last executing test programs: 14m30.410653885s ago: executing program 2 (id=6893): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="d8000000180081064e80f782db44b9040a1d080000000000000055a10a0015400100142603600e1208009e00000004010400160040000540fec00000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef409fd2ee0125b91643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d28a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3060000000000000081ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b4337812398", 0xd8}], 0x1}, 0x0) 14m30.2432327s ago: executing program 2 (id=6899): r0 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x0, 0x4, @dev, 0x8000000}}, 0x80, 0x0, 0x0, &(0x7f0000001300)=[{0x18, 0x110, 0x1, '\x00'}, {0x10, 0x110, 0xb}], 0x28}, 0xfc40) 14m30.171924902s ago: executing program 2 (id=6900): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) cachestat(r0, &(0x7f0000000500)={0xfffffffffffffffe, 0x6}, 0x0, 0x1ee) 14m30.019718473s ago: executing program 2 (id=6905): r0 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2) ioctl$VIDIOC_G_PARM(r0, 0xc0cc5615, &(0x7f00000001c0)={0x2, @capture={0x0, 0x0, {0x584926ad, 0x7fff}, 0xffffa0a4, 0x6}}) 14m29.970731211s ago: executing program 2 (id=6908): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000100850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465cbf188ef10871b81ac7553358380b3a1f59916ffc9bf0bdf81524f07fb2819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6cd87cef9000000a39c15a7ef365cc27dfeac7b9b0e9048517354b0ca4f9cf8b59ee6fa003fe1f2c4c15f20a07db4583a462d8be6602186fd68ee14a19ea2eb42122b8635a66ce6b5b92356081bc0f18a0ca83dbc089a9813c1efa26001b3f486ebfaae85c4d0b96778478ae5355e6f923b11056969f486f80a35f7f2339704fa93fa915ab8e1e0d7f31ebd19455e6827cd493907bf9d0000000000000000000000004e1fa60acabcf0553910ca2e5ea499fd5889dde9261f0848a5b8af657bfc96049308e8953431b269053627a1523551c160c813969925a892d266792352ec0204596a37ce8d6d260b32239bddbce2e79f93cb5a0ad897adb53b397d07c50f84b74f2605a565ee149016aa75ea31c0087dcd821b47c8b36efc6da4fb2ea7f1f36c85856b73ac9872babc62149699b6b8c796a79d833eb4b5ca668d430db5653a2b3c5b87e17ca1"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2ca}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x20, 0x0, &(0x7f0000000040)="b90103606989068c3c270040e700009e0ff008001fffffe1ffff8100632f4105", 0x0, 0x8104, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 14m26.038711801s ago: executing program 2 (id=6918): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000180)={0xffffffffffffffff, 0x6}) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e00000000000000c0"], 0x48) 14m6.823955831s ago: executing program 32 (id=6918): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000180)={0xffffffffffffffff, 0x6}) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e00000000000000c0"], 0x48) 3m2.042727351s ago: executing program 3 (id=20507): syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00') setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000000040)=0xce, 0x4) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000040)={0x6a, 0x0, 0x0, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) 3m1.933736462s ago: executing program 3 (id=20510): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000000)="0000000000000002", 0x8) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) dup2(r0, r1) getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r1, 0x84, 0x16, 0x0, &(0x7f00000000c0)) 3m1.828100798s ago: executing program 3 (id=20512): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000002c0)=""/249) bpf$PROG_LOAD(0x5, 0x0, 0x0) 3m0.791747596s ago: executing program 3 (id=20528): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1f8) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000340)='./file0/file0\x00', &(0x7f0000000280)='./file0/file0\x00', 0x0, 0xb105e, 0x0) pivot_root(&(0x7f0000000180)='./file0/file0\x00', &(0x7f00000001c0)='.\x00') 3m0.651058331s ago: executing program 3 (id=20531): r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) bind$x25(r1, &(0x7f0000000e00), 0x12) bind$x25(r0, &(0x7f0000000080), 0x12) close(r0) 2m59.902326777s ago: executing program 3 (id=20544): r0 = fanotify_init(0x4, 0x101000) r1 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0) fanotify_mark(r0, 0x641, 0x1019, r1, 0x0) fanotify_mark(r0, 0x1, 0x40000030, r1, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x7e) 2m59.52583029s ago: executing program 33 (id=20544): r0 = fanotify_init(0x4, 0x101000) r1 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0) fanotify_mark(r0, 0x641, 0x1019, r1, 0x0) fanotify_mark(r0, 0x1, 0x40000030, r1, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x7e) 49.814228189s ago: executing program 5 (id=22902): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000795d6c08450c3a616dc4010203010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000400)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x44, &(0x7f0000000040)=ANY=[@ANYBLOB="00000100000012"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) 47.346829783s ago: executing program 5 (id=22933): r0 = syz_io_uring_setup(0xb7f, &(0x7f0000000180)={0x0, 0x38ab, 0x80, 0x0, 0x1e6}, &(0x7f0000000340)=0x0, &(0x7f0000000600)=0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x16, &(0x7f00000000c0)={&(0x7f0000001000)={[{0x0, 0x0, 0x4, 0xf4}]}, 0x1, 0x1}, 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r3, 0x0, 0x0, 0x0, 0x322, 0x1, {0x1}}) io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0) 46.449615853s ago: executing program 5 (id=22946): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) sendmsg$IPVS_CMD_GET_INFO(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000740)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x20044080) write$UHID_CREATE2(r0, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3000009, 0x12, r0, 0x0) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) sendmmsg(r1, &(0x7f0000002f00)=[{{&(0x7f0000000000)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x3, 0x1, 0x4, 0x3, {0xa, 0x4e23, 0x6, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x1}}}, 0x80, 0x0}}], 0x1, 0x801) 46.242162516s ago: executing program 5 (id=22950): mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000200)='./file0/file0\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x2301091, 0x0) 45.99636893s ago: executing program 5 (id=22956): r0 = creat(&(0x7f0000000200)='./file0\x00', 0x17e) close(r0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) socket$inet6_mptcp(0xa, 0x1, 0x106) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x200400, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) 45.203138254s ago: executing program 5 (id=22972): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x38011, r1, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000004882, 0x0) io_setup(0x1, &(0x7f00000004c0)=0x0) io_submit(r3, 0x3, &(0x7f0000000500)=[&(0x7f0000000140)={0x3a0012fb, 0x2759, 0x7, 0x0, 0x0, r2, &(0x7f0000000180)="981c", 0x2, 0x1, 0x0, 0x2}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x5, 0x9, r0, &(0x7f0000000040), 0x0, 0x3}, 0x0]) 44.977024822s ago: executing program 34 (id=22972): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x38011, r1, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000004882, 0x0) io_setup(0x1, &(0x7f00000004c0)=0x0) io_submit(r3, 0x3, &(0x7f0000000500)=[&(0x7f0000000140)={0x3a0012fb, 0x2759, 0x7, 0x0, 0x0, r2, &(0x7f0000000180)="981c", 0x2, 0x1, 0x0, 0x2}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x5, 0x9, r0, &(0x7f0000000040), 0x0, 0x3}, 0x0]) 3.293323094s ago: executing program 7 (id=23702): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000140)=ANY=[], 0x8) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000400)=0x6, 0x4) recvmmsg(r0, &(0x7f0000008cc0)=[{{0x0, 0x0, 0x0}, 0x6}], 0x1, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 3.135550172s ago: executing program 7 (id=23706): r0 = syz_open_dev$sg(&(0x7f00000002c0), 0xe6, 0x2602) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x380000f, 0x11, r0, 0x0) r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080)) ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0xffffffffff7ffffd, 0x0, 0x0, 0x403, 0x0, 0x2, 0x0, 0x4}) close(0x3) mmap(&(0x7f0000097000/0x1000)=nil, 0x1000, 0x4, 0x28011, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15) 3.024149684s ago: executing program 7 (id=23708): r0 = socket(0x10, 0x803, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x4000) getsockname$packet(r0, &(0x7f0000000740)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x401, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r2, 0x0, 0x1114}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r3}]}}}]}, 0x3c}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newlink={0x34, 0x10, 0x401, 0x70bd28, 0x4000000, {0x0, 0x0, 0x0, r2, 0x20000}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x4}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x40001}, 0x20004090) 2.830834578s ago: executing program 7 (id=23712): socket$igmp(0x2, 0x3, 0x2) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58) r1 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xb423, 0x0, 0x5, 0x1000}, &(0x7f0000000340)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x3, r0, 0x0, 0x0, 0x0, 0x80800}) io_uring_enter(r1, 0x3516, 0x3e44, 0x8, 0x0, 0x0) 2.310935467s ago: executing program 0 (id=23720): r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x10c000) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="160000000000000005000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x100000a, 0x4082172, 0xffffffffffffffff, 0x0) 2.204051873s ago: executing program 7 (id=23721): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.084516411s ago: executing program 0 (id=23724): ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@mcast2, @rand_addr=' \x01\x00', @mcast2, 0x1, 0x6, 0x0, 0x100, 0x4, 0x184610008}) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x35451d7003000c0b, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNSETGROUP(r0, 0x400454ce, 0xee01) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) setgroups(0x32, &(0x7f00000002c0)) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112}) 1.702546048s ago: executing program 4 (id=23730): bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1b754019edcf1c9b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0xffffffffffffffb4}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001240)={&(0x7f0000000200)='kfree\x00', r1, 0x0, 0xfffffffffffffffd}, 0x18) r2 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301) ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000200)) 1.636104701s ago: executing program 7 (id=23732): mount(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8983, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000010c0)={0x44, &(0x7f0000000080)=ANY=[@ANYBLOB="00000100000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000004c0)={0x44, &(0x7f0000000200)=ANY=[@ANYBLOB='@\vK'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.547866614s ago: executing program 4 (id=23734): r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000080)={0x42, 0x80000009, 0x3}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x80042, 0x1}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, 0x0, 0x0) sendmsg$tipc(r2, &(0x7f0000000380)={&(0x7f0000000140)=@name={0x1e, 0x2, 0x3, {{0x42, 0x2}}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4000884}, 0x48004) 1.488061649s ago: executing program 0 (id=23736): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x1, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg$inet(r1, &(0x7f0000000280)=[{{&(0x7f0000000040)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x25}}, 0x10, 0x0}}], 0x1, 0x20000000) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0x20, 0x4) setsockopt$sock_attach_bpf(r1, 0x1, 0x34, &(0x7f00000000c0)=r0, 0x4) listen(r1, 0x0) close(r1) 1.363548662s ago: executing program 4 (id=23740): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xffde}, {0xffff, 0xffff}, {0x1, 0x4}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001300)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xe, 0x2}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flow={{0x9}, {0xc, 0x2, [@TCA_FLOW_BASECLASS={0x8, 0x3, {0x5, 0x3}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x4004004) 1.251964343s ago: executing program 6 (id=23742): sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x40841}, 0x4) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000000240)=""/212, 0xd4}], 0x1}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) syz_io_uring_setup(0x1e1e, &(0x7f0000000280)={0x0, 0x86f7, 0x10100}, 0x0, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c030000160001000000000000000000fc010000000000000000000000000000fe88000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac141400000000000000000000000000000000006c"], 0x34c}}, 0x0) 992.543491ms ago: executing program 6 (id=23748): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) r2 = syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = syz_pidfd_open(r2, 0x0) setns(r3, 0x24020000) mount(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080)='proc\x00', 0x189, 0x0) 892.426928ms ago: executing program 4 (id=23750): mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) mkdir(&(0x7f0000000300)='./bus\x00', 0xf1) mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000140)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}]}) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0xfffffffffffffffe, r1, {0x7, 0x2b, 0x100cd3, 0x40080000, 0x0, 0xc16, 0x7, 0x2000e15, 0x0, 0x0, 0x10}}, 0x50) 790.425315ms ago: executing program 6 (id=23753): sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) unshare(0x22020600) r0 = creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) r1 = fanotify_init(0xf00, 0x0) fanotify_mark(r1, 0x105, 0x40009975, r0, 0x0) r2 = open(&(0x7f0000000100)='./file1\x00', 0x147842, 0x88) preadv2(r2, 0x0, 0x0, 0x0, 0x0, 0x7) 733.80288ms ago: executing program 4 (id=23755): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r1}, 0x18) r2 = socket(0x1, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r4 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x70bd2a, 0x0, {0xa, 0x0, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x3eaff5a7c92fb61c}]}, 0x34}}, 0x0) 608.314675ms ago: executing program 6 (id=23757): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x1, 0x0, &(0x7f00000001c0)=""/182, 0x0, 0x80a0000}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0x1) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000040)={0x1, 0x8}) 560.076405ms ago: executing program 4 (id=23758): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) write$UHID_CREATE2(r1, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) r2 = syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x81) ioctl$HIDIOCSFEATURE(r2, 0xc0404806, &(0x7f0000000080)) close_range(r0, 0xffffffffffffffff, 0x0) 521.695498ms ago: executing program 1 (id=23759): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000300)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x2, @rand_addr=0x64010102}, 0x2}}, 0x2e) close(r0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r0, &(0x7f0000000100)=@pppol2tp={0x18, 0x1, {0x0, r2, {0x2, 0x4e22, @multicast1}, 0x2, 0x0, 0x4, 0x1}}, 0x26) ioctl$PPPIOCGL2TPSTATS(r2, 0x80487436, &(0x7f0000005280)) 517.616095ms ago: executing program 0 (id=23760): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xffde}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000600)=@newtfilter={0x48, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xfff3, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x18, 0x2, [@TCA_CGROUP_EMATCHES={0x14, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x4}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xc}}, @TCA_EMATCH_TREE_LIST={0x4}]}]}}]}, 0x48}}, 0x20000084) 399.863016ms ago: executing program 1 (id=23761): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=@newlink={0x38, 0x10, 0x439, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, r2, 0x9801, 0x802}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gre={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @dev={0xac, 0x14, 0x14, 0x29}}]}}}]}, 0x38}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x48, 0x10, 0x439, 0x2, 0x0, {0x0, 0x0, 0x0, r2, 0x1040, 0x44100}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gre={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @local}, @IFLA_GRE_OFLAGS={0x6, 0x3, 0x81}]}}}, @IFLA_MTU={0x8, 0x4, 0x6}]}, 0x48}}, 0x4040000) 381.063262ms ago: executing program 6 (id=23762): syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x3c, 0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x40, 0x0, {0xfffd}}) r0 = syz_io_uring_setup(0x407, &(0x7f0000000100)={0x0, 0x59c4, 0x800, 0x1000, 0x5cc}, &(0x7f0000000300)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0x8) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, 0xffffffffffffffff, 0x0, r0}) io_uring_enter(r0, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5) 346.235034ms ago: executing program 1 (id=23763): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r3, r2, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000000000)=ANY=[], 0x0) 302.778811ms ago: executing program 0 (id=23764): pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000280)="0f17", 0x2) write(r3, &(0x7f0000000340)='d', 0x1) splice(r2, 0x0, r1, 0x0, 0x10000008ebc, 0x0) splice(r0, 0x0, r3, 0x0, 0x25a5, 0x0) 196.13395ms ago: executing program 1 (id=23765): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000002240)) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x200000000) r1 = dup2(r0, r0) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000040)=0x1) read$snddsp(r1, &(0x7f0000000100)=""/127, 0x7f) 152.327397ms ago: executing program 6 (id=23766): r0 = syz_usb_connect(0x2, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000000)={0x1c, &(0x7f0000000080)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) 124.398864ms ago: executing program 1 (id=23767): mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000c, 0x204031, 0xffffffffffffffff, 0xffffd000) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) mremap(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x3000, 0x7, &(0x7f0000ffd000/0x3000)=nil) mprotect(&(0x7f0000039000/0x2000)=nil, 0x2000, 0x0) syz_clone(0x100100, 0x0, 0x0, 0x0, 0x0, 0x0) mprotect(&(0x7f0000012000/0x3000)=nil, 0x3000, 0xb) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) 106.129355ms ago: executing program 0 (id=23768): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/\x00et/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44\x8cm\xa0\x8dN\xd4\xa2\x88\x00\xd1l,'}, 0xfffffffffffffdf8) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90) getdents(r1, &(0x7f0000000040)=""/40, 0x28) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) getdents64(r1, &(0x7f0000000f80)=""/4096, 0x1000) 0s ago: executing program 1 (id=23769): r0 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00') fchdir(r0) r1 = syz_clone(0x800000, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000010c0)='.