz.2.3205': attribute type 3 has an invalid length. [ 556.516591][T13913] netlink: 'syz.0.3217': attribute type 3 has an invalid length. [ 556.600335][ T5142] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 556.803392][ T5142] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 255, changing to 11 [ 556.818123][ T5142] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 556.830107][ T5142] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 556.843952][ T5142] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 556.853363][ T5142] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 556.872039][ T5142] usb 2-1: config 0 descriptor?? [ 556.877988][T13905] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 558.125462][ T5142] plantronics 0003:047F:FFFF.000C: unknown main item tag 0xd [ 558.138478][ T5142] plantronics 0003:047F:FFFF.000C: No inputs registered, leaving [ 558.154725][ T5142] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 558.170246][ T5142] usb 2-1: USB disconnect, device number 20 [ 558.494242][T13943] netlink: 'syz.2.3228': attribute type 3 has an invalid length. [ 558.671171][ T5142] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 558.684557][T13948] Device name cannot be null; rc = [-22] [ 558.872920][ T5142] usb 2-1: too many configurations: 248, using maximum allowed: 8 [ 558.923948][ T5142] usb 2-1: New USB device found, idVendor=19d2, idProduct=75bc, bcdDevice=9b.81 [ 558.938572][ T5142] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=197 [ 558.947246][ T5142] usb 2-1: Product: syz [ 558.952074][ T5142] usb 2-1: Manufacturer: syz [ 558.956707][ T5142] usb 2-1: SerialNumber: syz [ 558.970883][ T5142] usb 2-1: config 0 descriptor?? [ 559.190726][ T5137] usb 2-1: USB disconnect, device number 21 [ 559.595178][T13952] netlink: 'syz.2.3232': attribute type 4 has an invalid length. [ 559.971259][T13962] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3235'. [ 559.989231][ T29] audit: type=1326 audit(1720318381.599:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13958 comm="syz.1.3235" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ffaadb75bd9 code=0x0 [ 560.210640][T13969] netlink: 'syz.2.3239': attribute type 3 has an invalid length. [ 561.151649][T13990] netlink: 105120 bytes leftover after parsing attributes in process `syz.0.3248'. [ 561.281824][T13974] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3241'. [ 561.951391][ T5142] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 562.251387][ T5142] usb 2-1: Using ep0 maxpacket: 16 [ 562.333019][ T5142] usb 2-1: config 0 has an invalid interface number: 215 but max is 0 [ 562.351330][ T5142] usb 2-1: config 0 has no interface number 0 [ 562.361090][ T5142] usb 2-1: config 0 interface 215 altsetting 0 endpoint 0x4 has an invalid bInterval 0, changing to 7 [ 562.384325][ T5142] usb 2-1: New USB device found, idVendor=04ca, idProduct=3008, bcdDevice=e6.00 [ 562.402128][ T5142] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 562.420529][ T5142] usb 2-1: Product: syz [ 562.424878][ T5142] usb 2-1: Manufacturer: syz [ 562.429602][ T5142] usb 2-1: SerialNumber: syz [ 562.453097][ T5142] usb 2-1: config 0 descriptor?? [ 562.777701][ T29] audit: type=1326 audit(1720318384.389:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14005 comm="syz.2.3254" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f970e575bd9 code=0x0 [ 563.337797][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.344502][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.244987][ T5137] usb 2-1: USB disconnect, device number 22 [ 564.671104][ T5137] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 564.851214][ T5137] usb 2-1: Using ep0 maxpacket: 32 [ 564.858926][ T5137] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 564.870065][ T5137] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 564.879907][ T5137] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 564.889952][ T5137] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 564.899865][ T5137] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 564.909724][ T5137] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 564.923834][ T5137] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 564.935858][ T5137] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 564.944331][ T5137] usb 2-1: Product: syz [ 564.948887][ T5137] usb 2-1: Manufacturer: syz [ 564.953872][ T5137] usb 2-1: SerialNumber: syz [ 565.171224][ T5137] cdc_ncm 2-1:1.0: bind() failure [ 565.179437][ T5137] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 565.186763][ T5137] cdc_ncm 2-1:1.1: bind() failure [ 565.196168][ T5137] usb 2-1: USB disconnect, device number 23 [ 565.682702][T14045] netlink: 105120 bytes leftover after parsing attributes in process `syz.2.3269'. [ 565.981168][ T5142] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 566.059385][T10130] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 566.164125][ T5142] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 566.176064][ T5142] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 566.186076][ T5142] usb 3-1: New USB device found, idVendor=28bd, idProduct=0909, bcdDevice= 0.00 [ 566.196354][ T5142] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 566.210226][ T5142] usb 3-1: config 0 descriptor?? [ 566.255666][T10130] usb 2-1: unable to get BOS descriptor or descriptor too short [ 566.265288][T10130] usb 2-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 566.274382][T10130] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 566.288475][T10130] usb 2-1: New USB device found, idVendor=04b4, idProduct=6830, bcdDevice=8e.47 [ 566.298471][T10130] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 566.307620][T10130] usb 2-1: Product: syz [ 566.315618][T10130] usb 2-1: Manufacturer: syz [ 566.320275][T10130] usb 2-1: SerialNumber: syz [ 566.327589][T10130] usb 2-1: config 0 descriptor?? [ 566.335196][T10130] ums-cypress 2-1:0.0: USB Mass Storage device detected [ 566.505461][ T5142] usbhid 3-1:0.0: can't add hid device: -71 [ 566.511948][ T5142] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 566.522204][ T5142] usb 3-1: USB disconnect, device number 18 [ 566.594604][T14049] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 