last executing test programs: 4m43.097952253s ago: executing program 3 (id=2864): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000200)={@in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x22, 0x0, "43cad7b04bde5bbd8035d89034a56bad61a87c614899a37c5d0d7da4d7fc948375f3593dbd21eb7618ffb4ff4984e01eedc37998dd16526edb40eaadabe6cd2bd9f9dfeade7787ea64309c01ae05fb70"}, 0xd8) setsockopt$inet_tcp_int(r0, 0x6, 0x20, &(0x7f0000000040)=0x2, 0xf6) 4m43.017713947s ago: executing program 3 (id=2865): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4020aeb2, &(0x7f0000000300)={0x0, 0x12c, @ioapic={0xffff1000, 0x8000, 0x2, 0x80000001, 0x0, [{0x1, 0x85, 0x1, '\x00', 0x4}, {0x5, 0x3, 0xf4, '\x00', 0x6}, {0x7, 0x3, 0xe, '\x00', 0x3b}, {0x4e, 0xe, 0xd6, '\x00', 0x86}, {0xc, 0xb, 0x6, '\x00', 0x4}, {0xf, 0x8, 0xf5, '\x00', 0x3}, {0x2, 0xa, 0x50, '\x00', 0x8}, {0x88, 0x3, 0x2a, '\x00', 0x80}, {0x4, 0x0, 0xd, '\x00', 0x1}, {0x8, 0x9, 0x3, '\x00', 0x1}, {0x3, 0x6, 0x3, '\x00', 0x6}, {0x2, 0x9, 0x0, '\x00', 0x7f}, {0x14, 0x51, 0xa, '\x00', 0xfc}, {0xe, 0xfc, 0x5, '\x00', 0x1}, {0x9, 0x2, 0x6, '\x00', 0x9}, {0x1, 0x3, 0xfe, '\x00', 0x3}, {0x2, 0xb, 0xd6, '\x00', 0x7e}, {0x7, 0x15, 0xca, '\x00', 0x6}, {0x0, 0x1, 0x4, '\x00', 0x13}, {0x4, 0x0, 0x40, '\x00', 0xda}, {0x3, 0x3, 0x6, '\x00', 0x9}, {0x9, 0x3, 0x1, '\x00', 0x2}, {0xf9, 0x1, 0x4, '\x00', 0x8}, {0x8, 0xc, 0x0, '\x00', 0x6}]}}) 4m42.879042229s ago: executing program 3 (id=2869): r0 = socket$rxrpc(0x21, 0x2, 0xa) connect$rxrpc(r0, &(0x7f0000000380)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e22, 0x2, @mcast1, 0x3}}, 0x24) setsockopt$RXRPC_SECURITY_KEYRING(r0, 0x110, 0x2, 0x0, 0x0) 4m42.781344851s ago: executing program 3 (id=2871): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'geneve1\x00', 0x0}) sendto$packet(r0, &(0x7f0000000140)="480323000c00000006001e008900", 0xe, 0x1, &(0x7f0000000540)={0xc9, 0x88a8, r1, 0x1, 0x7, 0x6, @broadcast}, 0x14) 4m42.74957021s ago: executing program 3 (id=2873): r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x10) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) 4m42.690570003s ago: executing program 3 (id=2875): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r1 = landlock_create_ruleset(&(0x7f00000002c0)={0x7d4a}, 0x18, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000000)={0x210a, r0}, 0x0) 4m27.623881725s ago: executing program 32 (id=2875): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r1 = landlock_create_ruleset(&(0x7f00000002c0)={0x7d4a}, 0x18, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000000)={0x210a, r0}, 0x0) 2m54.93466908s ago: executing program 4 (id=4782): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) lsetxattr$system_posix_acl(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000340)='system.posix_acl_default\x00', &(0x7f0000000000), 0x24, 0x0) rmdir(&(0x7f00000001c0)='./file0\x00') 2m54.798692058s ago: executing program 4 (id=4784): r0 = socket$netlink(0x10, 0x3, 0x4) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r1, 0xc0189373, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {0x1}}, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}) 2m54.720482818s ago: executing program 4 (id=4786): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000300)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f00000001c0)={0x18, 0x110, 0xfa00, {r1, 0x7fffffff, 0x12, 0x0, 0x0, @in6={0xa, 0x4e22, 0x100, @private1={0xfc, 0x1, '\x00', 0x2}, 0x9}, @in6={0xa, 0x4e22, 0x2, @local, 0x2}}}, 0x118) 2m54.589588326s ago: executing program 4 (id=4791): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x30, r1, 0x1, 0x70bd2a, 0x25dfdbfb, {{}, {}, {0x14, 0x19, {0x2, 0x1, 0x1, 0x8}}}}, 0x30}, 0x1, 0x0, 0x0, 0x404c0c0}, 0x9004) 2m54.495352038s ago: executing program 4 (id=4792): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000004, 0x11, r0, 0x6f000) 2m54.342882432s ago: executing program 4 (id=4797): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r0) 2m39.242814181s ago: executing program 33 (id=4797): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r0) 2m25.394961764s ago: executing program 0 (id=5084): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) bind$ax25(r1, &(0x7f0000000100)={{0x3, @null, 0x1}, [@null, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48) close_range(r0, 0xffffffffffffffff, 0x0) 2m25.263950145s ago: executing program 0 (id=5087): r0 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3) fcntl$addseals(r0, 0x409, 0x8) fallocate(r0, 0x3, 0x9100, 0x3) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 2m25.0480213s ago: executing program 0 (id=5091): r0 = mq_open(&(0x7f0000000480)='!sel\x00\x00\x00\x10\x00\x00\x00\x00\xd7\\P\xc1\xde.O\xcb]0y\x00\x00\x00\x00\x00\x00\x00\x00', 0x6e93ebbbcc0884f2, 0x196, &(0x7f0000000440)={0x2000000000002000, 0x1, 0x56, 0x3}) mq_timedsend(r0, 0x0, 0x0, 0x9, 0x0) mq_timedsend(r0, 0x0, 0x0, 0x0, 0x0) mq_timedreceive(r0, &(0x7f0000000880)=""/202, 0xca, 0x100000000000000, 0x0) 2m24.824765254s ago: executing program 0 (id=5094): mkdir(&(0x7f0000000940)='./file0\x00', 0x51) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x1) 2m24.67793011s ago: executing program 0 (id=5098): r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000280)={r1, r1, 0x9, 0xed, 0x0, 0x9, 0x7, 0x2, 0x5508, 0xa35, 0x7ffffffe, 0x1, 'syz0\x00'}) 2m24.120420927s ago: executing program 0 (id=5107): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0xfffffff1}) bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x21, @none}, 0xe) r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x8002) ioctl$SCSI_IOCTL_GET_PCI(r0, 0x5393, &(0x7f0000000000)) 2m23.754452613s ago: executing program 34 (id=5107): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0xfffffff1}) bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x21, @none}, 0xe) r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x8002) ioctl$SCSI_IOCTL_GET_PCI(r0, 0x5393, &(0x7f0000000000)) 1m33.302954039s ago: executing program 2 (id=5803): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, &(0x7f0000000380)=ANY=[@ANYBLOB="c60009"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000001640)={0x24, 0x0, 0x0, &(0x7f0000001bc0)={0x0, 0x22, 0x1, {[@main=@item_012={0x0, 0x0, 0x9}]}}, 0x0}, 0x0) 1m31.326553109s ago: executing program 2 (id=5824): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='tracefs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000380)={[{@uuid_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) 1m31.230073228s ago: executing program 2 (id=5827): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r1, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=[@rights={{0x14, 0x1, 0x1, [r1]}}], 0x18, 0x4000801}, 0xd0) recvmsg$unix(r0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f00000013c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) 1m31.127387664s ago: executing program 2 (id=5829): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) rename(&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='./file1\x00') 1m31.038821523s ago: executing program 2 (id=5832): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x6) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000080)={0x101a57, 0xc238, 0x6, 0xa, 0x5, "04ad7d2ed56d6b00f88d530d0033d3040d00", 0x20000086, 0x7}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0xa) 1m30.448826585s ago: executing program 2 (id=5839): r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f00000001c0)={0x1d, r1}, 0x10) setsockopt$CAN_RAW_ERR_FILTER(r0, 0x65, 0x2, &(0x7f0000000080)=0x1, 0x4) 1m30.217407319s ago: executing program 35 (id=5839): r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f00000001c0)={0x1d, r1}, 0x10) setsockopt$CAN_RAW_ERR_FILTER(r0, 0x65, 0x2, &(0x7f0000000080)=0x1, 0x4) 1m3.8237998s ago: executing program 7 (id=6142): mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000980)='cpu.idle\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000240)=ANY=[], 0x27) 1m3.769063661s ago: executing program 7 (id=6143): mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ff5000/0x3000)=nil) r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x100}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa08, &(0x7f0000000000)={{&(0x7f0000ffd000/0x2000)=nil, 0x2000}, 0x1}) 1m3.722723102s ago: executing program 7 (id=6144): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x5, 0x9, 0x5}]}, 0x10) sendto$inet6(r0, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) 1m3.672487457s ago: executing program 7 (id=6145): mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b) mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0) mount$bpf(0x200000000000, &(0x7f0000000000)='.\x00', 0x0, 0x8b7848, 0x0) mount$bpf(0x200000000000, &(0x7f0000000100)='./file0\x00', 0x0, 0xb7848, 0x0) 1m3.624869034s ago: executing program 7 (id=6146): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000040)=0x80000000) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f00000001c0)) readv(r0, &(0x7f0000001500)=[{&(0x7f0000000080)=""/151, 0x97}], 0x1) 1m3.41362259s ago: executing program 7 (id=6149): capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0xdc) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x0) renameat(0xffffffffffffff9c, &(0x7f0000000180)='./file1/file4\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00') 1m3.118381904s ago: executing program 36 (id=6149): capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0xdc) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x0) renameat(0xffffffffffffff9c, &(0x7f0000000180)='./file1/file4\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00') 5.05384707s ago: executing program 6 (id=7007): munmap(&(0x7f0000002000/0x2000)=nil, 0x2000) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) write$tun(r0, &(0x7f0000001240)={@val={0x2f3a, 0x800}, @val={0x0, 0x3, 0x1, 0xfffe}, @ipv4=@tcp={{0x5, 0x4, 0x2, 0x2, 0xdb3, 0x68, 0x0, 0x5, 0x6, 0x0, @initdev={0xac, 0x1e, 0x3, 0x0}, @broadcast}, {{0x4e20, 0x4e21, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0x2, 0x141a, 0x0, 0x15f1}, {"b898f48a5203aec1c20360cd2ef7d58da55b659aa6992f305f3fb5d188f517abf96e559cce7d2282a54862bc80a51035e81c9f2d030a6cd6e7c83ed735fe91a467f79be2c7d85f7529eff6f03e92199b12eae0ad8d098f78165de6ccd711c6be47076c700a8a74e5b91a9355bb250b70cc5af2c4219f1cf2fa23910722a02956f3612fc9f024e77b9d745b22dacc05c41e125d6487e6ffd4ca8db7a1f2befb5708d551a43ad989dc418b24f8fefc9febd72b8504db532be5759ec8a0e4e48662c5f29dd566101c64946a9c9b8e12fd22f56093a80f345a106dc2b95ccb043f0131602e6ef13caddcc9fcfa2e40ab3b603ff5881f4fba3c8bbfffd05510a5952a6335b6e02fe85927bd050bfc265b2afd2735345a9380f5af87e6a3d2479fc06afc9252d7d28710570837daa46d2b942be5433f46ca6cc0efe65e5b874fede589d6026c20e28749a857eb0b9bd9157a247cde360572592da40909d903ef6c4c10cc06f59b45d0e0991bc820bfef700ca4e2b6aad5c32d2a8a807e9333e0eddec1c0ed393deb690e1b827db9f5da75dbc32874e5fcc5c76c05c0ec2fb1e8d5918cd09023865e9008cca311ed9672237bcf925fa09ae410683726998bf0ef51937e764e55a09e009429c8eeae288eda500541b7a33d29d492493084ba2c0a89dc61126d3fae08440bb57473adfdeadb98bdada889ebc36ae25649e5b7187e0d2dd011b39e037f3cad6e0e2161ab344173e125545945b1debe71f24213f581df639d486bf77ccc6da56997708b76eb6cbde470ad004fbfb84e8d1495a2d7bb544f282dad56316b50472015c74847e3209ef4a6edbff327ec99dd0288214d9329f433bc71698808201bf0a769d608fac5faf16c32a09c34750040d9d19aa8b4071c051338527952e5afcfd2e33a894769d4c6dd5f1a3c47583ff6e3c154eff46c1942bbc357add5253d96f5b6dc6e440271a377b03db190ed081e2989dec4a839e1c2d7fecfaa2459f62151b9ef4716fbc15fd86812763fbaf38e4d5af6d0c8b830436770819361104f30bd8ba795f9104dfb7370d1c6940819d6432b159fbbe633a093ff4dc3c44c4623e16eddb6151ef904fc96b87957ab22230dd6c2458fbaa438d3c222c055ce4253db8fdda2077f0159fddc1306b0277d122c51cc577b2b6dee459f1bf28c6d94178a0fc3e382f6b58e1db6cda5eca7dc0720e61d59ec794a02295ccdeedc811457e30e8548a8be271c69f0cbfd08fdcfa281ec3b1ea7bb2ff784be0a732344cc0978b37507d448330149537f1de512d4952e2d6a8901be7bf9c8497ffdc3910096e2ef5c2d056f909621f1c8c90702c9469fcfb9ccda91123da96c4c8381718624e74948ce35b4ddc47982d392d84fe377a0e4edcf34f4bc814d12a5fee04ed6750b074fd046a47c59b84c6d465bce16101ced3d8f6b8a9d1d8b96f730569dd4bce831c188c236b5c600349932d42d846dbd6d5ecd07a89c6f535237567aebd4eb12bbfe5120e0c0e5f077005394e71772d796bbe82be4e014c63c8a1c4bbbddf186d94eb73313e91a97ce8ade5c6ec3defd412842f1afc7c642bbb94ce29a16ea298291519a5f5a6f5782a17fcd9af20699f70307270c5b6f88606c986aae6766130d63278b64a09fa4850ec92b72d2e19f1b8a305c237061af9f85ea6d2d33ea5c77754eaaa0b221e7883da6e95d6f031f033df057faa24c078a7ad1e922f371b076d7b492d5837f6f4a0980f882b160f581f2fdd551baf1fdccfb2677871eb55bdaf8c6c158bb9ae0684fec562045ba365ff7443c60e7381d0ffa426b98640bc6f95b8191dc2e14cec948871d5fbbfe46c6f669c1a4f98dc4cfdebe8bca4fd627acb4b0d710b49a2db10d75c9c80875d766c976116e7a2245088cc70a51242756710a6164e417d4fe7f2bb4f878df548598021f246492211d9c780a9d66b47c19e4924f2ba392a54ddbf73d61eab4c45dfa3510f705bd23c0ecc7210b3f982e328142f74e10edce9677990b862965594b9c671dc0e7c193b7df65de53f953e53ec0789a36c0895cf063ff0d2711b28e177d457192493454d07ad162c8f4a2db7db5761928fdb45311a44be6af7e170b3dd38783ceb9c5745deb957f6fc1cc073d7abe2cc5c58c29136b89c745085304457ce9e1394b1c4de3c664fa843c5183e45f65137e57b627a9938dfcb3cdf60829e5d8014534df04da80c53613a419d8811a4cc9f8a483a3488f942b1e9f69730f9861b70d6e42efbb147ce969854a56877c64a9c5e7e3852994d8d36b86aadc74c3b765307af433c23b0e963f95966beb7cc859bcf9217a52df243a41532cb4b0b316677db0104f12aca9fee6fd5908169451b0fcccf0cfdfbf3de802cc2488a532d5d7de6582c5645160c5ef673d2c95d5b8b2d99ed9486c069798f13c14eab4c99fd509fa9f879d18a5f0bdefd8f44ad0c9280ca9335ed661cb6cc22264f95e1f3443b41a044e4a15ab73f20bed9f6caa6bf231351fd882c11320e40f61718d4c43e99f98a72b459e9ce6eab66903a4ca67560e6c3579c558140e9a035d380b21064f70ed5ad62be784e4f75619fe92a4b6c22438a5907bb234570b962389228a9a454caa0579253a8d697dd890663f0bbed83e2c249dcab4db3d4124202abed769bbc90aa21ae521d9153352bec7eb6e0623fe9486bb2c1dbda0726daa64343304e6b878f768404848e5df3be0f1838f71a232cc8737fbc62172c7ee73306edf0b621e76ef35d76c86473926f47bfaaf943abcf63a81449006583ecfbbc3c498f5dd176bbff6e4e51134ffa5b92dcf4719cb789c9fec63955607da72b335ef7fe1c12dc9cdf44a9e83d7ab5a51977ba1168354a1e89bc5e420329c5864393bd3c72cd9f2c9d7b8e79f661a37f4a03105e77aaa28f4978f44abc4f89c458080e93cfaa043c105f396badc033d12dbed823a2e4d24406c7b77cd33630e6257d21a27857beaad037c1031a319d79e6103e1b7600ad9d418e5af02d372d0ddd5e328edf7245b7907632eae607992a8048a24721e8ce32a5be8adc4704c58de99613bf254d0448c452b7e81fdfd8b3c1b3ff8d573678448aef089e5477e1174bc424c77b08bf81144faadd289d04a02fc19cab03ff2cee402693fb215c4b4b12afcbc532646eed43aa6408df1b2d738e611d5082053882b5a69e0e6ae967c89ebb2980c933c04337acac94130de8e1e99acb3878685a4d0e3f7c95179f4e8d6674ced26a91099da84fa0ff485a0cab23b35de4f8091a22e22a969d1daf17549b092b0353468b3d0918f514a1248a3d4a19767bf037cff673771fa22c6ee4952728a8126eac03e50aece013d0c59bb9bc230c48f3115b37a482bae47ca56f8b10419f78195ec89dbd381a04a7ffb645ad53f60783d4997d7cab42591735ad56d565d33325715e2fc29ed8c64869485fd6e14136f4a5f66681668b519c749a790b6417a853ef04015aeeefc48bd85aa351186f728b5f1b0183c03d2168d52dbed1ce13aa3c673458dabeed746d513593b6c561a79f399b498396fd94473aa2acea127591eeeff8f691dddf95288e06203c1e779ba7f5b2b7764e8aad4a44e547d5470193acfbfac984bdda75d8b35eb2258abdcf47ee7df549d499204d19c0b89a91f1aef847f375b5cf1f0829d538d14361327073c0edb6605810f330c401270c8eb35eb97aed751feb21211a51a9031ed386fa1598618a38ae9a1c86ae64c84727b1864f64b4da71a7a3195c2757fed49945d63458d89cf5c536bdd441f3f265fc9d61a554087a9b2b83660c0c17e15d9d1d40065ba244453fb08b4ea027e3301ea254513633704ca1a496c7ad2227ca99cf07c58b1c11deb9216e940e2e1243d75b4a6882e84581cc727bcfea0d20d39cb545830a99da07659b347922df1f29ca7496e493826fac4b8f1d641fee7460e99fccd8672473e59a6c240d09a541e460e5f2945776c707212bb33a5ee5051961f21592d9ea3ae018b8fbc2140e6151f14ff033a6dbb1afbddd684b6a9d5f29b7f273b430dab91c53cd89e191adc78c7ce20bb4340425531cfc23f119a5eab1d7c73bc703b7fba48c8038c068df1f77eda5e18b2f2609d9d99de2768349987ba51cb98f698797051844c0c8637bf2f7ffac991ccf95e1b5eae9d7d25e7f3e0bdc788d99754a8be1baddafc4f0914f1a05bf8bec1a40bd2135539150da59d4163c67a575bc6dd7f2f786114c372842795601e8569e28c949e8bdc96e5a43cb6639dedf1ef1f054e0d42589a16d30e296b6dfdac6e13a6c68e03bd39dc172b6007b01793ceafa13c6379d2b820e98e9e87891e3bbdc688f62c56ef80c67ad066a53e36141af58fa9734429498580dc6d32d1c2e8cc722b4f9dd9d165d07b7b536c398df39dee06f48ad422492fe1777619f49e153ad276c86fbf8f607e7b1e9d6040889f166eb8a73ddba4668d6618b31c36b6427b1cd3cb97ef268ec1f1b049a35bceddff9147fde7309db0c474be42a6d54150172df4d5614106ea5f134cf543a70105a0a75f649d6de1a9bd3858bcccf3b220886ea6a7702dbe7f17e03a022a0ffc5145da4895bcb41da3fc5a2a10bc7b2a70a3a86ef8fa600d24894260cdbbf3c36313f3b1e9e8096921b625cb9c7f3ab8423277c9b80743a2185c95e9e7fb3f6d63669257fac197b7a73c5a4a2c4a2df52af705b46b56ade64c8a4265373a770676ec7fe3738843402f63a79f0ddb59e4bf439e4eac709a0127e9588e1538872af3916a12a1a850206392c16e17fab5a7d72bc3e9caad7bab64481728861016c124888210d06e31005ffbd39a65abbf69ce1683de2bb9f90e4955deb7afd23e90e3e11fcbd55627ab48cea806cf5da35e094bbaab42dbbdb454599a6659c2ce1084"}}}}, 0xdc1) 4.935454009s ago: executing program 6 (id=7010): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000dc02007800"], 0xb8}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20050800) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="180000007600"], 0x1c}], 0x1, 0x0, 0x0, 0x4004000}, 0x0) 4.854322378s ago: executing program 6 (id=7011): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha224\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmsg$nl_route_sched_retired(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=@newchain={0x24, 0x64, 0x100, 0x70bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x1, 0x6}, {0xfff1, 0x6}, {0x5, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x4004094) 4.798048825s ago: executing program 6 (id=7013): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870fd00090582020002"], 0x0) syz_usb_connect(0x3, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d64ed1040206402d14e0102"], 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x12, &(0x7f0000000000)=ANY=[@ANYBLOB="a200004ef3b11f948ef66b0ee0b3d41b1b"]) 2.385025104s ago: executing program 8 (id=7070): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x82042, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000001c0)={0x1, 0x0, [{0x4000006e, 0x0, 0x8004}]}) 2.173558914s ago: executing program 8 (id=7074): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000100)={0x1, 0x0, [{0x400000b1, 0x0, 0xfffffffffffffff7}]}) 1.949394978s ago: executing program 8 (id=7079): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) creat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0x0) 1.868406288s ago: executing program 8 (id=7081): mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x200000b, 0x132, 0xffffffffffffffff, 0xffffd000) munmap(&(0x7f0000069000/0x2000)=nil, 0x2000) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='memory.swap.current\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b) 1.71772159s ago: executing program 6 (id=7083): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000080), 0x45ffffa, 0x281) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000001100)={r0, 0x0, {0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x1c, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "244333791f045158d97405000000000000040000000100", [0xfffffffffeff7ffc]}}) ioctl$BTRFS_IOC_SPACE_INFO(r1, 0x4c08, 0x0) 1.717572509s ago: executing program 8 (id=7084): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040), 0x6) capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40}) ioctl$sock_bt_hci(r0, 0x400448e7, 0x0) 1.537679371s ago: executing program 8 (id=7087): r0 = syz_usb_connect(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000a1121710950b2a17f4f7010203010902340001000000000904fb00026c5d650009050402100000fa000905820240"], 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$uac3(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000140)={0x0, 0x17, 0x6, "7b2c746f0e7d"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000019640)={0x44, &(0x7f0000000300)={0x40, 0x16, 0x1, "0e"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.479699154s ago: executing program 1 (id=7088): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000003c0)={0x1, 0x0, [{0xc001001b, 0x0, 0x102}]}) 1.413752905s ago: executing program 6 (id=7090): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000106a05310300000000000109022400010000800009040002010300010009210000000122f80409058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(0xffffffffffffffff, &(0x7f00000000c0)={0x14, &(0x7f0000000180)={0x20, 0x22, 0x5e, {0x5e, 0x5, "472b2afe36d8e7ef6b1a2a0afe99ab7b9fd1348f6262fcbeac3b38675b0f679f2d962bc5e68034847993a261c012671832d4c92e0b589af9e85553802066423cef02115f03b69909255e894d2336b0b8af7585b598e9c24ededcd557"}}, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) 1.248229533s ago: executing program 1 (id=7092): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x42, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x17b}]}) 1.071850248s ago: executing program 1 (id=7094): r0 = fsopen(&(0x7f0000000000)='sysfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) renameat2(r1, &(0x7f00000003c0)='./bus\x00', r1, &(0x7f00000001c0)='./file0\x00', 0x4) 989.954197ms ago: executing program 1 (id=7095): unshare(0x22020600) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x11, &(0x7f0000000080)=0x6, 0x4) 893.378499ms ago: executing program 1 (id=7097): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000240)={0x0, 0x10, &(0x7f0000000140)=[@in={0x2, 0x4e22, @private=0xa010100}]}, &(0x7f0000000040)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000080)=0xff73) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000080)={r1, @in={{0x2, 0x4e21, @empty}}, 0x5, 0x0, 0x80000003, 0x4, 0xe2d8f2eb1d010935, 0x5, 0x7}, 0x9c) 497.246323ms ago: executing program 5 (id=7103): symlink(&(0x7f0000000080)='.