last executing test programs: 1.909951208s ago: executing program 3 (id=320): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000780)='netlink_extack\x00', r0, 0x0, 0xb0}, 0x18) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000440)=ANY=[@ANYBLOB="dc0000002d00010027bd7000fcdbdf2504000000040012800a0009"], 0xdc}}, 0x8004) 1.76043626s ago: executing program 3 (id=322): sendmsg$inet(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000000)={0xa, 0x0, @empty}, 0x10, 0x0}, 0x20004044) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DEL(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="e00000000a06010100000000000000000300000908000940800000010900020073797a310000000005000100070000000800094000000005880008800c000780080009"], 0x13a}, 0x1, 0x0, 0x0, 0x4800}, 0x48080) 1.64932702s ago: executing program 0 (id=324): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0x8, 0x0, 'queue0\x00', 0x200000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f00000000c0)={0x3, 0x2, 0x44, 0x0, 0x1}) 1.580451281s ago: executing program 1 (id=325): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) readv(r0, &(0x7f0000005000)=[{0x0}], 0x1) 1.580186111s ago: executing program 3 (id=326): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x2, 0x7fffffff}]}) r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_int(r1, 0x6, 0x12, 0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000bc0)={0x11, 0x5, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000007ffffe0d500000000000000370000000400000095"], &(0x7f00000005c0)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='tlb_flush\x00', r2}, 0x10) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0) r3 = userfaultfd(0x80001) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000100)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) ioctl$UFFDIO_CONTINUE(r3, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) socket$kcm(0x29, 0x2, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) connect$netrom(0xffffffffffffffff, &(0x7f0000000300)={{0x6, @rose, 0x2}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]}, 0x48) accept4$netrom(r0, 0x0, 0x0, 0x80000) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000900)={0x0, 0x4, 0x6, 0x34, @buffer={0x0, 0x0, &(0x7f0000000240)=""/4}, &(0x7f00000004c0)="bc0acad5f317", 0x0, 0x104, 0x10002, 0xffffffffffffffff, 0x0}) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CAP_X86_USER_SPACE_MSR(r4, 0x4068aea3, &(0x7f0000000100)={0xbc, 0x0, 0x6}) writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000400)="953ebf", 0x3}], 0x1) 1.537327651s ago: executing program 0 (id=327): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x401, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x5}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000000)=[{0x0}], 0x1) 1.511710691s ago: executing program 1 (id=328): r0 = syz_io_uring_setup(0x10c6, &(0x7f0000000b40)={0x0, 0xbdee, 0x800, 0x400001, 0x1ef}, &(0x7f0000000200)=0x0, &(0x7f0000000280)=0x0) r3 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2) r4 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3) ftruncate(r4, 0xffff) fcntl$addseals(r4, 0x409, 0x7) r5 = ioctl$UDMABUF_CREATE(r3, 0x40187542, &(0x7f0000000100)={r4, 0x0, 0x0, 0x1000}) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r5, 0x0, 0x0, 0x0, {0x414}, 0x1}) io_uring_enter(r0, 0x3f72, 0x74f1, 0xc00000000000000, 0x0, 0x39) 1.425887402s ago: executing program 0 (id=329): sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) ioprio_set$uid(0x3, 0x0, 0x0) r1 = dup(r0) sendfile(r1, r1, 0x0, 0xffffffff) 1.424645211s ago: executing program 3 (id=330): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x0, 'rr\x00', 0x12, 0x4000ffc, 0x60}, 0x2c) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0) ioctl$SYNC_IOC_FILE_INFO(0xffffffffffffffff, 0xc0383e04, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket$inet6_sctp(0xa, 0x801, 0x84) recvfrom$packet(0xffffffffffffffff, 0x0, 0x0, 0x2001, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac1414aa00000000000000001400020002000000e000000200000000000004000d0001007564703a73"], 0x54}}, 0x0) 1.336489982s ago: executing program 1 (id=331): ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, 0x0) openat$dsp(0xffffffffffffff9c, 0x0, 0x8041, 0x0) r0 = syz_open_dev$hiddev(&(0x7f0000000100), 0x8000000000000001, 0x40) ioctl$HIDIOCSREPORT(r0, 0x400c4808, 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x20801, 0x0) write$rfkill(r1, &(0x7f0000000100)={0x0, 0x2, 0x3, 0x1}, 0x8) openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x40040, 0x0) 1.275776332s ago: executing program 1 (id=332): gettid() timer_create(0x0, 0x0, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000100)=""/81, 0x51}], 0x1) 1.269095622s ago: executing program 3 (id=333): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x60242, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x2c) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000240), 