566.604685][T14049] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 566.660948][ T5135] usb 2-1: USB disconnect, device number 24 [ 567.615158][T14071] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3279'. [ 567.624964][T14071] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3279'. [ 567.791122][ T5135] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 567.972846][ T5135] usb 2-1: config 1 has an invalid descriptor of length 233, skipping remainder of the config [ 567.983476][ T5135] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 567.992513][ T5135] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 568.009425][ T5135] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 568.018901][ T5135] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 568.027246][ T5135] usb 2-1: Product: syz [ 568.031758][ T5135] usb 2-1: Manufacturer: syz [ 568.036566][ T5135] usb 2-1: SerialNumber: syz [ 568.046349][ T5135] cdc_ncm 2-1:1.0: skipping garbage [ 568.051848][ T5135] cdc_ncm 2-1:1.0: skipping garbage [ 568.057196][ T5135] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found [ 568.064129][ T5135] cdc_ncm 2-1:1.0: bind() failure [ 568.258666][ T5135] usb 2-1: USB disconnect, device number 25 [ 569.140339][T14083] Process accounting resumed [ 569.771258][ T5084] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 569.955003][ T5084] usb 3-1: config 1 has an invalid descriptor of length 233, skipping remainder of the config [ 569.965678][ T5084] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 569.975009][ T5084] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 569.990798][ T5084] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 570.000382][ T5084] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 570.008512][ T5084] usb 3-1: Product: syz [ 570.012779][ T5084] usb 3-1: Manufacturer: syz [ 570.017586][ T5084] usb 3-1: SerialNumber: syz [ 570.027756][ T5084] cdc_ncm 3-1:1.0: skipping garbage [ 570.033105][ T5084] cdc_ncm 3-1:1.0: skipping garbage [ 570.038361][ T5084] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found [ 570.045802][ T5084] cdc_ncm 3-1:1.0: bind() failure [ 570.244595][T10130] usb 3-1: USB disconnect, device number 19 [ 571.962292][ T29] audit: type=1326 audit(1720318393.569:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14135 comm="syz.0.3308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c28f75bd9 code=0x7fc00000 [ 571.985277][ T29] audit: type=1326 audit(1720318393.569:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14135 comm="syz.0.3308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=208 compat=0 ip=0x7f0c28f75bd9 code=0x7fc00000 [ 572.009743][ T29] audit: type=1326 audit(1720318393.569:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14135 comm="syz.0.3308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c28f75bd9 code=0x7fc00000 [ 572.048018][ T29] audit: type=1326 audit(1720318393.569:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14135 comm="syz.0.3308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c28f75bd9 code=0x7fc00000 [ 572.071434][ T29] audit: type=1326 audit(1720318393.569:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14135 comm="syz.0.3308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c28f75bd9 code=0x7fc00000 [ 572.117739][ T29] audit: type=1326 audit(1720318393.569:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14135 comm="syz.0.3308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c28f75bd9 code=0x7fc00000 [ 572.140176][ T29] audit: type=1326 audit(1720318393.569:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14135 comm="syz.0.3308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c28f75bd9 code=0x7fc00000 [ 572.171071][ T29] audit: type=1326 audit(1720318393.569:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14135 comm="syz.0.3308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c28f75bd9 code=0x7fc00000 [ 572.198782][ T29] audit: type=1326 audit(1720318393.569:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14135 comm="syz.0.3308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c28f75bd9 code=0x7fc00000 [ 572.227594][ T29] audit: type=1326 audit(1720318393.569:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14135 comm="syz.0.3308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c28f75bd9 code=0x7fc00000 [ 573.091592][ T5137] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 573.284588][ T5137] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 573.304858][ T5137] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 895 [ 573.324763][ T5137] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 573.344715][ T5137] usb 2-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice= 0.00 [ 573.361688][ T5137] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 573.383159][ T5137] usb 2-1: SerialNumber: syz [ 573.405173][ T5137] usb 2-1: config 0 descriptor?? [ 573.422171][T14167] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 573.449462][ T5137] port100 2-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint [ 573.773249][ T5137] usb 2-1: USB disconnect, device number 26 [ 574.282067][ T5142] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 574.483225][ T5142] usb 3-1: config 0 has an invalid interface number: 253 but max is 0 [ 574.498900][ T5142] usb 3-1: config 0 has no interface number 0 [ 574.505515][ T5142] usb 3-1: New USB device found, idVendor=1235, idProduct=0018, bcdDevice=f0.ee [ 574.520314][T14192] kvm: requested 150857 ns i8254 timer period limited to 200000 ns [ 574.538945][ T5142] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 574.562120][ T5142] usb 3-1: config 0 descriptor?? [ 574.837137][ T5142] usb 3-1: USB disconnect, device number 20 [ 578.481180][ T5135] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 578.665533][ T5135] usb 3-1: New USB device found, idVendor=093a, idProduct=2476, bcdDevice= d.5b [ 578.674967][ T5135] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 578.683143][ T5135] usb 3-1: Product: syz [ 578.687501][ T5135] usb 3-1: Manufacturer: syz [ 578.695357][ T5135] usb 3-1: SerialNumber: syz [ 578.702852][ T5135] usb 3-1: config 0 descriptor?? [ 578.711586][ T5135] gspca_main: pac207-2.14.0 probing 093a:2476 [ 578.821486][ T5135] gspca_pac207: Failed to read a register (index 0x0000, error -110) [ 578.832037][ T5135] usb 3-1: Found UVC 0.00 device syz (093a:2476) [ 578.838435][ T5135] usb 3-1: No valid video chain found. [ 578.917189][ T5137] usb 3-1: USB disconnect, device number 21 [ 579.434459][ T29] kauditd_printk_skb: 9165 callbacks suppressed [ 579.434477][ T29] audit: type=1326 audit(1720318401.039:9399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14256 comm="syz.1.3351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaadb75bd9 code=0x7fc00000 [ 579.463169][ T29] audit: type=1326 audit(1720318401.039:9400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14256 comm="syz.1.3351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=208 compat=0 ip=0x7ffaadb75bd9 code=0x7fc00000 [ 579.485591][ T29] audit: type=1326 audit(1720318401.039:9401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14256 comm="syz.1.3351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaadb75bd9 code=0x7fc00000 [ 579.523973][ T29] audit: type=1326 audit(1720318401.039:9402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14256 comm="syz.1.3351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaadb75bd9 code=0x7fc00000 [ 579.568825][ T29] audit: type=1326 audit(1720318401.039:9403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14256 comm="syz.1.3351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaadb75bd9 code=0x7fc00000 [ 579.607451][ T29] audit: type=1326 audit(1720318401.039:9404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14256 comm="syz.1.3351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaadb75bd9 code=0x7fc00000 [ 579.629827][ T29] audit: type=1326 audit(1720318401.039:9405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14256 comm="syz.1.3351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaadb75bd9 code=0x7fc00000 [ 579.668927][ T29] audit: type=1326 audit(1720318401.039:9406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14256 comm="syz.1.3351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaadb75bd9 code=0x7fc00000 [ 579.699398][ T29] audit: type=1326 audit(1720318401.039:9407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14256 comm="syz.1.3351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaadb75bd9 code=0x7fc00000 [ 579.724404][ T29] audit: type=1326 audit(1720318401.039:9408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14256 comm="syz.1.3351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaadb75bd9 code=0x7fc00000 [ 580.115497][T14275] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3358'. [ 580.541252][ T5084] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 581.321156][ T5084] usb 3-1: Using ep0 maxpacket: 16 [ 581.329220][ T5084] usb 3-1: unable to get BOS descriptor or descriptor too short [ 581.339475][ T5084] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 581.350727][ T5084] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 581.364085][ T5084] usb 3-1: New USB device found, idVendor=05ac, idProduct=0238, bcdDevice= 0.40 [ 581.374017][ T5084] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 581.382220][ T5084] usb 3-1: Product: syz [ 581.386439][ T5084] usb 3-1: Manufacturer: syz [ 581.391154][ T5084] usb 3-1: SerialNumber: syz [ 581.414696][ T5084] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input20 [ 581.535183][T14300] Device name cannot be null; rc = [-22] [ 581.692236][ T5137] usb 3-1: USB disconnect, device number 22 [ 581.695033][ T4517] bcm5974 3-1:1.0: could not read from device [ 581.713502][ T4517] bcm5974 3-1:1.0: could not read from device [ 582.426467][T14308] @ÿ: renamed from veth0_vlan [ 582.510402][T14312] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 583.949723][T14334] syzkaller1: entered promiscuous mode [ 583.955593][T14334] syzkaller1: entered allmulticast mode [ 584.048467][T14336] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 584.269405][T14344] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 584.353737][T14346] Mount JFS Failure: -22 [ 584.527038][T14352] ieee802154 phy0 wpan0: encryption failed: -22 [ 585.801272][T10164] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 585.997041][T14362] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3394'. [ 586.019042][T10164] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 586.038616][T10164] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 586.049911][T10164] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 586.060202][T10164] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 586.060918][T14364] syzkaller1: entered promiscuous mode [ 586.075351][T14364] syzkaller1: entered allmulticast mode [ 586.077515][T10164] usb 3-1: SerialNumber: syz [ 586.316013][T10164] usb 3-1: 0:2 : does not exist [ 586.322885][T14368] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 586.344675][T10164] usb 3-1: USB disconnect, device number 23 [ 586.751565][ T5084] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 586.846970][T14383] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3403'. [ 586.912516][T14385] syzkaller1: entered promiscuous mode [ 586.918185][T14385] syzkaller1: entered allmulticast mode [ 586.935167][ T5084] usb 2-1: New USB device found, idVendor=08ca, idProduct=0104, bcdDevice=a6.74 [ 586.945028][ T5084] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 586.983472][ T5084] usb 2-1: config 0 descriptor?? [ 586.992283][ T5084] gspca_main: sunplus-2.14.0 probing 08ca:0104 [ 587.200682][ T5084] gspca_sunplus: reg_r err -71 [ 587.205924][ T5084] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 587.217521][ T5084] usb 2-1: USB disconnect, device number 27 [ 587.421292][ T5135] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 587.623520][ T5135] usb 3-1: config 0 has an invalid interface number: 154 but max is 0 [ 587.631893][ T5135] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 587.642655][ T5135] usb 3-1: config 0 has no interface number 0 [ 587.648956][ T5135] usb 3-1: New USB device found, idVendor=413c, idProduct=8196, bcdDevice=1f.e0 [ 587.658615][ T5135] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 587.669347][ T5135] usb 3-1: config 0 descriptor?? [ 