\x00', &(0x7f0000000200)='./file0\x00') chmod(&(0x7f0000000100)='./file0\x00', 0x38c) lchown(&(0x7f00000001c0)='./file0\x00', 0xee00, 0x0) open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) 473.069799ms ago: executing program 5 (id=7104): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000040)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000000000000000020000000000000000001"], 0xfc}}, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0xd) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='attr/current\x00') utimensat(r0, 0x0, &(0x7f0000000040)={{0x0, 0xea60}, {0x0, 0x3fffffff}}, 0x0) 413.536633ms ago: executing program 5 (id=7105): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f0000000000)="d1", 0x1, 0x24004000, &(0x7f0000000100)={0xa, 0x4e24, 0x7f, @remote, 0x5}, 0x1c) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000100)={0x0, 0x5}, 0x8) 292.853767ms ago: executing program 5 (id=7106): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000200)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x2d8}]]}, 0x30}}, 0x0) 221.411983ms ago: executing program 5 (id=7107): newfstatat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x4000) setresuid(r0, r0, 0x0) r1 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, 0x0, 0x0) 214.008579ms ago: executing program 5 (id=7108): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0x40015b0b, &(0x7f0000000000)) 0s ago: executing program 1 (id=7109): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000140)={0x48, r1, 0x1, 0xffffffff, 0x0, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x16c}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7fff}, @NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}]}]}, 0x48}}, 0x20000000) kernel console output (not intermixed with test programs): = -90 [ 349.066914][ T5891] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 349.098045][ T5891] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 349.136853][ T5891] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 349.167413][ T5891] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 349.200652][ T810] usb 5-1: Using ep0 maxpacket: 16 [ 349.205977][ T5891] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 349.236509][ T810] usb 5-1: config 8 has an invalid interface number: 46 but max is 0 [ 349.245864][ T810] usb 5-1: config 8 has no interface number 0 [ 349.255061][ T5891] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 349.263320][ T810] usb 5-1: config 8 interface 46 has no altsetting 0 [ 349.276885][ T5891] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 349.288797][ T810] usb 5-1: New USB device found, idVendor=084f, idProduct=0001, bcdDevice=98.9e [ 349.306898][ T810] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 349.315121][ T810] usb 5-1: Product: syz [ 349.319609][ T810] usb 5-1: Manufacturer: syz [ 349.327130][ T5891] mceusb 3-1:0.0: Registered with mce emulator interface version 1 [ 349.337463][ T810] usb 5-1: SerialNumber: syz [ 349.368129][ T5891] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 349.408719][ T5891] usb 3-1: USB disconnect, device number 39 [ 349.591835][ T810] empeg 5-1:8.46: empeg converter detected [ 349.603501][ T810] usb 5-1: active config #8 != 1 ?? [ 349.624636][ T810] usb 5-1: USB disconnect, device number 12 [ 350.696093][T16402] program syz.0.4719 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 351.769034][T16452] sg_write: data in/out 163806/24 bytes for SCSI command 0x0-- guessing data in; [ 351.769034][T16452] program syz.2.4740 not setting count and/or reply_len properly [ 353.630145][T16532] syz.1.4780 (16532) used greatest stack depth: 16232 bytes left [ 354.799521][T16584] netlink: 212 bytes leftover after parsing attributes in process `syz.1.4807'. [ 355.171377][ T810] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 355.338870][ T810] usb 2-1: unable to get BOS descriptor or descriptor too short [ 355.364038][ T810] usb 2-1: string descriptor 0 read error: -22 [ 355.372199][ T810] usb 2-1: New USB device found, idVendor=2466, idProduct=8010, bcdDevice= 0.40 [ 355.384338][ T810] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 355.844939][ T810] usb 2-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 356.027387][ T810] usb 2-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 356.095302][T16607] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4818'. [ 356.215748][ T810] usb 2-1: USB disconnect, device number 36 [ 356.686484][T16626] netlink: 'syz.1.4827': attribute type 10 has an invalid length. [ 356.695127][T16626] netlink: 152 bytes leftover after parsing attributes in process `syz.1.4827'. [ 357.208633][ T5840] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 357.315290][T16651] tipc: New replicast peer: 255.255.255.255 [ 357.323875][T16651] tipc: Enabled bearer , priority 10 [ 357.369216][ T5840] usb 3-1: Using ep0 maxpacket: 32 [ 357.386614][ T5840] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 357.412613][ T5840] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 357.434344][ T5840] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 357.466788][ T5840] usb 3-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 357.476013][ T5840] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 357.492276][ T5840] usb 3-1: config 0 descriptor?? [ 357.561537][ T30] audit: type=1326 audit(2000000011.150:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16654 comm="syz.1.4841" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f34c319c819 code=0x0 [ 357.963555][ T5840] input: HID 0458:5011 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0458:5011.0036/input/input20 [ 358.078132][ T5840] input: HID 0458:5011 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0458:5011.0036/input/input21 [ 358.276630][ T5840] kye 0003:0458:5011.0036: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.2-1/input0 [ 358.324427][ T5840] usb 3-1: USB disconnect, device number 40 [ 358.444294][T16657] fido_id[16657]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory [ 358.940829][T16668] netlink: 'syz.1.4846': attribute type 4 has an invalid length. [ 359.769667][T16692] netlink: 56 bytes leftover after parsing attributes in process `syz.2.4857'. [ 360.328628][T16708] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4866'. [ 360.867249][T16730] netlink: 128 bytes leftover after parsing attributes in process `syz.2.4877'. [ 361.496493][ T29] hid_parser_main: 30 callbacks suppressed [ 361.496518][ T29] hid-generic 0000:0000:0000.0037: unknown main item tag 0x0 [ 361.570109][ T29] hid-generic 0000:0000:0000.0037: hidraw0: HID v0.00 Device [syz1] on syz0 [ 362.570263][ T30] audit: type=1326 audit(2000000016.160:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16767 comm="syz.2.4894" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f93f279c819 code=0x0 [ 362.762842][ T52] Bluetooth: hci1: Malformed LE Event: 0x1b [ 362.937779][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 363.703431][T16801] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 365.830170][ T810] IPVS: starting estimator thread 0... [ 365.959601][T16818] IPVS: using max 28 ests per chain, 67200 per kthread [ 366.299464][ T810] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 366.468553][ T810] usb 2-1: config index 0 descriptor too short (expected 65183, got 72) [ 366.500695][ T810] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 366.528569][ T810] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 366.547206][ T810] usb 2-1: Product: syz [ 366.559069][ T810] usb 2-1: Manufacturer: syz [ 366.568417][ T810] usb 2-1: SerialNumber: syz [ 366.612385][T16831] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4923'. [ 366.629377][ T810] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 366.823618][ T5840] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 367.105641][T16823] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 367.141283][T16823] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 367.168599][ T5941] usb 2-1: USB disconnect, device number 37 [ 367.890116][ T5840] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 367.906133][ T5840] ath9k_htc: Failed to initialize the device [ 367.930375][ T5941] usb 2-1: ath9k_htc: USB layer deinitialized [ 368.256770][ T5941] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 368.447164][ T5941] usb 2-1: Using ep0 maxpacket: 32 [ 368.458595][ T5941] usb 2-1: config index 0 descriptor too short (expected 65183, got 72) [ 368.482763][ T5941] usb 2-1: New USB device found, idVendor=110a, idProduct=2210, bcdDevice= 1.08 [ 368.506739][ T5941] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 368.526749][ T5941] usb 2-1: Product: syz [ 368.530996][ T5941] usb 2-1: Manufacturer: syz [ 368.535598][ T5941] usb 2-1: SerialNumber: syz [ 368.558449][ T5941] mos7840 2-1:1.0: missing endpoints [ 368.790725][ T810] usb 2-1: USB disconnect, device number 38 [ 369.440640][ T5857] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 369.457374][ T5857] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 369.469627][ T5857] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 369.490850][ T5857] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 369.501887][ T5857] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 369.756803][ T29] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 369.933288][ T29] usb 2-1: config 0 has no interfaces? [ 369.952481][ T29] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 369.969223][ T29] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 370.000633][ T29] usb 2-1: config 0 descriptor?? [ 370.200524][T16873] chnl_net:caif_netlink_parms(): no params data found [ 370.224200][T16878] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 370.241409][T16878] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 370.266389][ T5840] usb 2-1: USB disconnect, device number 39 [ 370.494664][ T1170] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 370.578296][T16873] bridge0: port 1(bridge_slave_0) entered blocking state [ 370.585770][T16873] bridge0: port 1(bridge_slave_0) entered disabled state [ 370.593728][T16873] bridge_slave_0: entered allmulticast mode [ 370.602200][T16873] bridge_slave_0: entered promiscuous mode [ 370.655367][ T1170] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 370.672627][T16873] bridge0: port 2(bridge_slave_1) entered blocking state [ 370.679988][T16873] bridge0: port 2(bridge_slave_1) entered disabled state [ 370.688656][T16873] bridge_slave_1: entered allmulticast mode [ 370.696017][T16873] bridge_slave_1: entered promiscuous mode [ 370.707259][ T5840] usb 2-1: new full-speed USB device number 40 using dummy_hcd [ 370.775468][ T1170] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 370.819789][T16873] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 370.845905][T16917] netlink: 16146 bytes leftover after parsing attributes in process `syz.0.4961'. [ 370.863521][ T1170] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 370.879543][ T5840] usb 2-1: config 1 has an invalid interface number: 170 but max is 0 [ 370.889241][ T5840] usb 2-1: config 1 has no interface number 0 [ 370.898805][T16873] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 370.909413][ T5840] usb 2-1: config 1 interface 170 has no altsetting 0 [ 370.921473][ T5840] usb 2-1: New USB device found, idVendor=0fc5, idProduct=1227, bcdDevice=f3.04 [ 370.939654][ T5840] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 370.957091][ T5840] usb 2-1: Product: syz [ 370.970555][ T5840] usb 2-1: Manufacturer: syz [ 370.982391][ T5840] usb 2-1: SerialNumber: syz [ 370.998817][T16873] team0: Port device team_slave_0 added [ 371.028182][T16873] team0: Port device team_slave_1 added [ 371.088152][T16873] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 371.100004][T16873] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 371.126348][T16873] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 371.178137][T16873] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 371.186274][T16873] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 371.212575][T16873] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 371.228528][ T5840] hub 2-1:1.170: bad descriptor, ignoring hub [ 371.234781][ T5840] hub 2-1:1.170: probe with driver hub failed with error -5 [ 371.246092][ T5840] usbsevseg 2-1:1.170: USB 7 Segment device now attached [ 371.289817][ T5840] usb 2-1: USB disconnect, device number 40 [ 371.315392][ T5840] usbsevseg 2-1:1.170: USB 7 Segment now disconnected [ 371.481183][T16873] hsr_slave_0: entered promiscuous mode [ 371.489186][T16873] hsr_slave_1: entered promiscuous mode [ 371.519473][ T1170] bridge_slave_1: left allmulticast mode [ 371.525266][ T1170] bridge_slave_1: left promiscuous mode [ 371.531716][ T1170] bridge0: port 2(bridge_slave_1) entered disabled state [ 371.546463][ T1170] bridge_slave_0: left allmulticast mode [ 371.554444][ T1170] bridge_slave_0: left promiscuous mode [ 371.560865][ T1170] bridge0: port 1(bridge_slave_0) entered disabled state [ 371.568852][ T5857] Bluetooth: hci0: command tx timeout [ 371.770517][ T1170] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 371.784319][ T1170] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 371.795753][ T1170] bond0 (unregistering): Released all slaves [ 371.938145][ T1170] tipc: Disabling bearer [ 371.945673][ T1170] tipc: Left network mode [ 372.020480][ T1170] IPVS: stopping master sync thread 13242 ... [ 372.032241][ T1170] IPVS: stopping backup sync thread 13543 ... [ 372.214708][T16944] loop2: detected capacity change from 0 to 7 [ 372.252631][T16944] Dev loop2: unable to read RDB block 7 [ 372.272104][T16944] loop2: unable to read partition table [ 372.289374][T16944] loop2: partition table beyond EOD, truncated [ 372.301816][T16944] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 372.755943][ T1170] hsr_slave_0: left promiscuous mode [ 372.773779][ T1170] hsr_slave_1: left promiscuous mode [ 372.788110][ T1170] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 372.813630][ T1170] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 372.834910][ T1170] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 372.865185][ T1170] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 372.909047][ T1170] veth1_macvtap: left promiscuous mode [ 372.914696][ T1170] veth0_macvtap: left promiscuous mode [ 372.921534][ T1170] veth1_vlan: left promiscuous mode [ 372.931737][ T1170] veth0_vlan: left promiscuous mode [ 373.525754][T16982] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 373.569281][ T1170] team0 (unregistering): Port device team_slave_1 removed [ 373.611431][ T1170] team0 (unregistering): Port device team_slave_0 removed [ 373.647147][ T5857] Bluetooth: hci0: command tx timeout [ 374.311633][T16873] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 374.359731][T16873] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 374.405452][T16873] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 374.521174][T16873] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 374.591659][ T1170] IPVS: stop unused estimator thread 0... [ 374.907580][T16873] 8021q: adding VLAN 0 to HW filter on device bond0 [ 375.014940][T16873] 8021q: adding VLAN 0 to HW filter on device team0 [ 375.036341][ T1120] bridge0: port 1(bridge_slave_0) entered blocking state [ 375.043673][ T1120] bridge0: port 1(bridge_slave_0) entered forwarding state [ 375.097580][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 375.104811][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 375.447924][ T5840] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 375.615378][T16873] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 375.625910][ T5840] usb 3-1: Using ep0 maxpacket: 8 [ 375.651019][ T5840] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 375.664169][ T5840] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 375.681072][ T5840] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 168 [ 375.697150][ T5840] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 375.719352][ T5840] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 375.737104][ T5857] Bluetooth: hci0: command tx timeout [ 375.740082][ T5840] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 375.808105][ T5891] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 375.982907][ T5891] usb 2-1: config index 0 descriptor too short (expected 65357, got 45) [ 376.005290][ T5840] usb 3-1: GET_CAPABILITIES returned 0 [ 376.019586][ T5891] usb 2-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 376.036798][ T5840] usbtmc 3-1:16.0: can't read capabilities [ 376.042834][ T5891] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 376.073746][ T5891] usb 2-1: Product: syz [ 376.085398][ T5891] usb 2-1: Manufacturer: syz [ 376.096550][ T5891] usb 2-1: SerialNumber: syz [ 376.223130][T16873] veth0_vlan: entered promiscuous mode [ 376.240072][ T29] usb 3-1: USB disconnect, device number 41 [ 376.255779][T16873] veth1_vlan: entered promiscuous mode [ 376.433915][ T5891] rtl8150 2-1:1.0: couldn't reset the device [ 376.440749][T16873] veth0_macvtap: entered promiscuous mode [ 376.449311][ T5891] rtl8150 