last executing test programs: 8m15.202099694s ago: executing program 1 (id=236): syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00') mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) setitimer(0x1, &(0x7f0000000100)={{0x77359400}, {0x77359400}}, 0x0) 8m15.102403404s ago: executing program 1 (id=237): r0 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x4, 0x0, 0x0, 0x3, 0xfffffffd, 0x18, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f040903d8a0f4bd000000000000000000000400", [0xffffffffffffffff]}}) 8m14.888511424s ago: executing program 1 (id=242): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000100)=0x3d, 0x4) getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, 0xfffffffffffffffc, &(0x7f00000000c0)=0xffffff50) 8m14.71272361s ago: executing program 1 (id=245): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000bd02c440560831ac1e93010203010902120081000000000904"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, &(0x7f0000000100)={0x14, 0x0, 0x0}, &(0x7f0000000480)={0x44, &(0x7f0000000180)={0x20, 0x15, 0x5, "0f408cbc9b"}, 0x0, &(0x7f0000000280)={0x0, 0x8, 0x1, 0xfd}, 0x0, 0x0, 0x0, 0x0, 0x0}) 8m12.929431266s ago: executing program 1 (id=276): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x10) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) 8m12.784264353s ago: executing program 1 (id=279): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000900)='T', 0x1}], 0x1}, 0x4048841) recvmsg(r0, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x10001) 7m57.626794055s ago: executing program 32 (id=279): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000900)='T', 0x1}], 0x1}, 0x4048841) recvmsg(r0, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x10001) 3m31.085143637s ago: executing program 2 (id=4806): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000340)={0x0, 0x0, 0xfffffe3f, 0x0, 0x0, "4d6b55f67e02bfc6aafbd98ec07c05a8765ccb"}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000a40)) readv(r0, &(0x7f0000000380)=[{&(0x7f0000000280)=""/79, 0x4f}], 0x1) 3m30.936332012s ago: executing program 2 (id=4808): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=@framed={{0x72, 0xa, 0x0, 0xffc4, 0x0, 0x71, 0x10, 0x1e}}, &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$PROG_LOAD(0x5, &(0x7f0000001100)={0x6, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000fcffffff850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x8, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r0, &(0x7f0000000080), &(0x7f0000000000)=""/10, 0x2}, 0x20) 3m30.75750136s ago: executing program 2 (id=4810): r0 = syz_io_uring_setup(0x91f, &(0x7f0000000340)={0x0, 0x2919, 0x800, 0xfffffffd}, &(0x7f00000002c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000040)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_LINKAT={0x27, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x1000}) io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0) 3m30.154635145s ago: executing program 2 (id=4818): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) 3m29.844303091s ago: executing program 2 (id=4822): r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x189802) r1 = syz_io_uring_setup(0xeec, &(0x7f0000000780)={0x0, 0x0, 0x10100}, &(0x7f00000001c0)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000100)=@IORING_OP_WRITEV={0x2, 0x0, 0x6003, @fd=r0, 0xff, &(0x7f0000000980)=[{&(0x7f0000000680)="5da1", 0x2}], 0x1, 0x4, 0x1, {0x3}}) io_uring_enter(r1, 0x567, 0x0, 0x0, 0x0, 0x0) 3m29.448989415s ago: executing program 2 (id=4829): r0 = syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x0) r1 = epoll_create(0x7fff) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0xa0000002}) epoll_wait(r1, &(0x7f0000000040)=[{}], 0x1, 0x2) 3m29.218310521s ago: executing program 33 (id=4829): r0 = syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x0) r1 = epoll_create(0x7fff) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0xa0000002}) epoll_wait(r1, &(0x7f0000000040)=[{}], 0x1, 0x2) 3m0.225189415s ago: executing program 0 (id=5244): r0 = socket(0x2c, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x11, 0x4, 0x4, 0xff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r1, &(0x7f0000000140), &(0x7f0000000080)=@udp6=r0}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r1, &(0x7f0000000140), &(0x7f0000000080)=@udp=r0, 0x2}, 0x20) 3m0.121140778s ago: executing program 0 (id=5246): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='contention_end\x00', r0}, 0x18) r1 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x1, 0x200) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r1, 0x80dc5521, &(0x7f0000000180)=""/135) 2m59.889222874s ago: executing program 0 (id=5250): r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) r1 = memfd_create(&(0x7f0000000080)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea\x7f\x8cZ7`_4t\xcda\x9b\x11\x11\x0e\xa1\xcf\x00'/51, 0x2) fcntl$addseals(r1, 0x409, 0x7) ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000000)={r1, 0x0, 0xf500000000000000, 0x1000000}) 2m59.796312043s ago: executing program 0 (id=5254): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)={0x2c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x5, 0x1, [0xc]}]}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0xc000}, 0x0) 2m59.625365937s ago: executing program 0 (id=5259): open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x18) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) unlink(&(0x7f0000000040)='./bus\x00') 2m59.470141102s ago: executing program 0 (id=5261): r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'tunl0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_PROTO={0x5}, @IFLA_IPTUN_COLLECT_METADATA={0x4}, @IFLA_IPTUN_FWMARK={0x8}]}}}]}, 0x48}}, 0x0) 2m44.194863601s ago: executing program 34 (id=5261): r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'tunl0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_PROTO={0x5}, @IFLA_IPTUN_COLLECT_METADATA={0x4}, @IFLA_IPTUN_FWMARK={0x8}]}}}]}, 0x48}}, 0x0) 36.628902675s ago: executing program 6 (id=7471): r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x12, r1, 0x0) ioctl$DRM_IOCTL_VERSION(r0, 0xc0406400, &(0x7f0000000480)={0x8, 0x4, 0x4, 0x1000, &(0x7f0000001280)=""/4096, 0x0, 0x0, 0x0, 0x0}) 36.450098895s ago: executing program 6 (id=7475): openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) r0 = syz_io_uring_setup(0x231, &(0x7f0000000140)={0x0, 0x3, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31}) io_uring_enter(r0, 0x7a98, 0x0, 0x0, 0x0, 0x0) 36.231566931s ago: executing program 6 (id=7481): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000008600000008000300", @ANYRES32=r2], 0x24}}, 0x0) 36.002222876s ago: executing program 6 (id=7485): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1200000007"], 0x48) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 35.832509689s ago: executing program 6 (id=7488): r0 = socket$unix(0x1, 0x2, 0x0) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000200)=0x10) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 35.65259756s ago: executing program 6 (id=7491): r0 = socket$inet6(0xa, 0x2, 0x3a) r1 = dup(r0) bind$unix(r1, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x8, 0x3a, 0x0, @remote, @local, {[], @echo_reply={0x81, 0x0, 0x0, 0x200}}}}}}, 0x0) 20.544610757s ago: executing program 35 (id=7491): r0 = socket$inet6(0xa, 0x2, 0x3a) r1 = dup(r0) bind$unix(r1, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x8, 0x3a, 0x0, @remote, @local, {[], @echo_reply={0x81, 0x0, 0x0, 0x200}}}}}}, 0x0) 2.325267311s ago: executing program 4 (id=7910): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/63, 0x3f}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000001b40)=""/4110, 0x100e}, {&(0x7f00000000c0)=""/22, 0x16}], 0x4}, 0x0) recvmsg$kcm(r0, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0) 2.12359267s ago: executing program 7 (id=7913): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$AUTOFS_IOC_FAIL(r1, 0x4c80, 0xffffffffffffffb6) 2.093499449s ago: executing program 4 (id=7914): r0 = syz_io_uring_setup(0x7d98, &(0x7f0000000380)={0x0, 0x150, 0x10100, 0x0, 0x4}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x14a8}, 0x0, 0x0, 0x1}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) io_uring_enter(r0, 0x2ded, 0x4000, 0x0, 0x0, 0x0) 2.026983537s ago: executing program 7 (id=7916): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'dummy0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0) 1.848070896s ago: executing program 4 (id=7919): r0 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x1d) bpf$BPF_PROG_QUERY(0x9, &(0x7f0000000400)={@map=r1, 0x4, 0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) 1.738676162s ago: executing program 8 (id=7920): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000080), 0x45ffffa, 0x281) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000001100)={r0, 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1c, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "244333791f045158d97405000000000000040000000100", [0xfffffffffefffffc]}}) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x3, 0x6, 0x0, 0x5, 0xa, 0xd, "aeb134238201f8e7ae50e25967c48faa67ff7a23e3e6a66e3497e13b8390538d26f29f1e1bb03e4cb654da5e0ea179feb3db9fcd371cd1899185376c5468a14f", "28f4b591015acc9927b5504c56ab8a5077ad4298bf9ae236a6ec892133f380400e2204e2c172eaf9efec1a7dc8bfa8dda1f869c72083e0fcfc2b12980c0de2a9", "acd8228ae622fc130e7626cd159fb28b5cbe34749c416d0d79c190e0e8b294f1", [0x9, 0x9]}) 1.733808393s ago: executing program 4 (id=7921): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=@updpolicy={0xc4, 0x19, 0xfd3649826d894c67, 0x70bd25, 0x0, {{@in6=@mcast1, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x9, 0x8000000000000001}, {0x0, 0x8}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2}, [@policy_type={0xa, 0x10, {0x1}}]}, 0xc4}}, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r1, &(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) 1.682322702s ago: executing program 7 (id=7923): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="190000000400000008000000080000", @ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.642692087s ago: executing program 3 (id=7924): r0 = epoll_create1(0x0) r1 = inotify_init1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0xa0002000}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x3, r1, &(0x7f0000000000)) 1.47207273s ago: executing program 4 (id=7925): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) 1.3999864s ago: executing program 3 (id=7926): r0 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0) syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000140)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000240)={0x1c, &(0x7f0000000180)=ANY=[@ANYBLOB="2014120000003219fad1a560da0781c2106a5bd2cb999f14"], 0x0, 0x0}) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc38, &(0x7f0000000080)=ANY=[]) bind$unix(0xffffffffffffffff, 0x0, 0x0) 1.382162218s ago: executing program 7 (id=7928): r0 = landlock_create_ruleset(&(0x7f0000000480)={0xa163}, 0x18, 0x0) landlock_restrict_self(r0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0x80811501, 0x0) 1.218470421s ago: executing program 8 (id=7929): sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)={0x24, 0x2d, 0x1, 0x0, 0x6000, "", [@nested={0x14, 0x0, 0x0, 0x1, [@nested={0x10, 0x1a, 0x0, 0x1, [@nested={0xb, 0x11, 0x0, 0x1, [@generic="46c9e115d4ac25"]}]}]}]}, 0x24}], 0x1}, 0x20000100) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000106161154d00000000000109022400010000000009040400010300000009210000000122f80409058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) 1.217908279s ago: executing program 7 (id=7930): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x8001, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r1, 0x0, 0x0}, 0x10) 971.936507ms ago: executing program 7 (id=7931): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1, 0x2}) 894.24042ms ago: executing program 5 (id=7932): r0 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @private=0xa010501, 0x0, 0x0, 'none\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x11, @loopback, 0x0, 0x0, 'lblcr\x00', 0x0, 0x0, 0xfffffffc}, 0x2c) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0) 847.791233ms ago: executing program 4 (id=7933): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) getgid() 769.99516ms ago: executing program 5 (id=7934): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'team_slave_0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000b80)=@newqdisc={0x94, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}, {0x2, 0x9}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x64, 0x2, {{0x10007, 0x7f, 0x7fffffff, 0x2, 0x489, 0xff}, [@TCA_NETEM_ECN={0x8, 0x7, 0x1}, @TCA_NETEM_LATENCY64={0xc, 0xa, 0x7}, @TCA_NETEM_DELAY_DIST={0x7, 0x2, "b4a25f"}, @TCA_NETEM_SLOT={0x2c, 0xc, {0x1, 0x3, 0x40fb, 0x81, 0xffffffffffffff81, 0x6}}]}}}]}, 0x94}, 0x1, 0x0, 0x0, 0xb1ae54093a5f73d4}, 0x0) 572.222867ms ago: executing program 3 (id=7935): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x7, @remote}, r1}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000480)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @private2}, {0xa, 0x0, 0x0, @local}, r1}}, 0x48) 549.795471ms ago: executing program 8 (id=7936): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='contention_end\x00', r0}, 0x18) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000009c0)={0x20, 0x3f, 0x107, 0x0, 0x0, {0x4, 0x7c}, [@typed={0x4}, @nested={0x8, 0x1, 0x0, 0x1, [@generic="ba5dd95e"]}]}, 0x20}}, 0x0) 544.775302ms ago: executing program 5 (id=7937): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10}}}]}, 0x44}}, 0x0) 398.202769ms ago: executing program 3 (id=7938): r0 = socket$inet6(0xa, 0x6, 0x0) r1 = syz_io_uring_setup(0x7d98, &(0x7f0000000680)={0x0, 0x846e, 0x10100, 0x0, 0x21a}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[], 0xfe4e}, 0x0, 0x0, 0x1}) io_uring_enter(r1, 0x2ded, 0x4000, 0x0, 0x0, 0x0) 387.735016ms ago: executing program 5 (id=7939): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000008e02"]) 265.274975ms ago: executing program 8 (id=7940): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x11, r0, 0x75fb3000) r1 = syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) ioctl$MEDIA_IOC_G_TOPOLOGY(r1, 0xc0487c04, &(0x7f00000000c0)={0x0, 0x35, 0x0, 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000fc0)=[{}, {}]}) 240.555954ms ago: executing program 5 (id=7941): r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000356ffc)=0xffffffffffffff40, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f00000a2000)={0x1, &(0x7f0000f07000)=[{0x6}]}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f00000a2000)={0x1, &(0x7f0000f07000)=[{0x6}]}, 0x10) 211.414056ms ago: executing program 3 (id=7942): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_CQM(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000003f00000008000300", @ANYRES32=r2, @ANYBLOB="1c005e800800020001000000080001000000"], 0x38}, 0x1, 0x0, 0x0, 0x20048000}, 0x0) 109.192915ms ago: executing program 8 (id=7943): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.state\x00', 0x26e1, 0x0) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)) ioctl$SIOCSIFHWADDR(r0, 0x8b26, &(0x7f0000000440)={'wlan1\x00', @random="1e00000200"}) 81.941247ms ago: executing program 5 (id=7944): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0xf, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) prlimit64(0x0, 0xe, 0x0, 0x0) 20.691709ms ago: executing program 3 (id=7945): bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000008850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) clock_settime(0x0, &(0x7f0000003c80)={0x77359400}) 0s ago: executing program 8 (id=7946): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x6) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = epoll_create(0x8000) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000300)={0x90000002}) kernel console output (not intermixed with test programs): 21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16789 comm="syz.3.4809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fece758d169 code=0x7ffc0000 [ 380.653530][ T30] audit: type=1326 audit(1741809022.854:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16789 comm="syz.3.4809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fece758d169 code=0x7ffc0000 [ 380.724642][ T30] audit: type=1326 audit(1741809022.894:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16789 comm="syz.3.4809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fece758d169 code=0x7ffc0000 [ 380.793425][ T30] audit: type=1326 audit(1741809022.894:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16789 comm="syz.3.4809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fece7584127 code=0x7ffc0000 [ 380.879164][T16803] program syz.4.4817 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 380.903107][ T30] audit: type=1326 audit(1741809022.894:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16789 comm="syz.3.4809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fece7529359 code=0x7ffc0000 [ 381.025039][ T30] audit: type=1326 audit(1741809022.894:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16789 comm="syz.3.4809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fece7584127 