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000100), 0x0) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00') fchdir(r1) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r2 = syz_open_procfs(r0, &(0x7f0000000040)='stat\x00') pread64(r2, &(0x7f00000000c0)=""/22, 0x16, 0x6) 1.112258163s ago: executing program 1 (id=335): setresuid(0x0, 0xee01, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x9}]}, &(0x7f00000002c0)=0x10) write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0) r1 = syz_clone(0x1b4a100, 0x0, 0x0, 0x0, 0x0, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, 0x0, 0x0) r2 = syz_pidfd_open(r1, 0x0) process_madvise(r2, 0x0, 0x0, 0x3, 0x0) 1.014425394s ago: executing program 3 (id=336): r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000000)={0x84, &(0x7f0000001300)=ANY=[@ANYBLOB="0015f700000004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000780)={0x34, &(0x7f00000000c0)=ANY=[@ANYBLOB="20050d000000950635f963587f7849f36b488a"], 0x0, 0x0, 0x0, 0x0, 0x0}) 687.613916ms ago: executing program 2 (id=337): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x401, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x5}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000000)=[{&(0x7f00000001c0)}], 0x1) 560.366837ms ago: executing program 2 (id=338): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000540)={0x74, r1, 0x1, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x56, 0x33, @beacon={{{}, {0x99f}, @device_a, @device_a, @random="aa05d423b2e9"}, 0x3, @random=0x1, 0x1, @void, @val, @void, @val={0x4, 0x6, {0xf8, 0x97, 0x2, 0x1}}, @void, @void, @val={0x25, 0x3, {0x1, 0x3c, 0x1}}, @void, @val={0x3c, 0x4, {0x21, 0x2, 0x34, 0x7}}, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0x0, 0x0, 0x1, 0x0, 0x12, 0xf6, 0x40}}, @val={0x76, 0x6, {0x5, 0x10, 0x2a, 0x402}}}}]}, 0x74}, 0x1, 0x0, 0x0, 0x4008040}, 0x4000000) 445.621587ms ago: executing program 2 (id=339): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x2, 0x7fffffff}]}) r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_int(r1, 0x6, 0x12, 0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000bc0)={0x11, 0x5, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000007ffffe0d500000000000000370000000400000095"], &(0x7f00000005c0)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='tlb_flush\x00', r2}, 0x10) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0) r3 = userfaultfd(0x80001) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000100)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) ioctl$UFFDIO_CONTINUE(r3, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) socket$kcm(0x29, 0x2, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) connect$netrom(0xffffffffffffffff, &(0x7f0000000300)={{0x6, @rose, 0x2}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]}, 0x48) accept4$netrom(r0, 0x0, 0x0, 0x80000) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000900)={0x0, 0x4, 0x6, 0x34, @buffer={0x0, 0x0, &(0x7f0000000240)=""/4}, &(0x7f00000004c0)="bc0acad5f317", 0x0, 0x104, 0x10002, 0xffffffffffffffff, 0x0}) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CAP_X86_USER_SPACE_MSR(r4, 0x4068aea3, &(0x7f0000000100)={0xbc, 0x0, 0x6}) writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000400)="953ebf", 0x3}], 0x1) 445.355607ms ago: executing program 0 (id=340): ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, 0x0) openat$dsp(0xffffffffffffff9c, 0x0, 0x8041, 0x0) r0 = syz_open_dev$hiddev(&(0x7f0000000100), 0x8000000000000001, 0x40) ioctl$HIDIOCSREPORT(r0, 0x400c4808, 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x20801, 0x0) write$rfkill(r1, &(0x7f0000000100)={0x0, 0x2, 0x3, 0x1}, 0x8) openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x40040, 0x0) 353.744418ms ago: executing program 2 (id=341): r0 = syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2) ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f00000005c0)={0x0, @bt={0x2d2, 0x218f, 0x0, 0x0, 0x2cebaacb, 0x60, 0x89, 0x4, 0x42, 0xc, 0x4, 0xed, 0x0, 0x7f, 0xa, 0x22, {0x3, 0x2fd8e84b}, 0x8, 0xed}}) 310.714248ms ago: executing program 0 (id=342): mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x2ce, &(0x7f0000001cc0)) 208.378919ms ago: executing program 0 (id=343): open(&(0x7f0000000240)='./file2\x00', 0x145142, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = syz_usb_connect(0x0, 0x2d, &(0x7f00000005c0)=ANY=[], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0xa8, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b1b", @ANYRES64=r0]) 203.531359ms ago: executing program 2 (id=344): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x60242, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x2c) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000240), 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000100), 0x0) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00') fchdir(r1) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r2 = syz_open_procfs(r0, &(0x7f0000000040)='stat\x00') pread64(r2, &(0x7f00000000c0)=""/22, 