2-1:1.0: probe with driver rtl8150 failed with error -5 [ 376.477251][ T5891] usb 2-1: USB disconnect, device number 41 [ 376.490342][T16873] veth1_macvtap: entered promiscuous mode [ 376.530022][T16873] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 376.575317][T16873] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 376.603530][ T1120] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.622830][ T1120] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.650754][ T1120] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.666115][ T1120] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.852651][ T1120] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 376.880353][ T1120] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 376.951904][ T1120] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 376.961193][ T1120] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 377.060725][T17088] veth1_virt_wifi: entered allmulticast mode [ 377.090180][T17088] veth1_virt_wifi: left allmulticast mode [ 377.807433][ T52] Bluetooth: hci0: command tx timeout [ 378.516780][ T5891] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 378.667025][ T5891] usb 2-1: Using ep0 maxpacket: 32 [ 378.681088][ T5891] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 12 [ 378.705608][ T5891] usb 2-1: New USB device found, idVendor=0b05, idProduct=1b4c, bcdDevice= 0.00 [ 378.714995][ T5891] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 378.746159][ T5891] usb 2-1: config 0 descriptor?? [ 378.854046][ T1317] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.179290][ T5891] asus 0003:0B05:1B4C.0038: unknown main item tag 0x0 [ 379.186858][ T5891] asus 0003:0B05:1B4C.0038: unknown main item tag 0x0 [ 379.193740][ T5891] asus 0003:0B05:1B4C.0038: unknown main item tag 0x0 [ 379.201077][ T5891] asus 0003:0B05:1B4C.0038: unknown main item tag 0x0 [ 379.208271][ T5891] asus 0003:0B05:1B4C.0038: unknown main item tag 0x0 [ 379.215104][ T5891] asus 0003:0B05:1B4C.0038: unknown main item tag 0x0 [ 379.216830][ T29] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 379.222601][ T5891] asus 0003:0B05:1B4C.0038: unknown main item tag 0x0 [ 379.237035][ T5891] asus 0003:0B05:1B4C.0038: unknown main item tag 0x0 [ 379.243883][ T5891] asus 0003:0B05:1B4C.0038: unknown main item tag 0x0 [ 379.251227][ T5891] asus 0003:0B05:1B4C.0038: unknown main item tag 0x0 [ 379.262234][ T5891] asus 0003:0B05:1B4C.0038: hidraw0: USB HID v0.20 Device [HID 0b05:1b4c] on usb-dummy_hcd.1-1/input0 [ 379.377564][ T29] usb 3-1: Using ep0 maxpacket: 32 [ 379.387621][ T29] usb 3-1: config 0 has an invalid interface number: 35 but max is 0 [ 379.396479][ T29] usb 3-1: config 0 has no interface number 0 [ 379.403927][ T29] usb 3-1: config 0 interface 35 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 379.404675][ T5891] usb 2-1: USB disconnect, device number 42 [ 379.416963][ T29] usb 3-1: config 0 interface 35 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 379.438729][ T29] usb 3-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad [ 379.448403][ T29] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 379.456608][ T29] usb 3-1: Product: syz [ 379.463140][ T29] usb 3-1: Manufacturer: syz [ 379.468265][ T29] usb 3-1: SerialNumber: syz [ 379.475264][ T29] usb 3-1: config 0 descriptor?? [ 379.498797][ T5857] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 379.645747][T17165] netlink: 92 bytes leftover after parsing attributes in process `syz.0.5037'. [ 379.896318][ T29] radio-si470x 3-1:0.35: DeviceID=0xb980 ChipID=0x513a [ 380.097205][ T29] radio-si470x 3-1:0.35: software version 185, hardware version 128 [ 380.328050][ T29] radio-si470x 3-1:0.35: si470x_set_report: usb_control_msg returned -71 [ 380.346160][ T29] radio-si470x 3-1:0.35: submitting int urb failed (-90) [ 380.364654][ T29] radio-si470x 3-1:0.35: si470x_set_report: usb_control_msg returned -71 [ 380.389406][ T29] radio-si470x 3-1:0.35: probe with driver radio-si470x failed with error -22 [ 380.441321][ T29] radio-raremono 3-1:0.35: this is not Thanko's Raremono. [ 380.464073][ T29] usb 3-1: USB disconnect, device number 42 [ 380.680109][T17194] netlink: 65039 bytes leftover after parsing attributes in process `syz.5.5049'. [ 381.174023][ T5898] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 381.387063][ T5898] usb 6-1: Using ep0 maxpacket: 16 [ 381.394567][ T5898] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 381.410180][ T5898] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 381.422779][ T5898] usb 6-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 381.436782][ T5898] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 381.450474][ T5898] usb 6-1: config 0 descriptor?? [ 381.578929][T17217] netlink: 'syz.0.5061': attribute type 12 has an invalid length. [ 381.587238][T17217] netlink: 120 bytes leftover after parsing attributes in process `syz.0.5061'. [ 381.671550][T17223] GUP no longer grows the stack in syz.0.5064 (17223): 200000005000-200000008000 (200000001000) [ 381.685693][T17223] CPU: 0 UID: 0 PID: 17223 Comm: syz.0.5064 Tainted: G L syzkaller #0 PREEMPT(full) [ 381.685726][T17223] Tainted: [L]=SOFTLOCKUP [ 381.685734][T17223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 381.685745][T17223] Call Trace: [ 381.685753][T17223] [ 381.685761][T17223] dump_stack_lvl+0xe8/0x150 [ 381.685796][T17223] __get_user_pages+0x2378/0x2720 [ 381.685863][T17223] __gup_longterm_locked+0x3db/0x1630 [ 381.685901][T17223] ? xdp_umem_pin_pages+0xca/0x340 [ 381.685944][T17223] pin_user_pages+0x9d/0xd0 [ 381.685976][T17223] xdp_umem_pin_pages+0x11b/0x340 [ 381.686006][T17223] xdp_umem_create+0x646/0x8b0 [ 381.686042][T17223] xsk_setsockopt+0x860/0x990 [ 381.686067][T17223] ? __pfx_xsk_setsockopt+0x10/0x10 [ 381.686095][T17223] ? __fget_files+0x2a/0x420 [ 381.686119][T17223] ? aa_sock_opt_perm+0xff/0x1a0 [ 381.686144][T17223] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 381.686183][T17223] ? __pfx_xsk_setsockopt+0x10/0x10 [ 381.686208][T17223] do_sock_setsockopt+0x17c/0x1b0 [ 381.686240][T17223] __x64_sys_setsockopt+0x13d/0x1b0 [ 381.686268][T17223] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 381.686290][T17223] do_syscall_64+0x15f/0xf80 [ 381.686317][T17223] ? trace_irq_disable+0x3b/0x140 [ 381.686343][T17223] ? clear_bhb_loop+0x40/0x90 [ 381.686369][T17223] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 381.686390][T17223] RIP: 0033:0x7fa19019c819 [ 381.686411][T17223] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 381.686426][T17223] RSP: 002b:00007fa18e3ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 381.686447][T17223] RAX: ffffffffffffffda RBX: 00007fa190415fa0 RCX: 00007fa19019c819 [ 381.686462][T17223] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000003 [ 381.686475][T17223] RBP: 00007fa190232c91 R08: 0000000000000020 R09: 0000000000000000 [ 381.686488][T17223] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 381.686500][T17223] R13: 00007fa190416038 R14: 00007fa190415fa0 R15: 00007ffe0064d9d8 [ 381.686536][T17223] [ 381.893250][ T5898] corsair 0003:1B1C:1B02.0039: hidraw0: USB HID v0.00 Device [HID 1b1c:1b02] on usb-dummy_hcd.5-1/input0 [ 382.083554][ T5898] corsair 0003:1B1C:1B02.0039: Read invalid backlight brightness: b0. [ 382.097286][T17235] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5070'. [ 382.106414][ T809] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 382.276779][ T809] usb 2-1: Using ep0 maxpacket: 32 [ 382.294657][ T809] usb 2-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 382.315058][ T809] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 382.328749][ T5898] usb 6-1: USB disconnect, device number 2 [ 382.336906][ T809] usb 2-1: Product: syz [ 382.344064][ T809] usb 2-1: Manufacturer: syz [ 382.357305][ T809] usb 2-1: SerialNumber: syz [ 382.382808][ T809] usb 2-1: config 0 descriptor?? [ 382.512559][T17243] CUSE: info not properly terminated [ 382.824229][ T809] airspy 2-1:0.0: Board ID: 00 [ 382.833979][ T809] airspy 2-1:0.0: Firmware version: [ 383.084303][T17261] netlink: 16 bytes leftover after parsing attributes in process `syz.5.5083'. [ 383.227117][ T809] airspy 2-1:0.0: usb_control_msg() failed -71 request 0e [ 383.293995][ T809] airspy 2-1:0.0: Registered as swradio24 [ 383.300879][ T809] airspy 2-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 383.321203][ T809] usb 2-1: USB disconnect, device number 43 [ 383.577149][T17280] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5092'. [ 383.646040][T17283] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 384.472262][ T49] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 384.610214][ T49] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 384.686243][ T49] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 384.820919][ T49] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 385.084531][ T52] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 385.112493][ T52] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 385.126069][ T52] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 385.142099][ T52] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 385.154925][ T52] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 385.470218][ T49] bridge_slave_1: left allmulticast mode [ 385.483226][ T49] bridge_slave_1: left promiscuous mode [ 385.490601][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 385.504785][ T49] bridge_slave_0: left allmulticast mode [ 385.518373][ T49] bridge_slave_0: left promiscuous mode [ 385.531906][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 385.947673][T17350] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input22 [ 386.140929][T17355] program syz.5.5127 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 386.228602][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 386.301443][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 386.345524][T17360] netlink: 'syz.2.5130': attribute type 83 has an invalid length. [ 386.376888][ T49] bond0 (unregistering): Released all slaves [ 386.547912][ T49] tipc: Disabling bearer [ 386.558842][ T49] tipc: Left network mode [ 387.247780][ T52] Bluetooth: hci1: command tx timeout [ 387.324069][T17389] trusted_key: encrypted_key: keyword 'load' not allowed when called from .update method [ 387.467918][T17393] netlink: 'syz.5.5137': attribute type 27 has an invalid length. [ 387.500186][T17393] netlink: 'syz.5.5137': attribute type 1 has an invalid length. [ 387.577801][T17326] chnl_net:caif_netlink_parms(): no params data found [ 387.710441][ T49] hsr_slave_0: left promiscuous mode [ 387.738607][ T49] hsr_slave_1: left promiscuous mode [ 387.756062][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 387.784260][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 387.795471][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 387.813837][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 387.848583][ T49] veth1_macvtap: left promiscuous mode [ 387.859546][ T49] veth0_macvtap: left promiscuous mode [ 387.877896][ T49] veth1_vlan: left promiscuous mode [ 387.886467][ T49] veth0_vlan: left promiscuous mode [ 388.028935][T17410] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 388.683440][ T49] team0 (unregistering): Port device team_slave_1 removed [ 388.757509][ T49] team0 (unregistering): Port device team_slave_0 removed [ 389.335984][ T52] Bluetooth: hci1: command tx timeout [ 389.451643][T17326] bridge0: port 1(bridge_slave_0) entered blocking state [ 389.478162][T17326] bridge0: port 1(bridge_slave_0) entered disabled state [ 389.504526][T17326] bridge_slave_0: entered allmulticast mode [ 389.534097][T17326] bridge_slave_0: entered promiscuous mode [ 389.590288][T17326] bridge0: port 2(bridge_slave_1) entered blocking state [ 389.621528][T17326] bridge0: port 2(bridge_slave_1) entered disabled state [ 389.646894][T17326] bridge_slave_1: entered allmulticast mode [ 389.663392][T17326] bridge_slave_1: entered promiscuous mode [ 389.848312][T17326] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 389.896599][T17326] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 390.042127][ T30] audit: type=1326 audit(2000000043.630:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17473 comm="syz.1.5172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34c319c819 code=0x7ffc0000 [ 390.047545][T17326] team0: Port device team_slave_0 added [ 390.126553][ T49] IPVS: stop unused estimator thread 0... [ 390.138307][ T30] audit: type=1326 audit(2000000043.630:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17473 comm="syz.1.5172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34c319c819 code=0x7ffc0000 [ 390.141961][T17326] team0: Port device team_slave_1 added [ 390.237794][ T30] audit: type=1326 audit(2000000043.660:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17473 comm="syz.1.5172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f34c319c819 code=0x7ffc0000 [ 390.308967][ T30] audit: type=1326 audit(2000000043.660:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17473 comm="syz.1.5172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f34c319c582 code=0x7ffc0000 [ 390.373443][T17326] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 390.399388][ T30] audit: type=1326 audit(2000000043.670:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17473 comm="syz.1.5172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f34c319c582 code=0x7ffc0000 [ 390.412287][T17326] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 390.472039][T17484] program syz.5.5175 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 390.486095][T17326] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 390.501973][T17326] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 390.502549][ T30] audit: type=1326 audit(2000000043.670:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17473 comm="syz.1.5172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34c319c819 code=0x7ffc0000 [ 390.510918][T17326] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 390.620669][ T30] audit: type=1326 audit(2000000043.670:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17473 comm="syz.1.5172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34c319c819 code=0x7ffc0000 [ 390.648223][T17326] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 390.660658][ T30] audit: type=1326 audit(2000000043.710:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17473 comm="syz.1.5172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f34c315d04e code=0x7ffc0000 [ 390.741532][ T30] audit: type=1326 audit(2000000043.710:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17473 comm="syz.1.5172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34c319c819 code=0x7ffc0000 [ 390.769791][T17488] nbd1: detected capacity change from 0 to 127 [ 390.778213][ T30] audit: type=1326 audit(2000000043.710:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17473 comm="syz.1.5172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34c319c819 code=0x7ffc0000 [ 390.804073][ T52] block nbd1: Receive control failed (result -32) [ 390.832551][ T5858] block nbd1: Dead connection, failed to find a fallback [ 390.841986][ T5858] block nbd1: shutting down sockets [ 390.847708][ T5858] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 390.858391][ T5858] Buffer I/O error on dev nbd1, logical block 0, async page read [ 390.871637][ T5858] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 390.880888][ T5858] Buffer I/O error on dev nbd1, logical block 1, async page read [ 390.888934][ T5858] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 390.898313][ T5858] Buffer I/O error on dev nbd1, logical block 2, async page read [ 390.906317][ T5858] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 390.915721][ T5858] Buffer I/O error on dev nbd1, logical block 3, async page read [ 390.925270][ T5858] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 390.936081][ T5858] Buffer I/O error on dev nbd1, logical block 0, async page read [ 390.944218][ T5858] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 390.953805][ T5858] Buffer I/O error on dev nbd1, logical block 1, async page read [ 390.966490][ T5858] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 390.992289][ T5858] Buffer I/O error on dev nbd1, logical block 2, async page read [ 391.019836][ T5858] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 391.056211][ T5858] Buffer I/O error on dev nbd1, logical block 3, async page read [ 391.067452][ T5858] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 391.079081][ T5858] Buffer I/O error on dev nbd1, logical block 0, async page read [ 391.102704][T17326] hsr_slave_0: entered promiscuous mode [ 391.106896][ T5858] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 391.130568][ T5858] Buffer I/O error on dev nbd1, logical block 1, async page read [ 391.154936][T17326] hsr_slave_1: entered promiscuous mode [ 391.181774][ T5858] ldm_validate_partition_table(): Disk read failed. [ 391.184849][T17326] debugfs: 'hsr0' already exists in 'hsr' [ 391.201881][ T5858] Dev nbd1: unable to read RDB block 0 [ 391.220613][T17326] Cannot create hsr debugfs directory [ 391.257748][ T5858] nbd1: unable to read partition table [ 391.350136][ T5858] ldm_validate_partition_table(): Disk read failed. [ 391.380002][ T5858] Dev nbd1: unable to read RDB block 0 [ 391.404155][ T5858] nbd1: unable to read partition table [ 391.409983][ T52] Bluetooth: hci1: command tx timeout [ 391.734873][T17513] cgroup: Need name or subsystem set [ 392.400008][T17326] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 392.455987][T17326] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 392.515254][T17326] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 392.555737][T17326] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 392.647403][T17550] kvm: kvm [17549]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010005) = 0x6 [ 392.834350][T17326] 8021q: adding VLAN 0 to HW filter on device bond0 [ 392.905201][T17326] 8021q: adding VLAN 0 to HW filter on device team0 [ 393.023536][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 393.030939][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 393.099885][ T156] bridge0: port 2(bridge_slave_1) entered blocking state [ 393.107257][ T156] bridge0: port 2(bridge_slave_1) entered forwarding state [ 393.407551][T17580] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5207'. [ 393.434281][T17580] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5207'. [ 393.487930][ T52] Bluetooth: hci1: command tx timeout [ 393.750502][T17593] netlink: 'syz.1.5212': attribute type 2 has an invalid length. [ 393.792003][T17593] netlink: 'syz.1.5212': attribute type 5 has an invalid length. [ 394.012882][T17326] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 394.834044][T17326] veth0_vlan: entered promiscuous mode [ 394.902355][T17326] veth1_vlan: entered promiscuous mode [ 395.022177][T17326] veth0_macvtap: entered promiscuous mode [ 395.055622][T17326] veth1_macvtap: entered promiscuous mode [ 395.150272][T17326] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 395.211792][T17326] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 395.231532][T17645] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.5228'. [ 395.277386][ T66] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.314113][ T66] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.371309][ T66] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.418716][ T66] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.902516][ T1120] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 395.935962][ T1120] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 396.201995][ T1170] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 396.221783][ T1170] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 396.363283][T17679] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 396.435857][T17679] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 396.544017][T17679] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 396.684344][T17679] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 396.733388][T17693] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5244'. [ 396.745404][T17679] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 396.774350][T17699] fuse: Bad value for 'fd' [ 396.790017][T17679] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 397.076778][ T5840] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 397.218515][T17712] netlink: 32 bytes leftover after parsing attributes in process `syz.6.5250'. [ 397.251085][ T5840] usb 3-1: device descriptor read/64, error -71 [ 397.507223][ T5840] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 397.657570][ T5840] usb 3-1: device descriptor read/64, error -71 [ 397.779489][ T5840] usb usb3-port1: attempt power cycle [ 397.822433][T17737] netlink: 'syz.1.5257': attribute type 11 has an invalid length. [ 397.832762][T17737] netlink: 199828 bytes leftover after parsing attributes in process `syz.1.5257'. [ 398.136825][ T5840] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 398.191964][ T5840] usb 3-1: device descriptor read/8, error -71 [ 398.366759][ T52] Bluetooth: hci0: command 0x0c1a tx timeout [ 398.456822][ T5840] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 398.477660][ T5840] usb 3-1: device descriptor read/8, error -71 [ 398.587595][ T5840] usb usb3-port1: unable to enumerate USB device [ 398.698616][ T52] Bluetooth: hci1: command 0x0c1a tx timeout [ 399.884291][T17813] can0: slcan on ttyS3. [ 399.960333][T17813] can0 (unregistered): slcan off ttyS3. [ 400.077954][ T809] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 400.240887][ T809] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 400.272600][ T809] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 400.291007][ T809] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00 [ 400.318511][ T809] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 400.334977][ T809] usb 2-1: config 0 descriptor?? [ 400.447346][ T52] Bluetooth: hci0: command 0x0c1a tx timeout [ 400.767727][ T5857] Bluetooth: hci1: command 0x0c1a tx timeout [ 400.781256][ T809] hid_parser_main: 32 callbacks suppressed [ 400.781281][ T809] kone 0003:1E7D:2CED.003A: unknown main item tag 0x0 [ 400.797431][ T809] kone 0003:1E7D:2CED.003A: unknown main item tag 0x0 [ 400.804478][ T809] kone 0003:1E7D:2CED.003A: unknown main item tag 0x0 [ 400.811771][ T809] kone 0003:1E7D:2CED.003A: unknown main item tag 0x0 [ 400.819435][ T809] kone 0003:1E7D:2CED.003A: unknown main item tag 0x0 [ 400.832272][ T809] kone 0003:1E7D:2CED.003A: hidraw0: USB HID v0.00 Device [HID 1e7d:2ced] on usb-dummy_hcd.1-1/input0 [ 401.027172][ T809] usb 2-1: USB disconnect, device number 44 [ 401.313142][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 401.313162][ T30] audit: type=1800 audit(2000000054.900:67): pid=17866 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.5289" name="file1" dev="tmpfs" ino=48 res=0 errno=0 [ 401.749702][ T1170] tipc: Subscription rejected, illegal request [ 402.164271][T17897] netlink: 1030 bytes leftover after parsing attributes in process `syz.6.5300'. [ 402.173870][T17897] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 402.527544][ T5857] Bluetooth: hci0: command 0x0c1a tx timeout [ 402.610504][ T52] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 402.617044][ T5857] Bluetooth: hci4: command 0x1003 tx timeout [ 402.846841][ T52] Bluetooth: hci1: command 0x0c1a tx timeout [ 402.995318][T17925] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 404.231142][T17973] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5337'. [ 405.064058][T18005] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5351'. [ 405.186212][T18012] netlink: 56 bytes leftover after parsing attributes in process `syz.5.5353'. [ 406.316981][T18059] loop8: detected capacity change from 0 to 1 [ 406.330334][T18059] Dev loop8: unable to read RDB block 1 [ 406.338609][T18059] loop8: unable to read partition table [ 406.344440][T18059] loop8: partition table beyond EOD, truncated [ 406.352577][T18059] loop_reread_partitions: partition scan of loop8 (þ被xü^>à– ) failed (rc=-5) [ 407.143487][T18091] ªªªªªª: renamed from vlan0 (while UP) [ 407.250542][T18095] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5391'. [ 407.467100][ T809] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 407.634739][T18112] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5400'. [ 407.650218][ T809] usb 6-1: Using ep0 maxpacket: 8 [ 407.662197][ T809] usb 6-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 407.674805][ T809] usb 6-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 407.690382][ T809] usb 6-1: config 0 interface 0 has no altsetting 0 [ 407.699414][ T809] usb 6-1: New USB device found, idVendor=5543, idProduct=004d, bcdDevice= 0.00 [ 407.709712][ T809] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 407.721900][ T809] usb 6-1: config 0 descriptor?? [ 408.139386][ T809] hid (null): unknown global tag 0xe [ 408.145633][ T809] hid (null): unknown global tag 0xe [ 408.348769][ T809] usb 6-1: string descriptor 0 read error: -71 [ 408.364945][ T809] uclogic 0003:5543:004D.003B: failed retrieving string descriptor #200: -71 [ 408.380560][ T809] uclogic 0003:5543:004D.003B: failed retrieving pen parameters: -71 [ 408.390005][ T809] uclogic 0003:5543:004D.003B: failed probing pen v2 parameters: -71 [ 408.402528][ T809] uclogic 0003:5543:004D.003B: failed probing parameters: -71 [ 408.413161][ T809] uclogic 0003:5543:004D.003B: probe with driver uclogic failed with error -71 [ 408.430342][ T809] usb 6-1: USB disconnect, device number 3 [ 408.711543][ T30] audit: type=1326 audit(2000000062.300:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18124 comm="syz.1.5406" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f34c319c819 code=0x0 [ 409.733856][T18148] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5416'. [ 410.356800][ T5898] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 410.526905][ T5898] usb 3-1: Using ep0 maxpacket: 8 [ 410.536143][ T5898] usb 3-1: config 0 has no interfaces? [ 410.542137][ T5898] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 410.551695][ T5898] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 410.574803][ T5898] usb 3-1: config 0 descriptor?? [ 410.908214][ T5898] usb 3-1: USB disconnect, device number 47 [ 411.631044][T18220] overlay: filesystem on ./file0 is read-only [ 413.220945][ T10] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 413.407334][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 413.435524][ T10] usb 6-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 413.470331][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 413.503441][ T10] usb 6-1: Product: syz [ 413.523657][ T10] usb 6-1: Manufacturer: syz [ 413.537154][ T10] usb 6-1: SerialNumber: syz [ 413.561159][ T10] usb 6-1: config 0 descriptor?? [ 413.585239][ T10] gspca_main: se401-2.14.0 probing 047d:5003 [ 413.857908][T18296] tipc: Started in network mode [ 413.862995][T18296] tipc: Node identity ac14140f, cluster identity 4711 [ 413.872209][T18296] tipc: New replicast peer: 255.255.255.255 [ 413.879655][T18296] tipc: Enabled bearer , priority 10 [ 414.214391][ T10] input: se401 as /devices/platform/dummy_hcd.5/usb6/6-1/input/input23 [ 414.465163][ T5941] usb 6-1: USB disconnect, device number 4 [ 414.997020][ T5941] tipc: Node number set to 2886997007 [ 415.125041][T18329] hugetlbfs: syz.6.5479 (18329): Using mlock ulimits for SHM_HUGETLB is obsolete [ 416.021808][ T30] audit: type=1326 audit(2000000069.610:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18357 comm="syz.6.5489" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f12ce39c819 code=0x0 [ 416.447394][ T5857] Bluetooth: hci1: command 0x0c1a tx timeout [ 416.706077][T18378] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 417.667303][ T5941] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 417.837385][ T5941] usb 6-1: Using ep0 maxpacket: 16 [ 417.845942][ T5941] usb 6-1: config 0 interface 0 altsetting 37 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 417.868927][ T5941] usb 6-1: config 0 interface 0 altsetting 37 has 1 endpoint descriptor, different from the interface descriptor's value: 25 [ 417.907192][ T5941] usb 6-1: config 0 interface 0 has no altsetting 0 [ 417.920283][ T5941] usb 6-1: New USB device found, idVendor=046d, idProduct=0a87, bcdDevice= 0.00 [ 417.937820][ T5941] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 417.961195][ T5941] usb 6-1: config 0 descriptor?? [ 418.401279][ T5941] logitech-hidpp-device 0003:046D:0A87.003C: unknown main item tag 0x0 [ 418.426030][ T5941] logitech-hidpp-device 0003:046D:0A87.003C: unknown main item tag 0x0 [ 418.439991][ T5941] logitech-hidpp-device 0003:046D:0A87.003C: unknown main item tag 0x0 [ 418.451773][ T5941] logitech-hidpp-device 0003:046D:0A87.003C: unknown main item tag 0x0 [ 418.460887][ T5941] logitech-hidpp-device 0003:046D:0A87.003C: unknown main item tag 0x0 [ 418.477044][ T5941] logitech-hidpp-device 0003:046D:0A87.003C: unknown main item tag 0x0 [ 418.485549][ T5941] logitech-hidpp-device 0003:046D:0A87.003C: unknown main item tag 0x0 [ 418.495001][ T5941] logitech-hidpp-device 0003:046D:0A87.003C: collection stack underflow [ 418.507972][ T5941] logitech-hidpp-device 0003:046D:0A87.003C: item 0 0 0 12 parsing failed [ 418.517831][ T5941] logitech-hidpp-device 0003:046D:0A87.003C: hidpp_probe:parse failed [ 418.526193][ T5941] logitech-hidpp-device 0003:046D:0A87.003C: probe with driver logitech-hidpp-device failed with error -22 [ 418.615348][ T5941] usb 6-1: USB disconnect, device number 5 [ 420.909417][ T5941] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 421.099682][ T5941] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 421.117136][ T5941] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 421.137068][ T5941] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 421.167400][ T5941] usb 6-1: New USB device found, idVendor=0461, idProduct=4e72, bcdDevice= 0.00 [ 421.192429][ T5941] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 421.225845][ T5941] usb 6-1: config 0 descriptor?? [ 421.655073][T18565] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5583'. [ 421.662445][ T5941] hid-rmi 0003:0461:4E72.003D: unknown main item tag 0x2 [ 421.680037][ T5941] hid-rmi 0003:0461:4E72.003D: unknown main item tag 0x0 [ 421.696852][ T5941] hid-rmi 0003:0461:4E72.003D: unknown main item tag 0x0 [ 421.714877][ T5941] hid-rmi 0003:0461:4E72.003D: hidraw0: USB HID vff.fc Device [HID 0461:4e72] on usb-dummy_hcd.5-1/input0 [ 421.904139][ T5941] usb 6-1: USB disconnect, device number 6 [ 422.549693][T18594] netlink: 20 bytes leftover after parsing attributes in process `syz.5.5595'. [ 422.698554][T18598] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5597'. [ 423.274741][ T30] audit: type=1326 audit(2000000076.860:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18625 comm="syz.6.5610" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f12ce39c819 code=0x0 [ 423.964547][T18653] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 423.975229][T18653] overlayfs: NFS export requires an index dir, falling back to nfs_export=off. [ 424.693448][T18676] program syz.5.5632 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 425.707109][ T5898] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 425.890033][ T5898] usb 3-1: Using ep0 maxpacket: 16 [ 425.905776][ T5898] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 425.917695][ T5898] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 425.928878][ T5898] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 10 [ 425.934197][T18732] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5658'. [ 425.942018][ T5898] usb 3-1: New USB device found, idVendor=05ac, idProduct=027d, bcdDevice= 0.00 [ 425.942050][ T5898] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 425.948461][ T5898] usb 3-1: config 0 descriptor?? [ 426.166237][T18736] vxcan0: tx address claim with dest, not broadcast [ 426.216786][ T10] usb 2-1: new full-speed USB device number 45 using dummy_hcd [ 426.379995][ T10] usb 2-1: unable to get BOS descriptor or descriptor too short [ 426.392125][T18715] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 426.392285][ T10] usb 2-1: not running at top speed; connect to a high speed hub [ 426.411062][T18715] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 426.428411][ T10] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 426.449849][ T10] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 426.459944][ T10] usb 2-1: config 1 interface 1 has no altsetting 1 [ 426.462808][ T5898] hid_parser_main: 3 callbacks suppressed [ 426.462828][ T5898] apple 0003:05AC:027D.003E: unknown main item tag 0x0 [ 426.483350][ T10] usb 2-1: New USB device found, idVendor=0582, idProduct=0582, bcdDevice= 0.40 [ 426.485376][ T5898] apple 0003:05AC:027D.003E: unknown main item tag 0x0 [ 426.496815][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 426.500250][ T5898] apple 0003:05AC:027D.003E: unknown main item tag 0x0 [ 426.516484][ T5898] apple 0003:05AC:027D.003E: unknown main item tag 0x0 [ 426.520602][ T10] usb 2-1: Product: syz [ 426.525377][ T5898] apple 0003:05AC:027D.003E: unknown main item tag 0x0 [ 426.535331][ T10] usb 2-1: Manufacturer: syz [ 426.535355][ T10] usb 2-1: SerialNumber: syz [ 426.581342][ T5898] apple 0003:05AC:027D.003E: unknown main item tag 0x0 [ 426.588807][ T5898] apple 0003:05AC:027D.003E: unknown main item tag 0x0 [ 426.595771][ T5898] apple 0003:05AC:027D.003E: unknown main item tag 0x0 [ 426.604015][ T5898] apple 0003:05AC:027D.003E: unknown main item tag 0x0 [ 426.614474][ T5898] apple 0003:05AC:027D.003E: unknown main item tag 0x2 [ 426.626444][ T5898] apple 0003:05AC:027D.003E: hidraw0: USB HID v0.00 Device [HID 05ac:027d] on usb-dummy_hcd.2-1/input0 [ 426.713028][ T5898] usb 3-1: USB disconnect, device number 48 [ 426.761913][T18747] fido_id[18747]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 426.807791][T18749] mac80211_hwsim hwsim14 wlan0: entered allmulticast mode [ 426.823362][T18749] mac80211_hwsim hwsim14 wlan0: left allmulticast mode [ 426.969386][ T10] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 427.009358][ T10] usb 2-1: USB disconnect, device number 45 [ 427.039733][ T5858] udevd[5858]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 427.586836][T18768] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 427.637139][T18770] sctp: [Deprecated]: syz.1.5676 (pid 18770) Use of struct sctp_assoc_value in delayed_ack socket option. [ 427.637139][T18770] Use struct sctp_sack_info instead [ 428.459780][T18796] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5689'. [ 428.485212][T18796] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5689'. [ 428.510554][T18796] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5689'. [ 429.243772][T18828] input: syz0 as /devices/virtual/input/input24 [ 430.339452][T18870] overlayfs: invalid origin (0000) [ 431.094817][T18906] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3) [ 431.101409][T18906] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 431.114940][T18906] vhci_hcd vhci_hcd.0: Device attached [ 431.137490][T18910] Bluetooth: MGMT ver 1.23 [ 431.144165][T18906] vhci_hcd vhci_hcd.0: pdev(5) rhport(1) sockfd(5) [ 431.150905][T18906] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 431.178874][T18906] vhci_hcd vhci_hcd.0: Device attached [ 431.193385][T18906] vhci_hcd vhci_hcd.0: pdev(5) rhport(2) sockfd(7) [ 431.199974][T18906] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 431.209310][T18906] vhci_hcd vhci_hcd.0: Device attached [ 431.220582][T18906] vhci_hcd vhci_hcd.0: pdev(5) rhport(3) sockfd(9) [ 431.227152][T18906] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 431.237092][T18906] vhci_hcd vhci_hcd.0: Device attached [ 431.249624][T18917] vhci_hcd: connection closed [ 431.249907][T18911] vhci_hcd: connection closed [ 431.250058][ T49] vhci_hcd vhci_hcd.5: stop threads [ 431.265265][T18914] vhci_hcd: connection closed [ 431.265489][T18907] vhci_hcd: connection closed [ 431.276434][ T49] vhci_hcd vhci_hcd.5: release socket [ 431.296820][ T49] vhci_hcd vhci_hcd.5: disconnect device [ 431.306842][ T5840] vhci_hcd vhci_hcd.5: vhci_device speed not set [ 431.315079][ T49] vhci_hcd vhci_hcd.5: stop threads [ 431.330004][ T49] vhci_hcd vhci_hcd.5: release socket [ 431.340672][ T49] vhci_hcd vhci_hcd.5: disconnect device [ 431.348396][ T49] vhci_hcd vhci_hcd.5: stop threads [ 431.353783][ T49] vhci_hcd vhci_hcd.5: release socket [ 431.360683][ T49] vhci_hcd vhci_hcd.5: disconnect device [ 431.370953][ T49] vhci_hcd vhci_hcd.5: stop threads [ 431.378465][ T5840] usb 43-1: new full-speed USB device number 2 using vhci_hcd [ 431.386244][ T49] vhci_hcd vhci_hcd.5: release socket [ 431.392462][ T49] vhci_hcd vhci_hcd.5: disconnect device [ 431.896080][T18944] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 431.934335][T18948] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5758'. [ 431.950351][ T66] Bluetooth: hci4: Frame reassembly failed (-84) [ 431.976583][T18948] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5758'. [ 432.026726][ T5898] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 432.082654][T18952] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5760'. [ 432.188798][ T5898] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 432.201122][ T5898] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 432.212721][ T5898] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 432.227240][ T5898] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 432.236446][ T5898] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 432.262684][ T5898] usb 2-1: config 0 descriptor?? [ 432.695666][ T5898] hid_parser_main: 5 callbacks suppressed [ 432.695701][ T5898] plantronics 0003:047F:FFFF.003F: unknown main item tag 0x0 [ 432.710368][ T5898] plantronics 0003:047F:FFFF.003F: unknown main item tag 0x0 [ 432.728448][ T5898] plantronics 0003:047F:FFFF.003F: unknown main item tag 0x0 [ 432.738658][ T5898] plantronics 0003:047F:FFFF.003F: unknown main item tag 0x0 [ 432.746213][ T5898] plantronics 0003:047F:FFFF.003F: unknown main item tag 0x0 [ 432.754498][ T5898] plantronics 0003:047F:FFFF.003F: unknown main item tag 0x0 [ 432.761990][ T5898] plantronics 0003:047F:FFFF.003F: unknown main item tag 0x0 [ 432.771059][ T5898] plantronics 0003:047F:FFFF.003F: unknown main item tag 0x0 [ 432.782010][ T5898] plantronics 0003:047F:FFFF.003F: unknown main item tag 0x0 [ 432.789528][ T5898] plantronics 0003:047F:FFFF.003F: unknown main item tag 0x0 [ 432.805410][ T5898] plantronics 0003:047F:FFFF.003F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 432.969806][ T5933] usb 2-1: USB disconnect, device number 46 [ 433.788406][T18982] netlink: 56 bytes leftover after parsing attributes in process `syz.2.5774'. [ 433.967032][ T5857] Bluetooth: hci4: command 0x1003 tx timeout [ 433.971945][ T52] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 433.980106][T18988] kvm: kvm [18987]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010006) = 0xffffffffffffffff [ 434.154366][T18994] netlink: 128 bytes leftover after parsing attributes in process `syz.1.5782'. [ 434.812063][T19024] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 435.093474][T19036] autofs: Bad value for 'fd' [ 435.307051][ T10] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 435.477059][ T5933] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 435.485320][ T10] usb 2-1: Using ep0 maxpacket: 32 [ 435.500100][ T10] usb 2-1: config index 0 descriptor too short (expected 35577, got 27) [ 435.520509][ T10] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 435.530384][ T10] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 435.540337][ T10] usb 2-1: config 1 has no interface number 0 [ 435.547127][ T10] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 435.570998][ T10] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 435.596144][ T10] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 435.606265][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 435.629535][ T10] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found [ 435.656809][ T5933] usb 3-1: Using ep0 maxpacket: 32 [ 435.664202][ T5933] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 435.688578][ T5933] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 435.717223][ T5933] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 435.736864][ T5933] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 435.754667][ T5933] usb 3-1: config 0 descriptor?? [ 435.776357][ T5933] hub 3-1:0.0: USB hub found [ 435.868820][ T10] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached [ 435.881881][T19062] misc userio: Can't change port type on an already running userio instance [ 435.978948][ T5933] hub 3-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 436.183229][ T30] audit: type=1326 audit(2000000089.770:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19063 comm="syz.6.5813" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f12ce39c819 code=0x0 [ 436.296862][ T5941] usb 2-1: USB disconnect, device number 47 [ 436.304672][ T5941] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected [ 436.402629][ T5933] hid-generic 0003:046D:C31C.0040: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.2-1/input0 [ 436.527472][ T5840] vhci_hcd vhci_hcd.5: vhci_device speed not set [ 436.707184][ T5933] usb 3-1: USB disconnect, device number 49 [ 437.029743][T19082] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5821'. [ 437.446104][T19102] batadv_slave_1: entered promiscuous mode [ 437.460116][T19101] batadv_slave_1: left promiscuous mode [ 438.125261][ T1170] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.242564][ T1170] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.435351][ T1170] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.443511][T19124] netlink: 64 bytes leftover after parsing attributes in process `syz.5.5844'. [ 438.592335][ T5857] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 438.613827][ T5857] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 438.631848][ T5857] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 438.647487][ T5857] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 438.675430][ T1170] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.676433][ T5857] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 439.060661][ T1170] bridge0: port 4(batadv0) entered disabled state [ 439.071849][ T1170] bond0: left allmulticast mode [ 439.078254][ T1170] bond_slave_0: left allmulticast mode [ 439.084018][ T1170] bond_slave_1: left allmulticast mode [ 439.090336][ T1170] bridge0: port 3(bond0) entered disabled state [ 439.101462][ T1170] bridge_slave_1: left allmulticast mode [ 439.107492][ T1170] bridge_slave_1: left promiscuous mode [ 439.113596][ T1170] bridge0: port 2(bridge_slave_1) entered disabled state [ 439.125878][ T1170] bridge_slave_0: left allmulticast mode [ 439.132483][ T1170] bridge_slave_0: left promiscuous mode [ 439.139288][ T1170] bridge0: port 1(bridge_slave_0) entered disabled state [ 439.413578][ T1170] smc: removing net device bond0 with user defined pnetid SYZ2 [ 439.424075][ T1170] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 439.433292][ T1170] bond_slave_0: left promiscuous mode [ 439.441247][ T1170] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 439.450466][ T1170] bond_slave_1: left promiscuous mode [ 439.461200][ T1170] bond0 (unregistering): Released all slaves [ 439.607484][ T1170] tipc: Disabling bearer [ 439.620489][ T1170] tipc: Left network mode [ 439.668359][T19125] chnl_net:caif_netlink_parms(): no params data found [ 440.134479][T19125] bridge0: port 1(bridge_slave_0) entered blocking state [ 440.159843][T19125] bridge0: port 1(bridge_slave_0) entered disabled state [ 440.193771][T19125] bridge_slave_0: entered allmulticast mode [ 440.209060][T19125] bridge_slave_0: entered promiscuous mode [ 440.297349][ T1317] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.337795][ T29] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 440.413988][T19125] bridge0: port 2(bridge_slave_1) entered blocking state [ 440.428376][T19125] bridge0: port 2(bridge_slave_1) entered disabled state [ 440.457219][T19125] bridge_slave_1: entered allmulticast mode [ 440.496913][T19125] bridge_slave_1: entered promiscuous mode [ 440.513814][ T29] usb 2-1: Using ep0 maxpacket: 16 [ 440.540642][ T29] usb 2-1: config 0 interface 0 altsetting 252 endpoint 0x81 has an invalid bInterval 254, changing to 11 [ 440.594058][ T29] usb 2-1: config 0 interface 0 has no altsetting 0 [ 440.614126][ T29] usb 2-1: New USB device found, idVendor=0810, idProduct=0001, bcdDevice= 0.00 [ 440.644463][ T29] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 440.680866][ T29] usb 2-1: config 0 descriptor?? [ 440.766800][ T52] Bluetooth: hci2: command tx timeout [ 440.789561][T19125] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 440.804883][T19125] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 440.892383][T19125] team0: Port device team_slave_0 added [ 440.954095][T19125] team0: Port device team_slave_1 added [ 441.061020][ T1170] hsr_slave_0: left promiscuous mode [ 441.077674][ T1170] hsr_slave_1: left promiscuous mode [ 441.103428][ T1170] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 441.125590][ T29] pantherlord 0003:0810:0001.0041: unknown main item tag 0x0 [ 441.132968][ T1170] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 441.142507][ T29] pantherlord 0003:0810:0001.0041: unknown main item tag 0x0 [ 441.150862][ T29] pantherlord 0003:0810:0001.0041: unknown main item tag 0x0 [ 441.167991][ T1170] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 441.173047][ T29] pantherlord 0003:0810:0001.0041: unknown main item tag 0x0 [ 441.187032][ T1170] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 441.198999][ T29] pantherlord 0003:0810:0001.0041: unknown main item tag 0x0 [ 441.213573][ T29] pantherlord 0003:0810:0001.0041: unknown main item tag 0x0 [ 441.222648][ T1170] veth1_macvtap: left promiscuous mode [ 441.227967][ T29] pantherlord 0003:0810:0001.0041: unknown main item tag 0x0 [ 441.237425][ T1170] veth0_macvtap: left promiscuous mode [ 441.241762][ T29] pantherlord 0003:0810:0001.0041: unknown main item tag 0x0 [ 441.248682][ T1170] veth1_vlan: left promiscuous mode [ 441.259835][ T29] pantherlord 0003:0810:0001.0041: unknown main item tag 0x0 [ 441.273107][ T29] pantherlord 0003:0810:0001.0041: unknown main item tag 0x0 [ 441.279434][ T1170] veth0_vlan: left promiscuous mode [ 441.285403][ T29] pantherlord 0003:0810:0001.0041: hidraw0: USB HID v0.04 Device [HID 0810:0001] on usb-dummy_hcd.1-1/input0 [ 441.313456][ T29] pantherlord 0003:0810:0001.0041: no output reports found [ 441.355973][ T29] usb 2-1: USB disconnect, device number 48 [ 441.510394][T19192] fido_id[19192]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 441.729132][T19200] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5870'. [ 442.151394][ T1170] team0 (unregistering): Port device team_slave_1 removed [ 442.246551][ T1170] team0 (unregistering): Port device team_slave_0 removed [ 442.585050][T19125] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 442.606971][T19125] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 442.635097][T19125] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 442.651214][T19125] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 442.666730][T19125] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 442.759731][T19125] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 442.848783][ T52] Bluetooth: hci2: command tx timeout [ 442.966144][T19125] hsr_slave_0: entered promiscuous mode [ 442.978379][T19125] hsr_slave_1: entered promiscuous mode [ 442.985483][T19125] debugfs: 'hsr0' already exists in 'hsr' [ 442.991999][T19125] Cannot create hsr debugfs directory [ 443.174008][ T1170] IPVS: stop unused estimator thread 0... [ 443.995509][T19125] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 444.036396][T19125] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 444.075868][T19125] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 444.114830][T19125] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 444.355456][T19275] netlink: 'syz.1.5893': attribute type 83 has an invalid length. [ 444.406229][T19125] 8021q: adding VLAN 0 to HW filter on device bond0 [ 444.471410][T19125] 8021q: adding VLAN 0 to HW filter on device team0 [ 444.496345][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 444.503634][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 444.525548][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 444.534812][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 444.927298][ T52] Bluetooth: hci2: command tx timeout [ 445.138587][T19302] trusted_key: encrypted_key: keyword 'uew' not recognized [ 445.219830][T19125] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 445.255180][ T5898] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 445.361882][T19312] netlink: 16 bytes leftover after parsing attributes in process `syz.6.5903'. [ 445.438504][ T5898] usb 6-1: Using ep0 maxpacket: 32 [ 445.458553][ T5898] usb 6-1: config 0 has an invalid interface number: 51 but max is 0 [ 445.486388][ T5898] usb 6-1: config 0 has no interface number 0 [ 445.518265][ T5898] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 445.552898][ T5898] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 445.577139][ T5898] usb 6-1: Product: syz [ 445.588364][T19319] Invalid ELF header len 16 [ 445.588455][ T5898] usb 6-1: Manufacturer: syz [ 445.603979][ T5898] usb 6-1: SerialNumber: syz [ 445.630602][ T5898] usb 6-1: config 0 descriptor?? [ 445.653560][ T5898] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 445.882019][ T5898] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 445.941195][ T5898] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 446.146948][T19125] veth0_vlan: entered promiscuous mode [ 446.199920][T19125] veth1_vlan: entered promiscuous mode [ 446.315888][T19339] program syz.6.5912 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 446.338281][T19125] veth0_macvtap: entered promiscuous mode [ 446.352808][ C1] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 446.357956][T19125] veth1_macvtap: entered promiscuous mode [ 446.368007][ T5898] usb 6-1: USB disconnect, device number 7 [ 446.415856][T19125] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 446.450985][ T5898] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 446.484284][T19125] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 446.526491][ T5898] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 446.562420][ T49] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 446.574637][ T5898] quatech2 6-1:0.51: device disconnected [ 446.585215][ T49] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 446.617902][ T49] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 446.643596][ T49] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 446.869280][T19352] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5915'. [ 446.948580][ T1120] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 446.979602][ T1120] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 447.011139][ T52] Bluetooth: hci2: command tx timeout [ 447.139730][ T156] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 447.165207][ T156] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 447.595065][T19378] program syz.5.5922 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 450.524738][T19458] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 450.532405][T19458] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 450.560060][T19458] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 450.567676][T19458] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 450.578211][T19458] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 450.957130][ T29] usb 6-1: new full-speed USB device number 8 using dummy_hcd [ 450.996390][T19497] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5968'. [ 451.138402][ T29] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 451.149640][ T29] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 451.163117][ T29] usb 6-1: New USB device found, idVendor=09da, idProduct=001a, bcdDevice= 0.00 [ 451.173560][ T29] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 451.186246][ T29] usb 6-1: config 0 descriptor?? [ 451.198586][T19483] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 451.634883][ T29] hid_parser_main: 20 callbacks suppressed [ 451.634908][ T29] a4tech 0003:09DA:001A.0042: unknown main item tag 0x0 [ 451.664250][ T29] a4tech 0003:09DA:001A.0042: unknown main item tag 0x0 [ 451.673052][ T29] a4tech 0003:09DA:001A.0042: unknown main item tag 0x0 [ 451.680504][ T29] a4tech 0003:09DA:001A.0042: unknown main item tag 0x0 [ 451.689410][ T29] a4tech 0003:09DA:001A.0042: unknown main item tag 0x0 [ 451.696444][ T29] a4tech 0003:09DA:001A.0042: unknown main item tag 0x0 [ 451.703687][ T29] a4tech 0003:09DA:001A.0042: unknown main item tag 0x0 [ 451.710906][ T29] a4tech 0003:09DA:001A.0042: unknown main item tag 0x0 [ 451.718273][ T29] a4tech 0003:09DA:001A.0042: unknown main item tag 0x0 [ 451.725755][ T29] a4tech 0003:09DA:001A.0042: unknown main item tag 0x0 [ 451.736126][ T29] a4tech 0003:09DA:001A.0042: hidraw0: USB HID v0.20 Device [HID 09da:001a] on usb-dummy_hcd.5-1/input0 [ 451.807571][ T5857] Bluetooth: hci0: command 0x0c1a tx timeout [ 451.939541][ T10] usb 6-1: USB disconnect, device number 8 [ 452.564620][T19544] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5987'. [ 452.607153][ T5857] Bluetooth: hci2: command 0x0c1a tx timeout [ 452.607376][ T52] Bluetooth: hci1: command 0x0c1a tx timeout [ 452.743003][T19554] netlink: 'syz.6.5990': attribute type 11 has an invalid length. [ 454.171841][T19590] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(3) [ 454.178429][T19590] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 454.189996][T19590] vhci_hcd vhci_hcd.0: Device attached [ 454.476850][ T10] usb 48-1: SetAddress Request (2) to port 0 [ 454.492700][ T10] usb 48-1: new SuperSpeed USB device number 2 using vhci_hcd [ 454.687009][ T52] Bluetooth: hci2: command 0x0c1a tx timeout [ 455.642856][T19641] vivid-000: ================= START STATUS ================= [ 455.661564][T19641] vivid-000: Enable Output Cropping: true grabbed [ 455.695781][T19641] vivid-000: Enable Output Composing: true grabbed [ 455.715948][T19641] vivid-000: Enable Output Scaler: true grabbed [ 455.752555][T19641] vivid-000: Tx RGB Quantization Range: Automatic grabbed [ 455.799713][T19641] vivid-000: Transmit Mode: HDMI grabbed [ 455.818803][T19641] vivid-000: Hotplug Present: 0x00000000 [ 455.833406][T19641] vivid-000: RxSense Present: 0x00000000 [ 455.851602][T19641] vivid-000: EDID Present: 0x00000000 [ 455.869152][T19641] vivid-000: ================== END STATUS ================== [ 456.769812][ T52] Bluetooth: hci2: command 0x0c1a tx timeout [ 457.225806][T19591] vhci_hcd: connection reset by peer [ 457.268207][ T1120] vhci_hcd vhci_hcd.7: stop threads [ 457.290007][ T1120] vhci_hcd vhci_hcd.7: release socket [ 457.316856][ T1120] vhci_hcd vhci_hcd.7: disconnect device [ 457.686267][T19702] netlink: 4 bytes leftover after parsing attributes in process `syz.7.6051'. [ 459.570006][ T10] usb 48-1: device descriptor read/8, error -110 [ 459.990927][ T10] usb usb48-port1: attempt power cycle [ 460.053646][T19780] tmpfs: Invalid gid '0x00000000ffffffff' [ 460.568834][ T10] usb usb48-port1: unable to enumerate USB device [ 461.079727][T19817] netlink: 'syz.1.6092': attribute type 10 has an invalid length. [ 461.111405][T19820] netlink: 'syz.6.6093': attribute type 4 has an invalid length. [ 461.150237][T19820] netlink: 17 bytes leftover after parsing attributes in process `syz.6.6093'. [ 461.153976][T19817] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 461.185550][T19820] netlink: 14601 bytes leftover after parsing attributes in process `syz.6.6093'. [ 462.512325][T19879] netlink: 56 bytes leftover after parsing attributes in process `syz.5.6112'. [ 463.068822][T19903] program syz.5.6118 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 463.338882][ T30] audit: type=1800 audit(2000000116.930:72): pid=19881 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.6113" name="file0" dev="tmpfs" ino=1097 res=0 errno=0 [ 463.547681][T19928] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.6129'. [ 463.719857][ T29] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 463.792439][T19936] Set syz0 is full, maxelem 0 reached [ 463.898950][ T29] usb 2-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 463.922258][ T29] usb 2-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 463.955145][ T29] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 463.955545][T19943] veth1_macvtap: left promiscuous mode [ 463.972461][T19943] macsec0: entered promiscuous mode [ 463.984530][ T29] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 464.004269][T19943] veth1_macvtap: entered promiscuous mode [ 464.010983][T19943] macsec0: left promiscuous mode [ 465.023337][ T29] stv0680 2-1:4.0: Could not get descriptor 0200 [ 465.163035][ T49] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.237471][ T29] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71 [ 465.264298][ T29] stv0680 2-1:4.0: last error: 0, command = 0x0 [ 465.289333][ T29] usb 2-1: USB disconnect, device number 49 [ 465.362708][ T49] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.558794][ T49] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.652903][ T5857] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 465.673521][ T5857] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 465.684599][ T5857] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 465.706910][ T5857] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 465.720715][ T5857] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 465.758811][ T49] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 466.410931][ T49] bridge_slave_1: left allmulticast mode [ 466.417318][ T49] bridge_slave_1: left promiscuous mode [ 466.426845][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 466.444859][ T49] bridge_slave_0: left allmulticast mode [ 466.453374][ T49] bridge_slave_0: left promiscuous mode [ 466.459695][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 