code=0x7ffc0000 [ 381.053008][T16809] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 381.385395][T16821] ip6_vti0: entered promiscuous mode [ 381.401463][T16821] ip6_vti0: left promiscuous mode [ 381.592713][ T36] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 381.603639][ T36] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 381.718643][ T36] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 381.731352][ T36] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 381.800887][T16834] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 381.905308][ T36] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 381.935349][ T36] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.089192][ T36] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 382.129667][ T36] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.497511][ T55] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 382.514037][ T55] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 382.522472][ T36] bridge_slave_1: left allmulticast mode [ 382.529876][ T55] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 382.543191][ T36] bridge_slave_1: left promiscuous mode [ 382.549180][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 382.561283][ T55] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 382.569974][ T55] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 382.577525][ T55] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 382.728798][ T36] bridge_slave_0: left allmulticast mode [ 382.736952][ T36] bridge_slave_0: left promiscuous mode [ 382.754294][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 382.844262][ T5873] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 382.854742][ T36] gretap0: left allmulticast mode [ 382.880186][ T36] bridge0: left allmulticast mode [ 382.885558][ T36] bridge0: left promiscuous mode [ 383.004764][ T5873] usb 5-1: Using ep0 maxpacket: 8 [ 383.013819][ T5873] usb 5-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 383.033274][ T5873] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 383.044081][ T5873] usb 5-1: Product: syz [ 383.053179][ T5873] usb 5-1: Manufacturer: syz [ 383.061704][ T5873] usb 5-1: SerialNumber: syz [ 383.091540][ T5873] usb 5-1: config 0 descriptor?? [ 383.108580][ T5873] gspca_main: se401-2.14.0 probing 047d:5003 [ 383.534355][ T5873] gspca_se401: Frame size: 65535x65535 bayer [ 383.551579][ T5873] gspca_se401: Frame size: 0x0 1/16th janggu [ 383.565432][ T5873] gspca_se401: Frame size: 0x0 1/16th janggu [ 383.574403][ T36] bond0 (unregistering): left promiscuous mode [ 383.580790][ T36] bond_slave_0: left promiscuous mode [ 383.588614][ T5873] gspca_se401: Frame size: 0x0 1/16th janggu [ 383.588789][ T36] bond_slave_1: left promiscuous mode [ 383.605833][ T5873] gspca_se401: Frame size: 0x0 1/16th janggu [ 383.606243][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 383.647417][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 383.659119][ T36] bond0 (unregistering): Released all slaves [ 383.747086][ T5873] input: se401 as /devices/platform/dummy_hcd.4/usb5/5-1/input/input49 [ 383.799559][ T36] tipc: Disabling bearer [ 383.799800][ T5873] usb 5-1: USB disconnect, device number 35 [ 383.821663][ T36] tipc: Disabling bearer [ 383.842146][ T36] tipc: Left network mode [ 384.220576][ T36] hsr_slave_0: left promiscuous mode [ 384.244101][ T36] hsr_slave_1: left promiscuous mode [ 384.249907][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 384.293452][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 384.324271][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 384.331714][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 384.402495][ T36] veth0_macvtap: left promiscuous mode [ 384.633522][ T5136] Bluetooth: hci4: command tx timeout [ 384.843047][ T36] pimreg3 (unregistering): left allmulticast mode [ 385.748937][ T36] team0 (unregistering): Port device team_slave_1 removed [ 385.857411][ T36] team0 (unregistering): Port device team_slave_0 removed [ 386.656317][T16852] chnl_net:caif_netlink_parms(): no params data found [ 386.713335][ T5136] Bluetooth: hci4: command tx timeout [ 387.036256][T16931] program syz.0.4870 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 387.065404][T16852] bridge0: port 1(bridge_slave_0) entered blocking state [ 387.083563][T16852] bridge0: port 1(bridge_slave_0) entered disabled state [ 387.090857][T16852] bridge_slave_0: entered allmulticast mode [ 387.150759][T16852] bridge_slave_0: entered promiscuous mode [ 387.165636][T16852] bridge0: port 2(bridge_slave_1) entered blocking state [ 387.183281][T16852] bridge0: port 2(bridge_slave_1) entered disabled state [ 387.200771][T16852] bridge_slave_1: entered allmulticast mode [ 387.232361][T16852] bridge_slave_1: entered promiscuous mode [ 387.347160][T16852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 387.389672][T16852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 387.568943][T16852] team0: Port device team_slave_0 added [ 387.615916][T16852] team0: Port device team_slave_1 added [ 387.742636][T16852] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 387.749906][T16852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 387.776406][T16852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 387.795953][T16852] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 387.809427][T16852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 387.848676][T16852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 387.868036][T16955] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 387.876607][T16955] syzkaller0: linktype set to 6 [ 388.006435][T16852] hsr_slave_0: entered promiscuous mode [ 388.029264][T16852] hsr_slave_1: entered promiscuous mode [ 388.408109][T16852] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 388.465667][T16852] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 388.516419][T16852] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 388.576645][T16852] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 388.774122][T16852] 8021q: adding VLAN 0 to HW filter on device bond0 [ 388.803891][ T5136] Bluetooth: hci4: command tx timeout [ 388.824261][ T5825] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 388.841388][T16852] 8021q: adding VLAN 0 to HW filter on device team0 [ 388.893822][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 388.901010][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 388.966158][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 388.973424][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 389.004038][ T5825] usb 4-1: Using ep0 maxpacket: 32 [ 389.010632][ T5825] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 389.024240][ T5825] usb 4-1: config 0 has no interface number 0 [ 389.029618][T16987] syz_tun: entered promiscuous mode [ 389.054722][ T5825] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 389.069745][ T5825] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 389.079870][T16987] syz_tun: left promiscuous mode [ 389.087784][ T5825] usb 4-1: Product: syz [ 389.099320][ T5825] usb 4-1: Manufacturer: syz [ 389.120408][ T5825] usb 4-1: SerialNumber: syz [ 389.128296][ T5825] usb 4-1: config 0 descriptor?? [ 389.135225][ T5825] smsc95xx v2.0.0 [ 389.600371][T17001] random: crng reseeded on system resumption [ 389.826156][T16852] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 389.855187][T17009] netem: change failed [ 389.958317][ T5825] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71 [ 389.983901][ T5825] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 390.023802][ T5825] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 390.053922][ T5825] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71 [ 390.085883][ T5825] usb 4-1: USB disconnect, device number 31 [ 390.336375][T16852] veth0_vlan: entered promiscuous mode [ 390.365131][T16852] veth1_vlan: entered promiscuous mode [ 390.433982][T16852] veth0_macvtap: entered promiscuous mode [ 390.447206][T16852] veth1_macvtap: entered promiscuous mode [ 390.464572][T16852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 390.475352][T16852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 390.486691][T16852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 390.497319][T16852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 390.508475][T16852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 390.519788][T16852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 390.530219][T16852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 390.541454][T16852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 390.562101][T16852] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 390.580089][T16852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 390.598588][T16852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 390.611060][T16852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 390.629140][T16852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 390.647881][T16852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 390.679435][T16852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 390.700638][T16852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 390.715011][T16852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 390.728245][T16852] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 390.749691][T16852] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.761982][T16852] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.787541][T16852] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.800340][T16852] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.883390][ T5136] Bluetooth: hci4: command tx timeout [ 390.917914][ T195] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 390.941000][ T195] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 391.004752][ T195] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 391.025696][ T195] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 391.585659][T17054] veth1_to_bond: entered allmulticast mode [ 391.639437][T17054] A link change request failed with some changes committed already. Interface veth1_to_bond may have been left with an inconsistent configuration, please check. [ 391.878775][T17066] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4927'. [ 392.812749][T17094] 8021q: adding VLAN 0 to HW filter on device bond2 [ 392.854390][T17094] bond0: (slave bond2): Enslaving as an active interface with an up link [ 392.865652][T17090] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 392.895319][T17090] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 392.912349][T17090] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 393.807798][T17132] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4955'. [ 393.821921][T17132] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4955'. [ 394.128296][T17145] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4961'. [ 394.195534][ T30] kauditd_printk_skb: 59 callbacks suppressed [ 394.195551][ T30] audit: type=1326 audit(1741809036.684:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17146 comm="syz.5.4962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f63c1184127 code=0x7ffc0000 [ 394.256573][ T30] audit: type=1326 audit(1741809036.724:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17146 comm="syz.5.4962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f63c1129359 code=0x7ffc0000 [ 394.296659][ T30] audit: type=1326 audit(1741809036.724:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17146 comm="syz.5.4962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63c118d169 code=0x7ffc0000 [ 394.332215][ T30] audit: type=1326 audit(1741809036.724:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17146 comm="syz.5.4962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f63c1184127 code=0x7ffc0000 [ 394.376685][ T30] audit: type=1326 audit(1741809036.724:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17146 comm="syz.5.4962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f63c1129359 code=0x7ffc0000 [ 394.482960][ T30] audit: type=1326 audit(1741809036.724:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17146 comm="syz.5.4962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=103 compat=0 ip=0x7f63c118d169 code=0x7ffc0000 [ 394.550989][ T30] audit: type=1326 audit(1741809036.734:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17146 comm="syz.5.4962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f63c1184127 code=0x7ffc0000 [ 394.601750][ T30] audit: type=1326 audit(1741809036.734:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17146 comm="syz.5.4962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f63c1129359 code=0x7ffc0000 [ 394.659073][ T30] audit: type=1326 audit(1741809036.734:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17146 comm="syz.5.4962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f63c1184127 code=0x7ffc0000 [ 394.707161][ T30] audit: type=1326 audit(1741809036.734:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17146 comm="syz.5.4962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f63c1129359 code=0x7ffc0000 [ 394.881809][ T5136] Bluetooth: hci4: command 0x0405 tx timeout [ 395.214619][T17180] netlink: 10 bytes leftover after parsing attributes in process `syz.0.4976'. [ 395.372330][T17186] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4979'. [ 396.564215][T17233] netlink: 'syz.3.5000': attribute type 8 has an invalid length. [ 396.571995][T17233] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5000'. [ 396.953400][ T5136] Bluetooth: hci4: command 0x0405 tx timeout [ 397.080013][T17255] A link change request failed with some changes committed already. Interface veth0_virt_wifi may have been left with an inconsistent configuration, please check. [ 398.825345][T17313] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 398.937413][T17318] program syz.6.5038 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 399.033353][ T5136] Bluetooth: hci4: command 0x0405 tx timeout [ 399.984165][T17363] sch_fq: defrate 2 ignored. [ 400.268339][T17377] bridge0: port 2(bridge_slave_1) entered learning state [ 400.286157][T17377] bridge0: port 2(bridge_slave_1) entered disabled state [ 400.296664][T17382] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5069'. [ 400.403248][ T5873] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 400.602505][ T5873] usb 5-1: unable to get BOS descriptor or descriptor too short [ 400.614553][ T5873] usb 5-1: config 13 has an invalid interface number: 50 but max is 3 [ 400.622781][ T5873] usb 5-1: config 13 has an invalid descriptor of length 0, skipping remainder of the config [ 400.662621][ T5873] usb 5-1: config 13 has 1 interface, different from the descriptor's value: 4 [ 400.683237][ T5873] usb 5-1: config 13 has no interface number 0 [ 400.689484][ T5873] usb 5-1: config 13 interface 50 altsetting 4 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 400.715291][ T5873] usb 5-1: config 13 interface 50 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 400.750967][ T5873] usb 5-1: config 13 interface 50 has no altsetting 0 [ 400.780957][ T5873] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=a9.e8 [ 400.803062][ T5873] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 400.811203][ T5873] usb 5-1: Product: syz [ 400.833009][ T5873] usb 5-1: Manufacturer: syz [ 400.837678][ T5873] usb 5-1: SerialNumber: syz [ 401.014670][ T5918] usb 7-1: new low-speed USB device number 2 using dummy_hcd [ 401.088252][ T5873] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 401.100026][ T4474] usb 5-1: Failed to submit usb control message: -71 [ 401.133246][ T4474] usb 5-1: unable to send the bmi data to the device: -71 [ 401.136771][ T5873] usb 5-1: USB disconnect, device number 36 [ 401.158003][ T4474] usb 5-1: unable to get target info from device [ 401.173320][ T4474] usb 5-1: could not get target info (-71) [ 401.203861][ T5918] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 401.215091][ T4474] usb 5-1: could not probe fw (-71) [ 401.239806][ T5918] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 16, setting to 8 [ 401.273995][ T5918] usb 7-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 401.298483][ T5918] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 401.335198][ T5918] usb 7-1: config 0 descriptor?? [ 401.345239][T17400] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 401.395979][T17418] netlink: 'syz.5.5084': attribute type 21 has an invalid length. [ 401.413780][T17418] netlink: 'syz.5.5084': attribute type 6 has an invalid length. [ 401.422024][T17418] netlink: 132 bytes leftover after parsing attributes in process `syz.5.5084'. [ 401.446762][T17418] netlink: 'syz.5.5084': attribute type 21 has an invalid length. [ 401.460888][T17418] netlink: 'syz.5.5084': attribute type 6 has an invalid length. [ 401.469588][T17418] netlink: 132 bytes leftover after parsing attributes in process `syz.5.5084'. [ 401.611721][T17422] sctp: [Deprecated]: syz.5.5086 (pid 17422) Use of struct sctp_assoc_value in delayed_ack socket option. [ 401.611721][T17422] Use struct sctp_sack_info instead [ 401.797126][ T5918] kye 0003:0458:5010.0042: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 401.822029][ T5918] kye 0003:0458:5010.0042: hidraw0: USB HID v0.03 Device [HID 0458:5010] on usb-dummy_hcd.6-1/input0 [ 