last executing test programs: 9m22.274261044s ago: executing program 32 (id=2686): syz_init_net_socket$llc(0x1a, 0x2, 0x0) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]}) close_range(r0, 0xffffffffffffffff, 0x200000000000000) 8m27.456273613s ago: executing program 3 (id=3634): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0xd1, 0x0, 0x0, @loopback, @multicast1}}}}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f5, &(0x7f0000000200)={'syztnl0\x00', &(0x7f0000001580)={'erspan0\x00', r1, 0x40, 0x7807, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x1, 0x0, 0x0, @empty, @multicast2}}}}) 8m27.426865576s ago: executing program 3 (id=3635): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f00000088c0), r0) sendmsg$NLBL_CALIPSO_C_LIST(r0, &(0x7f00000089c0)={0x0, 0x0, &(0x7f0000008980)={&(0x7f0000008900)={0x1c, r1, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NLBL_CALIPSO_A_DOI={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x49}, 0x24008040) 8m27.39601148s ago: executing program 3 (id=3636): r0 = syz_open_dev$vbi(&(0x7f0000000080), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f00000000c0)=0x2) ioctl$VIDIOC_G_AUDIO(r0, 0x80345621, 0x0) 8m27.324152783s ago: executing program 3 (id=3637): symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00') mount$9p_unix(&(0x7f00000000c0)='./file0/file0/..\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x12d7498, 0x0) umount2(&(0x7f0000000040)='./file0\x00', 0x1) 8m27.266797219s ago: executing program 3 (id=3638): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000) r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000080)=0x5, 0x4) 8m26.425683406s ago: executing program 3 (id=3647): syz_io_uring_setup(0x313f, &(0x7f0000000080)={0x0, 0xfffffffd, 0x10100, 0x2000003, 0x17b}, 0x0, 0x0, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8924, &(0x7f00000000c0)={'wlan0\x00', 0x1}) 8m25.898505644s ago: executing program 33 (id=3647): syz_io_uring_setup(0x313f, &(0x7f0000000080)={0x0, 0xfffffffd, 0x10100, 0x2000003, 0x17b}, 0x0, 0x0, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8924, &(0x7f00000000c0)={'wlan0\x00', 0x1}) 7m45.953851985s ago: executing program 4 (id=4127): write(0xffffffffffffffff, &(0x7f0000000000)="240000001e005f031400ff01000000f80700b3586f", 0x15) r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b24, &(0x7f0000000000)={'wlan1\x00'}) 7m45.891430855s ago: executing program 4 (id=4136): pipe(&(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f00000014c0)=[{&(0x7f0000000000)="9c", 0x1}], 0x1, 0x8) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) 7m45.77361054s ago: executing program 4 (id=4130): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000700000014000180080007"], 0x28}}, 0x0) 7m45.715511s ago: executing program 4 (id=4131): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f000000e140)={0xffffffffffffffff, 0xffffffffffffffff}) fstatfs(r0, &(0x7f000000ed00)=""/4096) 7m45.555929076s ago: executing program 4 (id=4143): r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x10) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) 7m45.460078708s ago: executing program 4 (id=4145): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a44, 0x1700) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0xe, 0x8010, r0, 0x952de000) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) 7m30.363020681s ago: executing program 34 (id=4145): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a44, 0x1700) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0xe, 0x8010, r0, 0x952de000) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) 4m56.183861711s ago: executing program 1 (id=6380): mremap(&(0x7f0000000000/0x9000)=nil, 0x600000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f00000004c0)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) writev(0xffffffffffffffff, 0x0, 0x0) 4m56.18372884s ago: executing program 1 (id=6381): chdir(&(0x7f0000000540)='./cgroup\x00') r0 = open(&(0x7f0000000140)='.\x00', 0x8000, 0x112) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) getdents(r0, 0x0, 0x0) 4m56.089837326s ago: executing program 1 (id=6383): pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) write$tun(r1, &(0x7f0000000380)={@val={0x0, 0x9}, @void, @eth={@remote, @empty, @void, {@mpls_uc={0x8847, {[{0xffffb, 0x0, 0x1}, {0x0, 0x0, 0x1}, {0x0, 0x0, 0x1}], @ipv6=@gre_packet={0x6, 0x6, "e943ff", 0x44, 0x2f, 0x1, @mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {[], {{}, {0x1, 0x0, 0x1, 0x1}, {0x1}, {0x8, 0x88be, 0x4, {{0x1, 0x1, 0xe, 0x1, 0x0, 0x1, 0x1, 0x4}, 0x1, {0xffffffff}}}, {0x8, 0x22eb, 0x0, {{0x3, 0x2, 0x7, 0x2, 0x0, 0x2, 0x3, 0x63}, 0x2, {0x715, 0x1, 0x2, 0x13, 0x0, 0x0, 0x2, 0x0, 0x1}}}}}}}}}}}, 0x8a) read$FUSE(r0, &(0x7f0000002180)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) wait4(r2, 0x0, 0x20000000, 0x0) 4m56.012310302s ago: executing program 1 (id=6386): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x1d0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0) 4m55.905181017s ago: executing program 1 (id=6387): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024f01c173a49b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000040)={&(0x7f0000000000)=""/60, 0x3c}) 4m53.51127202s ago: executing program 1 (id=6397): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = epoll_create1(0x80000) listen(r0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000380)={0x90000004}) 4m53.190703139s ago: executing program 35 (id=6397): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = epoll_create1(0x80000) listen(r0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000380)={0x90000004}) 4m17.433711337s ago: executing program 5 (id=6705): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000004c0)=ANY=[@ANYBLOB="28010000100007000000000000000000ff020000000000000000000000000001e00000020000000000000000000000004e200000000000000000000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ff010000000000000000000000000001000000002b000000fc0000000000000000000000000000000000000000000000000000fff2000000020000000000000000000000000000000000001000000000ffffffffffffffff00000000000000000000000000000000000000000000000000002000000000000700000000000000000000000000000000000400fdffffffe80a000000000000000000000a000200340000000000000014000e"], 0x128}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newsa={0x104, 0x1a, 0x7, 0x70bd2a, 0x0, {{@in=@dev={0xac, 0x14, 0x14, 0x1b}, @in=@multicast1, 0xffff, 0x0, 0x4e22, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in=@multicast1, 0x0, 0x2b}, @in6=@private0, {0x5a, 0xb400, 0x2, 0xfeffff7f00000001, 0x0, 0x60000}, {0x0, 0x200000, 0x7, 0xfffffffffffffffd}, {0x40000, 0x1, 0xae8}, 0xfffffffd, 0x0, 0xa, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}]}, 0x104}}, 0x0) 4m17.340996837s ago: executing program 5 (id=6707): ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000100)={"b46474f815e8d5535f0887c44335cc824dc6121bc72a77f532ff5dad4d643a9cab29d2310e04be14eb26c0af4985fe45e3b3b0680b3ec92725d74b9716e0f7c3119a2c9a0ae65ff4772e2e12733cb013c4308fe40863480747c0a7ddb9361b1578015ca1bb2c1677ebae096f08345476f567443842946ed946434c75916d1db83fe305920de65bfaf9bd940672216846cb16b8ae67cd3affc61375381f91b3b9f1cc5e38cafe5239aee71dcd481fbe1ecd2547ffbaad4469a74697c28fb9beefa6a5d736712a55eb9110c2cf7964062ba8cbc1c038e84f0f5db7fc7053118bf5221e3efa6fc3edb5d0ca3cde7054dd0751a332520aa8478b1775d552c5cc24d3c2df9eb333e5ca3aa06c1ccf580202f4ab64792f55b41976fc20b64f1fc61d5b44f50953582a1825d32130a31abfeafd1987317879e29ac51b93c9659e023fff3ddb5e39dd19cc3ef1d883c78b9e073d08a9197fb3717df238b9831831214b186693be9dd2568bb77272e80df5dfed03e8c467627bedfbd93359a9f79a3aa37e873dc1357b37b43d813ea85267b0dc8b1c4cc51bd985328833beb2679b7fb762555bbea2da936b36f8f1673fd5f606b2b6eb23b72bf947206e8dbfeb40ca6f265a3485c8446e0f0da652860b88328073d2282c14b48a7774e62754a968b60e92205e8fafcdd70a55c3c4d1a4821ff44e6e3681f15ae091262e3a3290a24d8ceae30ebbf9d24287bb8a5d73c608d47d287f9e716cf02b4796a83fb0c05e45b89de9ef8bce834e6d7a0be6e30d2c66cb6e640cb01898454ad361bc0701d8fe56113335ae6adec59300db04691cc4a689034272a8e086a32ce7061b4f79fa8afbb48a6ce4b62bdc44af013d78980457e1fa61eb9204818606f4c3b03c0f33cd2a841ac9bc2b73151a96e31ab99e6ec969b5f2c3edd5f9abc69845e487af992758ba445368da93dae1d44360d52a534a88276b8aaf349841d8a4788c60408618437c442308dbf70efeda2e54e9b9e4fe5f76997c9dcb945a26bd75748c85d19ca8b99264dce50580e8d4dbda401dad7df31e9a7a6a3a83bfbdfb5394abd581ac000000000000050e5c0b7c9188e6f26bfd97734d9a20433f6cdba9d14a5f32a4d97a57f4603b21146fd1aebf082e863d463c224ad623c17d8043d3bf083f0322408dd6ead6915ac6a4222ab51480eb6e11a8913348219515170d9df90d72d7363bbda3e327d19f98c0a856f98076380e788e602e8a2ae0a1930786874dc21a2e99abda15f35457cf1dcb440c4b41350d0eda352aad7f57a0adc8a6914da06460635ed21c4c11cd1a8ec778064c9f62efba2927828b23f94b16619a5520731c2c40ab8583c9f2e73233d74b84f4877ce6b35bb1180300"}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f00000003c0)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r0, @ANYBLOB="05", @ANYRES16=r0], 0x0) 4m15.88105708s ago: executing program 5 (id=6725): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f0000000380)='b', 0x1}], 0x1, &(0x7f0000000c80)=[@rights={{0x14, 0x1, 0x1, [r1]}}], 0x18, 0x20040000}}], 0x1, 0x4) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x39000, 0x0) 4m15.777619582s ago: executing program 5 (id=6727): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) rename(&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='./file1\x00') 4m15.660336525s ago: executing program 5 (id=6728): pipe2$watch_queue(&(0x7f0000002240)={0xffffffffffffffff}, 0x80) r1 = add_key$user(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000180)="8e", 0x1, 0xffffffffffffffff) keyctl$KEYCTL_WATCH_KEY(0x20, r1, r0, 0x0) keyctl$chown(0xf, r1, 0x0, 0x0) 4m12.490899124s ago: executing program 5 (id=6770): madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000080)={'exec ', ':\x00'}, 0x7) syz_clone(0xa0001000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0) 4m12.133016226s ago: executing program 36 (id=6770): madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000080)={'exec ', ':\x00'}, 0x7) syz_clone(0xa0001000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0) 3m51.581196989s ago: executing program 0 (id=6932): r0 = socket$inet6(0xa, 0x80003, 0x6) pwritev(0xffffffffffffffff, &(0x7f0000000880)=[{&(0x7f0000000000)='0', 0x1}], 0x1, 0x0, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0x400}, 0x1c) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0) 3m51.096685563s ago: executing program 0 (id=6936): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000440)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)={0x24, r1, 0x1, 0x70bd28, 0x1, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x24}}, 0x80) 3m50.641604042s ago: executing program 0 (id=6939): io_setup(0x8, &(0x7f0000004200)=0x0) io_pgetevents(r0, 0x3, 0x3, &(0x7f0000000440)=[{}, {}, {}], 0x0, 0x0) r1 = landlock_create_ruleset(&(0x7f0000000080)={0x2202}, 0x18, 0x0) landlock_restrict_self(r1, 0xe) 3m49.443326429s ago: executing program 0 (id=6949): mkdir(&(0x7f0000000940)='./file0\x00', 0x51) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x1) 3m49.287548838s ago: executing program 0 (id=6951): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000008200)={0xffffffffffffffff}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x80940, 0xd2) close(r1) mount$9p_fd(0x0, &(0x7f0000000c40)='./file1\x00', &(0x7f00000000c0), 0x200000, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 3m47.928200813s ago: executing program 0 (id=6964): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_type(r0, &(0x7f0000000100), 0x2, 0x0) write$cgroup_type(r1, &(0x7f0000000280), 0x9) 3m47.689749382s ago: executing program 37 (id=6964): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_type(r0, &(0x7f0000000100), 0x2, 0x0) write$cgroup_type(r1, &(0x7f0000000280), 0x9) 2m32.35203769s ago: executing program 9 (id=7672): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 2m32.052770135s ago: executing program 9 (id=7675): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) shutdown(r0, 0x1) 2m31.961399832s ago: executing program 9 (id=7676): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000140), 0x10) sendmsg$can_bcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="05"], 0x48}}, 0x805) sendmsg$can_bcm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="06"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x2004c800) 2m31.911919288s ago: executing program 9 (id=7679): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000003200)=@newsa={0x138, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x0, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@loopback, 0x4d4, 0x6c}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {0x800, 0x192, 0x6, 0xffff, 0x8251c, 0x1, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0x7}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x80) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000940)=@newsa={0x138, 0x1a, 0x1, 0xfffffffe, 0x100, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x717, 0x4e23, 0x5, 0xa, 0x0, 0x20, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, {0xfe, 0x1000000000000192, 0x8000000009ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc, 0x4}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffe, 0x3f9}, 0x7e, 0x3505, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}}, 0x844) 2m31.769969464s ago: executing program 9 (id=7681): mknodat$loop(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x6000, 0x1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) ioctl$FUSE_DEV_IOC_CLONE(r0, 0x8004e500, &(0x7f0000000000)=r0) 2m31.597143874s ago: executing program 9 (id=7684): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) mount$9p_xen(0x0, &(0x7f0000000300)='.\x00', 0x0, 0x44000, 0x0) 2m16.594561386s ago: executing program 38 (id=7684): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) mount$9p_xen(0x0, &(0x7f0000000300)='.\x00', 0x0, 0x44000, 0x0) 3.306488975s ago: executing program 7 (id=9308): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]}) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000003c0)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000100)={r1, 0x0, r0, 0x0, 0x80000}) 2.366689235s ago: executing program 7 (id=9320): connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e22, 0x54, @mcast1, 0x9}, 0x1c) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000001a00010000000000000000001c"], 0x28}}, 0x0) 2.212500848s ago: executing program 7 (id=9321): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x64, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2=0xe0000001}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x2}]}, 0x64}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x2c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}]}, 0x6c}}, 0x0) 2.001850813s ago: executing program 7 (id=9324): socket$xdp(0x2c, 0x3, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$xdp(0x2c, 0x3, 0x0) dup2(r0, r1) 1.857991797s ago: executing program 7 (id=9327): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x9c, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x44, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4041}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={0xa0, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa, 0x0, 0x5}, [@CTA_TUPLE_ORIG={0x44, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x4}]}, 0xa0}}, 0x0) 1.680837617s ago: executing program 7 (id=9330): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc090, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x60, 0x90, "", [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x7, 0x2, 0x1, {0x22, 0x29}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x0, 0x4}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_connect$uac2(0x0, 0x7b, &(0x7f00000000c0)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x40, 0x2a39, 0x3fb0, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x69, 0x3, 0x1, 0x5, 0x30, 0x9, {0x8, 0xb, 0x0, 0x1, 0x1, 0x7, 0x20, 0x8c}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x20, 0x0, {{0x9, 0x24, 0x1, 0x4000, 0x4, 0x9, 0x7}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0x3, 0xb, 0x4, {0x8, 0x25, 0x1, 0x0, 0x0, 0x40, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x8, 0x40, 0x6, 0x3, {0x8, 0x25, 0x1, 0x82, 0x3, 0xf3, 0x6}}}}}}}}]}}, 0x0) syz_usb_control_io(r0, &(0x7f00000004c0)={0x2c, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0) 1.216952698s ago: executing program 2 (id=9340): r0 = syz_open_dev$loop(&(0x7f0000000680), 0x9, 0x103480) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x5, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a01000000000b0000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00000014000800000000000000007f"}}) ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x6e) 1.130099407s ago: executing program 8 (id=9343): r0 = syz_open_dev$media(&(0x7f0000000280), 0x3, 0x0) r1 = syz_open_dev$media(&(0x7f0000000000), 0x1, 0x0) ioctl$MEDIA_IOC_ENUM_LINKS(r1, 0xc0287c02, &(0x7f0000000200)={0x80000000, 0x0, &(0x7f0000000180)=[{}, {{}, {0x80000000}}]}) ioctl$MEDIA_IOC_ENUM_LINKS(r0, 0xc0287c02, &(0x7f00000000c0)={r2, 0x0, 0x0}) 1.017268516s ago: executing program 8 (id=9345): openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="0f0200003900", 0x6}], 0x1}, 0x0) r0 = socket$kcm(0x10, 0x400000002, 0x0) write$cgroup_subtree(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="33fe00006a"], 0xfe33) 968.634023ms ago: executing program 2 (id=9346): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x40940, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x2) readv(r0, &(0x7f0000000600)=[{&(0x7f00000002c0)=""/135, 0x87}], 0x1) ioctl$TIOCVHANGUP(r0, 0x5437, 0x2) 817.370395ms ago: executing program 8 (id=9348): pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f00000000c0)='fd', 0x0, r0) fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f00000005c0)='fd', 0x0, r0) 815.752198ms ago: executing program 8 (id=9349): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4a61, 0x2, @loopback, 0xaa}, 0x1c) 766.589489ms ago: executing program 8 (id=9351): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="5c00000000010104000000000000000002001000240002801400018008000100e000000108000200e00000010c00028005000100000000001c0010800800014000000000d97405010000000008000240000000000800", @ANYRES64=r0], 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) 660.437495ms ago: executing program 8 (id=9352): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000041436120410e5150e8d5000000010902f98a5c01000000090401001186eee2000905821704"], 