last executing test programs: 5m51.424316382s ago: executing program 4 (id=382): r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002) write$binfmt_aout(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="03070000b5"], 0xc8) dup3(r1, r0, 0x0) 5m51.146803868s ago: executing program 4 (id=386): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x3a8bc000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) madvise(&(0x7f00002eb000/0x3000)=nil, 0x3000, 0x19) 5m50.075943639s ago: executing program 4 (id=395): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x1000) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) read$FUSE(r0, &(0x7f0000000640)={0x2020}, 0x2020) 5m48.422244152s ago: executing program 4 (id=416): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x1805406, 0x0) mount$9p_unix(&(0x7f0000000440)='./file0/file0/file0\x00', &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x121f408, 0x0) 5m48.081401844s ago: executing program 4 (id=419): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x30, r1, 0x5, 0x70bd2f, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0x14, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_RSSI_THRESHOLD={0x8, 0x14, 0xffffffffffffffee}, @NL80211_MESHCONF_CONNECTED_TO_GATE={0x5, 0x1d, 0x1}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x24008000}, 0x2000a040) 5m47.54392509s ago: executing program 4 (id=424): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'gretap0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0x5}, {0xffff, 0xffff}, {0xe}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x18, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x77359c01}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x1}]}}]}, 0x48}}, 0x0) 5m47.08233599s ago: executing program 32 (id=424): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'gretap0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0x5}, {0xffff, 0xffff}, {0xe}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x18, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x77359c01}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x1}]}}]}, 0x48}}, 0x0) 2m24.0678573s ago: executing program 1 (id=2849): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000000e00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) r1 = fsopen(&(0x7f0000000100)='cifs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000180)='user\x00', &(0x7f0000000040), 0x0) 2m23.91431171s ago: executing program 1 (id=2851): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d04001c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a5400300001d2300000009"}}}}}}}, 0x0) syz_emit_ethernet(0xa2, &(0x7f00000000c0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x18}, @void, {@ipv4={0x800, @udp={{0xc, 0x4, 0x0, 0x0, 0x94, 0xfffc, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@timestamp_addr={0x44, 0x1c, 0x13, 0x1, 0x6, [{@broadcast, 0xe}, {@local, 0xc2cc}, {@empty, 0x2}]}]}}, {0x0, 0x4e20, 0x64, 0x0, @wg=@response={0x2, 0x7, 0x1, "b3ed3f3eff5dc97c0e6617a580210ec9809bfa714677994cee3213c83202ca3f", "c36db0aa77ffea8b5303ccd0e06692e1", {"0ee9ef2f500c2a6b0d0400156feac886", "fa0e64385c7c64b5a387c641f2aafe69"}}}}}}}, 0x0) 2m23.743263887s ago: executing program 1 (id=2853): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10) r1 = syz_open_dev$tty20(0xc, 0x4, 0x1) write$binfmt_misc(r1, &(0x7f0000000240), 0xfffffecc) ioctl$TIOCL_PASTESEL(r1, 0x541c, &(0x7f0000000000)) 2m22.466629302s ago: executing program 1 (id=2865): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000000)='binfmt_misc\x00', 0xc00, 0x0) chroot(&(0x7f0000000100)='./file0\x00') mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) pivot_root(&(0x7f0000007b00)='./file0/../file0\x00', &(0x7f0000000280)='./file0\x00') 2m22.139987157s ago: executing program 1 (id=2867): r0 = socket$key(0xf, 0x3, 0x2) r1 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x8005885, 0x0, 0x0, 0xb9}, &(0x7f0000000340)=0x0, &(0x7f0000002300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000380)="86d7add1f4362b71bfe1019965", 0xd}, {&(0x7f0000000500)="47c12a", 0x3}], 0x2}, 0x0, 0x44, 0x1}) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) 2m21.380929931s ago: executing program 1 (id=2870): symlink(&(0x7f00000016c0)='./file0\x00', &(0x7f0000001700)='./file0\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) lchown(&(0x7f00000006c0)='./file0\x00', 0x0, 0xee01) newfstatat(0xffffffffffffff9c, &(0x7f0000000340)='./file0/../file0\x00', 0x0, 0x100) 2m20.672275974s ago: executing program 33 (id=2870): symlink(&(0x7f00000016c0)='./file0\x00', &(0x7f0000001700)='./file0\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) lchown(&(0x7f00000006c0)='./file0\x00', 0x0, 0xee01) newfstatat(0xffffffffffffff9c, &(0x7f0000000340)='./file0/../file0\x00', 0x0, 0x100) 1m18.009014844s ago: executing program 6 (id=3570): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000e00)={&(0x7f0000000980)='sys_exit\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000002340)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4509c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a900d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a3c0db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848022e8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0000000000000000000000000001545f0ec539c3b58facd2f62dc3307a6c91d6b"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000380)={@cgroup=r1, r1, 0x2f, 0x2000, 0x4}, 0x20) 1m17.810962263s ago: executing program 6 (id=3574): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8041, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x1, 0x0, 0x0, 0x9, "00629a7d82090100000000000000f7fffffb00"}) r1 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) dup3(r1, r0, 0x0) readv(r0, &(0x7f00000003c0)=[{&(0x7f0000000e00)=""/4096, 0x1000}], 0x1) 1m17.718066323s ago: executing program 6 (id=3576): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000005c0)='syz_tun\x00', 0x10) sendto$inet(r0, 0x0, 0x0, 0x24000840, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x76, &(0x7f0000000100)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x3c, 0x68, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x15, 0x10, 0x0, 0x0, 0x1, {[@md5sig={0x13, 0x12, "a6a8709d251e6a4c70438886819ca8bf"}, @mptcp=@synack={0x1e, 0x10, 0x1, 0x2, 0xe5, 0x1000, 0x6}, @md5sig={0x13, 0x12, "d1ebface2434c6552c453f3279859585"}, @sack={0x5, 0xa, [0x9, 0x1]}]}}}}}}}, 0x0) 1m17.555991934s ago: executing program 6 (id=3577): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f0000000340)='./file0\x00') mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='sysfs\x00', 0x0, 0x0) mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='./control\x00', 0x0, 0x2000, 0x0) 1m17.507297346s ago: executing program 6 (id=3578): timer_create(0x3, &(0x7f0000533fa0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) 1m17.276282592s ago: executing program 6 (id=3580): bind$alg(0xffffffffffffffff, 0x0, 0x0) ioctl$CEC_TRANSMIT(0xffffffffffffffff, 0xc0386105, 0x0) r0 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000100)={0x24, 0x0, &(0x7f0000000280)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc38, &(0x7f0000002d00)=ANY=[@ANYRES32, @ANYBLOB, @ANYBLOB="d57caa5d161659079c8c42ccca0a726d435d893bf7ab5d33487c12277b999be7699ae2dac9851ece214371fdfe42931fd7cd52c3a5656466d2695d9fcece54109350137bff9e5c9479e98b7956313e6cb468a20cc5443642ecb53b13f8372c87cebc0754ac3698c20b3ddda309aa014ec28588f047960de76b543be03f50e38502b85356dabb34043b31a38466389d26996447dbf645b726c79c7a38f1c539318251b0ba6764a007d4d6759920dd3b6f51d919741a616d9ff83aeffae4eccd592b6b320cac167be6ad16bc5c0170d160ddf9c8348cafc56eeac28233c5aa7a96394875a6e5bfaad86f9c69609938f5f63f09916aed9e88ec813091d161d15b92542b5206a89cd5c2e46b425d13143f8ca3070308fcbb16201bd3289d15c5eabbd06100cd225d920fbb9714fccea89c43a1f5e6cc1bd8898fa6fa09d66620336144c8f3f4e68e24f9b31a3513bd14bfee099edbb46e494341e597dd02d22b51e3784c2b2a26392fe33133c2be3b052034bbd03aef8808eb90d9b019126e653952680b25e87d45a625dd294ad3649b167890e4f0c632cdae1acfd3fb7cf1b32f3be8ffb254f8156fd556be14f51c1629e270d5fe83b17b0d2e44fc17964b6f77d48a394d3a9e01af9af674e184ec376efca15808dfaca09fa636174f43549897de261b6039c17f06fb9ffdb67ca951acb39da42d2bf200a7f146503ff16484735ea05bbfda7972b7406aed5b3851d8eb6dadfdf9f11069cbc748dd769448195f3c863b6a9d57cf44d40a3a20d065518a60b4a4398808ff6c72ef7cf400cd8cce0b460dee12d1b5c82eaa481ea1df3d673d5314fcb6b1fd144dcdb94af0fed275956ab4fbf2cac851e0ce2763a70c44989541018722d5846c7760435b3e57d7ec89cf9daa0475a6d60dd44aae18540184111fbacfca4de1ab788e3bc918a1b9aca9c9a460f0658f6128035b4d52ad301fe4a48b0b78992e575c8b92d20c2c489ef79e772aaab9493e186b219f20414dbd395a132a94d1ace91bee315421d4d0bd71b4f4aee39ae1a4dad8d99bb67bf1bf31426ef7567f79a5ce971936a742e3832e044d5f949093087cc8bbea60ce9ff3c437b9d0d93be611b07b59e83f251f3216d9df0aa5088b4f79dd043978041a793c364e70f64c1d3d2f968d6de57ae0e7c3a9294b1e48b3d7db0f59dd8d39c3830d14d778dbb15aa14a5f3b1a7f733bcfbc69a51ba45386c0f8b810175d043e5f199c6ebcf8ade0e86cb3f6c5796cf7ff68f642cfaa806893270f753f2ae6f31a8d7fb569c5dcfe357d08de2015388763c9da12afb55871db5f93c44e862d60a7b648a558cf39a9d047c0e05d1f7dfe139731cfb531b1c812888f4e500d114d7d59c7d967b3b2a5da17c985330e867ba026457ffba7da77d1c7453804b9bdeb494e56a5bbe1b049fb73add4568c69ab2da730f5c3ef6bee4ffc8cab0f52be6bc5f30402d111109ec14d78df5235cf46747efe85f46edaeb8007255cded477941bd46ee1bfb746a73285902d488e109cf9a058968732755318dc2c4d09173726948468d6553e1eefa41e2c4f4a4211ac212368d3b1f14e689b0c38ba746b585ea97db962972b0e1f4e09d52ea46076637be555060c14c7f2b4f3a7d3c62bcbf758b40d30cad8aaeddb83a403760db7b5ff609b6dc83b7ba52de0c5267f0052a0c5b6ddd6c960b36cbfa818ddb44d59a3f6126a439722978b899e6f2487696416945599b9f28bb51e4073cbeb8ca8e5fdd64cf672dddc5989b3ae61789d88100b8cc0e1144a488985ef60020e51a672699512f3b69520701272ffcefb2604bd898fd1333b6d5c1ec24ada8e5eb83c9b5d63646a2fad8a5b4eb72d6e18ff94838d7fce912919c51ac3076f397a7eb3a53405d0c81dc45999ea810b5f2ce3c47fcfcd3b0e4fec07ab1b22b0f662f54cfbba5599d2c86be6d1276c6dda16af19e1057159dd38adedd86019166521f99a8b8b75825dc408a0b75d982c0e0fa7a97aefa0b133c5fc593105214a8015b9410bb2bb02de584e128b81c9eadc8291afd03ac21337134979961def8d1bdfa6f33b225c2e5cf97b1de7746477b8303bb98bb9bc9281273c440380f73c94359ef461647f8b97696373f449454fe90b16739cff8b55026038badb8f06bb8c828dd51073d467d290caa2ba65e5832550957f061a1fddb74b85cfca415933e02b1aa403d121c1a1e96d1e25314bda28df6cc98918b62b3dd1e26030356581b2a226850f23b4c54e8cd0f33dec8a4da83e333b9eee835c7583ff75a3955e2fdfb5b84d6fad77fe30d13f58f6fb18af5c05b5b3b8c1ae599ba3da7b849374e44c2d4c7e5f568370ded1a788d858683e7244f5702ea75fe4641c7b4e47e9e32959569db7457390f848bbf872ac4ae24d978a2cf068a03624d834976d0230a0f53a27c4a35cf15e2be7e90598e231292847904bfe52e49f1691", @ANYRES16]) 1m16.939523575s ago: executing program 34 (id=3580): bind$alg(0xffffffffffffffff, 0x0, 0x0) ioctl$CEC_TRANSMIT(0xffffffffffffffff, 0xc0386105, 0x0) r0 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000100)={0x24, 0x0, &(0x7f0000000280)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc38, &(0x7f0000002d00)=ANY=[@ANYRES32, @ANYBLOB, @ANYBLOB="d57caa5d161659079c8c42ccca0a726d435d893bf7ab5d33487c12277b999be7699ae2dac9851ece214371fdfe42931fd7cd52c3a5656466d2695d9fcece54109350137bff9e5c9479e98b7956313e6cb468a20cc5443642ecb53b13f8372c87cebc0754ac3698c20b3ddda309aa014ec28588f047960de76b543be03f50e38502b85356dabb34043b31a38466389d26996447dbf645b726c79c7a38f1c539318251b0ba6764a007d4d6759920dd3b6f51d919741a616d9ff83aeffae4eccd592b6b320cac167be6ad16bc5c0170d160ddf9c8348cafc56eeac28233c5aa7a96394875a6e5bfaad86f9c69609938f5f63f09916aed9e88ec813091d161d15b92542b5206a89cd5c2e46b425d13143f8ca3070308fcbb16201bd3289d15c5eabbd06100cd225d920fbb9714fccea89c43a1f5e6cc1bd8898fa6fa09d66620336144c8f3f4e68e24f9b31a3513bd14bfee099edbb46e494341e597dd02d22b51e3784c2b2a26392fe33133c2be3b052034bbd03aef8808eb90d9b019126e653952680b25e87d45a625dd294ad3649b167890e4f0c632cdae1acfd3fb7cf1b32f3be8ffb254f8156fd556be14f51c1629e270d5fe83b17b0d2e44fc17964b6f77d48a394d3a9e01af9af674e184ec376efca15808dfaca09fa636174f43549897de261b6039c17f06fb9ffdb67ca951acb39da42d2bf200a7f146503ff16484735ea05bbfda7972b7406aed5b3851d8eb6dadfdf9f11069cbc748dd769448195f3c863b6a9d57cf44d40a3a20d065518a60b4a4398808ff6c72ef7cf400cd8cce0b460dee12d1b5c82eaa481ea1df3d673d5314fcb6b1fd144dcdb94af0fed275956ab4fbf2cac851e0ce2763a70c44989541018722d5846c7760435b3e57d7ec89cf9daa0475a6d60dd44aae18540184111fbacfca4de1ab788e3bc918a1b9aca9c9a460f0658f6128035b4d52ad301fe4a48b0b78992e575c8b92d20c2c489ef79e772aaab9493e186b219f20414dbd395a132a94d1ace91bee315421d4d0bd71b4f4aee39ae1a4dad8d99bb67bf1bf31426ef7567f79a5ce971936a742e3832e044d5f949093087cc8bbea60ce9ff3c437b9d0d93be611b07b59e83f251f3216d9df0aa5088b4f79dd043978041a793c364e70f64c1d3d2f968d6de57ae0e7c3a9294b1e48b3d7db0f59dd8d39c3830d14d778dbb15aa14a5f3b1a7f733bcfbc69a51ba45386c0f8b810175d043e5f199c6ebcf8ade0e86cb3f6c5796cf7ff68f642cfaa806893270f753f2ae6f31a8d7fb569c5dcfe357d08de2015388763c9da12afb55871db5f93c44e862d60a7b648a558cf39a9d047c0e05d1f7dfe139731cfb531b1c812888f4e500d114d7d59c7d967b3b2a5da17c985330e867ba026457ffba7da77d1c7453804b9bdeb494e56a5bbe1b049fb73add4568c69ab2da730f5c3ef6bee4ffc8cab0f52be6bc5f30402d111109ec14d78df5235cf46747efe85f46edaeb8007255cded477941bd46ee1bfb746a73285902d488e109cf9a058968732755318dc2c4d09173726948468d6553e1eefa41e2c4f4a4211ac212368d3b1f14e689b0c38ba746b585ea97db962972b0e1f4e09d52ea46076637be555060c14c7f2b4f3a7d3c62bcbf758b40d30cad8aaeddb83a403760db7b5ff609b6dc83b7ba52de0c5267f0052a0c5b6ddd6c960b36cbfa818ddb44d59a3f6126a439722978b899e6f2487696416945599b9f28bb51e4073cbeb8ca8e5fdd64cf672dddc5989b3ae61789d88100b8cc0e1144a488985ef60020e51a672699512f3b69520701272ffcefb2604bd898fd1333b6d5c1ec24ada8e5eb83c9b5d63646a2fad8a5b4eb72d6e18ff94838d7fce912919c51ac3076f397a7eb3a53405d0c81dc45999ea810b5f2ce3c47fcfcd3b0e4fec07ab1b22b0f662f54cfbba5599d2c86be6d1276c6dda16af19e1057159dd38adedd86019166521f99a8b8b75825dc408a0b75d982c0e0fa7a97aefa0b133c5fc593105214a8015b9410bb2bb02de584e128b81c9eadc8291afd03ac21337134979961def8d1bdfa6f33b225c2e5cf97b1de7746477b8303bb98bb9bc9281273c440380f73c94359ef461647f8b97696373f449454fe90b16739cff8b55026038badb8f06bb8c828dd51073d467d290caa2ba65e5832550957f061a1fddb74b85cfca415933e02b1aa403d121c1a1e96d1e25314bda28df6cc98918b62b3dd1e26030356581b2a226850f23b4c54e8cd0f33dec8a4da83e333b9eee835c7583ff75a3955e2fdfb5b84d6fad77fe30d13f58f6fb18af5c05b5b3b8c1ae599ba3da7b849374e44c2d4c7e5f568370ded1a788d858683e7244f5702ea75fe4641c7b4e47e9e32959569db7457390f848bbf872ac4ae24d978a2cf068a03624d834976d0230a0f53a27c4a35cf15e2be7e90598e231292847904bfe52e49f1691", @ANYRES16]) 15.817709359s ago: executing program 3 (id=4341): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000080)=0x81, 0x43) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000880)={'ip6gretap0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000180)="0b036800e0ff64000200475400f6a13bb10000000800894f4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14) 15.668453382s ago: executing program 3 (id=4342): recvmmsg(0xffffffffffffffff, &(0x7f000000ab40)=[{{&(0x7f00000003c0)=@l2={0x1f, 0x0, @none}, 0x80, 0x0}, 0x8}, {{&(0x7f0000000a00)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x80, 0x0}, 0x7}], 0x2, 0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r1, &(0x7f0000000440)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x1, @rand_addr=0x64010101}, 0xa, 0x0, 0x800}}, 0x26) sendmmsg$inet(r1, &(0x7f0000005f80)=[{{0x0, 0x0, &(0x7f0000005dc0)=[{&(0x7f00000010c0)="7d5107673289eeae3f806c5c62db497a0299399ab6101c3b", 0x1}], 0x1}}], 0x4000000000001ce, 0x8040) 15.363156932s ago: executing program 3 (id=4347): r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x10001]}, 0x8, 0x0) ppoll(&(0x7f00000000c0)=[{r0, 0x10}, {r0, 0x1a084}], 0x2, 0x0, 0x0, 0x0) r1 = getpid() timer_create(0x2, &(0x7f0000000800)={0x0, 0x21, 0x4, @tid=r1}, &(0x7f0000000000)=0x0) timer_settime(r2, 0x1, &(0x7f0000000880)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) 14.386124364s ago: executing program 3 (id=4353): r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000340)=@abs={0x1, 0x0, 0x104e22}, 0x6e) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000002c0)=0x20) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 14.193576258s ago: executing program 3 (id=4357): r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty, 0xc7ec}, 0x1c) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)=',', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 13.751955744s ago: executing program 3 (id=4366): sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x400c1) r0 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) recvfrom$l2tp(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) syz_emit_ethernet(0x74, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x73, 0x0, @private=0x300, @multicast1}, {0x0, 0x0, 0xfffffe9a, 0x0, @gue={{0x2}}}}}}}, 0x0) 13.446053442s ago: executing program 35 (id=4366): sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x400c1) r0 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) recvfrom$l2tp(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) syz_emit_ethernet(0x74, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x73, 0x0, @private=0x300, @multicast1}, {0x0, 0x0, 0xfffffe9a, 0x0, @gue={{0x2}}}}}}}, 0x0) 3.838019737s ago: executing program 7 (id=4446): r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) r1 = gettid() timer_create(0xb, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) 3.673897422s ago: executing program 0 (id=4449): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000400)={0xa, 0x2, 0xac3, @loopback, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='macvlan0\x00', 0x10) close(0x3) 3.53287136s ago: executing program 0 (id=4450): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000240)={0x2, &(0x7f0000000400)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x6, 0x0, 0x0, 0x6}]}, 0x10) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) 2.932661875s ago: executing program 2 (id=4457): openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi0\x00', 0x208081, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x4, 0x24, &(0x7f0000000400)=ANY=[], 0x0) ioctl$EVIOCRMFF(r0, 0x40085507, &(0x7f0000000080)) 2.503775202s ago: executing program 0 (id=4460): getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff) close(r1) execveat$binfmt(0xffffffffffffff9c, r0, 0x0, &(0x7f0000004780)={[], 0xf000}, 0x1000) 2.06203509s ago: executing program 8 (id=4465): r0 = socket(0x2, 0x1, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SOCK(r1, 0xab00, r0) ioctl$NBD_DO_IT(r1, 0xab03) sendto$inet(r0, 0x0, 0x0, 0x20000000, &(0x7f0000000180)={0x2, 0x4e23, @loopback}, 0x10) 1.959874135s ago: executing program 2 (id=4466): r0 = gettid() timer_create(0x2, &(0x7f000049efa0)={0x0, 0x7, 0x4, @tid=r0}, &(0x7f0000044000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000003a00)={0x1, &(0x7f00000039c0)=[{0x6}]}) socket$inet_mptcp(0x2, 0x1, 0x106) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) 1.642266491s ago: executing program 8 (id=4467): r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x109) truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5) r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x84800, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) ftruncate(r0, 0x9) 1.569943628s ago: executing program 5 (id=4468): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x27}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendto$inet(r0, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast1}, 