466.737760][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 466.749454][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 466.759940][ T49] bond0 (unregistering): Released all slaves [ 466.914490][T19978] chnl_net:caif_netlink_parms(): no params data found [ 467.399366][T20023] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6169'. [ 467.674499][ T49] hsr_slave_0: left promiscuous mode [ 467.682275][ T49] hsr_slave_1: left promiscuous mode [ 467.698460][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 467.716499][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 467.732115][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 467.740097][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 467.755168][ T49] veth1_macvtap: left promiscuous mode [ 467.761396][ T49] veth0_macvtap: left promiscuous mode [ 467.767248][ T49] veth1_vlan: left promiscuous mode [ 467.772723][ T49] veth0_vlan: left promiscuous mode [ 467.807988][ T5857] Bluetooth: hci2: command tx timeout [ 467.959120][T20046] netlink: 180 bytes leftover after parsing attributes in process `syz.6.6175'. [ 468.153828][ T49] team0 (unregistering): Port device team_slave_1 removed [ 468.174599][ T49] team0 (unregistering): Port device team_slave_0 removed [ 468.320803][T19978] bridge0: port 1(bridge_slave_0) entered blocking state [ 468.328092][T19978] bridge0: port 1(bridge_slave_0) entered disabled state [ 468.335290][T19978] bridge_slave_0: entered allmulticast mode [ 468.342827][T19978] bridge_slave_0: entered promiscuous mode [ 468.353939][T19978] bridge0: port 2(bridge_slave_1) entered blocking state [ 468.363866][T19978] bridge0: port 2(bridge_slave_1) entered disabled state [ 468.388297][T19978] bridge_slave_1: entered allmulticast mode [ 468.414982][T19978] bridge_slave_1: entered promiscuous mode [ 468.535871][T19978] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 468.560865][T19978] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 468.684866][T19978] team0: Port device team_slave_0 added [ 468.719454][T19978] team0: Port device team_slave_1 added [ 468.796361][T19978] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 468.830433][T19978] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 468.933009][T19978] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 468.961222][T19978] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 468.969800][T19978] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 469.004920][T19978] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 469.171214][T19978] hsr_slave_0: entered promiscuous mode [ 469.185853][T19978] hsr_slave_1: entered promiscuous mode [ 469.194312][ T5898] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 469.217546][T19978] debugfs: 'hsr0' already exists in 'hsr' [ 469.223754][T19978] Cannot create hsr debugfs directory [ 469.360335][ T5898] usb 6-1: config 220 has an invalid interface number: 76 but max is 2 [ 469.380782][ T5898] usb 6-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 469.415965][ T5898] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 469.442157][ T5898] usb 6-1: config 220 has no interface number 2 [ 469.451482][ T5898] usb 6-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 469.489230][ T5898] usb 6-1: config 220 interface 0 has no altsetting 0 [ 469.496325][ T5898] usb 6-1: config 220 interface 76 has no altsetting 0 [ 469.518362][ T5898] usb 6-1: config 220 interface 1 has no altsetting 0 [ 469.536457][ T5898] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 469.554608][ T5898] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 469.564575][ T5898] usb 6-1: Product: syz [ 469.571081][ T5898] usb 6-1: Manufacturer: syz [ 469.591767][ T5898] usb 6-1: SerialNumber: syz [ 469.843167][ T5898] uvcvideo 6-1:220.1: Unknown video format 01000000-0000-0000-0000-000200000000 [ 469.868391][ T5898] uvcvideo 6-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 469.888841][ T5898] uvcvideo 6-1:220.0: No valid video chain found. [ 469.889076][ T5857] Bluetooth: hci2: command tx timeout [ 469.897301][ T5898] usb 6-1: selecting invalid altsetting 0 [ 469.970444][ T5898] usb 6-1: selecting invalid altsetting 0 [ 469.996727][ T5898] usbtest 6-1:220.1: probe with driver usbtest failed with error -22 [ 470.040311][ T5898] usb 6-1: USB disconnect, device number 9 [ 470.176421][T19978] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 470.208617][T19978] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 470.231597][T19978] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 470.264037][T19978] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 470.424309][T20105] overlayfs: workdir and upperdir must reside under the same mount [ 470.424761][T19978] 8021q: adding VLAN 0 to HW filter on device bond0 [ 470.528849][T19978] 8021q: adding VLAN 0 to HW filter on device team0 [ 470.587353][ T1170] bridge0: port 1(bridge_slave_0) entered blocking state [ 470.594599][ T1170] bridge0: port 1(bridge_slave_0) entered forwarding state [ 470.660958][ T1170] bridge0: port 2(bridge_slave_1) entered blocking state [ 470.668252][ T1170] bridge0: port 2(bridge_slave_1) entered forwarding state [ 471.446354][T19978] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 471.966793][ T5857] Bluetooth: hci2: command tx timeout [ 471.983141][T20167] netlink: 'syz.1.6212': attribute type 25 has an invalid length. [ 472.022669][T20167] netlink: 'syz.1.6212': attribute type 28 has an invalid length. [ 472.351487][T19978] veth0_vlan: entered promiscuous mode [ 472.404671][T19978] veth1_vlan: entered promiscuous mode [ 472.519002][T20190] loop6: detected capacity change from 0 to 2640 [ 472.528076][T19978] veth0_macvtap: entered promiscuous mode [ 472.534701][T20190] buffer_io_error: 138 callbacks suppressed [ 472.534720][T20190] Buffer I/O error on dev loop6, logical block 0, async page read [ 472.552620][T20190] Buffer I/O error on dev loop6, logical block 0, async page read [ 472.563927][T19978] veth1_macvtap: entered promiscuous mode [ 472.583003][T20190] Buffer I/O error on dev loop6, logical block 0, async page read [ 472.605313][T20190] Buffer I/O error on dev loop6, logical block 0, async page read [ 472.614234][T19978] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 472.639596][T20190] Buffer I/O error on dev loop6, logical block 0, async page read [ 472.665959][T19978] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 472.673675][T20190] Buffer I/O error on dev loop6, logical block 0, async page read [ 472.696229][T20190] Buffer I/O error on dev loop6, logical block 0, async page read [ 472.708935][T20190] Buffer I/O error on dev loop6, logical block 0, async page read [ 472.733568][ T1170] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 472.744552][ T1170] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 472.761833][T20190] ldm_validate_partition_table(): Disk read failed. [ 472.769782][ T1170] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 472.788902][T20190] Buffer I/O error on dev loop6, logical block 0, async page read [ 472.825346][ T1170] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 472.838721][T20190] Buffer I/O error on dev loop6, logical block 0, async page read [ 472.867831][T20190] Dev loop6: unable to read RDB block 0 [ 472.889383][T20190] loop6: unable to read partition table [ 472.931573][T20190] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾‚³˜) failed (rc=-5) [ 473.101142][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 473.138512][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 473.275628][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 473.292191][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 473.799397][T20222] netlink: 'syz.6.6229': attribute type 6 has an invalid length. [ 474.047127][ T5857] Bluetooth: hci2: command tx timeout [ 474.131438][T20237] netlink: 168 bytes leftover after parsing attributes in process `syz.1.6235'. [ 474.993662][T20276] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 476.206285][T20329] netlink: 36 bytes leftover after parsing attributes in process `syz.6.6275'. [ 476.497380][T20336] tipc: Started in network mode [ 476.513604][T20336] tipc: Node identity ac14140f, cluster identity 4711 [ 476.521690][T20336] tipc: New replicast peer: 255.255.255.255 [ 476.534853][T20336] tipc: Enabled bearer , priority 10 [ 476.580006][T20342] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6282'. [ 476.780033][ T1120] Bluetooth: hci4: Frame reassembly failed (-84) [ 477.147861][T20365] input: syz1 as /devices/virtual/input/input27 [ 477.648541][ T8567] tipc: Node number set to 2886997007 [ 477.920466][ T52] block nbd2: Receive control failed (result -32) [ 478.769649][ T5857] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 479.308541][T20458] netlink: 65051 bytes leftover after parsing attributes in process `syz.8.6337'. [ 479.322889][T20455] sctp: [Deprecated]: syz.1.6336 (pid 20455) Use of struct sctp_assoc_value in delayed_ack socket option. [ 479.322889][T20455] Use struct sctp_sack_info instead [ 479.438064][T20464] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 479.626826][ T5898] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 479.806739][ T5898] usb 6-1: Using ep0 maxpacket: 16 [ 479.814742][ T5898] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 479.828784][ T5898] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 479.840664][ T5898] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 479.849044][ T5898] usb 6-1: Product: syz [ 479.853560][ T5898] usb 6-1: Manufacturer: syz [ 479.859790][ T5898] usb 6-1: SerialNumber: syz [ 479.867357][ T5898] usb 6-1: config 0 descriptor?? [ 479.875565][ T5898] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 479.885012][ T5898] em28xx 6-1:0.0: DVB interface 0 found: bulk [ 480.488146][ T5898] em28xx 6-1:0.0: chip ID is em2874 [ 480.782669][ T5898] em28xx 6-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 480.792342][ T5898] em28xx 6-1:0.0: board has no eeprom [ 480.866753][ T5898] em28xx 6-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 480.889122][ T5898] em28xx 6-1:0.0: dvb set to bulk mode. [ 480.905941][ T29] em28xx 6-1:0.0: Binding DVB extension [ 480.929887][ T5898] usb 6-1: USB disconnect, device number 10 [ 480.954135][ T5898] em28xx 6-1:0.0: Disconnecting em28xx [ 481.100663][ T29] em28xx 6-1:0.0: Registering input extension [ 481.210570][ T29] rc_core: IR keymap rc-pinnacle-pctv-hd not found [ 481.218736][ T29] Registered IR keymap rc-empty [ 481.238489][ T29] rc rc0: PCTV tripleStick (292e) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0 [ 481.255921][ T29] input: PCTV tripleStick (292e) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input28 [ 481.297157][ T29] em28xx 6-1:0.0: Input extension successfully initialized [ 481.321175][ T5898] em28xx 6-1:0.0: Closing input extension [ 481.567481][ T5898] em28xx 6-1:0.0: Freeing device [ 482.236047][T20546] netlink: 'syz.5.6375': attribute type 2 has an invalid length. [ 482.878908][ T5933] usb 2-1: new full-speed USB device number 50 using dummy_hcd [ 483.049188][ T5933] usb 2-1: config 150 has an invalid interface number: 204 but max is 1 [ 483.065061][ T5933] usb 2-1: config 150 has no interface number 0 [ 483.083256][ T5933] usb 2-1: config 150 interface 204 has no altsetting 0 [ 483.105183][ T5933] usb 2-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb [ 483.136595][ T5933] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 483.155027][ T5933] usb 2-1: Product: syz [ 483.164896][ T5933] usb 2-1: Manufacturer: syz [ 483.176428][ T5933] usb 2-1: SerialNumber: syz [ 483.430079][ T5933] xr_serial 2-1:150.204: xr_serial converter detected [ 484.032504][ T5933] xr_serial ttyUSB0: Failed to set reg 0x0d: -71 [ 484.064153][ T5933] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71 [ 484.114475][ T5933] usb 2-1: USB disconnect, device number 50 [ 484.177060][ T5933] xr_serial 2-1:150.204: device disconnected [ 485.459393][T20667] netlink: 8 bytes leftover after parsing attributes in process `syz.8.6416'. [ 485.522305][T20670] netlink: 'syz.6.6417': attribute type 1 has an invalid length. [ 485.538161][T20670] netlink: 'syz.6.6417': attribute type 2 has an invalid length. [ 485.560627][T20670] netlink: 'syz.6.6417': attribute type 1 has an invalid length. [ 485.589514][T20670] netlink: 'syz.6.6417': attribute type 3 has an invalid length. [ 485.602360][T20670] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6417'. [ 485.842827][T20684] netlink: 164 bytes leftover after parsing attributes in process `syz.1.6421'. [ 485.853968][ T5898] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 486.019145][ T5898] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 486.055475][ T5898] usb 9-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 486.089463][ T5898] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 486.116276][ T5898] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 486.158218][ T5898] usb 9-1: Product: syz [ 486.172397][ T5898] usb 9-1: Manufacturer: syz [ 486.199824][ T5898] usb 9-1: SerialNumber: syz [ 486.439851][T20673] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 486.468210][T20673] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 486.534428][ T5898] cdc_ether 9-1:1.0: probe with driver cdc_ether failed with error -22 [ 486.583279][ T5898] usb 9-1: USB disconnect, device number 2 [ 487.049525][ T5898] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 487.247715][ T5898] usb 9-1: Using ep0 maxpacket: 8 [ 487.258946][ T5898] usb 9-1: config index 0 descriptor too short (expected 301, got 72) [ 487.281011][ T5898] usb 9-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 487.320188][ T5898] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 487.365509][ T5898] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 487.390524][T20742] [U] [ 487.393747][T20742] [U] [ 487.396492][T20742] [U] [ 487.399204][T20742] [U] [ 487.405618][ T5898] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 487.436768][T20742] [U] [ 487.439546][T20742] [U] [ 487.442274][T20742] [U] [ 487.444999][T20742] [U] [ 487.448006][ T5898] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 487.470069][ T5898] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 487.491202][T20742] [U] [ 487.493972][T20742] [U] [ 487.496725][T20742] [U] [ 487.499446][T20742] [U] [ 487.512838][ T5898] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 487.524696][T20742] [U] [ 487.527479][T20742] [U] [ 487.530217][T20742] [U] [ 487.533020][T20742] [U] [ 487.545892][T20742] [U] [ 487.548663][T20742] [U] [ 487.551393][T20742] [U] [ 487.554114][T20742] [U] [ 487.564861][T20742] [U] [ 487.567633][T20742] [U] [ 487.570369][T20742] [U] [ 487.573187][T20742] [U] [ 487.583946][T20749] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6442'. [ 487.593338][T20742] [U] [ 487.596177][T20742] [U] [ 487.598903][T20742] [U] [ 487.601634][T20742] [U] [ 487.611408][T20742] [U] [ 487.614275][T20742] [U] [ 487.617040][T20742] [U] [ 487.619763][T20742] [U] [ 487.632043][T20742] [U] [ 487.634833][T20742] [U] [ 487.637570][T20742] [U] [ 487.640298][T20742] [U] [ 487.666306][T20742] [U] [ 487.669089][T20742] [U] [ 487.671825][T20742] [U] [ 487.674641][T20742] [U] [ 487.677700][T20742] [U] [ 487.680527][T20742] [U] [ 487.683269][T20742] [U] [ 487.685988][T20742] [U] [ 487.689114][T20742] [U] [ 487.691864][T20742] [U] [ 487.694612][T20742] [U] [ 487.697334][T20742] [U] [ 487.700457][T20742] [U] [ 487.703200][T20742] [U] [ 487.705937][T20742] [U] [ 487.708745][T20742] [U] [ 487.721929][T20742] [U] [ 487.724701][T20742] [U] [ 487.727439][T20742] [U] [ 487.730210][T20742] [U] [ 487.737692][T20742] [U] [ 487.740489][T20742] [U] [ 487.743233][T20742] [U] [ 487.745962][T20742] [U] [ 487.756251][T20742] [U] [ 487.757621][T20753] netlink: 16 bytes leftover after parsing attributes in process `syz.6.6443'. [ 487.759024][T20742] [U] [ 487.770849][T20742] [U] [ 487.773575][T20742] [U] [ 487.782570][T20742] [U] [ 487.785420][T20742] [U] [ 487.788246][T20742] [U] [ 487.791233][T20742] [U] [ 487.794276][ T5898] usb 9-1: usb_control_msg returned -71 [ 487.810362][ T5898] usbtmc 9-1:16.0: can't read capabilities [ 487.849029][T20742] [U] [ 487.851797][T20742] [U] [ 487.854536][T20742] [U] [ 487.857259][T20742] [U] [ 487.869155][ T5898] usb 9-1: USB disconnect, device number 3 [ 487.894377][T20742] [U] [ 487.897160][T20742] [U] [ 487.899897][T20742] [U] [ 487.902633][T20742] [U] [ 487.906401][T20742] [U] [ 487.909158][T20742] [U] [ 487.911911][T20742] [U] [ 487.914646][T20742] [U] [ 487.962820][T20742] [U] [ 487.965591][T20742] [U] [ 487.968359][T20742] [U] [ 487.971120][T20742] [U] [ 488.014132][T20742] [U] [ 488.017006][T20742] [U] [ 488.019751][T20742] [U] [ 488.022486][T20742] [U] [ 488.045233][T20742] [U] [ 488.048011][T20742] [U] [ 488.050735][T20742] [U] [ 488.053464][T20742] [U] [ 488.059916][T20742] [U] [ 488.062693][T20742] [U] [ 488.065421][T20742] [U] [ 488.068165][T20742] [U] [ 488.091435][T20742] [U] [ 488.094256][T20742] [U] [ 488.096991][T20742] [U] [ 488.099719][T20742] [U] [ 488.126166][T20742] [U] [ 488.128930][T20742] [U] [ 488.131683][T20742] [U] [ 488.134423][T20742] [U] [ 488.146126][T20742] [U] [ 488.148911][T20742] [U] [ 488.151661][T20742] [U] [ 488.154412][T20742] [U] [ 488.162831][T20742] [U] [ 488.165603][T20742] [U] [ 488.168337][T20742] [U] [ 488.171064][T20742] [U] [ 488.179434][T20742] [U] [ 488.182204][T20742] [U] [ 488.184938][T20742] [U] [ 488.187699][T20742] [U] [ 488.191285][T20742] [U] [ 488.194014][T20742] [U] [ 488.196737][T20742] [U] [ 488.199459][T20742] [U] [ 488.206047][T20742] [U] [ 488.208794][T20742] [U] [ 488.211694][T20742] [U] [ 488.214433][T20742] [U] [ 488.218284][T20742] [U] [ 488.221105][T20742] [U] [ 488.223808][T20742] [U] [ 488.290931][T20738] [U] [ 488.926444][T20798] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6462'. [ 488.936517][T20798] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6462'. [ 488.952039][T20798] netlink: 2 bytes leftover after parsing attributes in process `syz.6.6462'. [ 488.995353][T20798] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6462'. [ 489.035560][T20798] netlink: 2 bytes leftover after parsing attributes in process `syz.6.6462'. [ 489.618863][T20817] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 489.943858][T20826] program syz.8.6475 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 490.385594][T20842] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 490.645409][T20851] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 492.621884][T20928] tap0: tun_chr_ioctl cmd 1074025675 [ 492.637895][T20928] tap0: persist enabled [ 493.050432][T20945] netlink: 20 bytes leftover after parsing attributes in process `syz.5.6532'. [ 493.150790][T20949] netlink: 'syz.1.6534': attribute type 10 has an invalid length. [ 493.244873][T20949] team0: Port device netdevsim0 added [ 493.532295][T20964] netlink: 8 bytes leftover after parsing attributes in process `syz.8.6543'. [ 493.572896][T20964] netlink: 8 bytes leftover after parsing attributes in process `syz.8.6543'. [ 493.670835][T20970] netlink: 44 bytes leftover after parsing attributes in process `syz.6.6544'. [ 493.682188][ T10] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 493.862380][ T10] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 493.876278][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 493.904493][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 493.904530][ T10] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 