0x0) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000000)={0xfc, {"a2e3ad1bed0d09f91b5e071887f70e09d038e7ff7fc6e5539b0d500a8b089b3f36356d030890e0879b0af8c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d263030000009bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbebac93f752f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b92b7b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e28a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b28ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d8efea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d23e86abd6859cddf4bbae1f0a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af5f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700dfbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000", 0x105d}}, 0xfffffef7) syz_usb_control_io$sierra_net(r0, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xffffffffffffff42, &(0x7f00000000c0)=ANY=[]) 579.965747ms ago: executing program 2 (id=9354): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x4b564d06}]}) 514.228095ms ago: executing program 6 (id=9355): r0 = socket(0xa, 0x5, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in6={0xa, 0x4e24, 0xf1, @loopback, 0x19f49a9}], 0x1c) sendmsg$inet_sctp(r0, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x4e24, 0xff, @loopback, 0x5}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000100)="e6", 0xfffd}], 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000008400000007000000ac1414aa0000000020000000000000008400000008000000200100"/56], 0x38, 0x4855}, 0x24000052) recvmmsg$unix(r0, &(0x7f0000004280)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000300)=""/4105, 0x1009}], 0x1}}], 0x1, 0x40010040, 0x0) 405.250255ms ago: executing program 6 (id=9356): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'erspan0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000180)="0b032200eb1025120212475400f6a13bb1000000080089064803", 0x10300, 0x0, &(0x7f0000000140)={0x11, 0x0, r1}, 0x14) 378.820834ms ago: executing program 6 (id=9357): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f00000002c0)={'batadv_slave_1\x00', &(0x7f0000000040)=@ethtool_flash={0x33, 0x7, './file0\x00'}}) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000280)={0x40bb, 0x2}, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000002c0)=ANY=[@ANYBLOB="780000001a0001002abd7000000000000a"], 0x78}], 0x1, 0x0, 0x0, 0x20400}, 0x0) 346.575421ms ago: executing program 2 (id=9358): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@local}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, 0x0) 273.423018ms ago: executing program 6 (id=9359): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000300)={0x80006015}) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000080)={0x28000006}) 241.267805ms ago: executing program 2 (id=9360): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000240)={0x79, 0x0, 0x10000004a5}) 71.216825ms ago: executing program 2 (id=9361): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x4bd1bfda, 0x0, 0x6}, 0x1c) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)="39000000140081ae10003c000500018311001f9f660fcf066505acb612f691f3bd3508abca1be6eeb89c44ebb37358582bdbb7d553b4e92155", 0x39}], 0x1}, 0x0) 25.714976ms ago: executing program 6 (id=9362): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f00000001c0)={r1}, &(0x7f0000000200)=0x8) 0s ago: executing program 6 (id=9363): r0 = socket$key(0xf, 0x3, 0x2) recvmmsg(r0, &(0x7f0000001dc0)=[{{0x0, 0x0, 0x0}, 0x3ff}], 0x1, 0x2000000022, 0x0) setsockopt$sock_int(r0, 0x1, 0x4b, &(0x7f0000000040)=0xfd87, 0x4) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0216000002"], 0x10}}, 0x0) kernel console output (not intermixed with test programs): batman_adv: batadv0: Adding interface: batadv_slave_0 [ 609.892854][T21864] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 609.892876][T21864] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 609.895994][T21864] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 609.896008][T21864] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 609.896032][T21864] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 610.040221][ T5827] Bluetooth: hci3: command tx timeout [ 610.218027][T21864] hsr_slave_0: entered promiscuous mode [ 610.223030][T21864] hsr_slave_1: entered promiscuous mode [ 610.224548][T21864] debugfs: 'hsr0' already exists in 'hsr' [ 610.224572][T21864] Cannot create hsr debugfs directory [ 610.851030][T22090] netlink: 56 bytes leftover after parsing attributes in process `syz.8.7040'. [ 611.440032][ T5490] 8021q: adding VLAN 0 to HW filter on device eth21 [ 612.343736][ T764] IPVS: stopping master sync thread 6145 ... [ 613.970132][ T5490] 8021q: adding VLAN 0 to HW filter on device eth22 [ 613.978288][T22158] netlink: 128 bytes leftover after parsing attributes in process `syz.8.7063'. [ 614.243992][T22163] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 614.322886][T22164] input: syz1 as /devices/virtual/input/input42 [ 614.360011][T22167] Attempt to restore checkpoint with obsolete wellknown handles [ 615.449378][ T764] hsr_slave_0: left promiscuous mode [ 615.489442][ T764] hsr_slave_1: left promiscuous mode [ 615.493460][ T764] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 615.493489][ T764] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 615.540861][ T764] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 615.540881][ T764] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 615.621754][ T764] veth1_macvtap: left promiscuous mode [ 615.621814][ T764] veth0_macvtap: left promiscuous mode [ 615.621972][ T764] veth1_vlan: left promiscuous mode [ 615.622074][ T764] veth0_vlan: left promiscuous mode [ 616.452980][ T764] team0 (unregistering): Port device team_slave_1 removed [ 616.490181][ T764] team0 (unregistering): Port device team_slave_0 removed [ 616.666298][T21864] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 616.723565][T21864] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 616.840789][T21864] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 617.056203][T21864] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 617.075252][T21864] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 617.176054][T21864] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 617.189426][T21864] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 617.229052][T21864] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 617.532354][T22227] netlink: 20 bytes leftover after parsing attributes in process `syz.8.7085'. [ 617.734796][T21864] 8021q: adding VLAN 0 to HW filter on device bond0 [ 617.822118][T21864] 8021q: adding VLAN 0 to HW filter on device team0 [ 617.860834][ T1189] bridge0: port 1(bridge_slave_0) entered blocking state [ 617.861138][ T1189] bridge0: port 1(bridge_slave_0) entered forwarding state [ 618.405577][T22245] netlink: 16 bytes leftover after parsing attributes in process `syz.7.7094'. [ 618.737820][ T5490] 8021q: adding VLAN 0 to HW filter on device eth23 [ 618.854383][ T1462] bridge0: port 2(bridge_slave_1) entered blocking state [ 618.854600][ T1462] bridge0: port 2(bridge_slave_1) entered forwarding state [ 619.165819][ T764] IPVS: stop unused estimator thread 0... [ 619.967247][T21864] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 620.667530][ T5490] 8021q: adding VLAN 0 to HW filter on device eth24 [ 620.855238][T22309] program syz.6.7112 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 621.015843][T21864] veth0_vlan: entered promiscuous mode [ 621.061294][T21864] veth1_vlan: entered promiscuous mode [ 621.169697][T22312] IPVS: persistence engine module ip_vs_pe_ not found [ 621.233134][T21864] veth0_macvtap: entered promiscuous mode [ 621.259127][T21864] veth1_macvtap: entered promiscuous mode [ 621.298272][T22319] netlink: 'syz.6.7114': attribute type 9 has an invalid length. [ 621.298292][T22319] netlink: 212368 bytes leftover after parsing attributes in process `syz.6.7114'. [ 621.345329][T21864] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 621.408675][T21864] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 621.456145][ T1462] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 621.456414][ T1462] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 621.456451][ T1462] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 621.456482][ T1462] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 622.032617][T22334] netlink: 12 bytes leftover after parsing attributes in process `syz.7.7117'. [ 622.032643][T22334] netlink: 12 bytes leftover after parsing attributes in process `syz.7.7117'. [ 622.786280][ T1189] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 622.786299][ T1189] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 622.918217][T22348] netlink: 'syz.8.7122': attribute type 83 has an invalid length. [ 622.951246][ T1423] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 622.951265][ T1423] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 624.091599][T22380] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7136'. [ 624.448077][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.448175][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.074706][ T38] audit: type=1326 audit(2000055614.544:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22384 comm="syz.9.7138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd19d3cc819 code=0x7fc00000 [ 625.232406][T22398] tipc: Started in network mode [ 625.232433][T22398] tipc: Node identity ac14140f, cluster identity 4711 [ 625.232715][T22398] tipc: New replicast peer: 255.255.255.255 [ 625.274792][T22398] tipc: Enabled bearer , priority 10 [ 625.290124][T22398] netlink: 12 bytes leftover after parsing attributes in process `syz.9.7142'. [ 625.290148][T22398] tipc: Disabling bearer [ 625.666332][T22413] netlink: 'syz.7.7157': attribute type 8 has an invalid length. [ 625.822010][T22418] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 626.208498][T22437] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 626.446227][T22447] netlink: 36 bytes leftover after parsing attributes in process `syz.8.7163'. [ 627.794235][T22470] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 627.794404][T22470] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 627.794586][T22470] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 627.794875][T22470] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 627.854629][T22470] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 627.933656][T22470] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 627.933757][T22470] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 627.996016][T22470] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 628.172179][T22484] netlink: 48 bytes leftover after parsing attributes in process `syz.9.7179'. [ 628.298273][T22489] netlink: 8 bytes leftover after parsing attributes in process `syz.8.7182'. [ 629.338206][T22517] netlink: 36 bytes leftover after parsing attributes in process `syz.9.7197'. [ 629.799533][ T5827] Bluetooth: hci1: command 0x0c1a tx timeout [ 629.819335][T21332] Bluetooth: hci0: command 0x0c1a tx timeout [ 629.961179][ T5827] Bluetooth: hci3: command 0x0c1a tx timeout [ 630.118889][ T1502] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 630.162572][T21332] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 630.231024][T21332] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 630.249810][T21332] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 630.275281][T21332] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 630.278888][T21332] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 631.005940][ T1502] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 631.705804][ T1502] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 631.882934][T21332] Bluetooth: hci1: command 0x0c1a tx timeout [ 631.921134][T22572] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7219'. [ 632.040337][T21332] Bluetooth: hci3: command 0x0c1a tx timeout [ 632.374419][T21332] Bluetooth: hci2: command tx timeout [ 632.378637][T22582] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7222'. [ 632.785529][ T1502] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 632.879846][T22530] chnl_net:caif_netlink_parms(): no params data found [ 633.432218][T22530] bridge0: port 1(bridge_slave_0) entered blocking state [ 633.443072][T22530] bridge0: port 1(bridge_slave_0) entered disabled state [ 633.443377][T22530] bridge_slave_0: entered allmulticast mode [ 633.479736][T22530] bridge_slave_0: entered promiscuous mode [ 633.538761][T22530] bridge0: port 2(bridge_slave_1) entered blocking state [ 633.539053][T22530] bridge0: port 2(bridge_slave_1) entered disabled state [ 633.554388][T22530] bridge_slave_1: entered allmulticast mode [ 633.557598][T22530] bridge_slave_1: entered promiscuous mode [ 633.947262][T22530] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 633.959425][T21332] Bluetooth: hci1: command 0x0c1a tx timeout [ 633.967216][T22530] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 634.024104][T22635] loop9: detected capacity change from 0 to 524287936 [ 634.119766][T21332] Bluetooth: hci3: command 0x0c1a tx timeout [ 634.439471][T21332] Bluetooth: hci2: command tx timeout [ 635.261543][T22530] team0: Port device team_slave_0 added [ 635.399041][T22530] team0: Port device team_slave_1 added [ 635.765464][T22530] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 635.765479][T22530] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 635.765503][T22530] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 635.768530][T22530] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 635.768544][T22530] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 635.768569][T22530] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 636.443936][ T1502] bridge_slave_1: left allmulticast mode [ 636.443962][ T1502] bridge_slave_1: left promiscuous mode [ 636.444356][ T1502] bridge0: port 2(bridge_slave_1) entered disabled state [ 636.519438][T21332] Bluetooth: hci2: command tx timeout [ 636.539483][ T1502] bridge_slave_0: left promiscuous mode [ 636.657381][ T1502] bridge0: port 1(bridge_slave_0) entered disabled state [ 636.722721][T22703] netlink: 92 bytes leftover after parsing attributes in process `syz.8.7259'. [ 638.321328][ T1502] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 638.400073][ T1502] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 638.421746][ T1502] bond0 (unregistering): Released all slaves [ 638.481162][T22731] tipc: Started in network mode [ 638.481191][T22731] tipc: Node identity ac14140f, cluster identity 4711 [ 638.486334][T22731] tipc: New replicast peer: 255.255.255.255 [ 638.487708][T22731] tipc: Enabled bearer , priority 10 [ 638.536330][T22530] hsr_slave_0: entered promiscuous mode [ 638.589390][T22530] hsr_slave_1: entered promiscuous mode [ 638.593144][T22530] debugfs: 'hsr0' already exists in 'hsr' [ 638.593169][T22530] Cannot create hsr debugfs directory [ 638.668279][T21332] Bluetooth: hci2: command tx timeout [ 638.702165][ T38] audit: type=1326 audit(2000055629.158:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22743 comm="syz.7.7277" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa04cf8c819 code=0x0 [ 638.824002][ T1502] tipc: Left network mode [ 639.168753][T22756] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 639.409530][T22768] netlink: 8 bytes leftover after parsing attributes in process `syz.8.7284'. [ 639.854533][ T10] tipc: Node number set to 2886997007 [ 640.939614][ T1502] hsr_slave_0: left promiscuous mode [ 640.981671][ T1502] hsr_slave_1: left promiscuous mode [ 640.982912][ T1502] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 640.982936][ T1502] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 641.040089][ T1502] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 641.040116][ T1502] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 641.134362][ T1502] veth1_macvtap: left promiscuous mode [ 641.134449][ T1502] veth0_macvtap: left promiscuous mode [ 641.134609][ T1502] veth1_vlan: left promiscuous mode [ 641.134666][ T1502] veth0_vlan: left promiscuous mode [ 642.059857][ T1502] team0 (unregistering): Port device team_slave_1 removed [ 642.099857][ T1502] team0 (unregistering): Port device team_slave_0 removed [ 642.269463][ T32] usb 10-1: new full-speed USB device number 2 using dummy_hcd [ 642.447681][ T32] usb 10-1: too many endpoints for config 0 interface 0 altsetting 2: 254, using maximum allowed: 30 [ 642.447726][ T32] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 642.447752][ T32] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 642.447773][ T32] usb 10-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 642.447798][ T32] usb 10-1: config 0 interface 0 has no altsetting 0 [ 642.447832][ T32] usb 10-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00 [ 642.447854][ T32] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 642.531766][ T32] usb 10-1: config 0 descriptor?? [ 643.025161][ T32] ryos 0003:1E7D:3138.003E: unknown main item tag 0x0 [ 643.025196][ T32] ryos 0003:1E7D:3138.003E: unknown main item tag 0x0 [ 643.025224][ T32] ryos 0003:1E7D:3138.003E: unknown main item tag 0x0 [ 643.025250][ T32] ryos 0003:1E7D:3138.003E: unknown main item tag 0x0 [ 643.025276][ T32] ryos 0003:1E7D:3138.003E: unknown main item tag 0x0 [ 643.066067][ T32] ryos 0003:1E7D:3138.003E: hidraw0: USB HID v0.00 Device [HID 1e7d:3138] on usb-dummy_hcd.9-1/input0 [ 643.292098][ T5832] usb 10-1: USB disconnect, device number 2 [ 643.506361][T22834] fido_id[22834]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.9/usb10/report_descriptor': No such file or directory [ 643.878123][T22844] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 643.878251][T22844] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off. [ 643.878776][T22844] overlayfs: failed to set uuid (235/file0, err=-13); falling back to uuid=null. [ 645.143571][ T5490] 8021q: adding VLAN 0 to HW filter on device eth25 [ 648.533441][T22961] netlink: 256 bytes leftover after parsing attributes in process `syz.9.7349'. [ 649.458880][T22530] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 649.501088][T22530] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 649.502356][T22530] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 649.546992][T22530] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 649.547801][T22530] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 649.652113][T22997] netlink: 8 bytes leftover after parsing attributes in process `syz.8.7357'. [ 649.683451][T22530] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 649.738437][T22530] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 649.886041][T23002] Invalid ELF header len 16 [ 649.917824][T22530] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 650.017964][T23010] loop2: detected capacity change from 0 to 7 [ 650.073111][T23010] Dev loop2: unable to read RDB block 7 [ 650.073155][T23010] loop2: unable to read partition table [ 650.073359][T23010] loop2: partition table beyond EOD, truncated [ 