last executing test programs: 17m20.700082831s ago: executing program 1 (id=682): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newlink={0x50, 0x10, 0x421, 0x4, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x88aaefad, 0x26d2}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_XFRM_LINK={0x8, 0x1, 0x3}, @IFLA_XFRM_IF_ID={0x8, 0x2, 0x3}]}}}, @IFLA_BROADCAST={0xa}]}, 0x50}}, 0xc080) 17m20.374218826s ago: executing program 1 (id=685): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000003f80), 0x101000) readv(r0, &(0x7f0000006140)=[{&(0x7f0000004140)=""/4096, 0x1000}], 0x1) 17m19.055379393s ago: executing program 1 (id=687): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xd, 0xfffffffb, 0x7fffbfff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="d800000025"], 0xd8}, 0x1, 0x0, 0x0, 0x4004041}, 0x20004440) 17m18.889056418s ago: executing program 1 (id=688): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000000)={0x28, 0x0, 0x2710, @local}, 0x10) r1 = open_tree(0xffffffffffffff9c, 0x0, 0x88000) move_mount(r1, 0x0, 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r0, 0x28, 0x2, &(0x7f00000000c0)=0x33, 0x8) listen(r0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10) r3 = accept4(r0, 0x0, 0x0, 0x0) syz_usb_connect$rtl8150(0x6, 0x3f, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xbda, 0x8150, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0) sendto(r3, &(0x7f0000000000), 0xfeb5, 0x0, 0x0, 0x0) recvfrom(r2, &(0x7f00000001c0)=""/62, 0xfeb5, 0x10120, 0x0, 0x0) 17m15.679766001s ago: executing program 1 (id=701): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet(0x2, 0x2, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r3, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={0x0, 0x18}}, 0x0) r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) bind$netrom(r4, &(0x7f00000004c0)={{0x6, @rose, 0x1}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48) 17m14.50890096s ago: executing program 1 (id=704): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a03000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000180003801400020000007468305f746f5f68737200000000080002"], 0xe8}}, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000000a00)=ANY=[], 0x237) io_setup(0x19, 0x0) 16m58.827403368s ago: executing program 32 (id=704): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a03000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000180003801400020000007468305f746f5f68737200000000080002"], 0xe8}}, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000000a00)=ANY=[], 0x237) io_setup(0x19, 0x0) 16m25.973768655s ago: executing program 5 (id=786): syz_usb_connect(0x1, 0x0, 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x48, 0x10, 0x401, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x17b, 0x4c801}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_STATS_ENABLED={0x5}, @IFLA_BR_MCAST_STARTUP_QUERY_INTVL={0xc, 0x23, 0x937}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x10000000}, 0x20040844) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x899, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1c, 0x3, &(0x7f0000000000)=@framed={{0xdb, 0xa, 0xa, 0xfe00, 0xa0, 0x71, 0x10, 0x1d}}, 0x0, 0x7fff, 0x53, 0x0, 0x0, 0x79, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 16m25.294072715s ago: executing program 5 (id=937): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000180)=0x10000000005) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x400000000001, 0x0, 0x1, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f000001a400)=""/102384, 0x18ff0) r4 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000140)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r4, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@private0, @in6=@mcast1, 0x4e20, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x10000, 0x0, 0x9, 0x0, 0x5, 0x0, 0x3, 0xfffffffffffffffe}, {0x7, 0x0, 0xfffffffffffffffc, 0xff}, 0x0, 0x0, 0x1, 0x0, 0x3}, {{@in=@dev={0xac, 0x14, 0x14, 0x3c}, 0x0, 0x32}, 0x0, @in=@private=0xa010100, 0x0, 0x2, 0x0, 0xb7, 0xfffffffe, 0xffffff7e}}, 0xe8) sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x1c) openat$vsock(0xffffffffffffff9c, 0x0, 0x80000, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000) 16m23.587582934s ago: executing program 5 (id=940): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000180)='./file1\x00') mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b) mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x100000, 0x0) 16m17.990946418s ago: executing program 5 (id=958): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newlink={0x2c, 0x10, 0x421, 0x4, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x88aaefad, 0x26d2}, [@IFLA_BROADCAST={0xa}]}, 0x2c}}, 0xc080) 16m2.850607163s ago: executing program 33 (id=958): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newlink={0x2c, 0x10, 0x421, 0x4, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x88aaefad, 0x26d2}, [@IFLA_BROADCAST={0xa}]}, 0x2c}}, 0xc080) 15m57.075076988s ago: executing program 4 (id=1037): socket$packet(0x11, 0x3, 0x300) r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000300)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @remote}, 0x14) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00') preadv(r2, &(0x7f0000000840)=[{&(0x7f0000000500)=""/213, 0xd5}], 0x1, 0x3a, 0x5) 15m56.864009113s ago: executing program 4 (id=1040): r0 = syz_open_procfs(0x0, &(0x7f0000002140)='fdinfo\x00') lseek(r0, 0x40, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000", 0x15) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000004380)=[{{&(0x7f0000000380)={0xa, 0x4e23, 0xc, @private2={0xfc, 0x2, '\x00', 0x1}, 0x4}, 0x1c, 0x0, 0x0, 0xfffffffffffffffe}}, {{&(0x7f00000007c0)={0xa, 0x4e20, 0xbd5, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xfffffffa}, 0x1c, 0x0, 0x0, &(0x7f0000001f80)=[@pktinfo={{0x24, 0x29, 0x32, {@private1}}}], 0x28}}], 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) unshare(0x2040400) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="02142000110000000040000000000000030005000000000002000000ffffffff0000000000000000080012000000010000000000000000000600000000000027b20e97a6a9ecae000000ee00000000000000000000000000fc020000000000000000000000000000030006000000000002000000e00000010000000000000000010018"], 0x88}}, 0x20000000) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) sendmsg$key(r4, &(0x7f0000000040)={0x4000000, 0x0, 0x0}, 0x0) r5 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r5, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) connect$pptp(r5, &(0x7f0000000080)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e) r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0xc0001, 0x0) ioctl$PPPIOCSFLAGS1(r6, 0x40047459, 0x0) r7 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r7, 0x0, 0x0, 0x2409c8c1, &(0x7f0000000240)={0xa, 0x4e20, 0x6, @mcast1}, 0x1c) 15m55.175348949s ago: executing program 4 (id=1044): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56fa8ef1d91a4574758ecefbe1d7a46df6d558ecf1820f", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000600)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945deb5bfaf4c639d9027f17232b1032005eabe97b4dc33a47d3a158da988456d30026b410470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e904a01dcd271eb1c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b4824", 0xc4}], 0x2}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{0x0}, {&(0x7f0000000200)=""/83, 0x34000}], 0x2}, 0x0) 15m54.901610786s ago: executing program 4 (id=1047): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8101, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x3, 0xfffffffe, 0x0, "0062ba7d82000000000000000000f7fffeff00"}) r1 = syz_open_pts(r0, 0x8182) dup3(r1, r0, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') 15m54.626780687s ago: executing program 4 (id=1049): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000340)=[@in6={0xa, 0x4e23, 0x8000, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xfff7fff7}], 0x1c) r1 = accept(r0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x85, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0xffff, 0x992f}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000180)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x9, 0x8, 0x0, 0x0, 0xd0, 0x6, 0x2}, 0x9c) 15m52.842697785s ago: executing program 4 (id=1052): syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x8400, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) ioctl$TIOCGPGRP(r0, 0x540f, 0x0) r2 = getpgrp(0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000002060148000000000000000000000000050005000a000000050001000700000005000400000000000900020073797a310000000015000300686173683a69702c706f72742c6e657400"], 0x50}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) 15m37.710698147s ago: executing program 34 (id=1052): syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x8400, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) ioctl$TIOCGPGRP(r0, 0x540f, 0x0) r2 = getpgrp(0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000002060148000000000000000000000000050005000a000000050001000700000005000400000000000900020073797a310000000015000300686173683a69702c706f72742c6e657400"], 0x50}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) 8.447347992s ago: executing program 0 (id=5567): r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'geneve0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="5800000010000300"/19, @ANYRES32=r1, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c00028005000c00010000001c001a8018000a8014000700fc"], 0x58}, 0x1, 0x2}, 0x0) 8.352487265s ago: executing program 0 (id=5568): setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x40) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x36, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) lstat(&(0x7f0000000180)='./file2\x00', &(0x7f0000000300)) syz_open_dev$vbi(0x0, 0x0, 0x2) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]}) r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, &(0x7f0000000080)={0x7, r4, 0x1}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r6}) ioctl$BLKROSET(r0, 0x125d, &(0x7f0000000140)=0x4) 6.987797496s ago: executing program 2 (id=5580): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="540000001200010800000000000000000203000000000e2200000100ffff00000800000000000000000000008b0000000800000000000000", @ANYRES32=0x0, @ANYBLOB="052261000500000008000000020000000800030011"], 0x54}}, 0x20004010) 6.875025679s ago: executing program 2 (id=5581): r0 = syz_open_dev$loop(0x0, 0x2, 0x2001) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x10, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000007efff100004000", "2809e8dbe108598948224ad51d875397bdb22d0000b420a4a93c527d3d458dd4992861ac000000000000ff07000000000000000600", "f4bd000000801900", [0x8, 0xffffffff9673e35d]}}) r2 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4f2, 0x1421, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xe8, 0xb, "", [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x77fd, 0x0, 0x1, {0x22, 0x1e3}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x5, 0xa, 0x71}}}}}]}}]}}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, &(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x371, {0x9}}}, &(0x7f0000000080)={0xffffffffffffffeb, 0x0, 0x0, 0x0, 0x0, 0x0}) unshare(0x22020600) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mount$overlay(0x0, 0x0, &(0x7f0000000b80), 0x8, &(0x7f0000000440)={[{@workdir={'workdir', 0x3d, './file0'}}, {@verity_off}]}) 6.802413369s ago: executing program 0 (id=5582): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r3, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x1c, &(0x7f0000000140)=[@in6={0xa, 0x4e24, 0xfffffff9, @loopback, 0x10000}]}, &(0x7f0000000100)=0x10) 5.151320761s ago: executing program 7 (id=5589): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="200000002e00090027bd70000000000004000000080018000bac0f00"], 0x20}, 0x1, 0x0, 0x0, 0x42804}, 0x0) 5.091270932s ago: executing program 6 (id=5590): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x0, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}, @flat=@binder={0x73622a85, 0x10b}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000005c0)=[@transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 4.971550956s ago: executing program 7 (id=5592): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001000)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) ioctl$SIOCSIFHWADDR(r2, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @random="0100"}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r3, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @random}) 4.934066649s ago: executing program 6 (id=5593): setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x40) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x36, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) lstat(&(0x7f0000000180)='./file2\x00', &(0x7f0000000300)) syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYBLOB="040892d8a0895188100406c900fc", @ANYRESHEX, @ANYRES32=r3, @ANYRES16], 0x7) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]}) r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, &(0x7f0000000080)={0x7, r4, 0x1}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r6}) ioctl$BLKROSET(r0, 0x125d, &(0x7f0000000140)=0x4) 4.862868371s ago: executing program 3 (id=5594): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x13, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x6a, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x130}, 0x94) socket$nl_xfrm(0x10, 0x3, 0x6) socket(0x400000000010, 0x3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) sendmmsg$alg(r0, &(0x7f0000000700)=[{0x0, 0x0, &(0x7f0000003640)=[{&(0x7f0000000140)="cb67f50b980cac327deac9b9525028a522f52b20dd1f020f91dce1381540762bd7dd2d8d92d3", 0x26}, {0x0}, {0x0}, {&(0x7f0000002400)="307498d3179abe33c0bff68c0b53c97f2ef44673ebefa64bb6861218186d2967efd596d65c8d273db44df06ab8a8e22dc2cd7aa24c1a4c34c8a08be4e12262f3405f6d10ef4b76c11aae8d423018e08ae24cfd5acfe13653443a435a1cc2e8b3df115e4fca2215e0ab", 0x69}, {&(0x7f0000002480)="10b2d9109ee447eb7059a62b8f24de54442f6f5425794561ad7011a7ea02b0149cb34ae16f05a4e9fb2177067865f33d3be0f18ca6ddb8cbe77aa580debf9669f98900a7994bf01c36e3adbf50d7c9c48540072a1e14041f8496d19536d29fe84aa8b9302e72221ba65a19b1fe49e99939b4530815d3531650220623793180a3969d", 0x82}, {&(0x7f0000001400)="67e49c69a093d5f176f7c79d3e8829c17514757c4fd8cb72bda7635d712624d651c5b727f8e2573aea12b63fdeb09f475dc9f0b7e727454925fc53faf9d2392735b854543872e700e5d6941f4a8772c58f457500d708db2f3229b1b662fede4fca2e9a95f41096ec9a2b87d3037762021deef1ed41af440311e947282cb3aee19a41c502e323f059b3ad48f441399806891b9fdc10623ac0a42d7c3ed91b7c908a647dab4fc2d85ebe05f97bb4b9840e0fc643ee53e0ff12b50cea543839767305e9f7f5931e4f878a334e14a3809cfc527ebc7a87d7b292b5dcaeb9a9baff8bab055298dadc217d090d41fdaf06c73bc49aa5708fc7dd4416c4ef6b1b7caac7105b83f10360a7d0c01104aa3ee572e5851714554d24db0277bec1d7460a6e0bfe9339b752c3fd0e765765f24198f7e50037b22808de3ead3f66f31efc5092115b45afbf5dced56f7262b4fa53e4e7141ceb71621347b7829d93ce73722b0fca7ccd6b29331fbce8d29395b73639d3e2e19a5c095a5e97b1960fd2df7a5c5cdd31ffc00ef146622ae3432a9ac0021002c7d18cca75726aff855db05968da6cd8de15c2de5456a43832f05ca4115b6a91f18ce9f3814cf3152b515dcdddee91c2725c3cc0a6752136a6c59d375662e431b13ac3adcf0dcb639f72eac1f713181e7525c25831c16545f4677e60df7521f4964311ffca57c6ea365c5e6aa2d1fbf25ba1baa77f21a4bf7d2b056697f259d854a22f27ff2cef4dbd63ace758e1298f7ef25d8047b0b495c8b02e0e22c033abb0e6e4c70b99635784c74cb7e6c69f7ea41b705189b3651b473aed831379ecab138652c684cc2c0949198108901e034ef9b95411f6e8392d7a64300cfc9ced84def149bb02ff917a8f35f106de5a0f25a898c254ebb19882c34c4fb09019a3baa621b7a83536908827363e236df92945ba1c25c53c5c724fd5197cfae1da9ffb1d541699e63085d661e4a6bea3f0aa35c08b22de0318388e41b324614540f1aeb064497e70eb79321fededc9ea04437f73773da7d0c0667f10e7672cfa8f1aa2391402d2bb6c82097270a5587b5c05ab5813ee61c1a3b684f02fd7122326df0bb99f900d877e3459cb67803d9f0d665fc14c98c3454fb37a810b775068f4dd7c0d3a6de458f9436a72766ad8c8224bdfb0027fbea32c176c64c5c4fbbdad016319498b001966f87bdf36a608ffbe40fc07977756262c9cec1b4ec3c0ed030488660d0ea235d2eab0eb3b3c77176ba7eb1818a89b7fff0e07d1f428339fd640105c5ac1ca32295fd8e8b76b4b01222bfeff56e115760ba602eadb309108540d45302b7f380cf3df10e2a48def26f0a51bc8897d49b9a318586af69bddf876d38bd01c947c3d9ac9cf9e13939fbda11e22ae71723bc4d2155c764a88aecbfa060b50ff41b21a3bbfecdcc141cf066667f8b7fcf357295fa4b4f9ce14b7b3e6eef638420770adb4b8e2d64efdb501b4e95267f6603783a8b5da1f689ed69f843e189a85f967d011b253ec6ccc6f64811352a1cf939fa6bd3f37d1f0d64a4de917e123c201491669174dc9c32f67ccb9a05d05d3f10b21bd2675a7e49c3dfb5996959f37be778216795a50c7351ca11792827bc38e5552ea67b2611a495e374b1657d2fcdfb435e25692cf1dab0ef93f54e52ccdac4b7e9844a613d53a7fc4edce3e85521c65e1a314ef1c6be4c1b00ba306fe853d76214620597513b18a8c1475830d124480494b1da78e5bfd7a37079c7c249271802ed51d8d1cedc423b8605cc544651aa872545a3d92b46ef5a7f540c12876c47e0f8d8b950659bc22a9a562854dcd96da87af3505989f8db7a75d1cae815b210a88e542fa96fab043f6f3639ab6b174d122fcdbd5c80d3289dbe303b28fd72dca273790c33a5498c7fe7e234c67a4a24e0b28c6b2a7774952a6529570f51123c2edccee087da1d6538eacc459fd96e079895517f1dc27223c4a61b858e137fa03c73690fb65c8189e107f93a0bde8a8e74f9655d929cbf21281822ac75a51ba82e04c4fbb58931969bcfba36e2fb7cdc5b2761424dcb9de3a3d05e9d6d5fda843927e902f3de02bd2c4b49409140d2773480bf60c95b18ac8f534ff8d9cb6adc37f5752ef9cb68e9d507818f8d6e65da4aa8dae05448838c546e45f5b1b267b91b318574418c3457649b53b71eda7afd171ee9e6e399348e2134ec12b0ecb174f7ea007a0fc347d862e7ae9eccb16d85ea552b5e00d299a6de51416120c28ed38a33858511f50bbfe83e1ee54b1d18a4805e7246c857b239e2e6677db495bfbcbadb0ddc081bc2efc399449ceb2fc82d077a6aec4567b56d70877ff2c4f5dcd63223e2f36597bfec2c0897952ddda9fcb1579897d6732377c1f24d2356f51874fa48ecd27ca001540fc98644d895b9bd0ecf899187e87fae6225c59a84120c3ee82d8ebbb0979f7d993d39a880d94752b590bd8e0f773fccdea57370fcda362795eb0be5827df0fc2130c8cd28a7b6ae2a6d6ea220c48c588dca55d44c58331db3cef33c2db7e07fcb31423e4ae388b5c34c70773b0fd84f682ecbc3af62a1ed01792481381ea1ed4f688d2ce3d534b619a9b4795fbfaaeb48dcaf70e7f3c960634c2dfd1cdd14d53ce41d95b7726d15f8cfe75eb058d4563f3c4a216cb764f99d5917c2ac5419ecd4490ebc5a9df36837ae3b5755f0e73d65a5543ca29d3060ab6baa045bf06be4dcb6c11b6dec32eef5ffd14f7438b04d9a5c43b092a0ba5c703a53dc4d1fffa36fb42703ada129f93776b40759e1353bc929108595fad1e889dda0017ba54db8893e6b5563e229a4c4399c9c8e32bb6423b4c2c7bc008983c62ea063ea90f110d4d7ef7f5f8758ab20fb38ae8231af191443dd4e6", 0x800}, {&(0x7f0000000440)="399f61aa86dc99fb868ff47d9b19012b0d16c46e5e34daa61f54", 0x1a}], 0x7, 0x0, 0x0, 0x8800}], 0x1, 0x40800) recvmsg(r0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000005580)=""/102392, 0x18ff8) ioctl$SNDCTL_DSP_GETOSPACE(0xffffffffffffffff, 0x8010500c, 0x0) r3 