401.848251][ T5918] kye 0003:0458:5010.0042: tablet-enabling feature report not found [ 401.859025][ T5918] kye 0003:0458:5010.0042: tablet enabling failed [ 401.989057][T17442] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5095'. [ 402.016047][ T5873] usb 7-1: USB disconnect, device number 2 [ 402.754505][T17456] netlink: 'syz.6.5102': attribute type 1 has an invalid length. [ 404.055760][T17518] netlink: 'syz.6.5132': attribute type 1 has an invalid length. [ 404.073540][T17518] netlink: 'syz.6.5132': attribute type 2 has an invalid length. [ 404.303874][ T5825] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 404.476047][ T5825] usb 5-1: Using ep0 maxpacket: 32 [ 404.501635][ T5825] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 404.538415][ T5825] usb 5-1: config 0 has no interface number 0 [ 404.549208][ T5825] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 404.578843][ T5825] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 404.593494][ T5825] usb 5-1: Product: syz [ 404.597755][ T5825] usb 5-1: Manufacturer: syz [ 404.602568][ T5825] usb 5-1: SerialNumber: syz [ 404.618134][ T5918] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 404.623885][ T5825] usb 5-1: config 0 descriptor?? [ 404.638103][ T5825] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 404.793104][ T5918] usb 4-1: Using ep0 maxpacket: 16 [ 404.810093][ T5918] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 404.840399][ T5918] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 404.871379][ T5825] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 404.888130][ T5918] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 404.895705][ T5825] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 404.921895][ T5918] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 404.951183][ T5918] usb 4-1: config 0 descriptor?? [ 405.325704][ C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 405.333779][ T5825] usb 5-1: USB disconnect, device number 37 [ 405.348865][ T5825] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 405.387763][ T5918] mcp2221 0003:04D8:00DD.0043: item fetching failed at offset 1/5 [ 405.389668][ T5825] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 405.406410][ T5918] mcp2221 0003:04D8:00DD.0043: can't parse reports [ 405.427229][ T5825] quatech2 5-1:0.51: device disconnected [ 405.444685][ T5918] mcp2221 0003:04D8:00DD.0043: probe with driver mcp2221 failed with error -22 [ 405.589078][ T5873] usb 4-1: USB disconnect, device number 32 [ 405.703261][ T5918] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 405.874096][ T5918] usb 6-1: unable to get BOS descriptor or descriptor too short [ 405.884283][ T5918] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 405.913254][ T5918] usb 6-1: can't read configurations, error -71 [ 406.130588][T17602] netlink: 80 bytes leftover after parsing attributes in process `syz.6.5173'. [ 406.142202][T17602] netlink: 16 bytes leftover after parsing attributes in process `syz.6.5173'. [ 406.250640][T17607] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5175'. [ 406.261796][T17607] netlink: 'syz.6.5175': attribute type 30 has an invalid length. [ 406.270031][T17607] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5175'. [ 406.739419][ T26] hid-generic 0000:0003:0000.0044: unknown main item tag 0x0 [ 406.765374][ T26] hid-generic 0000:0003:0000.0044: unknown main item tag 0x0 [ 406.812900][ T26] hid-generic 0000:0003:0000.0044: hidraw0: HID v0.00 Device [syz0] on syz1 [ 407.141677][T17635] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5187'. [ 408.178592][ T30] kauditd_printk_skb: 15 callbacks suppressed [ 408.178613][ T30] audit: type=1326 audit(1741809050.674:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17680 comm="syz.0.5209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefb638d169 code=0x7ffc0000 [ 408.304005][T17686] bridge0: entered promiscuous mode [ 408.310847][T17686] bridge0: port 3(macsec1) entered blocking state [ 408.323154][ T30] audit: type=1326 audit(1741809050.674:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17680 comm="syz.0.5209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefb638d169 code=0x7ffc0000 [ 408.350780][T17686] bridge0: port 3(macsec1) entered disabled state [ 408.365300][ T30] audit: type=1326 audit(1741809050.704:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17680 comm="syz.0.5209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7fefb638d169 code=0x7ffc0000 [ 408.387974][T17686] macsec1: entered allmulticast mode [ 408.393904][T17686] bridge0: entered allmulticast mode [ 408.421587][T17686] macsec1: left allmulticast mode [ 408.427059][T17686] bridge0: left allmulticast mode [ 408.433839][T17686] bridge0: left promiscuous mode [ 408.479392][ T30] audit: type=1326 audit(1741809050.704:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17680 comm="syz.0.5209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefb638d169 code=0x7ffc0000 [ 408.523061][ T30] audit: type=1326 audit(1741809050.704:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17680 comm="syz.0.5209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefb638d169 code=0x7ffc0000 [ 408.545072][ T30] audit: type=1326 audit(1741809050.714:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17680 comm="syz.0.5209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=450 compat=0 ip=0x7fefb638d169 code=0x7ffc0000 [ 408.566916][ T30] audit: type=1326 audit(1741809050.714:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17680 comm="syz.0.5209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefb638d169 code=0x7ffc0000 [ 408.589075][ T30] audit: type=1326 audit(1741809050.714:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17680 comm="syz.0.5209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefb638d169 code=0x7ffc0000 [ 408.620150][T17687] cgroup: fork rejected by pids controller in /syz3 [ 409.024494][T18264] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5222'. [ 409.647723][ T55] Bluetooth: hci5: sending frame failed (-49) [ 409.665638][ T5136] Bluetooth: hci5: Opcode 0x1003 failed: -49 [ 409.677444][T18571] misc userio: Can't change port type on an already running userio instance [ 410.959752][T18615] netlink: 452 bytes leftover after parsing attributes in process `syz.6.5247'. [ 410.984364][T18618] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 411.369969][T18636] netlink: 'syz.5.5256': attribute type 5 has an invalid length. [ 412.773149][ T26] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 412.793924][ T55] Bluetooth: hci4: command 0x0405 tx timeout [ 412.934810][ T26] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 412.962145][ T26] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 412.982308][ T26] usb 6-1: New USB device found, idVendor=1532, idProduct=010e, bcdDevice= 0.00 [ 413.001745][ T26] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 413.025088][ T26] usb 6-1: config 0 descriptor?? [ 413.474782][ T26] razer 0003:1532:010E.0045: unknown main item tag 0x3 [ 413.481796][ T26] razer 0003:1532:010E.0045: ignoring exceeding usage max [ 413.647744][ T26] razer 0003:1532:010E.0045: hidraw0: USB HID v0.00 Device [HID 1532:010e] on usb-dummy_hcd.5-1/input0 [ 413.881588][ T5918] usb 6-1: USB disconnect, device number 27 [ 414.731400][T18711] tipc: New replicast peer: 255.255.255.255 [ 414.738108][T18711] tipc: Enabled bearer , priority 10 [ 415.434015][ T30] audit: type=1326 audit(1741809057.934:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18723 comm="syz.3.5297" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fece758d169 code=0x0 [ 415.792516][ T30] audit: type=1400 audit(1741809058.284:320): lsm=SMACK fn=smack_inode_permission action=denied subject="w" object="_" requested=wx pid=18733 comm="syz.6.5301" name="76" dev="tmpfs" ino=397 [ 415.853041][ T26] tipc: Node number set to 4270326021 [ 417.281276][T18775] bond0: entered promiscuous mode [ 417.303329][T18775] bond_slave_0: entered promiscuous mode [ 417.309164][T18775] bond_slave_1: entered promiscuous mode [ 417.354856][T18774] bond0: left promiscuous mode [ 417.363511][T18774] bond_slave_0: left promiscuous mode [ 417.370267][T18774] bond_slave_1: left promiscuous mode [ 418.448840][ T5918] hid-generic 0000:0000:0000.0046: unknown main item tag 0x0 [ 418.469663][ T5918] hid-generic 0000:0000:0000.0046: hidraw0: HID v0.00 Device [syz0] on syz0 [ 418.704157][T18797] tap0: tun_chr_ioctl cmd 1074025677 [ 418.719975][T18797] tap0: linktype set to 805 [ 419.667548][T18815] cgroup: fork rejected by pids controller in /syz4 [ 420.383245][ T5918] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 420.554260][ T5918] usb 6-1: Using ep0 maxpacket: 8 [ 420.593241][ T5918] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 420.621540][ T5918] usb 6-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 420.640992][ T5918] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 420.671555][ T5918] usb 6-1: config 0 descriptor?? [ 421.100741][ T5918] holtek 0003:1241:5015.0047: unknown main item tag 0x0 [ 421.127720][ T5918] holtek 0003:1241:5015.0047: item fetching failed at offset 3/5 [ 421.151999][ T5918] holtek 0003:1241:5015.0047: parse failed [ 421.169338][ T5918] holtek 0003:1241:5015.0047: probe with driver holtek failed with error -22 [ 421.309510][ T5873] usb 6-1: USB disconnect, device number 28 [ 422.704678][T20173] cgroup: fork rejected by pids controller in /syz5 [ 423.164506][T21129] netlink: 'syz.6.5367': attribute type 1 has an invalid length. [ 423.172585][T21129] netlink: 134744 bytes leftover after parsing attributes in process `syz.6.5367'. [ 424.233674][ T5825] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 424.445120][ T5825] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 424.475266][ T5825] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 424.509998][ T5825] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 424.542271][ T5825] usb 4-1: config 0 descriptor?? [ 424.593933][ T5825] pwc: Askey VC010 type 2 USB webcam detected. [ 424.667208][T21370] netlink: 1344 bytes leftover after parsing attributes in process `syz.5.5384'. [ 425.207276][ T5825] pwc: recv_control_msg error -32 req 02 val 2700 [ 425.218123][ T5825] pwc: recv_control_msg error -71 req 02 val 2c00 [ 425.235561][ T5825] pwc: recv_control_msg error -71 req 04 val 1000 [ 425.242306][ T5825] pwc: recv_control_msg error -71 req 04 val 1300 [ 425.263884][ T5825] pwc: recv_control_msg error -71 req 04 val 1400 [ 425.270740][ T5825] pwc: recv_control_msg error -71 req 02 val 2000 [ 425.283988][ T5825] pwc: recv_control_msg error -71 req 02 val 2100 [ 425.303311][ T5825] pwc: recv_control_msg error -71 req 04 val 1500 [ 425.315180][ T5825] pwc: recv_control_msg error -71 req 02 val 2500 [ 425.333208][ T5825] pwc: recv_control_msg error -71 req 02 val 2400 [ 425.340024][ T5825] pwc: recv_control_msg error -71 req 02 val 2600 [ 425.363302][ T5825] pwc: recv_control_msg error -71 req 02 val 2900 [ 425.370094][ T5825] pwc: recv_control_msg error -71 req 02 val 2800 [ 425.383329][ T5825] pwc: recv_control_msg error -71 req 04 val 1100 [ 425.402951][ T5825] pwc: recv_control_msg error -71 req 04 val 1200 [ 425.403153][ T47] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 425.410808][ T5825] pwc: Registered as video103. [ 425.427332][ T5825] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input52 [ 425.444653][ T5825] usb 4-1: USB disconnect, device number 33 [ 425.583144][ T47] usb 5-1: Using ep0 maxpacket: 16 [ 425.591543][ T47] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 425.612302][ T47] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 425.631053][ T47] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 425.652276][ T47] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 425.662004][ T47] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 425.681679][ T47] usb 5-1: config 0 descriptor?? [ 425.970669][T21390] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 426.112116][ T47] microsoft 0003:045E:07DA.0048: unknown main item tag 0x0 [ 426.130146][ T47] microsoft 0003:045E:07DA.0048: unknown main item tag 0x0 [ 426.139618][ T47] microsoft 0003:045E:07DA.0048: unknown main item tag 0x0 [ 426.159705][ T47] microsoft 0003:045E:07DA.0048: unknown main item tag 0x0 [ 426.172325][ T47] microsoft 0003:045E:07DA.0048: unknown main item tag 0x0 [ 426.181816][ T47] microsoft 0003:045E:07DA.0048: unknown main item tag 0x0 [ 426.196712][ T47] microsoft 0003:045E:07DA.0048: unknown main item tag 0x0 [ 426.207404][ T47] microsoft 0003:045E:07DA.0048: unknown main item tag 0x0 [ 426.219212][ T47] microsoft 0003:045E:07DA.0048: unknown main item tag 0x0 [ 426.232042][ T47] microsoft 0003:045E:07DA.0048: unknown main item tag 0x0 [ 426.261992][ T47] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0048/input/input53 [ 426.300855][ T47] microsoft 0003:045E:07DA.0048: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 426.335901][ T47] usb 5-1: USB disconnect, device number 38 [ 427.453863][ T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 427.465011][ T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 427.474442][ T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 427.482341][ T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 427.490262][ T55] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 427.497605][ T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 428.036714][T21410] chnl_net:caif_netlink_parms(): no params data found [ 428.263708][T21410] bridge0: port 1(bridge_slave_0) entered blocking state [ 428.270924][T21410] bridge0: port 1(bridge_slave_0) entered disabled state [ 428.278267][T21410] bridge_slave_0: entered allmulticast mode [ 428.290683][T21410] bridge_slave_0: entered promiscuous mode [ 428.305314][T21410] bridge0: port 2(bridge_slave_1) entered blocking state [ 428.312833][T21410] bridge0: port 2(bridge_slave_1) entered disabled state [ 428.323106][T21410] bridge_slave_1: entered allmulticast mode [ 428.334188][T21410] bridge_slave_1: entered promiscuous mode [ 428.402139][T21410] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 428.446668][T21410] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 428.605391][T21410] team0: Port device team_slave_0 added [ 428.636055][T21410] team0: Port device team_slave_1 added [ 428.750090][T21410] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 428.764131][T21410] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 428.833781][T21410] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 428.845859][ T5825] IPVS: starting estimator thread 0... [ 428.865908][T21410] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 428.903047][T21410] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 428.963302][T21458] IPVS: using max 21 ests per chain, 50400 per kthread [ 428.975317][T21410] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 428.999927][ T30] audit: type=1326 audit(1741809071.494:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21462 comm="syz.6.5421" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fedd2f8d169 code=0x0 [ 429.069795][T21410] hsr_slave_0: entered promiscuous mode [ 429.101143][T21410] hsr_slave_1: entered promiscuous mode [ 429.122570][T21410] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 429.149023][T21410] Cannot create hsr debugfs directory [ 429.444969][T21483] bridge: RTM_NEWNEIGH with invalid ether address [ 429.520761][T21410] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 429.535853][T21410] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 429.554512][T21410] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 429.573192][T21410] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 429.598512][ T5136] Bluetooth: hci2: command tx timeout [ 429.754114][T21410] 8021q: adding VLAN 0 to HW filter on device bond0 [ 429.825818][T21410] 8021q: adding VLAN 0 to HW filter on device team0 [ 429.860678][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 429.867917][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 429.906479][ T3008] bridge0: port 2(bridge_slave_1) entered blocking state [ 429.913697][ T3008] bridge0: port 2(bridge_slave_1) entered forwarding state [ 430.303542][ T5825] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 430.379234][T21410] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 430.474508][ T5825] usb 4-1: Using ep0 maxpacket: 32 [ 430.482097][ T5825] usb 4-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 430.512020][ T5825] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 430.535350][ T5825] usb 4-1: config 0 descriptor?? [ 430.568077][ T5825] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 431.007099][T21410] veth0_vlan: entered promiscuous mode [ 431.030462][T21410] veth1_vlan: entered promiscuous mode [ 431.113962][T21410] veth0_macvtap: entered promiscuous mode [ 431.143808][T21410] veth1_macvtap: entered promiscuous mode [ 431.204904][T21410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 431.247010][T21410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 431.277887][T21410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 431.298102][T21410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 431.311756][T21410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 431.353818][T21410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 