650.073394][T23010] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 650.458295][T22530] 8021q: adding VLAN 0 to HW filter on device bond0 [ 650.597617][T22530] 8021q: adding VLAN 0 to HW filter on device team0 [ 650.625503][ T1502] bridge0: port 1(bridge_slave_0) entered blocking state [ 650.625695][ T1502] bridge0: port 1(bridge_slave_0) entered forwarding state [ 650.746057][ T1462] bridge0: port 2(bridge_slave_1) entered blocking state [ 650.746219][ T1462] bridge0: port 2(bridge_slave_1) entered forwarding state [ 650.977996][T23036] netlink: 64 bytes leftover after parsing attributes in process `syz.9.7372'. [ 651.736271][T22530] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 652.260513][T22530] veth0_vlan: entered promiscuous mode [ 652.381902][T22530] veth1_vlan: entered promiscuous mode [ 652.525038][T22530] veth0_macvtap: entered promiscuous mode [ 652.567403][T22530] veth1_macvtap: entered promiscuous mode [ 652.690764][T22530] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 652.720989][T22530] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 652.762390][ T1502] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 652.765513][ T1502] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 652.765559][ T1502] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 652.765592][ T1502] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 654.538896][ T1502] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 654.538914][ T1502] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 654.994649][ T1189] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 654.994669][ T1189] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 655.361103][T23115] Attempt to restore checkpoint with obsolete wellknown handles [ 656.394865][T23149] overlayfs: conflicting options: nfs_export=on,metacopy=on [ 656.467789][ C1] sd 0:0:1:0: [sda] tag#4846 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 656.467844][ C1] sd 0:0:1:0: [sda] tag#4846 CDB: Write(6) 0a 00 00 00 00 00 00 00 fe 80 00 00 [ 658.129625][T23206] netlink: 16 bytes leftover after parsing attributes in process `syz.9.7445'. [ 660.619373][T23286] netlink: 26332 bytes leftover after parsing attributes in process `syz.8.7480'. [ 660.732845][T23292] program syz.7.7483 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 661.709403][T18370] usb 10-1: new high-speed USB device number 3 using dummy_hcd [ 661.931499][T18370] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 661.931532][T18370] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 661.931558][T18370] usb 10-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 661.931571][T18370] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 661.934630][T18370] usb 10-1: config 0 descriptor?? [ 662.403278][T18370] hid-led 0003:27B8:01ED.003F: unknown main item tag 0x0 [ 662.403318][T18370] hid-led 0003:27B8:01ED.003F: unknown main item tag 0x0 [ 662.403343][T18370] hid-led 0003:27B8:01ED.003F: unknown main item tag 0x0 [ 662.403369][T18370] hid-led 0003:27B8:01ED.003F: unknown main item tag 0x0 [ 662.403393][T18370] hid-led 0003:27B8:01ED.003F: unknown main item tag 0x0 [ 662.558170][T18370] hid-led 0003:27B8:01ED.003F: probe with driver hid-led failed with error -71 [ 662.607498][T18370] usb 10-1: USB disconnect, device number 3 [ 663.168063][T23355] program syz.6.7513 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 663.619455][T18370] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 663.728582][T23377] netlink: 48 bytes leftover after parsing attributes in process `syz.6.7521'. [ 663.780630][T18370] usb 9-1: Using ep0 maxpacket: 16 [ 663.784199][T18370] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 663.784268][T18370] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 663.784297][T18370] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 663.784319][T18370] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 663.784341][T18370] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 663.785511][T18370] usb 9-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 663.785545][T18370] usb 9-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 663.785565][T18370] usb 9-1: Manufacturer: syz [ 663.804180][T18370] usb 9-1: config 0 descriptor?? [ 664.140015][T18370] rc_core: IR keymap rc-hauppauge not found [ 664.140036][T18370] Registered IR keymap rc-empty [ 664.144410][T18370] mceusb 9-1:0.0: Error: mce write submit urb error = -90 [ 664.163685][T18370] mceusb 9-1:0.0: Error: mce write submit urb error = -90 [ 664.185149][T18370] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/rc/rc0 [ 664.197236][T18370] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/rc/rc0/input43 [ 664.220318][T18370] mceusb 9-1:0.0: Error: mce write submit urb error = -90 [ 664.246292][T18370] mceusb 9-1:0.0: Error: mce write submit urb error = -90 [ 664.259761][T18370] mceusb 9-1:0.0: Error: mce write submit urb error = -90 [ 664.280047][T18370] mceusb 9-1:0.0: Error: mce write submit urb error = -90 [ 664.310074][T18370] mceusb 9-1:0.0: Error: mce write submit urb error = -90 [ 664.331761][T18370] mceusb 9-1:0.0: Error: mce write submit urb error = -90 [ 664.364564][T18370] mceusb 9-1:0.0: Error: mce write submit urb error = -90 [ 664.389746][T18370] mceusb 9-1:0.0: Error: mce write submit urb error = -90 [ 664.419540][T18370] mceusb 9-1:0.0: Error: mce write submit urb error = -90 [ 664.442766][T18370] mceusb 9-1:0.0: Error: mce write submit urb error = -90 [ 664.469493][T18370] mceusb 9-1:0.0: Error: mce write submit urb error = -90 [ 664.517176][T18370] mceusb 9-1:0.0: Registered with mce emulator interface version 1 [ 664.517200][T18370] mceusb 9-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 664.552514][T18370] usb 9-1: USB disconnect, device number 4 [ 665.864484][T23421] netlink: 128 bytes leftover after parsing attributes in process `syz.9.7539'. [ 666.133429][T23433] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 666.204232][T23433] overlayfs: NFS export requires an index dir, falling back to nfs_export=off. [ 666.768792][T23453] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7553'. [ 666.785196][T23453] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7553'. [ 667.117671][T23462] netlink: 4768 bytes leftover after parsing attributes in process `syz.8.7558'. [ 668.122378][T23492] netlink: 12 bytes leftover after parsing attributes in process `syz.6.7570'. [ 668.153251][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 668.544996][T23501] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7574'. [ 668.749389][ T5892] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 668.778491][T23503] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7576'. [ 668.919501][ T5892] usb 9-1: Using ep0 maxpacket: 16 [ 668.921953][ T5892] usb 9-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 668.921987][ T5892] usb 9-1: config 0 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 25 [ 668.922014][ T5892] usb 9-1: config 0 interface 0 has no altsetting 0 [ 668.922048][ T5892] usb 9-1: New USB device found, idVendor=046d, idProduct=c50c, bcdDevice= 0.00 [ 668.922072][ T5892] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 668.992117][ T5892] usb 9-1: config 0 descriptor?? [ 669.474517][ T5892] logitech 0003:046D:C50C.0040: unknown main item tag 0x0 [ 669.474555][ T5892] logitech 0003:046D:C50C.0040: unknown main item tag 0x0 [ 669.474581][ T5892] logitech 0003:046D:C50C.0040: unknown main item tag 0x0 [ 669.474606][ T5892] logitech 0003:046D:C50C.0040: unknown main item tag 0x0 [ 669.474632][ T5892] logitech 0003:046D:C50C.0040: unknown main item tag 0x0 [ 669.474657][ T5892] logitech 0003:046D:C50C.0040: unknown main item tag 0x0 [ 669.474683][ T5892] logitech 0003:046D:C50C.0040: unknown main item tag 0x0 [ 669.474708][ T5892] logitech 0003:046D:C50C.0040: unknown main item tag 0x0 [ 669.474734][ T5892] logitech 0003:046D:C50C.0040: unknown main item tag 0x0 [ 669.474759][ T5892] logitech 0003:046D:C50C.0040: unknown main item tag 0x0 [ 669.561275][ T5892] logitech 0003:046D:C50C.0040: hidraw0: USB HID v0.08 Device [HID 046d:c50c] on usb-dummy_hcd.8-1/input0 [ 669.648341][T18370] usb 9-1: USB disconnect, device number 5 [ 669.760645][T23521] fido_id[23521]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/9-1/report_descriptor': No such file or directory [ 669.985481][T23531] netlink: 14478 bytes leftover after parsing attributes in process `syz.7.7585'. [ 670.251839][T23535] bridge0: port 3(veth1_macvtap) entered blocking state [ 670.269883][T23535] bridge0: port 3(veth1_macvtap) entered disabled state [ 670.302241][T23535] veth1_macvtap: entered allmulticast mode [ 670.356336][T23535] veth1_macvtap: left allmulticast mode [ 670.538782][T23543] vxcan0: tx address claim with dlc 0 [ 670.857002][T23552] netlink: 56 bytes leftover after parsing attributes in process `syz.9.7595'. [ 671.169443][T18370] usb 10-1: new high-speed USB device number 4 using dummy_hcd [ 671.232940][T23563] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7600'. [ 671.367506][T23565] tipc: Started in network mode [ 671.367537][T23565] tipc: Node identity ac14140f, cluster identity 4711 [ 671.367984][T23565] tipc: New replicast peer: 255.255.255.255 [ 671.369749][T18370] usb 10-1: Using ep0 maxpacket: 16 [ 671.371595][T18370] usb 10-1: config 1 has an invalid interface number: 105 but max is 0 [ 671.371618][T18370] usb 10-1: config 1 has no interface number 0 [ 671.371659][T18370] usb 10-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 671.371684][T18370] usb 10-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 671.371706][T18370] usb 10-1: config 1 interface 105 has no altsetting 0 [ 671.374926][T18370] usb 10-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 671.374952][T18370] usb 10-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 671.374971][T18370] usb 10-1: Product: syz [ 671.374984][T18370] usb 10-1: Manufacturer: syz [ 671.374999][T18370] usb 10-1: SerialNumber: syz [ 671.406722][T23557] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 671.407237][T23557] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 671.487746][T23565] tipc: Enabled bearer , priority 10 [ 671.827386][T23557] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 671.827571][T23557] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 672.110938][ T10] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 672.230563][T18370] aqc111 10-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 672.231058][T18370] aqc111 10-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 672.231532][T18370] aqc111 10-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 672.275578][ T10] usb 9-1: Using ep0 maxpacket: 16 [ 672.301068][T21332] Bluetooth: hci1: Malformed LE Event: 0x0d [ 672.305090][ T10] usb 9-1: unable to get BOS descriptor or descriptor too short [ 672.305977][ T10] usb 9-1: unable to read config index 0 descriptor/start: -71 [ 672.306008][ T10] usb 9-1: can't read configurations, error -71 [ 672.411380][T18370] aqc111 10-1:1.105 eth25: register 'aqc111' at usb-dummy_hcd.9-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 86:64:0f:54:12:72 [ 672.419431][T18370] usb 10-1: USB disconnect, device number 4 [ 672.436625][T18370] aqc111 10-1:1.105 eth25: unregister 'aqc111' usb-dummy_hcd.9-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter [ 672.613389][ T5814] tipc: Node number set to 2886997007 [ 672.714065][T18370] aqc111 10-1:1.105 eth25 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 672.714201][T18370] aqc111 10-1:1.105 eth25 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 672.714329][T18370] aqc111 10-1:1.105 eth25 (unregistered): Failed to write(0x61) reg index 0x0000: -19 [ 672.960817][T23589] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 672.995409][T23589] overlayfs: NFS export requires an index dir, falling back to nfs_export=off. [ 673.332957][T23601] bridge0: port 3(veth1_macvtap) entered blocking state [ 673.346171][T23601] bridge0: port 3(veth1_macvtap) entered disabled state [ 673.346462][T23601] veth1_macvtap: entered allmulticast mode [ 673.436985][T23605] netlink: 36 bytes leftover after parsing attributes in process `syz.8.7621'. [ 673.453068][T23605] netlink: 220 bytes leftover after parsing attributes in process `syz.8.7621'. [ 673.506068][T23601] veth1_macvtap: left allmulticast mode [ 673.545972][T23610] netlink: 'syz.8.7623': attribute type 2 has an invalid length. [ 673.545992][T23610] netlink: 4 bytes leftover after parsing attributes in process `syz.8.7623'. [ 674.474846][T23640] blkio.reset_stats is deprecated [ 675.159743][T23666] netlink: 24 bytes leftover after parsing attributes in process `syz.7.7648'. [ 675.706333][T23688] netlink: 12 bytes leftover after parsing attributes in process `syz.7.7659'. [ 675.762011][T23692] netlink: 12 bytes leftover after parsing attributes in process `syz.6.7661'. [ 676.088851][T23708] netlink: 36 bytes leftover after parsing attributes in process `syz.9.7668'. [ 676.113207][T23708] netlink: 220 bytes leftover after parsing attributes in process `syz.9.7668'. [ 681.364464][T23812] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7716'. [ 681.627854][T23818] netlink: 'syz.8.7719': attribute type 8 has an invalid length. [ 681.627874][T23818] netlink: 48 bytes leftover after parsing attributes in process `syz.8.7719'. [ 681.876944][T23824] bridge0: port 2(bridge_slave_1) entered disabled state [ 682.062478][T23824] bridge0: port 1(bridge_slave_0) entered disabled state [ 685.144916][T23907] netlink: 'syz.7.7761': attribute type 8 has an invalid length. [ 685.144937][T23907] netlink: 48 bytes leftover after parsing attributes in process `syz.7.7761'. [ 685.893899][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.893987][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.527241][T23945] netlink: 8 bytes leftover after parsing attributes in process `syz.8.7778'. [ 687.012308][T23953] netlink: 28 bytes leftover after parsing attributes in process `syz.7.7782'. [ 687.354392][T23961] netlink: 12 bytes leftover after parsing attributes in process `syz.8.7787'. [ 688.237166][T23973] bridge0: port 2(bridge_slave_1) entered disabled state [ 688.244084][T23973] bridge0: port 1(bridge_slave_0) entered disabled state [ 688.809485][T15772] usb 9-1: new full-speed USB device number 8 using dummy_hcd [ 688.962439][T15772] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 688.962461][T15772] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 688.962482][T15772] usb 9-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 688.962494][T15772] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 688.971832][T15772] usb 9-1: config 0 descriptor?? [ 689.411958][T15772] hid_parser_main: 28 callbacks suppressed [ 689.411980][T15772] isku 0003:1E7D:319C.0041: unknown main item tag 0x0 [ 689.412008][T15772] isku 0003:1E7D:319C.0041: unknown main item tag 0x0 [ 689.412035][T15772] isku 0003:1E7D:319C.0041: unknown main item tag 0x0 [ 689.412061][T15772] isku 0003:1E7D:319C.0041: unknown main item tag 0x0 [ 689.412087][T15772] isku 0003:1E7D:319C.0041: unknown main item tag 0x0 [ 689.412111][T15772] isku 0003:1E7D:319C.0041: unknown main item tag 0x0 [ 689.412137][T15772] isku 0003:1E7D:319C.0041: unknown main item tag 0x0 [ 689.419116][T15772] isku 0003:1E7D:319C.0041: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.8-1/input0 [ 689.607374][T15772] isku 0003:1E7D:319C.0041: couldn't init struct isku_device [ 689.607426][T15772] isku 0003:1E7D:319C.0041: couldn't install keyboard [ 689.631330][T15772] isku 0003:1E7D:319C.0041: probe with driver isku failed with error -71 [ 689.686963][T15772] usb 9-1: USB disconnect, device number 8 [ 690.409446][ T5892] usb 9-1: new high-speed USB device number 9 using dummy_hcd [ 690.559983][ T5892] usb 9-1: Using ep0 maxpacket: 8 [ 690.567746][ T5892] usb 9-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 690.567776][ T5892] usb 9-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 690.567797][ T5892] usb 9-1: Product: syz [ 690.567811][ T5892] usb 9-1: Manufacturer: syz [ 690.567824][ T5892] usb 9-1: SerialNumber: syz [ 690.589000][ T5892] usb 9-1: config 0 descriptor?? [ 690.616095][ T5892] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd [ 691.260457][ T5892] input: gspca_zc3xx as /devices/platform/dummy_hcd.8/usb9/9-1/input/input45 [ 691.457984][T21670] usb 9-1: USB disconnect, device number 9 [ 692.326786][T24019] vxcan0: tx address claim with dlc 0 [ 692.434871][ T5827] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 692.481899][T24022] netlink: 56 bytes leftover after parsing attributes in process `syz.6.7809'. [ 692.510689][ T5827] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 692.515582][ T5827] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 692.548231][ T5827] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 692.555166][ T5827] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 693.194822][T24017] chnl_net:caif_netlink_parms(): no params data found [ 693.307999][T24017] bridge0: port 1(bridge_slave_0) entered blocking state [ 693.308219][T24017] bridge0: port 1(bridge_slave_0) entered disabled state [ 693.308383][T24017] bridge_slave_0: entered allmulticast mode [ 693.332122][T24017] bridge_slave_0: entered promiscuous mode [ 693.341723][T24017] bridge0: port 2(bridge_slave_1) entered blocking state [ 693.341986][T24017] bridge0: port 2(bridge_slave_1) entered disabled state [ 693.342148][T24017] bridge_slave_1: entered allmulticast mode [ 693.343997][T24017] bridge_slave_1: entered promiscuous mode [ 693.436127][T24017] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 693.445785][T24017] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 693.513379][T24017] team0: Port device team_slave_0 added [ 693.520301][T24017] team0: Port device team_slave_1 added [ 693.558179][T24017] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 693.558196][T24017] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 693.558220][T24017] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 693.563333][T24017] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 693.563347][T24017] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 693.563372][T24017] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 693.665027][T24017] hsr_slave_0: entered promiscuous mode [ 693.666386][T24017] hsr_slave_1: entered promiscuous mode [ 693.667357][T24017] debugfs: 'hsr0' already exists in 'hsr' [ 693.667379][T24017] Cannot create hsr debugfs directory [ 694.179935][T21670] usb 9-1: new high-speed USB device number 10 using dummy_hcd [ 694.346269][T21670] usb 9-1: Using ep0 maxpacket: 32 [ 694.353234][T21670] usb 9-1: config 0 has an invalid interface number: 51 but max is 0 [ 694.353259][T21670] usb 9-1: config 0 has no interface number 0 [ 694.355542][T21670] usb 