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000036c0)=ANY=[@ANYBLOB="c0010000", @ANYRES16=r3, @ANYBLOB="010000000000000000000100000008000700000000001400020077673000000000000000000000000000900108802c0100801400040002004e207f0000010000000000000000e80009801c000080060001000200000008000200ac14143205000300000000007c000080060001000200000008000200640101020500030003000000060001000a00000014000200ff0200000000000000000000000000010500030003000000060001000200000008000200ac1414810500030003000000060001000a00000014000200ff0200000000000000000000000000010500030003000000f2fd0080060001000a00000014000200ff0100000000000000000000000000010500030000000000060001000a00000014000216fe8000000000000000000000000000bb050003000100000024000100000000000000000000000000000000000000000000000000000000000000000006000500000000005c000080060005000800000008000a000101000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff240002"], 0x1c0}, 0x1, 0x0, 0x0, 0xc811}, 0x40000) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) syz_genetlink_get_family_id$tipc(&(0x7f0000000680), r0) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, 0x0) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001380)={0x0, 0x0, 0x0}, 0x0) 3.784885065s ago: executing program 6 (id=5595): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x101}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r3, &(0x7f0000001a40)=""/102392, 0x18ff8) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x15, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000440)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x4b, 0x700, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df793"}) 3.74620751s ago: executing program 2 (id=5596): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000d"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700020000000000ef000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x36, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 3.294514515s ago: executing program 3 (id=5597): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000580)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x3}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2}}]}}, 0x0, 0x3e, 0x0, 0x3}, 0x28) 3.21374666s ago: executing program 2 (id=5598): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xd, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000700000000000000ffffffff85100000010000009500000000000000180900002020702500000000002020207b1af8ff00000000bd21ffff0000000007010000f8ffffffb502020008000000b70300000000000085000000a000000095"], &(0x7f0000000080)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4000000}, 0x94) 3.213049135s ago: executing program 3 (id=5599): socket$kcm(0x10, 0x2, 0x0) socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=[@cred={{0x1c}}, @rights={{0x10}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x90}, 0x0) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xc, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r3, 0x3e8, 0xf, 0x0, &(0x7f0000000000)="c1df07000e00d30a298ee688655887", 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) 3.147233255s ago: executing program 6 (id=5600): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000fc0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x3, 0xc, &(0x7f00000003c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x1}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffa}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x7}}]}, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 3.010997414s ago: executing program 2 (id=5601): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0200000004000000040e000009"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{}, &(0x7f0000000840), &(0x7f0000000880)=r0}, 0x20) close(r0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000380)={0xffffffffffffffff, &(0x7f0000000900)}, 0x20) 2.950822712s ago: executing program 0 (id=5602): syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000000)=[@text16={0x10, &(0x7f0000000040)="f30f1ecd65f3ff9dd4a7260f01c9f3360f30670f01ca0f01fa8146051900baf80c66b8fa8ecd8c66efbafc0cb8f64aefdbe03e26660f38825f47", 0x3a}], 0x1, 0x5b, 0x0, 0x0) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x3, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x416100, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000100)={[0xda4, 0x100, 0x7, 0x20000044a0, 0x81, 0x7fffffff, 0x3, 0xa4e, 0x94, 0x7, 0xffffffffffffff81, 0xb218, 0xa, 0x1000, 0xa, 0x7], 0xd000, 0x2}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.950240063s ago: executing program 3 (id=5603): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x0, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}, @flat=@binder={0x73622a85, 0x10b}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000005c0)=[@transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 2.948162347s ago: executing program 6 (id=5604): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000) r0 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) keyctl$instantiate(0xc, 0x0, 0x0, 0x2a, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/crypto\x00', 0x0, 0x0) pread64(r2, 0x0, 0x0, 0x8d35) 2.922024693s ago: executing program 2 (id=5605): setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x40) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x36, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) lstat(&(0x7f0000000180)='./file2\x00', &(0x7f0000000300)) syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYBLOB="040892d8a0895188100406c900fc", @ANYRESHEX, @ANYRES32=r3, @ANYRES16], 0x7) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]}) r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, &(0x7f0000000080)={0x7, r4, 0x1}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r6}) ioctl$BLKROSET(r0, 0x125d, &(0x7f0000000140)=0x4) 2.869415359s ago: executing program 7 (id=5606): r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$inet6(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0xa, 0x4e20, 0x951, @local}, 0x1c, 0x0, 0x0, &(0x7f0000002cc0)=[@hopopts={{0x18, 0x29, 0x36, {0x2b}}}], 0x18}, 0x0) 2.68310198s ago: executing program 3 (id=5607): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x850}, 0x40) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_int(r1, 0x29, 0x1a, 0x0, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e23, 0xa, @empty, 0x9}, 0x1c) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) sendmmsg$inet6(r1, &(0x7f0000000480)=[{{&(0x7f0000000040)={0xa, 0x4e23, 0xb, @loopback, 0x1}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000140)='2', 0x1}], 0x1}}], 0x1, 0x8000) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e23, 0x100002, @ipv4={'\x00', '\xff\xff', @empty}, 0x1e}, 0x1c) sendmmsg$inet6(r2, &(0x7f0000000680)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0xab, @loopback, 0x8}, 0x1c, &(0x7f0000000780)=[{&(0x7f0000000900)='2', 0x1}], 0x1}}], 0x1, 0x20000014) 1.079281279s ago: executing program 7 (id=5608): rseq(&(0x7f0000001080)={0x0, 0x0, 0x0, 0x2}, 0xfe7c, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000100000000000000000000180100002020782500000000002020207b1af8ff00000000bfa1000000000000070100", @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) epoll_create(0x6) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x4000000000001, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$inet_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, 0x0, 0x0) getsockopt$bt_l2cap_L2CAP_CONNINFO(0xffffffffffffffff, 0x6, 0x2, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x109001, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x19) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r3}, &(0x7f0000000340)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r4 = mq_open(&(0x7f0000000200)='!se\xf7ih,\x17i\xeb-\xed\xacP\xe6lNn\x00xseqinux\x10', 0x6e93ebbbcc0884f2, 0x2, &(0x7f0000000300)={0x0, 0x1, 0x6}) mq_timedsend(r4, 0x0, 0x0, 0x0, 0x0) mq_timedsend(r4, 0x0, 0x0, 0xff7f000000000000, 0x0) 648.607349ms ago: executing program 0 (id=5609): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a58000000060a010400000000000000000a0000010900010073797a31000000000900020073797a32000000002c00048010000180090001006d617371"], 0x80}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) 623.979852ms ago: executing program 7 (id=5610): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x101}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r3, &(0x7f0000001a40)=""/102392, 0x18ff8) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x15, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000440)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x4b, 0x700, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df793"}) 531.630867ms ago: executing program 6 (id=5611): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0b04000000000000000002000000400004803c0001800a0001006c696d69740000002c00028008000540000000000c000140000000000000000608000440000000010c00024000000000000015370900010073797a30000000000900020073797a32"], 0x94}}, 0x0) 31.826762ms ago: executing program 3 (id=5612): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0x2000000000000019, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 21.285175ms ago: executing program 0 (id=5613): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r3, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x1c, &(0x7f0000000140)=[@in6={0xa, 0x4e24, 0xfffffff9, @loopback, 0x10000}]}, &(0x7f0000000100)=0x10) 0s ago: executing program 7 (id=5614): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT(0xffffffffffffffff, 0x4004f506, &(0x7f0000000180)=0x1) writev(0xffffffffffffffff, &(0x7f0000000840)=[{0x0}], 0x1) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(0xffffffffffffffff, 0x8004587d, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) socket$igmp(0x2, 0x3, 0x2) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000080)) listen(r0, 0x90004) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) ppoll(&(0x7f00000000c0)=[{r0, 0x60}], 0x1, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nbd(0x0, 0xffffffffffffffff) kernel console output (not intermixed with test programs): =0 gid=0 ses=4294967295 subj=_ pid=18571 comm="syz.7.4169" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8e12e3c819 code=0x0 [ 973.574283][ T43] usb 1-1: new low-speed USB device number 3 using dummy_hcd [ 973.581434][T18609] loop2: detected capacity change from 0 to 7 [ 973.589889][T18609] Dev loop2: unable to read RDB block 7 [ 973.589921][T18609] loop2: AHDI p1 p2 p3 [ 973.589950][T18609] loop2: partition table partially beyond EOD, truncated [ 973.590157][T18609] loop2: p1 start 1601398130 is beyond EOD, truncated [ 973.590174][T18609] loop2: p2 start 1702059890 is beyond EOD, truncated [ 973.804481][ T5164] Dev loop2: unable to read RDB block 7 [ 973.804512][ T5164] loop2: AHDI p1 p2 p3 [ 973.804539][ T5164] loop2: partition table partially beyond EOD, truncated [ 973.804766][ T5164] loop2: p1 start 1601398130 is beyond EOD, truncated [ 973.804783][ T5164] loop2: p2 start 1702059890 is beyond EOD, truncated [ 973.834277][ T5880] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 974.086247][ T5880] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 974.087206][ T5880] usb 7-1: New USB device found, idVendor=04f2, idProduct=1421, bcdDevice= 0.00 [ 974.087437][ T5880] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 974.584973][ T43] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 974.585036][ T43] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 974.585063][ T43] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 974.585087][ T43] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 974.585112][ T43] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 974.586134][ T43] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 974.586199][ T43] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 974.586225][ T43] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 974.586249][ T43] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 974.586274][ T43] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 974.588271][ T43] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 974.588319][ T43] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 974.588344][ T43] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 974.588369][ T43] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 974.588393][ T43] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 974.595215][ T43] usb 1-1: string descriptor 0 read error: -22 [ 974.595352][ T43] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 974.595375][ T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 974.809450][ T5880] usb 7-1: config 0 descriptor?? [ 974.822756][ T43] adutux 1-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 974.873400][ T5164] Dev loop2: unable to read RDB block 7 [ 974.873420][ T5164] loop2: AHDI p1 p2 p3 [ 974.873935][ T5164] loop2: partition table partially beyond EOD, truncated [ 974.898278][ T5164] loop2: p1 start 1601398130 is beyond EOD, truncated [ 974.899290][ T5164] loop2: p2 start 1702059890 is beyond EOD, truncated [ 974.899716][ T43] usb 1-1: USB disconnect, device number 3 [ 976.701592][ T5880] hid_parser_main: 260 callbacks suppressed [ 976.701615][ T5880] chicony 0003:04F2:1421.0007: unknown main item tag 0x0 [ 976.701644][ T5880] chicony 0003:04F2:1421.0007: unknown main item tag 0x0 [ 976.701670][ T5880] chicony 0003:04F2:1421.0007: unknown main item tag 0x0 [ 976.701696][ T5880] chicony 0003:04F2:1421.0007: unknown main item tag 0x0 [ 976.701721][ T5880] chicony 0003:04F2:1421.0007: unknown main item tag 0x0 [ 976.701747][ T5880] chicony 0003:04F2:1421.0007: unknown main item tag 0x0 [ 976.701772][ T5880] chicony 0003:04F2:1421.0007: unknown main item tag 0x0 [ 976.701797][ T5880] chicony 0003:04F2:1421.0007: unknown main item tag 0x0 [ 976.701822][ T5880] chicony 0003:04F2:1421.0007: unknown main item tag 0x0 [ 976.701846][ T5880] chicony 0003:04F2:1421.0007: unknown main item tag 0x0 [ 976.712910][ T5880] chicony 0003:04F2:1421.0007: item fetching failed at offset 314/483 [ 976.713692][ T5880] chicony 0003:04F2:1421.0007: Chicony hid parse failed: -22 [ 976.713764][ T5880] chicony 0003:04F2:1421.0007: probe with driver chicony failed with error -22 [ 977.191053][ C0] blk_print_req_error: 30 callbacks suppressed [ 977.191075][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 977.191108][ C0] buffer_io_error: 30 callbacks suppressed [ 977.191122][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 977.197622][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 977.197657][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 977.204687][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 977.204721][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 977.207595][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 977.207628][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 977.213941][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 977.213973][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 977.294852][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 977.294892][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 977.299986][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 977.300020][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 977.300118][ T5164] ldm_validate_partition_table(): Disk read failed. [ 977.671775][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 977.671911][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 977.764791][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 977.764897][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 977.768824][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 977.768902][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 978.134368][ T5164] Dev loop2: unable to read RDB block 0 [ 978.139645][ T5164] loop2: unable to read partition table [ 978.139875][ T5164] loop2: partition table beyond EOD, truncated [ 978.359963][ T5880] usb 7-1: USB disconnect, device number 12 [ 979.257572][T18657] fuse: Bad value for 'fd' [ 993.027725][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.027818][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 999.120972][T18876] binder: 18875:18876 ioctl c0189376 0 returned -22 [ 1005.400322][T18912] binder: 18909:18912 ioctl c0189376 0 returned -22 [ 1014.470803][ T5114] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 1014.470856][ T5114] CPU: 0 UID: 0 PID: 5114 Comm: kworker/u9:1 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1014.470883][ T5114] Tainted: [L]=SOFTLOCKUP [ 1014.470890][ T5114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1014.470903][ T5114] Workqueue: hci4 hci_rx_work [ 1014.471109][ T5114] Call Trace: [ 1014.471122][ T5114] [ 1014.471131][ T5114] dump_stack_lvl+0xe8/0x150 [ 1014.471165][ T5114] sysfs_create_dir_ns+0x271/0x2a0 [ 1014.471229][ T5114] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 1014.471319][ T5114] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1014.471345][ T5114] ? rt_spin_unlock+0x160/0x200 [ 1014.471376][ T5114] kobject_add_internal+0x631/0xd10 [ 1014.471435][ T5114] kobject_add+0x163/0x240 [ 1014.471464][ T5114] ? __pfx_kobject_add+0x10/0x10 [ 1014.471493][ T5114] ? get_device_parent+0x370/0x3a0 [ 1014.471557][ T5114] device_add+0x408/0xb80 [ 1014.471583][ T5114] hci_conn_add_sysfs+0xd5/0x210 [ 1014.471665][ T5114] le_conn_complete_evt+0x10e6/0x16b0 [ 1014.471748][ T5114] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1014.471775][ T5114] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1014.471799][ T5114] ? lockdep_hardirqs_on+0x7a/0x110 [ 1014.471849][ T5114] ? skb_pull_data+0xfb/0x200 [ 1014.471934][ T5114] hci_le_conn_complete_evt+0x187/0x470 [ 1014.471966][ T5114] hci_event_packet+0x659/0xef0 [ 1014.472017][ T5114] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 1014.472045][ T5114] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1014.472067][ T5114] ? __pfx_hci_event_packet+0x10/0x10 [ 1014.472084][ T5114] ? rt_spin_unlock+0x14f/0x200 [ 1014.472120][ T5114] ? hci_send_to_monitor+0xe2/0x590 [ 1014.472148][ T5114] hci_rx_work+0x3ee/0x1030 [ 1014.472175][ T5114] ? process_scheduled_works+0xa8d/0x18c0 [ 1014.472204][ T5114] process_scheduled_works+0xb6e/0x18c0 [ 1014.472271][ T5114] ? __pfx_process_scheduled_works+0x10/0x10 [ 1014.472305][ T5114] ? assign_work+0x3d5/0x5e0 [ 1014.472337][ T5114] worker_thread+0xa53/0xfc0 [ 1014.472390][ T5114] kthread+0x388/0x470 [ 1014.472414][ T5114] ? __pfx_worker_thread+0x10/0x10 [ 1014.472441][ T5114] ? __pfx_kthread+0x10/0x10 [ 1014.472464][ T5114] ret_from_fork+0x51e/0xb90 [ 1014.472494][ T5114] ? __pfx_ret_from_fork+0x10/0x10 [ 1014.472521][ T5114] ? __switch_to+0xc7d/0x1450 [ 1014.472550][ T5114] ? __pfx_kthread+0x10/0x10 [ 1014.472572][ T5114] ret_from_fork_asm+0x1a/0x30 [ 1014.472609][ T5114] [ 1014.517905][ T5114] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 1014.521056][ T5114] Bluetooth: hci4: failed to register connection device [ 1017.647559][T18999] netlink: 116 bytes leftover after parsing attributes in process `syz.0.4313'. [ 1017.963825][T18971] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 1018.114286][ T5968] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 1018.244327][ T5968] usb 4-1: device descriptor read/64, error -71 [ 1018.706282][ T5968] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 1020.323193][ T5968] usb 4-1: device descriptor read/64, error -71 [ 1020.637624][ T5968] usb usb4-port1: attempt power cycle [ 1022.178585][T18971] Bluetooth: hci4: command 0x0406 tx timeout [ 1023.215905][ T5880] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 1023.358901][ T5880] usb 3-1: device descriptor read/64, error -71 [ 1023.443354][T19065] tipc: Started in network mode [ 1023.443385][T19065] tipc: Node identity 1e00328da0bc, cluster identity 4711 [ 1023.443572][T19065] tipc: Enabled bearer , priority 0 [ 1023.463984][T19065] syzkaller0: entered promiscuous mode [ 1023.464009][T19065] syzkaller0: entered allmulticast mode [ 1023.604465][ T5880] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 1023.736486][ T5880] usb 3-1: device descriptor read/64, error -71 [ 1023.844889][ T5880] usb usb3-port1: attempt power cycle [ 1023.892107][T19064] tipc: Resetting bearer [ 1024.106623][T19064] tipc: Disabling bearer [ 1024.184327][ T5880] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 1024.214478][ T5880] usb 3-1: device descriptor read/8, error -71 [ 1024.454661][ T5880] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 1024.682516][ T5880] usb 3-1: device descriptor read/8, error -71 [ 1024.889598][ T5880] usb usb3-port1: unable to enumerate USB device [ 1029.150102][ T5883] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 1029.406004][T18495] usb 4-1: new low-speed USB device number 28 using dummy_hcd [ 1029.720701][T18495] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 1029.720733][T18495] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1029.720747][T18495] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1029.720760][T18495] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1029.720773][T18495] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1029.722617][T18495] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 1029.722660][T18495] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1029.722675][T18495] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1029.722687][T18495] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1029.722700][T18495] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1029.754282][ T5883] usb 7-1: device descriptor read/64, error -71 [ 1029.851447][T18495] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 1029.862077][T18495] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1029.862111][T18495] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1029.862137][T18495] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1029.862163][T18495] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1029.918450][T18495] usb 4-1: string descriptor 0 read error: -22 [ 1029.918572][T18495] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1029.918594][T18495] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1029.984389][T18495] adutux 4-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 1030.046775][ T5883] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 1030.928585][ T5880] usb 4-1: USB disconnect, device number 28 [ 1031.035653][ T5883] usb 7-1: device descriptor read/64, error -71 [ 1031.459412][ T5883] usb usb7-port1: attempt power cycle [ 1036.222770][ T5880] usb 1-1: new low-speed USB device number 4 using dummy_hcd [ 1036.376799][ T5880] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 1036.376853][ T5880] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1036.376879][ T5880] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1036.376904][ T5880] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1036.376928][ T5880] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1036.378195][ T5880] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 1036.378238][ T5880] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1036.378265][ T5880] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1036.378288][ T5880] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1036.378313][ T5880] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1036.381557][ T5880] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 1036.381606][ T5880] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1036.381632][ T5880] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1036.381656][ T5880] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1036.381681][ T5880] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1036.398453][ T5880] usb 1-1: string descriptor 0 read error: -22 [ 1036.398612][ T5880] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1036.398635][ T5880] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1036.450118][ T5880] adutux 1-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 1037.321448][ T5880] usb 1-1: USB disconnect, device number 4 [ 1040.081318][ T5799] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 1040.081347][ T5799] CPU: 1 UID: 0 PID: 5799 Comm: kworker/u9:2 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1040.081377][ T5799] Tainted: [L]=SOFTLOCKUP [ 1040.081386][ T5799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1040.081399][ T5799] Workqueue: hci2 hci_rx_work [ 1040.081425][ T5799] Call Trace: [ 1040.081432][ T5799] [ 1040.081441][ T5799] dump_stack_lvl+0xe8/0x150 [ 1040.081474][ T5799] sysfs_create_dir_ns+0x271/0x2a0 [ 1040.081501][ T5799] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 1040.081532][ T5799] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1040.081560][ T5799] ? rt_spin_unlock+0x160/0x200 [ 1040.081590][ T5799] kobject_add_internal+0x631/0xd10 [ 1040.081631][ T5799] kobject_add+0x163/0x240 [ 1040.081662][ T5799] ? __pfx_kobject_add+0x10/0x10 [ 1040.081693][ T5799] ? get_device_parent+0x370/0x3a0 [ 1040.081722][ T5799] device_add+0x408/0xb80 [ 1040.081749][ T5799] hci_conn_add_sysfs+0xd5/0x210 [ 1040.081783][ T5799] le_conn_complete_evt+0x10e6/0x16b0 [ 1040.081821][ T5799] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1040.081846][ T5799] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1040.081870][ T5799] ? lockdep_hardirqs_on+0x7a/0x110 [ 1040.081894][ T5799] ? skb_pull_data+0xfb/0x200 [ 1040.081922][ T5799] hci_le_conn_complete_evt+0x187/0x470 [ 1040.081953][ T5799] hci_event_packet+0x659/0xef0 [ 1040.081978][ T5799] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 1040.082005][ T5799] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1040.082026][ T5799] ? __pfx_hci_event_packet+0x10/0x10 [ 1040.082042][ T5799] ? rt_spin_unlock+0x14f/0x200 [ 1040.082085][ T5799] ? hci_send_to_monitor+0xe2/0x590 [ 1040.082113][ T5799] hci_rx_work+0x3ee/0x1030 [ 1040.082138][ T5799] ? process_scheduled_works+0xa8d/0x18c0 [ 1040.082169][ T5799] process_scheduled_works+0xb6e/0x18c0 [ 1040.082228][ T5799] ? __pfx_process_scheduled_works+0x10/0x10 [ 1040.082261][ T5799] ? assign_work+0x3d5/0x5e0 [ 1040.082292][ T5799] worker_thread+0xa53/0xfc0 [ 1040.082348][ T5799] kthread+0x388/0x470 [ 1040.082370][ T5799] ? __pfx_worker_thread+0x10/0x10 [ 1040.082396][ T5799] ? __pfx_kthread+0x10/0x10 [ 1040.082418][ T5799] ret_from_fork+0x51e/0xb90 [ 1040.082449][ T5799] ? __pfx_ret_from_fork+0x10/0x10 [ 1040.082473][ T5799] ? __switch_to+0xc7d/0x1450 [ 1040.082500][ T5799] ? __pfx_kthread+0x10/0x10 [ 1040.082521][ T5799] ret_from_fork_asm+0x1a/0x30 [ 1040.082559][ T5799] [ 1040.082674][ T5799] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 1040.082713][ T5799] Bluetooth: hci2: failed to register connection device [ 1040.084434][T11517] usb 8-1: new low-speed USB device number 12 using dummy_hcd [ 1040.327158][T11517] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 1040.327210][T11517] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1040.327236][T11517] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1040.327257][T11517] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1040.327282][T11517] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1040.328305][T11517] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 1040.328349][T11517] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1040.328374][T11517] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1040.328397][T11517] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1040.328421][T11517] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1040.360622][T11517] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 1040.360673][T11517] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1040.360699][T11517] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1040.360722][T11517] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1040.360746][T11517] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1040.368416][T11517] usb 8-1: string descriptor 0 read error: -22 [ 1040.368547][T11517] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1040.368568][T11517] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1040.439984][T11517] adutux 8-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 1040.602454][T16942] usb 8-1: USB disconnect, device number 12 [ 1041.934373][ T5880] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 1042.203418][ T5880] usb 3-1: config index 0 descriptor too short (expected 45, got 36) [ 1042.203745][ T5880] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1042.203795][ T5880] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1042.203841][ T5880] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1042.204106][ T5880] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1042.271485][ T5880] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1042.432901][ T5880] usb 3-1: config 0 descriptor?? [ 1043.148521][ T5880] hid_parser_main: 260 callbacks suppressed [ 1043.148544][ T5880] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 1043.148573][ T5880] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 1043.148598][ T5880] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 1043.148624][ T5880] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 1043.148649][ T5880] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 1043.148675][ T5880] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 1043.148701][ T5880] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 1043.148727][ T5880] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 1043.148752][ T5880] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 1043.148778][ T5880] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 1043.289849][ T5880] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 1043.497126][ T5880] usb 3-1: USB disconnect, device number 11 [ 1045.098482][T19311] batadv0: entered promiscuous mode [ 1045.394298][T16942] usb 3-1: new low-speed USB device number 12 using dummy_hcd [ 1045.551775][T16942] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 1045.551829][T16942] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1045.551857][T16942] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1045.551881][T16942] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1045.551906][T16942] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1045.552972][T16942] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 1045.553016][T16942] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1045.553043][T16942] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1045.553068][T16942] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1045.553093][T16942] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1046.454258][T16942] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 1046.454316][T16942] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1046.454342][T16942] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1046.454368][T16942] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1046.454393][T16942] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1046.562587][T16942] usb 3-1: string descriptor 0 read error: -22 [ 1046.562737][T16942] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1046.562759][T16942] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1046.625528][T16942] adutux 3-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 1046.823918][T16942] usb 3-1: USB disconnect, device number 12 [ 1051.095038][T10388] usb 1-1: new low-speed USB device number 5 using dummy_hcd [ 1051.504659][T10388] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 1051.504714][T10388] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1051.504741][T10388] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1051.504765][T10388] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1051.504790][T10388] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1051.506249][T10388] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 1051.506296][T10388] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1051.506322][T10388] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1051.506347][T10388] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1051.506372][T10388] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1051.507391][T10388] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 1051.507438][T10388] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1051.507464][T10388] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1051.507488][T10388] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1051.507513][T10388] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1051.510587][T10388] usb 1-1: string descriptor 0 read error: -22 [ 1051.510722][T10388] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1051.510746][T10388] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1051.753944][T10388] adutux 1-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 1051.927162][T10388] usb 1-1: USB disconnect, device number 5 [ 1054.474134][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.480920][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 1056.063049][T19445] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4472'. [ 1056.087078][T19445] netlink: 64 bytes leftover after parsing attributes in process `syz.7.4472'. [ 1057.634106][T19474] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4483'. [ 1057.691714][T19474] netlink: 64 bytes leftover after parsing attributes in process `syz.2.4483'. [ 1059.388004][T19497] netlink: 20 bytes leftover after parsing attributes in process `syz.7.4491'. [ 1059.603412][T19503] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4495'. [ 1059.638386][T19503] netlink: 64 bytes leftover after parsing attributes in process `syz.7.4495'. [ 1061.776896][T19537] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4508'. [ 1061.788377][T19537] netlink: 64 bytes leftover after parsing attributes in process `syz.3.4508'. [ 1062.164472][T11517] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 1062.328072][T11517] usb 1-1: Using ep0 maxpacket: 16 [ 1062.331392][T11517] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 255, changing to 7 [ 1062.333946][T11517] usb 1-1: New USB device found, idVendor=0499, idProduct=1004, bcdDevice= 0.40 [ 1062.333972][T11517] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1062.333990][T11517] usb 1-1: Product: syz [ 1062.334004][T11517] usb 1-1: Manufacturer: syz [ 1062.334017][T11517] usb 1-1: SerialNumber: syz [ 1062.591693][T11517] usb 1-1: 1:1 : invalid UAC_FORMAT_TYPE desc [ 1062.593133][T11517] usb 1-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 1062.965399][T11517] usb 1-1: USB disconnect, device number 6 [ 1063.036572][T19269] udevd[19269]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1063.198147][T19566] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4519'. [ 1063.241060][T19566] netlink: 64 bytes leftover after parsing attributes in process `syz.0.4519'. [ 1064.327495][T19587] loop2: detected capacity change from 0 to 7 [ 1064.328507][T19587] Dev loop2: unable to read RDB block 7 [ 1064.328535][T19587] loop2: AHDI p1 p2 p3 [ 1064.328560][T19587] loop2: partition table partially beyond EOD, truncated [ 1064.328767][T19587] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1064.328785][T19587] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1065.060701][T19601] team_slave_0: entered promiscuous mode [ 1065.060754][T19601] team_slave_1: entered promiscuous mode [ 1065.316422][T19607] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4531'. [ 1065.332480][T19607] netlink: 64 bytes leftover after parsing attributes in process `syz.2.4531'. [ 1065.858391][T19621] syzkaller0: entered promiscuous mode [ 1065.858418][T19621] syzkaller0: entered allmulticast mode [ 1065.881510][T19623] loop2: detected capacity change from 0 to 7 [ 1065.896428][T19623] Dev loop2: unable to read RDB block 7 [ 1065.896464][T19623] loop2: AHDI p1 p2 p3 [ 1065.896491][T19623] loop2: partition table partially beyond EOD, truncated [ 1065.896730][T19623] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1065.896749][T19623] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1066.428898][ C1] blk_print_req_error: 10 callbacks suppressed [ 1066.428931][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1066.428961][ C1] buffer_io_error: 10 callbacks suppressed [ 1066.428972][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 1066.429243][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1066.429273][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 1066.429488][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1066.429516][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 1066.429745][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1066.429771][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 1066.430039][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1066.430065][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 1066.430370][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1066.430397][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 1066.430625][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1066.430651][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 1066.430720][ T5164] ldm_validate_partition_table(): Disk read failed. [ 1066.430881][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1066.430907][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 1066.432323][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1066.432360][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 1066.432571][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1066.432606][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 1066.432867][ T5164] Dev loop2: unable to read RDB block 0 [ 1066.433749][ T5164] loop2: unable to read partition table [ 1066.433960][ T5164] loop2: partition table beyond EOD, truncated [ 1066.479491][T19638] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4544'. [ 1066.706464][T19642] netlink: 64 bytes leftover after parsing attributes in process `syz.6.4544'. [ 1067.254299][T10388] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 1067.535135][T10388] usb 4-1: Using ep0 maxpacket: 32 [ 1067.544451][T10388] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1067.544478][T10388] usb 4-1: config 0 has no interfaces? [ 1067.576790][T10388] usb 4-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f [ 1067.576818][T10388] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1067.576836][T10388] usb 4-1: Product: syz [ 1067.576850][T10388] usb 4-1: Manufacturer: syz [ 1067.576863][T10388] usb 4-1: SerialNumber: syz [ 1067.644044][T10388] usb 4-1: config 0 descriptor?? [ 1067.857139][T18971] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1067.862324][T18971] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1067.869426][T18971] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1067.907432][T18971] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1067.910842][T10388] usb 4-1: USB disconnect, device number 29 [ 1067.931529][T18971] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1068.514269][T11517] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 1068.874052][T11517] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1068.874709][T11517] usb 3-1: New USB device found, idVendor=04f2, idProduct=1421, bcdDevice= 0.00 [ 1068.874789][T11517] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1069.083799][T11517] usb 3-1: config 0 descriptor?? [ 1069.115535][T19664] chnl_net:caif_netlink_parms(): no params data found [ 1069.289027][T19664] bridge0: port 1(bridge_slave_0) entered blocking state [ 1069.289225][T19664] bridge0: port 1(bridge_slave_0) entered disabled state [ 1069.289397][T19664] bridge_slave_0: entered allmulticast mode [ 1069.291982][T19664] bridge_slave_0: entered promiscuous mode [ 1069.321976][T19664] bridge0: port 2(bridge_slave_1) entered blocking state [ 1069.322191][T19664] bridge0: port 2(bridge_slave_1) entered disabled state [ 1069.322405][T19664] bridge_slave_1: entered allmulticast mode [ 1069.345619][T19664] bridge_slave_1: entered promiscuous mode [ 1069.509028][T11517] hid_parser_main: 1 callbacks suppressed [ 1069.509050][T11517] chicony 0003:04F2:1421.0009: unknown main item tag 0x0 [ 1069.509079][T11517] chicony 0003:04F2:1421.0009: unknown main item tag 0x0 [ 1069.509105][T11517] chicony 0003:04F2:1421.0009: unknown main item tag 0x0 [ 1069.509131][T11517] chicony 0003:04F2:1421.0009: unknown main item tag 0x0 [ 1069.509157][T11517] chicony 0003:04F2:1421.0009: unknown main item tag 0x0 [ 1069.509182][T11517] chicony 0003:04F2:1421.0009: unknown main item tag 0x0 [ 1069.509207][T11517] chicony 0003:04F2:1421.0009: unknown main item tag 0x0 [ 1069.539150][T11517] chicony 0003:04F2:1421.0009: unknown main item tag 0x0 [ 1069.539185][T11517] chicony 0003:04F2:1421.0009: unknown main item tag 0x0 [ 1069.539211][T11517] chicony 0003:04F2:1421.0009: unknown main item tag 0x0 [ 1069.556827][T19664] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1069.634464][T19664] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1069.665630][T11517] chicony 0003:04F2:1421.0009: hidraw0: USB HID v77.fd Device [HID 04f2:1421] on usb-dummy_hcd.2-1/input0 [ 1069.688859][T19685] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4560'. [ 1069.740432][T19687] netlink: 64 bytes leftover after parsing attributes in process `syz.3.4560'. [ 1070.027060][T18971] Bluetooth: hci1: command tx timeout [ 1070.304923][T19664] team0: Port device team_slave_0 added [ 1070.308203][T19664] team0: Port device team_slave_1 added [ 1070.356932][ T5880] usb 3-1: USB disconnect, device number 13 [ 1070.459195][T19664] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1070.459212][T19664] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1070.459236][T19664] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1070.461287][T19664] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1070.461301][T19664] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1070.461326][T19664] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1071.935924][T19703] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4565'. [ 1072.094459][T18971] Bluetooth: hci1: command tx timeout [ 1072.780204][T19664] hsr_slave_0: entered promiscuous mode [ 1072.781445][T19664] hsr_slave_1: entered promiscuous mode [ 1072.782301][T19664] debugfs: 'hsr0' already exists in 'hsr' [ 1072.782323][T19664] Cannot create hsr debugfs directory [ 1074.760642][T18971] Bluetooth: hci1: command tx timeout [ 1075.045768][T19722] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1075.587801][T10388] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 1076.864209][T18971] Bluetooth: hci1: command tx timeout [ 1077.076707][T10388] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1077.076752][T10388] usb 7-1: New USB device found, idVendor=04f2, idProduct=1421, bcdDevice= 0.00 [ 1077.076775][T10388] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1077.081865][T10388] usb 7-1: config 0 descriptor?? [ 1077.865355][ T5883] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 1077.941893][T10388] hid_parser_main: 437 callbacks suppressed [ 1077.941916][T10388] chicony 0003:04F2:1421.000A: unknown main item tag 0x0 [ 1077.941945][T10388] chicony 0003:04F2:1421.000A: unknown main item tag 0x0 [ 1077.941972][T10388] chicony 0003:04F2:1421.000A: unknown main item tag 0x0 [ 1077.941997][T10388] chicony 0003:04F2:1421.000A: unknown main item tag 0x0 [ 1077.942022][T10388] chicony 0003:04F2:1421.000A: unknown main item tag 0x0 [ 1077.942048][T10388] chicony 0003:04F2:1421.000A: unknown main item tag 0x0 [ 1077.942073][T10388] chicony 0003:04F2:1421.000A: unknown main item tag 0x0 [ 1077.942099][T10388] chicony 0003:04F2:1421.000A: unknown main item tag 0x0 [ 1077.942125][T10388] chicony 0003:04F2:1421.000A: unknown main item tag 0x0 [ 1077.942151][T10388] chicony 0003:04F2:1421.000A: unknown main item tag 0x0 [ 1078.084705][T10388] chicony 0003:04F2:1421.000A: hidraw0: USB HID v77.fd Device [HID 04f2:1421] on usb-dummy_hcd.6-1/input0 [ 1078.116237][ T5883] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1078.116262][ T5883] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1078.153846][ T5883] usb 4-1: New USB device found, idVendor=046d, idProduct=0990, bcdDevice= 0.40 [ 1078.153875][ T5883] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1078.153891][ T5883] usb 4-1: Product: syz [ 1078.153903][ T5883] usb 4-1: Manufacturer: syz [ 1078.153915][ T5883] usb 4-1: SerialNumber: syz [ 1078.316530][T19664] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1079.349279][ T5883] usb 4-1: 0:1 : does not exist [ 1079.349360][ T5883] usb 4-1: unit 6 not found! [ 1079.349382][ T5883] usb 4-1: unit 2 not found! [ 1079.407077][ T5882] usb 7-1: USB disconnect, device number 16 [ 1079.578325][ T5883] usb 4-1: USB disconnect, device number 30 [ 1079.591277][T19747] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4579'. [ 1079.750159][T19269] udevd[19269]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1082.199271][T19766] binder: BINDER_SET_CONTEXT_MGR already set [ 1082.199286][T19766] binder: 19762:19766 ioctl 4018620d 200000004a80 returned -16 [ 1082.210135][T19664] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1083.465821][T19779] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4590'. [ 1083.614347][T18495] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 1083.776508][T18495] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1083.776534][T18495] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1083.779053][T18495] usb 4-1: New USB device found, idVendor=046d, idProduct=0990, bcdDevice= 0.40 [ 1083.779080][T18495] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1083.779098][T18495] usb 4-1: Product: syz [ 1083.779111][T18495] usb 4-1: Manufacturer: syz [ 1083.779124][T18495] usb 4-1: SerialNumber: syz [ 1083.944356][T19664] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1084.128568][T18495] usb 4-1: 0:1 : does not exist [ 1084.128635][T18495] usb 4-1: unit 6 not found! [ 1084.128645][T18495] usb 4-1: unit 2 not found! [ 1084.175367][T18495] usb 4-1: USB disconnect, device number 31 [ 1084.221834][T19269] udevd[19269]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1085.958410][T19664] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1088.049720][ T4488] bridge_slave_1: left allmulticast mode [ 1088.049746][ T4488] bridge_slave_1: left promiscuous mode [ 1088.049977][ T4488] bridge0: port 2(bridge_slave_1) entered disabled state [ 1088.126843][ T36] audit: type=1326 audit(1775355132.233:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19824 comm="syz.2.4605" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb2a360c819 code=0x0 [ 1088.177779][ T4488] bridge_slave_0: left allmulticast mode [ 1088.177807][ T4488] bridge_slave_0: left promiscuous mode [ 1088.178044][ T4488] bridge0: port 1(bridge_slave_0) entered disabled state [ 1090.769508][T18495] IPVS: starting estimator thread 0... [ 1090.772686][T19831] net_ratelimit: 30 callbacks suppressed [ 1090.772701][T19831] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 1090.855424][T19839] IPVS: using max 15 ests per chain, 36000 per kthread [ 1091.904766][ T4488] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1091.965755][ T4488] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1092.008170][ T4488] bond0 (unregistering): Released all slaves [ 1093.906453][T19868] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4617'. [ 1094.042675][T19869] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 1095.656911][T19664] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1095.710475][T19664] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1095.805520][T19664] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1095.877573][T19884] 9p: Bad value for 'wfdno' [ 1096.004684][ T4488] hsr_slave_0: left promiscuous mode [ 1096.056607][ T4488] hsr_slave_1: left promiscuous mode [ 1096.058945][ T4488] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1096.058971][ T4488] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1096.115908][ T4488] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1096.115935][ T4488] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1096.409411][ T4488] veth1_macvtap: left promiscuous mode [ 1096.409472][ T4488] veth0_macvtap: left promiscuous mode [ 1096.409658][ T4488] veth1_vlan: left promiscuous mode [ 1096.412060][ T4488] veth0_vlan: left promiscuous mode [ 1098.012434][T19910] 9p: Bad value for 'wfdno' [ 1101.524319][ T5883] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 1101.646387][T19664] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1101.654357][ T5883] usb 4-1: device descriptor read/64, error -71 [ 1101.924374][ T5883] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 1102.039564][T19664] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1102.056764][ T5883] usb 4-1: device descriptor read/64, error -71 [ 1102.074530][T19963] fuse: Bad value for 'rootmode' [ 1102.100537][T19664] 8021q: adding VLAN 0 to HW filter on device team0 [ 1102.153548][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 1102.164488][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1102.175911][ T5883] usb usb4-port1: attempt power cycle [ 1102.206637][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 1102.208472][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1102.351284][T19664] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1102.544301][ T5883] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 1102.566374][ T5883] usb 4-1: device descriptor read/8, error -71 [ 1102.726839][T11517] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 1102.827427][ T5883] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 1102.844961][ T5883] usb 4-1: device descriptor read/8, error -71 [ 1102.876436][T19664] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1102.891729][T11517] usb 1-1: too many configurations: 9, using maximum allowed: 8 [ 1102.893997][T11517] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1102.894056][T11517] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1102.894080][T11517] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1102.921707][T11517] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1102.921747][T11517] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1102.921771][T11517] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1102.954589][ T5883] usb usb4-port1: unable to enumerate USB device [ 1102.962071][T11517] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1102.962103][T11517] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1102.962117][T11517] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1102.963279][T11517] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1102.963328][T11517] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1102.963354][T11517] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1102.983963][T11517] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1102.983996][T11517] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1102.984010][T11517] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1102.986009][T11517] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1102.986058][T11517] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1102.986081][T11517] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1102.991163][T11517] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1102.991613][T11517] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1102.991627][T11517] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1103.010438][T11517] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1103.010471][T11517] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1103.010489][T11517] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1103.123797][T11517] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1103.123815][T11517] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1103.123825][T11517] usb 1-1: Product: syz [ 1103.123833][T11517] usb 1-1: Manufacturer: syz [ 1103.123840][T11517] usb 1-1: SerialNumber: syz [ 1103.159199][T11517] usb 1-1: config 0 descriptor?? [ 1103.230081][T11517] yurex 1-1:0.0: USB YUREX device now attached to Yurex #0 [ 1105.564049][ C1] usb 1-1: yurex_control_callback - control failed: -2 [ 1105.766946][ T5880] usb 1-1: USB disconnect, device number 7 [ 1105.785674][ T5880] yurex 1-1:0.0: USB YUREX #0 now disconnected [ 1106.283728][T19664] veth0_vlan: entered promiscuous mode [ 1106.352204][T19664] veth1_vlan: entered promiscuous mode [ 1106.467738][T19664] veth0_macvtap: entered promiscuous mode [ 1106.495694][T19664] veth1_macvtap: entered promiscuous mode [ 1106.538350][T19664] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1106.560969][T19664] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1106.580474][ T56] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1106.581307][ T56] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1106.581843][ T56] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1106.582444][ T56] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1107.014348][ T7474] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1107.014368][ T7474] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1107.104039][ T7473] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1107.104060][ T7473] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1107.207017][T20007] fuse: Unknown parameter 'use00000000000000000000' [ 1107.781650][ T5883] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 1108.650901][ T5883] usb 7-1: device descriptor read/64, error -71 [ 1109.220224][T20028] netlink: 'syz.7.4672': attribute type 1 has an invalid length. [ 1109.334315][ T5883] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 1109.351137][T20032] kvm: faulting far call emulation tainted memory [ 1109.464336][ T5883] usb 7-1: device descriptor read/64, error -71 [ 1109.541944][T20040] fuse: Unknown parameter 'use00000000000000000000' [ 1109.887629][ T5883] usb usb7-port1: attempt power cycle [ 1110.234293][ T5883] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 1110.256990][ T5883] usb 7-1: device descriptor read/8, error -71 [ 1110.494327][ T5883] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 1111.514340][ T5883] usb 7-1: device descriptor read/8, error -71 [ 1111.630592][ T5883] usb usb7-port1: unable to enumerate USB device [ 1112.204288][T16942] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 1112.358052][T16942] usb 8-1: no configurations [ 1112.358072][T16942] usb 8-1: can't read configurations, error -22 [ 1112.484499][T16942] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 1113.724862][ T5883] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 1113.775146][T16942] usb 8-1: no configurations [ 1113.775211][T16942] usb 8-1: can't read configurations, error -22 [ 1113.926157][T16942] usb usb8-port1: attempt power cycle [ 1114.084306][ T5883] usb 4-1: device descriptor read/64, error -71 [ 1114.274346][T16942] usb 8-1: new high-speed USB device number 15 using dummy_hcd [ 1114.295968][T16942] usb 8-1: no configurations [ 1114.295987][T16942] usb 8-1: can't read configurations, error -22 [ 1114.327353][ T5883] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 1114.425910][T16942] usb 8-1: new high-speed USB device number 16 using dummy_hcd [ 1114.459986][ T5883] usb 4-1: device descriptor read/64, error -71 [ 1114.809116][ T5883] usb usb4-port1: attempt power cycle [ 1114.886707][T16942] usb 8-1: no configurations [ 1114.886779][T16942] usb 8-1: can't read configurations, error -22 [ 1114.889459][T16942] usb usb8-port1: unable to enumerate USB device [ 1115.883594][ T5883] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 1115.891357][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 1115.891424][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 1115.894932][ T5883] usb 4-1: device descriptor read/8, error -71 [ 1117.162337][T20143] 9p: Bad value for 'rfdno' [ 1118.138258][ T5883] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 1118.194559][ T5880] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 1118.397826][ T5880] usb 4-1: device descriptor read/64, error -71 [ 1118.415284][ T5883] usb 7-1: no configurations [ 1118.415303][ T5883] usb 7-1: can't read configurations, error -22 [ 1119.287833][ T5883] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 1119.344317][ T5880] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 1119.435019][ T5883] usb 7-1: no configurations [ 1119.435039][ T5883] usb 7-1: can't read configurations, error -22 [ 1119.435401][ T5883] usb usb7-port1: attempt power cycle [ 1119.474408][ T5880] usb 4-1: device descriptor read/64, error -71 [ 1119.587602][ T5880] usb usb4-port1: attempt power cycle [ 1120.135448][ T5883] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 1120.184907][ T5880] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 1120.398232][ T5880] usb 4-1: device descriptor read/8, error -71 [ 1120.423393][ T5883] usb 7-1: no configurations [ 1120.423413][ T5883] usb 7-1: can't read configurations, error -22 [ 1124.630007][ T5883] usb 8-1: new low-speed USB device number 17 using dummy_hcd [ 1124.938682][ T5882] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 1125.005343][ T5883] usb 8-1: device descriptor read/64, error -71 [ 1125.086601][ T5882] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1125.086639][ T5882] usb 4-1: can't read configurations, error -61 [ 1126.035729][ T5883] usb 8-1: new low-speed USB device number 18 using dummy_hcd [ 1126.035896][ T5882] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 1126.470631][ T5883] usb 8-1: device descriptor read/64, error -71 [ 1126.486766][ T5882] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1126.486802][ T5882] usb 4-1: can't read configurations, error -61 [ 1126.488910][ T5882] usb usb4-port1: attempt power cycle [ 1126.576595][ T5883] usb usb8-port1: attempt power cycle [ 1126.834391][ T5882] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 1126.857302][ T5882] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1126.857338][ T5882] usb 4-1: can't read configurations, error -61 [ 1126.914332][ T5883] usb 8-1: new low-speed USB device number 19 using dummy_hcd [ 1127.068648][ T5883] usb 8-1: device descriptor read/8, error -71 [ 1127.834525][ T5883] usb 8-1: new low-speed USB device number 20 using dummy_hcd [ 1127.906267][ T5883] usb 8-1: device descriptor read/8, error -71 [ 1128.014715][ T5883] usb usb8-port1: unable to enumerate USB device [ 1130.844307][ T5882] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 1130.997163][ T5882] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1130.997953][ T5882] usb 4-1: can't read configurations, error -61 [ 1131.004391][ T5883] usb 8-1: new low-speed USB device number 21 using dummy_hcd [ 1131.124464][ T5882] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 1131.134600][ T5883] usb 8-1: device descriptor read/64, error -71 [ 1131.278545][ T5882] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1131.278579][ T5882] usb 4-1: can't read configurations, error -61 [ 1131.280075][ T5882] usb usb4-port1: attempt power cycle [ 1131.374405][ T5883] usb 8-1: new low-speed USB device number 22 using dummy_hcd [ 1131.504280][ T5883] usb 8-1: device descriptor read/64, error -71 [ 1131.615397][ T5883] usb usb8-port1: attempt power cycle [ 1131.645169][ T5882] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 1131.667913][ T5882] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1131.667950][ T5882] usb 4-1: can't read configurations, error -61 [ 1131.804304][ T5882] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 1131.830736][ T5882] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1131.830773][ T5882] usb 4-1: can't read configurations, error -61 [ 1131.831064][ T5882] usb usb4-port1: unable to enumerate USB device [ 1131.954361][ T5883] usb 8-1: new low-speed USB device number 23 using dummy_hcd [ 1131.974956][ T5883] usb 8-1: device descriptor read/8, error -71 [ 1131.994362][ T5968] usb 3-1: new full-speed USB device number 14 using dummy_hcd [ 1133.456768][ T5968] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1133.456811][ T5968] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1133.456854][ T5968] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1133.456876][ T5968] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1133.514300][ T5883] usb 8-1: new low-speed USB device number 24 using dummy_hcd [ 1133.535175][ T5883] usb 8-1: device descriptor read/8, error -71 [ 1133.644761][ T5883] usb usb8-port1: unable to enumerate USB device [ 1133.774353][ T5968] usb 3-1: usb_control_msg returned -32 [ 1133.774397][ T5968] usbtmc 3-1:16.0: can't read capabilities [ 1134.275354][ T5882] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 1134.642891][ T5882] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1134.642934][ T5882] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1134.642970][ T5882] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1134.652773][ T5882] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 1134.652814][ T5882] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 1134.652847][ T5882] usb 1-1: Product: syz [ 1134.652875][ T5882] usb 1-1: Manufacturer: syz [ 1134.652904][ T5882] usb 1-1: SerialNumber: syz [ 1135.268882][ T5968] usb 3-1: USB disconnect, device number 14 [ 1135.274488][ T5882] usblp 1-1:1.0: usblp1: USB Unidirectional printer dev 8 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 1135.576578][ T5882] usb 1-1: USB disconnect, device number 8 [ 1135.725491][ T5882] usblp1: removed [ 1135.856696][T20358] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4796'. [ 1139.814012][T20395] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 1152.464955][ T36] audit: type=1326 audit(1775355196.573:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20501 comm="syz.6.4847" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff34087c819 code=0x0 [ 1156.444107][T20538] fuse: Bad value for 'rootmode' [ 1156.863324][T18971] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 1157.951563][ T36] audit: type=1326 audit(1775355202.053:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20563 comm="syz.0.4868" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f883d01c819 code=0x0 [ 1158.092810][T20570] fuse: Bad value for 'rootmode' [ 1160.500162][ T5882] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 1160.661554][ T5882] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1160.661599][ T5882] usb 7-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 1160.661622][ T5882] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1160.699215][ T5882] usb 7-1: config 0 descriptor?? [ 1160.782927][ T5882] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 1160.889718][ T5799] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 1161.792863][ T36] audit: type=1326 audit(1775355205.893:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20609 comm="syz.0.4884" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f883d01c819 code=0x0 [ 1161.975571][T20616] fuse: Unknown parameter 'use00000000000000000000' [ 1162.625684][ T5882] IPVS: starting estimator thread 0... [ 1162.724540][T20620] IPVS: using max 7 ests per chain, 16800 per kthread [ 1163.481512][ T5968] usb 7-1: USB disconnect, device number 25 [ 1164.003012][T20639] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 1165.110815][ T36] audit: type=1326 audit(1775355209.213:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20646 comm="syz.3.4895" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6c9c77c819 code=0x0 [ 1165.374480][ T5882] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 1165.641383][ T5882] usb 1-1: too many configurations: 9, using maximum allowed: 8 [ 1165.642317][ T5882] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1165.642349][ T5882] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1165.642363][ T5882] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1165.645612][ T5882] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1165.645642][ T5882] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1165.645656][ T5882] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1165.648520][ T5882] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1165.648550][ T5882] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1165.648565][ T5882] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1165.653537][ T5882] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1165.653586][ T5882] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1165.653611][ T5882] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1165.704822][ T5882] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1165.704868][ T5882] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1165.704883][ T5882] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1165.705892][ T5882] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1165.705933][ T5882] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1165.705958][ T5882] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1165.715182][ T5882] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1165.715236][ T5882] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1165.715264][ T5882] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1165.716225][ T5882] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1165.716273][ T5882] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1165.716287][ T5882] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1165.772868][ T5882] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1165.773029][ T5882] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1165.775077][ T5882] usb 1-1: Product: syz [ 1165.775113][ T5882] usb 1-1: Manufacturer: syz [ 1165.775126][ T5882] usb 1-1: SerialNumber: syz [ 1165.828806][ T5882] usb 1-1: config 0 descriptor?? [ 1166.279304][ T5882] yurex 1-1:0.0: USB YUREX device now attached to Yurex #0 [ 1166.763989][ T5882] usb 1-1: USB disconnect, device number 9 [ 1166.773430][ T5882] yurex 1-1:0.0: USB YUREX #0 now disconnected [ 1167.234928][T20657] fuse: Unknown parameter 'use00000000000000000000' [ 1168.074315][ T5968] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 1168.236226][ T5968] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1168.236273][ T5968] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 1168.236295][ T5968] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1168.248631][ T5968] usb 3-1: config 0 descriptor?? [ 1168.293491][ T5968] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 1169.638613][ T36] audit: type=1326 audit(1775355213.743:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20691 comm="syz.6.4907" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff34087c819 code=0x0 [ 1170.273792][T20705] fuse: Unknown parameter 'use00000000000000000000' [ 1170.294305][ T43] usb 8-1: new low-speed USB device number 25 using dummy_hcd [ 1170.294445][ T5968] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 1170.456900][ T5968] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 1170.460402][ T5968] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1170.460435][ T5968] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1170.460449][ T5968] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1170.462014][ T5968] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1170.462043][ T5968] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1170.462057][ T5968] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1170.463377][ T43] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 1170.463406][ T43] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1170.463420][ T43] usb 8-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1170.463494][ T5968] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1170.463525][ T5968] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1170.463537][ T5968] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1170.466894][ T43] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 1170.466941][ T43] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1170.466967][ T43] usb 8-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1170.475232][ T5968] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1170.475282][ T5968] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1170.475358][ T5968] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1170.508271][ T43] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 1170.508323][ T43] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1170.508355][ T43] usb 8-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1170.520168][ T5968] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1170.520272][ T5968] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1170.520298][ T5968] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1170.706158][ T5968] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1170.706226][ T5968] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1170.706240][ T5968] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1170.749356][ T5968] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1170.749411][ T5968] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1170.749487][ T5968] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1170.781389][ T5968] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1170.781436][ T5968] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1170.781450][ T5968] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1170.837367][ T5968] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1170.838459][ T5968] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1170.838473][ T5968] usb 4-1: Product: syz [ 1170.838481][ T5968] usb 4-1: Manufacturer: syz [ 1170.838488][ T5968] usb 4-1: SerialNumber: syz [ 1170.840007][ T43] usb 8-1: string descriptor 0 read error: -22 [ 1170.840083][ T43] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1170.840095][ T43] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1170.921924][ T5968] usb 4-1: config 0 descriptor?? [ 1170.954012][ T43] adutux 8-1:168.0: interrupt endpoints not found [ 1170.972778][ T5968] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0 [ 1171.170153][ T5968] usb 8-1: USB disconnect, device number 25 [ 1171.715922][ T994] usb 3-1: USB disconnect, device number 15 [ 1173.258632][ C1] usb 4-1: yurex_control_callback - control failed: -2 [ 1173.930641][ T5880] usb 4-1: USB disconnect, device number 52 [ 1173.953681][ T5880] yurex 4-1:0.0: USB YUREX #0 now disconnected [ 1174.577146][T20734] fuse: Unknown parameter 'user_i00000000000000000000' [ 1174.578054][ T36] audit: type=1326 audit(1775355218.683:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20731 comm="syz.6.4923" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff34087c819 code=0x0 [ 1174.884538][ T5880] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 1175.053198][ T5880] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1175.053231][ T5880] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1175.053268][ T5880] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 1175.053290][ T5880] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1175.112290][ T5880] usb 1-1: config 0 descriptor?? [ 1175.525055][ T5803] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 1175.642783][T20764] binder: 20761:20764 ioctl c0306201 2000000004c0 returned -14 [ 1175.940872][ T5880] usbhid 1-1:0.0: can't add hid device: -71 [ 1175.940950][ T5880] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 1175.952275][ T5880] usb 1-1: USB disconnect, device number 10 [ 1176.084382][ T5803] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 1176.086533][ T5803] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1176.086564][ T5803] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1176.086578][ T5803] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1176.090115][ T5803] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1176.090165][ T5803] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1176.090191][ T5803] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1176.091147][ T5803] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1176.091195][ T5803] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1176.091210][ T5803] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1176.092178][ T5803] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1176.092225][ T5803] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1176.092251][ T5803] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1176.093212][ T5803] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1176.093260][ T5803] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1176.093291][ T5803] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1176.104258][ T5803] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1176.104298][ T5803] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1176.104313][ T5803] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1176.111493][ T5803] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1176.111542][ T5803] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1176.111557][ T5803] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1176.112533][ T5803] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1176.112581][ T5803] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1176.112606][ T5803] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1176.204289][ T5803] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1176.204317][ T5803] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1176.204337][ T5803] usb 4-1: Product: syz [ 1176.204349][ T5803] usb 4-1: Manufacturer: syz [ 1176.204361][ T5803] usb 4-1: SerialNumber: syz [ 1176.358034][ T5803] usb 4-1: config 0 descriptor?? [ 1176.396251][ T5803] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0 [ 1177.438655][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.438718][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 1177.528770][ T5880] usb 4-1: USB disconnect, device number 53 [ 1177.595487][T20773] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4936'. [ 1177.597832][T20773] bridge0: port 3(geneve1) entered blocking state [ 1177.597936][T20773] bridge0: port 3(geneve1) entered disabled state [ 1177.598183][T20773] geneve1: entered allmulticast mode [ 1177.655580][T20774] netlink: 'syz.7.4936': attribute type 10 has an invalid length. [ 1177.859967][T20773] geneve1: entered promiscuous mode [ 1177.860556][T20773] bridge0: port 3(geneve1) entered blocking state [ 1177.860661][T20773] bridge0: port 3(geneve1) entered forwarding state [ 1177.862762][T20774] bridge0: port 3(geneve1) entered disabled state [ 1177.862969][T20774] bridge0: port 2(bridge_slave_1) entered disabled state [ 1177.863395][T20774] bridge0: port 1(bridge_slave_0) entered disabled state [ 1177.867008][T20774] bridge0: port 3(geneve1) entered blocking state [ 1177.867093][T20774] bridge0: port 3(geneve1) entered forwarding state [ 1177.867274][T20774] bridge0: port 2(bridge_slave_1) entered blocking state [ 1177.867355][T20774] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1177.867523][T20774] bridge0: port 1(bridge_slave_0) entered blocking state [ 1177.867610][T20774] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1177.869717][T20774] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 1177.977275][ T5880] yurex 4-1:0.0: USB YUREX #0 now disconnected [ 1178.088689][T20780] fuse: Unknown