587.676892][ T5135] qmi_wwan 3-1:0.154: skipping garbage [ 587.682472][ T5135] qmi_wwan 3-1:0.154: skipping garbage [ 587.687956][ T5135] qmi_wwan 3-1:0.154: bogus CDC Union: master=0, slave=0 [ 587.695611][ T5135] qmi_wwan 3-1:0.154: probe with driver qmi_wwan failed with error -22 [ 587.901703][T10133] usb 3-1: USB disconnect, device number 24 [ 588.096878][T14404] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3412'. [ 588.237321][T14410] syzkaller1: entered promiscuous mode [ 588.242976][T14410] syzkaller1: entered allmulticast mode [ 588.498088][T14415] syzkaller1: entered promiscuous mode [ 588.504393][T14415] syzkaller1: entered allmulticast mode [ 588.753484][T14424] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3421'. [ 588.782461][T14426] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3422'. [ 588.798803][T14426] tipc: Started in network mode [ 588.807948][T14426] tipc: Node identity ., cluster identity 8 [ 588.821414][T14428] openvswitch: netlink: Missing key (keys=20040, expected=80) [ 589.292929][T14438] netlink: 'syz.2.3424': attribute type 4 has an invalid length. [ 589.307231][T14438] netlink: 'syz.2.3424': attribute type 4 has an invalid length. [ 590.003387][T14438] syz.2.3424 (14438) used greatest stack depth: 17488 bytes left [ 590.254256][T14451] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3432'. [ 590.266653][T14451] tipc: Started in network mode [ 590.274361][T14451] tipc: Node identity ., cluster identity 8 [ 590.283823][T14453] openvswitch: netlink: Missing key (keys=20040, expected=80) [ 590.778611][T14473] openvswitch: netlink: Missing key (keys=20040, expected=80) [ 590.881472][T14476] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3443'. [ 590.890687][T14476] tipc: Cannot configure node identity twice [ 590.973282][T14479] netlink: 'syz.2.3438': attribute type 4 has an invalid length. [ 591.705815][T14480] netlink: 'syz.2.3438': attribute type 4 has an invalid length. [ 592.281427][T14500] openvswitch: netlink: Missing key (keys=20040, expected=80) [ 592.299325][T10133] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 592.481251][T10133] usb 3-1: Using ep0 maxpacket: 32 [ 592.682773][T10133] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 592.693242][T10133] usb 3-1: config 0 has no interfaces? [ 592.701997][T10133] usb 3-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 592.717944][T10133] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 592.726156][T10133] usb 3-1: Product: syz [ 592.730350][T10133] usb 3-1: Manufacturer: syz [ 592.944200][ T29] kauditd_printk_skb: 6077 callbacks suppressed [ 592.944249][ T29] audit: type=1326 audit(1720318414.539:15486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14507 comm="syz.1.3455" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ffaadb75bd9 code=0x0 [ 593.519202][T10133] usb 3-1: SerialNumber: syz [ 593.526741][T10133] usb 3-1: config 0 descriptor?? [ 593.637936][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 595.100598][ T5137] usb 3-1: USB disconnect, device number 25 [ 599.725901][ T5137] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 599.911110][ T5137] usb 2-1: Using ep0 maxpacket: 32 [ 599.918360][ T5137] usb 2-1: config 128 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 599.929587][ T5137] usb 2-1: config 128 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 599.939619][ T5137] usb 2-1: config 128 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 599.949631][ T5137] usb 2-1: config 128 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 599.965699][ T5137] usb 2-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 599.975524][ T5137] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 600.031280][T10133] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 600.195673][ T5137] usbhid 2-1:128.0: can't add hid device: -71 [ 600.202305][ T5137] usbhid 2-1:128.0: probe with driver usbhid failed with error -71 [ 600.215012][ T5137] usb 2-1: USB disconnect, device number 28 [ 600.221316][T10133] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 600.234609][T10133] usb 3-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 600.244005][T10133] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 600.255294][T10133] usb 3-1: config 0 descriptor?? [ 600.466811][ T5135] usb 3-1: USB disconnect, device number 26 [ 600.996130][T14560] Mount JFS Failure: -22 [ 603.221196][ T5135] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 603.406584][ T5135] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 603.417822][ T5135] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 603.432401][ T5135] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 603.441799][ T5135] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 603.452332][ T5135] usb 2-1: config 0 descriptor?? [ 603.501493][ T5142] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 603.681153][ T5142] usb 3-1: Using ep0 maxpacket: 16 [ 603.688648][ T5142] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 603.699751][ T5142] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 603.713065][ T5142] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 603.722267][ T5142] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 603.738767][ T5142] usb 3-1: config 0 descriptor?? [ 603.871750][ T5135] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 603.880396][ T5135] plantronics 0003:047F:FFFF.000D: No inputs registered, leaving [ 603.892605][ T5135] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 604.163743][ T5142] microsoft 0003:045E:07DA.000E: unknown main item tag 0x0 [ 604.173240][ T5142] microsoft 0003:045E:07DA.000E: unknown main item tag 0x0 [ 604.180615][ T5142] microsoft 0003:045E:07DA.000E: unknown main item tag 0x0 [ 604.188399][ T5142] microsoft 0003:045E:07DA.000E: unknown main item tag 0x0 [ 604.196455][ T5142] microsoft 0003:045E:07DA.000E: unknown main item tag 0x0 [ 604.204319][ T5142] microsoft 0003:045E:07DA.000E: unknown main item tag 0x0 [ 604.211772][ T5142] microsoft 0003:045E:07DA.000E: unknown main item tag 0x0 [ 604.219244][ T5142] microsoft 0003:045E:07DA.000E: unknown main item tag 0x0 [ 604.226688][ T5142] microsoft 0003:045E:07DA.000E: unknown main item tag 0x0 [ 604.234723][ T5142] microsoft 0003:045E:07DA.000E: unknown main item tag 0x0 [ 604.251169][ T5142] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.000E/input/input22 [ 604.259326][T10138] usb 2-1: USB disconnect, device number 29 [ 604.351967][ T5142] microsoft 0003:045E:07DA.000E: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 604.648484][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port [::1]:20002. Sending cookies. [ 604.846266][T10138] usb 3-1: USB disconnect, device number 27 [ 605.826093][T14609] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3494'. [ 606.860741][T14619] netlink: 'syz.1.3498': attribute type 6 has an invalid length. [ 606.869054][T14619] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.3498'. [ 624.775706][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.782434][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.215668][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.222226][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 709.251119][ T30] INFO: task kworker/0:1:9 blocked for more than 143 seconds. [ 709.258735][ T30] Not tainted 6.10.0-rc6-syzkaller-00215-g22f902dfc51e #0 [ 709.266727][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 709.275489][ T30] task:kworker/0:1 state:D stack:18728 pid:9 tgid:9 ppid:2 flags:0x00004000 [ 709.286572][ T30] Workqueue: events rfkill_global_led_trigger_worker [ 709.294360][ T30] Call Trace: [ 709.297791][ T30] SYZFAIL: failed to recv rpc fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor) [ 709.300762][ T30] __schedule+0x1796/0x49d0 [ 709.305796][ T30] ? __pfx___schedule+0x10/0x10 [ 709.310708][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 709.316817][ T30] ? __pfx_lock_release+0x10/0x10 [ 709.321964][ T30] ? kick_pool+0x1bd/0x620 [ 709.326429][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 709.332040][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 709.337300][ T30] ? schedule+0x90/0x320 [ 709.341779][ T30] schedule+0x14b/0x320 [ 709.346553][ T30] schedule_preempt_disabled+0x13/0x30 [ 709.360968][ T30] __mutex_lock+0x6a4/0xd70 [ 709.365659][ T30] ? __mutex_lock+0x527/0xd70 [ 709.370413][ T30] ? rfkill_global_led_trigger_worker+0x27/0xd0 [ 709.408521][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 709.413861][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 709.419906][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 709.426838][ T30] ? process_scheduled_works+0x945/0x1830 [ 709.432921][ T30] rfkill_global_led_trigger_worker+0x27/0xd0 [ 709.439711][ T30] ? process_scheduled_works+0x945/0x1830 [ 709.445684][ T30] process_scheduled_works+0xa2c/0x1830 [ 709.451649][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 709.457711][ T30] ? assign_work+0x364/0x3d0 [ 709.462523][ T30] worker_thread+0x86d/0xd50 [ 709.467166][ T30] ? __kthread_parkme+0x169/0x1d0 [ 709.472366][ T30] ? __pfx_worker_thread+0x10/0x10 [ 709.477708][ T30] kthread+0x2f0/0x390 [ 709.481874][ T30] ? __pfx_worker_thread+0x10/0x10 [ 709.487104][ T30] ? __pfx_kthread+0x10/0x10 [ 709.492279][ T30] ret_from_fork+0x4b/0x80 [ 709.497022][ T30] ? __pfx_kthread+0x10/0x10 [ 709.501718][ T30] ret_from_fork_asm+0x1a/0x30 [ 709.506515][ T30] [ 709.509669][ T30] INFO: task syz.3.3172:13713 blocked for more than 143 seconds. [ 709.517662][ T30] Not tainted 6.10.0-rc6-syzkaller-00215-g22f902dfc51e #0 [ 709.525392][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 709.534164][ T30] task:syz.3.3172 state:D stack:25648 pid:13713 tgid:13699 ppid:9117 flags:0x00004006 [ 709.544643][ T30] Call Trace: [ 709.548034][ T30] [ 709.551046][ T30] __schedule+0x1796/0x49d0 [ 709.555707][ T30] ? __pfx___schedule+0x10/0x10 [ 709.560687][ T30] ? __pfx_lock_release+0x10/0x10 [ 709.565781][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 709.571315][ T30] ? schedule+0x90/0x320 [ 709.575683][ T30] schedule+0x14b/0x320 [ 709.580051][ T30] schedule_preempt_disabled+0x13/0x30 [ 709.585565][ T30] __mutex_lock+0x6a4/0xd70 [ 709.590210][ T30] ? kobject_put+0x443/0x480 [ 709.595045][ T30] ? __mutex_lock+0x527/0xd70 [ 709.599771][ T30] ? rfkill_unregister+0xd0/0x230 [ 709.604881][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 709.609971][ T30] ? __pfx_device_del+0x10/0x10 [ 709.614896][ T30] ? __pfx_nfc_genl_device_removed+0x10/0x10 [ 709.620972][ T30] rfkill_unregister+0xd0/0x230 [ 709.625948][ T30] nfc_unregister_device+0x96/0x2a0 [ 709.631343][ T30] virtual_ncidev_close+0x59/0x90 [ 709.636420][ T30] ? __pfx_virtual_ncidev_close+0x10/0x10 [ 709.642276][ T30] __fput+0x24a/0x8a0 [ 709.646332][ T30] task_work_run+0x24f/0x310 [ 709.651827][ T30] ? __pfx_task_work_run+0x10/0x10 [ 709.657009][ T30] get_signal+0x15e6/0x1740 [ 709.661632][ T30] ? kick_process+0xef/0x160 [ 709.666355][ T30] ? task_work_add+0x2f3/0x3a0 [ 709.671326][ T30] ? __pfx_get_signal+0x10/0x10 [ 709.676566][ T30] ? __pfx_task_work_add+0x10/0x10 [ 709.682017][ T30] arch_do_signal_or_restart+0x96/0x860 [ 709.687737][ T30] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 709.694271][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 709.700432][ T30] ? syscall_exit_to_user_mode+0xa3/0x360 [ 709.706535][ T30] syscall_exit_to_user_mode+0xc9/0x360 [ 709.713656][ T30] do_syscall_64+0x100/0x230 [ 709.718547][ T30] ? clear_bhb_loop+0x35/0x90 [ 709.723539][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 709.729584][ T30] RIP: 0033:0x7fc616975bd9 [ 709.734255][ T30] RSP: 002b:00007fc617714048 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 709.742815][ T30] RAX: fffffffffffffff2 RBX: 00007fc616b042c0 RCX: 00007fc616975bd9 [ 709.752055][ T30] RDX: 0000000000000064 RSI: 0000000020000500 RDI: 0000000000000003 [ 709.761455][ T30] RBP: 00007fc6169e4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 709.770194][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 709.779801][ T30] R13: 000000000000006e R14: 00007fc616b042c0 R15: 00007ffd9eacf648 [ 709.788319][ T30] [ 709.792172][ T30] INFO: task syz.4.3180:13743 blocked for more than 143 seconds. [ 709.801403][ T30] Not tainted 6.10.0-rc6-syzkaller-00215-g22f902dfc51e #0 [ 709.809510][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 709.818350][ T30] task:syz.4.3180 state:D stack:23256 pid:13743 tgid:13742 ppid:9245 