9-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 694.355569][T21670] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 694.355587][T21670] usb 9-1: Product: syz [ 694.355600][T21670] usb 9-1: Manufacturer: syz [ 694.355613][T21670] usb 9-1: SerialNumber: syz [ 694.376059][T21670] usb 9-1: config 0 descriptor?? [ 694.382837][T21670] quatech2 9-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 694.599741][T21332] Bluetooth: hci4: command tx timeout [ 694.802268][T21670] usb 9-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 694.830652][T24041] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 694.853152][T24041] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 694.916656][T21670] usb 9-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 695.123691][ C1] usb 9-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 695.129426][ T5892] usb 9-1: USB disconnect, device number 10 [ 695.203321][ T5892] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 695.221421][T24067] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7822'. [ 695.225358][ T5892] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 695.227098][ T5892] quatech2 9-1:0.51: device disconnected [ 695.253937][T24067] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7822'. [ 696.684554][T21332] Bluetooth: hci4: command tx timeout [ 697.040852][T21670] IPVS: starting estimator thread 0... [ 697.299484][T24109] IPVS: using max 16 ests per chain, 38400 per kthread [ 697.332319][T24115] netlink: 4 bytes leftover after parsing attributes in process `syz.8.7839'. [ 697.616170][T24124] netlink: 16 bytes leftover after parsing attributes in process `syz.8.7841'. [ 698.760773][T21332] Bluetooth: hci4: command tx timeout [ 699.606876][T24189] program syz.6.7861 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 699.776094][T24193] netlink: 7986 bytes leftover after parsing attributes in process `syz.7.7862'. [ 700.407817][T24017] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 700.476370][T24017] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 700.488214][T24017] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 700.545637][T24017] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 700.581663][T24017] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 700.750856][T24017] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 700.751170][T24227] netlink: 128 bytes leftover after parsing attributes in process `syz.7.7872'. [ 700.754757][T24017] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 700.843434][T21332] Bluetooth: hci4: command tx timeout [ 700.878994][T24017] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 701.524299][T24017] 8021q: adding VLAN 0 to HW filter on device bond0 [ 701.637918][T24017] 8021q: adding VLAN 0 to HW filter on device team0 [ 701.712644][T23084] bridge0: port 1(bridge_slave_0) entered blocking state [ 701.712896][T23084] bridge0: port 1(bridge_slave_0) entered forwarding state [ 701.786047][T22174] bridge0: port 2(bridge_slave_1) entered blocking state [ 701.786204][T22174] bridge0: port 2(bridge_slave_1) entered forwarding state [ 702.923059][T24292] program syz.7.7889 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 703.638339][T24017] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 704.077776][T24017] veth0_vlan: entered promiscuous mode [ 704.364133][T24017] veth1_vlan: entered promiscuous mode [ 704.576592][T24334] netlink: 190972 bytes leftover after parsing attributes in process `syz.6.7902'. [ 704.716633][T24017] veth0_macvtap: entered promiscuous mode [ 704.765452][T24017] veth1_macvtap: entered promiscuous mode [ 704.815992][T24017] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 704.935225][T24017] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 705.087938][ T1502] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 705.105097][ T1502] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 705.119096][ T1502] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 705.157532][ T1502] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 706.793593][T22174] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 706.793613][T22174] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 707.222195][T20587] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 707.222213][T20587] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 707.995897][T24407] nbd0: detected capacity change from 0 to 127 [ 708.026868][T21332] block nbd0: Receive control failed (result -104) [ 710.240695][T18370] IPVS: starting estimator thread 0... [ 710.329492][T24491] IPVS: using max 8 ests per chain, 19200 per kthread [ 710.628475][T24498] nbd1: detected capacity change from 0 to 127 [ 710.636192][T10519] udevd[10519]: inotify_add_watch(7, /dev/nbd1, 10) failed: No such file or directory [ 710.646088][T21332] block nbd1: Receive control failed (result -32) [ 711.243504][T24520] netlink: 48 bytes leftover after parsing attributes in process `syz.7.7960'. [ 711.362763][ T99] block nbd0: Connection timed out, retrying (0/1 alive) [ 711.375256][ T99] block nbd0: Connection timed out, retrying (0/1 alive) [ 711.375330][ T99] block nbd0: Connection timed out, retrying (0/1 alive) [ 711.375373][ T99] block nbd0: Connection timed out, retrying (0/1 alive) [ 711.376141][ T99] block nbd0: Dead connection, failed to find a fallback [ 711.376159][ T99] block nbd0: shutting down sockets [ 711.376299][ T99] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 711.376325][ T99] buffer_io_error: 14 callbacks suppressed [ 711.376336][ T99] Buffer I/O error on dev nbd0, logical block 3, async page read [ 711.376550][ T99] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 711.376571][ T99] Buffer I/O error on dev nbd0, logical block 2, async page read [ 711.376641][ T99] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 711.376662][ T99] Buffer I/O error on dev nbd0, logical block 1, async page read [ 711.376723][ T99] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 711.376742][ T99] Buffer I/O error on dev nbd0, logical block 0, async page read [ 711.406979][T21779] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 711.407011][T21779] Buffer I/O error on dev nbd0, logical block 0, async page read [ 711.407374][T21779] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 711.407395][T21779] Buffer I/O error on dev nbd0, logical block 1, async page read [ 711.407525][T21779] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 711.407546][T21779] Buffer I/O error on dev nbd0, logical block 2, async page read [ 711.407680][T21779] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 711.407701][T21779] Buffer I/O error on dev nbd0, logical block 3, async page read [ 711.407847][T21779] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 711.407868][T21779] Buffer I/O error on dev nbd0, logical block 0, async page read [ 711.439485][T21779] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 711.439515][T21779] Buffer I/O error on dev nbd0, logical block 1, async page read [ 711.719657][T21779] ldm_validate_partition_table(): Disk read failed. [ 711.733483][T21779] Dev nbd0: unable to read RDB block 0 [ 711.748437][T21779] nbd0: unable to read partition table [ 711.863818][T21779] ldm_validate_partition_table(): Disk read failed. [ 711.897438][T21779] Dev nbd0: unable to read RDB block 0 [ 711.908737][T21779] nbd0: unable to read partition table [ 712.219834][ T5891] usb 3-1: new full-speed USB device number 15 using dummy_hcd [ 712.375326][ T5891] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 712.375362][ T5891] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 712.375385][ T5891] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 712.375426][ T5891] usb 3-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00 [ 712.375449][ T5891] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 712.444339][ T5891] usb 3-1: config 0 descriptor?? [ 712.563647][T24559] netlink: 48 bytes leftover after parsing attributes in process `syz.8.7971'. [ 712.835021][T24561] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 712.894655][T24561] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 712.894818][T24561] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 712.894966][T24561] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 712.895054][T24561] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 712.906116][ T5891] hid-multitouch 0003:0457:07DA.0042: unknown main item tag 0x2 [ 712.906196][ T5891] hid-multitouch 0003:0457:07DA.0042: unknown main item tag 0x1 [ 712.906224][ T5891] hid-multitouch 0003:0457:07DA.0042: unknown main item tag 0x1 [ 712.906250][ T5891] hid-multitouch 0003:0457:07DA.0042: unknown main item tag 0x0 [ 712.906274][ T5891] hid-multitouch 0003:0457:07DA.0042: unknown main item tag 0x0 [ 712.906390][ T5891] hid-multitouch 0003:0457:07DA.0042: unknown main item tag 0x0 [ 712.906421][ T5891] hid-multitouch 0003:0457:07DA.0042: unknown main item tag 0x0 [ 712.958683][ T5891] hid-multitouch 0003:0457:07DA.0042: hidraw0: USB HID v0.00 Device [HID 0457:07da] on usb-dummy_hcd.2-1/input0 [ 713.093931][ T32] usb 3-1: USB disconnect, device number 15 [ 713.252017][T24561] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 713.254342][T24568] fido_id[24568]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 713.370667][T24561] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 713.373947][T24561] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 713.534774][T24561] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 714.271396][ T5891] IPVS: starting estimator thread 0... [ 714.382243][T24601] IPVS: using max 11 ests per chain, 26400 per kthread [ 714.745394][T24615] netlink: 65039 bytes leftover after parsing attributes in process `syz.7.7994'. [ 714.762152][T21332] Bluetooth: hci0: command 0x0c1a tx timeout [ 714.930533][T21332] Bluetooth: hci2: command 0x0c1a tx timeout [ 714.930762][T21332] Bluetooth: hci3: command 0x0c1a tx timeout [ 714.930789][T21332] Bluetooth: hci1: command 0x0c1a tx timeout [ 715.399364][ T5827] Bluetooth: hci4: command 0x0c1a tx timeout [ 715.503516][T24647] netlink: 65039 bytes leftover after parsing attributes in process `syz.6.8007'. [ 715.719623][ T10] usb 9-1: new high-speed USB device number 11 using dummy_hcd [ 715.872619][ T10] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 715.872653][ T10] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 715.872689][ T10] usb 9-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 715.872711][ T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 715.896669][ T10] usb 9-1: config 0 descriptor?? [ 716.330546][ T10] pyra 0003:1E7D:2CF6.0043: unbalanced delimiter at end of report description [ 716.331121][ T10] pyra 0003:1E7D:2CF6.0043: parse failed [ 716.331180][ T10] pyra 0003:1E7D:2CF6.0043: probe with driver pyra failed with error -22 [ 716.409766][T24665] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 716.428172][T24665] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 716.428432][T24665] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 716.428680][T24665] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 716.429015][T24665] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 716.533986][ T32] usb 9-1: USB disconnect, device number 11 [ 716.869409][T18370] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 717.039566][T18370] usb 3-1: Using ep0 maxpacket: 16 [ 717.041556][T18370] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 226 [ 717.043851][T18370] usb 3-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 717.043878][T18370] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 717.043890][T18370] usb 3-1: Product: syz [ 717.043897][T18370] usb 3-1: Manufacturer: syz [ 717.043905][T18370] usb 3-1: SerialNumber: syz [ 717.048682][T18370] usb 3-1: config 0 descriptor?? [ 717.054203][T24683] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 717.112968][T18370] hub 3-1:0.0: bad descriptor, ignoring hub [ 717.113002][T18370] hub 3-1:0.0: probe with driver hub failed with error -5 [ 717.143941][T18370] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input46 [ 717.211623][T24697] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 717.211797][T24697] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 717.211986][T24697] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 717.212223][T24697] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 717.212364][T24697] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 717.488865][ C0] usbtouchscreen 3-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -1 [ 717.514739][ T10] usb 3-1: USB disconnect, device number 16 [ 718.333678][T24729] netlink: 132 bytes leftover after parsing attributes in process `syz.2.8042'. [ 718.726584][T24744] pim6reg: entered allmulticast mode [ 718.747585][T24744] pim6reg: left allmulticast mode [ 719.097065][ T5827] Bluetooth: hci0: command 0x0c1a tx timeout [ 719.249519][ T5827] Bluetooth: hci4: command 0x0c1a tx timeout [ 719.249540][T21332] Bluetooth: hci2: command 0x0c1a tx timeout [ 719.249559][ T5827] Bluetooth: hci3: command 0x0c1a tx timeout [ 719.249569][T21332] Bluetooth: hci1: command 0x0c1a tx timeout [ 719.710240][T18370] usb 3-1: new full-speed USB device number 17 using dummy_hcd [ 719.871607][T18370] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 719.871650][T18370] usb 3-1: config 0 has no interface number 0 [ 719.871689][T18370] usb 3-1: config 0 interface 1 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 719.871714][T18370] usb 3-1: config 0 interface 1 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0 [ 719.871735][T18370] usb 3-1: config 0 interface 1 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 719.871759][T18370] usb 3-1: config 0 interface 1 has no altsetting 0 [ 719.872785][T18370] usb 3-1: New USB device found, idVendor=145f, idProduct=0212, bcdDevice= 0.00 [ 719.872810][T18370] usb 3-1: New USB device strings: Mfr=93, Product=0, SerialNumber=0 [ 719.872828][T18370] usb 3-1: Manufacturer: syz [ 719.973166][T18370] usb 3-1: config 0 descriptor?? [ 720.368843][T24768] netlink: 'syz.6.8061': attribute type 4 has an invalid length. [ 720.605186][T18370] uclogic 0003:145F:0212.0044: pen parameters not found [ 720.605213][T18370] uclogic 0003:145F:0212.0044: interface is invalid, ignoring [ 720.740777][T18370] usb 3-1: USB disconnect, device number 17 [ 720.788351][ T5891] kernel read not supported for file /radio0 (pid: 5891 comm: kworker/0:6) [ 721.319414][ T60] Bluetooth: hci4: command 0x0c1a tx timeout [ 721.319433][T21332] Bluetooth: hci2: command 0x0c1a tx timeout [ 722.163999][T24800] netlink: 220 bytes leftover after parsing attributes in process `syz.2.8076'. [ 722.164021][T24800] netlink: 'syz.2.8076': attribute type 2 has an invalid length. [ 723.342944][T24819] netlink: 164 bytes leftover after parsing attributes in process `syz.7.8085'. [ 723.455268][T24823] netlink: 220 bytes leftover after parsing attributes in process `syz.7.8087'. [ 723.455290][T24823] netlink: 'syz.7.8087': attribute type 2 has an invalid length. [ 723.492305][ T5891] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 723.640085][ T5891] usb 3-1: Using ep0 maxpacket: 16 [ 723.661925][ T5891] usb 3-1: unable to get BOS descriptor or descriptor too short [ 723.663385][ T5891] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7 [ 723.675251][ T5891] usb 3-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40 [ 723.675280][ T5891] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 723.675298][ T5891] usb 3-1: Product: syz [ 723.675312][ T5891] usb 3-1: Manufacturer: syz [ 723.675325][ T5891] usb 3-1: SerialNumber: syz [ 723.901808][T24831] netlink: 8 bytes leftover after parsing attributes in process `syz.6.8091'. [ 723.971189][ T5891] usb 3-1: Audio class v2/v3 interfaces need an interface association [ 724.003968][ T5891] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 724.339521][ T5891] usb 3-1: 2:1 : can't get Cluster Descriptor [ 724.566733][T18370] usb 3-1: USB disconnect, device number 18 [ 724.622815][T21779] udevd[21779]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.1/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 725.298325][T24878] netlink: 164 bytes leftover after parsing attributes in process `syz.6.8111'. [ 725.601584][ T32] usb 9-1: new high-speed USB device number 12 using dummy_hcd [ 725.769878][ T32] usb 9-1: Using ep0 maxpacket: 16 [ 725.772024][ T32] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 226 [ 725.774396][ T32] usb 9-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 725.774420][ T32] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 725.774435][ T32] usb 9-1: Product: syz [ 725.774446][ T32] usb 9-1: Manufacturer: syz [ 725.774466][ T32] usb 9-1: SerialNumber: syz [ 725.829584][ T32] usb 9-1: config 0 descriptor?? [ 725.830557][T24880] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22 [ 725.835758][ T32] hub 9-1:0.0: bad descriptor, ignoring hub [ 725.836204][ T32] hub 9-1:0.0: probe with driver hub failed with error -5 [ 725.875729][ T32] input: syz syz as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/input/input47 [ 726.624617][ T998] usb 9-1: USB disconnect, device number 12 [ 727.744586][T24946] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8144'. [ 728.011926][T24954] sctp: [Deprecated]: syz.2.8157 (pid 24954) Use of struct sctp_assoc_value in delayed_ack socket option. [ 728.011926][T24954] Use struct sctp_sack_info instead [ 728.132224][T15772] usb 9-1: new full-speed USB device number 13 using dummy_hcd [ 728.315775][T15772] usb 9-1: config 0 has an invalid interface number: 1 but max is 0 [ 728.315802][T15772] usb 9-1: config 0 has no interface number 0 [ 728.315845][T15772] usb 9-1: config 0 interface 1 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 728.315872][T15772] usb 9-1: config 0 interface 1 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0 [ 728.315894][T15772] usb 9-1: config 0 interface 1 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 728.315919][T15772] usb 9-1: config 0 interface 1 has no altsetting 0 [ 728.317716][T15772] usb 9-1: New USB device found, idVendor=145f, idProduct=0212, bcdDevice= 0.00 [ 728.317744][T15772] usb 9-1: New USB device strings: Mfr=93, Product=0, SerialNumber=0 [ 728.317763][T15772] usb 9-1: Manufacturer: syz [ 728.348892][T15772] usb 9-1: config 0 descriptor?? [ 729.008273][T15772] uclogic 0003:145F:0212.0045: failed retrieving string descriptor #100: -71 [ 729.008309][T15772] uclogic 0003:145F:0212.0045: failed retrieving pen parameters: -71 [ 729.008318][T15772] uclogic 0003:145F:0212.0045: pen probing failed: -71 [ 729.008328][T15772] uclogic 0003:145F:0212.0045: failed probing parameters: -71 [ 729.008386][T15772] uclogic 0003:145F:0212.0045: probe with driver uclogic failed with error -71 [ 729.050502][T15772] usb 9-1: USB disconnect, device number 