0x10) sendto$inet(r0, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00) 1.377805103s ago: executing program 8 (id=4469): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="660a0000a9b8f1f2"], 0x0}, 0x94) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket(0x15, 0x5, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000040)={0x0, 0x2710}, 0x10) read$alg(r0, &(0x7f0000000000)=""/46, 0x2e) 1.315970139s ago: executing program 5 (id=4470): r0 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000180)='batadv0\x00', 0x10) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0xfbfe, @empty}, 0x10) sendmmsg$inet(r0, &(0x7f0000002d80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 1.286928095s ago: executing program 7 (id=4471): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="02000000040000000400000009"], 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x3, 0x4, 0x801, 0x1, r0, 0x15b4}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r1}, &(0x7f0000000840), &(0x7f0000000880)=r0}, 0x20) close(r0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000380)={r1, &(0x7f0000000900)}, 0x20) 1.260566557s ago: executing program 0 (id=4472): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000040)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x9, &(0x7f0000000040)=0x7, 0x4) 1.199565976s ago: executing program 7 (id=4473): r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r1 = syz_io_uring_setup(0x88f, &(0x7f00000010c0)={0x0, 0xc941, 0x0, 0x3, 0xbfdffffc}, &(0x7f0000000200)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r0, 0x80, &(0x7f00000000c0)=@in={0x2, 0x4e24, @remote}, 0x0, 0x0, 0x2}) io_uring_enter(r1, 0x47f6, 0x0, 0x4, 0x0, 0x0) 1.147402567s ago: executing program 5 (id=4474): r0 = socket(0xa, 0x5, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000200)=[@in6={0xa, 0x4e24, 0x4, @loopback}], 0x1c) setsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000080)=@assoc_value={0x0, 0x265}, 0x8) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000480)=ANY=[@ANYBLOB="211d00000000000007e6"], 0xf0) sendto$inet6(r0, &(0x7f0000000040)="00d8", 0x20a00, 0x44004, &(0x7f0000000100)={0xa, 0x4e24, 0xb, @loopback, 0xc5f}, 0x1c) 1.10888017s ago: executing program 8 (id=4475): prlimit64(0x0, 0x0, &(0x7f0000000300)={0x42, 0x80}, 0x0) setrlimit(0xf, &(0x7f00000000c0)={0x0, 0x3}) timer_create(0xfffffffffffffffc, 0x0, &(0x7f0000001400)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mlock(&(0x7f0000bff000/0x400000)=nil, 0x400000) 991.094012ms ago: executing program 0 (id=4476): r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x111}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00001b1000/0x4000)=nil, 0x400000, 0x2, 0x2}) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 883.598223ms ago: executing program 2 (id=4477): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0x2, 0x2, 0x4}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x15, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000100850000000100000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000bc0)={r2, 0xfffffffffffffe08, 0x0}, 0x10) 808.246431ms ago: executing program 7 (id=4478): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f00000002c0)={0x34, r1, 0x205, 0x0, 0x25dfdbfc, {}, [@ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x8, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x850}, 0x0) 688.164997ms ago: executing program 5 (id=4479): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000007000000080001006e00000008000300", @ANYRES32=r3, @ANYBLOB="0c0099000000000000000000050053000100000014000400776c616e310000000000000000000000140006"], 0x60}}, 0x0) 543.415326ms ago: executing program 2 (id=4480): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="7bedcb5d07081196f37538e486dd6372ce22667f2b00dbf6e97158"], 0x66) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) ioctl$SIOCSIFHWADDR(r0, 0x8b0b, &(0x7f0000000000)={'wlan1\x00', @random='\x00\x00 \x00'}) 527.323607ms ago: executing program 7 (id=4481): r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) close(r0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000022c0)=ANY=[@ANYBLOB="b702000008000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd020f4c0c8c56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3665f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447c2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0000000000000003629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d7b90dfae158b94f50adab988dd8e12b1b56073d0d10f7067c881434af5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749da00000097f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf77bfc95769a9294df517d90bdc01e73835efd98ad5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b31592479ecf2392548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5646ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4766e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec859c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f250057931d828ec78e116ae46c4897e2795b6ff92e9a1f63a6ed8fb4f8f3a6ec4e76f8621e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403f02734137ff472558014391c673b6071b6ad0f05eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f5589829b6b0679b5d65a81826fc9b38f791c8f1892b51ad65a89bc84646ebf78f5d5d4804d9abb071fd711b5e7cc163b42a6510b8f5ee6747df0b560eabe0499bf1fef7c18bb9f55effa018679845c6598fb78bf1b8d9d9f04a5f6062c2bbb91952755b3f7c948268cb647d0a0bb1286480615941154a01d74e2f2efa77850686ee4541f3e79efa63545a7ae53d5f0c40cc86473f7eb093980bd0d97bb4750128d9c519984c5f731ea259e71b2f12d67ce12e52c283e74594dfc933e625737ed231d61263721d46daf093f770357cd78fe1431aef52b4a0a933f1a5334ad03f3876fc8a8e187f80318427b4c922075cf829e3cc49d71d52137b48e1fb6b05dd1c7b251a7059f0a4b4f3431f67fc65b75c202e43816e34ff41db85bacd77b25242830b788ae1e00000000000000000000000000c8b8b5b137dcb7a7949e12307d1fce56fe5b76d2f3f5a7692379542e3fd9a5a7dc57e1dec0bdce65b5db59a0733c9b9da612adb91948ecbfaff8fc206b8350fe268b98aaa2e288be77aedddcc7fb7d631e69b176e2e6678fe1237cb2"], &(0x7f0000000340)='syzkaller\x00'}, 0x4a) r1 = socket$tipc(0x1e, 0x4, 0x0) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000001540)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 496.667871ms ago: executing program 8 (id=4482): setresuid(0x0, 0xee00, 0x0) capset(&(0x7f0000000500)={0x20080522}, &(0x7f0000000200)={0x200002, 0x200003, 0x801, 0x4, 0x7}) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0) 336.130774ms ago: executing program 5 (id=4483): mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000200), 0x2, 0x0) rmdir(&(0x7f0000000080)='./cgroup/../file0\x00') read$FUSE(r1, &(0x7f0000001980)={0x2020}, 0x2020) 257.459733ms ago: executing program 8 (id=4484): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x9}]}, &(0x7f0000000040)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000000)={r2, 0x3, 0x2}, 0x8) 238.508897ms ago: executing program 7 (id=4485): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x102080, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_DISABLE_QUIRKS2(r1, 0x4068aea3, &(0x7f0000000280)={0xd5, 0x0, 0x10}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x200) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000000000a001"]) 223.297484ms ago: executing program 2 (id=4486): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x42, 0x4, 0x298, 0xffffffff, 0x0, 0x11d8, 0x10f8, 0xffffffff, 0xffffffff, 0x1300, 0x1300, 0x1300, 0xffffffff, 0x4, 0x0, {[{{@ip={@rand_addr, @multicast1, 0x0, 0x0, 'veth0_to_batadv\x00', 'wlan0\x00', {}, {}, 0x11}, 0x0, 0x70, 0x98, 0x0, {0x100000000000000}}, @REJECT={0x28}}, {{@ip={@remote, @broadcast, 0x0, 0x0, 'batadv_slave_1\x00', 'macvtap0\x00'}, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ip={@private, @loopback, 0x0, 0x0, 'erspan0\x00', 'ip6erspan0\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2f8) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000004c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r2, @ANYBLOB="08002700851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x4000804) 83.348776ms ago: executing program 5 (id=4487): r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x42000, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x80080, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r2) 82.318392ms ago: executing program 0 (id=4488): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {0x4000, 0x7}, 0x28, [0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x10000000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf7, 0x41df1fd6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x200, 0x0, 0xa0000000, 0x0, 0x0, 0x0, 0x1, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x3, 0x0, 0x5, 0x0, 0x2], [0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x7, 0xfff, 0x0, 0x0, 0x3, 0x0, 0xfffffffd, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1ff, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x5], [0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x8000000, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xa107, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x36, 0x118, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x3]}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x11) ioctl$UI_DEV_CREATE(r0, 0x5501) write$uinput_user_dev(r0, &(0x7f0000002c00)={'syz1\x00', {0x9, 0x33, 0x1, 0x5}, 0x11, [0x9, 0x7fffffff, 0x7, 0x7, 0x6, 0x7ff, 0x0, 0x0, 0x0, 0xac8d, 0x9, 0xfffffeb4, 0xe6b5, 0x9, 0x8, 0x8, 0x1ff, 0xfffffff1, 0x7fff, 0x1, 0x81, 0xa, 0x3d, 0x7, 0x80000000, 0x7f, 0xb, 0x9, 0x0, 0xf, 0x0, 0x5, 0x3, 0x949, 0x2, 0x8, 0xf95f, 0x9, 0x101, 0x1000, 0x7, 0x1, 0x9, 0xd44, 0x2, 0x7f, 0x10001, 0x1ff, 0x0, 0x8, 0x6, 0x0, 0x7fff, 0x1d, 0x4, 0x8b, 0xffff0000, 0x1, 0x2, 0x7, 0x401, 0x4, 0x0, 0x7ff], [0x1, 0x6, 0x9, 0x3, 0x1, 0xffff, 0x1000, 0x9, 0x8, 0x6f, 0x20000004, 0x7, 0x5, 0x7fffffff, 0x8, 0x12f, 0x5, 0x1c765bd7, 0x273, 0x6, 0x9f, 0x448, 0x3, 0xb, 0x10000, 0x2, 0x5, 0x3, 0x3, 0x587, 0x300, 0x2, 0x80000004, 0x1, 0x2, 0x10000, 0x0, 0x80000001, 0x400, 0x6, 0x6, 0x1, 0x7fffffff, 0x9, 0x0, 0x3, 0x7, 0x5, 0x9, 0x2c824684, 0x838, 0xb, 0x1000, 0x4, 0x68d, 0x1, 0x5d3, 0x6, 0x55, 0xfffffffc, 0x2, 0x5, 0xffffffff, 0x4], [0x4, 0x1000, 0x6, 0x8, 0x2, 0x35344016, 0x8e, 0x7, 0x200, 0xd, 0x6, 0x80000001, 0x48, 0x6, 0x80000000, 0x9, 0x1, 0x2, 0x8, 0x3, 0x19ee, 0x51ed, 0x7fff, 0x9, 0x8, 0x6, 0x8, 0x8, 0xfff, 0x9, 0x38, 0x1, 0x5, 0x3, 0xfffffef5, 0x7, 0x9, 0x3, 0x5, 0xfffffffc, 0xaec0, 0x400, 0xf39, 0xfffff8f4, 0x3, 0x4, 0x39d, 0x200, 0x0, 0x1, 0x2, 0x2, 0x6, 0x8001, 0x7fff, 0xa, 0xfffffffd, 0x2a, 0xb0d, 0x6, 0x7f, 0x200, 0x52d, 0xc], [0x3, 0x35af, 0xffff, 0x8, 0x2, 0x0, 0xffffffff, 0x61, 0x8, 0x2, 0xfd, 0x6, 0x5, 0x3fffc, 0x2, 0x1, 0x3, 0x19a, 0x9, 0x89, 0x9, 0x1000, 0xff, 0x4, 0x4812, 0x10, 0x5, 0x54e4, 0x6a, 0xb, 0xfffffffd, 0x5, 0xfffffffa, 0x8, 0x1, 0x40000, 0x6, 0x6, 0xffffffff, 0x0, 0x4, 0x7, 0x9, 0x400, 0x19d28fd2, 0x9, 0x0, 0x7fffffff, 0x6, 0x6, 0x9, 0x101, 0x4, 0x2, 0x800, 0xa0, 0x8, 0x2, 0x2, 0x2, 0x8100000, 0x3, 0x5eb, 0x4c0a]}, 0x45c) 0s ago: executing program 2 (id=4489): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}}, &(0x7f00000000c0)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) ioctl$VHOST_GET_VRING_BASE(r1, 0xc008af12, &(0x7f0000000100)) kernel console output (not intermixed with test programs): id wMaxPacketSize 0 [ 319.845522][ T5950] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 319.855740][ T5950] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 319.872824][ T5950] usb 1-1: Product: syz [ 319.882665][ T5950] usb 1-1: Manufacturer: syz [ 319.910868][ T5950] hub 1-1:4.0: USB hub found [ 320.112315][ T5950] hub 1-1:4.0: config failed, hub doesn't have any ports! (err -19) [ 320.466718][ T5926] usb 1-1: USB disconnect, device number 19 [ 320.852467][T12521] 9pnet: p9_errstr2errno: server reported unknown error @0x0000000000000003 [ 320.972997][ T5155] Bluetooth: hci3: link tx timeout [ 320.982180][ T5155] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 321.000259][ T5155] Bluetooth: hci3: link tx timeout [ 321.006282][ T5155] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 321.014417][ T5155] Bluetooth: hci3: link tx timeout [ 321.019873][ T5155] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 321.810562][T12558] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2544'. [ 322.502912][T12588] input: syz1 as /devices/virtual/input/input33 [ 323.002290][T12598] loop2: detected capacity change from 0 to 7 [ 323.015395][ T5155] Bluetooth: hci3: command 0x0406 tx timeout [ 323.025407][ T5926] usb 2-1: new full-speed USB device number 25 using dummy_hcd [ 323.043388][T12598] Dev loop2: unable to read RDB block 7 [ 323.109596][T12598] loop2: unable to read partition table [ 323.135662][T12598] loop2: partition table beyond EOD, truncated [ 323.171503][T12598] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 323.285151][ T5926] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 323.304852][ T5926] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 323.319582][ T5926] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 323.328958][ T5926] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 323.377085][ T5926] usb 2-1: config 0 descriptor?? [ 323.636423][ T5950] usb 3-1: new low-speed USB device number 26 using dummy_hcd [ 323.734425][ T5926] usbhid 2-1:0.0: can't add hid device: -71 [ 323.740903][ T5926] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 323.755821][ T5926] usb 2-1: USB disconnect, device number 25 [ 323.823759][ T5950] usb 3-1: config 0 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 323.860477][ T5950] usb 3-1: config 0 interface 0 altsetting 6 endpoint 0x81 has invalid maxpacket 1024, setting to 8 [ 323.888174][ T5950] usb 3-1: config 0 interface 0 has no altsetting 0 [ 323.888802][T12617] vcan0: tx drop: invalid da for name 0x0000000000000001 [ 323.914841][ T5950] usb 3-1: New USB device found, idVendor=04d9, idProduct=a067, bcdDevice= 0.00 [ 323.949482][ T5950] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 323.970718][ T5950] usb 3-1: config 0 descriptor?? [ 323.990219][T12608] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 324.274489][ T5918] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 324.425899][ T5950] holtek_mouse 0003:04D9:A067.0014: item fetching failed at offset 7/8 [ 324.455669][ T5950] holtek_mouse 0003:04D9:A067.0014: hid parse failed: -22 [ 324.463625][ T5950] holtek_mouse 0003:04D9:A067.0014: probe with driver holtek_mouse failed with error -22 [ 324.474923][ T5918] usb 4-1: Using ep0 maxpacket: 16 [ 324.495421][ T5918] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 324.521672][ T5918] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 324.532142][ T5918] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 324.594457][ T5918] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 324.603871][ T5918] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 324.636164][ T5950] usb 3-1: USB disconnect, device number 26 [ 324.645658][ T5918] usb 4-1: config 0 descriptor?? [ 324.877463][T12636] bridge0: port 1(bridge_slave_0) entered disabled state [ 325.048555][T12636] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 325.067026][T12636] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 325.117593][ T5918] HID 045e:07da: Invalid code 65791 type 1 [ 325.141523][ T5918] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0015/input/input34 [ 325.185840][ T5918] microsoft 0003:045E:07DA.0015: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 325.244254][T12636] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 325.284205][T12636] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 325.317649][T12636] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 325.351703][T12636] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 325.376213][ T5950] usb 4-1: USB disconnect, device number 24 [ 328.510425][T12740] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 328.510425][T12740] The task syz.0.2616 (12740) triggered the difference, watch for misbehavior. [ 329.012789][T12760] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2629'. [ 329.057159][T12760] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2629'. [ 329.084956][T12760] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2629'. [ 329.109403][T12760] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2629'. [ 329.238837][T12769] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2633'. [ 329.489303][T12782] macvlan3: entered promiscuous mode [ 329.546855][T12782] macvlan4: entered promiscuous mode [ 329.904710][ T5904] usb 3-1: new full-speed USB device number 27 using dummy_hcd [ 330.107204][ T5904] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 330.131507][ T5918] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 330.164742][ T5904] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 330.212964][ T5904] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 330.244399][ T5904] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 330.279966][ T5904] usb 3-1: config 0 descriptor?? [ 330.325375][ T5918] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 330.361495][ T5918] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 330.381992][ T5918] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 330.430324][ T5918] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 330.439837][ T5918] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 330.460603][ T5918] usb 2-1: Product: syz [ 330.466197][ T5918] usb 2-1: Manufacturer: syz [ 330.471499][ T5918] usb 2-1: SerialNumber: syz [ 330.616778][ T5904] usbhid 3-1:0.0: can't add hid device: -71 [ 330.638982][ T5904] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 330.662277][ T5904] usb 3-1: USB disconnect, device number 27 [ 330.922885][ T5973] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 331.102194][ T5973] usb 4-1: Using ep0 maxpacket: 16 [ 331.129515][ T5973] usb 4-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 331.169623][ T5973] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 331.208445][ T5973] usb 4-1: Product: syz [ 331.220922][ T5973] usb 4-1: Manufacturer: syz [ 331.225751][ T5973] usb 4-1: SerialNumber: syz [ 331.295324][ T5973] usb 4-1: config 0 descriptor?? [ 331.313972][ T5973] ssu100 4-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 331.523749][ T5918] cdc_ncm 2-1:1.0: bind() failure [ 331.560993][ T5918] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71 [ 331.578302][ T5918] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71 [ 331.598423][ T5918] usbtest 2-1:1.1: probe with driver usbtest failed with error -71 [ 331.622948][ T5918] usb 2-1: USB disconnect, device number 26 [ 332.227863][T12852] overlayfs: failed to create directory ./bus/work (errno: 1); mounting read-only [ 332.352608][ T5973] ssu100 4-1:0.0: probe with driver ssu100 failed with error -71 [ 332.371862][ T5973] usb 4-1: USB disconnect, device number 25 [ 332.776168][T12870] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2681'. [ 332.785615][T12870] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2681'. [ 332.860582][ T5925] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 333.011736][T12878] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2682'. [ 333.093099][ T5925] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 333.109935][ T5925] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 333.133628][ T5925] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 