431.364186][T21410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 431.376053][T21410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 431.382812][ T5825] gspca_nw80x: reg_r err -71 [ 431.386137][T21410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 431.386158][T21410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 431.387595][T21410] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 431.390968][ T5825] nw80x 4-1:0.0: probe with driver nw80x failed with error -71 [ 431.425455][T21410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 431.473061][T21410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 431.475706][ T5825] usb 4-1: USB disconnect, device number 34 [ 431.523095][T21410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 431.554991][T21410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 431.573469][T21410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 431.593336][T21410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 431.614248][T21410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 431.634966][T21410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 431.655129][T21410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 431.669544][T21410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 431.680586][ T5136] Bluetooth: hci2: command tx timeout [ 431.687295][T21410] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 431.705290][T21410] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 431.714266][T21410] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 431.723734][T21410] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 431.732629][T21410] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 431.873513][ T195] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 431.902912][ T195] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 431.932270][ T4474] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 431.963795][ T4474] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 432.114718][T21543] netlink: 'syz.6.5452': attribute type 10 has an invalid length. [ 432.137937][T21543] bridge_slave_1: left allmulticast mode [ 432.152097][T21543] bridge_slave_1: left promiscuous mode [ 432.160132][T21543] bridge0: port 2(bridge_slave_1) entered disabled state [ 432.206517][T21543] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 432.296289][ T5876] hid-generic 0000:0003:0000.0049: unknown main item tag 0x0 [ 432.316349][ T5876] hid-generic 0000:0003:0000.0049: unknown main item tag 0x0 [ 432.330683][ T5876] hid-generic 0000:0003:0000.0049: hidraw0: HID v0.00 Device [syz0] on syz1 [ 432.734205][ T5825] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 432.893262][ T5825] usb 4-1: Using ep0 maxpacket: 16 [ 432.903792][ T5825] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 432.923012][ T5825] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 432.942919][ T5825] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 432.964109][ T5825] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 433.003008][ T5825] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 433.049298][ T5825] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 433.069747][ T5825] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 433.083714][ T5825] usb 4-1: Manufacturer: syz [ 433.111732][ T5825] usb 4-1: config 0 descriptor?? [ 433.423169][ T5825] rc_core: IR keymap rc-hauppauge not found [ 433.439557][ T5825] Registered IR keymap rc-empty [ 433.454394][ T5825] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 433.483057][ T5825] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 433.504624][ T5825] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 433.542377][ T5825] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input54 [ 433.584776][ T5825] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 433.623640][ T5825] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 433.643078][ T5825] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 433.669931][ T5825] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 433.713097][ T5825] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 433.753243][ T5136] Bluetooth: hci2: command tx timeout [ 433.782985][ T5825] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 433.823715][ T5825] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 433.843519][ T5825] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 433.864097][ T5825] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 433.885343][T21613] netlink: 'syz.5.5482': attribute type 2 has an invalid length. [ 433.893628][ T5825] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 433.952982][ T5825] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 433.983493][ T5825] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 433.995448][ T5825] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 434.033279][ T5825] usb 4-1: USB disconnect, device number 35 [ 434.648699][T21634] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 435.626394][T21666] netlink: 'syz.3.5506': attribute type 19 has an invalid length. [ 435.833724][ T5136] Bluetooth: hci2: command tx timeout [ 436.290099][T21676] cgroup: fork rejected by pids controller in /syz6 [ 436.346361][T21719] netlink: 277 bytes leftover after parsing attributes in process `syz.5.5515'. [ 437.187162][T22321] netlink: 'syz.5.5527': attribute type 12 has an invalid length. [ 437.212398][T22321] netlink: 'syz.5.5527': attribute type 29 has an invalid length. [ 437.249085][T22321] netlink: 'syz.5.5527': attribute type 2 has an invalid length. [ 437.291887][T22321] netlink: 260 bytes leftover after parsing attributes in process `syz.5.5527'. [ 438.553273][ T47] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 438.716661][ T47] usb 6-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5 [ 438.727540][ T47] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 438.753018][ T47] usb 6-1: Product: syz [ 438.763978][ T47] usb 6-1: Manufacturer: syz [ 438.768619][ T47] usb 6-1: SerialNumber: syz [ 438.783665][ T47] usb 6-1: config 0 descriptor?? [ 438.794449][ T47] gspca_main: sq905c-2.14.0 probing 2770:9052 [ 439.088027][T22378] netlink: 'syz.4.5552': attribute type 3 has an invalid length. [ 439.123066][ T47] gspca_sq905c: sq905c_command: usb_control_msg failed (-71) [ 439.151354][ T47] sq905c 6-1:0.0: Get version command failed [ 439.162952][ T47] sq905c 6-1:0.0: probe with driver sq905c failed with error -71 [ 439.193022][ T47] usb 6-1: USB disconnect, device number 29 [ 439.297391][T22384] netlink: 11 bytes leftover after parsing attributes in process `syz.4.5554'. [ 439.597095][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 441.001987][T22444] bridge: RTM_NEWNEIGH with unconfigured vlan 2 on bridge_slave_0 [ 441.476235][T22473] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 441.946432][T22495] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5607'. [ 442.613518][T22521] pimreg0: tun_chr_ioctl cmd 1074025677 [ 442.633224][T22521] pimreg0: linktype set to 800 [ 443.767838][T22582] ip6tnl1: entered promiscuous mode [ 443.793793][T22582] ip6tnl1: entered allmulticast mode [ 443.897074][T22590] tipc: Started in network mode [ 443.902083][T22590] tipc: Node identity ff, cluster identity 4711 [ 443.913246][T22590] tipc: Enabling of bearer rejected, failed to enable media [ 444.110362][T22599] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5656'. [ 444.142997][T22599] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5656'. [ 444.535157][T22618] netlink: 'syz.6.5664': attribute type 9 has an invalid length. [ 444.808256][T22632] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 444.974088][T22636] input: syz0 as /devices/virtual/input/input55 [ 445.028233][T22639] ucma_write: process 3394 (syz.5.5674) changed security contexts after opening file descriptor, this is not allowed. [ 445.255062][T22642] sctp: [Deprecated]: syz.5.5675 (pid 22642) Use of int in max_burst socket option deprecated. [ 445.255062][T22642] Use struct sctp_assoc_value instead [ 446.131823][T22669] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5687'. [ 446.313672][ T5136] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 446.320514][ T55] Bluetooth: hci5: command 0x1003 tx timeout [ 446.763719][T22698] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5699'. [ 447.161288][T22709] vivid-008: disconnect [ 447.183729][T22708] vivid-008: reconnect [ 447.523499][ T26] kernel write not supported for file /uinput (pid: 26 comm: kworker/1:0) [ 448.393103][ T10] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 448.569753][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 448.595009][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 448.624890][ T10] usb 4-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 448.643047][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 448.658659][ T10] usb 4-1: Product: syz [ 448.671451][ T10] usb 4-1: Manufacturer: syz [ 448.685012][ T10] usb 4-1: SerialNumber: syz [ 448.692255][ T10] usb 4-1: config 0 descriptor?? [ 448.705607][ T10] hub 4-1:0.0: bad descriptor, ignoring hub [ 448.711570][ T10] hub 4-1:0.0: probe with driver hub failed with error -5 [ 448.731496][ T10] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input56 [ 448.771190][ T10] usbtouchscreen 4-1:0.0: usbtouch_probe - usb_submit_urb failed with result: -8 [ 448.832783][ T10] usbtouchscreen 4-1:0.0: probe with driver usbtouchscreen failed with error -8 [ 448.953461][ T26] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 449.024334][ T10] usb 4-1: USB disconnect, device number 36 [ 449.128447][ T26] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 449.149487][ T26] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 449.167602][ T26] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 449.177436][ T26] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 449.192766][ T26] usb 5-1: SerialNumber: syz [ 449.437627][ T26] usb 5-1: 0:2 : does not exist [ 449.464515][ T26] usb 5-1: USB disconnect, device number 39 [ 450.726905][T22822] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 450.986813][T22831] tap0: tun_chr_ioctl cmd 1074025673 [ 452.119473][T22850] sp0: Synchronizing with TNC [ 452.129782][T22854] tc_dump_action: action bad kind [ 452.634236][ T26] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 452.653164][ T5876] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 452.805804][ T5876] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 452.817920][ T26] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 452.843073][ T5876] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 452.853132][ T26] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 452.880441][ T5876] usb 4-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 452.897851][ T26] usb 5-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 452.910219][ T5876] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 452.918590][ T26] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 452.937061][ T5876] usb 4-1: config 0 descriptor?? [ 452.944339][ T26] usb 5-1: config 0 descriptor?? [ 453.305021][T22791] Set syz1 is full, maxelem 65536 reached [ 453.325682][T22879] bridge_slave_0: default FDB implementation only supports local addresses [ 453.469715][T22883] bridge0: port 3(vlan2) entered blocking state [ 453.479086][T22883] bridge0: port 3(vlan2) entered disabled state [ 453.489284][T22883] vlan2: entered allmulticast mode [ 453.494766][T22883] gretap0: entered allmulticast mode [ 453.501731][T22883] vlan2: entered promiscuous mode [ 453.507031][T22883] gretap0: entered promiscuous mode [ 453.515072][T22883] bridge0: port 3(vlan2) entered blocking state [ 453.521439][T22883] bridge0: port 3(vlan2) entered forwarding state [ 453.566569][ T5876] hid-led 0003:27B8:01ED.004B: probe with driver hid-led failed with error -71 [ 453.576368][ T26] hid-led 0003:27B8:01ED.004A: probe with driver hid-led failed with error -71 [ 453.605447][ T5876] usb 4-1: USB disconnect, device number 37 [ 453.614057][ T26] usb 5-1: USB disconnect, device number 40 [ 453.653008][ T30] audit: type=1326 audit(1741809352.149:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22886 comm="syz.7.5786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bd838d169 code=0x7ffc0000 [ 453.707186][ T30] audit: type=1326 audit(1741809352.149:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22886 comm="syz.7.5786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bd838d169 code=0x7ffc0000 [ 453.737270][ T30] audit: type=1326 audit(1741809352.149:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22886 comm="syz.7.5786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=107 compat=0 ip=0x7f5bd838d169 code=0x7ffc0000 [ 453.772099][ T30] audit: type=1326 audit(1741809352.149:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22886 comm="syz.7.5786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bd838d169 code=0x7ffc0000 [ 453.803428][ T30] audit: type=1326 audit(1741809352.149:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22886 comm="syz.7.5786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bd838d169 code=0x7ffc0000 [ 454.378825][T22910] netlink: 'syz.5.5799': attribute type 39 has an invalid length. [ 454.799521][T22925] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5806'. [ 456.223044][ T26] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 456.271681][T22981] netlink: 24576 bytes leftover after parsing attributes in process `syz.7.5830'. [ 456.393414][ T26] usb 5-1: Using ep0 maxpacket: 32 [ 456.404966][ T26] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 456.413854][ T26] usb 5-1: config 0 has no interface number 0 [ 456.431991][ T26] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 456.440352][ T26] usb 5-1: config 0 has no interface number 0 [ 456.458189][ T26] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 456.473136][ T26] usb 5-1: config 0 has no interface number 0 [ 456.481134][ T26] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 456.496593][ T26] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 456.522937][ T26] usb 5-1: Product: syz [ 456.527147][ T26] usb 5-1: Manufacturer: syz [ 456.533458][ T26] usb 5-1: SerialNumber: syz [ 456.541363][ T26] usb 5-1: config 0 descriptor?? [ 456.550511][ T26] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 456.761552][ T26] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 456.773142][ T5904] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 456.792095][ T26] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 456.925817][ T5904] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 456.942403][ T5904] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 456.968899][ T5904] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 456.979353][ T5904] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 456.987470][ T5904] usb 4-1: SerialNumber: syz [ 457.201008][ C1] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 457.201695][ T5825] usb 5-1: USB disconnect, device number 41 [ 457.226687][ T5904] usb 4-1: 0:2 : does not exist [ 457.243855][ T5825] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 457.256208][ T5904] usb 4-1: USB disconnect, device number 38 [ 457.270959][ T5825] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 457.286801][ T5825] quatech2 5-1:0.51: device disconnected [ 457.505690][T23005] netlink: 156 bytes leftover after parsing attributes in process `syz.6.5841'. [ 457.522275][T23005] netlink: 24 bytes leftover after parsing attributes in process `syz.6.5841'. [ 457.960368][T23021] netlink: 60 bytes leftover after parsing attributes in process `syz.6.5848'. [ 457.977288][T23021] netlink: 60 bytes leftover after parsing attributes in process `syz.6.5848'. [ 458.000194][T23020] netlink: 60 bytes leftover after parsing attributes in process `syz.6.5848'. [ 458.293133][ T5876] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 458.463093][ T5876] usb 4-1: Using ep0 maxpacket: 8 [ 458.478936][ T5876] usb 4-1: New USB device found, idVendor=12d1, idProduct=fae2, bcdDevice=70.8b [ 458.502533][ T5876] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 458.517834][ T5876] usb 4-1: Product: syz [ 458.522206][ T5876] usb 4-1: Manufacturer: syz [ 458.529318][ T5876] usb 4-1: SerialNumber: syz [ 458.541609][ T5876] usb 4-1: config 0 descriptor?? [ 458.552224][ T5876] option 4-1:0.0: GSM modem (1-port) converter detected [ 458.765687][ T26] usb 4-1: USB disconnect, device number 39 [ 458.772621][ T26] option 4-1:0.0: device disconnected [ 458.888134][T23046] netlink: 'syz.5.5860': attribute type 21 has an invalid length. [ 458.900976][T23046] netlink: 'syz.5.5860': attribute type 1 has an invalid length. [ 458.910186][T23046] netlink: 16050 bytes leftover after parsing attributes in process `syz.5.5860'. [ 459.097962][T23057] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5865'. [ 459.116253][T23057] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:24) already exists on: dummy0 [ 459.126867][T23057] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 459.144054][T23057] vlan0: entered allmulticast mode [ 459.149315][T23057] dummy0: entered allmulticast mode [ 459.583512][T23076] sctp: [Deprecated]: syz.5.5875 (pid 23076) Use of struct sctp_assoc_value in delayed_ack socket option. [ 459.583512][T23076] Use struct sctp_sack_info