493.908105][ T10] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 493.908137][ T10] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 493.908158][ T10] usb 2-1: Manufacturer: syz [ 493.927355][ T10] usb 2-1: config 0 descriptor?? [ 494.231845][T20989] block nbd6: NBD_DISCONNECT [ 494.249092][T20987] block nbd6: Disconnected due to user request. [ 494.288589][T20987] block nbd6: shutting down sockets [ 494.361361][ T10] hid_parser_main: 27 callbacks suppressed [ 494.361386][ T10] appleir 0003:05AC:8243.0043: unknown main item tag 0x0 [ 494.425263][ T10] appleir 0003:05AC:8243.0043: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 494.566772][ T29] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 494.629098][ T10] usb 2-1: USB disconnect, device number 51 [ 494.716831][ T29] usb 6-1: Using ep0 maxpacket: 16 [ 494.725004][ T29] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 494.738672][ T29] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 494.750316][ T29] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 494.763992][ T29] usb 6-1: New USB device found, idVendor=1044, idProduct=7a4d, bcdDevice= 0.00 [ 494.774171][ T29] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 494.793774][ T29] usb 6-1: config 0 descriptor?? [ 495.183322][T21005] block device autoloading is deprecated and will be removed. [ 495.236800][ T29] hid (null): bogus close delimiter [ 495.254585][ T29] hid (null): global environment stack underflow [ 495.340177][ T29] waterforce 0003:1044:7A4D.0044: unknown main item tag 0x0 [ 495.358846][ T29] waterforce 0003:1044:7A4D.0044: unknown main item tag 0x0 [ 495.388295][ T29] waterforce 0003:1044:7A4D.0044: unknown main item tag 0x0 [ 495.411831][ T29] waterforce 0003:1044:7A4D.0044: unknown main item tag 0x0 [ 495.430093][ T29] waterforce 0003:1044:7A4D.0044: unknown main item tag 0x0 [ 495.444134][ T29] waterforce 0003:1044:7A4D.0044: unknown main item tag 0x0 [ 495.474815][ T29] waterforce 0003:1044:7A4D.0044: reserved main item tag 0xe [ 495.493104][ T29] waterforce 0003:1044:7A4D.0044: bogus close delimiter [ 495.521220][ T29] waterforce 0003:1044:7A4D.0044: item 0 0 2 10 parsing failed [ 495.544726][ T29] waterforce 0003:1044:7A4D.0044: hid parse failed with -22 [ 495.562887][ T29] waterforce 0003:1044:7A4D.0044: probe with driver waterforce failed with error -22 [ 495.599182][ T29] usb 6-1: USB disconnect, device number 11 [ 496.823139][T21071] netlink: 24 bytes leftover after parsing attributes in process `syz.6.6592'. [ 497.157811][T21085] blk_print_req_error: 138 callbacks suppressed [ 497.157832][T21085] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 497.223818][T21085] buffer_io_error: 16 callbacks suppressed [ 497.223840][T21085] Buffer I/O error on dev nbd1, logical block 0, async page read [ 497.252524][T21085] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 497.272839][T21085] Buffer I/O error on dev nbd1, logical block 1, async page read [ 497.287002][T21085] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 497.312089][T21085] Buffer I/O error on dev nbd1, logical block 2, async page read [ 497.356099][T21085] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 497.373380][T21085] Buffer I/O error on dev nbd1, logical block 3, async page read [ 497.389742][T21085] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 497.416377][T21085] Buffer I/O error on dev nbd1, logical block 0, async page read [ 497.437314][T21085] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 497.447623][T21085] Buffer I/O error on dev nbd1, logical block 1, async page read [ 497.456279][T21085] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 497.466278][T21085] Buffer I/O error on dev nbd1, logical block 2, async page read [ 497.474783][T21085] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 497.486282][T21085] Buffer I/O error on dev nbd1, logical block 3, async page read [ 497.494420][T21085] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 497.503964][T21085] Buffer I/O error on dev nbd1, logical block 0, async page read [ 497.512117][T21085] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 497.521988][T21085] Buffer I/O error on dev nbd1, logical block 1, async page read [ 497.535823][T21085] ldm_validate_partition_table(): Disk read failed. [ 497.544971][T21085] Dev nbd1: unable to read RDB block 0 [ 497.554269][T21085] nbd1: unable to read partition table [ 498.128353][ T52] Bluetooth: hci2: command tx timeout [ 498.156909][ T29] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 498.336755][ T29] usb 9-1: Using ep0 maxpacket: 16 [ 498.344306][ T29] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 498.356345][ T29] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 498.374794][ T29] usb 9-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 498.385651][ T29] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 498.393846][ T29] usb 9-1: Product: syz [ 498.398556][ T29] usb 9-1: Manufacturer: syz [ 498.403224][ T29] usb 9-1: SerialNumber: syz [ 498.410573][ T29] usb 9-1: config 0 descriptor?? [ 498.421403][ T29] em28xx 9-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 498.430837][ T29] em28xx 9-1:0.0: Audio interface 0 found (Vendor Class) [ 498.631546][T21119] bridge0: port 1(bridge_slave_0) entered disabled state [ 499.029619][ T29] em28xx 9-1:0.0: chip ID is em28178 [ 499.250192][ T809] usb 9-1: USB disconnect, device number 4 [ 499.272260][ T809] em28xx 9-1:0.0: Disconnecting em28xx [ 499.293050][ T809] em28xx 9-1:0.0: Freeing device [ 499.490646][ T5857] Bluetooth: hci0: command 0x0c1a tx timeout [ 499.578760][ T809] hid-generic 0006:0004:0009.0045: unknown main item tag 0x0 [ 499.586272][ T809] hid-generic 0006:0004:0009.0045: unknown main item tag 0x0 [ 499.593984][ T809] hid-generic 0006:0004:0009.0045: unknown main item tag 0x0 [ 499.602144][ T809] hid-generic 0006:0004:0009.0045: unknown main item tag 0x0 [ 499.609685][ T809] hid-generic 0006:0004:0009.0045: unknown main item tag 0x0 [ 499.617162][ T809] hid-generic 0006:0004:0009.0045: unknown main item tag 0x0 [ 499.624605][ T809] hid-generic 0006:0004:0009.0045: unknown main item tag 0x0 [ 499.632079][ T809] hid-generic 0006:0004:0009.0045: unknown main item tag 0x0 [ 499.639742][ T809] hid-generic 0006:0004:0009.0045: unknown main item tag 0x0 [ 499.647476][ T809] hid-generic 0006:0004:0009.0045: unknown main item tag 0x0 [ 499.657119][ T809] hid-generic 0006:0004:0009.0045: hidraw0: VIRTUAL HID v0.04 Device [syz1] on syz0 [ 499.740089][T21151] fido_id[21151]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 500.235241][T21173] overlayfs: failed to create directory ./file0/work (errno: 22); mounting read-only [ 501.239487][T21211] netlink: 'syz.8.6654': attribute type 10 has an invalid length. [ 501.260333][T21212] loop4: detected capacity change from 0 to 65536 [ 501.288027][T21211] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 501.320187][T21211] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 501.341313][T21212] loop4: detected capacity change from 65536 to 523370496 [ 501.571344][ T52] Bluetooth: hci0: command 0x0c1a tx timeout [ 501.747476][ T1317] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.986418][T21232] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6665'. [ 503.050336][T21262] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 503.088484][T21262] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off. [ 503.118147][T21262] overlayfs: failed to set uuid (106/file0, err=-13); falling back to uuid=null. [ 504.961508][T21331] netlink: 32 bytes leftover after parsing attributes in process `syz.6.6708'. [ 505.344772][T21341] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6711'. [ 506.120693][T21371] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6728'. [ 506.134308][T21371] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6728'. [ 506.839110][T21403] ªªªªªª: renamed from vlan0 (while UP) [ 506.889785][T21405] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6742'. [ 507.341756][T21422] mkiss: ax0: crc mode is auto. [ 508.005508][T21451] loop6: detected capacity change from 0 to 2640 [ 508.024155][T21451] buffer_io_error: 54 callbacks suppressed [ 508.024175][T21451] Buffer I/O error on dev loop6, logical block 0, async page read [ 508.059525][T21451] Buffer I/O error on dev loop6, logical block 0, async page read [ 508.084831][T21451] Buffer I/O error on dev loop6, logical block 0, async page read [ 508.095466][T21451] Buffer I/O error on dev loop6, logical block 0, async page read [ 508.109617][T21451] Buffer I/O error on dev loop6, logical block 0, async page read [ 508.119673][T21451] Buffer I/O error on dev loop6, logical block 0, async page read [ 508.133645][T21451] Buffer I/O error on dev loop6, logical block 0, async page read [ 508.145457][T21451] Buffer I/O error on dev loop6, logical block 0, async page read [ 508.155238][T21451] ldm_validate_partition_table(): Disk read failed. [ 508.163138][T21451] Buffer I/O error on dev loop6, logical block 0, async page read [ 508.171823][T21451] Buffer I/O error on dev loop6, logical block 0, async page read [ 508.183760][T21451] Dev loop6: unable to read RDB block 0 [ 508.191140][T21451] loop6: unable to read partition table [ 508.200551][T21451] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾‚³˜) failed (rc=-5) [ 509.180598][T21501] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6780'. [ 509.292102][T21504] netlink: 'syz.1.6783': attribute type 25 has an invalid length. [ 509.301561][T21504] netlink: 'syz.1.6783': attribute type 1 has an invalid length. [ 509.310191][T21504] bridge0: port 1(bridge_slave_0) entered disabled state [ 509.687858][ T809] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 509.860318][ T809] usb 2-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 509.872507][ T809] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 509.889761][ T809] usb 2-1: config 0 descriptor?? [ 509.906453][ T809] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 510.115254][ T30] audit: type=1326 audit(2000000163.700:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21502 comm="syz.8.6782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a219c819 code=0x7fc00000 [ 510.509504][T21544] netlink: 'syz.5.6801': attribute type 9 has an invalid length. [ 510.527219][T21544] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.6801'. [ 510.755872][ T809] usb 2-1: USB disconnect, device number 52 [ 511.379449][T21568] input: syz1 as /devices/virtual/input/input30 [ 511.571799][T21574] netlink: 190972 bytes leftover after parsing attributes in process `syz.5.6814'. [ 511.913344][T21588] netlink: 72 bytes leftover after parsing attributes in process `syz.1.6821'. [ 512.464852][T21614] netlink: 20 bytes leftover after parsing attributes in process `syz.5.6834'. [ 513.118043][T21633] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 513.127143][T21633] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 513.133684][T21633] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 513.143236][T21633] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 513.180047][T21633] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 514.216748][ T810] usb 6-1: new full-speed USB device number 12 using dummy_hcd [ 514.377952][ T5933] usb 2-1: new high-speed USB device number 53 using dummy_hcd [ 514.400841][ T810] usb 6-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 514.412773][ T810] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 514.422389][ T810] usb 6-1: Product: syz [ 514.426962][ T810] usb 6-1: Manufacturer: syz [ 514.431904][ T810] usb 6-1: SerialNumber: syz [ 514.441031][ T810] usb 6-1: config 0 descriptor?? [ 514.459688][ T810] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 514.546773][ T5933] usb 2-1: Using ep0 maxpacket: 16 [ 514.560875][ T5933] usb 2-1: config 0 has an invalid interface number: 251 but max is 0 [ 514.575909][ T5933] usb 2-1: config 0 has no interface number 0 [ 514.586790][ T5933] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 514.598456][ T5933] usb 2-1: config 0 interface 251 altsetting 0 endpoint 0x82 has invalid maxpacket 65535, setting to 1024 [ 514.610116][ T5933] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 514.623894][ T5933] usb 2-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 514.629462][T21706] can0: slcan on ttyS3. [ 514.636468][ T5933] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 514.653130][ T5933] usb 2-1: Product: syz [ 514.657582][ T5933] usb 2-1: Manufacturer: syz [ 514.662359][ T5933] usb 2-1: SerialNumber: syz [ 514.672870][ T5933] usb 2-1: config 0 descriptor?? [ 514.680505][T21692] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 514.692425][T21692] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 514.747432][T21706] can0 (unregistered): slcan off ttyS3. [ 514.921001][T21692] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 514.932356][T21692] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 515.163330][ T5933] asix 2-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 515.173943][ T52] Bluetooth: hci2: command 0x0c1a tx timeout [ 515.174014][ T52] Bluetooth: hci1: command 0x0c1a tx timeout [ 515.174042][ T52] Bluetooth: hci0: command 0x0c1a tx timeout [ 515.218448][ T5933] asix 2-1:0.251 (unnamed net_device) (uninitialized): Failed to read MAC address: -71 [ 515.241121][ T5933] asix 2-1:0.251: probe with driver asix failed with error -5 [ 515.268789][ T5933] usb 2-1: USB disconnect, device number 53 [ 515.285647][ T810] gspca_stk1135: reg_w 0x5 err -71 [ 515.296150][ T810] gspca_stk1135: serial bus timeout: status=0x00 [ 515.308073][ T810] gspca_stk1135: Sensor write failed [ 515.313467][ T810] gspca_stk1135: serial bus timeout: status=0x00 [ 515.320035][ T810] gspca_stk1135: Sensor write failed [ 515.325394][ T810] gspca_stk1135: serial bus timeout: status=0x00 [ 515.332815][ T810] gspca_stk1135: Sensor read failed [ 515.339974][ T810] gspca_stk1135: serial bus timeout: status=0x00 [ 515.348051][ T810] gspca_stk1135: Sensor read failed [ 515.353324][ T810] gspca_stk1135: Detected sensor type unknown (0x0) [ 515.365417][ T810] gspca_stk1135: serial bus timeout: status=0x00 [ 515.375986][ T810] gspca_stk1135: Sensor read failed [ 515.385657][ T810] gspca_stk1135: serial bus timeout: status=0x00 [ 515.403578][ T810] gspca_stk1135: Sensor read failed [ 515.414080][ T810] gspca_stk1135: serial bus timeout: status=0x00 [ 515.445462][ T810] gspca_stk1135: Sensor write failed [ 515.451511][ T810] gspca_stk1135: serial bus timeout: status=0x00 [ 515.460796][ T810] gspca_stk1135: Sensor write failed [ 515.466322][ T810] stk1135 6-1:0.0: probe with driver stk1135 failed with error -71 [ 515.484474][ T810] usb 6-1: USB disconnect, device number 12 [ 517.067515][T21807] tap1: tun_chr_ioctl cmd 1074025672 [ 517.072973][T21807] tap1: ignored: set checksum enabled [ 517.247049][ T52] Bluetooth: hci2: command 0x0c1a tx timeout [ 517.359611][T21817] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 518.666891][ T5891] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 518.827811][ T5891] usb 9-1: Using ep0 maxpacket: 32 [ 518.835146][ T5891] usb 9-1: config 0 has an invalid interface number: 85 but max is 0 [ 518.844330][ T5891] usb 9-1: config 0 has no interface number 0 [ 518.854960][ T5891] usb 9-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 518.855888][T21881] input: syz0 as /devices/virtual/input/input31 [ 518.869390][ T5891] usb 9-1: config 0 interface 85 has no altsetting 0 [ 518.889913][ T810] usb 2-1: new low-speed USB device number 54 using dummy_hcd [ 518.904180][ T5891] usb 9-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 518.924890][ T5891] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 518.939313][ T5891] usb 9-1: Product: syz [ 518.945009][ T5891] usb 9-1: Manufacturer: syz [ 518.955588][ T5891] usb 9-1: SerialNumber: syz [ 518.964752][ T5891] usb 9-1: config 0 descriptor?? [ 519.059136][ T810] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 519.073975][ T810] usb 2-1: config 0 has no interface number 0 [ 519.090121][ T810] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 519.111010][ T810] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 519.122320][ T810] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 519.146992][ T810] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 519.184798][ T810] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 519.196304][ T810] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 519.214304][ T810] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 519.229057][ T810] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 519.241702][ T810] usb 2-1: config 0 descriptor?? [ 519.262074][T21875] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 519.270141][T21875] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 519.307673][ T810] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 519.330730][ T52] Bluetooth: hci2: command 0x0c1a tx timeout [ 519.404146][ T30] audit: type=1326 audit(2000000172.990:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21892 comm="syz.5.6946" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f105059c819 code=0x0 [ 519.519299][ T810] usb 2-1: USB disconnect, device number 54 [ 519.546570][ T810] ldusb 2-1:0.55: LD USB Device #0 now disconnected [ 519.580708][ T5891] appletouch 9-1:0.85: Geyser mode initialized. [ 519.593916][ T5891] input: appletouch as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.85/input/input32 [ 519.717361][T21904] block nbd3: Unsupported socket: should be TCP or UNIX. [ 519.796656][ T5891] usb 9-1: USB disconnect, device number 5 [ 519.796725][ C0] appletouch 9-1:0.85: atp_complete: usb_submit_urb failed with result -19 [ 519.874140][ T5891] appletouch 9-1:0.85: input: appletouch disconnected [ 520.356805][ T29] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 520.539691][ T29] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 520.551745][ T29] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 520.563977][ T29] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 520.576079][T21933] netlink: 212340 bytes leftover after parsing attributes in process `syz.5.6953'. [ 520.583325][ T29] usb 2-1: config 0 descriptor?? [ 520.596813][T21933] openvswitch: netlink: Port 167772160 exceeds max allowable 65535 [ 521.021274][ T29] keytouch 0003:0926:3333.0046: fixing up Keytouch IEC report descriptor [ 521.058970][ T29] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0046/input/input33 [ 521.292422][ T29] keytouch 0003:0926:3333.0046: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 521.401573][T21961] netlink: 220 bytes leftover after parsing attributes in process `syz.6.6966'. [ 521.410810][ T5857] Bluetooth: hci2: command 0x0c1a tx timeout [ 521.418940][T21961] netlink: 'syz.6.6966': attribute type 2 has an invalid length. [ 521.570830][ T810] usb 2-1: USB disconnect, device number 55 [ 522.434173][ T5857] block nbd5: Receive control failed (result -107) [ 522.641009][ T5858] block nbd5: shutting down sockets [ 523.168940][T22034] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 523.486900][ T5857] Bluetooth: hci2: command 0x0c1a tx timeout [ 523.879268][T22068] netlink: 'syz.1.7017': attribute type 10 has an invalid length. [ 523.887332][T22068] netlink: 152 bytes leftover after parsing attributes in process `syz.1.7017'. [ 524.097151][T22076] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7023'. [ 525.368106][T22140] netlink: 84 bytes leftover after parsing attributes in process `syz.5.7051'. [ 525.769653][T22162] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 525.799911][T22162] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off. [ 525.820113][T22162] overlayfs: failed to get uuid (210/file0, err=-13); falling back to uuid=null. [ 525.966354][T22170] program syz.8.7066 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 526.062204][T22174] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 526.085361][T22176] block nbd5: NBD_DISCONNECT [ 526.183070][T22178] kvm: kvm [22177]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0x4000006e) = 0x8004 [ 526.332940][T22187] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 526.350022][T22187] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 526.816202][T22207] loop4: detected capacity change from 0 to 524287936 [ 527.167561][ T5891] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 527.330319][ T5891] usb 9-1: Using ep0 maxpacket: 16 [ 527.343233][ T5891] usb 9-1: config index 0 descriptor too short (expected 52, got 36) [ 527.352490][ T5891] usb 9-1: config 0 has an invalid interface number: 251 but max is 0 [ 527.361344][ T5891] usb 9-1: config 0 has no interface number 0 [ 527.367853][ T5891] usb 9-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 527.378699][ T5891] usb 9-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 527.393520][ T5891] usb 9-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 527.403358][ T5891] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 527.414951][ T5891] usb 9-1: Product: syz [ 527.421849][ T5891] usb 9-1: Manufacturer: syz [ 527.428002][ T5891] usb 9-1: SerialNumber: syz [ 527.438540][ T5891] usb 9-1: config 0 descriptor?? [ 527.445523][T22215] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 527.455014][T22215] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 527.670628][T22215] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 527.683285][T22215] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 528.101279][ T5891] asix 9-1:0.251 (unnamed net_device) (uninitialized): Interface mode not supported by driver [ 528.112246][ T5891] asix 9-1:0.251: probe with driver asix failed with error -524 [ 528.303678][ T810] usb 9-1: USB disconnect, device number 6 [ 528.506851][ T5891] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 528.588222][T22262] [ 528.590595][T22262] ====================================================== [ 528.597882][T22262] WARNING: possible circular locking dependency detected [ 528.604904][T22262] syzkaller #0 Tainted: G L [ 528.610973][T22262] ------------------------------------------------------ [ 528.618073][T22262] syz.1.7109/22262 is trying to acquire lock: [ 528.624137][T22262] ffff8880279d2ac8 (&q->elevator_lock){+.