\x00', &(0x7f0000000000)='proc\x00', 0x80, 0x0) setresgid(0xee00, 0xee01, 0x0) r2 = syz_open_procfs(r1, &(0x7f0000000400)='ns\x00') readlinkat(r2, &(0x7f0000000100)='./mnt\x00', &(0x7f00000002c0)=""/163, 0xa3) kernel console output (not intermixed with test programs): =14050 comm="syz.3.19419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f30f049b829 code=0x7ffc0000 [ 1096.492559][ T37] audit: type=1326 audit(2000001338.644:2323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14050 comm="syz.3.19419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f30f04f65e7 code=0x7ffc0000 [ 1097.326448][T14082] netlink: 9286 bytes leftover after parsing attributes in process `syz.4.19431'. [ 1097.643119][T14036] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1097.721471][T14036] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1098.244488][T14036] veth1_vlan: left allmulticast mode [ 1098.441730][T14036] veth0_macvtap: left allmulticast mode [ 1099.293718][T14055] pim6reg1: tun_chr_ioctl cmd 1074025677 [ 1099.293971][T14055] pim6reg1: linktype set to 270 [ 1099.309439][ T6136] syz1: Port: 1 Link DOWN [ 1099.404743][T14168] netlink: 8 bytes leftover after parsing attributes in process `syz.3.19474'. [ 1099.425016][T11063] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1099.663417][T11063] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1099.665666][T11063] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1099.665695][T11063] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1099.672758][T14166] can0: slcan on ptm0. [ 1099.811322][ T6040] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 1099.918067][T14165] can0 (unregistered): slcan off ptm0. [ 1099.976542][ T6040] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 1099.976569][ T6040] usb 4-1: config 0 has no interface number 0 [ 1099.979592][ T6040] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 1099.979628][ T6040] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1099.979647][ T6040] usb 4-1: Product: syz [ 1099.979661][ T6040] usb 4-1: Manufacturer: syz [ 1099.979674][ T6040] usb 4-1: SerialNumber: syz [ 1100.007149][ T6040] usb 4-1: config 0 descriptor?? [ 1100.234549][ T6040] usb 4-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 1100.247278][ T6040] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 1100.258563][ T6040] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 1100.258618][ T6040] usb 4-1: media controller created [ 1100.308896][ T6040] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1100.449916][ T6040] i2c i2c-3: ec100: i2c rd failed=-71 reg=33 [ 1100.701837][T14233] netlink: 12 bytes leftover after parsing attributes in process `syz.4.19505'. [ 1100.701864][T14233] netlink: 28 bytes leftover after parsing attributes in process `syz.4.19505'. [ 1100.701882][T14233] netlink: 12 bytes leftover after parsing attributes in process `syz.4.19505'. [ 1100.702071][T14233] netlink: 28 bytes leftover after parsing attributes in process `syz.4.19505'. [ 1100.702089][T14233] netlink: 'syz.4.19505': attribute type 6 has an invalid length. [ 1100.817155][ T6040] usb 4-1: USB disconnect, device number 40 [ 1101.355095][T14261] netlink: 277 bytes leftover after parsing attributes in process `syz.4.19519'. [ 1101.504034][T14269] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 1102.667667][T14328] netlink: 56 bytes leftover after parsing attributes in process `syz.0.19549'. [ 1103.091268][ T6136] usb 6-1: new high-speed USB device number 64 using dummy_hcd [ 1103.206316][T14358] program syz.4.19565 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1103.253719][ T6136] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1103.253748][ T6136] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1103.258435][ T6136] usb 6-1: config 0 descriptor?? [ 1103.286876][ T6136] cp210x 6-1:0.0: cp210x converter detected [ 1103.707123][ T6136] cp210x 6-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 1103.740629][ T6136] usb 6-1: cp210x converter now attached to ttyUSB0 [ 1103.940237][ T6136] usb 6-1: USB disconnect, device number 64 [ 1103.946534][ T6040] usb 5-1: new full-speed USB device number 46 using dummy_hcd [ 1103.958036][ T6136] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1104.085804][ T6136] cp210x 6-1:0.0: device disconnected [ 1104.109186][ T6040] usb 5-1: not running at top speed; connect to a high speed hub [ 1104.115226][ T6040] usb 5-1: config 2 has an invalid interface number: 229 but max is 0 [ 1104.115250][ T6040] usb 5-1: config 2 has no interface number 0 [ 1104.120309][ T6040] usb 5-1: config 2 interface 229 has no altsetting 0 [ 1104.161487][ T6040] usb 5-1: New USB device found, idVendor=07c0, idProduct=1500, bcdDevice=b8.6e [ 1104.161516][ T6040] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1104.161530][ T6040] usb 5-1: Product: syz [ 1104.161540][ T6040] usb 5-1: Manufacturer: syz [ 1104.161549][ T6040] usb 5-1: SerialNumber: syz [ 1104.393162][ T6040] iowarrior 5-1:2.229: no interrupt-in endpoint found [ 1104.435844][ T6040] usb 5-1: USB disconnect, device number 46 [ 1104.850140][T14411] PKCS7: Unknown OID: [5] 0.1 [ 1104.850160][T14411] PKCS7: Only support pkcs7_signedData type [ 1105.196066][T14429] netlink: 4 bytes leftover after parsing attributes in process `syz.3.19599'. [ 1105.282826][T27057] usb 6-1: new high-speed USB device number 65 using dummy_hcd [ 1105.433995][T14441] smb3: Unknown parameter 'nocasi' [ 1105.434020][T14441] CIFS mount error: No usable UNC path provided in device string! [ 1105.434020][T14441] [ 1105.434034][T14441] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 1105.443193][T27057] usb 6-1: Using ep0 maxpacket: 32 [ 1105.451348][T27057] usb 6-1: config 0 has an invalid interface number: 126 but max is 0 [ 1105.451414][T27057] usb 6-1: config 0 has no interface number 0 [ 1105.451523][T27057] usb 6-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023 [ 1105.451583][T27057] usb 6-1: config 0 interface 126 altsetting 16 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1105.451640][T27057] usb 6-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 0 [ 1105.451704][T27057] usb 6-1: config 0 interface 126 has no altsetting 0 [ 1105.474868][T27057] usb 6-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c [ 1105.474932][T27057] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1105.474966][T27057] usb 6-1: Product: syz [ 1105.474980][T27057] usb 6-1: Manufacturer: syz [ 1105.474993][T27057] usb 6-1: SerialNumber: syz [ 1105.549864][T27057] usb 6-1: config 0 descriptor?? [ 1105.561815][T14419] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1105.703982][T14452] program syz.4.19609 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1106.004686][T27057] ir_usb 6-1:0.126: IR Dongle converter detected [ 1106.215310][T27057] usb 6-1: IRDA class descriptor not found, device not bound [ 1106.435390][T27057] usb 6-1: USB disconnect, device number 65 [ 1107.409541][T14531] ipvlan0: entered promiscuous mode [ 1107.420180][T14531] 8021q: adding VLAN 0 to HW filter on device ipvlan0 [ 1107.882695][T14561] netlink: 56 bytes leftover after parsing attributes in process `syz.5.19660'. [ 1108.572286][T14598] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.19679'. [ 1109.077986][T14062] usb 1-1: new high-speed USB device number 112 using dummy_hcd [ 1109.085460][T14623] netlink: 12 bytes leftover after parsing attributes in process `syz.4.19691'. [ 1109.238543][T14062] usb 1-1: Using ep0 maxpacket: 16 [ 1109.240603][T14062] usb 1-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 1109.240658][T14062] usb 1-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1109.240686][T14062] usb 1-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1109.240707][T14062] usb 1-1: config 7 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1109.240746][T14062] usb 1-1: config 7 interface 0 has no altsetting 0 [ 1109.240776][T14062] usb 1-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 1109.240798][T14062] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1109.792833][T14062] hid (null): bogus close delimiter [ 1109.792880][T14062] hid (null): invalid report_size 56087 [ 1109.890474][T14062] input: HID 0458:5010 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:7.0/0003:0458:5010.002D/input/input85 [ 1109.992841][ T6047] kernel write not supported for file /snd/seq (pid: 6047 comm: kworker/1:5) [ 1110.082910][T14062] kye 0003:0458:5010.002D: input,hiddev0,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.0-1/input0 [ 1110.124700][T14062] usb 1-1: USB disconnect, device number 112 [ 1110.229138][T14655] fido_id[14655]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 1111.159783][T14062] kernel write not supported for file /audio (pid: 14062 comm: kworker/1:1) [ 1114.409823][T14866] input: syz0 as /devices/virtual/input/input86 [ 1114.731054][T14880] delete_channel: no stack [ 1115.877240][T27057] usb 1-1: new high-speed USB device number 113 using dummy_hcd [ 1116.048334][T27057] usb 1-1: Using ep0 maxpacket: 32 [ 1116.050627][T27057] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 1116.054111][T27057] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 1116.054136][T27057] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 1116.054156][T27057] usb 1-1: Product: syz [ 1116.054170][T27057] usb 1-1: Manufacturer: syz [ 1116.054184][T27057] usb 1-1: SerialNumber: syz [ 1116.064773][T27057] usb 1-1: config 0 descriptor?? [ 1116.069394][T14931] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1116.303867][T27057] usb 1-1: USB disconnect, device number 113 [ 1117.396484][T15024] netlink: 12 bytes leftover after parsing attributes in process `syz.0.19876'. [ 1117.396607][T15024] netlink: 12 bytes leftover after parsing attributes in process `syz.0.19876'. [ 1118.618325][T15076] macvlan3: entered allmulticast mode [ 1118.618347][T15076] veth1_vlan: entered allmulticast mode [ 1118.644478][T15076] veth1_vlan: left allmulticast mode [ 1119.272184][T15101] veth1_to_bond: entered allmulticast mode [ 1119.272429][T15098] veth1_to_bond: left allmulticast mode [ 1120.141223][T15149] netlink: 8 bytes leftover after parsing attributes in process `syz.0.19936'. [ 1120.426638][T15164] netlink: 264 bytes leftover after parsing attributes in process `syz.4.19943'. [ 1120.594469][T15174] netlink: 'syz.5.19948': attribute type 9 has an invalid length. [ 1120.665558][T15177] bond0: option all_slaves_active: invalid value (8) [ 1121.906783][T27057] usb 6-1: new high-speed USB device number 66 using dummy_hcd [ 1122.067153][T27057] usb 6-1: Using ep0 maxpacket: 8 [ 1122.073891][T27057] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x2 has invalid maxpacket 198, setting to 64 [ 1122.073923][T27057] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1122.076343][T27057] usb 6-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e [ 1122.076370][T27057] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1122.076389][T27057] usb 6-1: Product: syz [ 1122.076404][T27057] usb 6-1: Manufacturer: syz [ 1122.076417][T27057] usb 6-1: SerialNumber: syz [ 1122.088964][T27057] usb 6-1: config 0 descriptor?? [ 1122.141020][T27057] snd_usb_toneport 6-1:0.0: Line 6 TonePort UX2 found [ 1122.341193][T27057] snd_usb_toneport 6-1:0.0: Line 6 TonePort UX2 now disconnected [ 1122.344001][T27057] snd_usb_toneport 6-1:0.0: probe with driver snd_usb_toneport failed with error -22 [ 1122.464036][T15254] netlink: 20 bytes leftover after parsing attributes in process `syz.3.19986'. [ 1122.464057][T15254] netlink: 20 bytes leftover after parsing attributes in process `syz.3.19986'. [ 1122.548768][ T6136] usb 6-1: USB disconnect, device number 66 [ 1122.705184][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 1122.705248][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 1122.925299][T15282] netlink: 24 bytes leftover after parsing attributes in process `syz.4.19999'. [ 1123.029307][ T6047] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 1123.211274][ T6047] usb 4-1: Using ep0 maxpacket: 32 [ 1123.213410][ T6047] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1123.213436][ T6047] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1123.231636][ T6047] usb 4-1: config 0 descriptor?? [ 1123.476235][ T6047] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 1123.506529][ T6047] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1123.519949][ T6047] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 1123.520031][ T6047] usb 4-1: media controller created [ 1123.597363][ T6047] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1123.714134][ T6047] az6027: usb out operation failed. (-71) [ 1123.714537][ T6047] az6027: usb out operation failed. (-71) [ 1123.714549][ T6047] stb0899_attach: Driver disabled by Kconfig [ 1123.714559][ T6047] az6027: no front-end attached [ 1123.714559][ T6047] [ 1123.714912][ T6047] az6027: usb out operation failed. (-71) [ 1123.714924][ T6047] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 1123.806399][ T6047] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input87 [ 1123.837685][ T6047] dvb-usb: schedule remote query interval to 400 msecs. [ 1123.837709][ T6047] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 1123.867783][ T6047] usb 4-1: USB disconnect, device number 41 [ 1124.133174][ T6047] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 1124.615324][T15359] netlink: 8 bytes leftover after parsing attributes in process `syz.3.20036'. [ 1124.669203][T15362] netlink: 'syz.0.20038': attribute type 1 has an invalid length. [ 1125.049899][ T6136] usb 1-1: new high-speed USB device number 114 using dummy_hcd [ 1125.093119][T15384] netlink: 40 bytes leftover after parsing attributes in process `syz.4.20050'. [ 1125.093231][T15384] netlink: 3 bytes leftover after parsing attributes in process `syz.4.20050'. [ 1125.210111][ T6136] usb 1-1: Using ep0 maxpacket: 8 [ 1125.213447][ T6136] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 1125.213478][ T6136] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 1125.213499][ T6136] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1125.213520][ T6136] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1125.213559][ T6136] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1125.213580][ T6136] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1125.446065][ T6136] usb 1-1: GET_CAPABILITIES returned 0 [ 1125.446110][ T6136] usbtmc 1-1:16.0: can't read capabilities [ 1125.684736][ T6136] usb 1-1: USB disconnect, device number 114 [ 1127.032196][T15472] netlink: 48 bytes leftover after parsing attributes in process `syz.5.20091'. [ 1127.572693][ T37] kauditd_printk_skb: 21 callbacks suppressed [ 1127.572711][ T37] audit: type=1326 audit(2000001367.847:2345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15502 comm="syz.3.20107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30f04ff749 code=0x7ffc0000 [ 1127.574729][ T37] audit: type=1326 audit(2000001367.856:2346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15502 comm="syz.3.20107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30f04ff749 code=0x7ffc0000 [ 1127.575369][ T37] audit: type=1326 audit(2000001367.856:2347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15502 comm="syz.3.20107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30f04ff749 code=0x7ffc0000 [ 1127.576737][ T37] audit: type=1326 audit(2000001367.856:2348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15502 comm="syz.3.20107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f30f04ff749 code=0x7ffc0000 [ 1127.576785][ T37] audit: type=1326 audit(2000001367.856:2349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15502 comm="syz.3.20107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30f04ff749 code=0x7ffc0000 [ 1127.576829][ T37] audit: type=1326 audit(2000001367.856:2350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15502 comm="syz.3.20107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30f04ff749 code=0x7ffc0000 [ 1127.576882][ T37] audit: type=1326 audit(2000001367.856:2351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15502 comm="syz.3.20107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30f04ff749 code=0x7ffc0000 [ 1127.577843][ T37] audit: type=1326 audit(2000001367.856:2352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15502 comm="syz.3.20107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30f04ff749 code=0x7ffc0000 [ 1127.578425][ T37] audit: type=1326 audit(2000001367.856:2353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15502 comm="syz.3.20107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30f04ff749 code=0x7ffc0000 [ 1127.578489][ T37] audit: type=1326 audit(2000001367.856:2354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15502 comm="syz.3.20107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f30f04fdf90 code=0x7ffc0000 [ 1128.977294][T15548] syzkaller1: entered promiscuous mode [ 1128.977320][T15548] syzkaller1: entered allmulticast mode [ 1129.382272][T15587] netlink: 4 bytes leftover after parsing attributes in process `syz.0.20144'. [ 1129.383448][T15587] netlink: 4 bytes leftover after parsing attributes in process `syz.0.20144'. [ 1130.069127][T15618] netlink: 8 bytes leftover after parsing attributes in process `syz.4.20159'. [ 1130.543532][T15640] netlink: 24 bytes leftover after parsing attributes in process `syz.3.20170'. [ 1130.737303][ T6416] usb 