parameter 'user_i00000000000000000000' [ 1178.360431][ T5880] hid_parser_main: 437 callbacks suppressed [ 1178.360449][ T5880] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 1179.037861][ T5880] hid-generic 0000:0000:0000.000B: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1179.175985][ T36] audit: type=1326 audit(1775355223.283:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20793 comm="syz.3.4944" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6c9c77c819 code=0x0 [ 1179.550286][T20799] binder: 20797:20799 ioctl c0306201 2000000004c0 returned -14 [ 1180.464491][T20814] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4949'. [ 1180.475891][T20814] bridge0: port 3(geneve1) entered blocking state [ 1180.476288][T20814] bridge0: port 3(geneve1) entered disabled state [ 1180.477815][T20814] geneve1: entered allmulticast mode [ 1180.495448][T20814] geneve1: entered promiscuous mode [ 1180.501544][T20814] bridge0: port 3(geneve1) entered blocking state [ 1180.502290][T20814] bridge0: port 3(geneve1) entered forwarding state [ 1180.517262][T20814] netlink: 'syz.3.4949': attribute type 10 has an invalid length. [ 1180.518890][T20814] bridge0: port 3(geneve1) entered disabled state [ 1180.520090][T20814] bridge0: port 2(bridge_slave_1) entered disabled state [ 1180.521724][T20814] bridge0: port 1(bridge_slave_0) entered disabled state [ 1180.568017][T20814] bridge0: port 3(geneve1) entered blocking state [ 1180.568827][T20814] bridge0: port 3(geneve1) entered forwarding state [ 1180.570746][T20814] bridge0: port 2(bridge_slave_1) entered blocking state [ 1180.571504][T20814] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1180.573347][T20814] bridge0: port 1(bridge_slave_0) entered blocking state [ 1180.574270][T20814] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1180.605174][T20814] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 1181.279381][T20818] fuse: Unknown parameter 'user_i00000000000000000000' [ 1181.472744][T20819] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4951'. [ 1181.909679][ T36] audit: type=1326 audit(1775355226.013:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20830 comm="syz.7.4959" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0583f3c819 code=0x0 [ 1182.044310][ T994] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 1182.143861][T20833] binder: 20828:20833 ioctl c0306201 2000000004c0 returned -14 [ 1182.195761][ T994] usb 3-1: too many configurations: 9, using maximum allowed: 8 [ 1182.198327][ T994] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1182.198359][ T994] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1182.198373][ T994] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1182.600122][ T994] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1182.600159][ T994] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1182.600172][ T994] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1182.605679][ T994] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1182.605905][ T994] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1182.605933][ T994] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1182.608286][ T994] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1182.608335][ T994] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1182.608360][ T994] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1182.615518][ T994] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1182.615569][ T994] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1182.615595][ T994] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1182.620698][ T994] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1182.620728][ T994] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1182.620742][ T994] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1182.704358][ T994] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1182.704402][ T994] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1182.704416][ T994] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1182.705613][ T994] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1182.705647][ T994] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1182.705662][ T994] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1182.722397][ T994] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1182.722426][ T994] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1182.722445][ T994] usb 3-1: Product: syz [ 1182.722459][ T994] usb 3-1: Manufacturer: syz [ 1182.722472][ T994] usb 3-1: SerialNumber: syz [ 1182.856496][ T994] usb 3-1: config 0 descriptor?? [ 1182.882013][ T994] yurex 3-1:0.0: USB YUREX device now attached to Yurex #0 [ 1183.454729][ T5803] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 1183.630407][ T9] usb 3-1: USB disconnect, device number 16 [ 1183.638263][ T9] yurex 3-1:0.0: USB YUREX #0 now disconnected [ 1183.719547][T20852] fuse: Unknown parameter 'user_id00000000000000000000' [ 1183.747260][ T5803] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1183.748732][ T5803] usb 1-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 1183.748755][ T5803] usb 1-1: config 4 has 0 interfaces, different from the descriptor's value: 1 [ 1183.752266][ T5803] usb 1-1: New USB device found, idVendor=052b, idProduct=1803, bcdDevice=79.86 [ 1183.752293][ T5803] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1183.752312][ T5803] usb 1-1: Product: syz [ 1183.752326][ T5803] usb 1-1: Manufacturer: syz [ 1183.752340][ T5803] usb 1-1: SerialNumber: syz [ 1184.050745][ T5803] usb 1-1: USB disconnect, device number 11 [ 1186.149096][T20875] binder: 20872:20875 ioctl c0306201 2000000004c0 returned -14 [ 1186.314658][T20884] fuse: Unknown parameter 'user_id00000000000000000000' [ 1186.883735][ T9] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 1187.655902][ T9] usb 3-1: too many configurations: 9, using maximum allowed: 8 [ 1187.657473][ T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1187.657524][ T9] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1187.657551][ T9] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1187.660411][ T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1187.660461][ T9] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1187.660486][ T9] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1187.662942][ T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1187.662991][ T9] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1187.663017][ T9] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1187.700458][ T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1187.700533][ T9] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1187.700561][ T9] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1187.784348][ T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1187.784403][ T9] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1187.784430][ T9] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1187.810942][ T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1187.810999][ T9] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1187.811026][ T9] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1187.845862][ T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1187.845918][ T9] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1187.845944][ T9] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1187.875908][ T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1187.875962][ T9] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1187.875987][ T9] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1187.880372][ T9] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1187.880398][ T9] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1187.880417][ T9] usb 3-1: Product: syz [ 1187.880429][ T9] usb 3-1: Manufacturer: syz [ 1187.880443][ T9] usb 3-1: SerialNumber: syz [ 1187.960201][ T9] usb 3-1: config 0 descriptor?? [ 1187.996393][ T9] yurex 3-1:0.0: USB YUREX device now attached to Yurex #0 [ 1189.515097][ T5880] usb 3-1: USB disconnect, device number 17 [ 1189.518891][T20925] binder: 20921:20925 ioctl c0306201 2000000004c0 returned -14 [ 1189.562527][ T5880] yurex 3-1:0.0: USB YUREX #0 now disconnected [ 1189.675719][T20932] fuse: Unknown parameter 'user_id00000000000000000000' [ 1191.764391][ T5882] usb 7-1: new high-speed USB device number 26 using dummy_hcd [ 1191.851707][T20972] netlink: 762 bytes leftover after parsing attributes in process `syz.2.5010'. [ 1191.865621][T20970] fuse: Bad value for 'fd' [ 1191.905007][T20969] Illegal XDP return value 106631224 on prog (id 278) dev syz_tun, expect packet loss! [ 1191.923575][ T5882] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1191.923626][ T5882] usb 7-1: New USB device found, idVendor=04f2, idProduct=1421, bcdDevice= 0.00 [ 1191.923648][ T5882] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1191.938256][ T5882] usb 7-1: config 0 descriptor?? [ 1192.361259][ T5882] chicony 0003:04F2:1421.000C: unknown main item tag 0x0 [ 1192.361295][ T5882] chicony 0003:04F2:1421.000C: unknown main item tag 0x0 [ 1192.361321][ T5882] chicony 0003:04F2:1421.000C: unknown main item tag 0x0 [ 1192.361346][ T5882] chicony 0003:04F2:1421.000C: unknown main item tag 0x0 [ 1192.361371][ T5882] chicony 0003:04F2:1421.000C: unknown main item tag 0x0 [ 1192.361395][ T5882] chicony 0003:04F2:1421.000C: unknown main item tag 0x0 [ 1192.361419][ T5882] chicony 0003:04F2:1421.000C: unknown main item tag 0x0 [ 1192.361444][ T5882] chicony 0003:04F2:1421.000C: unknown main item tag 0x0 [ 1192.361465][ T5882] chicony 0003:04F2:1421.000C: unknown main item tag 0x0 [ 1192.361488][ T5882] chicony 0003:04F2:1421.000C: unknown main item tag 0x0 [ 1192.390644][ T5882] chicony 0003:04F2:1421.000C: hidraw0: USB HID v77.fd Device [HID 04f2:1421] on usb-dummy_hcd.6-1/input0 [ 1193.837770][T11517] usb 7-1: USB disconnect, device number 26 [ 1193.920615][T21017] fuse: Bad value for 'fd' [ 1193.990680][ T5799] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 1194.375602][ T5880] hid-generic 0000:0000:0000.000D: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1195.178449][ T5114] Bluetooth: hci1: command 0x0406 tx timeout [ 1195.590903][T21057] fuse: Bad value for 'fd' [ 1196.087240][T21078] netlink: 'syz.3.5050': attribute type 29 has an invalid length. [ 1196.088416][T21078] netlink: 'syz.3.5050': attribute type 29 has an invalid length. [ 1197.290045][T21094] fuse: Unknown parameter '0x0000000000000003' [ 1198.134686][ T9] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 1198.504335][ T9] usb 4-1: config 0 has no interfaces? [ 1198.511246][ T9] usb 4-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00 [ 1198.511275][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1198.511295][ T9] usb 4-1: SerialNumber: syz [ 1198.614422][ T9] usb 4-1: config 0 descriptor?? [ 1198.837845][T21109] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1198.838382][T21109] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1198.876661][ T9] usb 4-1: USB disconnect, device number 54 [ 1200.641265][T21129] fuse: Unknown parameter '0x0000000000000003' [ 1204.192458][T11517] usb 8-1: new high-speed USB device number 26 using dummy_hcd [ 1204.347455][T11517] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1204.347486][T11517] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1204.347521][T11517] usb 8-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 1204.347544][T11517] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1204.368774][T11517] usb 8-1: config 0 descriptor?? [ 1205.228042][T11517] usbhid 8-1:0.0: can't add hid device: -71 [ 1205.228242][T11517] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 1205.247741][T11517] usb 8-1: USB disconnect, device number 26 [ 1205.523028][ T9] hid_parser_main: 438 callbacks suppressed [ 1205.523050][ T9] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 1205.597795][ T9] hid-generic 0000:0000:0000.000E: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1209.006978][T11517] usb 7-1: new high-speed USB device number 27 using dummy_hcd [ 1209.171369][T11517] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1209.171402][T11517] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1209.171439][T11517] usb 7-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 1209.171460][T11517] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1209.226914][T11517] usb 7-1: config 0 descriptor?? [ 1209.355604][ T9] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 1209.383539][ T9] hid-generic 0000:0000:0000.000F: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1209.947873][T11517] usbhid 7-1:0.0: can't add hid device: -71 [ 1209.967921][T11517] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1210.232937][T11517] usb 7-1: USB disconnect, device number 27 [ 1212.704631][T21327] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 1213.354899][T21338] binder: 21333:21338 ioctl c0306201 2000000004c0 returned -14 [ 1213.904548][ T5803] usb 8-1: new high-speed USB device number 27 using dummy_hcd [ 1214.737478][ T5803] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1214.737509][ T5803] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1214.737546][ T5803] usb 8-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 1214.737567][ T5803] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1215.586278][ T5803] usb 8-1: config 0 descriptor?? [ 1215.936579][T21380] binder: 21376:21380 ioctl c0306201 2000000004c0 returned -14 [ 1216.240156][ T5803] usbhid 8-1:0.0: can't add hid device: -71 [ 1216.240277][ T5803] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 1216.261104][ T5803] usb 8-1: USB disconnect, device number 27 [ 1220.568056][T21419] binder: 21411:21419 ioctl c0306201 2000000004c0 returned -14 [ 1221.278045][ T5880] usb 7-1: new high-speed USB device number 28 using dummy_hcd [ 1222.053379][ T5880] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1222.053413][ T5880] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1222.053449][ T5880] usb 7-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 1222.053471][ T5880] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1222.098485][ T5880] usb 7-1: config 0 descriptor?? [ 1222.946084][ T5880] usbhid 7-1:0.0: can't add hid device: -71 [ 1222.946208][ T5880] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1223.012884][ T5880] usb 7-1: USB disconnect, device number 28 [ 1223.416101][T21451] syzkaller0: entered promiscuous mode [ 1223.416128][T21451] syzkaller0: entered allmulticast mode [ 1224.355440][T21454] binder: 21452:21454 ioctl c0306201 2000000004c0 returned -14 [ 1224.582353][T21466] binder_alloc: 21463: binder_alloc_buf, no vma [ 1224.892594][T21474] netlink: 52 bytes leftover after parsing attributes in process `syz.0.5193'. [ 1226.074451][T21486] netlink: 24 bytes leftover after parsing attributes in process `syz.7.5195'. [ 1227.569655][T21500] binder: 21499:21500 ioctl c0306201 2000000004c0 returned -14 [ 1227.840235][T21507] syzkaller0: entered promiscuous mode [ 1227.840259][T21507] syzkaller0: entered allmulticast mode [ 1228.806546][T21517] netlink: 52 bytes leftover after parsing attributes in process `syz.3.5206'. [ 1228.924978][T21523] netlink: 24 bytes leftover after parsing attributes in process `syz.6.5208'. [ 1230.019655][T21532] binder: 21531:21532 ioctl c0306201 2000000004c0 returned -14 [ 1230.558803][T21548] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5218'. [ 1230.742739][T18971] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 1230.742757][T18971] CPU: 0 UID: 0 PID: 18971 Comm: kworker/u9:0 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1230.742774][T18971] Tainted: [L]=SOFTLOCKUP [ 1230.742778][T18971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1230.742785][T18971] Workqueue: hci0 hci_rx_work [ 1230.742803][T18971] Call Trace: [ 1230.742808][T18971] [ 1230.742814][T18971] dump_stack_lvl+0xe8/0x150 [ 1230.742833][T18971] sysfs_create_dir_ns+0x271/0x2a0 [ 1230.742848][T18971] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 1230.742864][T18971] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1230.742879][T18971] ? rt_spin_unlock+0x160/0x200 [ 1230.742898][T18971] kobject_add_internal+0x631/0xd10 [ 1230.742916][T18971] kobject_add+0x163/0x240 [ 1230.742932][T18971] ? __pfx_kobject_add+0x10/0x10 [ 1230.742948][T18971] ? get_device_parent+0x370/0x3a0 [ 1230.742964][T18971] device_add+0x408/0xb80 [ 1230.742979][T18971] hci_conn_add_sysfs+0xd5/0x210 [ 1230.742997][T18971] le_conn_complete_evt+0x10e6/0x16b0 [ 1230.743016][T18971] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1230.743029][T18971] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1230.743041][T18971] ? lockdep_hardirqs_on+0x7a/0x110 [ 1230.743054][T18971] ? skb_pull_data+0xfb/0x200 [ 1230.743071][T18971] hci_le_conn_complete_evt+0x187/0x470 [ 1230.743088][T18971] hci_event_packet+0x659/0xef0 [ 1230.743102][T18971] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 1230.743116][T18971] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1230.743133][T18971] ? __pfx_hci_event_packet+0x10/0x10 [ 1230.743144][T18971] ? rt_spin_unlock+0x14f/0x200 [ 1230.743163][T18971] ? hci_send_to_monitor+0xe2/0x590 [ 1230.743179][T18971] hci_rx_work+0x3ee/0x1030 [ 1230.743194][T18971] ? process_scheduled_works+0xa8d/0x18c0 [ 1230.743210][T18971] process_scheduled_works+0xb6e/0x18c0 [ 1230.743241][T18971] ? __pfx_process_scheduled_works+0x10/0x10 [ 1230.743259][T18971] ? assign_work+0x3d5/0x5e0 [ 1230.743276][T18971] worker_thread+0xa53/0xfc0 [ 1230.743306][T18971] kthread+0x388/0x470 [ 1230.743317][T18971] ? __pfx_worker_thread+0x10/0x10 [ 1230.743330][T18971] ? __pfx_kthread+0x10/0x10 [ 1230.743342][T18971] ret_from_fork+0x51e/0xb90 [ 1230.743358][T18971] ? __pfx_ret_from_fork+0x10/0x10 [ 1230.743371][T18971] ? __switch_to+0xc7d/0x1450 [ 1230.743387][T18971] ? __pfx_kthread+0x10/0x10 [ 1230.743398][T18971] ret_from_fork_asm+0x1a/0x30 [ 1230.743418][T18971] [ 1230.743434][T18971] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 1230.743458][T18971] Bluetooth: hci0: failed to register connection device [ 1231.383417][T21560] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5224'. [ 1232.566301][T21568] binder: 21565:21568 ioctl c0306201 2000000004c0 returned -14 [ 1232.651797][T21571] netlink: 52 bytes leftover after parsing attributes in process `syz.6.5227'. [ 1233.480197][T21585] binder: 21583:21585 ioctl 4018620d 0 returned -22 [ 1233.793059][T21592] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5235'. [ 1235.866812][T21626] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5248'. [ 1236.316810][T21632] binder: 21631:21632 ioctl 4018620d 0 returned -22 [ 1237.054769][ T5114] Bluetooth: hci0: command 0x0406 tx timeout [ 1239.264877][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 1239.264943][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 1239.454462][T21685] Bluetooth: hci3: command 0x0406 tx timeout [ 1244.612646][T21749] netlink: 'syz.2.5294': attribute type 7 has an invalid length. [ 1244.612668][T21749] netlink: 'syz.2.5294': attribute type 8 has an invalid length. [ 1244.612680][T21749] netlink: 'syz.2.5294': attribute type 13 has an invalid length. [ 1244.702099][T21753] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5296'. [ 1244.809211][T21753] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5296'. [ 1245.076442][T21753] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5296'. [ 1247.881958][T21796] process 'memfd:-BÕN4¦EyÛѧ±Sñ:)' started with executable stack [ 1248.400599][T21809] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5316'. [ 1250.575163][T21840] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5328'. [ 1252.144393][ T43] usb 8-1: new high-speed USB device number 28 using dummy_hcd [ 1252.305305][ T43] usb 8-1: too many configurations: 9, using maximum allowed: 8 [ 1252.312331][ T43] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1252.312385][ T43] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1252.312411][ T43] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1252.341229][ T43] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1252.341281][ T43] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1252.341307][ T43] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1252.355760][ T43] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1252.355811][ T43] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1252.355838][ T43] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1252.357196][ T43] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1252.357242][ T43] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1252.357266][ T43] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1252.368625][ T43] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1252.368674][ T43] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1252.368700][ T43] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1252.468501][ T43] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1252.468556][ T43] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1252.468582][ T43] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1252.485877][ T43] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1252.485929][ T43] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1252.485955][ T43] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1252.504139][ T43] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1252.504722][ T43] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1252.504778][ T43] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1252.535367][ T43] usb 8-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1252.535395][ T43] usb 8-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1252.535414][ T43] usb 8-1: Product: syz [ 1252.535427][ T43] usb 8-1: Manufacturer: syz [ 1252.535440][ T43] usb 8-1: SerialNumber: syz [ 1252.550876][ T43] usb 8-1: config 0 descriptor?? [ 1252.619174][ T43] yurex 8-1:0.0: USB YUREX device now attached to Yurex #0 [ 1253.348766][ T994] usb 8-1: USB disconnect, device number 28 [ 1253.350959][ T994] yurex 8-1:0.0: USB YUREX #0 now disconnected [ 1253.393466][T21877] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5342'. [ 1253.442460][T21876] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5341'. [ 1253.557502][T21883] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5340'. [ 1253.570948][T21883] netlink: 'syz.3.5340': attribute type 10 has an invalid length. [ 1253.572772][T21883] bridge0: port 3(geneve1) entered disabled state [ 1253.574016][T21883] bridge0: port 2(bridge_slave_1) entered disabled state [ 1253.575210][T21883] bridge0: port 1(bridge_slave_0) entered disabled state [ 1257.329812][T21952] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5370'. [ 1257.437271][T21955] binder: BINDER_SET_CONTEXT_MGR already set [ 1257.437286][T21955] binder: 21954:21955 ioctl 4018620d 200000004a80 returned -16 [ 1258.225069][T21985] netlink: 24 bytes leftover after parsing attributes in process `syz.7.5384'. [ 1258.294486][T21987] binder: BINDER_SET_CONTEXT_MGR already set [ 1258.294495][T21987] binder: 21986:21987 ioctl 4018620d 200000004a80 returned -16 [ 1259.244372][ T5968] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 1259.426092][ T5968] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 1259.429523][ T5968] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1259.429577][ T5968] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1259.429602][ T5968] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1259.433586][ T5968] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1259.433637][ T5968] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1259.433664][ T5968] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1259.473478][ T5968] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1259.473535][ T5968] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1259.473561][ T5968] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1259.478051][ T5968] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1259.478102][ T5968] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1259.478127][ T5968] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1259.519227][ T5968] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1259.519285][ T5968] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1259.519312][ T5968] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1259.814643][ T5968] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1259.814698][ T5968] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1259.814724][ T5968] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1259.816865][ T5968] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1259.816916][ T5968] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1259.816942][ T5968] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1259.818346][ T5968] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1259.818394][ T5968] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1259.818418][ T5968] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1259.823811][ T5968] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1259.823836][ T5968] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1259.823853][ T5968] usb 4-1: Product: syz [ 1259.823867][ T5968] usb 4-1: Manufacturer: syz [ 1259.823880][ T5968] usb 4-1: SerialNumber: syz [ 1259.833213][ T5968] usb 4-1: config 0 descriptor?? [ 1259.983227][ T5968] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0 [ 1260.062684][T22016] binder: 22015:22016 ioctl c0306201 0 returned -14 [ 1260.198737][ T5968] usb 4-1: USB disconnect, device number 55 [ 1260.202648][ T5968] yurex 4-1:0.0: USB YUREX #0 now disconnected [ 1261.880561][T22052] Cannot find set identified by id 28724 to match [ 1262.007985][T22060] netlink: 'syz.3.5416': attribute type 2 has an invalid length. [ 1262.008006][T22060] netlink: 'syz.3.5416': attribute type 8 has an invalid length. [ 1262.008018][T22060] netlink: 132 bytes leftover after parsing attributes in process `syz.3.5416'. [ 1262.417354][ T5803] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 1262.694642][ T5803] usb 3-1: too many configurations: 9, using maximum allowed: 8 [ 1262.738271][ T5803] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1262.738806][ T5803] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1262.738885][ T5803] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1262.941937][ T5803] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1262.942335][ T5803] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1262.942412][ T5803] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1263.235648][ T5803] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1263.235702][ T5803] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1263.235727][ T5803] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1263.237300][ T5803] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1263.237349][ T5803] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1263.237374][ T5803] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1263.238626][ T5803] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1263.238674][ T5803] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1263.238699][ T5803] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1263.239886][ T5803] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1263.239935][ T5803] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1263.239960][ T5803] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1263.241652][ T5803] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1263.241701][ T5803] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1263.241727][ T5803] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1263.330952][ T5803] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1263.330986][ T5803] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1263.331000][ T5803] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1263.516319][ T5803] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1263.516349][ T5803] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1263.516369][ T5803] usb 3-1: Product: syz [ 1263.516384][ T5803] usb 3-1: Manufacturer: syz [ 1263.516397][ T5803] usb 3-1: SerialNumber: syz [ 1263.523949][ T5803] usb 3-1: config 0 descriptor?? [ 1263.848485][ T5803] yurex 3-1:0.0: USB YUREX device now attached to Yurex #0 [ 1263.952919][ T5882] usb 3-1: USB disconnect, device number 18 [ 1263.966749][ T5882] yurex 3-1:0.0: USB YUREX #0 now disconnected [ 1267.191806][T22144] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 1267.244631][ T994] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 1267.575447][ T994] usb 3-1: too many configurations: 9, using maximum allowed: 8 [ 1267.576910][ T994] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1267.577016][ T994] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1267.577043][ T994] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1267.578314][ T994] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1267.578371][ T994] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1267.578397][ T994] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1267.580472][ T994] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1267.580522][ T994] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1267.580547][ T994] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1267.582964][ T994] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1267.583015][ T994] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1267.583040][ T994] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1267.586087][ T994] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1267.586156][ T994] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1267.586181][ T994] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1267.591139][ T994] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1267.591189][ T994] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1267.591215][ T994] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1267.593525][ T994] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1267.593574][ T994] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1267.593654][ T994] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1267.597538][ T994] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1267.597587][ T994] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1267.597614][ T994] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1267.611951][ T994] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1267.611981][ T994] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1267.612001][ T994] usb 3-1: Product: syz [ 1267.612016][ T994] usb 3-1: Manufacturer: syz [ 1267.612030][ T994] usb 3-1: SerialNumber: syz [ 1267.627023][ T994] usb 3-1: config 0 descriptor?? [ 1267.736790][ T994] yurex 3-1:0.0: USB YUREX device now attached to Yurex #0 [ 1267.951340][ T43] usb 3-1: USB disconnect, device number 19 [ 1267.984704][ T43] yurex 3-1:0.0: USB YUREX #0 now disconnected [ 1269.506894][T22181] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 1271.320961][ T5803] usb 8-1: new high-speed USB device number 29 using dummy_hcd [ 1271.465240][ T5803] usb 8-1: too many configurations: 9, using maximum allowed: 8 [ 1271.467245][ T5803] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1271.467296][ T5803] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1271.467324][ T5803] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1271.469488][ T5803] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1271.469536][ T5803] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1271.469561][ T5803] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1271.507981][T22238] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 1271.597489][ T5803] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1271.597544][ T5803] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1271.597570][ T5803] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1271.599471][ T5803] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1271.599520][ T5803] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1271.599547][ T5803] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1271.601072][ T5803] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1271.601196][ T5803] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1271.601224][ T5803] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1271.602773][ T5803] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1271.602822][ T5803] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1271.602847][ T5803] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1271.606361][ T5803] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1271.606431][ T5803] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1271.606457][ T5803] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1271.624280][ T5803] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1271.624334][ T5803] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1271.624359][ T5803] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1271.720238][ T5803] usb 8-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1271.720268][ T5803] usb 8-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1271.720288][ T5803] usb 8-1: Product: syz [ 1271.720301][ T5803] usb 8-1: Manufacturer: syz [ 1271.720315][ T5803] usb 8-1: SerialNumber: syz [ 1271.908868][ T5803] usb 8-1: config 0 descriptor?? [ 1271.934041][ T5803] yurex 8-1:0.0: USB YUREX device now attached to Yurex #0 [ 1272.132454][ T994] usb 8-1: USB disconnect, device number 29 [ 1272.135650][ T994] yurex 8-1:0.0: USB YUREX #0 now disconnected [ 1272.488214][T22246] netlink: 56 bytes leftover after parsing attributes in process `syz.3.5483'. [ 1274.650759][T22275] netlink: 56 bytes leftover after parsing attributes in process `syz.6.5494'. [ 1274.866236][T22280] binder: 22276:22280 ioctl c0306201 2000000004c0 returned -14 [ 1274.867150][T22280] binder_alloc: 22276: binder_alloc_buf, no vma [ 1275.474339][ T5882] usb 7-1: new high-speed USB device number 29 using dummy_hcd [ 1275.748183][T22301] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5504'. [ 1275.822507][T22301] netlink: 'syz.3.5504': attribute type 10 has an invalid length. [ 1276.595968][ T5882] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 1276.597853][ T5882] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1276.597905][ T5882] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1276.597930][ T5882] usb 7-1: config 0 interface 0 has no altsetting 0 [ 1276.599169][ T5882] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1276.599217][ T5882] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1276.599241][ T5882] usb 7-1: config 0 interface 0 has no altsetting 0 [ 1276.601118][ T5882] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1276.601166][ T5882] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1276.601191][ T5882] usb 7-1: config 0 interface 0 has no altsetting 0 [ 1276.602898][ T5882] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1276.602947][ T5882] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1276.602971][ T5882] usb 7-1: config 0 interface 0 has no altsetting 0 [ 1276.672043][T22304] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 1276.684491][ T5882] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1276.684546][ T5882] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1276.684571][ T5882] usb 7-1: config 0 interface 0 has no altsetting 0 [ 1276.702209][ T5882] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1276.702264][ T5882] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1276.702290][ T5882] usb 7-1: config 0 interface 0 has no altsetting 0 [ 1276.714301][ T5882] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1276.714355][ T5882] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1276.714381][ T5882] usb 7-1: config 0 interface 0 has no altsetting 0 [ 1276.729983][ T5882] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1276.730036][ T5882] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1276.730060][ T5882] usb 7-1: config 0 interface 0 has no altsetting 0 [ 1276.824441][T22309] netlink: 56 bytes leftover after parsing attributes in process `syz.2.5507'. [ 1276.854358][ T5882] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1276.854386][ T5882] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1276.854405][ T5882] usb 7-1: Product: syz [ 1276.854417][ T5882] usb 7-1: Manufacturer: syz [ 1276.854430][ T5882] usb 7-1: SerialNumber: syz [ 1276.860239][ T5882] usb 7-1: config 0 descriptor?? [ 1276.922958][ T5882] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0 [ 1277.224009][ T5803] usb 7-1: USB disconnect, device number 29 [ 1278.047730][ T5803] yurex 7-1:0.0: USB YUREX #0 now disconnected [ 1278.446592][T22324] binder: 22322:22324 ioctl c0306201 2000000004c0 returned -14 [ 1278.455328][T22324] binder_alloc: 22322: binder_alloc_buf, no vma [ 1279.019877][T22334] netlink: 56 bytes leftover after parsing attributes in process `syz.6.5519'. [ 1279.770741][T22359] netlink: 56 bytes leftover after parsing attributes in process `syz.3.5530'. [ 1280.574680][ T9] IPVS: starting estimator thread 0... [ 1280.896850][T22367] IPVS: using max 8 ests per chain, 19200 per kthread [ 1281.361461][T22372] binder: 22368:22372 ioctl c0306201 2000000004c0 returned -14 [ 1281.504323][ T5968] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 1281.704473][T22384] netlink: 'syz.6.5537': attribute type 2 has an invalid length. [ 1281.704495][T22384] netlink: 'syz.6.5537': attribute type 8 has an invalid length. [ 1281.704508][T22384] netlink: 132 bytes leftover after parsing attributes in process `syz.6.5537'. [ 1281.736301][ T5968] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1281.736343][ T5968] usb 