13 [ 729.155075][T24982] netlink: 64 bytes leftover after parsing attributes in process `syz.7.8162'. [ 729.762775][ T1423] Bluetooth: (null): Invalid header checksum [ 730.305151][T25012] : entered promiscuous mode [ 730.307285][T25013] : left promiscuous mode [ 730.624719][T25030] sctp: [Deprecated]: syz.6.8184 (pid 25030) Use of struct sctp_assoc_value in delayed_ack socket option. [ 730.624719][T25030] Use struct sctp_sack_info instead [ 731.701232][ T5891] usb 9-1: new high-speed USB device number 14 using dummy_hcd [ 731.892019][ T5891] usb 9-1: Using ep0 maxpacket: 16 [ 731.895781][ T5891] usb 9-1: unable to get BOS descriptor or descriptor too short [ 731.896989][ T5891] usb 9-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7 [ 731.900795][ T5891] usb 9-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40 [ 731.900822][ T5891] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 731.900840][ T5891] usb 9-1: Product: syz [ 731.900855][ T5891] usb 9-1: Manufacturer: syz [ 731.900868][ T5891] usb 9-1: SerialNumber: syz [ 732.056723][T25077] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 732.198820][ T5891] usb 9-1: Audio class v2/v3 interfaces need an interface association [ 732.205669][ T5891] snd-usb-audio 9-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 732.239956][T25082] netlink: 40 bytes leftover after parsing attributes in process `syz.2.8210'. [ 732.566785][ T5891] usb 9-1: 2:1 : can't get Cluster Descriptor [ 732.633868][T25093] netlink: 128 bytes leftover after parsing attributes in process `syz.7.8214'. [ 732.633891][T25093] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 732.859595][T25101] netlink: 8 bytes leftover after parsing attributes in process `syz.6.8218'. [ 732.902521][ T5891] usb 9-1: USB disconnect, device number 14 [ 732.948852][T25103] Context (ID=0x0) not attached to queue pair (handle=0x0:0x0) [ 733.185154][T25113] netlink: 56537 bytes leftover after parsing attributes in process `syz.2.8224'. [ 733.288594][T25115] netlink: 92 bytes leftover after parsing attributes in process `syz.6.8225'. [ 733.288616][T25115] netlink: 'syz.6.8225': attribute type 1 has an invalid length. [ 733.312790][T25117] netlink: 16146 bytes leftover after parsing attributes in process `syz.7.8226'. [ 733.462789][T25123] netlink: 'syz.7.8228': attribute type 10 has an invalid length. [ 733.631390][T25123] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 733.654937][T25119] overlayfs: failed to create directory ./file0/work (errno: 22); mounting read-only [ 733.983705][T25138] netlink: 16146 bytes leftover after parsing attributes in process `syz.6.8237'. [ 734.640225][T25162] netlink: 92 bytes leftover after parsing attributes in process `syz.8.8247'. [ 734.640247][T25162] netlink: 'syz.8.8247': attribute type 1 has an invalid length. [ 734.736263][T25168] netlink: 128 bytes leftover after parsing attributes in process `syz.8.8250'. [ 734.736284][T25168] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 735.206762][T25187] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8259'. [ 735.264161][T25185] overlayfs: failed to create directory ./file0/work (errno: 22); mounting read-only [ 736.392486][T25229] netlink: 16 bytes leftover after parsing attributes in process `syz.8.8278'. [ 736.930973][T25250] netlink: 28 bytes leftover after parsing attributes in process `syz.6.8288'. [ 737.106270][T25256] netlink: 'syz.2.8290': attribute type 83 has an invalid length. [ 737.754900][T25290] netlink: 'syz.2.8309': attribute type 2 has an invalid length. [ 737.754922][T25290] netlink: 'syz.2.8309': attribute type 4 has an invalid length. [ 737.998280][T25301] netlink: 16 bytes leftover after parsing attributes in process `syz.6.8313'. [ 738.099373][T18370] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 738.259421][T18370] usb 3-1: Using ep0 maxpacket: 16 [ 738.266835][T18370] usb 3-1: config index 0 descriptor too short (expected 51443, got 18) [ 738.269959][T18370] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 738.269987][T18370] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 738.270006][T18370] usb 3-1: Product: syz [ 738.270019][T18370] usb 3-1: Manufacturer: syz [ 738.270033][T18370] usb 3-1: SerialNumber: syz [ 738.294435][T18370] r8152-cfgselector 3-1: Unknown version 0x0000 [ 738.294458][T18370] r8152-cfgselector 3-1: config 0 descriptor?? [ 738.491785][T25318] netlink: 'syz.7.8319': attribute type 2 has an invalid length. [ 738.491821][T25318] netlink: 'syz.7.8319': attribute type 4 has an invalid length. [ 738.566984][T18370] r8152-cfgselector 3-1: Needed 2 retries to read version [ 738.773849][T15772] r8152-cfgselector 3-1: USB disconnect, device number 19 [ 739.749372][ T32] usb 9-1: new high-speed USB device number 15 using dummy_hcd [ 739.751261][T25366] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 739.902069][ T32] usb 9-1: config 1 has 0 interfaces, different from the descriptor's value: 1 [ 739.905551][ T32] usb 9-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 739.905579][ T32] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 739.905598][ T32] usb 9-1: Product: syz [ 739.905611][ T32] usb 9-1: Manufacturer: syz [ 739.905625][ T32] usb 9-1: SerialNumber: syz [ 739.951700][T25345] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 739.951894][T25345] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 740.164153][T21670] usb 9-1: USB disconnect, device number 15 [ 740.559629][ T5891] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 740.722485][ T5891] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 740.722520][ T5891] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 740.722562][ T5891] usb 3-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00 [ 740.722586][ T5891] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 740.768909][ T5891] usb 3-1: config 0 descriptor?? [ 741.210179][ T5891] kye 0003:0458:0138.0046: unknown main item tag 0x0 [ 741.210216][ T5891] kye 0003:0458:0138.0046: unknown main item tag 0x0 [ 741.210243][ T5891] kye 0003:0458:0138.0046: unknown main item tag 0x0 [ 741.210267][ T5891] kye 0003:0458:0138.0046: unknown main item tag 0x0 [ 741.210291][ T5891] kye 0003:0458:0138.0046: unknown main item tag 0x0 [ 741.210317][ T5891] kye 0003:0458:0138.0046: unknown main item tag 0x0 [ 741.210342][ T5891] kye 0003:0458:0138.0046: unknown main item tag 0x0 [ 741.210369][ T5891] kye 0003:0458:0138.0046: unknown main item tag 0x0 [ 741.210395][ T5891] kye 0003:0458:0138.0046: unknown main item tag 0x0 [ 741.210419][ T5891] kye 0003:0458:0138.0046: unknown main item tag 0x0 [ 741.210955][ T5891] kye 0003:0458:0138.0046: collection stack underflow [ 741.210982][ T5891] kye 0003:0458:0138.0046: item 0 0 0 12 parsing failed [ 741.211816][ T5891] kye 0003:0458:0138.0046: parse failed [ 741.211888][ T5891] kye 0003:0458:0138.0046: probe with driver kye failed with error -22 [ 741.413084][ T32] usb 3-1: USB disconnect, device number 20 [ 741.629513][T21670] usb 9-1: new high-speed USB device number 16 using dummy_hcd [ 741.779424][T21670] usb 9-1: Using ep0 maxpacket: 16 [ 741.782391][T21670] usb 9-1: config 0 has an invalid interface number: 34 but max is 0 [ 741.782418][T21670] usb 9-1: config 0 has no interface number 0 [ 741.782461][T21670] usb 9-1: config 0 interface 34 altsetting 0 bulk endpoint 0xA has invalid maxpacket 1023 [ 741.782485][T21670] usb 9-1: config 0 interface 34 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 80 [ 741.784626][T21670] usb 9-1: New USB device found, idVendor=0b95, idProduct=772a, bcdDevice=82.73 [ 741.784652][T21670] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 741.784663][T21670] usb 9-1: Product: syz [ 741.784671][T21670] usb 9-1: Manufacturer: syz [ 741.784679][T21670] usb 9-1: SerialNumber: syz [ 741.865067][T21670] usb 9-1: config 0 descriptor?? [ 741.866235][T25411] raw-gadget.3 gadget.8: fail, usb_ep_enable returned -22 [ 741.866322][T25411] raw-gadget.3 gadget.8: fail, usb_ep_enable returned -22 [ 742.065054][T25415] netlink: 'syz.2.8365': attribute type 10 has an invalid length. [ 742.065075][T25415] netlink: 152 bytes leftover after parsing attributes in process `syz.2.8365'. [ 742.079732][T25411] raw-gadget.3 gadget.8: fail, usb_ep_enable returned -22 [ 742.081269][T25411] raw-gadget.3 gadget.8: fail, usb_ep_enable returned -22 [ 742.291724][T21670] asix 9-1:0.34 (unnamed net_device) (uninitialized): invalid hw address, using random [ 742.492802][T21670] asix 9-1:0.34 (unnamed net_device) (uninitialized): invalid PHY address: 159 [ 742.700936][T21670] usb 9-1: USB disconnect, device number 16 [ 744.255402][T25472] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 745.938445][T25509] sctp: [Deprecated]: syz.8.8408 (pid 25509) Use of struct sctp_assoc_value in delayed_ack socket option. [ 745.938445][T25509] Use struct sctp_sack_info instead [ 746.836764][ T38] audit: type=1326 audit(2000055738.296:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25511 comm="syz.8.8409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b6b6bc819 code=0x7fc00000 [ 747.325799][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.325883][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.518063][T25534] netlink: 'syz.7.8419': attribute type 10 has an invalid length. [ 747.518078][T25534] netlink: 152 bytes leftover after parsing attributes in process `syz.7.8419'. [ 748.239444][ T5891] usb 9-1: new high-speed USB device number 17 using dummy_hcd [ 748.393682][ T5891] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 748.393711][ T5891] usb 9-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 748.393730][ T5891] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 748.393771][ T5891] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 748.393785][ T5891] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 748.395582][ T5891] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 748.395616][ T5891] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 748.395636][ T5891] usb 9-1: Product: syz [ 748.395649][ T5891] usb 9-1: Manufacturer: syz [ 748.412493][ T5891] cdc_wdm 9-1:1.0: skipping garbage [ 748.412513][ T5891] cdc_wdm 9-1:1.0: skipping garbage [ 748.455966][ T5891] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device [ 748.455999][ T5891] cdc_wdm 9-1:1.0: Unknown control protocol [ 748.719926][T18370] usb 9-1: USB disconnect, device number 17 [ 748.846356][T25544] cdc_wdm 9-1:1.0: Error submitting int urb - -2 [ 749.766819][T25566] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8433'. [ 749.947604][T25570] netlink: 56 bytes leftover after parsing attributes in process `syz.6.8436'. [ 750.307577][T25578] program syz.7.8440 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 750.487620][T25588] netlink: 'syz.7.8443': attribute type 2 has an invalid length. [ 750.716269][T25596] program syz.7.8449 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 754.303594][T25732] trusted_key: encrypted_key: keyword 'uew' not recognized [ 754.929385][ T998] usb 9-1: new high-speed USB device number 18 using dummy_hcd [ 755.093532][ T998] usb 9-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 755.093564][ T998] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 755.110765][ T998] usb 9-1: config 0 descriptor?? [ 755.125979][ T998] cp210x 9-1:0.0: cp210x converter detected [ 755.551922][ T998] cp210x 9-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 755.585710][ T998] usb 9-1: cp210x converter now attached to ttyUSB0 [ 755.756710][T18370] usb 9-1: USB disconnect, device number 18 [ 755.768145][T18370] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 755.890729][T18370] cp210x 9-1:0.0: device disconnected [ 756.824982][T25804] trusted_key: encrypted_key: keyword 'uew' not recognized [ 757.345992][T25817] delete_channel: no stack [ 757.466080][T25824] netlink: 16186 bytes leftover after parsing attributes in process `syz.7.8561'. [ 757.670529][T15772] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 757.820964][T15772] usb 3-1: Using ep0 maxpacket: 16 [ 757.823167][T15772] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 757.823220][T15772] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 757.823249][T15772] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 757.823270][T15772] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 757.823293][T15772] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 757.825670][T15772] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 757.825692][T15772] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 757.825710][T15772] usb 3-1: Manufacturer: syz [ 757.840407][T15772] usb 3-1: config 0 descriptor?? [ 758.279479][T15772] rc_core: IR keymap rc-hauppauge not found [ 758.279501][T15772] Registered IR keymap rc-empty [ 758.280287][T15772] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 758.299531][T15772] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 758.323043][T15772] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 758.335661][T15772] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input48 [ 758.397378][T15772] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 758.409776][T15772] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 758.430130][T15772] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 758.453217][T15772] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 758.475738][T15772] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 758.490396][T15772] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 758.518545][T15772] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 758.539452][T15772] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 758.559751][T15772] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 758.584558][T15772] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 758.600258][T15772] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 758.624670][T15772] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 758.624696][T15772] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 758.680609][T15772] usb 3-1: USB disconnect, device number 21 [ 759.470262][T18370] usb 9-1: new high-speed USB device number 19 using dummy_hcd [ 759.632414][T18370] usb 9-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 759.632443][T18370] usb 9-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 759.632456][T18370] usb 9-1: config 0 interface 0 has no altsetting 0 [ 759.632479][T18370] usb 9-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00 [ 759.632492][T18370] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 759.637007][T18370] usb 9-1: config 0 descriptor?? [ 760.077678][T18370] hid_parser_main: 45 callbacks suppressed [ 760.077702][T18370] uclogic 0003:5543:0522.0047: unknown main item tag 0x0 [ 760.077731][T18370] uclogic 0003:5543:0522.0047: unknown main item tag 0x0 [ 760.077757][T18370] uclogic 0003:5543:0522.0047: unknown main item tag 0x0 [ 760.077783][T18370] uclogic 0003:5543:0522.0047: unknown main item tag 0x0 [ 760.077809][T18370] uclogic 0003:5543:0522.0047: unknown main item tag 0x0 [ 760.077835][T18370] uclogic 0003:5543:0522.0047: unknown main item tag 0x0 [ 760.077860][T18370] uclogic 0003:5543:0522.0047: unknown main item tag 0x0 [ 760.077886][T18370] uclogic 0003:5543:0522.0047: unknown main item tag 0x0 [ 760.077912][T18370] uclogic 0003:5543:0522.0047: unknown main item tag 0x0 [ 760.077937][T18370] uclogic 0003:5543:0522.0047: unknown main item tag 0x0 [ 760.174288][T18370] uclogic 0003:5543:0522.0047: hidraw0: USB HID vff.fa Device [HID 5543:0522] on usb-dummy_hcd.8-1/input0 [ 760.268471][T15772] usb 9-1: USB disconnect, device number 19 [ 760.544875][T25892] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8585'. [ 761.892476][T21332] Bluetooth: hci4: unexpected event for opcode 0x0c7d [ 762.099592][ T5974] usb 9-1: new high-speed USB device number 20 using dummy_hcd [ 762.251530][ T5974] usb 9-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 762.251560][ T5974] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 762.284237][ T5974] usb 9-1: config 0 descriptor?? [ 762.493555][ T5974] udl 9-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 762.777884][ T5974] [drm] Initialized udl 0.0.1 for 9-1:0.0 on minor 2 [ 762.777910][ T5974] [drm] Initialized udl on minor 2 [ 763.104992][ T5974] udl 9-1:0.0: [drm] *ERROR* Read EDID byte 1 failed err ffffffb9 [ 763.152474][ T5974] udl 9-1:0.0: [drm] Cannot find any crtc or sizes [ 763.275190][ T5974] usb 9-1: USB disconnect, device number 20 [ 763.297659][T21670] udl 9-1:0.0: [drm] Cannot find any crtc or sizes [ 763.578155][T25969] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 765.044823][ T5974] usb 9-1: new high-speed USB device number 21 using dummy_hcd [ 765.115352][T26041] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 765.229312][ T5974] usb 9-1: Using ep0 maxpacket: 8 [ 765.234492][ T5974] usb 9-1: config index 0 descriptor too short (expected 6427, got 27) [ 765.234520][ T5974] usb 9-1: config 0 has an invalid interface number: 21 but max is 0 [ 765.234542][ T5974] usb 9-1: config 0 has no interface number 0 [ 765.234584][ T5974] usb 9-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 765.234609][ T5974] usb 9-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 765.234635][ T5974] usb 9-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 765.237095][ T5974] usb 9-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 765.237129][ T5974] usb 9-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0 [ 765.237162][ T5974] usb 9-1: Product: syz [ 765.348779][ T5974] usb 9-1: config 0 descriptor?? [ 765.357842][T26028] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 765.986216][ T5974] usb 9-1: USB disconnect, device number 21 [ 766.919573][ T998] usb 9-1: new high-speed USB device number 22 using dummy_hcd [ 767.074245][ T998] usb 9-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 767.074275][ T998] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 767.074295][ T998] usb 9-1: Product: syz [ 767.074309][ T998] usb 9-1: Manufacturer: syz [ 767.074323][ T998] usb 9-1: SerialNumber: syz [ 767.078001][ T998] usb 9-1: config 0 descriptor?? [ 767.509038][ T998] usb 9-1: Firmware: major: 163, minor: 102, hardware type: UNKNOWN (62) [ 767.585676][T26108] kvm: kvm [26107]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010006) = 0xffffffffffffffff [ 767.739538][ T998] usb 9-1: failed to fetch extended address, random address set [ 767.739568][ T998] usb 9-1: atusb_probe: initialization failed, error = -524 [ 767.739773][ T998] atusb 9-1:0.0: probe with driver atusb failed with error -524 [ 767.751221][ T998] usb 9-1: USB disconnect, device number 22 [ 771.030847][T26193] block nbd2: server does not support multiple connections per device. [ 771.181787][T26193] block nbd2: shutting down sockets [ 771.481143][T26212] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 