flags:0x00004006 [ 709.828724][ T30] Call Trace: [ 709.832266][ T30] [ 709.835234][ T30] __schedule+0x1796/0x49d0 [ 709.839964][ T30] ? __pfx___schedule+0x10/0x10 [ 709.845597][ T30] ? __pfx_lock_release+0x10/0x10 [ 709.850715][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 709.856553][ T30] ? schedule+0x90/0x320 [ 709.860854][ T30] schedule+0x14b/0x320 [ 709.865277][ T30] schedule_preempt_disabled+0x13/0x30 [ 709.870777][ T30] __mutex_lock+0x6a4/0xd70 [ 709.875385][ T30] ? __mutex_lock+0x527/0xd70 [ 709.880126][ T30] ? nfc_rfkill_set_block+0x50/0x310 [ 709.885749][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 709.891578][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 709.896879][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 709.903197][ T30] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 709.909630][ T30] nfc_rfkill_set_block+0x50/0x310 [ 709.915018][ T30] ? __pfx_nfc_rfkill_set_block+0x10/0x10 [ 709.920773][ T30] rfkill_set_block+0x1f1/0x440 [ 709.925737][ T30] rfkill_fop_write+0x5bb/0x790 [ 709.930737][ T30] ? __pfx_rfkill_fop_write+0x10/0x10 [ 709.936210][ T30] ? bpf_lsm_file_permission+0x9/0x10 [ 709.941656][ T30] ? rw_verify_area+0x1d2/0x6b0 [ 709.946566][ T30] ? __pfx_rfkill_fop_write+0x10/0x10 [ 709.952065][ T30] vfs_write+0x2a2/0xc90 [ 709.956369][ T30] ? __pfx_vfs_write+0x10/0x10 [ 709.961264][ T30] ? do_futex+0x33b/0x560 [ 709.965729][ T30] ? __fget_files+0x29/0x470 [ 709.970342][ T30] ? __fget_files+0x3f6/0x470 [ 709.975648][ T30] ? __fget_files+0x29/0x470 [ 709.981856][ T30] ksys_write+0x1a0/0x2c0 [ 709.986254][ T30] ? __pfx_ksys_write+0x10/0x10 [ 709.991301][ T30] ? do_syscall_64+0x100/0x230 [ 709.996116][ T30] ? do_syscall_64+0xb6/0x230 [ 710.000969][ T30] do_syscall_64+0xf3/0x230 [ 710.005669][ T30] ? clear_bhb_loop+0x35/0x90 [ 710.010408][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 710.016448][ T30] RIP: 0033:0x7fc7d6975bd9 [ 710.021047][ T30] RSP: 002b:00007fc7d7703048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 710.029657][ T30] RAX: ffffffffffffffda RBX: 00007fc7d6b03f60 RCX: 00007fc7d6975bd9 [ 710.037852][ T30] RDX: 0000000000000008 RSI: 0000000020000080 RDI: 0000000000000003 [ 710.045912][ T30] RBP: 00007fc7d69e4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 710.054599][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 710.062879][ T30] R13: 000000000000000b R14: 00007fc7d6b03f60 R15: 00007ffd54a67a38 [ 710.071194][ T30] [ 710.074290][ T30] INFO: task syz-executor:13992 blocked for more than 144 seconds. [ 710.083038][ T30] Not tainted 6.10.0-rc6-syzkaller-00215-g22f902dfc51e #0 [ 710.091463][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 710.100151][ T30] task:syz-executor state:D stack:26816 pid:13992 tgid:13992 ppid:1 flags:0x00000004 [ 710.110364][ T30] Call Trace: [ 710.113695][ T30] [ 710.116662][ T30] __schedule+0x1796/0x49d0 [ 710.121269][ T30] ? __pfx___schedule+0x10/0x10 [ 710.126248][ T30] ? __pfx_lock_release+0x10/0x10 [ 710.133630][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 710.139254][ T30] ? schedule+0x90/0x320 [ 710.144051][ T30] schedule+0x14b/0x320 [ 710.148357][ T30] schedule_preempt_disabled+0x13/0x30 [ 710.157849][ T30] __mutex_lock+0x6a4/0xd70 [ 710.162711][ T30] ? __mutex_lock+0x527/0xd70 [ 710.167713][ T30] ? rfkill_register+0x34/0x8c0 [ 710.173081][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 710.179150][ T30] ? __init_waitqueue_head+0xae/0x150 [ 710.185460][ T30] ? device_initialize+0x266/0x460 [ 710.191382][ T30] rfkill_register+0x34/0x8c0 [ 710.197085][ T30] hci_register_dev+0x407/0x8b0 [ 710.203467][ T30] vhci_create_device+0x389/0x6d0 [ 710.208551][ T30] vhci_write+0x3cb/0x480 [ 710.213977][ T30] vfs_write+0xa72/0xc90 [ 710.218635][ T30] ? __pfx_vhci_write+0x10/0x10 [ 710.223659][ T30] ? __pfx_vfs_write+0x10/0x10 [ 710.228953][ T30] ksys_write+0x1a0/0x2c0 [ 710.234548][ T30] ? __pfx_ksys_write+0x10/0x10 [ 710.239743][ T30] ? exc_page_fault+0x590/0x8c0 [ 710.245978][ T30] ? do_syscall_64+0xb6/0x230 [ 710.250786][ T30] do_syscall_64+0xf3/0x230 [ 710.255551][ T30] ? clear_bhb_loop+0x35/0x90 [ 710.260885][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 710.267682][ T30] RIP: 0033:0x7f6c72774720 [ 710.273682][ T30] RSP: 002b:00007ffdb38a6868 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 710.283223][ T30] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f6c72774720 [ 710.292014][ T30] RDX: 0000000000000002 RSI: 00007ffdb38a687a RDI: 00000000000000ca [ 710.300356][ T30] RBP: 00007f6c72904a18 R08: 0000000000000000 R09: 00007f6c7343d6c0 [ 710.308499][ T30] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000000000c [ 710.316666][ T30] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000009 [ 710.324957][ T30] [ 710.328132][ T30] INFO: task syz-executor:13998 blocked for more than 144 seconds. [ 710.336195][ T30] Not tainted 6.10.0-rc6-syzkaller-00215-g22f902dfc51e #0 [ 710.344080][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 710.353017][ T30] task:syz-executor state:D stack:26816 pid:13998 tgid:13998 ppid:1 flags:0x00000004 [ 710.363398][ T30] Call Trace: [ 710.367244][ T30] [ 710.370286][ T30] __schedule+0x1796/0x49d0 [ 710.375424][ T30] ? __pfx___schedule+0x10/0x10 [ 710.380433][ T30] ? __pfx_lock_release+0x10/0x10 [ 710.385970][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 710.391893][ T30] ? schedule+0x90/0x320 [ 710.396252][ T30] schedule+0x14b/0x320 [ 710.400766][ T30] schedule_preempt_disabled+0x13/0x30 [ 710.406509][ T30] __mutex_lock+0x6a4/0xd70 [ 710.411380][ T30] ? __mutex_lock+0x527/0xd70 [ 710.416195][ T30] ? rfkill_register+0x34/0x8c0 [ 710.421491][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 710.426559][ T30] ? __init_waitqueue_head+0xae/0x150 [ 710.432268][ T30] ? device_initialize+0x266/0x460 [ 710.437527][ T30] rfkill_register+0x34/0x8c0 [ 710.442386][ T30] hci_register_dev+0x407/0x8b0 [ 710.447379][ T30] vhci_create_device+0x389/0x6d0 [ 710.452622][ T30] vhci_write+0x3cb/0x480 [ 710.457007][ T30] vfs_write+0xa72/0xc90 [ 710.461339][ T30] ? __pfx_vhci_write+0x10/0x10 [ 710.466400][ T30] ? __pfx_vfs_write+0x10/0x10 [ 710.471527][ T30] ksys_write+0x1a0/0x2c0 [ 710.476058][ T30] ? __pfx_ksys_write+0x10/0x10 [ 710.481043][ T30] ? exc_page_fault+0x590/0x8c0 [ 710.485962][ T30] ? do_syscall_64+0xb6/0x230 [ 710.491056][ T30] do_syscall_64+0xf3/0x230 [ 710.495610][ T30] ? clear_bhb_loop+0x35/0x90 [ 710.500337][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 710.506470][ T30] RIP: 0033:0x7f4739774720 [ 710.511007][ T30] RSP: 002b:00007ffc283f8e18 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 710.519548][ T30] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f4739774720 [ 710.527597][ T30] RDX: 0000000000000002 RSI: 00007ffc283f8e2a RDI: 00000000000000ca [ 710.535937][ T30] RBP: 00007f4739904a18 R08: 0000000000000000 R09: 00007f473a43d6c0 [ 710.544174][ T30] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000000000c [ 710.552251][ T30] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000009 [ 710.560260][ T30] [ 710.563344][ T30] [ 710.563344][ T30] Showing all locks held in the system: [ 710.571214][ T30] 3 locks held by kworker/0:1/9: [ 710.576209][ T30] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 710.587291][ T30] #1: ffffc900000e7d00 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 710.601028][ T30] #2: ffffffff8f8a9128 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_global_led_trigger_worker+0x27/0xd0 [ 710.612640][ T30] 1 lock held by khungtaskd/30: [ 710.617606][ T30] #0: ffffffff8e333f20 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 710.627587][ T30] 2 locks held by getty/4835: [ 710.632406][ T30] #0: ffff88802f43a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 710.642255][ T30] #1: ffffc90002f162f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 710.652812][ T30] 1 lock held by syz-executor/9257: [ 710.658036][ T30] #0: ffffffff8f8a9128 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_unregister+0xd0/0x230 [ 710.668227][ T30] 1 lock held by syz-executor/9585: [ 710.673487][ T30] #0: ffffffff8f8a9128 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_unregister+0xd0/0x230 [ 710.683894][ T30] 1 lock held by syz.2.1685/9817: [ 710.689289][ T30] #0: ffffffff8f8a9128 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_unregister+0xd0/0x230 [ 710.699615][ T30] 2 locks held by syz.3.3172/13713: [ 710.705084][ T30] #0: ffff888066bcd100 (&dev->mutex){....}-{3:3}, at: nfc_unregister_device+0x63/0x2a0 [ 710.715526][ T30] #1: ffffffff8f8a9128 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_unregister+0xd0/0x230 [ 710.726049][ T30] 2 locks held by syz.4.3180/13743: [ 710.731308][ T30] #0: ffffffff8f8a9128 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x1a9/0x790 [ 710.741615][ T30] #1: ffff888066bcd100 (&dev->mutex){....}-{3:3}, at: nfc_rfkill_set_block+0x50/0x310 [ 710.751417][ T30] 2 locks held by syz-executor/13992: [ 710.756859][ T30] #0: ffff888022364918 (&data->open_mutex){+.+.}-{3:3}, at: vhci_create_device+0x34/0x6d0 [ 710.767016][ T30] #1: ffffffff8f8a9128 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x34/0x8c0 [ 710.778527][ T30] 2 locks held by syz-executor/13998: [ 710.785424][ T30] #0: ffff88801e810118 (&data->open_mutex){+.+.}-{3:3}, at: vhci_create_device+0x34/0x6d0 [ 710.801728][ T30] #1: ffffffff8f8a9128 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x34/0x8c0 [ 710.812472][ T30] 2 locks held by syz-executor/14628: [ 710.818147][ T30] #0: ffff888015b45118 (&data->open_mutex){+.+.}-{3:3}, at: vhci_create_device+0x34/0x6d0 [ 710.829238][ T30] #1: ffffffff8f8a9128 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x34/0x8c0 [ 710.839485][ T30] 2 locks held by syz-executor/14630: [ 710.845197][ T30] #0: ffff888023dc5118 (&data->open_mutex){+.+.}-{3:3}, at: vhci_create_device+0x34/0x6d0 [ 710.856149][ T30] #1: ffffffff8f8a9128 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x34/0x8c0 [ 710.866429][ T30] 2 locks held by syz-executor/14632: [ 710.872019][ T30] #0: ffff88802f2c4118 (&data->open_mutex){+.+.}-{3:3}, at: vhci_create_device+0x34/0x6d0 [ 710.882420][ T30] #1: ffffffff8f8a9128 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x34/0x8c0 [ 710.893558][ T30] 2 locks held by syz-executor/14634: [ 710.899141][ T30] #0: ffff88805eb79918 (&data->open_mutex){+.+.}-{3:3}, at: vhci_create_device+0x34/0x6d0 [ 710.909392][ T30] #1: ffffffff8f8a9128 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x34/0x8c0 [ 710.919615][ T30] 2 locks held by syz-executor/14636: [ 710.925084][ T30] #0: ffff88805eb7b918 (&data->open_mutex){+.+.}-{3:3}, at: vhci_create_device+0x34/0x6d0 [ 710.935815][ T30] #1: ffffffff8f8a9128 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x34/0x8c0 [ 710.945994][ T30] 2 locks held by syz-executor/14642: [ 710.951471][ T30] #0: ffff88802c64f118 (&data->open_mutex){+.+.}-{3:3}, at: vhci_create_device+0x34/0x6d0 [ 710.961617][ T30] #1: ffffffff8f8a9128 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x34/0x8c0 [ 710.971662][ T30] 2 locks held by syz-executor/14644: [ 710.977064][ T30] #0: ffff88805f94f118 (&data->open_mutex){+.+.}-{3:3}, at: vhci_create_device+0x34/0x6d0 [ 710.988150][ T30] #1: ffffffff8f8a9128 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x34/0x8c0 [ 710.998239][ T30] 2 locks held by syz-executor/14646: [ 711.003671][ T30] #0: ffff888062a73118 (&data->open_mutex){+.+.}-{3:3}, at: vhci_create_device+0x34/0x6d0 [ 711.013784][ T30] #1: ffffffff8f8a9128 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x34/0x8c0 [ 711.023845][ T30] 2 locks held by syz-executor/14648: [ 711.029235][ T30] #0: ffff888061c1e918 (&data->open_mutex){+.+.}-{3:3}, at: vhci_create_device+0x34/0x6d0 [ 711.040449][ T30] #1: ffffffff8f8a9128 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x34/0x8c0 [ 711.050452][ T30] 2 locks held by syz-executor/14650: [ 711.055852][ T30] #0: ffff888062059918 (&data->open_mutex){+.+.