instead [ 459.693159][ T26] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 459.883211][ T26] usb 5-1: Using ep0 maxpacket: 16 [ 459.894801][ T26] usb 5-1: New USB device found, idVendor=056a, idProduct=030e, bcdDevice= 0.00 [ 459.923292][ T26] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 459.944527][ T26] usb 5-1: config 0 descriptor?? [ 460.181550][T23102] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5889'. [ 460.362142][ T26] wacom 0003:056A:030E.004C: Unknown device_type for 'HID 056a:030e'. Assuming pen. [ 460.386371][ T26] wacom 0003:056A:030E.004C: hidraw0: USB HID v20.00 Device [HID 056a:030e] on usb-dummy_hcd.4-1/input0 [ 460.406637][ T26] input: Wacom Intuos S Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:056A:030E.004C/input/input57 [ 460.596228][ T5904] usb 5-1: USB disconnect, device number 42 [ 460.871331][T23128] netlink: 11 bytes leftover after parsing attributes in process `syz.5.5899'. [ 460.900671][T23128] netlink: 20 bytes leftover after parsing attributes in process `syz.5.5899'. [ 461.038550][T23135] netlink: 104 bytes leftover after parsing attributes in process `syz.6.5903'. [ 461.103080][ T47] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 461.255595][T23140] veth1_macvtap: left promiscuous mode [ 461.282172][ T47] usb 4-1: Using ep0 maxpacket: 32 [ 461.302240][ T47] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 461.315637][ T47] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 461.326292][ T47] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 461.335516][ T47] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 461.348067][ T47] hub 4-1:4.0: USB hub found [ 461.555832][ T47] hub 4-1:4.0: 3 ports detected [ 461.564215][ T47] hub 4-1:4.0: insufficient power available to use all downstream ports [ 461.618441][T23151] usb usb8: usbfs: process 23151 (syz.5.5910) did not claim interface 0 before use [ 461.922012][ T47] hub 4-1:4.0: hub_hub_status failed (err = -71) [ 461.928629][ T47] hub 4-1:4.0: config failed, can't get hub status (err -71) [ 461.954005][ T47] usb 4-1: USB disconnect, device number 40 [ 462.551557][T23174] netlink: 'syz.3.5921': attribute type 1 has an invalid length. [ 463.069070][T23192] kvm: kvm [23191]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x4000002a) = 0x4 [ 463.881396][T23217] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5941'. [ 463.942732][T23219] netlink: 'syz.5.5942': attribute type 2 has an invalid length. [ 464.032978][ T5825] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 464.188424][ T26] kernel write not supported for file /vcs (pid: 26 comm: kworker/1:0) [ 464.203901][ T5825] usb 4-1: Using ep0 maxpacket: 16 [ 464.210860][ T5825] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 464.229822][ T5825] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 464.249752][ T5825] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 464.292581][ T5825] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 464.301864][ T5825] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 464.335460][ T5825] usb 4-1: config 0 descriptor?? [ 464.754166][ T5825] kovaplus 0003:1E7D:2D50.004D: unknown main item tag 0x0 [ 464.767337][ T5825] kovaplus 0003:1E7D:2D50.004D: unknown main item tag 0x0 [ 464.774968][ T5825] kovaplus 0003:1E7D:2D50.004D: unknown main item tag 0x0 [ 464.786254][ T5825] kovaplus 0003:1E7D:2D50.004D: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.3-1/input0 [ 465.015257][T23257] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 465.033543][ T5873] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 465.153717][ T5825] kovaplus 0003:1E7D:2D50.004D: couldn't init struct kovaplus_device [ 465.164859][ T5825] kovaplus 0003:1E7D:2D50.004D: couldn't install mouse [ 465.173132][ T5825] kovaplus 0003:1E7D:2D50.004D: probe with driver kovaplus failed with error -71 [ 465.186456][ T5825] usb 4-1: USB disconnect, device number 41 [ 465.203606][ T5873] usb 5-1: Using ep0 maxpacket: 32 [ 465.211178][ T5873] usb 5-1: config 0 has an invalid interface number: 12 but max is 0 [ 465.223594][ T5873] usb 5-1: config 0 has no interface number 0 [ 465.230059][ T5873] usb 5-1: config 0 interface 12 has no altsetting 0 [ 465.241821][ T5873] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 465.251403][ T5873] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 465.260417][ T5873] usb 5-1: Product: syz [ 465.265211][ T5873] usb 5-1: Manufacturer: syz [ 465.269913][ T5873] usb 5-1: SerialNumber: syz [ 465.278899][ T5873] usb 5-1: config 0 descriptor?? [ 466.109824][ T5873] f81534 5-1:0.12: f81534_set_register: reg: 1002 data: 0 failed: -71 [ 466.125727][ T5873] f81534 5-1:0.12: f81534_find_config_idx: read failed: -71 [ 466.152273][ T5873] f81534 5-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 466.173409][ T5873] f81534 5-1:0.12: probe with driver f81534 failed with error -71 [ 466.206514][ T5873] usb 5-1: USB disconnect, device number 43 [ 466.263862][ T30] audit: type=1326 audit(1741809364.759:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23268 comm="syz.6.5965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fedd2f8d169 code=0x7fc00000 [ 466.464464][T23286] input: syz0 as /devices/virtual/input/input60 [ 466.543970][T23288] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 467.100714][ T5136] Bluetooth: hci4: Malformed LE Event: 0x1d [ 467.698958][ T26] kernel write not supported for file /1152/attr/exec (pid: 26 comm: kworker/1:0) [ 468.571912][T23359] 8021q: adding VLAN 0 to HW filter on device bond1 [ 468.663277][ T5873] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 468.689522][T23362] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6006'. [ 468.850029][ T5873] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 468.867515][ T5873] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 468.893207][ T5873] usb 5-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 468.902285][ T5873] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 468.925955][ T5873] usb 5-1: config 0 descriptor?? [ 469.017916][T23375] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 469.032673][T23375] batadv_slave_1: entered promiscuous mode [ 469.042527][T23375] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6012'. [ 469.364922][ T5873] playstation 0003:054C:0DF2.004E: unknown main item tag 0x0 [ 469.380503][ T5873] playstation 0003:054C:0DF2.004E: unknown main item tag 0x0 [ 469.389456][ T5873] playstation 0003:054C:0DF2.004E: unknown main item tag 0x0 [ 469.397759][ T5873] playstation 0003:054C:0DF2.004E: unknown main item tag 0x0 [ 469.406945][ T5873] playstation 0003:054C:0DF2.004E: unknown main item tag 0x0 [ 469.416915][ T5873] playstation 0003:054C:0DF2.004E: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.4-1/input0 [ 469.439447][T23387] program syz.7.6018 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 469.589251][T23393] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 469.765663][ T5873] playstation 0003:054C:0DF2.004E: Failed to retrieve feature with reportID 32: -71 [ 469.782942][ T5873] playstation 0003:054C:0DF2.004E: Failed to retrieve DualSense firmware info: -71 [ 469.800180][ T5873] playstation 0003:054C:0DF2.004E: Failed to get firmware info from DualSense [ 469.832970][ T5873] playstation 0003:054C:0DF2.004E: Failed to create dualsense. [ 469.849706][ T5873] playstation 0003:054C:0DF2.004E: probe with driver playstation failed with error -71 [ 469.886843][ T5873] usb 5-1: USB disconnect, device number 44 [ 470.140701][T23416] openvswitch: netlink: nsh attribute has 65512 unknown bytes. [ 470.148689][T23416] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 470.266078][ T30] audit: type=1326 audit(1741809368.769:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23421 comm="syz.3.6035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fece7584127 code=0x7ffc0000 [ 470.291184][ T30] audit: type=1326 audit(1741809368.769:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23421 comm="syz.3.6035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fece7529359 code=0x7ffc0000 [ 470.363083][ T30] audit: type=1326 audit(1741809368.769:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23421 comm="syz.3.6035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fece7584127 code=0x7ffc0000 [ 470.413358][ T30] audit: type=1326 audit(1741809368.769:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23421 comm="syz.3.6035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fece7529359 code=0x7ffc0000 [ 470.448693][ T30] audit: type=1326 audit(1741809368.769:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23421 comm="syz.3.6035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fece7584127 code=0x7ffc0000 [ 470.479024][ T30] audit: type=1326 audit(1741809368.769:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23421 comm="syz.3.6035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fece7529359 code=0x7ffc0000 [ 470.532678][ T30] audit: type=1326 audit(1741809368.769:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23421 comm="syz.3.6035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fece7584127 code=0x7ffc0000 [ 470.564868][ T30] audit: type=1326 audit(1741809368.769:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23421 comm="syz.3.6035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fece7529359 code=0x7ffc0000 [ 470.590169][ T30] audit: type=1326 audit(1741809368.769:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23421 comm="syz.3.6035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fece7584127 code=0x7ffc0000 [ 470.864507][T23445] program syz.5.6045 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 471.053224][T23456] ?: renamed from vlan0 (while UP) [ 471.069103][T23457] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6050'. [ 471.092799][T23457] netlink: 27 bytes leftover after parsing attributes in process `syz.7.6050'. [ 471.433665][ T5873] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 471.633099][ T5873] usb 5-1: Using ep0 maxpacket: 8 [ 471.639759][ T5873] usb 5-1: config 0 has no interfaces? [ 471.645734][ T5873] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 471.671225][ T5873] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 471.707870][ T5873] usb 5-1: config 0 descriptor?? [ 471.939975][ T26] usb 5-1: USB disconnect, device number 45 [ 472.205347][T23511] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6075'. [ 472.824048][T23537] netlink: 165 bytes leftover after parsing attributes in process `syz.3.6088'. [ 473.402287][T23563] syz_tun: entered promiscuous mode [ 473.421860][T23563] syz_tun: left promiscuous mode [ 473.706554][T23571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:24) already exists on: dummy0 [ 473.758340][T23571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 473.888122][T23577] netlink: 156 bytes leftover after parsing attributes in process `syz.6.6107'. [ 473.928076][T23577] netlink: 24 bytes leftover after parsing attributes in process `syz.6.6107'. [ 474.037741][T23584] netlink: 'syz.4.6110': attribute type 10 has an invalid length. [ 474.050458][T23584] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6110'. [ 474.123914][T23588] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 476.773333][T23681] netlink: 'syz.4.6154': attribute type 3 has an invalid length. [ 476.781123][T23681] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6154'. [ 476.819924][T23681] netlink: 'syz.4.6154': attribute type 3 has an invalid length. [ 476.832798][T23681] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6154'. [ 477.277210][T23708] vxcan5: entered promiscuous mode [ 477.291495][T23708] vxcan5: entered allmulticast mode [ 479.242114][T23786] netlink: 'syz.6.6204': attribute type 2 has an invalid length. [ 479.447898][T23793] vivid-000: disconnect [ 479.475324][T23792] vivid-000: reconnect [ 479.811283][T23805] IPVS: persistence engine module ip_vs_pe_ not found [ 480.837244][T23849] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6233'. [ 480.853301][T23849] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6233'. [ 481.047441][T23857] UBIFS error (pid: 23857): cannot open "/dev/loop7", error -22 [ 481.147985][T23864] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6238'. [ 481.433485][ T55] Bluetooth: hci2: command 0x0405 tx timeout [ 481.550432][T23882] vxcan1: tx address claim with dlc 0 [ 482.633654][T23917] netlink: 'syz.5.6264': attribute type 3 has an invalid length. [ 483.115047][T23937] input: syz0 as /devices/virtual/input/input61 [ 483.463558][ T30] kauditd_printk_skb: 196 callbacks suppressed [ 483.463577][ T30] audit: type=1326 audit(1741809637.970:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23957 comm="syz.4.6281" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f06a3d8d169 code=0x0 [ 483.567129][T23961] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6285'. [ 483.589964][T23961] netlink: 20 bytes leftover after parsing attributes in process `syz.6.6285'. [ 484.414299][ T5876] usb 4-1: new full-speed USB device number 42 using dummy_hcd [ 484.587359][ T5876] usb 4-1: too many endpoints for config 0 interface 0 altsetting 169: 242, using maximum allowed: 30 [ 484.613033][ T5876] usb 4-1: config 0 interface 0 altsetting 169 endpoint 0x81 has invalid wMaxPacketSize 0 [ 484.631465][ T5876] usb 4-1: config 0 interface 0 altsetting 169 has 1 endpoint descriptor, different from the interface descriptor's value: 242 [ 484.656482][ T5876] usb 4-1: config 0 interface 0 has no altsetting 0 [ 484.668618][ T5876] usb 4-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00 [ 484.690583][ T5876] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 484.710967][ T5876] usb 4-1: config 0 descriptor?? [ 485.138412][ T5876] logitech 0003:046D:C29C.004F: unknown main item tag 0x0 [ 485.155738][ T5876] logitech 0003:046D:C29C.004F: unknown main item tag 0x0 [ 485.163572][ T5876] logitech 0003:046D:C29C.004F: unknown main item tag 0x0 [ 485.177055][ T5876] logitech 0003:046D:C29C.004F: hidraw0: USB HID v0.03 Device [HID 046d:c29c] on usb-dummy_hcd.3-1/input0 [ 485.190178][T24022] netlink: 160 bytes leftover after parsing attributes in process `syz.4.6313'. [ 485.248049][T24025] bond0: option fail_over_mac: unable to set because the bond device has slaves [ 485.323949][T24021] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 485.331349][T24027] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6316'. [ 485.552593][ T5876] logitech 0003:046D:C29C.004F: no inputs found [ 485.576941][ T5876] usb 4-1: USB disconnect, device number 42 [ 486.134750][T24053] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6328'. [ 486.322805][T24063] random: crng reseeded on system resumption [ 487.027782][T24090] netlink: 10 bytes leftover after parsing attributes in process `syz.4.6346'. [ 487.074853][T24092] ref_ctr_offset mismatch. inode: 0x1806 offset: 0x7 ref_ctr_offset(old): 0x2 ref_ctr_offset(new): 0x0 [ 487.589498][T24115] netlink: 32 bytes leftover after parsing attributes in process `syz.5.6357'. [ 488.043321][ T5825] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 488.222938][ T5825] usb 4-1: config 0 interface 0 altsetting 101 endpoint 0x81 has invalid wMaxPacketSize 0 [ 488.249068][ T5825] usb 4-1: config 0 interface 0 has no altsetting 0 [ 488.269317][ T5825] usb 4-1: New USB device found, idVendor=04d9, idProduct=a072, bcdDevice= 0.00 [ 488.287119][ T5825] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 488.305796][ T5825] usb 4-1: config 0 descriptor?? [ 488.503795][T24153] kernel read not supported for file /eth0 (pid: 24153 comm: syz.7.6374) [ 488.543700][ T30] audit: type=1800 audit(1741809643.050:534): pid=24153 uid=0 auid=0 ses=2 subj=_ op=collect_data cause=failed comm="syz.7.6374" name="eth0" dev="mqueue" ino=68993 res=0 errno=0 [ 488.732294][ T5825] holtek_mouse 0003:04D9:A072.0050: unknown main item tag 0x4 [ 488.749485][ T5825] holtek_mouse 0003:04D9:A072.0050: unknown main item tag 0x3 [ 488.770102][ T5825] holtek_mouse 0003:04D9:A072.0050: hidraw0: USB HID v0.00 Device [HID 04d9:a072] on usb-dummy_hcd.3-1/input0 [ 488.955029][ T5876] usb 4-1: USB disconnect, device number 43 [ 489.049886][T24175] netlink: 12 bytes leftover after parsing attributes in process `syz.7.6385'. [ 489.346027][T24190] netlink: 830 bytes leftover after parsing attributes in process `syz.7.6392'. [ 489.482207][T24198] netlink: 'syz.4.6396': attribute type 1 has an invalid length. [ 489.512580][T24198] netlink: 224 bytes leftover after parsing attributes in process `syz.4.6396'. [ 489.650267][T24204] misc userio: Invalid payload size [ 489.823516][ T26] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 489.995173][ T26] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 490.008373][ T26] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 490.027371][ T26] usb 4-1: config 1 has no interface number 0 [ 490.043489][ T26] usb 4-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 490.069089][ T26] usb 4-1: config 1 interface 1 has no altsetting 0 [ 490.086969][ T26] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 490.096470][ T26] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 490.122108][ T26] usb 4-1: Product: syz [ 490.137576][ T26] usb 4-1: Manufacturer: syz [ 490.154726][ T26] usb 4-1: SerialNumber: syz [ 490.372134][T24224] ALSA: mixer_oss: invalid OSS volume 'DIG¨TAL1' [ 490.602373][ T5876] usb 4-1: USB disconnect, device number 44 [ 490.763533][ T5904] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 490.924955][ T5904] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 490.936194][ T5904] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 490.947499][ T5904] usb 5-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 490.961564][ T5904] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 490.971592][ T5904] usb 5-1: config 0 descriptor?? [ 491.405244][ T5904] hid-thrustmaster 0003:044F:B65D.0051: unknown main item tag 0x0 [ 491.425329][ T5904] hid-thrustmaster 0003:044F:B65D.0051: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.4-1/input0 [ 491.451035][ T5904] hid-thrustmaster 0003:044F:B65D.0051: Wrong number of endpoints? [ 491.607580][ C0] hid-thrustmaster 0003:044F:B65D.0051: Unknown packet type 0x0, unable to proceed further with wheel init [ 491.686107][ T30] audit: type=1326 audit(1741809646.190:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24269 comm="syz.5.6430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63c118d169 code=0x7ffc0000 [ 491.748222][ T30] audit: type=1326 audit(1741809646.190:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24269 comm="syz.5.6430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63c118d169 code=0x7ffc0000 [ 491.772687][ T30] audit: type=1326 audit(1741809646.220:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24269 comm="syz.5.6430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f63c118d169 code=0x7ffc0000 [ 491.829465][ T5904] usb 5-1: USB disconnect, device number 46 [ 491.847654][ T30] audit: type=1326 audit(1741809646.220:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24269 comm="syz.5.6430" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f63c118d169 code=0x0 [ 492.101646][T24282] netlink: 40 bytes leftover after parsing attributes in process `syz.3.6434'. [ 493.662411][ T5136] Bluetooth: hci4: Invalid handle: 0x9500 > 0x0eff [ 496.272326][T24416] tap0: tun_chr_ioctl cmd 1074025681 [ 496.851346][T24439] serio: Serial port ptm0 [ 497.849646][T24468] netlink: 'syz.5.6518': attribute type 4 has an invalid length. [ 498.312799][T24486] netlink: 28 bytes leftover after parsing attributes in process `syz.6.6526'. [ 498.342650][T24486] netlink: 28 bytes leftover after parsing attributes in process `syz.6.6526'. [ 498.739038][ T30] audit: type=1326 audit(1741809653.240:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24501 comm="syz.6.6535" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fedd2f8d169 code=0x0 [ 499.039320][T24520] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6541'. [ 499.090833][T24520] netlink: 32 bytes leftover after parsing attributes in process `syz.7.6541'. [ 499.141730][T24522] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6542'. [ 499.352472][ T30] audit: type=1326 audit(1741809653.850:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24527 comm="syz.3.6545" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fece758d169 code=0x0 [ 499.534311][T24532] Falling back ldisc for ttyS3. [ 499.892074][T24542] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6551'. [ 499.918845][T24542] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6551'. [ 499.933637][T24542] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6551'. [ 501.040439][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.382357][T24591] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 501.390529][T24591] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 501.745487][T24605] 9pnet_fd: Insufficient options for proto=fd [ 502.239766][T24619] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6586'. [ 502.508280][T24629] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6591'. [ 503.640929][T24683] __nla_validate_parse: 2 callbacks suppressed [ 503.640947][T24683] netlink: 24 bytes leftover after parsing attributes in process `syz.6.6615'. [ 504.108194][ T30] audit: type=1800 audit(1741809658.610:541): pid=24702 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.6622" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=71997 res=0 errno=0 [ 504.723156][T24727] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6637'. [ 505.213365][ T26] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 505.373458][ T26] usb 4-1: Using ep0 maxpacket: 8 [ 505.388136][ T26] usb 4-1: unable to get BOS descriptor or descriptor too short [ 505.407420][ T26] usb 4-1: no configurations [ 505.412447][ T26] usb 4-1: can't read configurations, error -22 [ 507.283997][ T26] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 507.312344][T24830] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 507.341661][T24830] team0: Port device batadv1 added [ 507.363836][T24831] netlink: 24 bytes leftover after parsing attributes in process `syz.5.6679'. [ 507.382558][T24831] netlink: 24 bytes leftover after parsing attributes in process `syz.5.6679'. [ 507.393718][T24831] netlink: 'syz.5.6679': attribute type 4 has an invalid length. [ 507.453436][ T26] usb 5-1: Using ep0 maxpacket: 32 [ 507.486878][ T26] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 507.507360][ T26] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x2 has an invalid bInterval 129, changing to 11 [ 507.534661][ T26] usb 5-1: config 0 interface 0 altsetting 16 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 507.559886][T24838] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6684'. [ 507.598649][ T26] usb 5-1: config 0 interface 0 has no altsetting 0 [ 507.615680][T24838] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6684'. [ 507.623213][ T26] usb 5-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 507.664067][ T26] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 507.714345][ T26] usb 5-1: config 0 descriptor?? [ 508.160130][ T26] corsair-cpro 0003:1B1C:0C10.0052: hidraw0: USB HID v0.00 Device [HID 1b1c:0c10] on usb-dummy_hcd.4-1/input0 [ 508.349045][ T26] corsair-cpro 0003:1B1C:0C10.0052: probe with driver corsair-cpro failed with error -71 [ 508.366635][ T26] usb 5-1: USB disconnect, device number 47 [ 510.081877][ T55] Bluetooth: hci2: command 0x0405 tx timeout [ 510.093630][T24918] dummy0: entered promiscuous mode [ 510.255982][T24924] netlink: 16 bytes leftover after parsing attributes in process `syz.6.6720'. [ 510.953444][ T26] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 511.040997][T24959] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6738'. [ 511.133226][ T26] usb 5-1: Using ep0 maxpacket: 32 [ 511.140640][ T26] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 511.176877][ T26] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 511.199984][ T26] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 511.231256][ T26] usb 5-1: Product: syz [ 511.253388][ T26] usb 5-1: Manufacturer: syz [ 511.270007][ T26] usb 5-1: SerialNumber: syz [ 511.285262][T24968] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6741'. [ 511.327912][ T26] usb 5-1: config 0 descriptor?? [ 511.363542][T24944] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 511.373938][ T26] hub 5-1:0.0: bad descriptor, ignoring hub [ 511.379883][ T26] hub 5-1:0.0: probe with driver hub failed with error -5 [ 511.884461][ T5825] usb 5-1: USB disconnect, device number 48 [ 512.715235][T25013] netlink: 'syz.4.6764': attribute type 10 has an invalid length. [ 512.733345][T25013] netlink: 40 bytes leftover after parsing attributes in process `syz.4.6764'. [ 512.759450][T25013] team0: Port device geneve0 added [ 512.783303][T25014] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6765'. [ 512.809984][T25014] team0: Device ipvlan2 failed to register rx_handler [ 514.011780][T25047] unknown channel width for channel at 909000KHz? [ 514.313493][ T47] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 514.493714][ T47] usb 4-1: Using ep0 maxpacket: 16 [ 514.517604][ T47] usb 4-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 514.529005][ T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 514.568825][ T47] usb 4-1: Product: syz [ 514.580250][ T47] usb 4-1: Manufacturer: syz [ 514.587067][ T47] usb 4-1: SerialNumber: syz [ 514.613994][ T47] usb 4-1: config 0 descriptor?? [ 514.634477][ T47] ssu100 4-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 515.228715][ T47] ssu100 4-1:0.0: probe with driver ssu100 failed with error -71 [ 515.263182][ T47] usb 4-1: USB disconnect, device number 47 [ 515.572985][T25099] sp0: Synchronizing with TNC [ 515.626000][T25099] Falling back ldisc for ttyS3. [ 515.894768][T25112] kAFS: unable to lookup cell '(,/¾ûM' [ 516.175171][T25123] Invalid logical block size (131072) [ 516.198274][T25124] netlink: 60 bytes leftover after parsing attributes in process `syz.5.6811'. [ 516.542320][T25135] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6817'. [ 516.559329][T25137] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6818'. [ 517.632520][T25182] gfs2: gfs2 mount does not exist [ 518.569343][ T30] audit: type=1804 audit(1741809673.070:542): pid=25215 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.7.6856" name="/newroot/228/bus" dev="tmpfs" ino=1171 res=1 errno=0 [ 519.159932][T25242] netlink: 24 bytes leftover after parsing attributes in process `syz.6.6869'. [ 519.748710][T25270] netlink: 32 bytes leftover after parsing attributes in process `syz.7.6881'. [ 520.042458][T25279] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 520.124287][ T30] audit: type=1800 audit(1741809674.610:543): pid=25284 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.6.6888" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0 [ 521.441693][T25337] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6912'. [ 521.465757][T25337] IPVS: Error joining to the multicast group [ 521.553074][ T5825] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 521.649102][T25348] lo: entered promiscuous mode [ 521.661253][T25348] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 521.713522][ T5825] usb 4-1: Using ep0 maxpacket: 32 [ 521.721816][ T5825] usb 4-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 521.746600][ T5825] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 521.763749][ T5825] usb 4-1: config 0 descriptor?? [ 521.781910][ T5825] gspca_main: sq930x-2.14.0 probing 041e:403c [ 521.823878][T25352] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6918'. [ 521.875701][T25354] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(3) [ 521.882662][T25354] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 521.902481][T25354] vhci_hcd vhci_hcd.0: Device attached [ 522.061743][T25355] usbip_core: unknown command [ 522.082489][T25355] vhci_hcd: unknown pdu 134217728 [ 522.103211][T25355] usbip_core: unknown command [ 522.132992][ T26] usb 47-1: new high-speed USB device number 2 using vhci_hcd [ 522.147559][T25356] vhci_hcd: sendmsg failed!, ret=-32 for 48 [ 522.165160][ T53] vhci_hcd: stop threads [ 522.169441][ T53] vhci_hcd: release socket [ 522.185135][ T53] vhci_hcd: disconnect device [ 522.611316][T25374] netlink: 'syz.4.6926': attribute type 1 has an invalid length. [ 522.646866][ T5825] gspca_sq930x: reg_w 0105 bf00 failed -71 [ 522.713214][ T5825] sq930x 4-1:0.0: probe with driver sq930x failed with error -71 [ 522.734982][ T5825] usb 4-1: USB disconnect, device number 48 [ 523.029907][T25385] bridge0: port 1(bridge_slave_0) entered disabled state [ 523.414816][T25385] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 523.428110][T25385] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 523.524638][T25385] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 523.543069][T25385] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 523.551994][T25385] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 523.613569][T25385] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 524.116652][T25420] netlink: 52 bytes leftover after parsing attributes in process `syz.7.6944'. [ 524.623408][T25442] netlink: 36 bytes leftover after parsing attributes in process `syz.5.6954'. [ 524.810530][T25451] can0: slcan on ttyS3. [ 524.878577][T25451] can0 (unregistered): slcan off ttyS3. [ 524.893168][T25451] Falling back ldisc for ttyS3. [ 525.321946][T25478] openvswitch: netlink: nsh attribute has 65512 unknown bytes. [ 525.349708][T25478] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 525.433166][T25481] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6972'. [ 525.455795][T25481] bridge0: entered promiscuous mode [ 525.465280][T25481] macsec1: entered promiscuous mode [ 525.514186][T25484] netem: incorrect ge model size [ 525.519796][T25484] netem: change failed [ 526.393159][ T5136] Bluetooth: hci2: command 0x0405 tx timeout [ 527.265191][ T26] vhci_hcd: vhci_device speed not set [ 527.440517][T25558] mkiss: ax0: crc mode is auto. [ 527.964243][T25579] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7017'. [ 528.723411][T25609] netlink: 6 bytes leftover after parsing attributes in process `syz.3.7032'. [ 528.763365][ T26] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 528.920096][ T26] usb 5-1: Using ep0 maxpacket: 32 [ 528.935613][ T26] usb 5-1: unable to get BOS descriptor or descriptor too short [ 528.964846][ T26] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 528.973817][ T26] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 529.004503][ T26] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 529.035305][ T26] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 529.046558][ T26] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 529.063273][ T26] usb 5-1: Product: syz [ 529.067574][ T26] usb 5-1: Manufacturer: syz [ 529.072218][ T26] usb 5-1: SerialNumber: syz [ 529.334465][ T26] usb 5-1: 0:2 : does not exist [ 529.355141][ T26] usb 5-1: USB disconnect, device number 49 [ 530.258752][ T30] audit: type=1326 audit(1741809684.760:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25650 comm="syz.4.7052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06a3d8d169 code=0x7ffc0000 [ 530.314899][ T30] audit: type=1326 audit(1741809684.760:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25650 comm="syz.4.7052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06a3d8d169 code=0x7ffc0000 [ 530.342195][ T30] audit: type=1326 audit(1741809684.800:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25650 comm="syz.4.7052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f06a3d8d169 code=0x7ffc0000 [ 530.371920][ T30] audit: type=1326 audit(1741809684.800:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25650 comm="syz.4.7052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06a3d8d169 code=0x7ffc0000 [ 530.410063][ T30] audit: type=1326 audit(1741809684.800:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25650 comm="syz.4.7052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06a3d8d169 code=0x7ffc0000 [ 530.442007][ T30] audit: type=1326 audit(1741809684.800:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25650 comm="syz.4.7052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f06a3d8d169 code=0x7ffc0000 [ 530.476235][ T30] audit: type=1326 audit(1741809684.800:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25650 comm="syz.4.7052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06a3d8d169 code=0x7ffc0000 [ 530.508265][ T30] audit: type=1326 audit(1741809684.800:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25650 comm="syz.4.7052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f06a3d84127 code=0x7ffc0000 [ 530.545538][ T30] audit: type=1326 audit(1741809684.800:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25650 comm="syz.4.7052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f06a3d29359 code=0x7ffc0000 [ 530.576958][ T30] audit: type=1326 audit(1741809684.800:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25650 comm="syz.4.7052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f06a3d84127 code=0x7ffc0000 [ 530.879547][ T55] Bluetooth: hci2: unexpected event for opcode 0x2042 [ 531.506175][T25695] erspan0: entered promiscuous mode [ 531.559617][T25695] erspan0: left promiscuous mode [ 531.630716][T25697] netlink: 840 bytes leftover after parsing attributes in process `syz.3.7073'. [ 531.854084][T25708] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7078'. [ 531.993491][T25715] netlink: 64 bytes leftover after parsing attributes in process `syz.5.7082'. [ 532.917197][T25753] overlayfs: missing 'workdir' [ 533.420746][T25776] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7110'. [ 533.448849][T25778] bridge_slave_0: invalid flags given to default FDB implementation [ 533.783755][T25796] can0: slcan on ptm0. [ 533.855185][T25794] can0 (unregistered): slcan off ptm0. [ 534.838651][T25861] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7132'. [ 534.877975][T25861] macsec0: entered promiscuous mode [ 534.954344][ T55] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 534.965323][ T55] Bluetooth: hci2: Injecting HCI hardware error event [ 534.975531][ T5136] Bluetooth: hci2: hardware error 0x00 [ 534.995066][T25391] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 535.213519][T25391] usb 4-1: Using ep0 maxpacket: 16 [ 535.239947][T25391] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 535.263225][T25391] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 535.271263][T25391] usb 