0x16, 0x6) 89.57286ms ago: executing program 2 (id=345): syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x3200004, &(0x7f0000000140)=ANY=[@ANYBLOB='nls=macinuit,decompose,umask=00000000000000000010000,uid=', @ANYRESHEX=0x0, @ANYBLOB=',\x00\x00\x00\x00'], 0x3, 0x6b9, &(0x7f0000000a00)="$eJzs3U1sHGcZB/D/bJx1Nkip26ZtQEi1GqmCRiR2ViVBQmpACOUQoQguvVqJ01jZpJXtorRCZAMUJE6cUA8cilA49IQQQionRDkjIXHh5BuHSNw45AAYzezsem1vHDuOvab9/aTJvLPv1zOP52N37GgDfGpdfD2Huyly8dSl2+X2yr12Z+Ve+2a/nGQySSOZ6K1StJLi4+RCeks+W75YD1c8bJ5X739UTLz/Ybu3NVEvVfvGVv02GdmymxwZbBxKMt0r/nvbw24ar1qqca6sjfeYikHcZcJO9hMH47a6SXetsvHI7ts/b4ED607vvrnJVHI0vbtr+T4g9dXh0VeG8dvy2tTdvzgAAABgr4z8LD/sqQd5kNs5tj/hAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwCdD0fvOwKJeGv3ydIr+9/83h75TvznmcHfpvWvV6ttPjTsQAAAAAAAAANiVFx/kQW7nWH97tah+5/9StXG8+vczeTtLmc9iTud25rKc5SxmNsnU0EDN23PLy4uzwz2rPxJY+nnKnqurq3fqnmdH9jy7Pq7uxkBH/aXBpkYAAAAAAAAA8Kn1g1xc+/0/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBEVyqLeqluP98lQaE0mOJGkW04PmzbEG+wT8cdwBAAAAwN5r1etjxX97hdWi+sz/fPW5/0jezq0sZyHL6WQ+V6tnAb1P/Y2/dtudlXvtm+WyeeCv/XNHcVQjpvfsYfTMM1WL5wY9Luab+U5OZTqXs5iFfDdzWc58pvONqjSXIlP104uplXut9GPdHO+FdVuXN8b24lC5jO9EFUkr17JQxXY6V5r90Bt1uxNDs/2+mWyY8W6ZneK12jZzdLVel3v0s3p9MExVe354kJGZOvdlNp4ezvvm3O/wONk402wag2dQx9dmKTc3zvRYOT9ar8tc/3hvc77DR2nrM9H9abnVP/qe3zrnyRf/9qfL1xu3bly/tnTq4BxGj2njMdEeysQL28pEp8xEdxeZOLKb+J+cZp2N3lV0Z1fLl6q+x7KQb+XNXM18zmUmszmfmXwlZ9PO2aG8Prd1XqtzrbGzc+3kF+pCeU/6ydC9ad9MPqyizOvTQ3kdvtJNVXXDr6xl6ZltZKloZnSW/j4ylInP1YVyjh8O3XHGb5CJxtq1uR/ds1tn4pf/WU2y1Ll1Y/H63FvbnO/lel2etu+tvzb/6ons0M7Vu1seL8+UP6z0bhvDR0dZ92y/bt2RM1vVHR/Urb/PNZupzude3aPO1HKk5++OGqlX98LIWdpV3YmhunXvcvJmOoN3IQAcYEdfOdps3W/9pfVB60et661LR74+eX7y880c/vPEHw79pvHrxleLV/JBvp9j444UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+CZbeeffGXKczv3gAC2k84QHvjqzqp6L3SvNg7PtWhcP7O+mhnTSe3OqI+m2SLbo3x5HMVpID8DOd62RiH+aazIiqS4NXWkljEE+SGwfkC+6AvXBm+eZbZ5beefdLCzfn3ph/Y/7W2fPnXjvX/vLsnTPXFjrzM71/xx0lsBfW3gaMOxIAAAAAAAAAAABgu3bz3wn+cWl7jUdMW3THsK8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/6eLr+dwN0VmZ07PlNsr99qdcumX11pOJGkkKb6XFB8nF9JbMjU0XPGweV69/9EvXn7/w/baWBP99o0N/X73r9XVHe5Ft14yneRQvX60yW2Nd2VovO4OA+spBntYJuxkP3Ewbv8LAAD///zfBvQ=") llistxattr(&(0x7f0000000080)='./file1\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0xf8) truncate(0x0, 0x42d9) 0s ago: executing program 1 (id=346): r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b90101000000"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$sierra_net(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000400)={0x2c, &(0x7f0000000200)={0x40, 0x31, 0x40, "c31f636ef724911bc420a2e6f98fff78622944302b1081c9c98eeac4100bfd7c47a48bb7e464c0780a40a7809e3a4ad34d57419b88d741bcf822e38f8291d19d"}, 0x0, 0x0, 0x0, 0x0}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.35' (ED25519) to the list of known hosts. [ 64.397790][ T5774] cgroup: Unknown subsys name 'net' [ 64.566345][ T5774] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 65.955718][ T5774] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 67.420935][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 67.429942][ T5798] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 67.437413][ T5795] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 67.447840][ T5798] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 67.454966][ T5795] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 67.466785][ T5796] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 67.475950][ T5796] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 67.484607][ T5796] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 67.492266][ T5796] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 67.500513][ T5796] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 67.500957][ T5797] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 67.508536][ T5796] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 67.516696][ T5797] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 67.523195][ T5796] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 67.530740][ T5797] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 67.537280][ T5796] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 67.545041][ T5795] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 67.551020][ T5796] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 67.566108][ T5788] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 67.573489][ T5795] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 67.589647][ T5788] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 67.596916][ T5105] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 67.613301][ T5105] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 67.628357][ T5105] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 67.949088][ T5785] chnl_net:caif_netlink_parms(): no params data found [ 68.083588][ T5783] chnl_net:caif_netlink_parms(): no params data found [ 