}-{3:3}, at: vhci_create_device+0x34/0x6d0 [ 711.065944][ T30] #1: ffffffff8f8a9128 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x34/0x8c0 [ 711.076364][ T30] [ 711.078832][ T30] ============================================= [ 711.078832][ T30] [ 711.087306][ T30] NMI backtrace for cpu 1 [ 711.091644][ T30] CPU: 1 PID: 30 Comm: khungtaskd Not tainted 6.10.0-rc6-syzkaller-00215-g22f902dfc51e #0 [ 711.101827][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 711.111893][ T30] Call Trace: [ 711.115179][ T30] [ 711.118117][ T30] dump_stack_lvl+0x241/0x360 [ 711.122915][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 711.128146][ T30] ? __pfx__printk+0x10/0x10 [ 711.132796][ T30] ? vprintk_emit+0x631/0x770 [ 711.137693][ T30] ? __pfx_vprintk_emit+0x10/0x10 [ 711.142832][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 711.147807][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 711.153393][ T30] ? _printk+0xd5/0x120 [ 711.157569][ T30] ? __pfx__printk+0x10/0x10 [ 711.162188][ T30] ? __wake_up_klogd+0xcc/0x110 [ 711.167172][ T30] ? __pfx__printk+0x10/0x10 [ 711.171808][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 711.176984][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 711.183157][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 711.190342][ T30] watchdog+0xfde/0x1020 [ 711.195151][ T30] ? watchdog+0x1ea/0x1020 [ 711.200067][ T30] ? __pfx_watchdog+0x10/0x10 [ 711.205827][ T30] kthread+0x2f0/0x390 [ 711.210364][ T30] ? __pfx_watchdog+0x10/0x10 [ 711.215085][ T30] ? __pfx_kthread+0x10/0x10 [ 711.219788][ T30] ret_from_fork+0x4b/0x80 [ 711.224341][ T30] ? __pfx_kthread+0x10/0x10 [ 711.229067][ T30] ret_from_fork_asm+0x1a/0x30 [ 711.233998][ T30] [ 711.237344][ T30] Sending NMI from CPU 1 to CPUs 0: [ 711.242658][ C0] NMI backtrace for cpu 0 [ 711.242672][ C0] CPU: 0 PID: 128 Comm: kworker/u8:5 Not tainted 6.10.0-rc6-syzkaller-00215-g22f902dfc51e #0 [ 711.242691][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 711.242703][ C0] Workqueue: bat_events batadv_nc_worker [ 711.242731][ C0] RIP: 0010:rcu_is_watching+0x67/0xb0 [ 711.242755][ C0] Code: 89 f7 e8 bc 3e 7c 00 48 c7 c3 c8 7c 03 00 49 03 1e 48 89 d8 48 c1 e8 03 42 0f b6 04 38 84 c0 75 22 8b 03 65 ff 0d b1 80 87 7e <74> 10 83 e0 04 c1 e8 02 5b 41 5e 41 5f c3 cc cc cc cc e8 a2 62 84 [ 711.242770][ C0] RSP: 0018:ffffc90002d3fa00 EFLAGS: 00000286 [ 711.242789][ C0] RAX: 00000000003ebd64 RBX: ffff8880b9437cc8 RCX: ffffffff81728db0 [ 711.242802][ C0] RDX: 0000000000000000 RSI: ffffffff8c1f15e0 RDI: ffffffff8c1f15a0 [ 711.242815][ C0] RBP: ffffc90002d3fb48 R08: ffffffff8fac1d2f R09: 1ffffffff1f583a5 [ 711.242828][ C0] R10: dffffc0000000000 R11: fffffbfff1f583a6 R12: 1ffff920005a7f50 [ 711.242842][ C0] R13: ffffffff8b47cb3b R14: ffffffff8dda59e0 R15: dffffc0000000000 [ 711.242856][ C0] FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 711.242870][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 711.242882][ C0] CR2: 0000557d7f2ea220 CR3: 000000000e132000 CR4: 00000000003506f0 [ 711.242898][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 711.242909][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 711.242920][ C0] Call Trace: [ 711.242927][ C0] [ 711.242935][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 711.242955][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 711.242975][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 711.242994][ C0] ? nmi_handle+0x2a/0x5a0 [ 711.243030][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 711.243050][ C0] ? nmi_handle+0x14f/0x5a0 [ 711.243075][ C0] ? nmi_handle+0x2a/0x5a0 [ 711.243102][ C0] ? rcu_is_watching+0x67/0xb0 [ 711.243120][ C0] ? default_do_nmi+0x63/0x160 [ 711.243140][ C0] ? exc_nmi+0x123/0x1f0 [ 711.243159][ C0] ? end_repeat_nmi+0xf/0x53 [ 711.243184][ C0] ? batadv_nc_worker+0xcb/0x610 [ 711.243209][ C0] ? lock_release+0xb0/0x9f0 [ 711.243227][ C0] ? rcu_is_watching+0x67/0xb0 [ 711.243246][ C0] ? rcu_is_watching+0x67/0xb0 [ 711.243266][ C0] ? rcu_is_watching+0x67/0xb0 [ 711.243285][ C0] [ 711.243291][ C0] [ 711.243298][ C0] lock_release+0xbf/0x9f0 [ 711.243316][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 711.243335][ C0] ? batadv_nc_worker+0xcb/0x610 [ 711.243357][ C0] ? __pfx_lock_release+0x10/0x10 [ 711.243377][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 711.243398][ C0] ? batadv_nc_worker+0xcb/0x610 [ 711.243421][ C0] batadv_nc_worker+0x28b/0x610 [ 711.243444][ C0] ? batadv_nc_worker+0xcb/0x610 [ 711.243467][ C0] ? process_scheduled_works+0x945/0x1830 [ 711.243485][ C0] process_scheduled_works+0xa2c/0x1830 [ 711.243518][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 711.243542][ C0] ? assign_work+0x364/0x3d0 [ 711.243561][ C0] worker_thread+0x86d/0xd50 [ 711.243588][ C0] ? __kthread_parkme+0x169/0x1d0 [ 711.243609][ C0] ? __pfx_worker_thread+0x10/0x10 [ 711.243627][ C0] kthread+0x2f0/0x390 [ 711.243648][ C0] ? __pfx_worker_thread+0x10/0x10 [ 711.243666][ C0] ? __pfx_kthread+0x10/0x10 [ 711.243687][ C0] ret_from_fork+0x4b/0x80 [ 711.243710][ C0] ? __pfx_kthread+0x10/0x10 [ 711.243730][ C0] ret_from_fork_asm+0x1a/0x30 [ 711.243764][ C0] [ 711.250547][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 711.597273][ T30] CPU: 0 PID: 30 Comm: khungtaskd Not tainted 6.10.0-rc6-syzkaller-00215-g22f902dfc51e #0 [ 711.607193][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 711.617378][ T30] Call Trace: [ 711.620861][ T30] [ 711.623955][ T30] dump_stack_lvl+0x241/0x360 [ 711.628701][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 711.633942][ T30] ? __pfx__printk+0x10/0x10 [ 711.638634][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 711.644642][ T30] ? vscnprintf+0x5d/0x90 [ 711.648986][ T30] panic+0x349/0x860 [ 711.652892][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 711.659133][ T30] ? __pfx_panic+0x10/0x10 [ 711.663550][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 711.668929][ T30] ? __irq_work_queue_local+0x137/0x410 [ 711.674577][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 711.680059][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 711.686278][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 711.692670][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 711.698841][ T30] watchdog+0x101d/0x1020 [ 711.703281][ T30] ? watchdog+0x1ea/0x1020 [ 711.708019][ T30] ? __pfx_watchdog+0x10/0x10 [ 711.713418][ T30] kthread+0x2f0/0x390 [ 711.717614][ T30] ? __pfx_watchdog+0x10/0x10 [ 711.722327][ T30] ? __pfx_kthread+0x10/0x10 [ 711.726968][ T30] ret_from_fork+0x4b/0x80 [ 711.731433][ T30] ? __pfx_kthread+0x10/0x10 [ 711.736172][ T30] ret_from_fork_asm+0x1a/0x30 [ 711.741154][ T30] [ 711.744874][ T30] Kernel Offset: disabled [ 711.749273][ T30] Rebooting in 86400 seconds..