4-1: Product: syz [ 535.292320][T25391] usb 4-1: Manufacturer: syz [ 535.297568][T25391] usb 4-1: SerialNumber: syz [ 535.305419][T25391] r8152-cfgselector 4-1: Unknown version 0x0000 [ 535.311705][T25391] r8152-cfgselector 4-1: config 0 descriptor?? [ 535.749175][ T47] r8152-cfgselector 4-1: USB disconnect, device number 49 [ 536.001557][T25899] kvm: user requested TSC rate below hardware speed [ 536.785457][T25932] sctp: [Deprecated]: syz.5.7166 (pid 25932) Use of int in max_burst socket option deprecated. [ 536.785457][T25932] Use struct sctp_assoc_value instead [ 536.913737][T25938] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7169'. [ 537.273566][ T5136] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 537.977370][T25975] netlink: 36 bytes leftover after parsing attributes in process `syz.4.7187'. [ 538.020957][T25975] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7187'. [ 538.212736][T25985] openvswitch: netlink: nsh attribute has 65504 unknown bytes. [ 538.220947][T25985] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 538.238565][T25988] netlink: 196 bytes leftover after parsing attributes in process `syz.4.7194'. [ 538.308351][T25990] delete_channel: no stack [ 538.913312][ T5876] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 538.938485][T26025] netlink: 47 bytes leftover after parsing attributes in process `syz.6.7210'. [ 539.072995][T26028] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 539.086171][ T5876] usb 4-1: Using ep0 maxpacket: 8 [ 539.095841][ T5876] usb 4-1: config 0 interface 0 has no altsetting 0 [ 539.106343][T25839] Bluetooth: hci5: Frame reassembly failed (-84) [ 539.119822][ T5876] usb 4-1: New USB device found, idVendor=048d, idProduct=ce50, bcdDevice= 0.00 [ 539.149764][ T5876] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 539.176484][ T5876] usb 4-1: config 0 descriptor?? [ 539.620970][ T5876] asus 0003:048D:CE50.0053: unknown main item tag 0x0 [ 539.639210][ T5876] asus 0003:048D:CE50.0053: unknown main item tag 0x0 [ 539.639214][T26046] netlink: 32 bytes leftover after parsing attributes in process `syz.6.7220'. [ 539.665425][ T5876] asus 0003:048D:CE50.0053: unknown main item tag 0x0 [ 539.672457][ T5876] asus 0003:048D:CE50.0053: unknown main item tag 0x0 [ 539.699322][ T5876] asus 0003:048D:CE50.0053: unknown main item tag 0x0 [ 539.720363][ T5876] asus 0003:048D:CE50.0053: hidraw0: USB HID v1.01 Device [HID 048d:ce50] on usb-dummy_hcd.3-1/input0 [ 539.742412][ T5876] asus 0003:048D:CE50.0053: Asus input not registered [ 539.760003][ T5876] asus 0003:048D:CE50.0053: probe with driver asus failed with error -12 [ 539.834086][ T10] usb 4-1: USB disconnect, device number 50 [ 540.310850][T26076] xt_CT: You must specify a L4 protocol and not use inversions on it [ 540.498913][T26082] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7236'. [ 541.113514][ T5136] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 541.130516][ T55] Bluetooth: hci5: command 0x1003 tx timeout [ 541.572996][T25391] usb 5-1: new high-speed USB device number 50 using dummy_hcd [ 541.764871][T25391] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 541.793236][T25391] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 541.813830][T25391] usb 5-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00 [ 541.824977][T25391] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 541.847703][T25391] usb 5-1: config 0 descriptor?? [ 542.283440][T25391] hid-generic 0003:05AC:4262.0054: unbalanced delimiter at end of report description [ 542.302640][T25391] hid-generic 0003:05AC:4262.0054: probe with driver hid-generic failed with error -22 [ 542.499791][T25391] usb 5-1: USB disconnect, device number 50 [ 543.310332][T26194] netlink: 'syz.4.7291': attribute type 1 has an invalid length. [ 543.328677][T26194] netlink: 24 bytes leftover after parsing attributes in process `syz.4.7291'. [ 543.457729][T26200] vivid-001: disconnect [ 543.469400][T26203] tap0: tun_chr_ioctl cmd 2147767521 [ 543.479154][T26199] vivid-001: reconnect [ 543.483943][T26204] netlink: 'syz.6.7296': attribute type 11 has an invalid length. [ 544.236962][T26236] vim2m vim2m.0: vidioc_s_fmt queue busy [ 544.955628][T26266] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7323'. [ 545.230974][T26276] lo: entered allmulticast mode [ 545.253182][T26276] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 546.914261][T26319] netlink: 92 bytes leftover after parsing attributes in process `syz.6.7347'. [ 547.235489][T26333] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 548.039537][T26357] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 548.083385][ T55] Bluetooth: hci5: Entering manufacturer mode failed (-110) [ 548.091372][ T5136] Bluetooth: hci5: command 0xfc11 tx timeout [ 548.394862][T16867] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 548.872497][T26392] netlink: 'syz.7.7381': attribute type 1 has an invalid length. [ 549.044287][T26394] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7383'. [ 549.218717][T26398] sch_tbf: burst 1683 is lower than device lo mtu (65550) ! [ 549.683506][T25832] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 550.330288][T25832] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 551.668109][T26487] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 551.749071][T26491] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7428'. [ 552.013797][T26498] netlink: 60 bytes leftover after parsing attributes in process `syz.4.7431'. [ 552.235443][T25832] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 552.381230][T26508] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7435'. [ 552.400662][T26508] netlink: 'syz.4.7435': attribute type 21 has an invalid length. [ 554.071624][T26571] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7465'. [ 554.163738][T25832] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 554.467747][T26585] tap0: tun_chr_ioctl cmd 1074812118 [ 554.677170][T26597] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7477'. [ 554.808023][T26602] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7481'. [ 555.013888][T26612] Bluetooth: hci0: load_link_keys: expected 3 bytes, got 7 bytes [ 555.433815][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 555.441973][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 555.537930][T26626] program syz.7.7493 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 557.145014][T26660] netlink: 'syz.4.7507': attribute type 15 has an invalid length. [ 558.012659][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 559.855474][T26702] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7527'. [ 559.916429][T25839] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 560.557220][T25832] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 560.613255][T25391] usb 5-1: new high-speed USB device number 51 using dummy_hcd [ 560.784160][T25391] usb 5-1: Using ep0 maxpacket: 32 [ 560.821152][T25391] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 560.830681][T25391] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 560.871594][T25391] usb 5-1: config 0 descriptor?? [ 561.130465][T25391] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 561.151189][T25391] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 561.161144][T25391] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 561.170988][T25391] usb 5-1: media controller created [ 561.214466][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 561.216857][T25391] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 561.723626][T25391] az6027: usb out operation failed. (-71) [ 561.734890][T25391] stb0899_attach: Driver disabled by Kconfig [ 561.762944][T25391] az6027: no front-end attached [ 561.762944][T25391] [ 561.803423][T25391] az6027: usb out operation failed. (-71) [ 561.809471][T25391] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 561.840504][T25391] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input63 [ 561.894351][T25391] dvb-usb: schedule remote query interval to 400 msecs. [ 561.937301][T25391] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 561.953242][T25391] usb 5-1: USB disconnect, device number 51 [ 562.051409][T26655] Set syz1 is full, maxelem 65536 reached [ 562.090349][T25391] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 562.474368][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 562.484609][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.753986][T16867] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 563.807091][ T47] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 563.983416][ T47] usb 4-1: Using ep0 maxpacket: 16 [ 564.021435][ T47] usb 4-1: config 0 has an invalid interface number: 214 but max is 0 [ 564.032954][ T47] usb 4-1: config 0 has no interface number 0 [ 564.039168][ T47] usb 4-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64 [ 564.075280][ T47] usb 4-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 564.085917][ T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 564.103830][ T47] usb 4-1: Product: syz [ 564.108029][ T47] usb 4-1: Manufacturer: syz [ 564.143381][ T47] usb 4-1: SerialNumber: syz [ 564.152307][ T47] usb 4-1: config 0 descriptor?? [ 564.775368][ T47] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.214/input/input64 [ 565.047538][T26836] netlink: 340 bytes leftover after parsing attributes in process `syz.5.7593'. [ 565.085216][ T47] usb 4-1: USB disconnect, device number 51 [ 565.676855][ T53] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 565.988914][T26858] macsec2: entered promiscuous mode [ 566.017631][T26858] mac80211_hwsim hwsim12 wlan0: entered promiscuous mode [ 566.049268][T26858] macsec2: entered allmulticast mode [ 566.065261][T26858] mac80211_hwsim hwsim12 wlan0: entered allmulticast mode [ 566.325108][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 566.587448][T26879] netlink: 20 bytes leftover after parsing attributes in process `syz.3.7614'. [ 566.808754][T26887] netlink: 1256 bytes leftover after parsing attributes in process `syz.5.7618'. [ 566.962492][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 567.151738][T26900] openvswitch: netlink: Invalid MD length 0 for MD type 0 [ 567.184260][T26900] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 568.784013][T26951] dlm: no local IP address has been set [ 568.790557][T26951] dlm: cannot start dlm midcomms -107 [ 569.318277][T26968] netlink: 16 bytes leftover after parsing attributes in process `syz.3.7657'. [ 569.341584][T26968] netlink: 16 bytes leftover after parsing attributes in process `syz.3.7657'. [ 569.515027][T16867] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 569.882059][T26987] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7666'. [ 570.111828][T26993] netlink: 1256 bytes leftover after parsing attributes in process `syz.4.7669'. [ 570.121696][ T26] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 570.290409][ T26] usb 4-1: Using ep0 maxpacket: 16 [ 570.306962][ T26] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 570.343267][ T26] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 570.380160][ T26] usb 4-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 570.403293][ T26] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 570.445234][ T26] usb 4-1: config 0 descriptor?? [ 570.662320][T27006] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7674'. [ 570.867497][ T26] playstation 0003:054C:05C4.0055: hidraw0: USB HID v0.00 Device [HID 054c:05c4] on usb-dummy_hcd.3-1/input0 [ 571.065753][ T26] playstation 0003:054C:05C4.0055: Failed to retrieve feature with reportID 18: -71 [ 571.082093][ T26] playstation 0003:054C:05C4.0055: Failed to retrieve DualShock4 pairing info: -71 [ 571.105534][ T55] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 571.125910][ T55] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 571.134379][ T55] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 571.135872][ T26] playstation 0003:054C:05C4.0055: Failed to get MAC address from DualShock4 [ 571.166806][ T55] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 571.176589][ T55] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 571.200211][ T55] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 571.201898][ T26] playstation 0003:054C:05C4.0055: Failed to create dualshock4. [ 571.232580][ T26] playstation 0003:054C:05C4.0055: probe with driver playstation failed with error -71 [ 571.310967][ T26] usb 4-1: USB disconnect, device number 52 [ 571.433961][ T195] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 571.786138][T27009] chnl_net:caif_netlink_parms(): no params data found [ 572.073831][T16867] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 572.100788][T27009] bridge0: port 1(bridge_slave_0) entered blocking state [ 572.118085][T27009] bridge0: port 1(bridge_slave_0) entered disabled state [ 572.131891][T27009] bridge_slave_0: entered allmulticast mode [ 572.161332][T27009] bridge_slave_0: entered promiscuous mode [ 572.186122][T25839] bridge_slave_0: left allmulticast mode [ 572.202286][T25839] bridge_slave_0: left promiscuous mode [ 572.213161][T25839] bridge0: port 1(bridge_slave_0) entered disabled state [ 572.720837][ T195] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 572.793987][T25839] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 572.814894][T25839] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 572.836487][T25839] bond0 (unregistering): (slave bridge_slave_1): Releasing backup interface [ 572.854558][T25839] bond0 (unregistering): Released all slaves [ 572.882526][T27009] bridge0: port 2(bridge_slave_1) entered blocking state [ 572.893671][T27009] bridge0: port 2(bridge_slave_1) entered disabled state [ 572.900866][T27009] bridge_slave_1: entered allmulticast mode [ 572.930368][T27009] bridge_slave_1: entered promiscuous mode [ 573.180877][T27009] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 573.220442][T27009] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 573.273709][ T55] Bluetooth: hci5: command tx timeout [ 573.286958][T27060] block device autoloading is deprecated and will be removed. [ 573.552966][T25839] hsr_slave_0: left promiscuous mode [ 573.567741][T25839] hsr_slave_1: left promiscuous mode [ 573.581122][T25839] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 573.606300][T25839] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 573.951933][T27076] 9pnet_fd: Insufficient options for proto=fd [ 574.550484][T25839] team0 (unregistering): Port device team_slave_1 removed [ 574.621158][T25839] team0 (unregistering): Port device team_slave_0 removed [ 574.791147][T27090] netlink: 'syz.3.7707': attribute type 1 has an invalid length. [ 574.799434][T27090] netlink: 104 bytes leftover after parsing attributes in process `syz.3.7707'. [ 574.810082][T27090] netlink: 'syz.3.7707': attribute type 1 has an invalid length. [ 575.274782][T25832] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 575.330680][T27009] team0: Port device team_slave_0 added [ 575.363122][ T55] Bluetooth: hci5: command tx timeout [ 575.374162][T27009] team0: Port device team_slave_1 added [ 575.480106][T27009] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 575.499347][T27009] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 575.555636][T27009] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 575.569468][T27009] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 575.576596][T27009] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 575.592708][T27113] program syz.7.7717 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 575.603966][T27009] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 575.914532][T27009] hsr_slave_0: entered promiscuous mode [ 575.920944][T27009] hsr_slave_1: entered promiscuous mode [ 576.079013][T25839] IPVS: stop unused estimator thread 0... [ 576.490195][T27140] netlink: 56 bytes leftover after parsing attributes in process `syz.7.7731'. [ 576.505121][T27009] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 576.525278][T27009] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 576.550310][T27009] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 576.586669][T27009] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 576.801510][T27009] 8021q: adding VLAN 0 to HW filter on device bond0 [ 576.874004][T27009] 8021q: adding VLAN 0 to HW filter on device team0 [ 576.901602][T16867] bridge0: port 1(bridge_slave_0) entered blocking state [ 576.908829][T16867] bridge0: port 1(bridge_slave_0) entered forwarding state [ 576.975798][T16867] bridge0: port 2(bridge_slave_1) entered blocking state [ 576.982998][T16867] bridge0: port 2(bridge_slave_1) entered forwarding state [ 577.092693][T27009] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 577.212779][T16867] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 577.220975][T16867] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 577.434227][ T55] Bluetooth: hci5: command tx timeout [ 577.599329][T27009] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 577.835134][ T195] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 578.355063][T27009] veth0_vlan: entered promiscuous mode [ 578.404315][T27009] veth1_vlan: entered promiscuous mode [ 578.458355][T27009] veth0_macvtap: entered promiscuous mode [ 578.495094][T27009] veth1_macvtap: entered promiscuous mode [ 