68.093752][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.101967][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.109956][ T5785] bridge_slave_0: entered allmulticast mode [ 68.116789][ T5785] bridge_slave_0: entered promiscuous mode [ 68.129053][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.136181][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.143632][ T5785] bridge_slave_1: entered allmulticast mode [ 68.150801][ T5785] bridge_slave_1: entered promiscuous mode [ 68.244214][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.290974][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.354335][ T5785] team0: Port device team_slave_0 added [ 68.365880][ T5785] team0: Port device team_slave_1 added [ 68.371969][ T5783] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.379846][ T5783] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.387026][ T5783] bridge_slave_0: entered allmulticast mode [ 68.394151][ T5783] bridge_slave_0: entered promiscuous mode [ 68.402742][ T5783] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.410060][ T5783] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.417204][ T5783] bridge_slave_1: entered allmulticast mode [ 68.424520][ T5783] bridge_slave_1: entered promiscuous mode [ 68.441841][ T5784] chnl_net:caif_netlink_parms(): no params data found [ 68.451482][ T5786] chnl_net:caif_netlink_parms(): no params data found [ 68.528275][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 68.535458][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.562080][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 68.588477][ T5783] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.598711][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 68.606307][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.632466][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 68.657456][ T5783] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.727164][ T5783] team0: Port device team_slave_0 added [ 68.735591][ T5783] team0: Port device team_slave_1 added [ 68.761568][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.768695][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.776209][ T5786] bridge_slave_0: entered allmulticast mode [ 68.783571][ T5786] bridge_slave_0: entered promiscuous mode [ 68.832912][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.840347][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.847533][ T5786] bridge_slave_1: entered allmulticast mode [ 68.854523][ T5786] bridge_slave_1: entered promiscuous mode [ 68.862523][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 68.869726][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.896103][ T5783] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 68.912710][ T5785] hsr_slave_0: entered promiscuous mode [ 68.919339][ T5785] hsr_slave_1: entered promiscuous mode [ 68.926087][ T5784] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.933512][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.940757][ T5784] bridge_slave_0: entered allmulticast mode [ 68.947474][ T5784] bridge_slave_0: entered promiscuous mode [ 68.968595][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 68.975770][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.002054][ T5783] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.031482][ T5784] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.038655][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.046045][ T5784] bridge_slave_1: entered allmulticast mode [ 69.052832][ T5784] bridge_slave_1: entered promiscuous mode [ 69.087895][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.100505][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.140705][ T5784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.182799][ T5784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.206301][ T5786] team0: Port device team_slave_0 added [ 69.240789][ T5786] team0: Port device team_slave_1 added [ 69.250338][ T5783] hsr_slave_0: entered promiscuous mode [ 69.256510][ T5783] hsr_slave_1: entered promiscuous mode [ 69.263006][ T5783] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.271631][ T5783] Cannot create hsr debugfs directory [ 69.315049][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.322970][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.348926][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.367726][ T5784] team0: Port device team_slave_0 added [ 69.387487][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.394648][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.420798][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.442907][ T5784] team0: Port device team_slave_1 added [ 69.492254][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.499423][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.525568][ T5784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.542374][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.549375][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.575575][ T5784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.620056][ T5105] Bluetooth: hci3: command tx timeout [ 69.620068][ T5794] Bluetooth: hci1: command tx timeout [ 69.620310][ T5794] Bluetooth: hci2: command tx timeout [ 69.661440][ T5786] hsr_slave_0: entered promiscuous mode [ 69.667859][ T5786] hsr_slave_1: entered promiscuous mode [ 69.675345][ T5786] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.683197][ T5786] Cannot create hsr debugfs directory [ 69.709263][ T5794] Bluetooth: hci0: command tx timeout [ 69.733593][ T5784] hsr_slave_0: entered promiscuous mode [ 69.740835][ T5784] hsr_slave_1: entered promiscuous mode [ 69.747001][ T5784] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.755089][ T5784] Cannot create hsr debugfs directory [ 69.990669][ T5785] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 70.020737][ T5785] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 70.044983][ T5785] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 70.054863][ T5785] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 70.143980][ T5783] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 70.154113][ T5783] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 70.165610][ T5783] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 70.178646][ T5783] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 70.269729][ T5786] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 70.282682][ T5786] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 70.292516][ T5786] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 70.303525][ T5786] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 70.394356][ T5784] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.405288][ T5784] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 70.417604][ T5784] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.427245][ T5784] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.456385][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.493765][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.558781][ T3540] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.566175][ T3540] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.576660][ T3540] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.583825][ T3540] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.639742][ T5783] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.688104][ T5783] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.716472][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.738760][ T3507] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.746148][ T3507] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.796751][ T3507] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.804057][ T3507] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.826252][ T5786] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.885252][ T1128] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.892449][ T1128] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.923460][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.950475][ T1128] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.957640][ T1128] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.005176][ T5784] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.058786][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.073425][ T3540] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.080623][ T3540] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.106913][ T3540] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.114209][ T3540] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.284784][ T5785] veth0_vlan: entered promiscuous mode [ 71.341977][ T5785] veth1_vlan: entered promiscuous mode [ 71.396632][ T5783] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.482529][ T5785] veth0_macvtap: entered promiscuous mode [ 71.541953][ T5785] veth1_macvtap: entered promiscuous mode [ 71.585621][ T5783] veth0_vlan: entered promiscuous mode [ 71.622328][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.627188][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.640278][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.654460][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.666959][ T5785] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.676713][ T5785] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.686803][ T5785] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.696283][ T5785] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.699457][ T5794] Bluetooth: hci3: command tx timeout [ 71.711055][ T5791] Bluetooth: hci1: command tx timeout [ 71.716068][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.716595][ T5791] Bluetooth: hci2: command tx timeout [ 71.742798][ T5783] veth1_vlan: entered promiscuous mode [ 71.789380][ T5791] Bluetooth: hci0: command tx timeout [ 71.803742][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.837447][ T5786] veth0_vlan: entered promiscuous mode [ 71.872937][ T5783] veth0_macvtap: entered