333.163146][ T5925] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 333.210129][ T5925] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 333.240723][ T5925] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 333.268704][ T5925] usb 1-1: config 0 descriptor?? [ 333.725867][ T5925] plantronics 0003:047F:FFFF.0016: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 334.007980][ T5904] usb 1-1: USB disconnect, device number 20 [ 334.999259][ T5904] usb 1-1: new full-speed USB device number 21 using dummy_hcd [ 335.011242][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 335.211069][ T5904] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 335.229725][ T5904] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 335.258973][ T5904] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 335.268246][ T5904] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 335.291805][ T5904] usb 1-1: config 0 descriptor?? [ 335.338897][T12930] overlayfs: failed to clone lowerpath [ 335.662062][ T5904] usbhid 1-1:0.0: can't add hid device: -71 [ 335.674293][ T5904] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 335.689531][ T5904] usb 1-1: USB disconnect, device number 21 [ 335.941913][T10326] Bluetooth: hci5: Frame reassembly failed (-84) [ 336.148594][ T5925] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 336.308400][ T5925] usb 2-1: Using ep0 maxpacket: 8 [ 336.328460][ T5925] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 336.346181][ T5925] usb 2-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 336.357748][ T5925] usb 2-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 336.372120][ T5925] usb 2-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 336.388316][ T5925] usb 2-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 336.416310][ T5925] usb 2-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 336.449721][ T5925] usb 2-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 336.466136][ T5925] usb 2-1: config 168 interface 0 has no altsetting 0 [ 336.492417][ T5925] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 336.500520][ T5925] usb 2-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 336.512318][ T5925] usb 2-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 336.521842][T12959] bridge0: entered promiscuous mode [ 336.526250][ T5925] usb 2-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 336.549711][T12959] bridge0: left promiscuous mode [ 336.566912][ T5925] usb 2-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 336.579241][ T5925] usb 2-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 336.580974][T12961] input: syz0 as /devices/virtual/input/input36 [ 336.591260][ T5925] usb 2-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 336.612872][ T5925] usb 2-1: config 168 interface 0 has no altsetting 0 [ 336.623252][ T5925] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 336.631095][ T5925] usb 2-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 336.672685][ T5925] usb 2-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 336.684564][ T5925] usb 2-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 336.729525][ T5925] usb 2-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 336.752639][ T5925] usb 2-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 336.769213][ T5925] usb 2-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 336.783534][ T5925] usb 2-1: config 168 interface 0 has no altsetting 0 [ 336.814374][ T5925] usb 2-1: string descriptor 0 read error: -22 [ 336.829492][ T5925] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 336.858050][ T5925] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 336.893579][ T5925] adutux 2-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 337.102387][ T5925] usb 2-1: USB disconnect, device number 27 [ 337.568810][ T30] audit: type=1326 audit(1755696543.621:3482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12992 comm="syz.2.2735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8662b8ebe9 code=0x7ffc0000 [ 337.598011][ T5925] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 337.611178][ T30] audit: type=1326 audit(1755696543.621:3483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12992 comm="syz.2.2735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8662b8ebe9 code=0x7ffc0000 [ 337.768427][ T5925] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 337.792887][ T5925] usb 6-1: config 0 interface 0 has no altsetting 0 [ 337.804694][ T5925] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 337.814580][ T5925] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 337.823696][ T5925] usb 6-1: Product: syz [ 337.828090][ T5925] usb 6-1: Manufacturer: syz [ 337.832883][ T5925] usb 6-1: SerialNumber: syz [ 337.856941][ T5925] usb 6-1: config 0 descriptor?? [ 337.886900][ T5925] usb 6-1: selecting invalid altsetting 0 [ 337.957824][ T5842] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 338.123292][ T5973] usb 6-1: USB disconnect, device number 17 [ 338.438495][T13013] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2743'. [ 339.041022][T13033] netlink: 428 bytes leftover after parsing attributes in process `syz.3.2752'. [ 339.062173][T13033] netlink: 'syz.3.2752': attribute type 5 has an invalid length. [ 340.438640][T10305] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 340.637973][ T30] audit: type=1326 audit(1755696546.682:3484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13073 comm="syz.1.2771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f398558ebe9 code=0x7ffc0000 [ 340.756420][ T5842] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 340.776646][ T30] audit: type=1326 audit(1755696546.682:3485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13073 comm="syz.1.2771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f398558ebe9 code=0x7ffc0000 [ 340.819550][ T30] audit: type=1326 audit(1755696546.772:3486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13073 comm="syz.1.2771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f398558ebe9 code=0x7ffc0000 [ 340.842583][ T30] audit: type=1326 audit(1755696546.772:3487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13073 comm="syz.1.2771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f398558ebe9 code=0x7ffc0000 [ 341.457082][T13099] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2782'. [ 341.490538][T13099] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 341.621471][T13104] netlink: 212376 bytes leftover after parsing attributes in process `syz.5.2783'. [ 341.635011][T13099] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 341.664278][T13107] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2785'. [ 341.677384][T13107] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2785'. [ 341.855636][ T5973] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 341.941869][T13115] binder_alloc: binder_alloc_mmap_handler: 13114 200000ffc000-200001000000 already mapped failed -16 [ 342.047616][ T5973] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 342.069945][ T5973] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 342.103804][ T5973] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 342.131909][ T5973] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 342.191819][ T5973] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 342.212058][ T5973] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 342.233150][ T5973] usb 1-1: config 0 descriptor?? [ 342.256548][T13125] syzkaller1: entered promiscuous mode [ 342.292227][T13125] syzkaller1: entered allmulticast mode [ 342.413595][T13130] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.2795'. [ 342.674591][ T5973] plantronics 0003:047F:FFFF.0017: ignoring exceeding usage max [ 342.723066][ T10] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0 [ 342.724992][ T5973] plantronics 0003:047F:FFFF.0017: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 342.763414][T13140] syzkaller1: entered promiscuous mode [ 342.770240][T13140] syzkaller1: entered allmulticast mode [ 342.777234][ T10] hid-generic 0000:0000:0000.0018: hidraw1: HID v0.00 Device [syz1] on syz0 [ 343.355196][ T10] usb 2-1: new full-speed USB device number 28 using dummy_hcd [ 343.525253][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 343.548083][ T10] usb 2-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 343.576403][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 343.604188][ T10] usb 2-1: config 0 descriptor?? [ 343.630955][T13155] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 344.089366][ T10] elan 0003:04F3:0755.0019: hidraw1: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.1-1/input0 [ 344.341425][ T10] usb 2-1: USB disconnect, device number 28 [ 344.838600][ T5925] usb 1-1: USB disconnect, device number 22 [ 345.045296][T13209] fuse: Bad value for 'fd' [ 345.235937][T13216] sctp: [Deprecated]: syz.2.2833 (pid 13216) Use of struct sctp_assoc_value in delayed_ack socket option. [ 345.235937][T13216] Use struct sctp_sack_info instead [ 345.805455][T13239] loop8: detected capacity change from 0 to 8 [ 345.839114][T13239] Dev loop8: unable to read RDB block 8 [ 345.863668][T13239] loop8: unable to read partition table [ 345.878643][T13239] loop8: partition table beyond EOD, truncated [ 345.897417][T13239] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 349.370326][T10326] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.518417][T10326] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.596522][T13307] 9pnet: p9_errstr2errno: server reported unknown error [ 349.789864][T10326] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.056833][T10326] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.071531][ T5904] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 350.241401][ T5904] usb 4-1: Using ep0 maxpacket: 32 [ 350.260575][ T5904] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 350.301459][ T5904] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 350.345188][ T5904] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 350.369108][ T5904] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 350.380949][T10326] bridge_slave_1: left allmulticast mode [ 350.397350][T10326] bridge_slave_1: left promiscuous mode [ 350.414095][T10326] bridge0: port 2(bridge_slave_1) entered disabled state [ 350.435792][ T5155] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 350.457698][ T5904] usb 4-1: config 0 descriptor?? [ 350.464671][ T5155] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 350.482598][ T5155] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 350.493120][ T5155] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 350.510020][ T5155] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 350.519305][T10326] bridge_slave_0: left allmulticast mode [ 350.537879][T10326] bridge_slave_0: left promiscuous mode [ 350.550834][T10326] bridge0: port 1(bridge_slave_0) entered disabled state [ 351.112540][ T5904] ft260 0003:0403:6030.001A: unknown main item tag 0x0 [ 351.214702][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 351.223511][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 351.232288][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 351.301792][ T5904] ft260 0003:0403:6030.001A: chip code: 6424 8183 [ 351.334774][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 351.373441][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 351.413994][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 351.481290][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 351.524925][ T5904] ft260 0003:0403:6030.001A: failed to retrieve system status [ 351.543937][ T5904] ft260 0003:0403:6030.001A: probe with driver ft260 failed with error -32 [ 351.672526][ T5904] usb 4-1: USB disconnect, device number 26 [ 351.872227][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 351.921092][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 352.590992][ T5842] Bluetooth: hci3: command tx timeout [ 352.678334][T10326] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 352.719729][T10326] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 352.736819][T10326] bond0 (unregistering): Released all slaves [ 353.773302][T10326] hsr_slave_0: left promiscuous mode [ 353.798297][T10326] hsr_slave_1: left promiscuous mode [ 353.805667][T10326] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 353.823139][T10326] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 353.861648][T10326] veth1_macvtap: left promiscuous mode [ 353.877839][T10326] veth0_macvtap: left promiscuous mode [ 353.887897][T10326] veth1_vlan: left promiscuous mode [ 353.896018][T10326] veth0_vlan: left promiscuous mode [ 354.684202][ T5842] Bluetooth: hci3: command tx timeout [ 355.630389][T10326] team0 (unregistering): Port device team_slave_1 removed [ 355.711570][T10326] team0 (unregistering): Port device team_slave_0 removed [ 356.527089][T13391] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 356.560548][T13413] pim6reg1: entered promiscuous mode [ 356.566104][T13413] pim6reg1: entered allmulticast mode [ 356.747751][T13325] chnl_net:caif_netlink_parms(): no params data found [ 356.757092][ T5842] Bluetooth: hci3: command tx timeout [ 357.095273][T13325] bridge0: port 1(bridge_slave_0) entered blocking state [ 357.107808][T13325] bridge0: port 1(bridge_slave_0) entered disabled state [ 357.115388][T13325] bridge_slave_0: entered allmulticast mode [ 357.123851][T13325] bridge_slave_0: entered promiscuous mode [ 357.134123][T13325] bridge0: port 2(bridge_slave_1) entered blocking state [ 357.142061][T13325] bridge0: port 2(bridge_slave_1) entered disabled state [ 357.149556][T13325] bridge_slave_1: entered allmulticast mode [ 357.158008][T13325] bridge_slave_1: entered promiscuous mode [ 357.342993][T13325] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 357.413010][T13325] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 357.676648][T13325] team0: Port device team_slave_0 added [ 357.714420][T13325] team0: Port device team_slave_1 added [ 357.844491][T13325] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 357.870492][T13325] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 357.898023][T13325] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 357.922139][T13325] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 357.930054][T13325] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 357.970411][T13325] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 358.088291][ T43] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 358.120935][T13325] hsr_slave_0: entered promiscuous mode [ 358.138892][T13325] hsr_slave_1: entered promiscuous mode [ 358.145855][T13325] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 358.159482][T13325] Cannot create hsr debugfs directory [ 358.300806][ T43] usb 4-1: Using ep0 maxpacket: 16 [ 358.314524][ T43] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 358.335764][ T43] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 358.361652][ T43] usb 4-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 358.389473][ T43] usb 4-1: config 0 interface 0 has no altsetting 0 [ 358.422296][ T43] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 358.437492][ T5973] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 358.447928][ T30] audit: type=1326 audit(1755696564.501:3488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13486 comm="syz.2.2941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8662b8ebe9 code=0x7ffc0000 [ 358.467403][ T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 358.504305][ T43] usb 4-1: config 0 descriptor?? [ 358.538992][ T30] audit: type=1326 audit(1755696564.501:3489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13486 comm="syz.2.2941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8662b8ebe9 code=0x7ffc0000 [ 358.601281][ T30] audit: type=1326 audit(1755696564.501:3490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13486 comm="syz.2.2941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7f8662b8ebe9 code=0x7ffc0000 [ 358.650345][ T5973] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 358.656211][ T30] audit: type=1326 audit(1755696564.551:3491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13486 comm="syz.2.2941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8662b8ebe9 code=0x7ffc0000 [ 358.693004][ T5973] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 358.716849][ T5973] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 358.749571][ T30] audit: type=1326 audit(1755696564.551:3492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13486 comm="syz.2.2941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8662b8ebe9 code=0x7ffc0000 [ 358.757063][ T5973] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 358.832887][ T5842] Bluetooth: hci3: command tx timeout [ 358.894010][ T5973] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 358.955479][ T5973] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 358.972644][ T43] hid (null): nested delimiters [ 359.022145][ T5973] usb 6-1: config 0 descriptor?? [ 359.052653][T13325] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 359.068926][T13480] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 359.082601][T13325] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 359.109798][T13325] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 359.123938][T13325] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 359.184976][ T24] usb 4-1: USB disconnect, device number 27 [ 359.318631][T13325] 8021q: adding VLAN 0 to HW filter on device bond0 [ 359.362476][T13325] 8021q: adding VLAN 0 to HW filter on device team0 [ 359.386250][T10327] bridge0: port 1(bridge_slave_0) entered blocking state [ 359.393545][T10327] bridge0: port 1(bridge_slave_0) entered forwarding state [ 359.441992][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 359.449339][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 359.535108][ T5973] plantronics 0003:047F:FFFF.001C: reserved main item tag 0xd [ 359.571578][ T5973] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 359.596965][ T5973] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 359.643884][ T5973] plantronics 0003:047F:FFFF.001C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 359.870161][ T5973] usb 6-1: USB disconnect, device number 18 [ 360.276167][T13325] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 361.448939][T13325] veth0_vlan: entered promiscuous mode [ 361.489225][T13325] veth1_vlan: entered promiscuous mode [ 361.608754][T13325] veth0_macvtap: entered promiscuous mode [ 361.660258][T13325] veth1_macvtap: entered promiscuous mode [ 361.742668][T13325] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 361.801120][T13325] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 361.829493][T13325] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 361.863603][T13325] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 361.887037][T13325] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 361.903432][T13325] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.103190][T10316] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 362.128857][T10316] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 362.169627][T10327] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 362.196981][T10327] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 362.207027][ T5925] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 362.403255][ T5925] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 362.420285][ T5925] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 362.433221][ T5925] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 362.450780][ T5925] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 362.462973][ T5925] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 362.480136][ T5925] usb 1-1: config 0 descriptor?? [ 362.903696][ T5925] plantronics 0003:047F:FFFF.001D: reserved main item tag 0xd [ 362.947596][ T5925] plantronics 0003:047F:FFFF.001D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 363.237591][ T5904] usb 1-1: USB disconnect, device number 23 [ 363.499229][T13632] pim6reg1: entered promiscuous mode [ 363.509183][T13632] pim6reg1: entered allmulticast mode [ 364.174935][T13641] serio: Serial port pty33 [ 364.655829][T13657] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 365.219320][T13682] syzkaller1: entered promiscuous mode [ 365.227164][T13682] syzkaller1: entered allmulticast mode [ 365.673761][ T5925] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 365.828668][ T5925] usb 4-1: Using ep0 maxpacket: 16 [ 365.851595][ T5925] usb 4-1: New USB device found, idVendor=2001, idProduct=4002, bcdDevice=df.bf [ 365.876295][ T5925] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 365.916292][ T5925] usb 4-1: config 0 descriptor?? [ 366.468702][T13717] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3037'. [ 366.483503][ T10] IPVS: starting estimator thread 0... [ 366.573445][T13719] IPVS: using max 22 ests per chain, 52800 per kthread [ 366.937779][ T5925] pegasus 4-1:0.0: probe with driver pegasus failed with error -71 [ 366.978117][ T5925] usb 4-1: USB disconnect, device number 28 [ 367.008157][T13740] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3047'. [ 367.019371][T13740] IPVS: Error joining to the multicast group [ 367.233181][ T43] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 367.393007][ T43] usb 7-1: Using ep0 maxpacket: 16 [ 367.444350][ T43] usb 7-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 367.463003][ T43] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 367.486610][ T43] usb 7-1: Product: syz [ 367.495418][ T43] usb 7-1: Manufacturer: syz [ 367.502585][ T43] usb 7-1: SerialNumber: syz [ 367.537419][ T43] usb 7-1: config 0 descriptor?? [ 367.965219][ T43] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 367.983363][ T43] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 367.995161][ T43] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 368.007333][ T43] usb 7-1: media controller created [ 368.037533][ T43] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 368.167113][ T43] zl10353_read_register: readreg error (reg=127, ret==0) [ 368.183486][ T43] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 368.194441][ T43] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 368.212257][ T43] usb 7-1: USB disconnect, device number 2 [ 368.257227][ T43] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 368.272384][ T5973] psmouse serio6: Failed to reset mouse on : -5 [ 368.910636][T13796] pimreg: entered allmulticast mode [ 368.921569][T13796] pimreg: left allmulticast mode [ 369.022461][ T43] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 369.182167][ T43] usb 1-1: Using ep0 maxpacket: 8 [ 369.194009][ T43] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 369.207338][ T43] usb 1-1: config 179 has no interface number 0 [ 369.215495][ T43] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 369.229853][ T43] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 369.241541][ T43] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 369.253337][ T43] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 369.265533][ T43] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 369.279562][ T43] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 369.289682][ T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 369.304222][T13786] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 369.842125][ T10] usb 1-1: USB disconnect, device number 24 [ 369.842170][ C1] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 369.857990][ C1] dummy_hcd dummy_hcd.0: timer fired with no URBs pending? [ 370.142470][T13818] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3090'. [ 370.161539][T13818] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3090'. [ 370.677046][ T5155] Bluetooth: hci4: command 0x0406 tx timeout [ 370.825383][ T5904] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 371.009072][ T5904] usb 7-1: Using ep0 maxpacket: 32 [ 371.041723][ T5904] usb 7-1: config 0 has an invalid interface number: 85 but max is 0 [ 371.058288][ T5904] usb 7-1: config 0 has no interface number 0 [ 371.083775][ T5904] usb 7-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 371.116702][ T5904] usb 7-1: config 0 interface 85 has no altsetting 0 [ 371.155424][ T5904] usb 7-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 371.165000][ T5904] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 371.195574][ T5904] usb 7-1: Product: syz [ 371.203420][ T5904] usb 7-1: Manufacturer: syz [ 371.214896][ T5904] usb 7-1: SerialNumber: syz [ 371.245756][ T5904] usb 7-1: config 0 descriptor?? [ 371.469201][T10316] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 371.821001][ T43] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 371.882532][ T5904] appletouch 7-1:0.85: Geyser mode initialized. [ 371.891507][ T5904] input: appletouch as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.85/input/input39 [ 371.980704][ T43] usb 4-1: Using ep0 maxpacket: 8 [ 371.991296][ T43] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 372.020014][ T43] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 372.040678][ T43] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 372.052555][ T43] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 372.063065][ T43] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 372.077736][ T43] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 372.087576][ T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.120064][ T6791] usb 7-1: USB disconnect, device number 3 [ 372.150755][ T5973] misc userio: Buffer overflowed, userio client isn't keeping up [ 372.151729][ T6791] appletouch 7-1:0.85: input: appletouch disconnected [ 372.304552][ T43] usb 4-1: usb_control_msg returned -32 [ 372.310153][ T43] usbtmc 4-1:16.0: can't read capabilities [ 372.398544][T13900] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3117'. [ 372.526161][T13904] overlayfs: conflicting lowerdir path [ 372.544193][T13904] overlayfs: overlay with incompat feature 'volatile' cannot be mounted [ 373.149959][ T6791] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 373.202950][ T5973] input: PS/2 Generic Mouse as /devices/serio6/input/input38 [ 373.310232][ T6791] usb 7-1: Using ep0 maxpacket: 32 [ 373.323403][ T6791] usb 7-1: config 0 has an invalid interface number: 51 but max is 0 [ 373.334560][ T6791] usb 7-1: config 0 has no interface number 0 [ 373.345190][ T6791] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 373.355882][ T6791] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 373.364407][ T6791] usb 7-1: Product: syz [ 373.368640][ T6791] usb 7-1: Manufacturer: syz [ 373.373541][ T6791] usb 7-1: SerialNumber: syz [ 373.384216][ T6791] usb 7-1: config 0 descriptor?? [ 373.391818][ T6791] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 373.429871][ T5973] psmouse serio6: Failed to enable mouse on [ 373.619337][ T6791] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 373.643018][ T6791] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 373.698903][T13930] pim6reg: entered allmulticast mode [ 373.735928][T13930] pim6reg: left allmulticast mode [ 373.845731][ C0] quatech-serial ttyUSB0: qt2_process_read_urb - port change to invalid port: 210 [ 374.057114][ C0] usb 7-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 374.057598][ T5973] usb 7-1: USB disconnect, device number 4 [ 374.099278][ T5973] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 374.135008][ T5973] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 374.164799][ T5973] quatech2 7-1:0.51: device disconnected [ 374.609741][ T43] usb 4-1: USB disconnect, device number 29 [ 375.459149][ T6791] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 375.529558][ T30] audit: type=1326 audit(1755696581.600:3493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13981 comm="syz.0.3151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ff278ebe9 code=0x7ffc0000 [ 375.559615][ T30] audit: type=1326 audit(1755696581.600:3494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13981 comm="syz.0.3151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ff278ebe9 code=0x7ffc0000 [ 375.582441][ T30] audit: type=1326 audit(1755696581.610:3495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13981 comm="syz.0.3151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f1ff278ebe9 code=0x7ffc0000 [ 375.628756][ T30] audit: type=1326 audit(1755696581.610:3496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13981 comm="syz.0.3151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ff278ebe9 code=0x7ffc0000 [ 375.652542][ T30] audit: type=1326 audit(1755696581.610:3497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13981 comm="syz.0.3151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ff278ebe9 code=0x7ffc0000 [ 375.677606][ T6791] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 375.688977][ T6791] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 375.703770][ T30] audit: type=1326 audit(1755696581.610:3498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13981 comm="syz.0.3151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f1ff278ebe9 code=0x7ffc0000 [ 375.727507][ T6791] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 375.746880][ T6791] usb 4-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 375.756183][ T6791] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 375.779141][ T30] audit: type=1326 audit(1755696581.610:3499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13981 comm="syz.0.3151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ff278ebe9 code=0x7ffc0000 [ 375.805478][ T6791] usb 4-1: config 0 descriptor?? [ 375.836801][ T30] audit: type=1326 audit(1755696581.610:3500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13981 comm="syz.0.3151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=432 compat=0 ip=0x7f1ff278ebe9 code=0x7ffc0000 [ 375.861313][ T30] audit: type=1326 audit(1755696581.610:3501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13981 comm="syz.0.3151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ff278ebe9 code=0x7ffc0000 [ 375.889484][ T30] audit: type=1326 audit(1755696581.610:3502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13981 comm="syz.0.3151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ff278ebe9 code=0x7ffc0000 [ 376.273239][ T6791] acrux 0003:1A34:0802.001E: hidraw0: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.3-1/input0 [ 376.298721][ T6791] acrux 0003:1A34:0802.001E: no inputs found [ 376.304896][ T6791] acrux 0003:1A34:0802.001E: Failed to enable force feedback support, error: -19 [ 376.937410][T14029] netlink: 'syz.2.3172': attribute type 39 has an invalid length. [ 377.487369][T14042] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 377.509602][T14042] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 377.547765][T14042] overlayfs: conflicting lowerdir path [ 378.100561][ T5925] usb 4-1: USB disconnect, device number 30 [ 378.362196][T14077] syzkaller1: entered promiscuous mode [ 378.370054][T14077] syzkaller1: entered allmulticast mode [ 378.444565][T14081] loop8: detected capacity change from 0 to 7 [ 378.456664][T14081] Dev loop8: unable to read RDB block 7 [ 378.463220][T14081] loop8: unable to read partition table [ 378.469895][T14081] loop8: partition table beyond EOD, truncated [ 378.476493][T14081] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 378.822378][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.829190][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.223579][T14103] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3207'. [ 379.531266][ T5842] Bluetooth: hci3: unexpected cc 0x040d length: 63 > 7 [ 380.148918][T14133] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3220'. [ 380.630708][T14158] nullb0: AHDI p1 [ 380.729374][T14162] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 381.706542][T14181] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3241'. [ 382.339314][T14199] loop8: detected capacity change from 0 to 8 [ 382.351033][T14199] Dev loop8: unable to read RDB block 8 [ 382.357014][T14199] loop8: unable to read partition table [ 382.370241][T14199] loop8: partition table beyond EOD, truncated [ 382.380115][T14199] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 383.617342][ T5842] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 383.627318][ T5842] Bluetooth: hci3: Injecting HCI hardware error event [ 383.637104][ T5842] Bluetooth: hci3: hardware error 0x00 [ 385.108673][T14267] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 385.152845][T14267] batadv_slave_1: entered promiscuous mode [ 385.229356][T14267] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3273'. [ 385.738636][T14284] netlink: 'syz.5.3281': attribute type 5 has an invalid length. [ 385.776958][ T5842] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 386.131566][T14296] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3287'. [ 386.164948][T14296] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3287'. [ 386.213641][ T5925] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 386.399484][ T5925] usb 6-1: Using ep0 maxpacket: 32 [ 386.429762][ T5925] usb 6-1: config 0 has an invalid interface number: 51 but max is 0 [ 386.440210][ T5925] usb 6-1: config 0 has no interface number 0 [ 386.453072][ T5925] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 386.464869][ T5925] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 386.483362][ T5925] usb 6-1: Product: syz [ 386.496700][ T5925] usb 6-1: Manufacturer: syz [ 386.501530][ T5925] usb 6-1: SerialNumber: syz [ 386.534710][ T5925] usb 6-1: config 0 descriptor?? [ 386.554850][ T5925] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 386.758344][ T5925] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 386.823725][ T5925] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 387.174524][ T5925] hid-generic 0000:0000:0000.001F: unknown main item tag 0x0 [ 387.196893][ C0] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 387.203641][ T43] usb 6-1: USB disconnect, device number 19 [ 387.209752][ T5925] hid-generic 0000:0000:0000.001F: hidraw0: HID v0.00 Device [syz1] on syz0 [ 387.241199][ T43] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 387.295908][ T43] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 387.334713][ T43] quatech2 6-1:0.51: device disconnected [ 388.682277][ T5973] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 388.863919][ T5973] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 388.876966][T14357] cgroup: fork rejected by pids controller in /syz3 [ 388.888913][ T5973] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 388.903160][ T5973] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 388.912787][ T5973] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 388.926927][ T5973] usb 1-1: config 0 descriptor?? [ 389.350459][ T5973] cm6533_jd 0003:0D8C:0022.0020: unknown main item tag 0x0 [ 389.376323][ T5973] cm6533_jd 0003:0D8C:0022.0020: unknown main item tag 0x0 [ 389.408011][ T5973] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0D8C:0022.0020/input/input40 [ 389.468935][ T5973] cm6533_jd 0003:0D8C:0022.0020: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.0-1/input0 [ 389.576148][ T5904] usb 1-1: USB disconnect, device number 25 [ 389.661979][ T5973] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 389.809929][T10327] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 389.821657][ T5973] usb 7-1: Using ep0 maxpacket: 32 [ 389.834401][ T5973] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 389.847326][ T5973] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 389.863820][ T5973] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 389.877898][ T5973] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 389.900309][ T5973] usb 7-1: config 0 descriptor?? [ 389.945813][T10327] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.083234][T10327] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.324030][T10327] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.367122][ T5973] savu 0003:1E7D:2D5A.0021: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.6-1/input0 [ 390.672042][T14395] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3331'. [ 390.684618][T10327] bridge_slave_0: left allmulticast mode [ 390.690614][T10327] bridge_slave_0: left promiscuous mode [ 390.702557][T10327] bridge0: port 1(bridge_slave_0) entered disabled state [ 390.705917][ T10] usb 7-1: USB disconnect, device number 5 [ 390.803412][ T5155] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 390.816352][ T5155] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 390.827172][ T5155] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 390.836371][ T5155] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 390.844531][ T5155] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 391.290295][T10327] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 391.324289][T10327] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 391.344243][T10327] bond0 (unregistering): Released all slaves [ 391.617933][T10327] IPVS: stopping backup sync thread 10129 ... [ 392.246868][T14399] chnl_net:caif_netlink_parms(): no params data found [ 392.440960][T10327] hsr_slave_0: left promiscuous mode [ 392.473137][T10327] hsr_slave_1: left promiscuous mode [ 392.503046][T10327] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 392.540404][T10327] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 392.569946][T10327] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 392.613232][T10327] veth1_macvtap: left promiscuous mode [ 392.618941][T10327] veth0_macvtap: left promiscuous mode [ 392.625657][T10327] veth1_vlan: left promiscuous mode [ 392.645136][T10327] veth0_vlan: left promiscuous mode [ 392.890604][ T5155] Bluetooth: hci1: command tx timeout [ 394.969997][ T5155] Bluetooth: hci1: command tx timeout [ 394.981038][T10327] team0 (unregistering): Port device team_slave_1 removed [ 395.159416][ T43] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 395.219396][T10327] team0 (unregistering): Port device team_slave_0 removed [ 395.326163][ T43] usb 1-1: Using ep0 maxpacket: 16 [ 395.338190][ T43] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 395.352935][ T43] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 395.363701][ T43] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 395.409729][ T43] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 395.448189][ T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 395.468609][ T43] usb 1-1: Product: syz [ 395.473163][ T43] usb 1-1: Manufacturer: syz [ 395.478014][ T43] usb 1-1: SerialNumber: syz [ 395.916679][ T43] usb 1-1: 0:2 : does not exist [ 396.708434][ T43] usb 1-1: USB disconnect, device number 26 [ 396.790449][T14399] bridge0: port 1(bridge_slave_0) entered