578.534139][T27009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 578.553457][T27009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 578.573325][T27009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 578.591058][T27009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 578.616306][T27009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 578.634002][T27009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 578.653212][T27009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 578.666294][T27009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 578.683140][T27009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 578.697741][T27009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 578.716498][T27009] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 578.728410][T27009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 578.739395][T27009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 578.750066][T27009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 578.761101][T27009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 578.771096][T27009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 578.785000][T27009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 578.809576][T27009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 578.825002][T27009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 578.840715][T27009] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 578.871413][T27206] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 578.915435][T27009] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 578.937882][T27009] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 578.965944][T27009] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 578.983600][T27009] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 579.095058][T27219] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 579.103717][T27219] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 579.179689][T25832] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 579.222461][T25832] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 579.314023][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 579.322009][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 579.513625][ T55] Bluetooth: hci5: command tx timeout [ 582.148298][T27317] random: crng reseeded on system resumption [ 583.108683][T27355] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7819'. [ 583.286214][T27363] netlink: 'syz.3.7822': attribute type 1 has an invalid length. [ 583.312147][T27363] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 586.519735][T27485] program syz.4.7878 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 588.693737][T27558] netlink: 'syz.4.7910': attribute type 29 has an invalid length. [ 588.715798][T27558] netlink: 'syz.4.7910': attribute type 29 has an invalid length. [ 588.745022][T27558] netlink: 'syz.4.7910': attribute type 29 has an invalid length. [ 588.933517][T27566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:24) already exists on: dummy0 [ 588.950029][T27566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 588.983955][T27566] vlan3: entered allmulticast mode [ 588.989683][T27566] dummy0: entered allmulticast mode [ 589.012384][T27566] dummy0: left allmulticast mode [ 589.178485][ T47] kernel read not supported for file /dsp (pid: 47 comm: kworker/1:1) [ 589.236312][T27578] loop4: detected capacity change from 0 to 524287999 [ 589.253474][ C1] blk_print_req_error: 6 callbacks suppressed [ 589.253492][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 589.268801][ C1] buffer_io_error: 6 callbacks suppressed [ 589.268815][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 589.301568][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 589.310793][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 589.320155][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 589.329355][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 589.375801][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 589.385013][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 589.395586][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 589.404792][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 589.414260][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 589.423502][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 589.435381][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 589.444564][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 589.453485][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 589.462671][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 589.470882][T27578] ldm_validate_partition_table(): Disk read failed. [ 589.478251][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 589.487469][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 589.497551][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 589.506798][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 589.519315][T27578] Dev loop4: unable to read RDB block 0 [ 589.549261][T27578] loop4: unable to read partition table [ 589.563175][T27578] loop_reread_partitions: partition scan of loop4 (3Ÿ ¾‚³˜) failed (rc=-5) [ 589.644235][ T30] kauditd_printk_skb: 99 callbacks suppressed [ 589.644254][ T30] audit: type=1326 audit(1741809744.152:653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27592 comm="syz.4.7925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06a3d8d169 code=0x7ffc0000 [ 589.723461][ T30] audit: type=1326 audit(1741809744.152:654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27592 comm="syz.4.7925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06a3d8d169 code=0x7ffc0000 [ 589.777150][ T30] audit: type=1326 audit(1741809744.182:655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27592 comm="syz.4.7925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f06a3d8d169 code=0x7ffc0000 [ 589.801326][ T30] audit: type=1326 audit(1741809744.182:656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27592 comm="syz.4.7925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06a3d8d169 code=0x7ffc0000 [ 589.831634][ T30] audit: type=1326 audit(1741809744.182:657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27592 comm="syz.4.7925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06a3d8d169 code=0x7ffc0000 [ 589.855419][ T30] audit: type=1326 audit(1741809744.192:658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27592 comm="syz.4.7925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f06a3d8d169 code=0x7ffc0000 [ 589.880306][ T30] audit: type=1326 audit(1741809744.192:659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27592 comm="syz.4.7925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06a3d8d169 code=0x7ffc0000 [ 589.904433][ T30] audit: type=1326 audit(1741809744.192:660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27592 comm="syz.4.7925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f06a3d84127 code=0x7ffc0000 [ 589.970107][ T30] audit: type=1326 audit(1741809744.192:661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27592 comm="syz.4.7925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f06a3d29359 code=0x7ffc0000 [ 590.008421][ T30] audit: type=1326 audit(1741809744.192:662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27592 comm="syz.4.7925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f06a3d84127 code=0x7ffc0000 [ 590.786594][T27626] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7942'. [ 696.072782][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 696.079782][ C0] rcu: (detected by 0, t=10506 jiffies, g=99209, q=228 ncpus=2) [ 696.087526][ C0] rcu: All QSes seen, last rcu_preempt kthread activity 10506 (4295006768-4294996262), jiffies_till_next_fqs=1, root ->qsmask 0x0 [ 696.100907][ C0] rcu: rcu_preempt kthread starved for 10506 jiffies! g99209 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 696.112111][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 696.122091][ C0] rcu: RCU grace-period kthread stack dump: [ 696.127981][ C0] task:rcu_preempt state:R running task stack:24944 pid:18 tgid:18 ppid:2 task_flags:0x208040 flags:0x00004000 [ 696.141493][ C0] Call Trace: [ 696.144781][ C0] [ 696.147736][ C0] __schedule+0x18bc/0x4c40 [ 696.152277][ C0] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 696.158226][ C0] ? __pfx___schedule+0x10/0x10 [ 696.163123][ C0] ? __pfx_lock_release+0x10/0x10 [ 696.168183][ C0] ? __pfx___mod_timer+0x10/0x10 [ 696.173136][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 696.179490][ C0] ? schedule+0x90/0x320 [ 696.183748][ C0] schedule+0x14b/0x320 [ 696.188037][ C0] schedule_timeout+0x15a/0x290 [ 696.192910][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 696.198308][ C0] ? __pfx_process_timeout+0x10/0x10 [ 696.203616][ C0] ? prepare_to_swait_event+0x330/0x350 [ 696.209185][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 696.214405][ C0] rcu_gp_fqs_loop+0x2df/0x1330 [ 696.219282][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 696.224505][ C0] ? rcu_gp_init+0x1256/0x1630 [ 696.229293][ C0] ? __pfx_rcu_gp_init+0x10/0x10 [ 696.234254][ C0] ? __pfx_rcu_watching_snap_save+0x10/0x10 [ 696.240180][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 696.245484][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 696.251396][ C0] ? finish_swait+0xd4/0x1e0 [ 696.256012][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 696.261230][ C0] rcu_gp_kthread+0xa7/0x3b0 [ 696.265838][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 696.271055][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 696.276975][ C0] ? __kthread_parkme+0x169/0x1d0 [ 696.282024][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 696.287245][ C0] kthread+0x7a9/0x920 [ 696.291330][ C0] ? __pfx_kthread+0x10/0x10 [ 696.295945][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 696.301165][ C0] ? __pfx_kthread+0x10/0x10 [ 696.305776][ C0] ? __pfx_kthread+0x10/0x10 [ 696.310394][ C0] ? __pfx_kthread+0x10/0x10 [ 696.315000][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 696.320230][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 696.325474][ C0] ? __pfx_kthread+0x10/0x10 [ 696.330079][ C0] ret_from_fork+0x4b/0x80 [ 696.334514][ C0] ? __pfx_kthread+0x10/0x10 [ 696.339131][ C0] ret_from_fork_asm+0x1a/0x30 [ 696.343927][ C0] [ 696.346962][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 696.353407][ C0] Sending NMI from CPU 0 to CPUs 1: [ 696.358638][ C1] NMI backtrace for cpu 1 [ 696.358663][ C1] CPU: 1 UID: 0 PID: 27630 Comm: syz.5.7944 Not tainted 6.14.0-rc6-syzkaller-00016-g0fed89a961ea #0 [ 696.358682][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 696.358697][ C1] RIP: 0010:__lock_acquire+0x1265/0x2100 [ 696.358724][ C1] Code: 40 b5 2a 8c e8 3c b0 e4 ff 48 bf 00 00 00 00 00 fc ff df 90 0f 0b 90 90 90 31 db 48 83 c3 40 48 89 d8 48 c1 e8 03 80 3c 38 00 <74> 12 48 89 df e8 a1 b2 89 00 48 bf 00 00 00 00 00 fc ff df 48 83 [ 696.358738][ C1] RSP: 0018:ffffc90000a28a50 EFLAGS: 00000046 [ 696.358752][ C1] RAX: 1ffffffff27d4a2b RBX: ffffffff93ea5158 RCX: ffffffff819ce7a5 [ 696.358765][ C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: dffffc0000000000 [ 696.358775][ C1] RBP: 35a08aec8a9222e9 R08: ffffffff94517877 R09: 1ffffffff28a2f0e [ 696.358788][ C1] R10: dffffc0000000000 R11: fffffbfff28a2f0f R12: ffff88802acc5a00 [ 696.358800][ C1] R13: ffff88802acc5a00 R14: 1ffff11005598ca7 R15: 0000000000000001 [ 696.358811][ C1] FS: 00007f63c1f316c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 696.358825][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 696.358837][ C1] CR2: 0000400000000300 CR3: 00000000515d0000 CR4: 00000000003526f0 [ 696.358851][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 696.358861][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 696.358872][ C1] Call Trace: [ 696.358878][ C1] [ 696.358885][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 696.358907][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 696.358937][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 696.358966][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 696.358985][ C1] ? nmi_handle+0x14f/0x5a0 [ 696.359009][ C1] ? nmi_handle+0x2a/0x5a0 [ 696.359032][ C1] ? __lock_acquire+0x1265/0x2100 [ 696.359054][ C1] ? default_do_nmi+0x63/0x160 [ 696.359074][ C1] ? exc_nmi+0x123/0x1f0 [ 696.359093][ C1] ? end_repeat_nmi+0xf/0x53 [ 696.359120][ C1] ? __lock_acquire+0xf55/0x2100 [ 696.359143][ C1] ? __lock_acquire+0x1265/0x2100 [ 696.359165][ C1] ? __lock_acquire+0x1265/0x2100 [ 696.359188][ C1] ? __lock_acquire+0x1265/0x2100 [ 696.359211][ C1] [ 696.359217][ C1] [ 696.359230][ C1] lock_acquire+0x1ed/0x550 [ 696.359252][ C1] ? __hrtimer_run_queues+0x670/0xd30 [ 696.359269][ C1] ? advance_sched+0xa02/0xca0 [ 696.359292][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 696.359318][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 696.359336][ C1] ? taprio_set_budgets+0x333/0x370 [ 696.359358][ C1] ? advance_sched+0xa02/0xca0 [ 696.359379][ C1] ? advance_sched+0xa02/0xca0 [ 696.359403][ C1] _raw_spin_lock_irq+0xd3/0x120 [ 696.359424][ C1] ? __hrtimer_run_queues+0x670/0xd30 [ 696.359440][ C1] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 696.359467][ C1] __hrtimer_run_queues+0x670/0xd30 [ 696.359490][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 696.359506][ C1] ? sched_clock+0x4a/0x70 [ 696.359524][ C1] ? read_tsc+0x9/0x20 [ 696.359540][ C1] ? ktime_get_update_offsets_now+0x38e/0x3b0 [ 696.359565][ C1] hrtimer_interrupt+0x403/0xa40 [ 696.359591][ C1] __sysvec_apic_timer_interrupt+0x110/0x420 [ 696.359617][ C1] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 696.359642][ C1] [ 696.359647][ C1] [ 696.359653][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 696.359689][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x37/0x70 [ 696.359710][ C1] Code: 00 d5 03 00 65 8b 15 40 f6 41 7e 81 e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 35 83 b9 2c 16 00 00 00 74 2c 8b 91 08 16 00 00 <83> fa 02 75 21 48 8b 91 10 16 00 00 48 8b 32 48 8d 7e 01 8b 89 0c [ 696.359723][ C1] RSP: 0018:ffffc90004e9f178 EFLAGS: 00000246 [ 696.359737][ C1] RAX: ffffffff82032019 RBX: 00000000000001cb RCX: ffff88802acc5a00 [ 696.359748][ C1] RDX: 0000000000000002 RSI: ffff888062d713e0 RDI: ffff88802bb7f088 [ 696.359759][ C1] RBP: 00000000000001cb R08: 0000000000000000 R09: ffffffff82032cd9 [ 696.359769][ C1] R10: 0000000000000002 R11: ffff88802acc5a00 R12: ffff888062d713e0 [ 696.359779][ C1] R13: 1ffff920009d3e54 R14: 0000000000000000 R15: ffff888062d713e0 [ 696.359793][ C1] ? shmem_get_folio_gfp+0x459/0x1840 [ 696.359813][ C1] ? shmem_allowable_huge_orders+0x29/0x420 [ 696.359836][ C1] ? filemap_map_pages+0x13ce/0x1900 [ 696.359858][ C1] shmem_allowable_huge_orders+0x29/0x420 [ 696.359879][ C1] ? filemap_map_pages+0x231/0x1900 [ 696.359903][ C1] shmem_get_folio_gfp+0x564/0x1840 [ 696.359936][ C1] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 696.359960][ C1] shmem_fault+0x220/0x5b0 [ 696.359986][ C1] ? __pfx_shmem_fault+0x10/0x10 [ 696.360018][ C1] ? __pfx_lock_release+0x10/0x10 [ 696.360042][ C1] __do_fault+0x135/0x390 [ 696.360062][ C1] __handle_mm_fault+0x4c44/0x70f0 [ 696.360078][ C1] ? mark_lock+0x9a/0x360 [ 696.360109][ C1] ? __pfx___handle_mm_fault+0x10/0x10 [ 696.360129][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 696.360150][ C1] ? do_raw_spin_lock+0x14f/0x370 [ 696.360173][ C1] ? follow_page_pte+0x25a/0x1460 [ 696.360192][ C1] ? follow_page_pte+0x86a/0x1460 [ 696.360210][ C1] ? __pfx_lock_release+0x10/0x10 [ 696.360232][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 696.360255][ C1] ? __pfx___might_resched+0x10/0x10 [ 696.360274][ C1] handle_mm_fault+0x2c1/0x7e0 [ 696.360290][ C1] ? __get_user_pages+0x1a3d/0x4140 [ 696.360310][ C1] __get_user_pages+0x1a92/0x4140 [ 696.360341][ C1] ? __pfx___get_user_pages+0x10/0x10 [ 696.360359][ C1] ? __pfx_mt_find+0x10/0x10 [ 696.360380][ C1] populate_vma_page_range+0x264/0x330 [ 696.360398][ C1] ? __pfx_populate_vma_page_range+0x10/0x10 [ 696.360415][ C1] ? userfaultfd_unmap_complete+0x30c/0x360 [ 696.360439][ C1] __mm_populate+0x27a/0x460 [ 696.360458][ C1] ? __pfx___mm_populate+0x10/0x10 [ 696.360478][ C1] vm_mmap_pgoff+0x303/0x430 [ 696.360500][ C1] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 696.360517][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 696.360538][ C1] ? ksys_mmap_pgoff+0xdf/0x720 [ 696.360554][ C1] ? syscall_user_dispatch+0x4e/0x90 [ 696.360576][ C1] ? __x64_sys_mmap+0x7f/0x140 [ 696.360596][ C1] do_syscall_64+0xf3/0x230 [ 696.360610][ C1] ? clear_bhb_loop+0x35/0x90 [ 696.360631][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 696.360650][ C1] RIP: 0033:0x7f63c118d169 [ 696.360667][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 696.360679][ C1] RSP: 002b:00007f63c1f31038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 696.360693][ C1] RAX: ffffffffffffffda RBX: 00007f63c13a5fa0 RCX: 00007f63c118d169 [ 696.360703][ C1] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000400000000000 [ 696.360713][ C1] RBP: 00007f63c120e2a0 R08: ffffffffffffffff R09: 0000000000000000 [ 696.360723][ C1] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000 [ 696.360732][ C1] R13: 0000000000000000 R14: 00007f63c13a5fa0 R15: 00007fff17c2b5a8 [ 696.360747][ C1] [ 697.039765][ C0] vkms_vblank_simulate: vblank timer overrun