6-1: new full-speed USB device number 67 using dummy_hcd [ 1130.900964][ T6416] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1130.901025][ T6416] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1130.901064][ T6416] usb 6-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 1130.901089][ T6416] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1130.965428][ T6416] usb 6-1: config 0 descriptor?? [ 1131.414783][ T6416] isku 0003:1E7D:319C.002E: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.5-1/input0 [ 1131.638132][T14062] usb 6-1: USB disconnect, device number 67 [ 1133.003590][T14062] usb 6-1: new high-speed USB device number 68 using dummy_hcd [ 1133.046358][ T37] kauditd_printk_skb: 124 callbacks suppressed [ 1133.046375][ T37] audit: type=1326 audit(2000001372.964:2479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15768 comm="syz.4.20233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2fb27f749 code=0x7ffc0000 [ 1133.060839][ T37] audit: type=1326 audit(2000001372.973:2480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15768 comm="syz.4.20233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2fb27f749 code=0x7ffc0000 [ 1133.060979][ T37] audit: type=1326 audit(2000001372.982:2481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15768 comm="syz.4.20233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fa2fb27f749 code=0x7ffc0000 [ 1133.073063][ T37] audit: type=1326 audit(2000001372.992:2482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15768 comm="syz.4.20233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2fb27f749 code=0x7ffc0000 [ 1133.077140][ T37] audit: type=1326 audit(2000001372.992:2483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15768 comm="syz.4.20233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7fa2fb27f749 code=0x7ffc0000 [ 1133.177318][T14062] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1133.177351][T14062] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 1133.177378][T14062] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1133.177401][T14062] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 1133.177442][T14062] usb 6-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 1133.177469][T14062] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1133.183935][T15772] netlink: 12 bytes leftover after parsing attributes in process `syz.0.20232'. [ 1133.201768][T14062] usb 6-1: config 0 descriptor?? [ 1133.300658][ T37] audit: type=1326 audit(2000001373.207:2484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15768 comm="syz.4.20233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7fa2fb27f749 code=0x7ffc0000 [ 1133.301211][ T37] audit: type=1326 audit(2000001373.207:2485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15768 comm="syz.4.20233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2fb27f749 code=0x7ffc0000 [ 1133.301632][ T37] audit: type=1326 audit(2000001373.207:2486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15768 comm="syz.4.20233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2fb27f749 code=0x7ffc0000 [ 1133.463418][T14062] hdpvr 6-1:0.0: firmware version 0x0 dated [ 1133.463452][T14062] hdpvr 6-1:0.0: untested firmware, the driver might not work. [ 1133.605519][T15786] input: syz1 as /devices/virtual/input/input88 [ 1133.950847][T14062] hdpvr 6-1:0.0: Could not setup controls [ 1133.951508][T14062] hdpvr 6-1:0.0: registering videodev failed [ 1133.993201][T14062] hdpvr 6-1:0.0: probe with driver hdpvr failed with error -71 [ 1134.043033][T14062] usb 6-1: USB disconnect, device number 68 [ 1134.821094][ T6047] usb 1-1: new high-speed USB device number 115 using dummy_hcd [ 1134.934523][T15839] loop7: detected capacity change from 0 to 7 [ 1134.951575][ C0] blk_print_req_error: 10 callbacks suppressed [ 1134.951593][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1134.951621][ C0] buffer_io_error: 10 callbacks suppressed [ 1134.951633][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1134.951878][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1134.951906][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1134.952076][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1134.952103][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1134.954049][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1134.954080][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1134.954499][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1134.954526][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1134.954714][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1134.954741][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1134.954906][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1134.954933][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1134.954978][T15839] ldm_validate_partition_table(): Disk read failed. [ 1134.955134][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1134.955158][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1134.957454][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1134.957487][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1134.973130][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1134.973213][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 1134.974063][T15839] Dev loop7: unable to read RDB block 0 [ 1134.985218][ T6047] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1134.985296][ T6047] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1134.985386][ T6047] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1134.985433][ T6047] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1134.998624][T15839] loop7: unable to read partition table [ 1134.999008][T15839] loop7: partition table beyond EOD, truncated [ 1134.999122][T15839] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 1135.054997][T14062] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 1135.077459][ T6047] usb 1-1: config 0 descriptor?? [ 1135.247471][T14062] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1135.247504][T14062] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1135.247743][T14062] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1135.247784][T14062] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1135.247808][T14062] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1135.331950][T14062] usb 4-1: config 0 descriptor?? [ 1135.369229][T14062] hub 4-1:0.0: USB hub found [ 1135.554610][T14062] hub 4-1:0.0: 14 ports detected [ 1135.555474][T14062] hub 4-1:0.0: insufficient power available to use all downstream ports [ 1135.577719][T14062] hub 4-1:0.0: hub_hub_status failed (err = -71) [ 1135.577743][T14062] hub 4-1:0.0: config failed, can't get hub status (err -71) [ 1135.659283][T14062] usb 4-1: USB disconnect, device number 42 [ 1135.767664][ T6047] cp2112 0003:10C4:EA90.002F: unknown main item tag 0x0 [ 1135.767701][ T6047] cp2112 0003:10C4:EA90.002F: unknown main item tag 0x0 [ 1135.767728][ T6047] cp2112 0003:10C4:EA90.002F: unknown main item tag 0x0 [ 1135.767752][ T6047] cp2112 0003:10C4:EA90.002F: unknown main item tag 0x0 [ 1135.767778][ T6047] cp2112 0003:10C4:EA90.002F: unknown main item tag 0x0 [ 1135.767803][ T6047] cp2112 0003:10C4:EA90.002F: unknown main item tag 0x0 [ 1135.767828][ T6047] cp2112 0003:10C4:EA90.002F: unknown main item tag 0x0 [ 1135.784823][ T6047] cp2112 0003:10C4:EA90.002F: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.0-1/input0 [ 1135.900911][ T6416] usb 6-1: new high-speed USB device number 69 using dummy_hcd [ 1135.980814][ T6047] cp2112 0003:10C4:EA90.002F: Part Number: 0x82 Device Version: 0xFE [ 1136.070056][ T6416] usb 6-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 1136.070088][ T6416] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1136.070119][ T6416] usb 6-1: Product: syz [ 1136.070133][ T6416] usb 6-1: Manufacturer: syz [ 1136.070147][ T6416] usb 6-1: SerialNumber: syz [ 1136.108053][ T6416] usb 6-1: config 0 descriptor?? [ 1136.195902][ T6047] cp2112 0003:10C4:EA90.002F: error requesting SMBus config [ 1136.221456][ T6047] cp2112 0003:10C4:EA90.002F: probe with driver cp2112 failed with error -71 [ 1136.262723][ T6047] usb 1-1: USB disconnect, device number 115 [ 1136.350144][ T6416] hso 6-1:0.0: Failed to find BULK IN ep [ 1136.368960][ T6416] usb-storage 6-1:0.0: USB Mass Storage device detected [ 1136.565421][ T6047] usb 6-1: USB disconnect, device number 69 [ 1137.044877][T15910] netlink: 24 bytes leftover after parsing attributes in process `syz.0.20295'. [ 1137.717150][T15942] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 1137.803668][ T6047] usb 1-1: new full-speed USB device number 116 using dummy_hcd [ 1137.939253][ T37] audit: type=1326 audit(2000001377.538:2487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15953 comm="syz.3.20316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30f04ff749 code=0x7ffc0000 [ 1137.939309][ T37] audit: type=1326 audit(2000001377.538:2488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15953 comm="syz.3.20316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f30f04ff749 code=0x7ffc0000 [ 1137.987928][ T6047] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1137.987955][ T6047] usb 1-1: config 1 has no interface number 0 [ 1137.988003][ T6047] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1137.988028][ T6047] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 1137.988053][ T6047] usb 1-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 1137.988087][ T6047] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 1137.988112][ T6047] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1137.992076][ T6047] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1137.992102][ T6047] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1137.992122][ T6047] usb 1-1: Product: syz [ 1137.992136][ T6047] usb 1-1: Manufacturer: syz [ 1137.992150][ T6047] usb 1-1: SerialNumber: syz [ 1138.031566][T15934] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1138.259113][T15934] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1138.474505][T15934] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1138.476871][T15975] vivid-000: disconnect [ 1138.495432][T15972] vivid-000: reconnect [ 1138.904521][T15934] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1138.910536][ T6047] cdc_ncm 1-1:1.1: bind() failure [ 1139.139069][ T6113] usb 1-1: USB disconnect, device number 116 [ 1139.418064][ T6047] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 1139.589351][ T6047] usb 4-1: Using ep0 maxpacket: 8 [ 1139.591549][ T6047] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1139.591601][ T6047] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 1139.591622][ T6047] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1139.596768][ T6047] usb 4-1: config 0 descriptor?? [ 1139.617973][ T6047] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 1140.581743][T16065] syz.0.20368 (16065) used obsolete PPPIOCDETACH ioctl [ 1140.687203][ T6047] gspca_vc032x: reg_r err -71 [ 1140.687278][ T6047] vc032x 4-1:0.0: probe with driver vc032x failed with error -71 [ 1140.705202][ T6047] usb 4-1: USB disconnect, device number 43 [ 1140.940448][T16073] netlink: 16 bytes leftover after parsing attributes in process `syz.4.20370'. [ 1141.771385][T16119] netlink: 20 bytes leftover after parsing attributes in process `syz.5.20395'. [ 1141.917492][T16127] overlayfs: invalid origin (000000790066696c6530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) [ 1142.347252][ T6136] usb 6-1: new high-speed USB device number 70 using dummy_hcd [ 1142.507536][ T6136] usb 6-1: Using ep0 maxpacket: 32 [ 1142.525083][ T6136] usb 6-1: config 0 has an invalid interface number: 67 but max is 0 [ 1142.525111][ T6136] usb 6-1: config 0 has no interface number 0 [ 1142.527690][ T6136] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 1142.527716][ T6136] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1142.527736][ T6136] usb 6-1: Product: syz [ 1142.527750][ T6136] usb 6-1: Manufacturer: syz [ 1142.527763][ T6136] usb 6-1: SerialNumber: syz [ 1142.587394][ T6136] usb 6-1: config 0 descriptor?? [ 1142.599120][ T6136] smsc95xx v2.0.0 [ 1142.999319][T14062] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 1143.182696][T14062] usb 4-1: Using ep0 maxpacket: 16 [ 1143.186306][T14062] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1143.186355][T14062] usb 4-1: config 0 interface 0 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1143.186380][T14062] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1143.186409][T14062] usb 4-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 1143.186431][T14062] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1143.191245][T14062] usb 4-1: config 0 descriptor?? [ 1143.268262][T14062] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 1143.465520][ T6136] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): EEPROM read operation timeout [ 1143.681425][ T6136] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 1143.681726][ T6136] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -71 [ 1143.719851][ T6136] usb 6-1: USB disconnect, device number 70 [ 1145.479516][ T6136] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 1145.580008][ T6416] hid-generic 0003:0004:0000.0030: unknown main item tag 0x0 [ 1145.580043][ T6416] hid-generic 0003:0004:0000.0030: unknown main item tag 0x0 [ 1145.580068][ T6416] hid-generic 0003:0004:0000.0030: unknown main item tag 0x0 [ 1145.580093][ T6416] hid-generic 0003:0004:0000.0030: unknown main item tag 0x0 [ 1145.580117][ T6416] hid-generic 0003:0004:0000.0030: unknown main item tag 0x0 [ 1145.580142][ T6416] hid-generic 0003:0004:0000.0030: unknown main item tag 0x0 [ 1145.580167][ T6416] hid-generic 0003:0004:0000.0030: unknown main item tag 0x0 [ 1145.580191][ T6416] hid-generic 0003:0004:0000.0030: unknown main item tag 0x0 [ 1145.580215][ T6416] hid-generic 0003:0004:0000.0030: unknown main item tag 0x0 [ 1145.580240][ T6416] hid-generic 0003:0004:0000.0030: unknown main item tag 0x0 [ 1145.671645][ T6136] usb 5-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1145.671685][ T6136] usb 5-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1145.671710][ T6136] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1145.671740][ T6136] usb 5-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 1145.693296][ T6136] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1145.725072][ T6136] usb 5-1: config 0 descriptor?? [ 1145.730632][ T6416] hid-generic 0003:0004:0000.0030: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 1145.945760][T16270] fido_id[16270]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1145.992353][T14062] usb 4-1: USB disconnect, device number 44 [ 1146.832613][T14062] usb 5-1: USB disconnect, device number 47 [ 1147.510863][T14062] usb 1-1: new high-speed USB device number 117 using dummy_hcd [ 1147.671272][T14062] usb 1-1: Using ep0 maxpacket: 16 [ 1147.686032][T14062] usb 1-1: config 0 has an invalid interface number: 28 but max is 0 [ 1147.686117][T14062] usb 1-1: config 0 has no interface number 0 [ 1147.686240][T14062] usb 1-1: config 0 interface 28 altsetting 8 endpoint 0xD has invalid maxpacket 512, setting to 64 [ 1147.686308][T14062] usb 1-1: config 0 interface 28 has no altsetting 0 [ 1147.697806][T14062] usb 1-1: Dual-Role OTG device on HNP port [ 1147.699089][T14062] usb 1-1: New USB device found, idVendor=12d1, idProduct=937e, bcdDevice=af.67 [ 1147.699161][T14062] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1147.699221][T14062] usb 1-1: Product: syz [ 1147.699262][T14062] usb 1-1: Manufacturer: syz [ 1147.699304][T14062] usb 1-1: SerialNumber: syz [ 1147.771785][T14062] usb 1-1: config 0 descriptor?? [ 1147.798552][T14062] hub 1-1:0.28: bad descriptor, ignoring hub [ 1147.798590][T14062] hub 1-1:0.28: probe with driver hub failed with error -5 [ 1147.823070][T14062] option 1-1:0.28: GSM modem (1-port) converter detected [ 1147.831076][T16347] netlink: 'syz.3.20504': attribute type 8 has an invalid length. [ 1148.131147][T14062] usb 1-1: USB disconnect, device number 117 [ 1148.134281][T14062] option 1-1:0.28: device disconnected [ 1150.042758][T16422] IPVS: persistence engine module ip_vs_pe_ not found [ 1150.439949][ T6843] usb 1-1: new high-speed USB device number 118 using dummy_hcd [ 1150.504114][ T6113] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 1150.634422][ T6843] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 1150.634455][ T6843] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 1150.634478][ T6843] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121 [ 1150.665672][ T6113] usb 5-1: Using ep0 maxpacket: 8 [ 1150.673648][ T6113] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 1150.673747][ T6113] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1150.673812][ T6113] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1150.673874][ T6113] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 1150.673945][ T6113] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 1150.674048][ T6113] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 1150.674109][ T6113] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1150.708093][ T6843] usb 1-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 1150.708122][ T6843] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1150.708143][ T6843] usb 1-1: Product: syz [ 1150.708157][ T6843] usb 1-1: Manufacturer: syz [ 1150.708173][ T6843] usb 1-1: SerialNumber: syz [ 1150.730927][ T6113] usb 5-1: config 0 descriptor?? [ 1150.736412][T16436] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 1150.834333][ T6843] usb 1-1: config 0 descriptor?? [ 1150.835089][T16434] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1150.835225][T16434] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1150.860018][ T6843] usb 1-1: ucan: probing device on interface #0 [ 1150.884831][T16441] loop2: detected capacity change from 0 to 7 [ 1150.902356][T16441] Dev loop2: unable to read RDB block 7 [ 1150.902399][T16441] loop2: unable to read partition table [ 1150.902607][T16441] loop2: partition table beyond EOD, truncated [ 1150.902627][T16441] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 