+.}-{4:4}, at: elevator_change+0x1b3/0x450 [ 528.633621][T22262] [ 528.633621][T22262] but task is already holding lock: [ 528.640978][T22262] ffff8880279d25a0 (&q->q_usage_counter(io)#52){++++}-{0:0}, at: elevator_change+0x198/0x450 [ 528.651159][T22262] [ 528.651159][T22262] which lock already depends on the new lock. [ 528.651159][T22262] [ 528.661989][T22262] [ 528.661989][T22262] the existing dependency chain (in reverse order) is: [ 528.666654][ T5891] usb 6-1: Using ep0 maxpacket: 8 [ 528.671004][T22262] [ 528.671004][T22262] -> #6 (&q->q_usage_counter(io)#52){++++}-{0:0}: [ 528.671046][T22262] blk_alloc_queue+0x546/0x680 [ 528.671073][T22262] __blk_mq_alloc_disk+0x197/0x390 [ 528.671091][T22262] nbd_dev_add+0x499/0xb50 [ 528.671111][T22262] nbd_init+0x168/0x1f0 [ 528.671132][T22262] do_one_initcall+0x250/0x870 [ 528.671157][T22262] do_initcall_level+0x104/0x190 [ 528.678610][ T5891] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 528.684778][T22262] do_initcalls+0x59/0xa0 [ 528.684808][T22262] kernel_init_freeable+0x2a6/0x3e0 [ 528.690811][ T5891] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 528.695735][T22262] kernel_init+0x1d/0x1d0 [ 528.695762][T22262] ret_from_fork+0x514/0xb70 [ 528.695785][T22262] ret_from_fork_asm+0x1a/0x30 [ 528.700935][ T5891] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 528.705394][T22262] [ 528.705394][T22262] -> #5 (fs_reclaim){+.+.}-{0:0}: [ 528.710831][ T5891] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 528.716162][T22262] fs_reclaim_acquire+0x71/0x100 [ 528.716190][T22262] kmem_cache_alloc_node_noprof+0x4a/0x690 [ 528.726561][ T5891] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 528.730836][T22262] __alloc_skb+0x1d0/0x7d0 [ 528.730861][T22262] tcp_stream_alloc_skb+0x3f/0x580 [ 528.730883][T22262] tcp_sendmsg_locked+0x1345/0x5360 [ 528.730904][T22262] tcp_sendmsg+0x2f/0x50 [ 528.730923][T22262] sock_write_iter+0x406/0x4f0 [ 528.730946][T22262] vfs_write+0x61d/0xb90 [ 528.730962][T22262] ksys_write+0x150/0x270 [ 528.737490][ T5891] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 528.746646][T22262] do_syscall_64+0x15f/0xf80 [ 528.746681][T22262] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 528.746699][T22262] [ 528.746699][T22262] -> #4 (sk_lock-AF_INET){+.+.}-{0:0}: [ 528.746731][T22262] lock_sock_nested+0x41/0x100 [ 528.746755][T22262] inet_shutdown+0x6a/0x390 [ 528.746774][T22262] nbd_mark_nsock_dead+0x2e9/0x560 [ 528.746797][T22262] recv_work+0x1c2e/0x1d40 [ 528.898587][T22262] process_scheduled_works+0xb5d/0x1860 [ 528.904815][T22262] worker_thread+0xa53/0xfc0 [ 528.910162][T22262] kthread+0x388/0x470 [ 528.914896][T22262] ret_from_fork+0x514/0xb70 [ 528.920034][T22262] ret_from_fork_asm+0x1a/0x30 [ 528.925537][T22262] [ 528.925537][T22262] -> #3 (&nsock->tx_lock){+.+.}-{4:4}: [ 528.933436][T22262] __mutex_lock+0x19e/0x1420 [ 528.938607][T22262] nbd_queue_rq+0x37b/0x1100 [ 528.943746][T22262] blk_mq_dispatch_rq_list+0xa70/0x1910 [ 528.949937][T22262] __blk_mq_sched_dispatch_requests+0xdcc/0x1600 [ 528.956811][T22262] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 528.963538][T22262] blk_mq_run_hw_queue+0x348/0x4f0 [ 528.969228][T22262] blk_mq_dispatch_list+0xd16/0xe10 [ 528.975063][T22262] blk_mq_flush_plug_list+0x48d/0x570 [ 528.980984][T22262] __blk_flush_plug+0x3ed/0x4d0 [ 528.986386][T22262] __submit_bio+0x28d/0x580 [ 528.990494][ T5891] usb 6-1: GET_CAPABILITIES returned 0 [ 528.991425][T22262] submit_bio_noacct_nocheck+0x2f4/0xa40 [ 528.991458][T22262] block_read_full_folio+0x599/0x830 [ 528.997165][ T5891] usbtmc 6-1:16.0: can't read capabilities [ 529.003105][T22262] filemap_read_folio+0x137/0x3b0 [ 529.003138][T22262] do_read_cache_folio+0x358/0x590 [ 529.003155][T22262] read_part_sector+0xb6/0x2b0 [ 529.031493][T22262] adfspart_check_ICS+0xb1/0x960 [ 529.037053][T22262] bdev_disk_changed+0x817/0x1770 [ 529.042613][T22262] blkdev_get_whole+0x380/0x510 [ 529.047992][T22262] bdev_open+0x31e/0xd30 [ 529.052870][T22262] blkdev_open+0x470/0x610 [ 529.057842][T22262] do_dentry_open+0x785/0x14e0 [ 529.063348][T22262] vfs_open+0x3b/0x340 [ 529.068068][T22262] path_openat+0x2e08/0x3860 [ 529.073223][T22262] do_file_open+0x23e/0x4a0 [ 529.078248][T22262] do_sys_openat2+0x113/0x200 [ 529.083471][T22262] __x64_sys_openat+0x138/0x170 [ 529.088852][T22262] do_syscall_64+0x15f/0xf80 [ 529.093986][T22262] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 529.100413][T22262] [ 529.100413][T22262] -> #2 (&cmd->lock){+.+.}-{4:4}: [ 529.107675][T22262] __mutex_lock+0x19e/0x1420 [ 529.113164][T22262] nbd_queue_rq+0xc6/0x1100 [ 529.118389][T22262] blk_mq_dispatch_rq_list+0xa70/0x1910 [ 529.124740][T22262] __blk_mq_sched_dispatch_requests+0xdcc/0x1600 [ 529.131728][T22262] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 529.138804][T22262] blk_mq_run_hw_queue+0x348/0x4f0 [ 529.144478][T22262] blk_mq_dispatch_list+0xd16/0xe10 [ 529.150592][T22262] blk_mq_flush_plug_list+0x48d/0x570 [ 529.156619][T22262] __blk_flush_plug+0x3ed/0x4d0 [ 529.162283][T22262] __submit_bio+0x28d/0x580 [ 529.167480][T22262] submit_bio_noacct_nocheck+0x2f4/0xa40 [ 529.173671][T22262] block_read_full_folio+0x599/0x830 [ 529.179513][T22262] filemap_read_folio+0x137/0x3b0 [ 529.185166][T22262] do_read_cache_folio+0x358/0x590 [ 529.190818][T22262] read_part_sector+0xb6/0x2b0 [ 529.196242][T22262] adfspart_check_ICS+0xb1/0x960 [ 529.201750][T22262] bdev_disk_changed+0x817/0x1770 [ 529.204910][ T5891] usb 6-1: USB disconnect, device number 13 [ 529.207485][T22262] blkdev_get_whole+0x380/0x510 [ 529.207519][T22262] bdev_open+0x31e/0xd30 [ 529.207542][T22262] blkdev_open+0x470/0x610 [ 529.207559][T22262] do_dentry_open+0x785/0x14e0 [ 529.234880][T22262] vfs_open+0x3b/0x340 [ 529.239562][T22262] path_openat+0x2e08/0x3860 [ 529.245054][T22262] do_file_open+0x23e/0x4a0 [ 529.250105][T22262] do_sys_openat2+0x113/0x200 [ 529.255310][T22262] __x64_sys_openat+0x138/0x170 [ 529.260685][T22262] do_syscall_64+0x15f/0xf80 [ 529.265913][T22262] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 529.272358][T22262] [ 529.272358][T22262] -> #1 (set->srcu){.+.+}-{0:0}: [ 529.279576][T22262] __synchronize_srcu+0xca/0x300 [ 529.285064][T22262] elevator_switch+0x1e8/0x7a0 [ 529.290406][T22262] elevator_change+0x2cc/0x450 [ 529.295696][T22262] elevator_set_default+0x36c/0x430 [ 529.301517][T22262] blk_register_queue+0x3e9/0x4e0 [ 529.307067][T22262] __add_disk+0x677/0xd50 [ 529.311932][T22262] add_disk_fwnode+0xfb/0x480 [ 529.317133][T22262] nbd_dev_add+0x72c/0xb50 [ 529.322078][T22262] nbd_init+0x168/0x1f0 [ 529.326798][T22262] do_one_initcall+0x250/0x870 [ 529.332128][T22262] do_initcall_level+0x104/0x190 [ 529.337616][T22262] do_initcalls+0x59/0xa0 [ 529.342481][T22262] kernel_init_freeable+0x2a6/0x3e0 [ 529.348203][T22262] kernel_init+0x1d/0x1d0 [ 529.353077][T22262] ret_from_fork+0x514/0xb70 [ 529.358239][T22262] ret_from_fork_asm+0x1a/0x30 [ 529.363677][T22262] [ 529.363677][T22262] -> #0 (&q->elevator_lock){+.+.}-{4:4}: [ 529.371589][T22262] __lock_acquire+0x15a5/0x2cf0 [ 529.377198][T22262] lock_acquire+0x106/0x350 [ 529.382235][T22262] __mutex_lock+0x19e/0x1420 [ 529.387363][T22262] elevator_change+0x1b3/0x450 [ 529.392657][T22262] elevator_set_none+0xb5/0x140 [ 529.398159][T22262] blk_mq_update_nr_hw_queues+0x5e7/0x1a60 [ 529.404521][T22262] nbd_start_device+0x17f/0xb10 [ 529.409930][T22262] nbd_genl_connect+0x165b/0x1cf0 [ 529.415598][T22262] genl_family_rcv_msg_doit+0x22a/0x330 [ 529.421691][T22262] genl_rcv_msg+0x61c/0x7a0 [ 529.426721][T22262] netlink_rcv_skb+0x232/0x4b0 [ 529.432023][T22262] genl_rcv+0x28/0x40 [ 529.436539][T22262] netlink_unicast+0x80f/0x9b0 [ 529.441846][T22262] netlink_sendmsg+0x813/0xb40 [ 529.447127][T22262] ____sys_sendmsg+0x972/0x9f0 [ 529.452579][T22262] ___sys_sendmsg+0x2a5/0x360 [ 529.457861][T22262] __x64_sys_sendmsg+0x1bd/0x2a0 [ 529.463316][T22262] do_syscall_64+0x15f/0xf80 [ 529.468427][T22262] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 529.474843][T22262] [ 529.474843][T22262] other info that might help us debug this: [ 529.474843][T22262] [ 529.485091][T22262] Chain exists of: [ 529.485091][T22262] &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#52 [ 529.485091][T22262] [ 529.499033][T22262] Possible unsafe locking scenario: [ 529.499033][T22262] [ 529.506667][T22262] CPU0 CPU1 [ 529.512062][T22262] ---- ---- [ 529.517427][T22262] lock(&q->q_usage_counter(io)#52); [ 529.522811][T22262] lock(fs_reclaim); [ 529.529329][T22262] lock(&q->q_usage_counter(io)#52); [ 529.537323][T22262] lock(&q->elevator_lock); [ 529.541924][T22262] [ 529.541924][T22262] *** DEADLOCK *** [ 529.541924][T22262] [ 529.550095][T22262] 6 locks held by syz.1.7109/22262: [ 529.555370][T22262] #0: ffffffff8fe5be08 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 529.563587][T22262] #1: ffffffff8fe5bc40 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10b/0x7a0 [ 529.572682][T22262] #2: ffff888027aca1c0 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0xad/0x1a60 [ 529.584174][T22262] #3: ffff888027aca0d0 (&set->tag_list_lock){+.+.}-{4:4}, at: blk_mq_update_nr_hw_queues+0xc0/0x1a60 [ 529.595162][T22262] #4: ffff8880279d25a0 (&q->q_usage_counter(io)#52){++++}-{0:0}, at: elevator_change+0x198/0x450 [ 529.606092][T22262] #5: ffff8880279d25d8 (&q->q_usage_counter(queue)#36){+.+.}-{0:0}, at: elevator_change+0x198/0x450 [ 529.617078][T22262] [ 529.617078][T22262] stack backtrace: [ 529.623086][T22262] CPU: 1 UID: 0 PID: 22262 Comm: syz.1.7109 Tainted: G L syzkaller #0 PREEMPT(full) [ 529.623107][T22262] Tainted: [L]=SOFTLOCKUP [ 529.623111][T22262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 529.623119][T22262] Call Trace: [ 529.623125][T22262] [ 529.623131][T22262] dump_stack_lvl+0xe8/0x150 [ 529.623152][T22262] print_circular_bug+0x2e1/0x300 [ 529.623165][T22262] check_noncircular+0x12e/0x150 [ 529.623178][T22262] __lock_acquire+0x15a5/0x2cf0 [ 529.623198][T22262] ? elevator_change+0x1b3/0x450 [ 529.623214][T22262] lock_acquire+0x106/0x350 [ 529.623229][T22262] ? elevator_change+0x1b3/0x450 [ 529.623247][T22262] __mutex_lock+0x19e/0x1420 [ 529.623263][T22262] ? elevator_change+0x1b3/0x450 [ 529.623279][T22262] ? rcu_is_watching+0x15/0xb0 [ 529.623297][T22262] ? work_grab_pending+0x3d1/0x990 [ 529.623313][T22262] ? elevator_change+0x1b3/0x450 [ 529.623329][T22262] ? __pfx___mutex_lock+0x10/0x10 [ 529.623344][T22262] ? enable_work+0x17f/0x230 [ 529.623361][T22262] ? lockdep_hardirqs_on+0x7a/0x110 [ 529.623377][T22262] ? __cancel_work_sync+0xf7/0x110 [ 529.623388][T22262] ? blk_mq_cancel_work_sync+0xa5/0xe0 [ 529.623399][T22262] elevator_change+0x1b3/0x450 [ 529.623416][T22262] elevator_set_none+0xb5/0x140 [ 529.623432][T22262] ? __pfx_elevator_set_none+0x10/0x10 [ 529.623468][T22262] ? xa_load+0x1db/0x210 [ 529.623485][T22262] blk_mq_update_nr_hw_queues+0x5e7/0x1a60 [ 529.623500][T22262] ? kernfs_add_one+0x477/0x5c0 [ 529.623517][T22262] ? __pfx_blk_mq_update_nr_hw_queues+0x10/0x10 [ 529.623530][T22262] ? sysfs_add_file_mode_ns+0x259/0x300 [ 529.623545][T22262] nbd_start_device+0x17f/0xb10 [ 529.623561][T22262] ? device_create_file+0xf4/0x1b0 [ 529.623576][T22262] nbd_genl_connect+0x165b/0x1cf0 [ 529.623590][T22262] ? __pfx___nla_validate_parse+0x10/0x10 [ 529.623603][T22262] ? __pfx_nbd_genl_connect+0x10/0x10 [ 529.623618][T22262] ? rcu_is_watching+0x15/0xb0 [ 529.623634][T22262] ? trace_kmalloc+0x2a/0xf0 [ 529.623652][T22262] ? __nla_parse+0x40/0x60 [ 529.623662][T22262] ? genl_family_rcv_msg_attrs_parse+0x20b/0x2f0 [ 529.623678][T22262] ? genl_family_rcv_msg_attrs_parse+0x265/0x2f0 [ 529.623694][T22262] genl_family_rcv_msg_doit+0x22a/0x330 [ 529.623715][T22262] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 529.623731][T22262] ? __lock_acquire+0x6b5/0x2cf0 [ 529.623748][T22262] genl_rcv_msg+0x61c/0x7a0 [ 529.623762][T22262] ? __pfx_genl_rcv_msg+0x10/0x10 [ 529.623775][T22262] ? __pfx_nbd_genl_connect+0x10/0x10 [ 529.623791][T22262] netlink_rcv_skb+0x232/0x4b0 [ 529.623803][T22262] ? __pfx_genl_rcv_msg+0x10/0x10 [ 529.623816][T22262] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 529.623826][T22262] ? genl_rcv+0x19/0x40 [ 529.623842][T22262] ? down_read+0x270/0x2e0 [ 529.623857][T22262] ? genl_rcv+0xd/0x40 [ 529.623870][T22262] genl_rcv+0x28/0x40 [ 529.623883][T22262] netlink_unicast+0x80f/0x9b0 [ 529.623900][T22262] ? __pfx_netlink_unicast+0x10/0x10 [ 529.623916][T22262] ? netlink_sendmsg+0x650/0xb40 [ 529.623926][T22262] ? skb_put+0x11b/0x210 [ 529.623940][T22262] netlink_sendmsg+0x813/0xb40 [ 529.623953][T22262] ? __pfx_netlink_sendmsg+0x10/0x10 [ 529.623965][T22262] ? aa_sock_msg_perm+0xf1/0x1b0 [ 529.623976][T22262] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 529.623993][T22262] ____sys_sendmsg+0x972/0x9f0 [ 529.624006][T22262] ? __might_fault+0xaf/0x130 [ 529.624023][T22262] ? __pfx_____sys_sendmsg+0x10/0x10 [ 529.624038][T22262] ? import_iovec+0x73/0xa0 [ 529.624055][T22262] ___sys_sendmsg+0x2a5/0x360 [ 529.624068][T22262] ? __lock_acquire+0x6b5/0x2cf0 [ 529.624083][T22262] ? __pfx____sys_sendmsg+0x10/0x10 [ 529.624098][T22262] ? futex_wait+0x2a2/0x390 [ 529.624125][T22262] ? __fget_files+0x2a/0x420 [ 529.624147][T22262] ? __fget_files+0x3a0/0x420 [ 529.624172][T22262] __x64_sys_sendmsg+0x1bd/0x2a0 [ 529.624194][T22262] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 529.624217][T22262] ? __sys_socketpair+0x4a8/0x560 [ 529.624229][T22262] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 529.624241][T22262] do_syscall_64+0x15f/0xf80 [ 529.624255][T22262] ? trace_irq_disable+0x3b/0x140 [ 529.624269][T22262] ? clear_bhb_loop+0x40/0x90 [ 529.624281][T22262] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 529.624293][T22262] RIP: 0033:0x7f34c319c819 [ 529.624305][T22262] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 529.624315][T22262] RSP: 002b:00007f34c3fb9028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 529.624330][T22262] RAX: ffffffffffffffda RBX: 00007f34c3415fa0 RCX: 00007f34c319c819 [ 529.624338][T22262] RDX: 0000000020000000 RSI: 0000200000001ac0 RDI: 0000000000000004 [ 529.624346][T22262] RBP: 00007f34c3232c91 R08: 0000000000000000 R09: 0000000000000000 [ 529.624353][T22262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 529.624360][T22262] R13: 00007f34c3416038 R14: 00007f34c3415fa0 R15: 00007fff0355cdf8 [ 529.624372][T22262] [ 530.181009][ T52] block nbd3: Receive control failed (result -32) [ 530.187051][ T5857] block nbd3: Receive control failed (result -32) [ 530.216920][T22262] nbd3: detected capacity change from 0 to 63 [ 530.224665][ T5858] block nbd3: Dead connection, failed to find a fallback [ 530.231981][ T5858] block nbd3: shutting down sockets [ 530.237262][ T5858] blk_print_req_error: 54 callbacks suppressed [ 530.237279][ T5858] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 530.253039][ T5858] buffer_io_error: 11 callbacks suppressed [ 530.253055][ T5858] Buffer I/O error on dev nbd3, logical block 0, async page read [ 530.267043][ T5858] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 530.276109][ T5858] Buffer I/O error on dev nbd3, logical block 1, async page read [ 530.284233][ T5858] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 530.293549][ T5858] Buffer I/O error on dev nbd3, logical block 2, async page read [ 530.301762][ T5858] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 530.310855][ T5858] Buffer I/O error on dev nbd3, logical block 3, async page read [ 530.318904][ T5858] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 530.328305][ T5858] Buffer I/O error on dev nbd3, logical block 0, async page read [ 530.336173][ T5858] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 530.345369][ T5858] Buffer I/O error on dev nbd3, logical block 1, async page read [ 530.353330][ T5858] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 530.362506][ T5858] Buffer I/O error on dev nbd3, logical block 2, async page read [ 530.370961][ T5858] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 530.380389][ T5858] Buffer I/O error on dev nbd3, logical block 3, async page read [ 530.388501][ T5858] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 530.397600][ T5858] Buffer I/O error on dev nbd3, logical block 0, async page read [ 530.405525][ T5858] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 530.414693][ T5858] Buffer I/O error on dev nbd3, logical block 1, async page read [ 530.423855][ T5858] ldm_validate_partition_table(): Disk read failed. [ 530.431442][ T5858] Dev nbd3: unable to read RDB block 0 [ 530.438227][ T5858] nbd3: unable to read partition table [ 530.449825][ T5858] ldm_validate_partition_table(): Disk read failed. [ 530.458642][ T5858] Dev nbd3: unable to read RDB block 0 [ 530.464958][ T5858] nbd3: unable to read partition table