771.481353][T26212] syzkaller1: linktype set to 786 [ 772.586191][T26257] veth1_macvtap: left promiscuous mode [ 772.586217][T26257] macsec0: entered promiscuous mode [ 772.632872][T26257] veth1_macvtap: entered promiscuous mode [ 772.633589][T26257] macsec0: left promiscuous mode [ 773.027739][T26278] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 774.469351][ T5891] usb 9-1: new high-speed USB device number 23 using dummy_hcd [ 774.619512][ T5891] usb 9-1: Using ep0 maxpacket: 8 [ 774.621543][ T5891] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 774.621576][ T5891] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 774.621592][ T5891] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 774.621604][ T5891] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 774.621628][ T5891] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 774.621640][ T5891] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 774.832265][ T5891] usb 9-1: GET_CAPABILITIES returned 0 [ 774.832310][ T5891] usbtmc 9-1:16.0: can't read capabilities [ 775.069481][T21670] usb 9-1: USB disconnect, device number 23 [ 775.433416][T26336] veth1_macvtap: left promiscuous mode [ 775.433441][T26336] macsec0: entered promiscuous mode [ 775.492342][T26337] veth1_macvtap: entered promiscuous mode [ 775.492747][T26337] macsec0: left promiscuous mode [ 777.256611][ T38] audit: type=1326 audit(2000055774.716:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26379 comm="syz.8.8805" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9b6b6bc819 code=0x0 [ 777.772871][T26385] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8807'. [ 777.943813][T26391] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 777.943827][T26391] overlayfs: workdir and upperdir must be separate subtrees [ 778.236760][T26399] netlink: 72 bytes leftover after parsing attributes in process `syz.8.8814'. [ 778.411631][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880363e3800: rx timeout, send abort [ 778.422497][T26406] Set syz0 is full, maxelem 0 reached [ 778.596394][T26413] netlink: 8 bytes leftover after parsing attributes in process `syz.8.8821'. [ 778.913993][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880363e3800: abort rx timeout. Force session deactivation [ 778.979622][T26421] input: syz1 as /devices/virtual/input/input51 [ 779.516051][T26447] netlink: 72 bytes leftover after parsing attributes in process `syz.2.8844'. [ 779.518298][T26446] netlink: 8 bytes leftover after parsing attributes in process `syz.6.8836'. [ 779.729124][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 780.274098][T26475] netlink: 8 bytes leftover after parsing attributes in process `syz.7.8849'. [ 780.541344][T26481] input: syz1 as /devices/virtual/input/input52 [ 780.842667][T26488] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 780.842690][T26488] overlayfs: workdir and upperdir must be separate subtrees [ 781.124731][T26498] input: syz1 as /devices/virtual/input/input53 [ 782.302232][ T38] audit: type=1326 audit(2000055779.766:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26536 comm="syz.7.8876" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa04cf8c819 code=0x0 [ 782.739471][ T5891] usb 3-1: new low-speed USB device number 22 using dummy_hcd [ 782.892939][ T5891] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 782.892968][ T5891] usb 3-1: config 0 has no interface number 0 [ 782.893007][ T5891] usb 3-1: config 0 interface 1 altsetting 19 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 782.893022][ T5891] usb 3-1: config 0 interface 1 altsetting 19 endpoint 0x81 has invalid wMaxPacketSize 0 [ 782.893034][ T5891] usb 3-1: config 0 interface 1 has no altsetting 0 [ 782.893053][ T5891] usb 3-1: New USB device found, idVendor=2179, idProduct=0053, bcdDevice= 0.00 [ 782.893065][ T5891] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 782.901382][ T5891] usb 3-1: config 0 descriptor?? [ 783.565478][ T5891] uclogic 0003:2179:0053.0048: pen parameters not found [ 783.565502][ T5891] uclogic 0003:2179:0053.0048: interface is invalid, ignoring [ 783.673309][ T5891] usb 3-1: USB disconnect, device number 22 [ 785.668494][T26644] netlink: 8 bytes leftover after parsing attributes in process `syz.6.8927'. [ 785.670606][T25347] bond0: (slave syz_tun): Releasing backup interface [ 785.809858][T26642] netlink: 4 bytes leftover after parsing attributes in process `syz.8.8926'. [ 785.966539][T26651] loop7: detected capacity change from 0 to 7 [ 785.995083][ C1] blk_print_req_error: 138 callbacks suppressed [ 785.995119][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 785.995147][ C1] buffer_io_error: 138 callbacks suppressed [ 785.995159][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 785.995450][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 785.995476][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 785.995658][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 785.995682][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 785.995853][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 785.995876][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 786.103316][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 786.103351][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 786.104246][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 786.104275][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 786.104503][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 786.104527][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 786.104611][T26651] ldm_validate_partition_table(): Disk read failed. [ 786.104745][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 786.104767][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 786.107485][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 786.107514][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 786.107807][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 786.107830][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 786.110101][T26651] Dev loop7: unable to read RDB block 0 [ 786.110902][T26651] loop7: unable to read partition table [ 786.111306][T26651] loop7: partition table beyond EOD, truncated [ 786.113272][T26651] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 786.389387][ T32] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 786.562801][ T32] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 786.562831][ T32] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 786.568825][ T32] usb 3-1: config 0 descriptor?? [ 786.612519][ T32] cp210x 3-1:0.0: cp210x converter detected [ 786.838078][ T60] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 786.914132][ T60] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 787.009135][ T60] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 787.051386][ T32] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 787.065497][ T60] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 787.073516][ T60] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 787.242233][ T32] usb 3-1: cp210x converter now attached to ttyUSB0 [ 787.258148][ T32] usb 3-1: USB disconnect, device number 23 [ 787.293759][ T32] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 787.449730][ T32] cp210x 3-1:0.0: device disconnected [ 787.548394][T26672] netlink: 4 bytes leftover after parsing attributes in process `syz.6.8940'. [ 788.156659][T26689] netlink: 20 bytes leftover after parsing attributes in process `syz.6.8947'. [ 788.271072][T26693] sctp: [Deprecated]: syz.2.8949 (pid 26693) Use of int in max_burst socket option deprecated. [ 788.271072][T26693] Use struct sctp_assoc_value instead [ 788.474968][T26698] netlink: 168 bytes leftover after parsing attributes in process `syz.6.8951'. [ 788.664716][T26666] chnl_net:caif_netlink_parms(): no params data found [ 788.700024][ T998] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 788.923943][ T998] usb 3-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 788.923973][ T998] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 788.952883][ T998] usb 3-1: config 0 descriptor?? [ 788.977714][ T998] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 789.003720][T26666] bridge0: port 1(bridge_slave_0) entered blocking state [ 789.004101][T26666] bridge0: port 1(bridge_slave_0) entered disabled state [ 789.004403][T26666] bridge_slave_0: entered allmulticast mode [ 789.007512][T26666] bridge_slave_0: entered promiscuous mode [ 789.042179][T26666] bridge0: port 2(bridge_slave_1) entered blocking state [ 789.042494][T26666] bridge0: port 2(bridge_slave_1) entered disabled state [ 789.042794][T26666] bridge_slave_1: entered allmulticast mode [ 789.047303][T26666] bridge_slave_1: entered promiscuous mode [ 789.139133][T26666] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 789.157964][T26666] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 789.177993][T21332] Bluetooth: hci0: command tx timeout [ 789.402454][ T998] cpia1 3-1:0.0: unexpected state after lo power cmd: 00 [ 789.449518][ T32] usb 9-1: new high-speed USB device number 24 using dummy_hcd [ 789.457882][T26666] team0: Port device team_slave_0 added [ 789.532624][T26666] team0: Port device team_slave_1 added [ 789.619372][ T32] usb 9-1: Using ep0 maxpacket: 8 [ 789.622216][ T32] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 789.622264][ T32] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 789.622288][ T32] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 789.628690][ T32] usb 9-1: config 0 descriptor?? [ 789.655051][T26666] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 789.655066][T26666] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 789.655091][T26666] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 789.661416][T26666] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 789.661537][T26666] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 789.661564][T26666] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 789.812847][ T998] gspca_cpia1: usb_control_msg 02, error -71 [ 789.813867][ T998] gspca_cpia1: usb_control_msg 05, error -71 [ 789.813897][ T998] cpia1 3-1:0.0: unexpected systemstate: 00 [ 789.849844][ T998] usb 3-1: USB disconnect, device number 24 [ 789.894408][T26728] netlink: 104 bytes leftover after parsing attributes in process `syz.6.8963'. [ 789.930974][ T32] iowarrior 9-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 790.111805][T26666] hsr_slave_0: entered promiscuous mode [ 790.113695][T26666] hsr_slave_1: entered promiscuous mode [ 790.114969][T26666] debugfs: 'hsr0' already exists in 'hsr' [ 790.114989][T26666] Cannot create hsr debugfs directory [ 790.263583][ T998] usb 9-1: USB disconnect, device number 24 [ 790.959985][T26749] loop7: detected capacity change from 0 to 7 [ 791.084093][ C1] blk_print_req_error: 10 callbacks suppressed [ 791.084110][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 791.084131][ C1] buffer_io_error: 10 callbacks suppressed [ 791.084138][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 791.084409][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 791.084430][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 791.123773][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 791.123804][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 791.124093][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 791.124116][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 791.124369][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 791.124391][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 791.126019][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 791.126047][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 791.126292][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 791.126314][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 791.127366][T26749] ldm_validate_partition_table(): Disk read failed. [ 791.127528][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 791.127562][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 791.127770][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 791.127792][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 791.127952][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 791.127974][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 791.131286][T26749] Dev loop7: unable to read RDB block 0 [ 791.196650][T26749] loop7: unable to read partition table [ 791.196859][T26749] loop7: partition table beyond EOD, truncated [ 791.196888][T26749] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 791.239337][T21332] Bluetooth: hci0: command tx timeout [ 791.587874][T26666] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 791.699512][ T5891] usb 9-1: new high-speed USB device number 25 using dummy_hcd [ 791.908950][ T5891] usb 9-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 791.908980][ T5891] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 791.914625][ T5891] usb 9-1: config 0 descriptor?? [ 791.950953][ T5891] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 792.009124][T26666] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 792.378373][ T5891] cpia1 9-1:0.0: unexpected state after lo power cmd: 00 [ 792.405812][T26666] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 792.734648][T26666] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 792.781403][ T5891] gspca_cpia1: usb_control_msg 02, error -71 [ 792.781757][ T5891] gspca_cpia1: usb_control_msg 05, error -71 [ 792.781767][ T5891] cpia1 9-1:0.0: unexpected systemstate: 00 [ 792.786200][ T5891] usb 9-1: USB disconnect, device number 25 [ 793.215695][T26666] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 793.233712][T26666] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 793.234447][T26666] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 793.275778][T26666] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 793.276488][T26666] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 793.319525][T21332] Bluetooth: hci0: command tx timeout [ 793.326427][T26666] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 793.329110][T26666] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 793.471601][T26666] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 793.718726][T26666] 8021q: adding VLAN 0 to HW filter on device bond0 [ 793.779922][T26666] 8021q: adding VLAN 0 to HW filter on device team0 [ 793.788110][ T1516] bridge0: port 1(bridge_slave_0) entered blocking state [ 793.788371][ T1516] bridge0: port 1(bridge_slave_0) entered forwarding state [ 793.880699][ T998] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 793.884795][T22337] bridge0: port 2(bridge_slave_1) entered blocking state [ 793.884909][T22337] bridge0: port 2(bridge_slave_1) entered forwarding state [ 794.050190][ T998] usb 3-1: Using ep0 maxpacket: 8 [ 794.055265][ T998] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 794.055330][ T998] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 794.055354][ T998] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 794.074388][ T998] usb 3-1: config 0 descriptor?? [ 794.315672][ T998] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 794.522787][T26666] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 794.537657][ T998] usb 3-1: USB disconnect, device number 25 [ 794.597508][T26793] netlink: 164 bytes leftover after parsing attributes in process `syz.6.8988'. [ 795.207494][T26666] veth0_vlan: entered promiscuous mode [ 795.237214][T26666] veth1_vlan: entered promiscuous mode [ 795.411939][T21332] Bluetooth: hci0: command tx timeout [ 795.438785][T26666] veth0_macvtap: entered promiscuous mode [ 795.470379][T26666] veth1_macvtap: entered promiscuous mode [ 795.580631][T26666] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 795.605106][T26666] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 795.616162][T26820] netlink: 20 bytes leftover after parsing attributes in process `syz.8.8998'. [ 795.643351][T22174] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 795.645640][T22174] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 795.653739][T22174] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 795.653785][T22174] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 795.912241][T26827] GUP no longer grows the stack in syz.2.9001 (26827): 200000005000-200000008000 (200000001000) [ 795.912290][T26827] CPU: 1 UID: 0 PID: 26827 Comm: syz.2.9001 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 795.912314][T26827] Tainted: [L]=SOFTLOCKUP [ 795.912320][T26827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 795.912333][T26827] Call Trace: [ 795.912339][T26827] [ 795.912354][T26827] dump_stack_lvl+0xe8/0x150 [ 795.912378][T26827] __get_user_pages+0x21cf/0x2570 [ 795.912424][T26827] __gup_longterm_locked+0x3db/0x1630 [ 795.912458][T26827] ? __pfx_down_read+0x10/0x10 [ 795.912481][T26827] pin_user_pages+0x9d/0xd0 [ 795.912506][T26827] xdp_umem_pin_pages+0x11b/0x340 [ 795.912536][T26827] xdp_umem_create+0x631/0x8b0 [ 795.912567][T26827] xsk_setsockopt+0x860/0x990 [ 795.912592][T26827] ? __pfx_xsk_setsockopt+0x10/0x10 [ 795.912618][T26827] ? aa_sock_opt_perm+0x131/0x1f0 [ 795.912644][T26827] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 795.912662][T26827] ? __pfx_xsk_setsockopt+0x10/0x10 [ 795.912686][T26827] do_sock_setsockopt+0x17c/0x1b0 [ 795.912711][T26827] __x64_sys_setsockopt+0x143/0x1b0 [ 795.912733][T26827] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 795.912754][T26827] do_syscall_64+0x15f/0xf80 [ 795.912770][T26827] ? trace_irq_disable+0x3b/0x140 [ 795.912790][T26827] ? clear_bhb_loop+0x40/0x90 [ 795.912811][T26827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 795.912834][T26827] RIP: 0033:0x7f520e3fc819 [ 795.912858][T26827] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 795.912873][T26827] RSP: 002b:00007f520c64e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 795.912892][T26827] RAX: ffffffffffffffda RBX: 00007f520e675fa0 RCX: 00007f520e3fc819 [ 795.912906][T26827] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000003 [ 795.912916][T26827] RBP: 00007f520e492c91 R08: 0000000000000020 R09: 0000000000000000 [ 795.912927][T26827] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 795.912937][T26827] R13: 00007f520e676038 R14: 00007f520e675fa0 R15: 00007ffc91409178 [ 795.912968][T26827] [ 797.182528][ T1516] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 797.182548][ T1516] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 797.569393][T21670] usb 9-1: new high-speed USB device number 26 using dummy_hcd [ 797.625054][T22338] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 797.625074][T22338] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 797.731335][T21670] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 6 [ 797.731386][T21670] usb 9-1: config 0 interface 0 altsetting 32 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 