1151.215145][T16448] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1151.242061][T16448] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1151.243879][T16448] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1151.246550][T16448] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1151.247534][T16448] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1151.280491][ T6843] usb 1-1: ucan: device reported invalid tx-fifo size [ 1151.280512][ T6843] usb 1-1: ucan: probe failed; try to update the device firmware [ 1151.328827][ T5994] Bluetooth: hci3: Opcode 0x0c03 failed: -71 [ 1151.332466][ T6136] usb 5-1: USB disconnect, device number 48 [ 1151.378170][T11386] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1151.378201][T11386] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 1151.652106][T16442] lo speed is unknown, defaulting to 1000 [ 1151.845301][T11386] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1151.845334][T11386] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 1152.135393][T11386] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1152.135427][T11386] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 1152.414667][T11386] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1152.414702][T11386] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 1153.449319][ T6113] usb 1-1: USB disconnect, device number 118 [ 1153.450340][T11386] gretap0: left promiscuous mode [ 1153.450622][T11386] bridge0: port 3(gretap0) entered disabled state [ 1153.559708][T11386] bridge_slave_1: left promiscuous mode [ 1153.560000][T11386] bridge0: port 2(bridge_slave_1) entered disabled state [ 1153.650007][T11386] bridge_slave_0: left promiscuous mode [ 1153.651546][T11386] bridge0: port 1(bridge_slave_0) entered disabled state [ 1153.671051][T11559] Bluetooth: hci2: command tx timeout [ 1154.759005][ T6136] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 1154.921506][ T6136] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1154.921533][ T6136] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1154.950022][ T6136] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1154.950050][ T6136] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1154.950069][ T6136] usb 5-1: SerialNumber: syz [ 1155.212462][ T6136] usb 5-1: 0:2 : does not exist [ 1155.224589][ T6136] usb 5-1: unit 1 not found! [ 1155.251399][ T6136] usb 5-1: USB disconnect, device number 49 [ 1155.321727][T13923] udevd[13923]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1155.906694][T11559] Bluetooth: hci2: command tx timeout [ 1157.272750][T11386] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1157.359034][T11386] bond0 (unregistering): (slave c@0): Releasing backup interface [ 1157.400753][T11386] bond0 (unregistering): Released all slaves [ 1157.425231][T11386] bond1 (unregistering): Released all slaves [ 1157.458145][T11386] bond2 (unregistering): Released all slaves [ 1157.817155][T11386] tipc: Left network mode [ 1158.005176][T16442] chnl_net:caif_netlink_parms(): no params data found [ 1158.009537][T11386] rxrpc: Call ffff888033a58000 still in use (1,Complete,1409,0)! [ 1158.115947][T11559] Bluetooth: hci2: command tx timeout [ 1158.759126][T16442] bridge0: port 1(bridge_slave_0) entered blocking state [ 1158.760974][T16442] bridge0: port 1(bridge_slave_0) entered disabled state [ 1158.761176][T16442] bridge_slave_0: entered allmulticast mode [ 1158.763576][T16442] bridge_slave_0: entered promiscuous mode [ 1158.780435][T16442] bridge0: port 2(bridge_slave_1) entered blocking state [ 1158.780752][T16442] bridge0: port 2(bridge_slave_1) entered disabled state [ 1158.781258][T16442] bridge_slave_1: entered allmulticast mode [ 1158.787262][T16442] bridge_slave_1: entered promiscuous mode [ 1159.126481][T16442] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1159.130522][T16442] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1159.289067][T16734] netlink: 'syz.0.20685': attribute type 3 has an invalid length. [ 1159.356681][T16734] netlink: 'syz.0.20685': attribute type 3 has an invalid length. [ 1159.507849][T16744] loop7: detected capacity change from 0 to 7 [ 1159.521667][ C0] blk_print_req_error: 10 callbacks suppressed [ 1159.521713][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1159.521784][ C0] buffer_io_error: 10 callbacks suppressed [ 1159.521817][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1159.549670][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1159.549769][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1159.551203][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1159.551276][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1159.551609][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1159.551672][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1159.570370][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1159.570400][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1159.570626][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1159.570657][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1159.571600][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1159.571678][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1159.571769][T16744] ldm_validate_partition_table(): Disk read failed. [ 1159.571975][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1159.572040][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1159.572255][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1159.572324][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1159.572494][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1159.572565][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1159.572783][T16744] Dev loop7: unable to read RDB block 0 [ 1159.724415][T16744] loop7: unable to read partition table [ 1159.725052][T16744] loop7: partition table beyond EOD, truncated [ 1159.725263][T16744] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 1159.752130][T16442] team0: Port device team_slave_0 added [ 1159.757366][T16442] team0: Port device team_slave_1 added [ 1159.827138][T16745] loop7: detected capacity change from 7 to 0 [ 1160.339694][ T5994] Bluetooth: hci2: command tx timeout [ 1160.574536][T16442] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1160.574554][T16442] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1160.574578][T16442] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1160.597151][T16784] netlink: 212892 bytes leftover after parsing attributes in process `syz.0.20707'. [ 1160.779018][T16442] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1160.779035][T16442] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1160.779064][T16442] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1161.353214][T16442] hsr_slave_0: entered promiscuous mode [ 1161.354569][T16442] hsr_slave_1: entered promiscuous mode [ 1161.364038][T16442] debugfs: 'hsr0' already exists in 'hsr' [ 1161.364121][T16442] Cannot create hsr debugfs directory [ 1161.723143][T16825] netlink: 'syz.5.20727': attribute type 1 has an invalid length. [ 1162.452705][T16856] loop5: detected capacity change from 0 to 7 [ 1162.455906][T16727] ldm_validate_partition_table(): Disk read failed. [ 1162.462267][T16727] Dev loop5: unable to read RDB block 0 [ 1162.464434][T16727] loop5: unable to read partition table [ 1162.465455][T16727] loop5: partition table beyond EOD, truncated [ 1162.517322][T16856] ldm_validate_partition_table(): Disk read failed. [ 1162.518385][T16856] Dev loop5: unable to read RDB block 0 [ 1162.519537][T16856] loop5: unable to read partition table [ 1162.519763][T16856] loop5: partition table beyond EOD, truncated [ 1162.520057][T16856] loop_reread_partitions: partition scan of loop5 (Cj̖P=ý?%`ր{֐ȵ4FLQk݊5) failed (rc=-5) [ 1162.577305][T16442] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1162.623753][T16442] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1162.709055][T16442] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1162.749037][T16442] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1163.011271][T16879] lo speed is unknown, defaulting to 1000 [ 1163.184172][T16442] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1163.224611][T16442] 8021q: adding VLAN 0 to HW filter on device team0 [ 1163.282549][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 1163.299520][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1163.346939][ T68] bridge0: port 2(bridge_slave_1) entered blocking state [ 1163.347076][ T68] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1163.398311][ T37] kauditd_printk_skb: 3 callbacks suppressed [ 1163.398325][ T37] audit: type=1326 audit(2000001401.353:2492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16896 comm="syz.5.20758" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0bbeb3f749 code=0x0 [ 1163.876871][T16442] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1164.662972][T16442] veth0_vlan: entered promiscuous mode [ 1164.683593][T16442] veth1_vlan: entered promiscuous mode [ 1165.005741][T16442] veth0_macvtap: entered promiscuous mode [ 1165.040210][T16442] veth1_macvtap: entered promiscuous mode [ 1165.157939][T16442] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1165.174665][T16442] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1165.238596][ T4535] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1165.240300][ T4535] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1165.240339][ T4535] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1165.240371][ T4535] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1165.505796][ T6136] kernel read not supported for file 4782/task/4783/auxv (pid: 6136 comm: kworker/0:7) [ 1166.131471][ T4535] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1166.131492][ T4535] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1166.443964][ T4535] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1166.443985][ T4535] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1168.880211][T17079] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 1169.061938][T17091] pimreg: entered allmulticast mode [ 1169.663976][T17109] block nbd4: shutting down sockets [ 1170.030064][T17136] netlink: 12 bytes leftover after parsing attributes in process `syz.4.20864'. [ 1170.117656][T17136] netlink: 12 bytes leftover after parsing attributes in process `syz.4.20864'. [ 1170.835747][ T6113] kernel write not supported for file bpf-prog (pid: 6113 comm: kworker/1:7) [ 1172.520816][T17242] netlink: 24 bytes leftover after parsing attributes in process `syz.4.20911'. [ 1173.223335][ T6136] usb 6-1: new high-speed USB device number 71 using dummy_hcd [ 1173.387673][ T6136] usb 6-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 1173.387703][ T6136] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1173.387723][ T6136] usb 6-1: Product: syz [ 1173.387737][ T6136] usb 6-1: Manufacturer: syz [ 1173.387752][ T6136] usb 6-1: SerialNumber: syz [ 1173.433276][ T6136] usb 6-1: config 0 descriptor?? [ 1173.832865][ T6040] usb 6-1: USB disconnect, device number 71 [ 1175.073461][T17314] ubi0: attaching mtd0 [ 1175.106573][T17314] ubi0: scanning is finished [ 1175.106591][T17314] ubi0: empty MTD device detected [ 1175.724674][T17314] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1175.724701][T17314] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1175.724718][T17314] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1175.724734][T17314] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1175.724751][T17314] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1175.724767][T17314] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1175.724784][T17314] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3179150245 [ 1175.724804][T17314] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1175.787525][T17337] ubi0: background thread "ubi_bgt0d" started, PID 17337 [ 1175.972006][T17318] ubi0: detaching mtd0 [ 1176.059732][T17318] ubi0: mtd0 is detached [ 1176.236965][T17350] ref_ctr_offset mismatch. inode: 0x3cf2 offset: 0x0 ref_ctr_offset(old): 0x72 ref_ctr_offset(new): 0x0 [ 1176.874795][T17335] lo speed is unknown, defaulting to 1000 [ 1177.573414][T17383] loop2: detected capacity change from 0 to 7 [ 1177.578554][T17383] Dev loop2: unable to read RDB block 7 [ 1177.578598][T17383] loop2: AHDI p1 p2 p3 [ 1177.578627][T17383] loop2: partition table partially beyond EOD, truncated [ 1177.579038][T17383] loop2: p1 start 1818582900 is beyond EOD, truncated [ 1177.579061][T17383] loop2: p3 start 335544320 is beyond EOD, truncated [ 1177.781140][T17392] netlink: 4 bytes leftover after parsing attributes in process `syz.0.20977'. [ 1177.785275][T17392] netlink: 32 bytes leftover after parsing attributes in process `syz.0.20977'. [ 1180.467009][ T6136] IPVS: starting estimator thread 0... [ 1180.576845][T17472] IPVS: using max 10 ests per chain, 24000 per kthread [ 1181.334730][T17497] netlink: 348 bytes leftover after parsing attributes in process `syz.6.21026'. [ 1181.787493][T17511] netlink: 16 bytes leftover after parsing attributes in process `syz.6.21033'. [ 1183.346368][T17592] netlink: 'syz.6.21069': attribute type 29 has an invalid length. [ 1183.348050][T17592] netlink: 'syz.6.21069': attribute type 29 has an invalid length. [ 1183.349010][T17592] netlink: 500 bytes leftover after parsing attributes in process `syz.6.21069'. [ 1185.319972][T17676] mkiss: ax0: crc mode is auto. [ 1185.362967][T17678] trusted_key: syz.0.21111 sent an empty control message without MSG_MORE. [ 1188.031109][T17800] loop8: detected capacity change from 0 to 8 [ 1188.035155][T17800] loop8: [POWERTEC] p1 p2 p3 p4 p5 p6 p7 p8 p9 p10 p11 p12 [ 1188.035283][T17800] loop8: p1 start 1701603686 is beyond EOD, truncated [ 1188.035303][T17800] loop8: p2 start 2381523385 is beyond EOD, truncated [ 1188.035319][T17800] loop8: p3 start 256934931 is beyond EOD, truncated [ 1188.035336][T17800] loop8: p4 start 4084151128 is beyond EOD, truncated [ 1188.035351][T17800] loop8: p5 size 2048 extends beyond EOD, truncated [ 1188.052298][T17800] loop8: p6 start 2736933807 is beyond EOD, truncated [ 1188.052366][T17800] loop8: p7 start 75287518 is beyond EOD, truncated [ 1188.052389][T17800] loop8: p8 start 2402041521 is beyond EOD, truncated [ 1188.052432][T17800] loop8: p9 start 3492405423 is beyond EOD, truncated [ 1188.052448][T17800] loop8: p10 start 515314764 is beyond EOD, truncated [ 1188.052464][T17800] loop8: p11 start 2942580191 is beyond EOD, truncated [ 1188.052480][T17800] loop8: p12 start 163001658 is beyond EOD, truncated [ 1188.282991][T17810] netlink: 96 bytes leftover after parsing attributes in process `syz.6.21169'. [ 1188.389555][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 1188.389645][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 1188.552523][ T6843] kernel write not supported for file bpf-prog (pid: 6843 comm: kworker/0:10) [ 1188.862348][T17835] batadv_slave_1: entered promiscuous mode [ 1188.862991][T17830] batadv_slave_1: left promiscuous mode [ 1189.615774][T17861] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1189.615791][T17861] IPv6: NLM_F_CREATE should be set when creating new route [ 1189.934466][T17869] bond4: option lacp_rate: mode dependency failed, not supported in mode active-backup(1) [ 1189.998223][T17869] bond4 (unregistering): Released all slaves [ 1190.980177][ T6416] usb 1-1: new high-speed USB device number 119 using dummy_hcd [ 1191.139811][ T6416] usb 1-1: Using ep0 maxpacket: 32 [ 1191.141872][ T6416] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1191.141900][ T6416] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1191.141935][ T6416] usb 1-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 1191.141957][ T6416] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1191.146764][ T6416] usb 1-1: config 0 descriptor?? [ 1191.412403][T17918] KVM: debugfs: duplicate directory 17918-4 [ 1191.604547][ T6416] hid_parser_main: 8 callbacks suppressed [ 1191.604569][ T6416] ft260 0003:0403:6030.0032: unknown main item tag 0x7 [ 1191.809766][ T6416] ft260 0003:0403:6030.0032: chip code: 0000 0000 [ 1192.025634][ T6416] ft260 0003:0403:6030.0032: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.0-1/input0 [ 1192.241584][ T6416] ft260 0003:0403:6030.0032: failed to retrieve status: -71, no wakeup [ 1192.247545][ T6416] ft260 0003:0403:6030.0032: failed to retrieve status: -71 [ 1192.249867][T17953] batadv_slave_1: entered promiscuous mode [ 1192.249869][ T6416] ft260 0003:0403:6030.0032: failed to reset I2C controller: -71 [ 1192.278911][T17952] batadv_slave_1: left promiscuous mode [ 1192.334886][ T6416] usb 1-1: USB disconnect, device number 119 [ 1192.520372][ T37] audit: type=1326 audit(2000001428.601:2493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17963 comm="syz.4.21239" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa2fb27f749 code=0x0 [ 1193.098980][T17983] input: syz1 as /devices/virtual/input/input91 [ 1193.707406][T13483] usb 1-1: new high-speed USB device number 120 using dummy_hcd [ 1193.855526][ T6040] usb 5-1: new high-speed USB device number 50 using dummy_hcd [ 1193.872797][T13483] usb 1-1: Using ep0 maxpacket: 16 [ 1193.881137][T13483] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1193.881166][T13483] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1193.881199][T13483] usb 1-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00 [ 1193.881221][T13483] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1193.886035][T13483] usb 1-1: config 0 descriptor?? [ 1194.019258][ T6040] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1194.019300][ T6040] usb 5-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75 [ 1194.019323][ T6040] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1194.029571][ T6040] usb 5-1: config 0 descriptor?? [ 1194.354878][T13483] input: HID 041e:3100 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:041E:3100.0033/input/input92 [ 1194.443553][T13483] creative-sb0540 0003:041E:3100.0033: input,hidraw0: USB HID v0.00 Device [HID 041e:3100] on usb-dummy_hcd.0-1/input0 [ 1194.575877][T13483] usb 1-1: USB disconnect, device number 120 [ 1195.159869][ T6040] video4linux radio48: keene_cmd_set failed (-71) [ 1195.159895][ T6040] radio-keene 5-1:0.0: V4L2 device registered as radio48 [ 1195.164212][ T6040] usb 5-1: USB disconnect, device number 50 [ 1195.475934][ T37] audit: type=1326 audit(2000001431.361:2494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18075 