blocking state [ 396.802602][T14399] bridge0: port 1(bridge_slave_0) entered disabled state [ 396.838228][T14399] bridge_slave_0: entered allmulticast mode [ 396.851094][T14399] bridge_slave_0: entered promiscuous mode [ 396.876805][T14399] bridge0: port 2(bridge_slave_1) entered blocking state [ 396.928172][T14399] bridge0: port 2(bridge_slave_1) entered disabled state [ 396.938184][T14399] bridge_slave_1: entered allmulticast mode [ 396.958164][T14399] bridge_slave_1: entered promiscuous mode [ 397.048031][ T5155] Bluetooth: hci1: command tx timeout [ 397.201896][T14399] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 397.265651][T14399] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 397.604798][T14399] team0: Port device team_slave_0 added [ 397.649992][T14399] team0: Port device team_slave_1 added [ 397.790301][T14399] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 397.813824][T14399] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 397.880644][T14399] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 397.923194][T14399] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 397.940310][T14399] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 398.003631][T14399] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 398.161811][T14399] hsr_slave_0: entered promiscuous mode [ 398.179169][T14399] hsr_slave_1: entered promiscuous mode [ 398.196720][T14399] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 398.212392][T14399] Cannot create hsr debugfs directory [ 399.044895][T14552] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 399.128272][ T5155] Bluetooth: hci1: command tx timeout [ 399.689634][T14399] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 399.723561][T14573] netlink: 'syz.6.3407': attribute type 29 has an invalid length. [ 399.758327][T14575] netlink: 'syz.6.3407': attribute type 29 has an invalid length. [ 399.766776][T14399] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 399.779587][T14573] netlink: 508 bytes leftover after parsing attributes in process `syz.6.3407'. [ 399.791085][T14399] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 399.824041][T14399] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 400.052532][T14591] netlink: 104 bytes leftover after parsing attributes in process `syz.6.3412'. [ 400.202464][T14399] 8021q: adding VLAN 0 to HW filter on device bond0 [ 400.281062][T14399] 8021q: adding VLAN 0 to HW filter on device team0 [ 400.332884][T10339] bridge0: port 1(bridge_slave_0) entered blocking state [ 400.340316][T10339] bridge0: port 1(bridge_slave_0) entered forwarding state [ 400.409662][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 400.417357][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 400.839416][T10333] Bluetooth: hci5: Frame reassembly failed (-84) [ 400.862688][T14620] Bluetooth: hci5: Frame reassembly failed (-84) [ 401.285429][T14399] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 401.428129][T14399] veth0_vlan: entered promiscuous mode [ 401.590050][T14399] veth1_vlan: entered promiscuous mode [ 401.681207][T14399] veth0_macvtap: entered promiscuous mode [ 401.695941][T14399] veth1_macvtap: entered promiscuous mode [ 401.782948][T14399] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 401.824178][T14399] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 401.869703][T14399] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 401.907185][T14399] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 401.907227][T14399] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 401.907257][T14399] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.136087][T14650] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3434'. [ 402.162446][T10333] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 402.171211][T14650] netlink: 'syz.6.3434': attribute type 7 has an invalid length. [ 402.180389][T14650] netlink: 'syz.6.3434': attribute type 8 has an invalid length. [ 402.191855][T10333] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 402.201123][T14650] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3434'. [ 402.242251][T14650] gretap0: entered promiscuous mode [ 402.250736][T14650] batadv_slave_1: entered promiscuous mode [ 402.284905][T14652] xt_CT: No such helper "syz0" [ 402.295507][ T5904] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 402.304951][T10305] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 402.320933][T10305] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 402.457593][ T5904] usb 6-1: Using ep0 maxpacket: 16 [ 402.474924][T10339] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 402.510702][ T5904] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 402.522618][ T5904] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 402.544894][ T5904] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 402.561885][ T5904] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 402.572536][ T5904] usb 6-1: Product: syz [ 402.591257][ T5904] usb 6-1: Manufacturer: syz [ 402.600981][ T5904] usb 6-1: SerialNumber: syz [ 402.613143][ T5904] usb 6-1: config 0 descriptor?? [ 402.633669][ T5904] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 402.653221][ T5904] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class) [ 402.886165][ T5155] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 403.085600][ T43] usb 4-1: new low-speed USB device number 31 using dummy_hcd [ 403.241326][ T5904] em28xx 6-1:0.0: unknown em28xx chip ID (0) [ 403.250147][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 403.250169][ T30] audit: type=1326 audit(1755696609.324:3506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14678 comm="syz.0.3446" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1ff278ebe9 code=0x0 [ 403.283932][ T5904] em28xx 6-1:0.0: Config register raw data: 0x41 [ 403.294598][ T43] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 403.315083][ T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 403.334191][ T43] usb 4-1: config 0 descriptor?? [ 403.554105][ T5904] usb 6-1: USB disconnect, device number 20 [ 403.573698][ T5904] em28xx 6-1:0.0: Disconnecting em28xx [ 403.587383][ T5904] em28xx 6-1:0.0: Freeing device [ 404.149112][T14699] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3454'. [ 404.210149][T14699] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3454'. [ 404.382075][ T43] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 404.404697][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 404.423758][ T43] asix 4-1:0.0: probe with driver asix failed with error -71 [ 404.491048][ T43] usb 4-1: USB disconnect, device number 31 [ 406.149011][T14754] kvm: kvm [14753]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010058) = 0x200000000280 [ 406.832059][T14780] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3489'. [ 406.848820][ T10] usb 4-1: new full-speed USB device number 32 using dummy_hcd [ 407.013248][ T10] usb 4-1: config 0 has an invalid interface number: 128 but max is 0 [ 407.021501][ T10] usb 4-1: config 0 has no interface number 0 [ 407.084128][ T10] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 407.110749][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 407.125969][ T10] usb 4-1: Product: syz [ 407.130218][ T10] usb 4-1: Manufacturer: syz [ 407.167084][ T10] usb 4-1: SerialNumber: syz [ 407.180521][ T10] usb 4-1: config 0 descriptor?? [ 407.594520][T14809] netlink: 27 bytes leftover after parsing attributes in process `syz.0.3503'. [ 408.062788][ T5842] Bluetooth: hci4: Invalid handle: 0xffff > 0x0eff [ 408.229931][ T10] usb 4-1: Firmware version (0.0) predates our first public release. [ 408.250144][ T10] usb 4-1: Please update to version 0.2 or newer [ 408.334983][ T10] usb 4-1: USB disconnect, device number 32 [ 408.940462][T14858] binder: 14857:14858 ioctl c018620b 200000000700 returned -14 [ 409.439292][T14876] vivid-002: disconnect [ 409.497353][T14876] vivid-002: reconnect [ 409.853967][T14894] loop2: detected capacity change from 0 to 7 [ 409.871960][T14894] Dev loop2: unable to read RDB block 7 [ 409.885118][T14894] loop2: unable to read partition table [ 409.891195][T14894] loop2: partition table beyond EOD, truncated [ 409.941853][T14894] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 410.181709][ T6791] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 410.341583][ T6791] usb 7-1: Using ep0 maxpacket: 32 [ 410.355568][ T6791] usb 7-1: too many endpoints for config 0 interface 0 altsetting 32: 253, using maximum allowed: 30 [ 410.385241][ T6791] usb 7-1: config 0 interface 0 altsetting 32 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 410.407459][ T6791] usb 7-1: config 0 interface 0 altsetting 32 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 410.431721][ T6791] usb 7-1: config 0 interface 0 has no altsetting 0 [ 410.445759][ T6791] usb 7-1: New USB device found, idVendor=0c12, idProduct=0030, bcdDevice= 0.00 [ 410.466811][ T6791] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 410.500933][ T6791] usb 7-1: config 0 descriptor?? [ 410.929728][ T6791] zeroplus 0003:0C12:0030.0022: hidraw0: USB HID v0.03 Device [HID 0c12:0030] on usb-dummy_hcd.6-1/input0 [ 410.951145][ T6791] zeroplus 0003:0C12:0030.0022: no inputs found [ 411.161045][ T5918] usb 7-1: USB disconnect, device number 6 [ 411.361249][ T10] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 411.550717][ T10] usb 6-1: Using ep0 maxpacket: 32 [ 411.561660][ T10] usb 6-1: config 0 interface 0 has no altsetting 0 [ 411.571516][ T10] usb 6-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 411.600852][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 411.610660][ T10] usb 6-1: Product: syz [ 411.615239][ T10] usb 6-1: Manufacturer: syz [ 411.619901][ T10] usb 6-1: SerialNumber: syz [ 411.644015][ T10] usb 6-1: config 0 descriptor?? [ 412.066018][ T10] gs_usb 6-1:0.0: Configuring for 1 interfaces [ 412.220623][ T5904] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 412.408837][ T5904] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 412.427409][ T5904] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 412.440486][ T5904] usb 4-1: config 0 descriptor?? [ 412.448365][ T5904] cp210x 4-1:0.0: cp210x converter detected [ 412.711412][ T43] usb 6-1: USB disconnect, device number 21 [ 412.860421][ T5904] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 412.937144][T10339] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.109342][ T5904] usb 4-1: cp210x converter now attached to ttyUSB0 [ 413.142024][T10339] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.305406][ T5904] usb 4-1: USB disconnect, device number 33 [ 413.345957][ T5904] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 413.364811][T10339] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.451663][ T5904] cp210x 4-1:0.0: device disconnected [ 413.543230][T10339] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.873361][T10339] bridge_slave_1: left allmulticast mode [ 413.879122][T10339] bridge_slave_1: left promiscuous mode [ 413.897848][T10339] bridge0: port 2(bridge_slave_1) entered disabled state [ 413.934149][T10339] bridge_slave_0: left allmulticast mode [ 413.950879][T10339] bridge_slave_0: left promiscuous mode [ 413.965205][T10339] bridge0: port 1(bridge_slave_0) entered disabled state [ 414.142143][ T5842] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 414.153989][ T5842] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 414.163624][ T5842] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 414.175454][ T5842] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 414.184353][ T5842] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 414.429451][T10339] gretap0 (unregistering): left promiscuous mode [ 414.665598][T15031] netlink: 'syz.5.3603': attribute type 2 has an invalid length. [ 414.673909][T15031] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3603'. [ 414.685512][T15030] netlink: 'syz.0.3602': attribute type 10 has an invalid length. [ 414.690285][T15031] netlink: 'syz.5.3603': attribute type 2 has an invalid length. [ 414.704003][T15031] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3603'. [ 414.776935][T10339] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 414.807731][T10339] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 414.838737][T10339] bond0 (unregistering): Released all slaves [ 414.875066][T15030] 8021q: adding VLAN 0 to HW filter on device bond0 [ 414.906507][T15030] team0: Port device bond0 added [ 415.100304][T15040] tipc: Enabling of bearer rejected, failed to enable media [ 415.427897][T10339] batadv_slave_1: left promiscuous mode [ 415.465110][T10339] hsr_slave_0: left promiscuous mode [ 415.479450][T10339] hsr_slave_1: left promiscuous mode [ 415.499652][T10339] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 415.507116][T10339] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 415.571008][T10339] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 415.579277][T10339] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 415.655390][T10339] veth1_macvtap: left promiscuous mode [ 415.681213][T10339] veth0_macvtap: left promiscuous mode [ 415.688491][T10339] veth1_vlan: left promiscuous mode [ 415.694873][T10339] veth0_vlan: left promiscuous mode [ 416.249441][ T5842] Bluetooth: hci3: command tx timeout [ 416.580627][ T30] audit: type=1326 audit(1755696622.650:3507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15084 comm="syz.2.3627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8662b8ebe9 code=0x7ffc0000 [ 416.629225][ T30] audit: type=1326 audit(1755696622.650:3508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15084 comm="syz.2.3627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8662b8ebe9 code=0x7ffc0000 [ 416.731308][ T30] audit: type=1326 audit(1755696622.660:3509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15084 comm="syz.2.3627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f8662b2add9 code=0x7ffc0000 [ 416.781699][ T30] audit: type=1326 audit(1755696622.670:3510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15084 comm="syz.2.3627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f8662b2add9 code=0x7ffc0000 [ 416.816939][ T30] audit: type=1326 audit(1755696622.670:3511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15084 comm="syz.2.3627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8662b8ebe9 code=0x7ffc0000 [ 416.861775][ T30] audit: type=1326 audit(1755696622.670:3512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15084 comm="syz.2.3627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f8662b2add9 code=0x7ffc0000 [ 416.885166][ T30] audit: type=1326 audit(1755696622.670:3513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15084 comm="syz.2.3627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f8662b2add9 code=0x7ffc0000 [ 416.936388][ T30] audit: type=1326 audit(1755696622.700:3514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15084 comm="syz.2.3627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8662b8ebe9 code=0x7ffc0000 [ 416.991079][ T30] audit: type=1326 audit(1755696622.700:3515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15084 comm="syz.2.3627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8662b8ebe9 code=0x7ffc0000 [ 417.047135][ T30] audit: type=1326 audit(1755696622.700:3516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15084 comm="syz.2.3627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8662b8ebe9 code=0x7ffc0000 [ 417.239654][T10339] team0 (unregistering): Port device team_slave_1 removed [ 417.369038][T10339] team0 (unregistering): Port device team_slave_0 removed [ 417.373670][T15105] input: syz0 as /devices/virtual/input/input42 [ 418.317857][ T5842] Bluetooth: hci3: command tx timeout [ 418.405751][T15126] Invalid logical block size (3) [ 418.550506][T15012] chnl_net:caif_netlink_parms(): no params data found [ 418.748123][ T43] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 418.917070][ T43] usb 1-1: Using ep0 maxpacket: 32 [ 418.931641][ T43] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 418.949976][ T43] usb 1-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 418.962983][ T43] usb 1-1: config 0 interface 0 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0 [ 418.975077][ T43] usb 1-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 418.990607][T15012] bridge0: port 1(bridge_slave_0) entered blocking state [ 418.998226][T15012] bridge0: port 1(bridge_slave_0) entered disabled state [ 419.005710][T15012] bridge_slave_0: entered allmulticast mode [ 419.012596][ T43] usb 1-1: config 0 interface 0 has no altsetting 0 [ 419.022072][T15012] bridge_slave_0: entered promiscuous mode [ 419.028261][ T43] usb 1-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 419.048506][T15012] bridge0: port 2(bridge_slave_1) entered blocking state [ 419.062096][ T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 419.076712][T15012] bridge0: port 2(bridge_slave_1) entered disabled state [ 419.086348][ T43] usb 1-1: config 0 descriptor?? [ 419.091815][T15012] bridge_slave_1: entered allmulticast mode [ 419.107111][T15012] bridge_slave_1: entered promiscuous mode [ 419.294733][T15012] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 419.338286][T15012] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 419.547092][ T43] corsair-cpro 0003:1B1C:0C10.0023: item fetching failed at offset 2/5 [ 419.626848][ T43] corsair-cpro 0003:1B1C:0C10.0023: probe with driver corsair-cpro failed with error -22 [ 419.747317][ T43] usb 1-1: USB disconnect, device number 27 [ 419.775643][T15012] team0: Port device team_slave_0 added [ 419.825805][T15012] team0: Port device team_slave_1 added [ 419.950612][T15012] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 419.960942][T15012] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 420.001548][T15012] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 420.047247][T15012] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 420.056034][T15012] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 420.096709][T15012] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 420.220843][T15012] hsr_slave_0: entered promiscuous mode [ 420.228796][T15012] hsr_slave_1: entered promiscuous mode [ 420.235723][T15012] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 420.246221][T15012] Cannot create hsr debugfs directory [ 420.406710][ T5842] Bluetooth: hci3: command tx timeout [ 420.573315][T15200] loop9: detected capacity change from 0 to 7 [ 420.750047][T15012] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 420.784632][T15012] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 420.840685][T15012] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 420.882406][T15012] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 421.018613][T15012] 8021q: adding VLAN 0 to HW filter on device bond0 [ 421.051803][T15012] 8021q: adding VLAN 0 to HW filter on device team0 [ 421.073025][T10316] bridge0: port 1(bridge_slave_0) entered blocking state [ 421.080446][T10316] bridge0: port 1(bridge_slave_0) entered forwarding state [ 421.110074][ T6066] bridge0: port 2(bridge_slave_1) entered blocking state [ 421.117733][ T6066] bridge0: port 2(bridge_slave_1) entered forwarding state [ 421.674214][T15012] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 421.867310][T15246] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3683'. [ 421.971993][T15246] team0: entered promiscuous mode [ 