797.731410][T21670] usb 9-1: config 0 interface 0 has no altsetting 0 [ 797.731439][T21670] usb 9-1: New USB device found, idVendor=1ea7, idProduct=0907, bcdDevice= 0.00 [ 797.731461][T21670] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 797.820619][T21670] usb 9-1: config 0 descriptor?? [ 798.262482][T21670] hid (null): global environment stack underflow [ 798.262536][T21670] hid (null): report_id 2839661142 is invalid [ 798.329421][T21670] hid_parser_main: 19 callbacks suppressed [ 798.329446][T21670] semitek 0003:1EA7:0907.0049: unknown main item tag 0x0 [ 798.329476][T21670] semitek 0003:1EA7:0907.0049: unknown main item tag 0x0 [ 798.329499][T21670] semitek 0003:1EA7:0907.0049: unknown main item tag 0x0 [ 798.329520][T21670] semitek 0003:1EA7:0907.0049: unknown main item tag 0x0 [ 798.329540][T21670] semitek 0003:1EA7:0907.0049: unknown main item tag 0x0 [ 798.329563][T21670] semitek 0003:1EA7:0907.0049: unknown main item tag 0x0 [ 798.329588][T21670] semitek 0003:1EA7:0907.0049: unknown main item tag 0x0 [ 798.329611][T21670] semitek 0003:1EA7:0907.0049: unknown main item tag 0x0 [ 798.329636][T21670] semitek 0003:1EA7:0907.0049: unknown main item tag 0x0 [ 798.329660][T21670] semitek 0003:1EA7:0907.0049: unknown main item tag 0x0 [ 798.330173][T21670] semitek 0003:1EA7:0907.0049: global environment stack underflow [ 798.330189][T21670] semitek 0003:1EA7:0907.0049: item 0 4 1 11 parsing failed [ 798.330855][T21670] semitek 0003:1EA7:0907.0049: probe with driver semitek failed with error -22 [ 798.509392][ T998] usb 9-1: USB disconnect, device number 26 [ 798.620006][ T10] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 798.769418][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 798.774108][ T10] usb 3-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 798.774134][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 798.774146][ T10] usb 3-1: Product: syz [ 798.774153][ T10] usb 3-1: Manufacturer: syz [ 798.774161][ T10] usb 3-1: SerialNumber: syz [ 798.777759][ T10] usb 3-1: config 0 descriptor?? [ 799.105725][ T38] audit: type=1326 audit(2000055796.566:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26873 comm="syz.6.9030" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f312cbfc819 code=0x0 [ 799.221750][ T10] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 799.224764][ T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 799.225377][ T10] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 799.225592][ T10] usb 3-1: media controller created [ 799.256063][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 799.422317][ T10] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 799.422380][ T10] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 799.626746][T18370] usb 3-1: USB disconnect, device number 26 [ 799.667876][T18370] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 800.177045][T26884] netlink: 104 bytes leftover after parsing attributes in process `syz.2.9026'. [ 800.245615][T26887] block nbd2: not configured, cannot reconfigure [ 800.267561][T26888] netlink: 124 bytes leftover after parsing attributes in process `syz.6.9035'. [ 800.861209][T26913] netlink: 20 bytes leftover after parsing attributes in process `syz.2.9041'. [ 801.010517][T26915] input: syz0 as /devices/virtual/input/input56 [ 801.116503][T26922] netdevsim netdevsim6 netdevsim0: IPsec offload requires 128 bit authentication [ 801.544047][T26941] netlink: 32 bytes leftover after parsing attributes in process `syz.6.9053'. [ 801.562145][T18370] usb 9-1: new high-speed USB device number 27 using dummy_hcd [ 801.732345][T18370] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 801.732377][T18370] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 801.732403][T18370] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121 [ 801.741084][T18370] usb 9-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 801.741114][T18370] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 801.741132][T18370] usb 9-1: Product: syz [ 801.741145][T18370] usb 9-1: Manufacturer: syz [ 801.741158][T18370] usb 9-1: SerialNumber: syz [ 801.808638][T18370] usb 9-1: config 0 descriptor?? [ 801.810911][T26931] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 801.811020][T26931] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 801.832309][T18370] usb 9-1: ucan: probing device on interface #0 [ 802.438758][T18370] ucan 9-1:0.0: probe with driver ucan failed with error -22 [ 802.459345][ T10] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 802.611784][ T10] usb 3-1: Using ep0 maxpacket: 32 [ 802.614493][ T10] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 802.617991][ T10] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 802.618018][ T10] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 802.618029][ T10] usb 3-1: Product: syz [ 802.618037][ T10] usb 3-1: Manufacturer: syz [ 802.618044][ T10] usb 3-1: SerialNumber: syz [ 802.629420][ T10] usb 3-1: config 0 descriptor?? [ 802.640533][T26963] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 802.645860][ T10] hub 3-1:0.0: bad descriptor, ignoring hub [ 802.645895][ T10] hub 3-1:0.0: probe with driver hub failed with error -5 [ 802.664821][T15772] usb 9-1: USB disconnect, device number 27 [ 803.063306][ T10] usb 3-1: USB disconnect, device number 27 [ 803.539500][ T10] usb 9-1: new high-speed USB device number 28 using dummy_hcd [ 803.689358][ T10] usb 9-1: Using ep0 maxpacket: 32 [ 803.691206][ T10] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 803.691236][ T10] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 803.691260][ T10] usb 9-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 803.691273][ T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 803.699096][ T10] usb 9-1: config 0 descriptor?? [ 803.710221][ T10] hub 9-1:0.0: USB hub found [ 803.926066][ T10] hub 9-1:0.0: 1 port detected [ 804.336841][ T10] usb 9-1: USB disconnect, device number 28 [ 805.114617][T26996] netlink: 56 bytes leftover after parsing attributes in process `syz.2.9078'. [ 805.141603][T18370] usb 9-1: new high-speed USB device number 29 using dummy_hcd [ 805.296644][T18370] usb 9-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 805.296675][T18370] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 805.323516][T18370] usb 9-1: config 0 descriptor?? [ 805.342765][T18370] cp210x 9-1:0.0: cp210x converter detected [ 805.739587][T18370] cp210x 9-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 805.751344][T18370] usb 9-1: cp210x converter now attached to ttyUSB0 [ 805.829461][T21670] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 805.944861][ T10] usb 9-1: USB disconnect, device number 29 [ 805.966884][ T10] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 805.999508][T21670] usb 3-1: Using ep0 maxpacket: 16 [ 806.004031][T21670] usb 3-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 806.004055][T21670] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 806.004066][T21670] usb 3-1: Product: syz [ 806.004073][T21670] usb 3-1: Manufacturer: syz [ 806.004080][T21670] usb 3-1: SerialNumber: syz [ 806.008074][T21670] usb 3-1: config 0 descriptor?? [ 806.052469][T21670] ssu100 3-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 806.122424][ T10] cp210x 9-1:0.0: device disconnected [ 806.856347][T21670] ssu100 3-1:0.0: probe with driver ssu100 failed with error -71 [ 806.862656][T27026] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 806.862914][T27026] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 806.868152][T27026] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 806.868436][T27026] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 806.869066][T27026] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 806.928160][T27026] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 806.962479][T21670] usb 3-1: USB disconnect, device number 28 [ 807.136022][T27026] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 807.599029][T27037] overlay: filesystem on ./file0 is read-only [ 808.109791][T27058] input: syz0 as /devices/virtual/input/input57 [ 808.158931][T27062] Bluetooth: MGMT ver 1.23 [ 808.377797][T27071] bridge0: port 1(bridge_slave_0) entered disabled state [ 808.494981][T27078] netlink: 32 bytes leftover after parsing attributes in process `syz.2.9116'. [ 808.772187][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.772285][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.920161][T21332] Bluetooth: hci0: command 0x0c1a tx timeout [ 808.920241][T21329] Bluetooth: hci3: command 0x0c1a tx timeout [ 808.920269][T21329] Bluetooth: hci1: command 0x0c1a tx timeout [ 808.920306][ T5827] Bluetooth: hci2: command 0x0c1a tx timeout [ 808.920336][ T60] Bluetooth: hci4: command 0x0c1a tx timeout [ 809.679647][ T10] usb 9-1: new high-speed USB device number 30 using dummy_hcd [ 809.830754][ T10] usb 9-1: Using ep0 maxpacket: 32 [ 809.833478][ T10] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 809.833510][ T10] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 809.833545][ T10] usb 9-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 809.833568][ T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 809.836957][ T10] usb 9-1: config 0 descriptor?? [ 810.267905][ T10] hid_parser_main: 49 callbacks suppressed [ 810.267930][ T10] ft260 0003:0403:6030.004A: unknown main item tag 0x0 [ 810.267960][ T10] ft260 0003:0403:6030.004A: unknown main item tag 0x0 [ 810.467363][ T10] ft260 0003:0403:6030.004A: chip code: 0000 0000 [ 810.668810][ T10] ft260 0003:0403:6030.004A: failed to retrieve system status [ 810.669434][ T10] ft260 0003:0403:6030.004A: probe with driver ft260 failed with error -71 [ 810.702802][ T10] usb 9-1: USB disconnect, device number 30 [ 810.999796][T19452] Bluetooth: hci0: command 0x0c1a tx timeout [ 811.283617][T27119] pim6reg: entered allmulticast mode [ 811.342517][T27122] netlink: 88 bytes leftover after parsing attributes in process `syz.2.9136'. [ 811.543030][T27131] loop5: detected capacity change from 0 to 7 [ 811.609154][T21779] buffer_io_error: 10 callbacks suppressed [ 811.609168][T21779] Buffer I/O error on dev loop5, logical block 0, async page read [ 811.624834][T21779] Buffer I/O error on dev loop5, logical block 0, async page read [ 811.625165][T21779] Buffer I/O error on dev loop5, logical block 0, async page read [ 811.625570][T21779] Buffer I/O error on dev loop5, logical block 0, async page read [ 811.625938][T21779] Buffer I/O error on dev loop5, logical block 0, async page read [ 812.068852][T27143] pim6reg: entered allmulticast mode [ 812.291035][ T5814] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 812.350875][T27160] netlink: 'syz.8.9155': attribute type 1 has an invalid length. [ 812.350918][T27160] netlink: 'syz.8.9155': attribute type 2 has an invalid length. [ 812.350926][T27160] netlink: 'syz.8.9155': attribute type 1 has an invalid length. [ 812.350933][T27160] netlink: 'syz.8.9155': attribute type 3 has an invalid length. [ 812.350940][T27160] netlink: 4 bytes leftover after parsing attributes in process `syz.8.9155'. [ 812.443603][ T5814] usb 3-1: Using ep0 maxpacket: 32 [ 812.447683][ T5814] usb 3-1: config 0 has an invalid interface number: 12 but max is 0 [ 812.447710][ T5814] usb 3-1: config 0 has no interface number 0 [ 812.447761][ T5814] usb 3-1: config 0 interface 12 has no altsetting 0 [ 812.453527][ T5814] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 812.453555][ T5814] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 812.453575][ T5814] usb 3-1: Product: syz [ 812.453590][ T5814] usb 3-1: Manufacturer: syz [ 812.453604][ T5814] usb 3-1: SerialNumber: syz [ 812.473396][ T5814] usb 3-1: config 0 descriptor?? [ 813.080174][T19452] Bluetooth: hci0: command 0x0c1a tx timeout [ 813.158008][T27185] netlink: 8 bytes leftover after parsing attributes in process `syz.8.9167'. [ 813.303880][ T5814] f81534 3-1:0.12: f81534_set_register: reg: 1002 data: 0 failed: -71 [ 813.303934][ T5814] f81534 3-1:0.12: f81534_find_config_idx: read failed: -71 [ 813.303952][ T5814] f81534 3-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 813.304036][ T5814] f81534 3-1:0.12: probe with driver f81534 failed with error -71 [ 813.344696][ T5814] usb 3-1: USB disconnect, device number 29 [ 813.533351][T27190] netlink: 'syz.8.9170': attribute type 1 has an invalid length. [ 813.533398][T27190] netlink: 'syz.8.9170': attribute type 2 has an invalid length. [ 813.533413][T27190] netlink: 'syz.8.9170': attribute type 1 has an invalid length. [ 813.695608][T27198] netlink: 'syz.8.9173': attribute type 10 has an invalid length. [ 813.695622][T27198] netlink: 152 bytes leftover after parsing attributes in process `syz.8.9173'. [ 814.505682][T27236] bridge0: port 1(bridge_slave_0) entered disabled state [ 814.539784][T21670] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 814.712614][T21670] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 25665, setting to 1024 [ 814.712635][T21670] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024 [ 814.712648][T21670] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 814.715301][T21670] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 814.715328][T21670] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 814.715348][T21670] usb 3-1: Product: syz [ 814.715356][T21670] usb 3-1: Manufacturer: syz [ 814.715364][T21670] usb 3-1: SerialNumber: syz [ 814.722856][T27225] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 815.000905][T21670] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 30 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 815.204591][ T10] usb 3-1: USB disconnect, device number 30 [ 815.214919][ T10] usblp0: removed [ 815.923042][ T38] audit: type=1326 audit(2000055813.386:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27264 comm="syz.2.9205" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f520e3fc819 code=0x0 [ 816.305049][T27279] netlink: 12 bytes leftover after parsing attributes in process `syz.6.9211'. [ 816.305080][T27279] netlink: 12 bytes leftover after parsing attributes in process `syz.6.9211'. [ 816.305096][T27279] netlink: 20 bytes leftover after parsing attributes in process `syz.6.9211'. [ 817.302252][T27301] netlink: 8 bytes leftover after parsing attributes in process `syz.8.9221'. [ 817.302292][T27301] netlink: 8 bytes leftover after parsing attributes in process `syz.8.9221'. [ 818.051842][ T5814] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 818.093764][T27331] rtc_cmos PNP0B00:00: Alarms can be up to one day in the future [ 818.202473][ T5814] usb 3-1: Using ep0 maxpacket: 16 [ 818.219806][ T5814] usb 3-1: unable to get BOS descriptor or descriptor too short [ 818.230216][ T5814] usb 3-1: New USB device found, idVendor=0ac8, idProduct=c301, bcdDevice=d4.05 [ 818.230247][ T5814] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 818.230267][ T5814] usb 3-1: Product: syz [ 818.230281][ T5814] usb 3-1: Manufacturer: syz [ 818.230295][ T5814] usb 3-1: SerialNumber: syz [ 818.506408][ T5814] gspca_main: vc032x-2.14.0 probing 0ac8:c301 [ 818.518816][ T32] rtc_cmos PNP0B00:00: Alarms can be up to one day in the future [ 818.519091][ T32] rtc_cmos PNP0B00:00: Alarms can be up to one day in the future [ 818.545758][ T32] rtc_cmos PNP0B00:00: Alarms can be up to one day in the future [ 818.546016][ T32] rtc_cmos PNP0B00:00: Alarms can be up to one day in the future [ 818.546033][ T32] rtc rtc0: __rtc_set_alarm: err=-22 [ 819.099888][ T5814] gspca_vc032x: reg_r err -71 [ 819.099919][ T5814] gspca_vc032x: I2c Bus Busy Wait 00 [ 819.099930][ T5814] gspca_vc032x: I2c Bus Busy Wait 00 [ 819.099939][ T5814] gspca_vc032x: I2c Bus Busy Wait 00 [ 819.099947][ T5814] gspca_vc032x: I2c Bus Busy Wait 00 [ 819.099957][ T5814] gspca_vc032x: I2c Bus Busy Wait 00 [ 819.099966][ T5814] gspca_vc032x: I2c Bus Busy Wait 00 [ 819.099975][ T5814] gspca_vc032x: I2c Bus Busy Wait 00 [ 819.099984][ T5814] gspca_vc032x: I2c Bus Busy Wait 00 [ 819.099993][ T5814] gspca_vc032x: I2c Bus Busy Wait 00 [ 819.100001][ T5814] gspca_vc032x: I2c Bus Busy Wait 00 [ 819.100010][ T5814] gspca_vc032x: I2c Bus Busy Wait 00 [ 819.100019][ T5814] gspca_vc032x: I2c Bus Busy Wait 00 [ 819.100028][ T5814] gspca_vc032x: I2c Bus Busy Wait 00 [ 819.100037][ T5814] gspca_vc032x: I2c Bus Busy Wait 00 [ 819.100045][ T5814] gspca_vc032x: I2c Bus Busy Wait 00 [ 819.100053][ T5814] gspca_vc032x: I2c Bus Busy Wait 00 [ 819.100061][ T5814] gspca_vc032x: I2c Bus Busy Wait 00 [ 819.100069][ T5814] gspca_vc032x: I2c Bus Busy Wait 00 [ 819.100078][ T5814] gspca_vc032x: I2c Bus Busy Wait 00 [ 819.100087][ T5814] gspca_vc032x: Unknown sensor... [ 819.100171][ T5814] vc032x 3-1:12.0: probe with driver vc032x failed with error -22 [ 819.146737][ T5814] usb 3-1: USB disconnect, device number 31 [ 819.565025][T27363] input: syz0 as /devices/virtual/input/input58 [ 820.031006][T21670] usb 3-1: new full-speed USB device number 32 using dummy_hcd [ 820.183595][T21670] usb 3-1: config 120 has an invalid interface number: 138 but max is 0 [ 820.183621][T21670] usb 3-1: config 120 has an invalid descriptor of length 0, skipping remainder of the config [ 820.183642][T21670] usb 3-1: config 120 has no interface number 0 [ 820.183682][T21670] usb 3-1: config 120 interface 138 altsetting 31 has 0 endpoint descriptors, different from the interface descriptor's value: 22 [ 820.183710][T21670] usb 3-1: config 120 interface 138 has no altsetting 0 [ 820.234178][T21670] usb 3-1: New USB device found, idVendor=03f0, idProduct=0307, bcdDevice= 0.01 [ 820.234209][T21670] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 820.234227][T21670] usb 3-1: Product: syz [ 820.234241][T21670] usb 3-1: Manufacturer: syz [ 820.234262][T21670] usb 3-1: SerialNumber: syz [ 820.339418][ T5974] usb 9-1: new high-speed USB device number 31 using dummy_hcd [ 820.493933][T21670] ums-usbat 3-1:120.138: USB Mass Storage device detected [ 820.513627][T21670] ums-usbat 3-1:120.138: This device (03f0,0307,0001 S ee P 80) has an unneeded Protocol entry in unusual_devs.h (kernel syzkaller) [ 820.513627][T21670] Please send a copy of this message to and [ 820.520352][ T5974] usb 9-1: Using ep0 maxpacket: 32 [ 820.555008][ T5974] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 820.555040][ T5974] usb 9-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 820.555055][ T5974] usb 9-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 820.555068][ T5974] usb 9-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 820.555082][ T5974] usb 9-1: config 0 interface 0 has no altsetting 0 [ 820.555101][ T5974] usb 9-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 820.555113][ T5974] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 820.562196][ T5974] usb 9-1: config 0 descriptor?? [ 820.718865][T21670] usb 3-1: USB disconnect, device number 32 [ 