comm="syz.0.21291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5252f749 code=0x7ffc0000 [ 1195.476188][ T37] audit: type=1326 audit(2000001431.361:2495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18075 comm="syz.0.21291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5252f749 code=0x7ffc0000 [ 1195.492998][ T37] audit: type=1326 audit(2000001431.379:2496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18075 comm="syz.0.21291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5252f749 code=0x7ffc0000 [ 1195.493048][ T37] audit: type=1326 audit(2000001431.379:2497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18075 comm="syz.0.21291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f9e5252f749 code=0x7ffc0000 [ 1195.493090][ T37] audit: type=1326 audit(2000001431.379:2498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18075 comm="syz.0.21291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5252f749 code=0x7ffc0000 [ 1195.493130][ T37] audit: type=1326 audit(2000001431.379:2499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18075 comm="syz.0.21291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5252f749 code=0x7ffc0000 [ 1195.495597][ T37] audit: type=1326 audit(2000001431.379:2500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18075 comm="syz.0.21291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5252f749 code=0x7ffc0000 [ 1195.496560][ T37] audit: type=1326 audit(2000001431.379:2501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18075 comm="syz.0.21291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5252f749 code=0x7ffc0000 [ 1195.503032][ T37] audit: type=1326 audit(2000001431.379:2502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18075 comm="syz.0.21291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f9e5252f749 code=0x7ffc0000 [ 1196.454025][T18107] netlink: 4 bytes leftover after parsing attributes in process `syz.6.21299'. [ 1197.618353][ T6040] usb 6-1: new high-speed USB device number 72 using dummy_hcd [ 1197.800759][ T6040] usb 6-1: Using ep0 maxpacket: 32 [ 1197.803441][ T6040] usb 6-1: config 0 has an invalid interface number: 51 but max is 0 [ 1197.803467][ T6040] usb 6-1: config 0 has no interface number 0 [ 1197.805982][ T6040] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1197.806010][ T6040] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1197.806030][ T6040] usb 6-1: Product: syz [ 1197.806046][ T6040] usb 6-1: Manufacturer: syz [ 1197.806059][ T6040] usb 6-1: SerialNumber: syz [ 1197.814120][ T6040] usb 6-1: config 0 descriptor?? [ 1197.900499][ T6040] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1198.149675][ T6040] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 1198.175359][ T6040] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1198.346628][T18192] could not open pipe file descriptor [ 1198.568239][ C1] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1198.575957][ T6040] usb 6-1: USB disconnect, device number 72 [ 1198.610672][ T6040] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 1198.634944][ T6040] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1198.635621][ T6040] quatech2 6-1:0.51: device disconnected [ 1198.693671][T18205] vcan0: tx drop: invalid sa for name 0x0000000000000006 [ 1199.501899][T18249] pim6reg1: entered promiscuous mode [ 1199.501927][T18249] pim6reg1: entered allmulticast mode [ 1202.311168][ T6047] usb 5-1: new high-speed USB device number 51 using dummy_hcd [ 1202.473579][ T6047] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 1202.473610][ T6047] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1202.479772][ T6047] usb 5-1: config 0 descriptor?? [ 1202.500944][ T6047] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 1202.573102][T18396] netlink: 1008 bytes leftover after parsing attributes in process `syz.0.21438'. [ 1202.573717][T18396] netlink: 1008 bytes leftover after parsing attributes in process `syz.0.21438'. [ 1203.360711][ T6047] gspca_stv06xx: I2C: Read error writing address: -71 [ 1203.369679][ T6047] usb 5-1: USB disconnect, device number 51 [ 1204.438187][ T6047] usb 5-1: new high-speed USB device number 52 using dummy_hcd [ 1204.612806][ T6047] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1204.612839][ T6047] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1204.612863][ T6047] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1204.612946][ T6047] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1204.612970][ T6047] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1204.638673][ T6047] usb 5-1: config 0 descriptor?? [ 1205.093797][ T6047] plantronics 0003:047F:FFFF.0034: unknown main item tag 0x0 [ 1205.093831][ T6047] plantronics 0003:047F:FFFF.0034: unknown main item tag 0x0 [ 1205.093856][ T6047] plantronics 0003:047F:FFFF.0034: unknown main item tag 0x0 [ 1205.093880][ T6047] plantronics 0003:047F:FFFF.0034: unknown main item tag 0x0 [ 1205.093903][ T6047] plantronics 0003:047F:FFFF.0034: unknown main item tag 0x0 [ 1205.093927][ T6047] plantronics 0003:047F:FFFF.0034: unknown main item tag 0x0 [ 1205.093950][ T6047] plantronics 0003:047F:FFFF.0034: unknown main item tag 0x0 [ 1205.093972][ T6047] plantronics 0003:047F:FFFF.0034: unknown main item tag 0x0 [ 1205.093996][ T6047] plantronics 0003:047F:FFFF.0034: unknown main item tag 0x0 [ 1205.094021][ T6047] plantronics 0003:047F:FFFF.0034: unknown main item tag 0x0 [ 1205.109996][ T6047] plantronics 0003:047F:FFFF.0034: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 1205.403233][ T6047] usb 5-1: USB disconnect, device number 52 [ 1205.527378][T18517] netlink: 8 bytes leftover after parsing attributes in process `syz.6.21496'. [ 1205.527409][T18517] netlink: 12 bytes leftover after parsing attributes in process `syz.6.21496'. [ 1205.553511][T18518] loop9: detected capacity change from 0 to 7 [ 1205.572930][T18518] Dev loop9: unable to read RDB block 7 [ 1205.572975][T18518] loop9: unable to read partition table [ 1205.573202][T18518] loop9: partition table beyond EOD, truncated [ 1205.573221][T18518] loop_reread_partitions: partition scan of loop9 (被x ) failed (rc=-5) [ 1208.123168][ T6136] kernel read not supported for file /input/event2 (pid: 6136 comm: kworker/0:7) [ 1208.493627][T18669] netlink: 96 bytes leftover after parsing attributes in process `syz.0.21563'. [ 1208.855766][T18686] netlink: 260 bytes leftover after parsing attributes in process `syz.5.21571'. [ 1210.008160][T18735] Process accounting resumed [ 1210.184429][ T37] kauditd_printk_skb: 13 callbacks suppressed [ 1210.184447][ T37] audit: type=1326 audit(2000001445.120:2516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18740 comm="syz.0.21598" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9e5252f749 code=0x0 [ 1211.315317][T18799] overlayfs: invalid origin (0000) [ 1211.922715][T18825] netlink: 8 bytes leftover after parsing attributes in process `syz.0.21637'. [ 1211.922745][T18825] netlink: 12 bytes leftover after parsing attributes in process `syz.0.21637'. [ 1212.468597][T18851] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.21649'. [ 1212.883870][T13483] usb 6-1: new high-speed USB device number 73 using dummy_hcd [ 1213.044235][T13483] usb 6-1: Using ep0 maxpacket: 16 [ 1213.046349][T13483] usb 6-1: config index 0 descriptor too short (expected 16456, got 72) [ 1213.046374][T13483] usb 6-1: config 0 has an invalid interface number: 125 but max is 1 [ 1213.046394][T13483] usb 6-1: config 0 has an invalid interface number: 125 but max is 1 [ 1213.046412][T13483] usb 6-1: config 0 has an invalid interface number: 125 but max is 1 [ 1213.046431][T13483] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1213.047288][T13483] usb 6-1: config 0 has no interface number 0 [ 1213.047347][T13483] usb 6-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 1213.047374][T13483] usb 6-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 1213.047395][T13483] usb 6-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1213.047435][T13483] usb 6-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1213.047461][T13483] usb 6-1: config 0 interface 125 has no altsetting 0 [ 1213.047479][T13483] usb 6-1: config 0 interface 125 has no altsetting 2 [ 1213.053506][T13483] usb 6-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 1213.053542][T13483] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1213.053562][T13483] usb 6-1: Product: syz [ 1213.053576][T13483] usb 6-1: Manufacturer: syz [ 1213.053591][T13483] usb 6-1: SerialNumber: syz [ 1213.200663][T13483] usb 6-1: config 0 descriptor?? [ 1213.211784][T13483] usb 6-1: selecting invalid altsetting 2 [ 1214.315753][T13483] usb 6-1: USB disconnect, device number 73 [ 1214.979373][T13483] usb 5-1: new high-speed USB device number 53 using dummy_hcd [ 1215.139512][T13483] usb 5-1: Using ep0 maxpacket: 32 [ 1215.141717][T13483] usb 5-1: config 0 has an invalid interface number: 132 but max is 0 [ 1215.141742][T13483] usb 5-1: config 0 has no interface number 0 [ 1215.141785][T13483] usb 5-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1215.147926][T13483] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 1215.147954][T13483] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1215.147974][T13483] usb 5-1: Product: syz [ 1215.147988][T13483] usb 5-1: Manufacturer: syz [ 1215.148003][T13483] usb 5-1: SerialNumber: syz [ 1215.155005][T13483] usb 5-1: config 0 descriptor?? [ 1215.225239][T13483] em28xx 5-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 1215.225270][T13483] em28xx 5-1:0.132: Video interface 132 found: [ 1215.619659][T13483] em28xx 5-1:0.132: unknown em28xx chip ID (0) [ 1215.906158][T18993] macvlan0: left promiscuous mode [ 1215.906187][T18993] macvlan0: left allmulticast mode [ 1216.071107][T13483] em28xx 5-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=-5) [ 1216.071144][T13483] em28xx 5-1:0.132: board has no eeprom [ 1216.133757][T13483] em28xx 5-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 1216.133786][T13483] em28xx 5-1:0.132: analog set to bulk mode. [ 1216.138167][T19005] block nbd2: Unsupported socket: should be TCP or UNIX. [ 1216.139128][ T6416] em28xx 5-1:0.132: Registering V4L2 extension [ 1216.172746][T13483] usb 5-1: USB disconnect, device number 53 [ 1216.175143][T13483] em28xx 5-1:0.132: Disconnecting em28xx [ 1216.451888][ T6416] em28xx 5-1:0.132: Config register raw data: 0xffffffed [ 1216.451913][ T6416] em28xx 5-1:0.132: AC97 chip type couldn't be determined [ 1216.451927][ T6416] em28xx 5-1:0.132: No AC97 audio processor [ 1216.475308][T19012] block nbd5: shutting down sockets [ 1216.484370][ T6416] usb 5-1: Decoder not found [ 1216.484389][ T6416] em28xx 5-1:0.132: failed to create media graph [ 1216.484429][ T6416] em28xx 5-1:0.132: V4L2 device video103 deregistered [ 1216.512080][ T6416] em28xx 5-1:0.132: Remote control support is not available for this card. [ 1216.512137][T13483] em28xx 5-1:0.132: Closing input extension [ 1216.548514][T13483] em28xx 5-1:0.132: Freeing device [ 1217.112777][T19045] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 1218.236409][T19078] sch_tbf: burst 22 is lower than device lo mtu (82) ! [ 1218.337213][T19083] sch_tbf: burst 22 is lower than device lo mtu (82) ! [ 1218.614083][ T6113] usb 1-1: new high-speed USB device number 121 using dummy_hcd [ 1218.787265][ T6113] usb 1-1: Using ep0 maxpacket: 16 [ 1218.789112][ T6113] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1218.789138][ T6113] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1218.792286][ T6113] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1218.792312][ T6113] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1218.792333][ T6113] usb 1-1: Product: syz [ 1218.792347][ T6113] usb 1-1: Manufacturer: syz [ 1218.792362][ T6113] usb 1-1: SerialNumber: syz [ 1219.072035][ T6113] usb 1-1: 0:2 : does not exist [ 1219.082218][ T6113] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 1219.128590][ T6113] usb 1-1: USB disconnect, device number 121 [ 1219.533420][ T6113] usb 6-1: new high-speed USB device number 74 using dummy_hcd [ 1219.699722][ T6113] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1219.699765][ T6113] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1219.722616][ T6113] usb 6-1: config 0 descriptor?? [ 1219.746262][ T6113] cp210x 6-1:0.0: cp210x converter detected [ 1219.758960][T19147] input: syz0 as /devices/virtual/input/input93 [ 1220.186060][ T6113] cp210x 6-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 1220.213349][T19164] binder: 19162:19164 ioctl c0306201 200000000b00 returned -14 [ 1220.420870][ T6113] usb 6-1: cp210x converter now attached to ttyUSB0 [ 1220.560174][T19180] netlink: 8 bytes leftover after parsing attributes in process `syz.0.21800'. [ 1220.621222][ T6136] usb 6-1: USB disconnect, device number 74 [ 1220.649561][ T6136] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1220.784508][ T6136] cp210x 6-1:0.0: device disconnected [ 1221.703553][ T6113] usb 5-1: new high-speed USB device number 54 using dummy_hcd [ 1221.872037][ T6113] usb 5-1: config 0 has an invalid interface number: 37 but max is 0 [ 1221.872065][ T6113] usb 5-1: config 0 has no interface number 0 [ 1221.881399][ T6113] usb 5-1: New USB device found, idVendor=2639, idProduct=0003, bcdDevice=fd.62 [ 1221.881474][ T6113] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1221.881523][ T6113] usb 5-1: Product: syz [ 1221.881560][ T6113] usb 5-1: Manufacturer: syz [ 1221.881605][ T6113] usb 5-1: SerialNumber: syz [ 1221.894762][ T6113] usb 5-1: config 0 descriptor?? [ 1221.992235][T11559] Bluetooth: hci5: command 0x0406 tx timeout [ 1221.994318][T13483] Bluetooth: hci5: Opcode 0x0c1a failed: -110 [ 1221.994340][T13483] Bluetooth: hci5: Error when powering off device on rfkill (-110) [ 1222.120927][T14062] usb 5-1: USB disconnect, device number 54 [ 1222.804765][ T9] usb 1-1: new high-speed USB device number 122 using dummy_hcd [ 1222.965098][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 1222.968958][ T9] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1222.971447][ T9] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 1222.971472][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1222.971491][ T9] usb 1-1: Product: syz [ 1222.971505][ T9] usb 1-1: Manufacturer: syz [ 1222.971518][ T9] usb 1-1: SerialNumber: syz [ 1223.020520][ T9] usb 1-1: config 0 descriptor?? [ 1223.467615][ T9] gs_usb 1-1:0.0: Configuring for 1 interfaces [ 1224.131001][ T6113] usb 1-1: USB disconnect, device number 122 [ 1224.504710][T19363] netlink: 8 bytes leftover after parsing attributes in process `syz.5.21885'. [ 1224.504742][T19363] bond0: Unable to set up delay as MII monitoring is disabled [ 1224.643619][T13483] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 1224.643641][T13483] Bluetooth: hci2: Error when powering off device on rfkill (-110) [ 1224.653709][T11559] Bluetooth: hci2: command 0x0c1a tx timeout [ 1225.268712][T19391] netlink: 32 bytes leftover after parsing attributes in process `syz.4.21899'. [ 1225.526242][T19391] bond2: option ad_select: invalid value (17) [ 1225.547526][T19391] bond2 (unregistering): Released all slaves [ 1225.985733][T19425] netlink: 'syz.4.21914': attribute type 10 has an invalid length. [ 1225.985758][T19425] netlink: 32 bytes leftover after parsing attributes in process `syz.4.21914'. [ 1226.046772][T19425] ipvlan2: entered promiscuous mode [ 1226.053599][T19425] bridge0: port 2(ipvlan2) entered blocking state [ 1226.053783][T19425] bridge0: port 2(ipvlan2) entered disabled state [ 1226.053971][T19425] ipvlan2: entered allmulticast mode [ 1226.053987][T19425] bridge0: entered allmulticast mode [ 1226.092643][T19425] ipvlan2: left allmulticast mode [ 1226.092663][T19425] bridge0: left allmulticast mode [ 1229.758926][T19545] netlink: 8 bytes leftover after parsing attributes in process `syz.0.21969'. [ 1229.758966][T19545] netlink: 20 bytes leftover after parsing attributes in process `syz.0.21969'. [ 1229.770175][T19545] geneve4: entered promiscuous mode [ 1229.770198][T19545] geneve4: entered allmulticast mode [ 1229.779215][T17153] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1229.779446][T17153] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1229.779540][T17153] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1229.779641][T17153] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1229.850522][ T6040] usb 6-1: new high-speed USB device number 75 using dummy_hcd [ 1230.031704][ T6040] usb 6-1: Using ep0 maxpacket: 32 [ 1230.040585][ T6040] usb 6-1: config 0 has an invalid interface number: 67 but max is 0 [ 1230.040608][ T6040] usb 6-1: config 0 has no interface number 0 [ 1230.043686][ T6040] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 1230.043749][ T6040] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1230.043812][ T6040] usb 6-1: Product: syz [ 1230.043859][ T6040] usb 6-1: Manufacturer: syz [ 1230.043905][ T6040] usb 6-1: SerialNumber: syz [ 1230.078960][ T6040] usb 6-1: config 0 descriptor?? [ 1230.122475][ T6040] smsc95xx v2.0.0 [ 1230.556929][ T6040] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 1230.556961][ T6040] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 1230.885377][T19585] netlink: 24 bytes leftover after parsing attributes in process `syz.0.21989'. [ 1230.986692][ T6040] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 1230.986960][ T6040] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -71 [ 1231.024586][ T6040] usb 6-1: USB disconnect, device number 75 [ 1234.012706][T19587] kexec: Could not allocate control_code_buffer [ 1238.858930][T19754] macvlan2: entered promiscuous mode [ 1238.858957][T19754] veth1_to_hsr: entered promiscuous mode [ 1240.951405][T19862] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1241.046464][T19862] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1241.248185][T19862] tipc: Resetting bearer [ 1241.250152][T19862] tipc: Resetting bearer [ 1241.521779][T19862] veth0_macvtap: left allmulticast mode [ 1241.684637][T19862] tipc: Resetting bearer [ 1241.855902][T19862] netdevsim netdevsim5 netdevsim0: left promiscuous mode [ 1242.177119][T19862] gretap1: left promiscuous mode [ 1242.248751][T19862] vxcan3: left promiscuous mode [ 1242.258613][T19862] bridge2: left promiscuous mode [ 1242.368790][T19862] geneve2: left promiscuous mode [ 1242.382263][T19862] bridge3: left promiscuous mode [ 1242.434738][T19862] batman_adv: batadv0: Interface deactivated: gretap3 [ 1242.489354][T19862] ipvlan0: left promiscuous mode [ 1242.547520][T19954] team0: No ports can be present during mode change [ 1242.547576][ T4535] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1242.547603][ T4535] netdevsim netdevsim5 netdevsim0: unset [1, 1] type 2 family 0 port 256 - 0 [ 1242.701514][T19993] sctp: [Deprecated]: syz.4.22187 (pid 19993) Use of int in maxseg socket option. [ 1242.701514][T19993] Use struct sctp_assoc_value instead [ 1242.934491][ T4535] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1242.934524][ T4535] netdevsim netdevsim5 netdevsim1: unset [1, 1] type 2 family 0 port 256 - 0 [ 1242.937989][ T4535] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1242.938094][ T4535] netdevsim netdevsim5 netdevsim2: unset [1, 1] type 2 family 0 port 256 - 0 [ 1242.938197][ T4535] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1242.938260][ T4535] netdevsim netdevsim5 netdevsim3: unset [1, 1] type 2 family 0 port 256 - 0 [ 1243.519310][T14101] kernel read not supported for file /7572/environ (pid: 14101 comm: kworker/1:3) [ 1243.523872][T20032] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 1245.907132][T13483] usb 5-1: new high-speed USB device number 55 using dummy_hcd [ 1246.067482][T13483] usb 5-1: Using ep0 maxpacket: 8 [ 1246.069716][T13483] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1246.069769][T13483] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1246.069791][T13483] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1246.074604][T13483] usb 5-1: config 0 descriptor?? [ 1246.301026][T13483] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 1247.207953][ T37] audit: type=1326 audit(2000001479.749:2517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20177 comm="syz.6.22274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe63edff749 code=0x7ffc0000 [ 1247.208599][ T37] audit: type=1326 audit(2000001479.749:2518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20177 comm="syz.6.22274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe63edff749 code=0x7ffc0000 [ 1247.210723][ T37] audit: type=1326 audit(2000001479.749:2519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20177 comm="syz.6.22274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe63edff749 code=0x7ffc0000 [ 1247.211075][ T37] audit: type=1326 audit(2000001479.749:2520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20177 comm="syz.6.22274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe63edff749 code=0x7ffc0000 [ 1247.247723][ T37] audit: type=1326 audit(2000001479.796:2521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20177 comm="syz.6.22274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe63edff749 code=0x7ffc0000 [ 1247.247853][ T37] audit: type=1326 audit(2000001479.796:2522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20177 comm="syz.6.22274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe63edff749 code=0x7ffc0000 [ 1247.247992][ T37] audit: type=1326 audit(2000001479.796:2523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20177 comm="syz.6.22274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe63edff749 code=0x7ffc0000 [ 1247.248100][ T37] audit: type=1326 audit(2000001479.796:2524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20177 comm="syz.6.22274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe63edff749 code=0x7ffc0000 [ 1247.249524][ T37] audit: type=1326 audit(2000001479.796:2525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20177 comm="syz.6.22274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe63edff749 code=0x7ffc0000 [ 1247.251747][ T37] audit: type=1326 audit(2000001479.796:2526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20177 comm="syz.6.22274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe63edff749 code=0x7ffc0000 [ 1247.984693][T20215] sit0: entered promiscuous mode [ 1247.991432][T20215] netlink: 'syz.6.22290': attribute type 1 has an invalid length. [ 1247.991453][T20215] netlink: 1 bytes leftover after parsing attributes in process `syz.6.22290'. [ 1248.902334][ T6113] usb 5-1: USB disconnect, device number 55 [ 1249.217443][T20282] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1249.442715][T20296] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.22325'. [ 1250.554243][T20367] syzkaller1: entered promiscuous mode [ 1250.554261][T20367] syzkaller1: entered allmulticast mode [ 1251.851174][ T6416] usb 5-1: new full-speed USB device number 56 using dummy_hcd [ 1252.015949][ T6416] usb 5-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 1252.015979][ T6416] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1252.015998][ T6416] usb 5-1: Product: syz [ 1252.016012][ T6416] usb 5-1: Manufacturer: syz [ 1252.016025][ T6416] usb 5-1: SerialNumber: syz [ 1252.056121][ T6416] usb 5-1: config 0 descriptor?? [ 1252.087020][ T6416] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 1252.682291][ T6113] hid_parser_main: 5 callbacks suppressed [ 1252.682313][ T6113] hid-generic 0000:0000:0000.0035: unknown main item tag 0x0 [ 1252.692024][ T6113] hid-generic 0000:0000:0000.0035: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1253.158175][ T6416] gspca_stk1135: reg_w 0x7 err -71 [ 1253.159248][ T6416] gspca_stk1135: serial bus timeout: status=0x00 [ 1253.159264][ T6416] gspca_stk1135: Sensor write failed [ 1253.159300][ T6416] gspca_stk1135: serial bus timeout: status=0x00 [ 1253.159311][ T6416] gspca_stk1135: Sensor write failed [ 1253.159346][ T6416] gspca_stk1135: serial bus timeout: status=0x00 [ 1253.159357][ T6416] gspca_stk1135: Sensor read failed [ 1253.159393][ T6416] gspca_stk1135: serial bus timeout: status=0x00 [ 1253.159403][ T6416] gspca_stk1135: Sensor read failed [ 1253.159411][ T6416] gspca_stk1135: Detected sensor type unknown (0x0) [ 1253.159453][ T6416] gspca_stk1135: serial bus timeout: status=0x00 [ 1253.159463][ T6416] gspca_stk1135: Sensor read failed [ 1253.159499][ T6416] gspca_stk1135: serial bus timeout: status=0x00 [ 1253.159509][ T6416] gspca_stk1135: Sensor read failed [ 1253.159545][ T6416] gspca_stk1135: serial bus timeout: status=0x00 [ 1253.159556][ T6416] gspca_stk1135: Sensor write failed [ 1253.159591][ T6416] gspca_stk1135: serial bus timeout: status=0x00 [ 1253.159602][ T6416] gspca_stk1135: Sensor write failed [ 1253.159699][ T6416] stk1135 5-1:0.0: probe with driver stk1135 failed with error -71 [ 1253.279875][ T6416] usb 5-1: USB disconnect, device number 56 [ 1253.901935][T20515] syzkaller1: entered promiscuous mode [ 1253.901954][T20515] syzkaller1: entered allmulticast mode [ 1254.068201][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 1254.068286][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 1254.497611][T20546] team0: entered promiscuous mode [ 1254.497637][T20546] team_slave_0: entered promiscuous mode [ 1254.497964][T20546] team_slave_1: entered promiscuous mode [ 1254.668361][T20556] netlink: 36 bytes leftover after parsing attributes in process `syz.0.22447'. [ 1254.865975][T14101] usb 6-1: new high-speed USB device number 76 using dummy_hcd [ 1255.026189][T14101] usb 6-1: Using ep0 maxpacket: 32 [ 1255.035334][T14101] usb 6-1: config 0 interface 0 altsetting 128 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 1255.035362][T14101] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1255.035388][T14101] usb 6-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 1255.035450][T14101] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1255.046032][T14101] usb 6-1: config 0 descriptor?? [ 1255.301225][T14101] usbhid 6-1:0.0: can't add hid device: -71 [ 1255.301342][T14101] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1255.398528][T14101] usb 6-1: USB disconnect, device number 76 [ 1256.598724][ T37] kauditd_printk_skb: 41 callbacks suppressed [ 1256.614522][ T37] audit: type=1326 audit(2000001488.542:2568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20640 comm="syz.5.22486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bbeb3f749 code=0x7ffc0000 [ 1256.614580][ T37] audit: type=1326 audit(2000001488.542:2569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20640 comm="syz.5.22486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bbeb3f749 code=0x7ffc0000 [ 1256.614621][ T37] audit: type=1326 audit(2000001488.542:2570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20640 comm="syz.5.22486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f0bbeb3f749 code=0x7ffc0000 [ 1256.614671][ T37] audit: type=1326 audit(2000001488.542:2571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20640 comm="syz.5.22486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bbeb3f749 code=0x7ffc0000 [ 1256.614712][ T37] audit: type=1326 audit(2000001488.542:2572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20640 comm="syz.5.22486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bbeb3f749 code=0x7ffc0000 [ 1256.615198][ T37] audit: type=1326 audit(2000001488.551:2573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20640 comm="syz.5.22486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7f0bbeb3f749 code=0x7ffc0000 [ 1256.615732][ T37] audit: type=1326 audit(2000001488.551:2574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20640 comm="syz.5.22486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bbeb3f749 code=0x7ffc0000 [ 1256.615883][ T37] audit: type=1326 audit(2000001488.551:2575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20640 comm="syz.5.22486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bbeb3f749 code=0x7ffc0000 [ 1256.624990][ T37] audit: type=1326 audit(2000001488.560:2576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20640 comm="syz.5.22486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bbeb3f749 code=0x7ffc0000 [ 1256.625137][ T37] audit: type=1326 audit(2000001488.560:2577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20640 comm="syz.5.22486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bbeb3f749 code=0x7ffc0000 [ 1257.387083][ T6416] Process accounting resumed [ 1257.442312][T14101] usb 6-1: new high-speed USB device number 77 using dummy_hcd [ 1257.602647][T14101] usb 6-1: Using ep0 maxpacket: 32 [ 1257.609271][T14101] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1257.609312][T14101] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1257.609353][T14101] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1257.609378][T14101] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1257.618935][T14101] usb 6-1: config 0 descriptor?? [ 1257.641121][T14101] hub 6-1:0.0: USB hub found [ 1257.846681][T14101] hub 6-1:0.0: config failed, can't read hub descriptor (err -22) [ 1257.858414][T20694] FAT-fs (loop1): unable to read boot sector [ 1257.966149][ T6416] usb 5-1: new high-speed USB device number 57 using dummy_hcd [ 1258.079289][T14101] hid (null): unknown global tag 0xc [ 1258.081979][T14101] hid-generic 0003:046D:C31C.0036: unknown global tag 0xc [ 1258.082010][T14101] hid-generic 0003:046D:C31C.0036: item 0 0 1 12 parsing failed [ 1258.082524][T14101] hid-generic 0003:046D:C31C.0036: probe with driver hid-generic failed with error -22 [ 1258.128412][ T6416] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 1258.128442][ T6416] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 1258.128466][ T6416] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 1258.128487][ T6416] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 1258.131052][ T6416] usb 5-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 1258.131077][ T6416] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1258.131096][ T6416] usb 5-1: Product: syz [ 1258.131110][ T6416] usb 5-1: Manufacturer: syz [ 1258.131123][ T6416] usb 5-1: SerialNumber: syz [ 1258.135862][ T6416] usb 5-1: config 0 descriptor?? [ 1258.214353][ T6416] ums-isd200 5-1:0.0: USB Mass Storage device detected [ 1258.375115][ T6416] scsi host1: usb-storage 5-1:0.0 [ 1258.416846][T14062] usb 6-1: USB disconnect, device number 77 [ 1258.591659][T14101] usb 5-1: USB disconnect, device number 57 [ 1259.056615][T13483] usb 1-1: new full-speed USB device number 123 using dummy_hcd [ 1259.137480][T20756] netlink: 'syz.6.22540': attribute type 4 has an invalid length. [ 1259.203819][T20759] netlink: 'syz.6.22540': attribute type 4 has an invalid length. [ 1259.221943][T13483] usb 1-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 1259.221970][T13483] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1259.221989][T13483] usb 1-1: Product: syz [ 1259.222002][T13483] usb 1-1: Manufacturer: syz [ 1259.222016][T13483] usb 1-1: SerialNumber: syz [ 1259.262381][T13483] usb 1-1: config 0 descriptor?? [ 1259.706928][T13483] airspy 1-1:0.0: Board ID: 00 [ 1259.706960][T13483] airspy 1-1:0.0: Firmware version: [ 1260.578249][T13483] airspy 1-1:0.0: usb_control_msg() failed -71 request 0f [ 1260.593527][T13483] airspy 1-1:0.0: Registered as swradio24 [ 1260.593566][T13483] airspy 1-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 1260.627071][T13483] usb 1-1: USB disconnect, device number 123 [ 1260.884789][T20818] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1261.908088][T20863] netlink: 64 bytes leftover after parsing attributes in process `syz.5.22589'. [ 1262.587217][T20887] netlink: 'syz.6.22600': attribute type 83 has an invalid length. [ 1264.167355][T11559] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 1264.665761][T20956] kvm: MWAIT instruction emulated as NOP! [ 1264.701345][T13483] usb 5-1: new high-speed USB device number 58 using dummy_hcd [ 1264.863335][T13483] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 1264.863381][T13483] usb 5-1: New USB device found, idVendor=046d, idProduct=c090, bcdDevice= 0.00 [ 1264.863402][T13483] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1264.867990][T13483] usb 5-1: config 0 descriptor?? [ 1264.990737][ T6409] usb 1-1: new high-speed USB device number 124 using dummy_hcd [ 1265.152584][ T6409] usb 1-1: config 220 has an invalid interface number: 76 but max is 2 [ 1265.152605][ T6409] usb 1-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 1265.152618][ T6409] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 1265.152631][ T6409] usb 1-1: config 220 has no interface number 2 [ 1265.152734][ T6409] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 1265.152753][ T6409] usb 1-1: config 220 interface 0 has no altsetting 0 [ 1265.152765][ T6409] usb 1-1: config 220 interface 76 has no altsetting 0 [ 1265.152778][ T6409] usb 1-1: config 220 interface 1 has no altsetting 0 [ 1265.157621][ T6409] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 1265.157647][ T6409] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1265.157718][ T6409] usb 1-1: Product: syz [ 1265.157733][ T6409] usb 1-1: Manufacturer: syz [ 1265.157742][ T6409] usb 1-1: SerialNumber: syz [ 1265.336183][T13483] logitech-hidpp-device 0003:046D:C090.0037: item fetching failed at offset 3/5 [ 1265.338885][T13483] logitech-hidpp-device 0003:046D:C090.0037: hidpp_probe:parse failed [ 1265.339004][T13483] logitech-hidpp-device 0003:046D:C090.0037: probe with driver logitech-hidpp-device failed with error -22 [ 1265.515230][ T6409] uvcvideo 1-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 1265.515254][ T6409] uvcvideo 1-1:220.0: No valid video chain found. [ 1265.515295][ T6409] usb 1-1: selecting invalid altsetting 0 [ 1265.603135][T13483] usb 5-1: USB disconnect, device number 58 [ 1265.654263][ T6409] usb 1-1: selecting invalid altsetting 0 [ 1265.654287][ T6409] usbtest 1-1:220.1: probe with driver usbtest failed with error -22 [ 1265.657726][ T6409] usb 1-1: USB disconnect, device number 124 [ 1265.983941][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 1265.984917][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 1266.604160][T14062] usb 6-1: new high-speed USB device number 78 using dummy_hcd [ 1266.764471][T14062] usb 6-1: Using ep0 maxpacket: 16 [ 1266.766731][T14062] usb 6-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1266.766760][T14062] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1266.766792][T14062] usb 6-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 1266.766814][T14062] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1266.771528][T14062] usb 6-1: config 0 descriptor?? [ 1267.229411][T14062] nzxt-smart2 0003:1E71:2009.0038: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.5-1/input0 [ 1267.771234][T14062] usb 6-1: USB disconnect, device number 78 [ 1268.837648][ T6416] IPVS: starting estimator thread 0... [ 1268.924125][T21132] IPVS: using max 12 ests per chain, 28800 per kthread [ 1269.244700][ T6416] usb 5-1: new high-speed USB device number 59 using dummy_hcd [ 1269.406812][ T6416] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1269.406840][ T6416] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1269.406860][ T6416] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1269.406907][ T6416] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 1269.406933][ T6416] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 1269.409168][ T6416] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1269.409202][ T6416] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1269.409217][ T6416] usb 5-1: Product: syz [ 1269.409231][ T6416] usb 5-1: Manufacturer: syz [ 1269.440320][ T6416] cdc_wdm 5-1:1.0: skipping garbage [ 1269.440338][ T6416] cdc_wdm 5-1:1.0: skipping garbage [ 1269.499381][ T6416] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 1269.499443][ T6416] cdc_wdm 5-1:1.0: Unknown control protocol [ 1269.638133][T14062] usb 5-1: USB disconnect, device number 59 [ 1270.645208][ T6843] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 1270.808609][ T6843] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1270.808640][ T6843] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1270.808661][ T6843] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1270.808714][ T6843] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 1270.808742][ T6843] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 1270.811772][ T6843] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1270.811799][ T6843] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1270.811819][ T6843] usb 5-1: Product: syz [ 1270.811833][ T6843] usb 5-1: Manufacturer: syz [ 1270.905637][ T6843] cdc_wdm 5-1:1.0: skipping garbage [ 1270.905651][ T6843] cdc_wdm 5-1:1.0: skipping garbage [ 1270.917201][ T6843] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 1270.917247][ T6843] cdc_wdm 5-1:1.0: Unknown control protocol [ 1271.134132][T14062] usb 5-1: USB disconnect, device number 60 [ 1271.973171][T21251] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 1271.984102][T21251] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 1272.024420][ T6843] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 1272.135629][T21251] overlayfs: d_ino too big (., ino=4611686018427387905, xinobits=3) [ 1272.135917][T21251] overlayfs: d_ino too big (.., ino=4611686018427387905, xinobits=3) [ 1272.137352][T21251] overlayfs: d_ino too big (243, ino=9223372036854777059, xinobits=3) [ 1272.138111][T21251] overlayfs: d_ino too big (syzcgroup, ino=9223372036854775816, xinobits=3) [ 1272.138417][T21251] overlayfs: d_ino too big (syz-inputs, ino=9223372036854775815, xinobits=3) [ 1272.138833][T21251] overlayfs: d_ino too big (sys, ino=9223372036854775814, xinobits=3) [ 1272.139234][T21251] overlayfs: d_ino too big (selinux, ino=9223372036854775813, xinobits=3) [ 1272.139572][T21251] overlayfs: d_ino too big (proc, ino=9223372036854775812, xinobits=3) [ 1272.139985][T21251] overlayfs: d_ino too big (dev, ino=9223372036854775811, xinobits=3) [ 1272.141175][T21251] overlayfs: d_ino too big (instances, ino=4611686018427387999, xinobits=3) [ 1272.193567][ T6843] usb 5-1: Using ep0 maxpacket: 16 [ 1272.246652][ T6843] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1272.246675][ T6843] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1272.246693][ T6843] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1272.277552][ T6843] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1272.277583][ T6843] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1272.277604][ T6843] usb 5-1: Product: syz [ 1272.277619][ T6843] usb 5-1: Manufacturer: syz [ 1272.277635][ T6843] usb 5-1: SerialNumber: syz [ 1272.745856][ T6843] usb 5-1: 0:2 : does not exist [ 1273.613978][T14062] usb 5-1: USB disconnect, device number 61 [ 1273.880689][T21291] netlink: 'syz.6.22783': attribute type 1 has an invalid length. [ 1273.990011][T21291] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1274.013095][T21295] bond1: (slave geneve2): making interface the new active one [ 1274.015927][T21295] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 1274.789577][T21327] overlayfs: unescaped trailing colons in lowerdir mount option. [ 1276.238542][T21390] IPVS: Error connecting to the multicast addr [ 1276.239478][T21389] netlink: 44 bytes leftover after parsing attributes in process `syz.0.22829'. [ 1277.588927][T21443] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1277.847737][ T37] kauditd_printk_skb: 6 callbacks suppressed [ 1277.847757][ T37] audit: type=1326 audit(2000001508.409:2584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21454 comm="syz.5.22860" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0bbeb3f749 code=0x0 [ 1278.934953][T21494] syz_tun: entered promiscuous mode [ 1278.944807][T21491] kvm: user requested TSC rate below hardware speed [ 1278.990290][T21494] team0: Port device syz_tun added [ 1279.067965][T21499] team0: Port device syz_tun removed [ 1279.112292][T21499] bond0: (slave bond_slave_0): Releasing backup interface [ 1279.167787][T21499] bond0: (slave bond_slave_1): Releasing backup interface [ 1279.212952][T21499] team_slave_0: left promiscuous mode [ 1279.233422][T21499] team0: Port device team_slave_0 removed [ 1279.234164][T21499] team_slave_1: left promiscuous mode [ 1279.285205][T21499] team0: Port device team_slave_1 removed [ 1279.285689][T21499] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1279.340435][T21499] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1279.413171][T21499] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 1280.523358][T14062] usb 6-1: new high-speed USB device number 79 using dummy_hcd [ 1280.705185][T14062] usb 6-1: Using ep0 maxpacket: 8 [ 1280.723186][T14062] usb 6-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 1280.723213][T14062] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1280.723232][T14062] usb 6-1: Product: syz [ 1280.723246][T14062] usb 6-1: Manufacturer: syz [ 1280.723260][T14062] usb 6-1: SerialNumber: syz [ 1280.763228][T14062] usb 6-1: config 0 descriptor?? [ 1280.778015][T14062] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 1281.304988][T21577] netlink: 'syz.6.22917': attribute type 4 has an invalid length. [ 1281.326796][T21577] netlink: 'syz.6.22917': attribute type 4 has an invalid length. [ 1281.549890][T14101] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 1281.722557][T14101] usb 5-1: config index 0 descriptor too short (expected 45, got 36) [ 1281.722614][T14101] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1281.722694][T14101] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1281.722719][T14101] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1281.722762][T14101] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1281.722804][T14101] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1281.722883][T14101] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1281.730805][T14101] usb 5-1: config 0 descriptor?? [ 1281.750885][T21575] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1282.070114][T14062] gspca_sonixj: reg_w1 err -71 [ 1282.169903][T14062] sonixj 6-1:0.0: probe with driver sonixj failed with error -71 [ 1282.174997][T14062] usb 6-1: USB disconnect, device number 79 [ 1282.203875][T14101] plantronics 0003:047F:FFFF.0039: unknown main item tag 0x0 [ 1282.203907][T14101] plantronics 0003:047F:FFFF.0039: unknown main item tag 0x0 [ 1282.203933][T14101] plantronics 0003:047F:FFFF.0039: unknown main item tag 0x0 [ 1282.203958][T14101] plantronics 0003:047F:FFFF.0039: unknown main item tag 0x0 [ 1282.203982][T14101] plantronics 0003:047F:FFFF.0039: unknown main item tag 0x0 [ 1282.204007][T14101] plantronics 0003:047F:FFFF.0039: unknown main item tag 0x0 [ 1282.279758][T14101] plantronics 0003:047F:FFFF.0039: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 1282.558543][ T6409] usb 5-1: USB disconnect, device number 62 [ 1283.415369][T21632] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 1283.417960][T21632] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.22943'. [ 1285.397004][T11559] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1285.462538][T11559] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1285.464475][T11559] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1285.471436][T11559] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1285.497869][T11559] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1285.523880][ T5994] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1285.524820][ T5994] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1285.525245][ T5994] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1285.529874][ T5994] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1285.546763][ T5994] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1285.621318][T21708] lo speed is unknown, defaulting to 1000 [ 1286.402826][T21737] netlink: 16 bytes leftover after parsing attributes in process `syz.4.22994'. [ 1286.783692][T21752] netlink: 104 bytes leftover after parsing attributes in process `syz.6.23002'. [ 1287.434614][T21708] chnl_net:caif_netlink_parms(): no params data found [ 1287.761099][ T5994] Bluetooth: hci3: command tx timeout [ 1288.013693][T21708] bridge0: port 1(bridge_slave_0) entered blocking state [ 1288.013885][T21708] bridge0: port 1(bridge_slave_0) entered disabled state [ 1288.014120][T21708] bridge_slave_0: entered allmulticast mode [ 1288.019634][T21708] bridge_slave_0: entered promiscuous mode [ 1288.039508][T21708] bridge0: port 2(bridge_slave_1) entered blocking state [ 1288.039847][T21708] bridge0: port 2(bridge_slave_1) entered disabled state [ 1288.040345][T21708] bridge_slave_1: entered allmulticast mode [ 1288.048159][T21708] bridge_slave_1: entered promiscuous mode [ 1288.313129][T21708] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1288.340561][T21708] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1288.503705][T21829] netlink: 8 bytes leftover after parsing attributes in process `syz.6.23033'. [ 1288.503730][T21829] netlink: 8 bytes leftover after parsing attributes in process `syz.6.23033'. [ 1288.665564][T21708] team0: Port device team_slave_0 added [ 1288.677138][T21708] team0: Port device team_slave_1 added [ 1288.891218][T21708] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1288.891238][T21708] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1288.891268][T21708] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1288.942809][T21708] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1288.942827][T21708] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1288.942854][T21708] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1289.119487][T21850] netlink: 8 bytes leftover after parsing attributes in process `syz.4.23043'. [ 1289.119510][T21850] netlink: 12 bytes leftover after parsing attributes in process `syz.4.23043'. [ 1289.254634][T21850] netlink: 8 bytes leftover after parsing attributes in process `syz.4.23043'. [ 1289.254657][T21850] netlink: 12 bytes leftover after parsing attributes in process `syz.4.23043'. [ 1289.284604][T21708] hsr_slave_0: entered promiscuous mode [ 1289.285784][T21708] hsr_slave_1: entered promiscuous mode [ 1289.300694][T21708] debugfs: 'hsr0' already exists in 'hsr' [ 1289.300717][T21708] Cannot create hsr debugfs directory [ 1289.984738][ T5994] Bluetooth: hci3: command tx timeout [ 1291.404729][T21708] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1291.448709][T21708] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1291.518350][T21708] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1291.602199][T21708] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1291.691174][T21973] block nbd6: NBD_DISCONNECT [ 1291.692721][T21969] block nbd6: Disconnected due to user request. [ 1291.692740][T21969] block nbd6: shutting down sockets [ 1291.929755][T21708] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1292.010539][T21708] 8021q: adding VLAN 0 to HW filter on device team0 [ 1292.043858][ T5090] bridge0: port 1(bridge_slave_0) entered blocking state [ 1292.044307][ T5090] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1292.072305][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 1292.072454][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1292.208310][ T5994] Bluetooth: hci3: command tx timeout [ 1292.672962][T21708] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1293.108632][T22035] loop5: detected capacity change from 0 to 7 [ 1293.111788][T22035] Dev loop5: unable to read RDB block 7 [ 1293.111835][T22035] loop5: unable to read partition table [ 1293.113932][T22035] loop5: partition table beyond EOD, truncated [ 1293.113953][T22035] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 1293.306314][T21708] veth0_vlan: entered promiscuous mode [ 1293.367389][T21708] veth1_vlan: entered promiscuous mode [ 1293.431404][T21708] veth0_macvtap: entered promiscuous mode [ 1293.452989][T21708] veth1_macvtap: entered promiscuous mode [ 1293.494650][T21708] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1293.513334][T21708] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1293.552003][ T68] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1293.552269][ T68] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1293.552307][ T68] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1293.552340][ T68] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1294.042041][T11063] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1294.042062][T11063] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1294.203730][ T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1294.203757][ T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1294.442509][ T5994] Bluetooth: hci3: command tx timeout [ 1294.977186][T13334] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 1295.137441][T13334] usb 5-1: Using ep0 maxpacket: 16 [ 1295.139448][T13334] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1295.139481][T13334] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1295.139521][T13334] usb 5-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 1295.139547][T13334] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1295.143572][T13334] usb 5-1: config 0 descriptor?? [ 1295.807952][T13334] usb 5-1: language id specifier not provided by device, defaulting to English [ 1295.946843][ T37] audit: type=1326 audit(2000001525.340:2585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22132 comm="syz.0.23165" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9e5252f749 code=0x0 [ 1296.238673][T13334] letsketch 0003:6161:4D15.003A: Device info: ఁ [ 1296.482116][T13334] usb 5-1: Max retries (5) exceeded reading string descriptor 201 [ 1296.482202][T13334] letsketch 0003:6161:4D15.003A: probe with driver letsketch failed with error -71 [ 1296.527794][T13334] usb 5-1: USB disconnect, device number 63 [ 1297.336575][T22203] netlink: 1319 bytes leftover after parsing attributes in process `syz.4.23195'. [ 1297.358706][T22204] netlink: 28 bytes leftover after parsing attributes in process `syz.7.23194'. [ 1297.474227][T22209] netlink: 207952 bytes leftover after parsing attributes in process `syz.4.23199'. [ 1297.838006][T22225] netlink: 212348 bytes leftover after parsing attributes in process `syz.6.23209'. [ 1297.861798][T22228] netlink: 104 bytes leftover after parsing attributes in process `syz.7.23207'. [ 1298.212754][T22252] netlink: 'syz.0.23218': attribute type 12 has an invalid length. [ 1298.212769][T22252] netlink: 'syz.0.23218': attribute type 29 has an invalid length. [ 1298.212778][T22252] netlink: 148 bytes leftover after parsing attributes in process `syz.0.23218'. [ 1298.212802][T22252] netlink: 'syz.0.23218': attribute type 2 has an invalid length. [ 1298.212810][T22252] netlink: 'syz.0.23218': attribute type 3 has an invalid length. [ 1298.212818][T22252] netlink: 15 bytes leftover after parsing attributes in process `syz.0.23218'. [ 1298.622663][T13334] usb 1-1: new high-speed USB device number 125 using dummy_hcd [ 1298.783021][T13334] usb 1-1: Using ep0 maxpacket: 32 [ 1298.785332][T13334] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1298.787925][T13334] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 1298.787960][T13334] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1298.787977][T13334] usb 1-1: Product: syz [ 1298.787990][T13334] usb 1-1: Manufacturer: syz [ 1298.788027][T13334] usb 1-1: SerialNumber: syz [ 1298.803236][T13334] usb 1-1: config 0 descriptor?? [ 1299.286551][T13334] gs_usb 1-1:0.0: Configuring for 1 interfaces [ 1299.721780][T13334] gs_usb 1-1:0.0: Disabling termination support for channel 0 (-EPIPE) [ 1299.980881][T14101] usb 1-1: USB disconnect, device number 125 [ 1300.161663][ T37] audit: type=1326 audit(2000001529.278:2586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22336 comm="syz.4.23259" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa2fb27f749 code=0x0 [ 1301.339859][T13334] hid-generic 0000:3000000:0000.003B: unknown main item tag 0x4 [ 1301.339891][T13334] hid-generic 0000:3000000:0000.003B: unknown main item tag 0x2 [ 1301.339949][T13334] hid-generic 0000:3000000:0000.003B: unknown main item tag 0x3 [ 1301.344532][T13334] hid-generic 0000:3000000:0000.003B: hidraw0: HID v0.00 Device [sy] on syz0 [ 1301.359440][T13483] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 1301.519752][T13483] usb 5-1: Using ep0 maxpacket: 32 [ 1301.521748][T13483] usb 5-1: config 0 has an invalid interface number: 188 but max is 0 [ 1301.521771][T13483] usb 5-1: config 0 has no interface number 0 [ 1301.521815][T13483] usb 5-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 1301.525988][T13483] usb 5-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 1301.526015][T13483] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1301.526037][T13483] usb 5-1: Product: syz [ 1301.526052][T13483] usb 5-1: Manufacturer: syz [ 1301.526067][T13483] usb 5-1: SerialNumber: syz [ 1301.535819][T13483] usb 5-1: config 0 descriptor?? [ 1301.565823][T22392] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 1301.800121][T22392] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 1302.875453][T13483] asix 5-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 1302.875706][T13483] asix 5-1:0.188: probe with driver asix failed with error -71 [ 1302.897503][T13483] usb 5-1: USB disconnect, device number 64 [ 1304.478008][T22491] input: syz1 as /devices/virtual/input/input94 [ 1305.048918][T22519] Invalid ELF header magic: != ELF [ 1305.283333][T22528] loop8: detected capacity change from 0 to 8 [ 1305.286481][T22528] Dev loop8: unable to read RDB block 8 [ 1305.286541][T22528] loop8: unable to read partition table [ 1305.286911][T22528] loop8: partition table beyond EOD, truncated [ 1305.286931][T22528] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 1306.875759][T14101] usb 1-1: new high-speed USB device number 126 using dummy_hcd [ 1307.036088][T14101] usb 1-1: Using ep0 maxpacket: 32 [ 1307.070224][T14101] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1307.070257][T14101] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1307.070298][T14101] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1307.070322][T14101] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1307.074703][T14101] usb 1-1: config 0 descriptor?? [ 1307.124609][T14101] hub 1-1:0.0: USB hub found [ 1307.325181][T14101] hub 1-1:0.0: 1 port detected [ 1307.998183][T14101] hub 1-1:0.0: activate --> -90 [ 1308.423423][T14101] usb 1-1-port1: cannot disable (err = -71) [ 1308.447244][T13483] usb 1-1: USB disconnect, device number 126 [ 1308.451051][T14101] hub 1-1:0.0: hub_ext_port_status failed (err = -71) [ 1308.451073][T14101] usb 1-1-port1: connect-debounce failed [ 1308.513921][T22640] tun0: tun_chr_ioctl cmd 