421.977497][T15246] team_slave_0: entered promiscuous mode [ 421.989278][T15246] team_slave_1: entered promiscuous mode [ 422.001573][T15246] batadv_slave_1: entered promiscuous mode [ 422.475768][ T5842] Bluetooth: hci3: command tx timeout [ 422.590296][T15012] veth0_vlan: entered promiscuous mode [ 422.640046][T15012] veth1_vlan: entered promiscuous mode [ 422.721702][T15012] veth0_macvtap: entered promiscuous mode [ 422.734498][T15012] veth1_macvtap: entered promiscuous mode [ 422.780527][T15012] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 422.794422][T15012] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 422.848877][T15012] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 422.915107][T15012] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 422.934986][T15012] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 422.954586][T15012] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 423.224956][ T5904] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 423.385206][ T5904] usb 4-1: Using ep0 maxpacket: 16 [ 423.405477][ T5904] usb 4-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4 [ 423.434343][ T5904] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 423.479844][ T5904] usb 4-1: Product: syz [ 423.490417][T15282] syzkaller1: entered promiscuous mode [ 423.495807][ T5904] usb 4-1: Manufacturer: syz [ 423.502686][ T5904] usb 4-1: SerialNumber: syz [ 423.508470][T15282] syzkaller1: entered allmulticast mode [ 423.531158][ T5904] usb 4-1: config 0 descriptor?? [ 423.547770][ T5904] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state. [ 423.553223][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 423.594125][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 423.722577][T10316] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 423.751934][T10316] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 423.775784][ T5904] gp8psk: usb in 128 operation failed. [ 423.792751][ T5904] gp8psk: usb in 137 operation failed. [ 423.798561][ T5904] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 423.852190][ T5904] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver) [ 423.871285][ T5904] usb 4-1: media controller created [ 423.934173][ T5904] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 424.003138][ T5904] gp8psk_fe: Frontend revision 1 attached [ 424.027346][ T5904] usb 4-1: DVB: registering adapter 2 frontend 0 (Genpix DVB-S)... [ 424.044949][ T5904] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered. [ 424.222823][ T5904] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected. [ 424.234981][ T5904] gp8psk: found Genpix USB device pID = 201 (hex) [ 424.417072][ T5918] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 424.470358][ T5973] usb 4-1: USB disconnect, device number 34 [ 424.584227][ T5918] usb 1-1: Using ep0 maxpacket: 32 [ 424.591829][ T5918] usb 1-1: config 0 has an invalid interface number: 235 but max is 0 [ 424.614731][ T5918] usb 1-1: config 0 has no interface number 0 [ 424.617644][ T5973] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected. [ 424.633735][ T5918] usb 1-1: New USB device found, idVendor=085a, idProduct=0009, bcdDevice=a3.47 [ 424.649279][ T5918] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 424.668084][ T5918] usb 1-1: Product: syz [ 424.672641][ T5918] usb 1-1: Manufacturer: syz [ 424.696652][ T5918] usb 1-1: SerialNumber: syz [ 424.719708][ T5918] usb 1-1: config 0 descriptor?? [ 424.956095][ T5918] kaweth 1-1:0.235: Firmware present in device. [ 425.104621][T15321] netlink: 16 bytes leftover after parsing attributes in process `syz.7.3710'. [ 425.133154][ T5918] kaweth 1-1:0.235: Statistics collection: 0 [ 425.151735][ T5918] kaweth 1-1:0.235: Multicast filter limit: 0 [ 425.174083][ T5918] kaweth 1-1:0.235: MTU: 0 [ 425.178968][ T5918] kaweth 1-1:0.235: Read MAC address 00:00:00:00:00:00 [ 425.735586][ T5918] kaweth 1-1:0.235: Error setting receive filter [ 425.763845][ T5918] kaweth 1-1:0.235: probe with driver kaweth failed with error -5 [ 425.786093][ T5918] usb 1-1: USB disconnect, device number 28 [ 426.059109][T15361] input: syz0 as /devices/virtual/input/input43 [ 426.147882][T15365] tun0: tun_chr_ioctl cmd 1074025675 [ 426.159110][T15365] tun0: persist enabled [ 426.170545][T15365] tun0: tun_chr_ioctl cmd 1074025675 [ 426.181860][T15365] tun0: persist enabled [ 426.443768][ T5918] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 426.605313][ T5918] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 426.617472][ T5918] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 426.640616][ T5918] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 426.656869][ T5918] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 426.670233][ T5918] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 426.685112][ T5918] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.701272][ T5918] usb 6-1: config 0 descriptor?? [ 426.709865][T15367] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 426.823326][ T6791] usb 4-1: new full-speed USB device number 35 using dummy_hcd [ 426.998803][ T6791] usb 4-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 427.012365][ T6791] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 427.030402][ T6791] usb 4-1: config 0 descriptor?? [ 427.044793][ T6791] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 427.151404][ T5918] plantronics 0003:047F:FFFF.0024: reserved main item tag 0xd [ 427.171806][ T5918] plantronics 0003:047F:FFFF.0024: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 427.259884][ T6791] gp8psk: usb in 128 operation failed. [ 427.451545][ T5925] usb 6-1: USB disconnect, device number 22 [ 427.469479][ T6791] gp8psk: usb in 146 operation failed. [ 427.483300][ T6791] gp8psk: failed to get FW version [ 427.498505][ T6791] gp8psk: FPGA Version = 247 [ 427.699249][ T6791] gp8psk: usb in 138 operation failed. [ 427.714359][ T6791] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 427.725951][ T6791] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 427.738457][ T6791] usb 4-1: USB disconnect, device number 35 [ 427.874080][T15420] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3753'. [ 428.652195][ T43] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 428.662315][ T5925] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 428.813902][ T43] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 428.814666][ T5925] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 428.835505][ T43] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 428.851315][ T5925] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 428.865563][ T43] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 428.892598][ T5925] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 428.915350][ T43] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 428.917400][ T5925] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 428.943544][ T43] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.99 [ 428.969649][ T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 428.982427][ T5925] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 428.991622][ T5925] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 429.031565][ T43] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 429.050288][ T5925] usb 6-1: config 0 descriptor?? [ 429.237232][ T43] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -12 [ 429.268042][ T43] usb 4-1: USB disconnect, device number 36 [ 429.485676][ T5925] plantronics 0003:047F:FFFF.0025: ignoring exceeding usage max [ 429.507035][ T5925] plantronics 0003:047F:FFFF.0025: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 431.460188][T15518] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3795'. [ 431.479734][T15518] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3795'. [ 431.512813][T15519] input: syz0 as /devices/virtual/input/input45 [ 431.616686][ T43] usb 6-1: USB disconnect, device number 23 [ 432.000492][ T6791] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 432.150842][ T6791] usb 4-1: Using ep0 maxpacket: 8 [ 432.163376][ T6791] usb 4-1: config 0 has no interfaces? [ 432.169239][ T6791] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 432.200532][ T6791] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 432.226101][ T6791] usb 4-1: config 0 descriptor?? [ 432.440524][ T5904] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 432.454689][ T6791] usb 4-1: USB disconnect, device number 37 [ 432.600275][ T5904] usb 1-1: Using ep0 maxpacket: 32 [ 432.608013][ T5904] usb 1-1: config 0 interface 0 has no altsetting 0 [ 432.617630][ T5904] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 432.628713][ T5904] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 432.640229][ T5904] usb 1-1: Product: syz [ 432.644744][ T5904] usb 1-1: Manufacturer: syz [ 432.649441][ T5904] usb 1-1: SerialNumber: syz [ 432.659664][ T5904] usb 1-1: config 0 descriptor?? [ 433.077432][ T5904] gs_usb 1-1:0.0: Configuring for 2 interfaces [ 433.390935][T10333] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 433.714300][ T5904] gs_usb 1-1:0.0: Couldn't get bit timing const for channel 1 (-EPROTO) [ 433.805509][ T5904] gs_usb 1-1:0.0: probe with driver gs_usb failed with error -71 [ 433.824872][ T5904] usb 1-1: USB disconnect, device number 29 [ 434.486340][T15587] netlink: 64 bytes leftover after parsing attributes in process `syz.5.3826'. [ 434.912036][ T30] kauditd_printk_skb: 31 callbacks suppressed [ 434.912058][ T30] audit: type=1326 audit(1755696641.009:3548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15595 comm="syz.2.3830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f8662b2add9 code=0x7ffc0000 [ 434.978511][ T30] audit: type=1326 audit(1755696641.009:3549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15595 comm="syz.2.3830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8662b8ebe9 code=0x7ffc0000 [ 435.052608][ T30] audit: type=1326 audit(1755696641.009:3550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15595 comm="syz.2.3830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8662b8ebe9 code=0x7ffc0000 [ 435.209107][ T10] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 435.371357][ T10] usb 4-1: Using ep0 maxpacket: 16 [ 435.391295][ T10] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 435.416339][ T10] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 435.437645][ T10] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 435.458840][ T10] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 435.498880][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 435.507042][ T10] usb 4-1: Product: syz [ 435.518777][ T10] usb 4-1: Manufacturer: syz [ 435.523532][ T10] usb 4-1: SerialNumber: syz [ 435.791128][ T10] usb 4-1: 0:2 : does not exist [ 435.839796][ T10] usb 4-1: USB disconnect, device number 38 [ 436.517173][T15645] input: syz0 as /devices/virtual/input/input46 [ 436.549740][T15645] input: failed to attach handler leds to device input46, error: -6 [ 436.599162][T15653] netlink: 'syz.2.3853': attribute type 1 has an invalid length. [ 436.617779][T15653] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 436.625361][T15653] IPv6: NLM_F_CREATE should be set when creating new route [ 436.632790][T15653] IPv6: NLM_F_CREATE should be set when creating new route [ 436.710110][T15653] netlink: 'syz.2.3853': attribute type 1 has an invalid length. [ 436.738286][T15653] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 437.523653][T15689] IPVS: Scheduler module ip_vs_ not found [ 437.651980][T15697] sctp: [Deprecated]: syz.3.3872 (pid 15697) Use of struct sctp_assoc_value in delayed_ack socket option. [ 437.651980][T15697] Use struct sctp_sack_info instead [ 438.982450][T15741] syzkaller1: entered promiscuous mode [ 438.988381][T15741] syzkaller1: entered allmulticast mode [ 439.167439][ T43] usb 6-1: new full-speed USB device number 24 using dummy_hcd [ 439.348170][ T43] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 439.364024][ T43] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 439.378410][ T43] usb 6-1: New USB device found, idVendor=17ef, idProduct=60ee, bcdDevice= 0.00 [ 439.388077][ T43] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 439.401814][ T43] usb 6-1: config 0 descriptor?? [ 439.418231][T15739] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 439.657749][T15756] sctp: [Deprecated]: syz.2.3898 (pid 15756) Use of struct sctp_assoc_value in delayed_ack socket option. [ 439.657749][T15756] Use struct sctp_sack_info instead [ 439.897106][ T43] lenovo 0003:17EF:60EE.0026: hidraw0: USB HID v1.01 Device [HID 17ef:60ee] on usb-dummy_hcd.5-1/input0 [ 440.061230][ T43] usb 6-1: USB disconnect, device number 24 [ 440.243620][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.253448][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.252654][T15786] 9pnet_fd: Insufficient options for proto=fd [ 441.375643][T15789] ip6t_rpfilter: only valid in 'raw' or 'mangle' table, not 'ethtool' [ 441.760589][T15802] overlayfs: invalid origin (00000000d1d3e81a820eee8a94416592a5356da96db48150eae08457fbc30ece5e7e7e318cb2b4b22122226fe65c239a) [ 442.464507][T15837] loop8: detected capacity change from 0 to 8 [ 442.484791][T15837] Dev loop8: unable to read RDB block 8 [ 442.491158][T15837] loop8: unable to read partition table [ 442.507232][T15837] loop8: partition table beyond EOD, truncated [ 442.524929][T15837] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 442.973525][T15858] netlink: 212376 bytes leftover after parsing attributes in process `syz.7.3943'. [ 443.393446][T15875] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.3950'. [ 443.461832][T15877] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3951'. [ 443.483570][T15877] ipvlan0: entered promiscuous mode [ 444.316108][ T43] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 444.481632][ T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 444.511424][ T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 444.513537][ T30] audit: type=1326 audit(1755696650.614:3551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15912 comm="syz.2.3969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8662b8ebe9 code=0x7ffc0000 [ 444.525154][ T43] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 444.561099][ T30] audit: type=1326 audit(1755696650.654:3552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15912 comm="syz.2.3969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8662b8ebe9 code=0x7ffc0000 [ 444.562915][ T43] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 444.587407][ T30] audit: type=1326 audit(1755696650.654:3553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15912 comm="syz.2.3969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=100 compat=0 ip=0x7f8662b8ebe9 code=0x7ffc0000 [ 444.622846][ T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 444.663200][ T43] usb 1-1: config 0 descriptor?? [ 444.677375][ T30] audit: type=1326 audit(1755696650.654:3554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15912 comm="syz.2.3969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8662b8ebe9 code=0x7ffc0000 [ 444.701229][ T30] audit: type=1326 audit(1755696650.654:3555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15912 comm="syz.2.3969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8662b8ebe9 code=0x7ffc0000 [ 444.731056][ T30] audit: type=1326 audit(1755696650.694:3556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15912 comm="syz.2.3969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8662b8ebe9 code=0x7ffc0000 [ 444.844210][ T30] audit: type=1326 audit(1755696650.694:3557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15912 comm="syz.2.3969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8662b8ebe9 code=0x7ffc0000 [ 444.959837][ T30] audit: type=1326 audit(1755696650.694:3558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15912 comm="syz.2.3969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8662b8ebe9 code=0x7ffc0000 [ 444.995156][ T30] audit: type=1326 audit(1755696650.724:3559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15912 comm="syz.2.3969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8662b8ebe9 code=0x7ffc0000 [ 445.020660][ T30] audit: type=1326 audit(1755696650.724:3560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15912 comm="syz.2.3969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8662b8ebe9 code=0x7ffc0000 [ 445.121253][ T43] plantronics 0003:047F:FFFF.0027: reserved main item tag 0xd [ 445.150495][ T43] plantronics 0003:047F:FFFF.0027: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 445.347162][ T5155] Bluetooth: hci5: command 0x1003 tx timeout [ 445.349108][ T5842] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 445.386576][ T10] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 445.585650][ T6791] usb 1-1: USB disconnect, device number 30 [ 445.597860][ T10] usb 4-1: config 220 has an invalid interface number: 76 but max is 2 [ 445.617058][ T10] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 445.628232][ T10] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 445.641044][ T10] usb 4-1: config 220 has no interface number 2 [ 445.649794][ T10] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 445.664313][ T10] usb 4-1: config 220 interface 0 has no altsetting 0 [ 445.678138][ T10] usb 4-1: config 220 interface 76 has no altsetting 0 [ 445.685368][ T10] usb 4-1: config 220 interface 1 has no altsetting 0 [ 445.702778][ T10] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 445.713268][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 445.725330][ T10] usb 4-1: Product: syz [ 445.730521][ T10] usb 4-1: Manufacturer: syz [ 445.735429][ T10] usb 4-1: SerialNumber: syz [ 445.980385][ T10] usb 4-1: Found UVC 7.01 device syz (8086:0b07) [ 446.001343][ T10] usb 4-1: No valid video chain found. [ 446.007435][ T10] usb 4-1: selecting invalid altsetting 0 [ 446.035427][ T10] usb 4-1: selecting invalid altsetting 0 [ 446.041594][ T10] usbtest 4-1:220.1: probe with driver usbtest failed with error -22 [ 446.054158][ T10] usb 4-1: USB disconnect, device number 39 [ 446.126165][T15944] block nbd0: server does not support multiple connections per device. [ 446.160486][T15944] block nbd0: shutting down sockets [ 447.190185][ T43] kernel write not supported for file /1826/clear_refs (pid: 43 comm: kworker/1:1) [ 447.201822][T15989] Bluetooth: hci4: Opcode 0x0401 failed: -4 [ 448.223325][T16021] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4016'. [ 448.246346][T16021] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4016'. [ 448.411760][T16027] veth1_to_bond: entered allmulticast mode [ 448.421919][T16030] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 448.439302][T16027] veth1_to_bond: entered promiscuous mode [ 448.460296][T16026] veth1_to_bond: left promiscuous mode [ 448.487366][T16026] veth1_to_bond: left allmulticast mode [ 449.186262][ T5842] Bluetooth: hci4: command 0x0406 tx timeout [ 449.582388][ T5925] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 449.786045][ T5925] usb 1-1: Using ep0 maxpacket: 32 [ 449.797946][ T5925] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 449.836134][ T5925] usb 1-1: config 0 has no interface number 0 [ 449.842508][ T5925] usb 1-1: config 0 interface 184 has no altsetting 0 [ 449.854105][ T5925] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 449.873523][ T5925] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 449.897795][ T5925] usb 1-1: Product: syz [ 449.902046][ T5925] usb 1-1: Manufacturer: syz [ 449.907043][ T5925] usb 1-1: SerialNumber: syz [ 449.914964][ T5925] usb 1-1: config 0 descriptor?? [ 449.923350][ T5925] smsc75xx v1.0.0 [ 450.225053][T16092] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 450.226265][T16091] IPVS: stopping master sync thread 16092 ... [ 450.521984][T16098] netlink: 83 bytes leftover after parsing attributes in process `syz.2.4048'. [ 450.537780][ T5925] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 450.561522][ T5925] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 450.774314][ T5925] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 450.798430][ T5925] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 450.819340][ T5925] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 450.855491][ T5925] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 450.892215][ T5925] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -71 [ 450.927569][ T5925] usb 1-1: USB disconnect, device number 31 [ 451.007800][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 451.007821][ T30] audit: type=1326 audit(1755696657.094:3567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16103 comm="syz.3.4050" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc7e2d8ebe9 code=0x0 [ 451.954753][T16144] netlink: 96 bytes leftover after parsing attributes in process `syz.3.4065'. [ 452.499292][ T5925] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 452.662962][ T5925] usb 1-1: config index 0 descriptor too short (expected 23569, got 27) [ 452.672452][ T5925] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 452.691142][ T5925] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 452.703739][ T5925] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 452.714490][ T5925] usb 1-1: Manufacturer: syz [ 452.724787][ T5925] usb 1-1: config 0 descriptor?? [ 452.794733][T16175] netlink: 84 bytes leftover after parsing attributes in process `syz.5.4078'. [ 452.837470][ T5925] rc_core: IR keymap rc-hauppauge not found [ 452.843879][ T5925] Registered IR keymap rc-empty [ 452.859095][ T5925] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 452.875148][ T5925] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input48 [ 452.948931][ C0] igorplugusb 1-1:0.0: Error: urb status = -32 [ 452.964510][ T43] usb 1-1: USB disconnect, device number 32 [ 453.823267][T16211] netlink: 72 bytes leftover after parsing attributes in process `syz.0.4093'. [ 453.916566][ T6791] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 454.076130][ T6791] usb 6-1: Using ep0 maxpacket: 8 [ 454.088893][ T6791] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 454.110627][ T6791] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 454.125890][ T6791] usb 6-1: Product: syz [ 454.130127][ T6791] usb 6-1: Manufacturer: syz [ 454.134856][ T6791] usb 6-1: SerialNumber: syz [ 454.159417][ T6791] usb 6-1: config 0 descriptor?? [ 454.379682][ T6791] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 454.842670][T16228] sctp: [Deprecated]: syz.2.4100 (pid 16228) Use of int in maxseg socket option. [ 454.842670][T16228] Use struct sctp_assoc_value instead [ 455.232753][ T6791] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 455.258454][ T6791] usb 6-1: USB disconnect, device number 25 [ 455.409324][T16257] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4113'. [ 455.432345][T16257] chnl_net:caif_netlink_parms(): no params data found [ 455.584044][T16263] input: syz0 as /devices/virtual/input/input49 [ 455.647783][T16265] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4116'. [ 455.723648][T16265] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 455.733322][T16265] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 455.742252][T16265] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 455.751911][T16265] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 455.819871][T16265] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 455.830005][T16265] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 455.839119][T16265] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 455.849188][T16265] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 456.226388][ T6791] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 456.276043][ T43] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 456.398384][ T30] audit: type=1326 audit(1755696662.504:3568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16286 comm="syz.3.4126" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc7e2d8ebe9 code=0x0 [ 456.436318][ T43] usb 1-1: Using ep0 maxpacket: 32 [ 456.443423][ T6791] usb 6-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 456.455861][ T6791] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 456.456636][ T43] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 456.465380][ T6791] usb 6-1: Product: syz [ 456.490279][ T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 456.495896][ T6791] usb 6-1: Manufacturer: syz [ 456.506654][ T43] usb 1-1: config 0 descriptor?? [ 456.522365][ T6791] usb 6-1: SerialNumber: syz [ 456.533872][ T6791] usb 6-1: config 0 descriptor?? [ 456.566284][ T6791] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 456.728792][ T43] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 456.744837][ T43] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 456.756543][ T43] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 456.763932][ T43] usb 1-1: media controller created [ 456.796255][ T43] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 456.935471][ T43] az6027: usb out operation failed. (-71) [ 456.945227][ T43] az6027: usb out operation failed. (-71) [ 456.955149][ T43] stb0899_attach: Driver disabled by Kconfig [ 456.964892][ T43] az6027: no front-end attached [ 456.964892][ T43] [ 456.973554][ T43] az6027: usb out operation failed. (-71) [ 456.997130][ T43] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 457.020416][ T43] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input50 [ 457.075215][ T43] dvb-usb: schedule remote query interval to 400 msecs. [ 457.094007][ T43] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 457.123185][ T43] usb 1-1: USB disconnect, device number 33 [ 457.277456][ T43] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 457.365700][ T6791] gspca_sunplus: reg_r err -71 [ 457.389467][ T6791] sunplus 6-1:0.0: probe with driver sunplus failed with error -71 [ 457.433113][ T6791] usb 6-1: USB disconnect, device number 26 [ 457.769310][T16314] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4135'. [ 458.186240][ T6791] usb 4-1: new full-speed USB device number 40 using dummy_hcd [ 458.358600][ T6791] usb 4-1: config 0 has no interfaces? [ 458.372429][ T6791] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 458.445514][ T6791] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 458.469845][ T6791] usb 4-1: config 0 descriptor?? [ 458.721246][ T6791] usb 4-1: USB disconnect, device number 40 [ 459.287156][ T5904] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 459.432381][T16361] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4153'. [ 459.471939][ T5904] usb 1-1: Using ep0 maxpacket: 8 [ 459.493174][ T5904] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 459.528195][ T5904] usb 1-1: config 179 has no interface number 0 [ 459.534744][ T5904] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 459.566644][ T5904] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 459.578481][T16364] netlink: 40 bytes leftover after parsing attributes in process `syz.5.4156'. [ 459.606150][T16364] netlink: 3 bytes leftover after parsing attributes in process `syz.5.4156'. [ 459.616967][ T5904] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0 [ 459.647513][ T5904] usb 1-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 459.680286][ T5904] usb 1-1: config 179 interface 65 has no altsetting 0 [ 459.697529][ T5904] usb 1-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 459.736179][ T5904] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 459.845204][T16369] 9pnet_fd: Insufficient options for proto=fd [ 460.003708][ T6791] usb 1-1: USB disconnect, device number 34 [ 460.513391][T16393] netlink: 'syz.5.4170': attribute type 10 has an invalid length. [ 460.552863][T16393] bridge0: port 2(bridge_slave_1) entered disabled state [ 460.576416][T16393] bridge_slave_1: left allmulticast mode [ 460.586393][T16393] bridge_slave_1: left promiscuous mode [ 460.592436][T16393] bridge0: port 2(bridge_slave_1) entered disabled state [ 460.614225][T16393] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 461.507355][T16429] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4185'. [ 463.176344][ T10] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 463.342130][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 463.364269][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 463.383484][ T10] usb 6-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 463.417284][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 463.449360][ T10] usb 6-1: config 0 descriptor?? [ 463.884506][ T10] cp2112 0003:10C4:EA90.0028: unknown main item tag 0x0 [ 463.917758][ T10] cp2112 0003:10C4:EA90.0028: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.5-1/input0 [ 464.082500][ T10] cp2112 0003:10C4:EA90.0028: Part Number: 0x82 Device Version: 0xFE [ 464.407289][ T6066] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 464.487719][ T10] cp2112 0003:10C4:EA90.0028: error setting SMBus config [ 464.507710][ T10] cp2112 0003:10C4:EA90.0028: probe with driver cp2112 failed with error -71 [ 464.529506][ T10] usb 6-1: USB disconnect, device number 27 [ 465.220570][T16508] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4220'. [ 465.234277][T16508] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4220'. [ 465.456445][T15286] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 465.555566][ T30] audit: type=1326 audit(1755696671.654:3569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16519 comm="syz.5.4225" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd81cb8ebe9 code=0x0 [ 465.618527][T15286] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 465.642623][T15286] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 465.667277][T15286] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 465.683894][T15286] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 465.696090][T15286] usb 1-1: SerialNumber: syz [ 465.920043][T15286] usb 1-1: 0:2 : does not exist [ 465.963069][T15286] usb 1-1: USB disconnect, device number 35 [ 466.221629][T16540] netlink: 76 bytes leftover after parsing attributes in process `syz.2.4234'. [ 466.231107][T16540] nbd: must specify at least one socket [ 467.115957][T16502] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 468.348084][T16598] 9pnet_fd: Insufficient options for proto=fd [ 468.893521][T16609] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4263'. [ 469.502683][T16627] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 469.553098][T16627] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 469.594011][T16627] overlayfs: failed to get uuid (706/file1, err=-13); falling back to uuid=null. [ 469.845079][T16639] syzkaller1: entered promiscuous mode [ 469.851455][T16639] syzkaller1: entered allmulticast mode [ 470.796031][ T5904] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 470.928088][T16685] netlink: 'syz.2.4296': attribute type 39 has an invalid length. [ 470.940611][T16685] veth0_macvtap: left promiscuous mode [ 470.950257][ T5904] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 470.995130][ T5904] usb 1-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 471.005009][ T5904] usb 1-1: New USB device strings: Mfr=32, Product=0, SerialNumber=9 [ 471.021034][ T5904] usb 1-1: Manufacturer: syz [ 471.029496][ T5904] usb 1-1: SerialNumber: syz [ 471.037337][ T5904] usb 1-1: config 0 descriptor?? [ 471.587965][T16710] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4308'. [ 471.597455][T16710] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4308'. [ 471.822270][ T5918] usb 1-1: USB disconnect, device number 36 [ 472.160169][T16732] netlink: 'syz.5.4316': attribute type 9 has an invalid length. [ 473.648384][ T30] audit: type=1400 audit(1755696679.754:3570): lsm=SMACK fn=smack_inode_setattr action=denied subject="y" object="_" requested=w pid=16762 comm="syz.5.4332" name="address_bits" dev="sysfs" ino=1392 [ 473.696191][ T5904] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 473.867446][T16767] loop6: detected capacity change from 0 to 524287999 [ 473.926759][ T5904] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 473.950686][ T5904] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 473.985185][ T5904] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 474.036174][ T5904] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 474.068051][ T5904] usb 1-1: Product: syz [ 474.072300][ T5904] usb 1-1: Manufacturer: syz [ 474.095208][ T5904] usb 1-1: SerialNumber: syz [ 474.148639][ T5904] cdc_mbim 1-1:1.0: skipping garbage [ 474.203684][ T30] audit: type=1400 audit(1755696680.304:3571): lsm=SMACK fn=smack_inode_set_acl action=denied subject="w" object="_" requested=w pid=16773 comm="syz.7.4337" name="96" dev="tmpfs" ino=504 [ 474.361785][T16759] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 474.999482][T16759] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 475.018024][ T5904] cdc_mbim 1-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 475.030101][ T5904] cdc_mbim 1-1:1.0: setting rx_max = 2048 [ 475.230963][ T5904] cdc_mbim 1-1:1.0: setting tx_max = 184 [ 475.243107][ T5904] cdc_mbim 1-1:1.0: cdc-wdm0: USB WDM device [ 475.283959][ T5904] wwan wwan0: port wwan0mbim0 attached [ 475.310122][ T5904] cdc_mbim 1-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.0-1, CDC MBIM, 0a:1e:d5:24:7b:4d [ 475.734508][ T5904] usb 1-1: USB disconnect, device number 37 [ 475.742238][ T5904] cdc_mbim 1-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.0-1, CDC MBIM [ 475.811678][ T5904] wwan wwan0: port wwan0mbim0 disconnected [ 476.264916][T16829] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4361'. [ 476.480472][T16837] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4364'. [ 476.580063][T10339] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 476.675115][T10339] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 476.817984][T10339] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 476.966572][T10339] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 477.376861][ T5155] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 477.391079][ T5155] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 477.400926][T10339] bridge_slave_1: left allmulticast mode [ 477.408955][ T5155] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 477.417087][T10339] bridge_slave_1: left promiscuous mode [ 477.423693][T10339] bridge0: port 2(bridge_slave_1) entered disabled state [ 477.434812][ T5155] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 477.447323][ T5155] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 477.454863][T10339] bridge_slave_0: left allmulticast mode [ 477.460883][T10339] bridge_slave_0: left promiscuous mode [ 477.467362][T10339] bridge0: port 1(bridge_slave_0) entered disabled state [ 478.304575][T10339] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 478.325424][T10339] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 478.344928][T10339] bond0 (unregistering): Released all slaves [ 478.869112][T10339] hsr_slave_0: left promiscuous mode [ 478.878334][T10339] hsr_slave_1: left promiscuous mode [ 478.884780][T10339] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 478.892470][T10339] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 478.900905][T10339] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 478.908598][T10339] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 478.938322][T10339] veth1_macvtap: left promiscuous mode [ 478.944668][T10339] veth0_macvtap: left promiscuous mode [ 478.952410][T10339] veth1_vlan: left promiscuous mode [ 478.958336][T10339] veth0_vlan: left promiscuous mode [ 479.506464][ T5842] Bluetooth: hci1: command tx timeout [ 480.464320][T10339] team0 (unregistering): Port device team_slave_1 removed [ 480.544228][T10339] team0 (unregistering): Port device team_slave_0 removed [ 481.463641][T16857] chnl_net:caif_netlink_parms(): no params data found [ 481.586207][ T5842] Bluetooth: hci1: command tx timeout [ 481.838216][T16857] bridge0: port 1(bridge_slave_0) entered blocking state [ 481.847866][T16857] bridge0: port 1(bridge_slave_0) entered disabled state [ 481.855185][T16857] bridge_slave_0: entered allmulticast mode [ 481.868018][T16857] bridge_slave_0: entered promiscuous mode [ 481.881664][T16857] bridge0: port 2(bridge_slave_1) entered blocking state [ 481.893097][T16857] bridge0: port 2(bridge_slave_1) entered disabled state [ 481.900765][T16857] bridge_slave_1: entered allmulticast mode [ 481.912899][T16857] bridge_slave_1: entered promiscuous mode [ 482.099510][T16857] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 482.142762][T16857] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 482.315237][T16857] team0: Port device team_slave_0 added [ 482.337309][T16857] team0: Port device team_slave_1 added [ 482.419524][T16857] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 482.430300][T16857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 482.464675][T16857] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 482.485224][T16857] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 482.492677][T16857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 482.520589][T16857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 482.593783][T16857] hsr_slave_0: entered promiscuous mode [ 482.602599][T16857] hsr_slave_1: entered promiscuous mode [ 482.610521][T16857] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 482.618407][T16857] Cannot create hsr debugfs directory [ 482.646213][ T5918] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 482.806061][ T5918] usb 6-1: Using ep0 maxpacket: 32 [ 482.817490][ T5918] usb 6-1: config 0 interface 0 has no altsetting 0 [ 482.824218][ T5918] usb 6-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 482.846390][ T5918] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 482.867488][ T5918] usb 6-1: config 0 descriptor?? [ 482.939610][T16857] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 482.957112][T16857] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 482.971122][T16857] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 482.982606][T16857] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 483.006205][ T43] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 483.165343][T16857] 8021q: adding VLAN 0 to HW filter on device bond0 [ 483.168527][ T43] usb 1-1: Using ep0 maxpacket: 32 [ 483.183409][ T43] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 483.195176][ T43] usb 1-1: config 0 has no interface number 0 [ 483.201868][T16973] bond_slave_0: entered promiscuous mode [ 483.208561][T16973] bond_slave_1: entered promiscuous mode [ 483.222712][T16857] 8021q: adding VLAN 0 to HW filter on device team0 [ 483.227376][ T43] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 483.243445][ T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 483.254160][ T43] usb 1-1: Product: syz [ 483.260631][T16972] bond_slave_0: left promiscuous mode [ 483.266929][T16972] bond_slave_1: left promiscuous mode [ 483.272940][ T43] usb 1-1: Manufacturer: syz [ 483.277829][ T43] usb 1-1: SerialNumber: syz [ 483.293300][ T43] usb 1-1: config 0 descriptor?? [ 483.301721][T10316] bridge0: port 1(bridge_slave_0) entered blocking state [ 483.309239][T10316] bridge0: port 1(bridge_slave_0) entered forwarding state [ 483.318250][ T43] smsc95xx v2.0.0 [ 483.355050][T10327] bridge0: port 2(bridge_slave_1) entered blocking state [ 483.362416][T10327] bridge0: port 2(bridge_slave_1) entered forwarding state [ 483.667235][ T5842] Bluetooth: hci1: command tx timeout [ 483.669778][ T5918] corsair-cpro 0003:1B1C:0C10.0029: hidraw0: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.5-1/input0 [ 483.737295][ T43] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 483.753573][ T43] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 483.843895][T16857] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 483.866458][ T5918] corsair-cpro 0003:1B1C:0C10.0029: probe with driver corsair-cpro failed with error -71 [ 484.092783][T15286] usb 6-1: USB disconnect, device number 28 [ 484.170801][ T43] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000108: -71 [ 484.197189][ T43] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -71 [ 484.215437][ T43] usb 1-1: USB disconnect, device number 38 [ 484.219494][T16857] veth0_vlan: entered promiscuous mode [ 484.263225][T16857] veth1_vlan: entered promiscuous mode [ 484.347397][T16857] veth0_macvtap: entered promiscuous mode [ 484.376743][T16857] veth1_macvtap: entered promiscuous mode [ 484.402851][T16857] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 484.423904][T16857] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 484.444186][T16857] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.454227][T16857] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.470835][T16857] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.480666][T16857] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.502051][T16995] block nbd0: server does not support multiple connections per device. [ 484.511920][T16995] block nbd0: shutting down sockets [ 484.672475][T10327] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 484.707027][T10327] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 484.881210][T17001] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 484.971338][T10316] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 484.996326][T10316] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 485.100735][T17001] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 485.299747][T17001] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 485.504848][T17001] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 485.597938][T17026] loop8: detected capacity change from 0 to 8 [ 485.619438][T16857] Dev loop8: unable to read RDB block 8 [ 485.625095][T16857] loop8: unable to read partition table [ 485.631499][T16857] loop8: partition table beyond EOD, truncated [ 485.639104][T17026] Dev loop8: unable to read RDB block 8 [ 485.645221][T17026] loop8: unable to read partition table [ 485.665748][T17026] loop8: partition table beyond EOD, truncated [ 485.686709][T17026] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 485.747223][ T5842] Bluetooth: hci1: command tx timeout [ 485.755025][T17001] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 485.781516][T17001] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 485.810155][T17001] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 485.834455][T17001] netdevsim netdevsim7 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 486.006319][T17036] program syz.7.4440 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 486.287386][T17045] netlink: 'syz.2.4444': attribute type 25 has an invalid length. [ 486.302636][T17045] netlink: 'syz.2.4444': attribute type 7 has an invalid length. [ 486.989786][T17030] netlink: 'syz.8.4437': attribute type 6 has an invalid length. [ 488.167261][T17091] vlan4: entered allmulticast mode [ 488.172561][T17091] team0: entered allmulticast mode [ 488.226386][T17091] team_slave_0: entered allmulticast mode [ 488.237891][T17091] team_slave_1: entered allmulticast mode [ 488.267246][T17091] team0: Device vlan4 is already an upper device of the team interface [ 488.311080][ T5842] block nbd8: Receive control failed (result -107) [ 488.332400][ T30] audit: type=1326 audit(1755696694.404:3572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17094 comm="syz.2.4466" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8662b8ebe9 code=0x0 [ 488.374757][T17092] block nbd8: shutting down sockets [ 488.814454][T17052] syz.7.4446 (17052): drop_caches: 2 [ 488.975004][T17107] sock: sock_set_timeout: `syz.8.4469' (pid 17107) tries to set negative timeout [ 489.638392][T17124] netlink: 'syz.5.4479': attribute type 11 has an invalid length. [ 490.119956][T17141] [ 490.122350][T17141] ====================================================== [ 490.129683][T17141] WARNING: possible circular locking dependency detected [ 490.136914][T17141] 6.16.0-syzkaller #0 Not tainted [ 490.142028][T17141] ------------------------------------------------------ [ 490.149254][T17141] syz.5.4487/17141 is trying to acquire lock: [ 490.155442][T17141] ffff888024e30358 (&disk->open_mutex){+.+.}-{4:4}, at: __del_gendisk+0x129/0x9e0 [ 490.164974][T17141] [ 490.164974][T17141] but task is already holding lock: [ 490.172529][T17141] ffff888142f7f368 (&set->update_nr_hwq_lock){++++}-{4:4}, at: del_gendisk+0xe0/0x160 [ 490.182284][T17141] [ 490.182284][T17141] which lock already depends on the new lock. [ 490.182284][T17141] [ 490.193131][T17141] [ 490.193131][T17141] the existing dependency chain (in reverse order) is: [ 490.202333][T17141] [ 490.202333][T17141] -> #2 (&set->update_nr_hwq_lock){++++}-{4:4}: [ 490.211076][T17141] lock_acquire+0x120/0x360 [ 490.216179][T17141] down_write+0x96/0x1f0 [ 490.221650][T17141] blk_mq_update_nr_hw_queues+0x3b/0x14c0 [ 490.228169][T17141] nbd_start_device+0x16c/0xac0 [ 490.233555][T17141] nbd_ioctl+0x636/0xeb0 [ 490.238339][T17141] blkdev_ioctl+0x5a8/0x6d0 [ 490.243381][T17141] __se_sys_ioctl+0xfc/0x170 [ 490.248504][T17141] do_syscall_64+0xfa/0x3b0 [ 490.253654][T17141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 490.260180][T17141] [ 490.260180][T17141] -> #1 (&nbd->config_lock){+.+.}-{4:4}: [ 490.268122][T17141] lock_acquire+0x120/0x360 [ 490.273248][T17141] __mutex_lock+0x182/0xe80 [ 490.278283][T17141] refcount_dec_and_mutex_lock+0x30/0xa0 [ 490.284713][T17141] nbd_config_put+0x2c/0x790 [ 490.290097][T17141] nbd_release+0xfe/0x140 [ 490.295134][T17141] bdev_release+0x533/0x650 [ 490.300261][T17141] blkdev_release+0x15/0x20 [ 490.305307][T17141] __fput+0x449/0xa70 [ 490.309908][T17141] fput_close_sync+0x119/0x200 [ 490.315212][T17141] __x64_sys_close+0x7f/0x110 [ 490.320442][T17141] do_syscall_64+0xfa/0x3b0 [ 490.325657][T17141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 490.332166][T17141] [ 490.332166][T17141] -> #0 (&disk->open_mutex){+.+.}-{4:4}: [ 490.340089][T17141] validate_chain+0xb9b/0x2140 [ 490.345491][T17141] __lock_acquire+0xab9/0xd20 [ 490.350803][T17141] lock_acquire+0x120/0x360 [ 490.355873][T17141] __mutex_lock+0x182/0xe80 [ 490.361000][T17141] __del_gendisk+0x129/0x9e0 [ 490.366216][T17141] del_gendisk+0xe8/0x160 [ 490.371078][T17141] loop_remove+0x42/0xc0 [ 490.375948][T17141] loop_control_ioctl+0x4ac/0x5a0 [ 490.381511][T17141] __se_sys_ioctl+0xfc/0x170 [ 490.387080][T17141] do_syscall_64+0xfa/0x3b0 [ 490.392133][T17141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 490.398743][T17141] [ 490.398743][T17141] other info that might help us debug this: [ 490.398743][T17141] [ 490.409080][T17141] Chain exists of: [ 490.409080][T17141] &disk->open_mutex --> &nbd->config_lock --> &set->update_nr_hwq_lock [ 490.409080][T17141] [ 490.423394][T17141] Possible unsafe locking scenario: [ 490.423394][T17141] [ 490.430943][T17141] CPU0 CPU1 [ 490.436322][T17141] ---- ---- [ 490.441722][T17141] rlock(&set->update_nr_hwq_lock); [ 490.447113][T17141] lock(&nbd->config_lock); [ 490.454231][T17141] lock(&set->update_nr_hwq_lock); [ 490.461978][T17141] lock(&disk->open_mutex); [ 490.466682][T17141] [ 490.466682][T17141] *** DEADLOCK *** [ 490.466682][T17141] [ 490.474925][T17141] 1 lock held by syz.5.4487/17141: [ 490.480123][T17141] #0: ffff888142f7f368 (&set->update_nr_hwq_lock){++++}-{4:4}, at: del_gendisk+0xe0/0x160 [ 490.490166][T17141] [ 490.490166][T17141] stack backtrace: [ 490.496152][T17141] CPU: 0 UID: 0 PID: 17141 Comm: syz.5.4487 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 490.496172][T17141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 490.496182][T17141] Call Trace: [ 490.496189][T17141] [ 490.496197][T17141] dump_stack_lvl+0x189/0x250 [ 490.496218][T17141] ? __pfx_dump_stack_lvl+0x10/0x10 [ 490.496235][T17141] ? __pfx__printk+0x10/0x10 [ 490.496255][T17141] ? print_lock_name+0xde/0x100 [ 490.496275][T17141] print_circular_bug+0x2ee/0x310 [ 490.496297][T17141] check_noncircular+0x134/0x160 [ 490.496317][T17141] validate_chain+0xb9b/0x2140 [ 490.496336][T17141] ? stack_depot_save_flags+0x40/0x900 [ 490.496360][T17141] __lock_acquire+0xab9/0xd20 [ 490.496377][T17141] ? __del_gendisk+0x129/0x9e0 [ 490.496394][T17141] lock_acquire+0x120/0x360 [ 490.496407][T17141] ? __del_gendisk+0x129/0x9e0 [ 490.496427][T17141] ? lockdep_unlock+0x89/0x120 [ 490.496450][T17141] __mutex_lock+0x182/0xe80 [ 490.496467][T17141] ? __del_gendisk+0x129/0x9e0 [ 490.496489][T17141] ? __del_gendisk+0x129/0x9e0 [ 490.496508][T17141] ? __pfx___mutex_lock+0x10/0x10 [ 490.496525][T17141] ? __pfx___might_resched+0x10/0x10 [ 490.496544][T17141] ? __lock_acquire+0xab9/0xd20 [ 490.496558][T17141] ? disk_del_events+0xb5/0x210 [ 490.496585][T17141] ? __del_gendisk+0xc1/0x9e0 [ 490.496603][T17141] __del_gendisk+0x129/0x9e0 [ 490.496622][T17141] ? del_gendisk+0xe0/0x160 [ 490.496642][T17141] ? __pfx___del_gendisk+0x10/0x10 [ 490.496662][T17141] ? down_read+0x1ad/0x2e0 [ 490.496680][T17141] del_gendisk+0xe8/0x160 [ 490.496699][T17141] loop_remove+0x42/0xc0 [ 490.496723][T17141] loop_control_ioctl+0x4ac/0x5a0 [ 490.496739][T17141] ? __pfx_loop_control_ioctl+0x10/0x10 [ 490.496752][T17141] ? __fget_files+0x2a/0x420 [ 490.496770][T17141] ? bpf_lsm_file_ioctl+0x9/0x20 [ 490.496787][T17141] ? __pfx_loop_control_ioctl+0x10/0x10 [ 490.496801][T17141] __se_sys_ioctl+0xfc/0x170 [ 490.496824][T17141] do_syscall_64+0xfa/0x3b0 [ 490.496841][T17141] ? lockdep_hardirqs_on+0x9c/0x150 [ 490.496856][T17141] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 490.496871][T17141] ? clear_bhb_loop+0x60/0xb0 [ 490.496888][T17141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 490.496903][T17141] RIP: 0033:0x7fd81cb8ebe9 [ 490.496918][T17141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 490.496932][T17141] RSP: 002b:00007fd81da7d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 490.496949][T17141] RAX: ffffffffffffffda RBX: 00007fd81cdb5fa0 RCX: 00007fd81cb8ebe9 [ 490.496961][T17141] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000004 [ 490.496970][T17141] RBP: 00007fd81cc11e19 R08: 0000000000000000 R09: 0000000000000000 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 490.496980][T17141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 490.496989][T17141] R13: 00007fd81cdb6038 R14: 00007fd81cdb5fa0 R15: 00007ffc4726b868 [ 490.497007][T17141] [ 490.888741][T17146] input: syz0 as /devices/virtual/input/input51 [ 490.895087][T17146] input: failed to attach handler leds to device input51, error: -6 [ 491.686145][T10339] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 491.770107][T10339] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 491.831540][T10339] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 491.910233][T10339] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 491.973830][T10339] bridge_slave_1: left allmulticast mode [ 491.980008][T10339] bridge_slave_1: left promiscuous mode [ 491.985735][T10339] bridge0: port 2(bridge_slave_1) entered disabled state [ 491.997654][T10339] bridge_slave_0: left allmulticast mode [ 492.003422][T10339] bridge_slave_0: left promiscuous mode [ 492.009198][T10339] bridge0: port 1(bridge_slave_0) entered disabled state [ 492.092706][T10339] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 492.103673][T10339] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 492.113471][T10339] bond0 (unregistering): Released all slaves [ 492.291862][T10339] hsr_slave_0: left promiscuous mode [ 492.298123][T10339] hsr_slave_1: left promiscuous mode [ 492.304162][T10339] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 492.312325][T10339] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 492.320350][T10339] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 492.328124][T10339] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 492.338667][T10339] veth1_macvtap: left promiscuous mode [ 492.344261][T10339] veth0_macvtap: left promiscuous mode [ 492.350054][T10339] veth1_vlan: left promiscuous mode [ 492.355342][T10339] veth0_vlan: left promiscuous mode [ 492.531858][T10339] team0 (unregistering): Port device team_slave_1 removed [ 492.562708][T10339] team0 (unregistering): Port device team_slave_0 removed [ 493.001754][T10339] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 493.058810][T10339] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 493.138670][T10339] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 493.188874][T10339] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 493.244135][T10339] netdevsim netdevsim7 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 493.279229][T10339] netdevsim netdevsim7 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 493.319465][T10339] netdevsim netdevsim7 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 493.378747][T10339] netdevsim netdevsim7 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 493.454623][T10339] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 493.499990][T10339] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 493.540679][T10339] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 493.599862][T10339] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 493.654862][T10339] vlan2: left allmulticast mode [ 493.660350][T10339] dummy0: left allmulticast mode [ 493.665536][T10339] vlan2: left promiscuous mode [ 493.670544][T10339] dummy0: left promiscuous mode [ 493.675736][T10339] bridge0: port 3(vlan2) entered disabled state [ 493.683476][T10339] bridge_slave_0: left allmulticast mode [ 493.689960][T10339] bridge_slave_0: left promiscuous mode [ 493.697370][T10339] bridge0: port 1(bridge_slave_0) entered disabled state [ 493.706841][T10339] bridge_slave_1: left allmulticast mode [ 493.712504][T10339] bridge_slave_1: left promiscuous mode [ 493.719119][T10339] bridge0: port 2(bridge_slave_1) entered disabled state [ 493.727334][T10339] bridge_slave_0: left allmulticast mode [ 493.732979][T10339] bridge_slave_0: left promiscuous mode [ 493.738883][T10339] bridge0: port 1(bridge_slave_0) entered disabled state [ 493.748405][T10339] bridge_slave_1: left promiscuous mode [ 493.754202][T10339] bridge0: port 2(bridge_slave_1) entered disabled state [ 493.762790][T10339] bridge_slave_0: left allmulticast mode [ 493.769231][T10339] bridge_slave_0: left promiscuous mode [ 493.774958][T10339] bridge0: port 1(bridge_slave_0) entered disabled state [ 493.786432][T10339] batman_adv: batadv0: Interface deactivated: gretap1 [ 493.908045][T10339] bond0 (unregistering): (slave geneve0): Releasing backup interface [ 494.012224][T10339] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 494.022534][T10339] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 494.033246][T10339] bond0 (unregistering): (slave bridge_slave_1): Releasing backup interface [ 494.044014][T10339] bond0 (unregistering): Released all slaves [ 494.171375][T10339] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 494.181383][T10339] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 494.191086][T10339] bond0 (unregistering): Released all slaves [ 494.219611][T10339] batman_adv: batadv0: Removing interface: gretap1 [ 494.292323][T10339] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 494.302913][T10339] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 494.316946][T10339] bond0 (unregistering): (slave bond1): Releasing backup interface [ 494.325733][T10339] bond0 (unregistering): Released all slaves [ 494.498766][T10339] bond1 (unregistering): Released all slaves [ 494.584726][T10339] tipc: Disabling bearer [ 494.590279][T10339] tipc: Left network mode [ 494.596788][T10339] tipc: Left network mode [ 494.971024][T10339] team0: left promiscuous mode [ 494.975971][T10339] team_slave_0: left promiscuous mode [ 494.981752][T10339] team_slave_1: left promiscuous mode [ 494.987828][T10339] batadv_slave_1: left promiscuous mode [ 494.997338][T10339] hsr_slave_0: left promiscuous mode [ 495.003396][T10339] hsr_slave_1: left promiscuous mode [ 495.010886][T10339] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 495.018651][T10339] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 495.027104][T10339] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 495.034598][T10339] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 495.044782][T10339] hsr_slave_0: left promiscuous mode [ 495.050878][T10339] hsr_slave_1: left promiscuous mode [ 495.056774][T10339] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 495.064197][T10339] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 495.071936][T10339] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 495.079572][T10339] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 495.088682][T10339] hsr_slave_0: left promiscuous mode [ 495.094462][T10339] hsr_slave_1: left promiscuous mode [ 495.100600][T10339] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 495.108505][T10339] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 495.116208][T10339] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 495.131476][T10339] veth1_macvtap: left promiscuous mode [ 495.137093][T10339] veth0_macvtap: left promiscuous mode [ 495.142941][T10339] veth1_vlan: left promiscuous mode [ 495.148528][T10339] veth0_vlan: left promiscuous mode [ 495.155921][T10339] veth1_macvtap: left promiscuous mode [ 495.161954][T10339] veth0_macvtap: left promiscuous mode [ 495.168045][T10339] veth1_vlan: left promiscuous mode [ 495.173592][T10339] veth0_vlan: left promiscuous mode [ 495.179828][T10339] team_slave_0: left promiscuous mode [ 495.185292][T10339] team_slave_1: left promiscuous mode [ 495.191054][T10339] veth1_macvtap: left promiscuous mode [ 495.418077][T10339] team_slave_1 (unregistering): left allmulticast mode [ 495.425497][T10339] team0 (unregistering): Port device team_slave_1 removed [ 495.470171][T10339] team_slave_0 (unregistering): left allmulticast mode [ 495.477985][T10339] team0 (unregistering): Port device team_slave_0 removed [ 495.743077][T10339] team0 (unregistering): Port device team_slave_1 removed [ 495.775141][T10339] team0 (unregistering): Port device team_slave_0 removed [ 495.997660][T10339] team0 (unregistering): Port device team_slave_1 removed [ 496.029202][T10339] team0 (unregistering): Port device team_slave_0 removed [ 496.767859][T10339] IPVS: stop unused estimator thread 0... [ 496.775275][T10339] IPVS: stop unused estimator thread 0...