820.944513][T27403] hugetlbfs: syz.6.9266 (27403): Using mlock ulimits for SHM_HUGETLB is obsolete [ 821.043745][ T5974] hid-thrustmaster 0003:044F:B65D.004B: unknown main item tag 0x0 [ 821.043783][ T5974] hid-thrustmaster 0003:044F:B65D.004B: unknown main item tag 0x0 [ 821.043811][ T5974] hid-thrustmaster 0003:044F:B65D.004B: unknown main item tag 0x0 [ 821.043835][ T5974] hid-thrustmaster 0003:044F:B65D.004B: unknown main item tag 0x0 [ 821.043862][ T5974] hid-thrustmaster 0003:044F:B65D.004B: unknown main item tag 0x0 [ 821.048863][ T5974] hid-thrustmaster 0003:044F:B65D.004B: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.8-1/input0 [ 821.101813][ T5974] hid-thrustmaster 0003:044F:B65D.004B: Wrong number of endpoints? [ 821.245545][ C1] hid-thrustmaster 0003:044F:B65D.004B: Unknown packet type 0x0, unable to proceed further with wheel init [ 821.326002][T27412] netlink: 52 bytes leftover after parsing attributes in process `syz.6.9270'. [ 821.453146][ T998] usb 9-1: USB disconnect, device number 31 [ 821.561542][T27417] kvm: kvm [27416]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x40000007) = 0x4 [ 823.639429][T18370] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 823.771288][ T5974] usb 9-1: new high-speed USB device number 32 using dummy_hcd [ 823.789358][T18370] usb 3-1: Using ep0 maxpacket: 32 [ 823.791614][T18370] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 823.791638][T18370] usb 3-1: config 0 has no interface number 0 [ 823.791683][T18370] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 823.791708][T18370] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 823.791746][T18370] usb 3-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 823.791768][T18370] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 823.875601][T18370] usb 3-1: config 0 descriptor?? [ 823.960934][ T5974] usb 9-1: Using ep0 maxpacket: 8 [ 823.974960][ T5974] usb 9-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 823.974991][ T5974] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 823.975069][ T5974] usb 9-1: Product: syz [ 823.975084][ T5974] usb 9-1: Manufacturer: syz [ 823.975098][ T5974] usb 9-1: SerialNumber: syz [ 824.026989][ T5974] usb 9-1: config 0 descriptor?? [ 824.233248][ T38] audit: type=1326 audit(2000055821.696:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27475 comm="syz.7.9299" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4f217fc819 code=0x0 [ 824.338477][ T5974] dvb_usb_rtl28xxu 9-1:0.0: chip type detection failed -71 [ 824.338543][ T5974] dvb_usb_rtl28xxu 9-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 824.369707][ T5974] usb 9-1: USB disconnect, device number 32 [ 824.608030][T18370] input: HID 28bd:0094 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.1/0003:28BD:0094.004C/input/input59 [ 824.747552][T18370] uclogic 0003:28BD:0094.004C: input,hidraw0: USB HID v0.00 Device [HID 28bd:0094] on usb-dummy_hcd.2-1/input1 [ 824.806907][ T998] usb 3-1: USB disconnect, device number 33 [ 824.909511][T27478] fido_id[27478]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory [ 825.074659][T27484] netlink: 24 bytes leftover after parsing attributes in process `syz.8.9302'. [ 825.074749][T27484] netlink: 24 bytes leftover after parsing attributes in process `syz.8.9302'. [ 825.553891][T27503] netlink: 8 bytes leftover after parsing attributes in process `syz.6.9311'. [ 825.879504][ T5974] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 826.029366][ T5974] usb 3-1: Using ep0 maxpacket: 8 [ 826.031797][ T5974] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 826.031826][ T5974] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 826.095418][ T5974] pvrusb2: Hardware description: Terratec Grabster AV400 [ 826.095436][ T5974] pvrusb2: ********** [ 826.095445][ T5974] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 826.095458][ T5974] pvrusb2: Important functionality might not be entirely working. [ 826.095467][ T5974] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 826.095480][ T5974] pvrusb2: ********** [ 826.326246][ T2381] pvrusb2: Invalid write control endpoint [ 826.508536][ T5814] usb 3-1: USB disconnect, device number 34 [ 826.629031][ T2381] pvrusb2: Invalid write control endpoint [ 826.629047][ T2381] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 826.629057][ T2381] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 826.629065][ T2381] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 826.629075][ T2381] pvrusb2: Device being rendered inoperable [ 826.629113][ T2381] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 826.629161][ T2381] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 826.787425][ T2381] pvrusb2: Attached sub-driver cx25840 [ 826.787441][ T2381] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 826.787452][ T2381] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 827.545896][T27569] netlink: 'syz.6.9342': attribute type 25 has an invalid length. [ 827.545920][T27569] netlink: 'syz.6.9342': attribute type 1 has an invalid length. [ 827.546046][T27569] bridge0: port 1(bridge_slave_0) entered disabled state [ 827.746246][T27577] serio: Serial port ttyS3 [ 827.756245][T27576] netlink: 65051 bytes leftover after parsing attributes in process `syz.8.9345'. [ 827.916388][T27588] netlink: 4 bytes leftover after parsing attributes in process `syz.8.9351'. [ 827.916410][T27588] netlink: 16 bytes leftover after parsing attributes in process `syz.8.9351'. [ 828.107712][T27593] sctp: Trying to GSO but underlying device doesn't support it. [ 828.229371][ T5974] usb 9-1: new high-speed USB device number 33 using dummy_hcd [ 828.379449][ T5974] usb 9-1: Using ep0 maxpacket: 32 [ 828.381822][ T5974] usb 9-1: config index 0 descriptor too short (expected 35577, got 27) [ 828.381850][ T5974] usb 9-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 828.381871][ T5974] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 828.381892][ T5974] usb 9-1: config 1 has no interface number 0 [ 828.381936][ T5974] usb 9-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 828.381962][ T5974] usb 9-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 828.382002][ T5974] usb 9-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 828.382026][ T5974] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 828.507336][ T5974] snd_usb_pod 9-1:1.1: Line 6 Pocket POD found [ 828.620390][ T39] INFO: task syz-executor:21864 blocked for more than 143 seconds. [ 828.620416][ T39] Tainted: G L syzkaller #0 [ 828.620477][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 828.620498][ T39] task:syz-executor state:D stack:21000 pid:21864 tgid:21864 ppid:1 task_flags:0x400140 flags:0x00080002 [ 828.620549][ T39] Call Trace: [ 828.620556][ T39] [ 828.620567][ T39] __schedule+0x169e/0x54f0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 828.620675][ T39] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 828.620700][ T39] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 828.620721][ T39] ? rt_spin_lock+0x1e0/0x400 [ 828.620747][ T39] ? __pfx___schedule+0x10/0x10 [ 828.620836][ T39] ? schedule+0x90/0x360 [ 828.620868][ T39] schedule+0x164/0x360 [ 828.620899][ T39] fuse_chan_wait_aborted+0x15b/0x250 [ 828.620924][ T39] ? __pfx_fuse_chan_wait_aborted+0x10/0x10 [ 828.620990][ T39] ? __pfx_autoremove_wake_function+0x10/0x10 [ 828.621015][ T39] ? __pfx_fuse_chan_abort+0x10/0x10 [ 828.621036][ T39] ? do_raw_spin_lock+0x12b/0x2f0 [ 828.621036][ T39] ? do_raw_spin_lock+0x12b/0x2f0 [ 828.621064][ T39] fuse_conn_destroy+0x1e7/0x3e0 [ 828.621091][ T39] ? __pfx_fuse_conn_destroy+0x10/0x10 [ 828.621165][ T39] ? lockdep_hardirqs_on+0x7a/0x110 [ 828.621185][ T39] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 828.621205][ T39] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 828.621233][ T39] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 828.621259][ T39] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 828.621772][ T39] ? lockdep_hardirqs_on+0x7a/0x110 [ 828.621795][ T39] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 828.621817][ T39] fuse_kill_sb_anon+0x1ef/0x270 [ 828.621847][ T39] deactivate_locked_super+0xbc/0x130 [ 828.621935][ T39] cleanup_mnt+0x437/0x4d0 [ 828.622370][ T39] ? _raw_spin_unlock_irq+0x23/0x50 [ 828.622398][ T39] task_work_run+0x1d9/0x270 [ 828.622427][ T39] ? __pfx_task_work_run+0x10/0x10 [ 828.622511][ T39] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 828.622535][ T39] exit_to_user_mode_loop+0xed/0x480 [ 828.622557][ T39] ? rcu_is_watching+0x15/0xb0 [ 828.622592][ T39] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 828.622665][ T39] do_syscall_64+0x33e/0xf80 [ 828.622686][ T39] ? trace_irq_disable+0x3b/0x140 [ 828.622708][ T39] ? clear_bhb_loop+0x40/0x90 [ 828.622730][ T39] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 828.626179][ T39] RIP: 0033:0x7fd19d3cda57 [ 828.626204][ T39] RSP: 002b:00007ffc63a821b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 828.626227][ T39] RAX: 0000000000000000 RBX: 00007fd19d462048 RCX: 00007fd19d3cda57 [ 828.626254][ T39] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc63a82270 [ 828.626267][ T39] RBP: 00007ffc63a82270 R08: 00007ffc63a83270 R09: 00000000ffffffff [ 828.626331][ T39] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc63a83300 [ 828.626345][ T39] R13: 00007fd19d462048 R14: 00000000000a53b5 R15: 00007ffc63a83340 [ 828.626377][ T39] [ 828.626431][ T39] [ 828.626431][ T39] Showing all locks held in the system: [ 828.626496][ T39] 1 lock held by khungtaskd/39: [ 828.626509][ T39] #0: ffffffff8e3c8100 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 828.626648][ T39] 2 locks held by udevd/5195: [ 828.626660][ T39] #0: ffffffff8eae7878 (tomoyo_ss){.+.+}-{0:0}, at: tomoyo_path_perm+0x251/0x560 [ 828.626709][ T39] #1: ffffffff8e3c8100 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xa6/0x2550 [ 828.626808][ T39] 2 locks held by getty/5585: [ 828.626820][ T39] #0: ffff8880380460a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 828.626874][ T39] #1: ffffc90003cbe2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x462/0x13a0 [ 828.626972][ T39] 6 locks held by kworker/1:5/5974: [ 828.626984][ T39] #0: ffff888021681138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x890/0x1710 [ 828.627031][ T39] #1: ffffc90004f67c40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710 [ 828.627126][ T39] #2: ffff88802b1c2210 (&dev->mutex){....}-{4:4}, at: hub_event+0x17c/0x4f60 [ 828.627178][ T39] #3: ffff8880392fe210 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x450 [ 828.627282][ T39] #4: ffff888042f8e1d8 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x450 [ 828.627335][ T39] #5: ffff88802723dc58 (hcd->bandwidth_mutex){+.+.}-{4:4}, at: usb_set_interface+0x353/0x1450 [ 828.627438][ T39] 10 locks held by kworker/1:1/18370: [ 828.627450][ T39] #0: ffff88805c80c938 ((wq_completion)wg-crypt-wg1#7){+.+.}-{0:0}, at: process_one_work+0x890/0x1710 [ 828.627500][ T39] #1: ffffc9000fd2fc40 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710 [ 828.627600][ T39] #2: ffffffff8e25f280 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 828.627647][ T39] #3: ffffffff8e3c8100 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 828.627692][ T39] #4: ffff888034562ce8 (&peer->endpoint_lock){++..}-{3:3}, at: wg_socket_send_skb_to_peer+0x6e/0x200 [ 828.627794][ T39] #5: ffffffff8e3c8100 (rcu_read_lock){....}-{1:3}, at: rt_read_lock+0x277/0x4b0 [ 828.627846][ T39] #6: ffffffff8e25f280 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 828.627937][ T39] #7: ffffffff8e3c8160 (rcu_read_lock_bh){....}-{1:3}, at: send4+0x220/0xed0 [ 828.731836][ T39] #8: ffff8880b873b9a0 (&rq->__lock){-...}-{2:2}, at: raw_spin_rq_lock_nested+0x31/0x150 [ 828.731895][ T39] #9: ffff8880b87246c8 (psi_seq){-...}-{0:0}, at: psi_task_switch+0x53/0x880 [ 828.731942][ T39] 1 lock held by syz-executor/21322: [ 828.731955][ T39] #0: ffffffff8e00a0a8 (tasklist_lock){++++}-{3:3}, at: __do_wait+0xe1/0x740 [ 828.732004][ T39] 1 lock held by syz-executor/21328: [ 828.732015][ T39] #0: ffffffff8e00a0a8 (tasklist_lock){++++}-{3:3}, at: __do_wait+0xe1/0x740 [ 828.732065][ T39] 1 lock held by syz-executor/21864: [ 828.732076][ T39] #0: ffff888039c000d0 (&type->s_umount_key#79){+.+.}-{4:4}, at: deactivate_super+0xa9/0xe0 [ 828.732133][ T39] 1 lock held by syz-executor/22530: [ 828.732144][ T39] #0: ffffffff8e00a0a8 (tasklist_lock){++++}-{3:3}, at: __do_wait+0xe1/0x740 [ 828.732192][ T39] 9 locks held by syz-executor/24017: [ 828.732204][ T39] #0: ffffffff8e4992f0 (dup_mmap_sem){.+.+}-{0:0}, at: copy_mm+0x130/0x4a0 [ 828.732246][ T39] #1: ffff88803a5f44b0 (&mm->mmap_lock){++++}-{4:4}, at: dup_mmap+0x181/0x1d50 [ 828.732296][ T39] #2: ffff888039e490b0 (&mm->mmap_lock/1){+.+.}-{4:4}, at: dup_mmap+0x26f/0x1d50 [ 828.732355][ T39] #3: ffffffff8e3c8100 (rcu_read_lock){....}-{1:3}, at: __pte_offset_map+0x29/0x200 [ 828.732402][ T39] #4: ffff888060c37658 (ptlock_ptr(ptdesc)#2){+.+.}-{3:3}, at: pte_offset_map_lock+0x13d/0x210 [ 828.732454][ T39] #5: ffffffff8e3c8100 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 828.732502][ T39] #6: ffffffff8e3c8100 (rcu_read_lock){....}-{1:3}, at: __pte_offset_map+0x29/0x200 [ 828.732548][ T39] #7: ffff888042d86898 (ptlock_ptr(ptdesc)#2/1){+.+.}-{3:3}, at: copy_pmd_range+0x5ae/0x5550 [ 828.732606][ T39] #8: ffffffff8e3c8100 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock_nested+0x1de/0x3f0 [ 828.732657][ T39] 1 lock held by syz-executor/26666: [ 828.732668][ T39] #0: ffffffff8e00a0a8 (tasklist_lock){++++}-{3:3}, at: __do_wait+0xe1/0x740 [ 828.732717][ T39] 2 locks held by syz.6.9363/27610: [ 828.732729][ T39] #0: ffffffff8e408330 (cgroup_threadgroup_rwsem){++++}-{0:0}, at: copy_process+0x2a41/0x4460 [ 828.732771][ T39] #1: ffffffff8e00a0a8 (tasklist_lock){++++}-{3:3}, at: copy_process+0x2b66/0x4460 [ 828.732816][ T39] [ 828.732821][ T39] ============================================= [ 828.732821][ T39] [ 828.732841][ T39] NMI backtrace for cpu 0 [ 828.732860][ T39] CPU: 0 UID: 0 PID: 39 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 828.732885][ T39] Tainted: [L]=SOFTLOCKUP [ 828.732892][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 828.732904][ T39] Call Trace: [ 828.732911][ T39] [ 828.732919][ T39] dump_stack_lvl+0xe8/0x150 [ 828.732942][ T39] nmi_cpu_backtrace+0x274/0x2d0 [ 828.732966][ T39] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 828.732988][ T39] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 828.733014][ T39] sys_info+0x135/0x170 [ 828.733035][ T39] watchdog+0xfd3/0x1030 [ 828.733062][ T39] ? watchdog+0x1c9/0x1030 [ 828.733086][ T39] kthread+0x388/0x470 [ 828.733109][ T39] ? __pfx_watchdog+0x10/0x10 [ 828.733126][ T39] ? __pfx_kthread+0x10/0x10 [ 828.733151][ T39] ret_from_fork+0x514/0xb70 [ 828.733174][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 828.733193][ T39] ? __switch_to+0xc79/0x1410 [ 828.733221][ T39] ? __pfx_kthread+0x10/0x10 [ 828.733246][ T39] ret_from_fork_asm+0x1a/0x30 [ 828.733281][ T39] [ 828.733303][ T39] Sending NMI from CPU 0 to CPUs 1: [ 828.733339][ C1] NMI backtrace for cpu 1 [ 828.733354][ C1] CPU: 1 UID: 0 PID: 17 Comm: pr/legacy Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 828.733376][ C1] Tainted: [L]=SOFTLOCKUP [ 828.733382][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 828.733392][ C1] RIP: 0010:io_serial_in+0x77/0xc0 [ 828.733411][ C1] Code: e8 3e 9c 7d fc 44 89 f9 d3 e3 49 83 ee 80 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 ef 12 e7 fc 41 03 1e 89 da ec <0f> b6 c0 5b 41 5c 41 5e 41 5f e9 ca fa fd 05 cc 44 89 f9 80 e1 07 [ 828.733425][ C1] RSP: 0018:ffffc900001679d0 EFLAGS: 00000202 [ 828.733440][ C1] RAX: 1ffffffff3405f00 RBX: 00000000000003fd RCX: 0000000000000000 [ 828.733452][ C1] RDX: 00000000000003fd RSI: 0000000000000000 RDI: 0000000000000000 [ 828.733462][ C1] RBP: ffffffff9a02fb10 R08: 0000000000000000 R09: 0000000000000000 [ 828.733473][ C1] R10: dffffc0000000000 R11: ffffffff85475d10 R12: dffffc0000000000 [ 828.733485][ C1] R13: 0000000000000000 R14: ffffffff9a02f880 R15: 0000000000000000 [ 828.733496][ C1] FS: 0000000000000000(0000) GS:ffff888125b62000(0000) knlGS:0000000000000000 [ 828.733510][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 828.733522][ C1] CR2: 00007f520f1a56b8 CR3: 00000000391a0000 CR4: 00000000003526f0 [ 828.733536][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 828.733547][ C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 828.733557][ C1] Call Trace: [ 828.733569][ C1] [ 828.733577][ C1] wait_for_lsr+0x1aa/0x2f0 [ 828.733597][ C1] serial8250_console_write+0x120d/0x1b90 [ 828.733621][ C1] ? __pfx_serial8250_console_write+0x10/0x10 [ 828.733637][ C1] ? console_flush_one_record+0xfa/0xb90 [ 828.733659][ C1] ? console_flush_one_record+0x48f/0xb90 [ 828.733680][ C1] console_flush_one_record+0x68b/0xb90 [ 828.733702][ C1] ? console_flush_one_record+0xfa/0xb90 [ 828.733723][ C1] ? __pfx_console_flush_one_record+0x10/0x10 [ 828.733743][ C1] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 828.733762][ C1] legacy_kthread_func+0x1b6/0x250 [ 828.733782][ C1] ? __pfx_legacy_kthread_func+0x10/0x10 [ 828.733801][ C1] ? __pfx_autoremove_wake_function+0x10/0x10 [ 828.733821][ C1] ? __kthread_parkme+0x7a/0x1f0 [ 828.733842][ C1] kthread+0x388/0x470 [ 828.733861][ C1] ? __pfx_legacy_kthread_func+0x10/0x10 [ 828.733878][ C1] ? __pfx_kthread+0x10/0x10 [ 828.733898][ C1] ret_from_fork+0x514/0xb70 [ 828.733915][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 828.733931][ C1] ? __switch_to+0xc79/0x1410 [ 828.733953][ C1] ? __pfx_kthread+0x10/0x10 [ 828.733973][ C1] ret_from_fork_asm+0x1a/0x30 [ 828.733998][ C1] [ 828.744186][ T39] Kernel panic - not syncing: hung_task: blocked tasks [ 828.744209][ T39] CPU: 0 UID: 0 PID: 39 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 828.744235][ T39] Tainted: [L]=SOFTLOCKUP [ 828.744247][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 828.744259][ T39] Call Trace: [ 828.744267][ T39] [ 828.744275][ T39] vpanic+0x56c/0xa60 [ 828.744302][ T39] ? __pfx___schedule+0x10/0x10 [ 828.744338][ T39] ? __pfx_vpanic+0x10/0x10 [ 828.744369][ T39] panic+0xc5/0xd0 [ 828.744390][ T39] ? __pfx_panic+0x10/0x10 [ 828.744414][ T39] ? preempt_schedule_thunk+0x16/0x30 [ 828.744444][ T39] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 828.744472][ T39] watchdog+0x102c/0x1030 [ 828.744500][ T39] ? watchdog+0x1c9/0x1030 [ 828.744526][ T39] kthread+0x388/0x470 [ 828.744550][ T39] ? __pfx_watchdog+0x10/0x10 [ 828.744568][ T39] ? __pfx_kthread+0x10/0x10 [ 828.744593][ T39] ret_from_fork+0x514/0xb70 [ 828.744616][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 828.744637][ T39] ? __switch_to+0xc79/0x1410 [ 828.744665][ T39] ? __pfx_kthread+0x10/0x10 [ 828.744689][ T39] ret_from_fork_asm+0x1a/0x30 [ 828.744725][ T39] [ 828.744873][ T39] Kernel Offset: disabled