1074025675 [ 1308.513941][T22640] tun0: persist enabled [ 1308.522450][T22640] tun0: tun_chr_ioctl cmd 1074025675 [ 1308.522469][T22640] tun0: persist disabled [ 1310.900094][T22714] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1311.921791][T14062] usb 5-1: new high-speed USB device number 65 using dummy_hcd [ 1312.105415][T14062] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 1312.105445][T14062] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 1312.107822][T14062] usb 5-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 1312.107847][T14062] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1312.107866][T14062] usb 5-1: Product: syz [ 1312.107883][T14062] usb 5-1: Manufacturer: syz [ 1312.107896][T14062] usb 5-1: SerialNumber: syz [ 1312.111620][T14062] usb 5-1: config 0 descriptor?? [ 1312.112449][T22743] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1312.114339][T22743] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1312.334945][T22743] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1312.335064][T22743] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1312.772001][T14062] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00 [ 1313.470402][T14062] dm9601 5-1:0.0 (unnamed net_device) (uninitialized): MDIO read error: -71 [ 1313.520446][T14062] dm9601 5-1:0.0 eth9: register 'dm9601' at usb-dummy_hcd.4-1, Davicom DM96xx USB 10/100 Ethernet, ea:61:f8:d8:0f:7b [ 1313.549736][T14062] usb 5-1: USB disconnect, device number 65 [ 1313.553536][T14062] dm9601 5-1:0.0 eth9: unregister 'dm9601' usb-dummy_hcd.4-1, Davicom DM96xx USB 10/100 Ethernet [ 1313.623277][T22799] kernel profiling enabled (shift: 0) [ 1314.856477][ T6040] kernel write not supported for file bpf-prog (pid: 6040 comm: kworker/1:4) [ 1316.416271][T22914] netlink: 212328 bytes leftover after parsing attributes in process `syz.0.23523'. [ 1316.416437][T22914] netlink: Unknown conntrack attr (type=2304, max=9) [ 1316.818972][T22936] bond2: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 1316.830889][T13334] usb 1-1: new high-speed USB device number 127 using dummy_hcd [ 1316.850350][T22936] bond2: (slave lo): Enslaving as a backup interface with an up link [ 1316.878361][T22936] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 1316.988980][T13334] usb 1-1: Using ep0 maxpacket: 32 [ 1316.990955][T13334] usb 1-1: config 0 has an invalid interface number: 80 but max is 0 [ 1316.990979][T13334] usb 1-1: config 0 has no interface number 0 [ 1316.991010][T13334] usb 1-1: config 0 interface 80 has no altsetting 0 [ 1316.999074][T13334] usb 1-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=54.b7 [ 1316.999103][T13334] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1316.999124][T13334] usb 1-1: Product: syz [ 1316.999140][T13334] usb 1-1: Manufacturer: syz [ 1316.999157][T13334] usb 1-1: SerialNumber: syz [ 1317.011472][T22944] loop9: detected capacity change from 0 to 7 [ 1317.067629][T13334] usb 1-1: config 0 descriptor?? [ 1317.080598][T22944] Dev loop9: unable to read RDB block 7 [ 1317.080656][T22944] loop9: unable to read partition table [ 1317.080873][T22944] loop9: partition table beyond EOD, truncated [ 1317.080900][T22944] loop_reread_partitions: partition scan of loop9 (被x ) failed (rc=-5) [ 1317.112909][T13334] usbhid 1-1:0.80: couldn't find an input interrupt endpoint [ 1317.305809][ T6040] usb 1-1: USB disconnect, device number 127 [ 1318.103389][T13334] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 1318.287920][T13334] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1318.287968][T13334] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1318.287991][T13334] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1318.331776][T13334] usb 5-1: config 0 descriptor?? [ 1318.561074][T13334] usbhid 5-1:0.0: can't add hid device: -71 [ 1318.561194][T13334] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1318.593337][T13334] usb 5-1: USB disconnect, device number 66 [ 1319.095235][T13334] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 1319.255431][T13334] usb 5-1: Using ep0 maxpacket: 32 [ 1319.257291][T13334] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1319.257336][T13334] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 1319.257359][T13334] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1319.269233][T13334] usb 5-1: config 0 descriptor?? [ 1319.321261][T13334] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 1319.323236][T13334] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 1319.389929][T23018] netlink: 'syz.6.23574': attribute type 9 has an invalid length. [ 1319.389950][T23018] netlink: 'syz.6.23574': attribute type 11 has an invalid length. [ 1319.389967][T23018] netlink: 210020 bytes leftover after parsing attributes in process `syz.6.23574'. [ 1319.390083][T23018] netlink: 4 bytes leftover after parsing attributes in process `syz.6.23574'. [ 1319.753392][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 1319.753486][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 1320.389828][T22053] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 1320.549180][T22053] usb 1-1: Using ep0 maxpacket: 16 [ 1320.557824][T22053] usb 1-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 1320.557979][T22053] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1320.609505][T22053] usb 1-1: config 0 descriptor?? [ 1320.624579][T22053] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 1321.118363][ T6040] usb 5-1: USB disconnect, device number 67 [ 1321.129299][ T6040] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 1321.769858][T22053] gspca_sonixj: reg_w1 err -71 [ 1321.790447][T22053] sonixj 1-1:0.0: probe with driver sonixj failed with error -71 [ 1321.796598][T22053] usb 1-1: USB disconnect, device number 2 [ 1323.669146][T23144] input: syz0 as /devices/virtual/input/input95 [ 1323.960086][ T6843] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 1324.121529][ T6843] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1324.121593][ T6843] usb 1-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00 [ 1324.121617][ T6843] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1324.129923][ T6843] usb 1-1: config 0 descriptor?? [ 1324.625049][ T6843] steelseries 0003:1038:12B6.003C: item fetching failed at offset 5/7 [ 1324.625885][ T6843] steelseries 0003:1038:12B6.003C: probe with driver steelseries failed with error -22 [ 1324.821108][T23197] sctp: [Deprecated]: syz.4.23654 (pid 23197) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1324.821108][T23197] Use struct sctp_sack_info instead [ 1324.864587][ T6040] usb 1-1: USB disconnect, device number 3 [ 1326.656009][T23291] netlink: 104 bytes leftover after parsing attributes in process `syz.7.23698'. [ 1328.635628][T23379] team0: entered promiscuous mode [ 1328.635651][T23379] team_slave_0: entered promiscuous mode [ 1328.635830][T23379] team_slave_1: entered promiscuous mode [ 1328.637572][T23379] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1328.892095][T23398] netlink: 532 bytes leftover after parsing attributes in process `syz.6.23742'. [ 1328.952140][T23390] netlink: 'syz.6.23742': attribute type 29 has an invalid length. [ 1328.952647][T23393] netlink: 'syz.6.23742': attribute type 29 has an invalid length. [ 1329.195295][T23410] overlayfs: statfs failed on './file0' [ 1329.558722][T22053] hid-generic 0000:0000:0000.003D: unknown main item tag 0x0 [ 1329.577426][T22053] hid-generic 0000:0000:0000.003D: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1330.021041][ T38] INFO: task kworker/u8:3:11386 blocked for[ 1330.021041][ T38] INFO: task kworker/u8:3:11386 blocked for more than 143 seconds. [ 1330.021068][ T38] Tainted: G L syzkaller #0 [ 1330.021081][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1330.021091][ T38] task:kworker/u8:3 state:D stack:23224 pid:11386 tgid:11386 ppid:2 task_flags:0x4208160 flags:0x00080000 [ 1330.021152][ T38] Workqueue: netns cleanup_net [ 1330.021180][ T38] Call Trace: [ 1330.021189][ T38] [ 1330.021202][ T38] __schedule+0x145f/0x5070 [ 1330.021247][ T38] ? __lock_acquire+0x6b6/0x2cf0 [ 1330.021285][ T38] ? lockdep_hardirqs_on+0x7b/0x110 [ 1330.021315][ T38] ? __pfx___schedule+0x10/0x10 [ 1330.021354][ T38] ? schedule+0x91/0x360 [ 1330.021386][ T38] schedule+0x165/0x360 [ 1330.021417][ T38] rxrpc_destroy_all_calls+0x564/0x660 [ 1330.021456][ T38] ? __pfx_rxrpc_destroy_all_calls+0x10/0x10 [ 1330.021485][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1330.021507][ T38] ? __pfx_var_wake_function+0x10/0x10 [ 1330.021532][ T38] ? __try_to_del_timer_sync+0x34d/0x3a0 [ 1330.021568][ T38] rxrpc_exit_net+0x6f/0xc0 [ 1330.021600][ T38] ops_undo_list+0x49a/0x990 [ 1330.021629][ T38] ? __pfx_ops_undo_list+0x10/0x10 [ 1330.021649][ T38] ? rt_spin_unlock+0x150/0x200 [ 1330.021679][ T38] ? rt_spin_unlock+0x161/0x200 [ 1330.021708][ T38] cleanup_net+0x4de/0x7b0 [ 1330.021732][ T38] ? __pfx_cleanup_net+0x10/0x10 [ 1330.021758][ T38] ? process_scheduled_works+0x9ef/0x1770 [ 1330.021780][ T38] ? process_scheduled_works+0x9ef/0x1770 [ 1330.021804][ T38] process_scheduled_works+0xad1/0x1770 [ 1330.021853][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 1330.021874][ T38] ? do_raw_spin_lock+0x121/0x290 [ 1330.021913][ T38] worker_thread+0x8a0/0xda0 [ 1330.021949][ T38] ? __kthread_parkme+0x7b/0x200 [ 1330.022002][ T38] kthread+0x711/0x8a0 [ 1330.022033][ T38] ? __pfx_worker_thread+0x10/0x10 [ 1330.022056][ T38] ? __pfx_kthread+0x10/0x10 [ 1330.022080][ T38] ? rt_spin_unlock+0x150/0x200 [ 1330.022110][ T38] ? rt_spin_unlock+0x161/0x200 [ 1330.022134][ T38] ? __pfx_kthread+0x10/0x10 [ 1330.022164][ T38] ret_from_fork+0x510/0xa50 [ 1330.022189][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 1330.022209][ T38] ? __switch_to+0xc9e/0x1480 [ 1330.022243][ T38] ? __pfx_kthread+0x10/0x10 [ 1330.022274][ T38] ret_from_fork_asm+0x1a/0x30 [ 1330.022319][ T38] [ 1330.022358][ T38] [ 1330.022358][ T38] Showing all locks held in the system: [ 1330.022370][ T38] 1 lock held by khungtaskd/38: [ 1330.022381][ T38] #0: ffffffff8d5ae940 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 1330.022461][ T38] 2 locks held by getty/5556: [ 1330.022473][ T38] #0: ffff88814d8670a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1330.022523][ T38] #1: ffffc90003e8b2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x44f/0x1460 [ 1330.022577][ T38] 3 locks held by kworker/u8:3/11386: [ 1330.022589][ T38] #0: ffff888019ad4938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770 [ 1330.022658][ T38] #1: ffffc900139d7bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770 [ 1330.022713][ T38] #2: ffffffff8e898720 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x7b0 [ 1330.022771][ T38] 1 lock held by syz.6.23748/23411: [ 1330.022784][ T38] 1 lock held by syz.4.23758/23426: [ 1330.022796][ T38] #0: ffff8880898183b0 (&mm->mmap_lock){++++}-{4:4}, at: vm_mmap_pgoff+0x214/0x4d0 [ 1330.022861][ T38] 4 locks held by syz.4.23758/23429: [ 1330.022874][ T38] 1 lock held by syz.0.23768/23448: [ 1330.022887][ T38] #0: ffffffff8d20c0a8 (tasklist_lock){++++}-{3:3}, at: do_exit+0x712/0x22f0 [ 1330.022950][ T38] 3 locks held by syz.0.23768/23449: [ 1330.022963][ T38] 2 locks held by syz.1.23769/23450: [ 1330.022976][ T38] [ 1330.022990][ T38] ============================================= [ 1330.022990][ T38] [ 1330.023001][ T38] NMI backtrace for cpu 1 [ 1330.023020][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1330.023049][ T38] Tainted: [L]=SOFTLOCKUP [ 1330.023057][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1330.023071][ T38] Call Trace: [ 1330.023080][ T38] [ 1330.023089][ T38] dump_stack_lvl+0xe8/0x150 [ 1330.023121][ T38] nmi_cpu_backtrace+0x274/0x2d0 [ 1330.023152][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1330.023179][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 1330.023213][ T38] sys_info+0x135/0x170 [ 1330.023237][ T38] watchdog+0xf95/0xfe0 [ 1330.023269][ T38] ? watchdog+0x20a/0xfe0 [ 1330.023302][ T38] kthread+0x711/0x8a0 [ 1330.023338][ T38] ? __pfx_watchdog+0x10/0x10 [ 1330.023363][ T38] ? __pfx_kthread+0x10/0x10 [ 1330.023394][ T38] ? rt_spin_unlock+0x150/0x200 [ 1330.023429][ T38] ? rt_spin_unlock+0x161/0x200 [ 1330.023457][ T38] ? __pfx_kthread+0x10/0x10 [ 1330.023492][ T38] ret_from_fork+0x510/0xa50 [ 1330.023519][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 1330.023543][ T38] ? __switch_to+0xc9e/0x1480 [ 1330.023581][ T38] ? __pfx_kthread+0x10/0x10 [ 1330.023616][ T38] ret_from_fork_asm+0x1a/0x30 [ 1330.023669][ T38] [ 1330.023677][ T38] Sending NMI from CPU 1 to CPUs 0: [ 1330.023709][ C0] NMI backtrace for cpu 0 [ 1330.023731][ C0] CPU: 0 UID: 0 PID: 23429 Comm: syz.4.23758 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1330.023758][ C0] Tainted: [L]=SOFTLOCKUP [ 1330.023766][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1330.023778][ C0] RIP: 0010:trace_irq_disable+0x2/0x100 [ 1330.023803][ C0] Code: 28 b0 ec 0f 01 00 00 00 48 8b 3c 24 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 41 56 <53> 66 90 65 8b 05 a8 99 eb 0f 83 f8 08 73 33 89 c3 c1 e8 06 48 8d [ 1330.023820][ C0] RSP: 0018:ffffc9000484f3b8 EFLAGS: 00000046 [ 1330.023837][ C0] RAX: 0000000000000000 RBX: 0000000000000246 RCX: 0000000000000046 [ 1330.023849][ C0] RDX: 0000000000000000 RSI: ffffffff8ce0bb44 RDI: ffffffff8ad5124a [ 1330.023864][ C0] RBP: ffffc9000484f498 R08: ffffffff82300e88 R09: ffff888070649bd8 [ 1330.023878][ C0] R10: dffffc0000000000 R11: fffffbfff1db668f R12: 1ffff92000909e85 [ 1330.023893][ C0] R13: dffffc0000000000 R14: ffff888070649b80 R15: ffffc9000484f420 [ 1330.023908][ C0] FS: 00007fa2f94de6c0(0000) GS:ffff888126cef000(0000) knlGS:0000000000000000 [ 1330.023925][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1330.023938][ C0] CR2: 0000200000000f88 CR3: 0000000065cd0000 CR4: 00000000003526f0 [ 1330.023956][ C0] Call Trace: [ 1330.023963][ C0] [ 1330.023971][ C0] _raw_spin_lock_irqsave+0x1a/0x60 [ 1330.023992][ C0] rt_spin_lock+0x14a/0x3e0 [ 1330.024027][ C0] ? reacquire_held_locks+0x104/0x190 [ 1330.024056][ C0] ? __pfx_rt_spin_lock+0x10/0x10 [ 1330.024079][ C0] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 1330.024104][ C0] ? rt_spin_unlock+0x150/0x200 [ 1330.024129][ C0] inode_add_bytes+0x38/0x140 [ 1330.024154][ C0] __dquot_alloc_space+0x285/0xea0 [ 1330.024186][ C0] ? shmem_inode_acct_blocks+0x99/0x460 [ 1330.024211][ C0] shmem_inode_acct_blocks+0x2a2/0x460 [ 1330.024242][ C0] shmem_get_folio_gfp+0x8f0/0x1a70 [ 1330.024279][ C0] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 1330.024303][ C0] ? __lock_acquire+0x6b6/0x2cf0 [ 1330.024331][ C0] shmem_fault+0x170/0x380 [ 1330.024361][ C0] __do_fault+0x138/0x390 [ 1330.024379][ C0] ? do_pte_missing+0x14c6/0x27a0 [ 1330.024395][ C0] ? __pfx_filemap_map_pages+0x10/0x10 [ 1330.024421][ C0] do_pte_missing+0x18ca/0x27a0 [ 1330.024443][ C0] ? handle_mm_fault+0xd1/0x1330 [ 1330.024470][ C0] ? handle_mm_fault+0xd1/0x1330 [ 1330.024495][ C0] handle_mm_fault+0xcc1/0x1330 [ 1330.024524][ C0] ? handle_mm_fault+0xd1/0x1330 [ 1330.024550][ C0] ? __pfx_handle_mm_fault+0x10/0x10 [ 1330.024576][ C0] ? follow_page_pte+0xc0d/0x1360 [ 1330.024606][ C0] ? __pfx_follow_page_pte+0x10/0x10 [ 1330.024633][ C0] ? follow_page_pte+0xd42/0x1360 [ 1330.024659][ C0] __get_user_pages+0x166e/0x2830 [ 1330.024699][ C0] populate_vma_page_range+0x29f/0x3a0 [ 1330.024723][ C0] ? __pfx_populate_vma_page_range+0x10/0x10 [ 1330.024745][ C0] ? userfaultfd_unmap_complete+0x278/0x2d0 [ 1330.024764][ C0] ? lockdep_hardirqs_on+0x7b/0x110 [ 1330.024782][ C0] ? rt_mutex_slowunlock+0x493/0x8a0 [ 1330.024803][ C0] __mm_populate+0x24c/0x380 [ 1330.024827][ C0] ? __pfx___mm_populate+0x10/0x10 [ 1330.024849][ C0] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1330.024866][ C0] ? lockdep_hardirqs_on+0x7b/0x110 [ 1330.024882][ C0] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 1330.024900][ C0] vm_mmap_pgoff+0x38a/0x4d0 [ 1330.024921][ C0] ? __se_sys_futex+0x36f/0x400 [ 1330.024949][ C0] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1330.024969][ C0] ? ksys_write+0x230/0x260 [ 1330.024994][ C0] ? __pfx___se_sys_futex+0x10/0x10 [ 1330.025021][ C0] ? __pfx_ksys_write+0x10/0x10 [ 1330.025049][ C0] ? __x64_sys_mmap+0x7f/0x140 [ 1330.025070][ C0] do_syscall_64+0xec/0xf80 [ 1330.025087][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1330.025104][ C0] ? trace_irq_disable+0x37/0x100 [ 1330.025123][ C0] ? clear_bhb_loop+0x60/0xb0 [ 1330.025143][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1330.025160][ C0] RIP: 0033:0x7fa2fb27f749 [ 1330.025174][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1330.025190][ C0] RSP: 002b:00007fa2f94de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1330.025207][ C0] RAX: ffffffffffffffda RBX: 00007fa2fb4d5fa0 RCX: 00007fa2fb27f749 [ 1330.025243][ C0] RDX: b635773f06ebbeee RSI: 0000000000b36000 RDI: 0000200000000000 [ 1330.025256][ C0] RBP: 00007fa2fb303f91 R08: ffffffffffffffff R09: 0000000000003000 [ 1330.025270][ C0] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000 [ 1330.025282][ C0] R13: 00007fa2fb4d6038 R14: 00007fa2fb4d5fa0 R15: 00007ffc4945c618 [ 1330.025306][ C0] [ 1330.034966][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 1330.035039][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1330.035108][ T38] Tainted: [L]=SOFTLOCKUP [ 1330.035137][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1330.035183][ T38] Call Trace: [ 1330.035202][ T38] [ 1330.035223][ T38] vpanic+0x1e0/0x670 [ 1330.035317][ T38] panic+0xb9/0xc0 [ 1330.035397][ T38] ? __pfx_panic+0x10/0x10 [ 1330.035499][ T38] ? __pfx_panic+0x10/0x10 [ 1330.035575][ T38] watchdog+0xfdf/0xfe0 [ 1330.035649][ T38] ? watchdog+0x20a/0xfe0 [ 1330.035719][ T38] kthread+0x711/0x8a0 [ 1330.035831][ T38] ? __pfx_watchdog+0x10/0x10 [ 1330.035902][ T38] ? __pfx_kthread+0x10/0x10 [ 1330.035960][ T38] ? rt_spin_unlock+0x150/0x200 [ 1330.036076][ T38] ? rt_spin_unlock+0x161/0x200 [ 1330.036136][ T38] ? __pfx_kthread+0x10/0x10 [ 1330.036168][ T38] ret_from_fork+0x510/0xa50 [ 1330.036193][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 1330.036236][ T38] ? __switch_to+0xc9e/0x1480 [ 1330.036286][ T38] ? __pfx_kthread+0x10/0x10 [ 1330.036386][ T38] ret_from_fork_asm+0x1a/0x30 [ 1330.036495][ T38] [ 1330.037097][ T38] Kernel Offset: disabled