3-1: New USB device found, idVendor=04f2, idProduct=1421, bcdDevice= 0.00 [ 1281.736363][ T5968] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1281.771647][ T5968] usb 3-1: config 0 descriptor?? [ 1281.847259][T22391] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 1282.051304][T22394] netlink: 56 bytes leftover after parsing attributes in process `syz.0.5541'. [ 1282.331332][ T5968] chicony 0003:04F2:1421.0010: unknown main item tag 0x0 [ 1282.331368][ T5968] chicony 0003:04F2:1421.0010: unknown main item tag 0x0 [ 1282.331394][ T5968] chicony 0003:04F2:1421.0010: unknown main item tag 0x0 [ 1282.331419][ T5968] chicony 0003:04F2:1421.0010: unknown main item tag 0x0 [ 1282.331443][ T5968] chicony 0003:04F2:1421.0010: unknown main item tag 0x0 [ 1282.331468][ T5968] chicony 0003:04F2:1421.0010: unknown main item tag 0x0 [ 1282.331493][ T5968] chicony 0003:04F2:1421.0010: unknown main item tag 0x0 [ 1282.331517][ T5968] chicony 0003:04F2:1421.0010: unknown main item tag 0x0 [ 1282.331542][ T5968] chicony 0003:04F2:1421.0010: unknown main item tag 0x0 [ 1282.331567][ T5968] chicony 0003:04F2:1421.0010: unknown main item tag 0x0 [ 1282.333772][ T5968] chicony 0003:04F2:1421.0010: item fetching failed at offset 250/483 [ 1283.167216][ T5968] chicony 0003:04F2:1421.0010: Chicony hid parse failed: -22 [ 1283.167300][ T5968] chicony 0003:04F2:1421.0010: probe with driver chicony failed with error -22 [ 1283.296836][T22401] binder: 22398:22401 ioctl c0306201 2000000004c0 returned -14 [ 1283.785813][ T9] usb 3-1: USB disconnect, device number 20 [ 1284.569118][T22423] netlink: 56 bytes leftover after parsing attributes in process `syz.6.5553'. [ 1284.571142][T22424] binder: 22420:22424 ioctl 4018620d 0 returned -22 [ 1286.455175][T22436] binder: 22432:22436 ioctl c0306201 2000000004c0 returned -14 [ 1287.503489][T22455] binder: 22453:22455 ioctl 4018620d 0 returned -22 [ 1287.541496][T22459] netlink: 56 bytes leftover after parsing attributes in process `syz.0.5567'. [ 1288.915177][T22484] binder: 22483:22484 ioctl 4018620d 0 returned -22 [ 1289.585381][ T994] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 1289.900952][T22494] binder: BINDER_SET_CONTEXT_MGR already set [ 1289.900963][T22494] binder: 22491:22494 ioctl 4018620d 200000004a80 returned -16 [ 1290.098252][ T994] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1290.098297][ T994] usb 3-1: New USB device found, idVendor=04f2, idProduct=1421, bcdDevice= 0.00 [ 1290.098319][ T994] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1290.101833][ T994] usb 3-1: config 0 descriptor?? [ 1290.565950][ T994] hid_parser_main: 204 callbacks suppressed [ 1290.565975][ T994] chicony 0003:04F2:1421.0011: unknown main item tag 0x0 [ 1290.566003][ T994] chicony 0003:04F2:1421.0011: unknown main item tag 0x0 [ 1290.566028][ T994] chicony 0003:04F2:1421.0011: unknown main item tag 0x0 [ 1290.566053][ T994] chicony 0003:04F2:1421.0011: unknown main item tag 0x0 [ 1290.566078][ T994] chicony 0003:04F2:1421.0011: unknown main item tag 0x0 [ 1290.566103][ T994] chicony 0003:04F2:1421.0011: unknown main item tag 0x0 [ 1290.566127][ T994] chicony 0003:04F2:1421.0011: unknown main item tag 0x0 [ 1290.566151][ T994] chicony 0003:04F2:1421.0011: unknown main item tag 0x0 [ 1290.566176][ T994] chicony 0003:04F2:1421.0011: unknown main item tag 0x0 [ 1290.566200][ T994] chicony 0003:04F2:1421.0011: unknown main item tag 0x0 [ 1290.568347][ T994] chicony 0003:04F2:1421.0011: item fetching failed at offset 250/483 [ 1290.569132][ T994] chicony 0003:04F2:1421.0011: Chicony hid parse failed: -22 [ 1290.569201][ T994] chicony 0003:04F2:1421.0011: probe with driver chicony failed with error -22 [ 1290.800360][T22515] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5589'. [ 1290.910081][T22517] binder: BINDER_SET_CONTEXT_MGR already set [ 1290.910097][T22517] binder: 22516:22517 ioctl 4018620d 200000004a80 returned -16 [ 1291.000364][T22521] syzkaller0: entered promiscuous mode [ 1291.000389][T22521] syzkaller0: entered allmulticast mode [ 1292.178508][ T5803] usb 3-1: USB disconnect, device number 21 [ 1292.636533][T22534] binder: BINDER_SET_CONTEXT_MGR already set [ 1292.636547][T22534] binder: 22530:22534 ioctl 4018620d 200000004a80 returned -16 [ 1293.055002][T22550] binder: BINDER_SET_CONTEXT_MGR already set [ 1293.055017][T22550] binder: 22547:22550 ioctl 4018620d 200000004a80 returned -16 [ 1295.746982][T22570] binder: BINDER_SET_CONTEXT_MGR already set [ 1295.746997][T22570] binder: 22568:22570 ioctl 4018620d 200000004a80 returned -16 [ 1296.140991][T18971] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 1296.141021][T18971] CPU: 1 UID: 0 PID: 18971 Comm: kworker/u9:0 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1296.141050][T18971] Tainted: [L]=SOFTLOCKUP [ 1296.141057][T18971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1296.141071][T18971] Workqueue[ 1296.141071][T18971] Workqueue: hci1 hci_rx_work [ 1296.141097][T18971] Call Trace: [ 1296.141105][T18971] [ 1296.141114][T18971] dump_stack_lvl+0xe8/0x150 [ 1296.141147][T18971] sysfs_create_dir_ns+0x271/0x2a0 [ 1296.141172][T18971] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 1296.141204][T18971] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1296.141232][T18971] ? rt_spin_unlock+0x160/0x200 [ 1296.141263][T18971] kobject_add_internal+0x631/0xd10 [ 1296.141299][T18971] kobject_add+0x163/0x240 [ 1296.141324][T18971] ? __pfx_kobject_add+0x10/0x10 [ 1296.141354][T18971] ? get_device_parent+0x370/0x3a0 [ 1296.141381][T18971] device_add+0x408/0xb80 [ 1296.141409][T18971] hci_conn_add_sysfs+0xd5/0x210 [ 1296.141444][T18971] le_conn_complete_evt+0x10e6/0x16b0 [ 1296.141479][T18971] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1296.141505][T18971] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1296.141527][T18971] ? lockdep_hardirqs_on+0x7a/0x110 [ 1296.141551][T18971] ? skb_pull_data+0xfb/0x200 [ 1296.141583][T18971] hci_le_conn_complete_evt+0x187/0x470 [ 1296.141614][T18971] hci_event_packet+0x659/0xef0 [ 1296.141639][T18971] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 1296.141665][T18971] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1296.141688][T18971] ? __pfx_hci_event_packet+0x10/0x10 [ 1296.141707][T18971] ? rt_spin_unlock+0x14f/0x200 [ 1296.141744][T18971] ? hci_send_to_monitor+0xe2/0x590 [ 1296.141772][T18971] hci_rx_work+0x3ee/0x1030 [ 1296.141798][T18971] ? process_scheduled_works+0xa8d/0x18c0 [ 1296.141828][T18971] process_scheduled_works+0xb6e/0x18c0 [ 1296.141887][T18971] ? __pfx_process_scheduled_works+0x10/0x10 [ 1296.141929][T18971] ? assign_work+0x3d5/0x5e0 [ 1296.141962][T18971] worker_thread+0xa53/0xfc0 [ 1296.142020][T18971] kthread+0x388/0x470 [ 1296.142041][T18971] ? __pfx_worker_thread+0x10/0x10 [ 1296.142067][T18971] ? __pfx_kthread+0x10/0x10 [ 1296.142089][T18971] ret_from_fork+0x51e/0xb90 [ 1296.142120][T18971] ? __pfx_ret_from_fork+0x10/0x10 [ 1296.142147][T18971] ? __switch_to+0xc7d/0x1450 [ 1296.142174][T18971] ? __pfx_kthread+0x10/0x10 [ 1296.142194][T18971] ret_from_fork_asm+0x1a/0x30 [ 1296.142229][T18971] [ 1296.142258][T18971] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 1296.142296][T18971] Bluetooth: hci1: failed to register connection device [ 1296.194326][T18971] ================================================================== [ 1296.194345][T18971] BUG: KASAN: slab-use-after-free in l2cap_connect_cfm+0x902/0x1560 [ 1296.194380][T18971] Read of size 8 at addr ffff88803be3b500 by task kworker/u9:0/18971 [ 1296.194397][T18971] [ 1296.194409][T18971] CPU: 1 UID: 0 PID: 18971 Comm: kworker/u9:0 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1296.194437][T18971] Tainted: [L]=SOFTLOCKUP [ 1296.194445][T18971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1296.194459][T18971] Workqueue: hci1 hci_rx_work [ 1296.194480][T18971] Call Trace: [ 1296.194488][T18971] [ 1296.194496][T18971] dump_stack_lvl+0xe8/0x150 [ 1296.194525][T18971] print_report+0xba/0x230 [ 1296.194549][T18971] ? l2cap_connect_cfm+0x902/0x1560 [ 1296.194573][T18971] kasan_report+0x117/0x150 [ 1296.194676][T18971] ? l2cap_connect_cfm+0x902/0x1560 [ 1296.194705][T18971] l2cap_connect_cfm+0x902/0x1560 [ 1296.194736][T18971] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 1296.194761][T18971] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1296.194783][T18971] ? lockdep_hardirqs_on+0x7a/0x110 [ 1296.194803][T18971] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 1296.194823][T18971] ? mutex_lock_nested+0x152/0x1d0 [ 1296.194849][T18971] ? hci_connect_cfm+0x2c/0x140 [ 1296.194871][T18971] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 1296.194902][T18971] hci_connect_cfm+0x95/0x140 [ 1296.194926][T18971] le_conn_complete_evt+0x1134/0x16b0 [ 1296.194955][T18971] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1296.194981][T18971] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1296.195001][T18971] ? lockdep_hardirqs_on+0x7a/0x110 [ 1296.195021][T18971] ? skb_pull_data+0xfb/0x200 [ 1296.195048][T18971] hci_le_conn_complete_evt+0x187/0x470 [ 1296.195075][T18971] hci_event_packet+0x659/0xef0 [ 1296.195096][T18971] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 1296.195122][T18971] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1296.195143][T18971] ? __pfx_hci_event_packet+0x10/0x10 [ 1296.195160][T18971] ? rt_spin_unlock+0x14f/0x200 [ 1296.195191][T18971] ? hci_send_to_monitor+0xe2/0x590 [ 1296.195217][T18971] hci_rx_work+0x3ee/0x1030 [ 1296.195238][T18971] ? process_scheduled_works+0xa8d/0x18c0 [ 1296.195265][T18971] process_scheduled_works+0xb6e/0x18c0 [ 1296.195305][T18971] ? __pfx_process_scheduled_works+0x10/0x10 [ 1296.195333][T18971] ? assign_work+0x3d5/0x5e0 [ 1296.195361][T18971] worker_thread+0xa53/0xfc0 [ 1296.195400][T18971] kthread+0x388/0x470 [ 1296.195419][T18971] ? __pfx_worker_thread+0x10/0x10 [ 1296.195445][T18971] ? __pfx_kthread+0x10/0x10 [ 1296.195464][T18971] ret_from_fork+0x51e/0xb90 [ 1296.195493][T18971] ? __pfx_ret_from_fork+0x10/0x10 [ 1296.195519][T18971] ? __switch_to+0xc7d/0x1450 [ 1296.195542][T18971] ? __pfx_kthread+0x10/0x10 [ 1296.195561][T18971] ret_from_fork_asm+0x1a/0x30 [ 1296.195587][T18971] [ 1296.195594][T18971] [ 1296.195598][T18971] Allocated by task 18971: [ 1296.195607][T18971] kasan_save_track+0x3e/0x80 [ 1296.195663][T18971] __kasan_kmalloc+0x93/0xb0 [ 1296.195689][T18971] __kmalloc_cache_noprof+0x3a6/0x690 [ 1296.195731][T18971] l2cap_chan_create+0x51/0x7a0 [ 1296.195757][T18971] l2cap_sock_new_connection_cb+0x182/0x2e0 [ 1296.195785][T18971] l2cap_connect_cfm+0x368/0x1560 [ 1296.195809][T18971] hci_connect_cfm+0x95/0x140 [ 1296.195828][T18971] le_conn_complete_evt+0x1134/0x16b0 [ 1296.195849][T18971] hci_le_conn_complete_evt+0x187/0x470 [ 1296.195869][T18971] hci_event_packet+0x659/0xef0 [ 1296.195884][T18971] hci_rx_work+0x3ee/0x1030 [ 1296.195905][T18971] process_scheduled_works+0xb6e/0x18c0 [ 1296.195928][T18971] worker_thread+0xa53/0xfc0 [ 1296.195952][T18971] kthread+0x388/0x470 [ 1296.195969][T18971] ret_from_fork+0x51e/0xb90 [ 1296.195992][T18971] ret_from_fork_asm+0x1a/0x30 [ 1296.196008][T18971] [ 1296.196012][T18971] Freed by task 22575: [ 1296.196022][T18971] kasan_save_track+0x3e/0x80 [ 1296.196047][T18971] kasan_save_free_info+0x46/0x50 [ 1296.196093][T18971] __kasan_slab_free+0x5c/0x80 [ 1296.196119][T18971] kfree+0x1c1/0x6c0 [ 1296.196167][T18971] l2cap_sock_cleanup_listen+0xf0/0x440 [ 1296.196193][T18971] l2cap_sock_release+0x6e/0x270 [ 1296.196217][T18971] sock_close+0xc3/0x240 [ 1296.196274][T18971] __fput+0x461/0xa90 [ 1296.196327][T18971] task_work_run+0x1d9/0x270 [ 1296.196347][T18971] exit_to_user_mode_loop+0xed/0x480 [ 1296.196373][T18971] do_syscall_64+0x32d/0xf80 [ 1296.196424][T18971] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1296.196442][T18971] [ 1296.196447][T18971] The buggy address belongs to the object at ffff88803be3b000 [ 1296.196447][T18971] which belongs to the cache kmalloc-2k of size 2048 [ 1296.196464][T18971] The buggy address is located 1280 bytes inside of [ 1296.196464][T18971] freed 2048-byte region [ffff88803be3b000, ffff88803be3b800) [ 1296.196484][T18971] [ 1296.196489][T18971] The buggy address belongs to the physical page: [ 1296.196509][T18971] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803be38000 pfn:0x3be38 [ 1296.196529][T18971] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1296.196544][T18971] flags: 0x80000000000240(workingset|head|node=0|zone=1) [ 1296.196566][T18971] page_type: f5(slab) [ 1296.196583][T18971] raw: 0080000000000240 ffff88813fe1b000 ffffea00017fcc10 ffffea00017bbc10 [ 1296.196599][T18971] raw: ffff88803be38000 0000000800080005 00000000f5000000 0000000000000000 [ 1296.196617][T18971] head: 0080000000000240 ffff88813fe1b000 ffffea00017fcc10 ffffea00017bbc10 [ 1296.196635][T18971] head: ffff88803be38000 0000000800080005 00000000f5000000 0000000000000000 [ 1296.196652][T18971] head: 0080000000000003 ffffea0000ef8e01 00000000ffffffff 00000000ffffffff [ 1296.196668][T18971] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008 [ 1296.196678][T18971] page dumped because: kasan: bad access detected [ 1296.196691][T18971] page_owner tracks the page as allocated [ 1296.196698][T18971] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5796, tgid 5796 (syz-executor), ts 81777374537, free_ts 81714983910 [ 1296.196732][T18971] post_alloc_hook+0x231/0x280 [ 1296.196806][T18971] get_page_from_freelist+0x28bb/0x2950 [ 1296.196825][T18971] __alloc_frozen_pages_noprof+0x18d/0x380 [ 1296.196844][T18971] allocate_slab+0x77/0x660 [ 1296.196866][T18971] refill_objects+0x334/0x3c0 [ 1296.196886][T18971] __pcs_replace_empty_main+0x35c/0x710 [ 1296.196915][T18971] __kmalloc_cache_noprof+0x44e/0x690 [ 1296.196931][T18971] rtnl_newlink+0x136/0x1be0 [ 1296.197004][T18971] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 1296.197030][T18971] netlink_rcv_skb+0x232/0x4b0 [ 1296.197103][T18971] netlink_unicast+0x831/0x9f0 [ 1296.197126][T18971] netlink_sendmsg+0x813/0xb40 [ 1296.197151][T18971] __sys_sendto+0x67f/0x710 [ 1296.197167][T18971] __x64_sys_sendto+0xde/0x100 [ 1296.197184][T18971] do_syscall_64+0x14d/0xf80 [ 1296.197208][T18971] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1296.197225][T18971] page last free pid 5794 tgid 5794 stack trace: [ 1296.197236][T18971] __free_frozen_pages+0xfe3/0x1170 [ 1296.197252][T18971] __slab_free+0x24f/0x2a0 [ 1296.197267][T18971] qlist_free_all+0x97/0x100 [ 1296.197291][T18971] kasan_quarantine_reduce+0x148/0x160 [ 1296.197316][T18971] __kasan_slab_alloc+0x22/0x80 [ 1296.197340][T18971] kmem_cache_alloc_node_noprof+0x22a/0x6e0 [ 1296.197365][T18971] __alloc_skb+0x1d0/0x7d0 [ 1296.197379][T18971] netlink_ack+0x146/0xa50 [ 1296.197402][T18971] netlink_rcv_skb+0x2b6/0x4b0 [ 1296.197425][T18971] netlink_unicast+0x831/0x9f0 [ 1296.197447][T18971] netlink_sendmsg+0x813/0xb40 [ 1296.197473][T18971] __sys_sendto+0x67f/0x710 [ 1296.197488][T18971] __x64_sys_sendto+0xde/0x100 [ 1296.197503][T18971] do_syscall_64+0x14d/0xf80 [ 1296.197520][T18971] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1296.197538][T18971] [ 1296.197542][T18971] Memory state around the buggy address: [ 1296.197553][T18971] ffff88803be3b400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1296.197566][T18971] ffff88803be3b480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1296.197579][T18971] >ffff88803be3b500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1296.197589][T18971] ^ [ 1296.197598][T18971] ffff88803be3b580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1296.197610][T18971] ffff88803be3b600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1296.197619][T18971] ================================================================== [ 1296.197644][T18971] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1296.197660][T18971] CPU: 1 UID: 0 PID: 18971 Comm: kworker/u9:0 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1296.197687][T18971] Tainted: [L]=SOFTLOCKUP [ 1296.197693][T18971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1296.197707][T18971] Workqueue: hci1 hci_rx_work [ 1296.197726][T18971] Call Trace: [ 1296.197734][T18971] [ 1296.197742][T18971] vpanic+0x56c/0xa60 [ 1296.197772][T18971] ? __pfx_vpanic+0x10/0x10 [ 1296.197804][T18971] panic+0xc5/0xd0 [ 1296.197831][T18971] ? __pfx_panic+0x10/0x10 [ 1296.197859][T18971] ? l2cap_connect_cfm+0x902/0x1560 [ 1296.197889][T18971] ? l2cap_connect_cfm+0x902/0x1560 [ 1296.197924][T18971] check_panic_on_warn+0x89/0xb0 [ 1296.197946][T18971] ? l2cap_connect_cfm+0x902/0x1560 [ 1296.197970][T18971] end_report+0x73/0x180 [ 1296.197988][T18971] ? l2cap_connect_cfm+0x902/0x1560 [ 1296.198013][T18971] kasan_report+0x128/0x150 [ 1296.198032][T18971] ? l2cap_connect_cfm+0x902/0x1560 [ 1296.198062][T18971] l2cap_connect_cfm+0x902/0x1560 [ 1296.198091][T18971] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 1296.198117][T18971] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1296.198138][T18971] ? lockdep_hardirqs_on+0x7a/0x110 [ 1296.198159][T18971] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 1296.198178][T18971] ? mutex_lock_nested+0x152/0x1d0 [ 1296.198204][T18971] ? hci_connect_cfm+0x2c/0x140 [ 1296.198225][T18971] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 1296.198251][T18971] hci_connect_cfm+0x95/0x140 [ 1296.198274][T18971] le_conn_complete_evt+0x1134/0x16b0 [ 1296.198302][T18971] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1296.198326][T18971] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1296.198347][T18971] ? lockdep_hardirqs_on+0x7a/0x110 [ 1296.198368][T18971] ? skb_pull_data+0xfb/0x200 [ 1296.198393][T18971] hci_le_conn_complete_evt+0x187/0x470 [ 1296.198419][T18971] hci_event_packet+0x659/0xef0 [ 1296.198439][T18971] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 1296.198466][T18971] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1296.198487][T18971] ? __pfx_hci_event_packet+0x10/0x10 [ 1296.198504][T18971] ? rt_spin_unlock+0x14f/0x200 [ 1296.198534][T18971] ? hci_send_to_monitor+0xe2/0x590 [ 1296.198561][T18971] hci_rx_work+0x3ee/0x1030 [ 1296.198582][T18971] ? process_scheduled_works+0xa8d/0x18c0 [ 1296.198608][T18971] process_scheduled_works+0xb6e/0x18c0 [ 1296.198648][T18971] ? __pfx_process_scheduled_works+0x10/0x10 [ 1296.198678][T18971] ? assign_work+0x3d5/0x5e0 [ 1296.198705][T18971] worker_thread+0xa53/0xfc0 [ 1296.198744][T18971] kthread+0x388/0x470 [ 1296.198763][T18971] ? __pfx_worker_thread+0x10/0x10 [ 1296.198789][T18971] ? __pfx_kthread+0x10/0x10 [ 1296.198808][T18971] ret_from_fork+0x51e/0xb90 [ 1296.198835][T18971] ? __pfx_ret_from_fork+0x10/0x10 [ 1296.198861][T18971] ? __switch_to+0xc7d/0x1450 [ 1296.198885][T18971] ? __pfx_kthread+0x10/0x10 [ 1296.198908][T18971] ret_from_fork_asm+0x1a/0x30 [ 1296.198933][T18971] [ 1296.199277][T18971] Kernel Offset: disabled