promiscuous mode [ 71.888535][ T5786] veth1_vlan: entered promiscuous mode [ 71.916298][ T5783] veth1_macvtap: entered promiscuous mode [ 71.957745][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 71.969804][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.981551][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.997158][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.009101][ T3540] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.017110][ T3540] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.019839][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.038781][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.079578][ T5783] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.088377][ T5783] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.097626][ T5783] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.107666][ T5783] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.144756][ T5786] veth0_macvtap: entered promiscuous mode [ 72.153920][ T5784] veth0_vlan: entered promiscuous mode [ 72.162256][ T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.167166][ T5784] veth1_vlan: entered promiscuous mode [ 72.176299][ T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.202023][ T5786] veth1_macvtap: entered promiscuous mode [ 72.298461][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.310284][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.321094][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.331772][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.345173][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.362220][ T5784] veth0_macvtap: entered promiscuous mode [ 72.379354][ T1128] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.387274][ T1128] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.404076][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.423214][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.433393][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.444841][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.456554][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.484001][ T5786] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.493907][ T5786] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.511726][ T5786] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.520937][ T5786] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.543279][ T3507] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.558129][ T5784] veth1_macvtap: entered promiscuous mode [ 72.580737][ T3507] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.623693][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.634922][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.645652][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.656621][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.666739][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.677359][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.694763][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.711269][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.722405][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.733148][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.743824][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.754659][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.765508][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.777101][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.804068][ T5784] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.815980][ T5784] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.837962][ T5784] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.849243][ T27] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 72.863853][ T5784] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.902473][ T5880] Bluetooth: MGMT ver 1.22 [ 72.907654][ T5880] Bluetooth: hci0: service_discovery: expected 4 bytes, got 7 bytes [ 72.949290][ T3540] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.981771][ T3540] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.054396][ T27] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 73.068719][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.083676][ T27] usb 4-1: config 0 has no interfaces? [ 73.089692][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.099109][ T27] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 73.110922][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.124985][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.132588][ T27] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 73.171530][ T27] usb 4-1: config 0 descriptor?? [ 73.226027][ T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.276310][ T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.360458][ T5885] ======================================================= [ 73.360458][ T5885] WARNING: The mand mount option has been deprecated and [ 73.360458][ T5885] and is ignored by this kernel. Remove the mand [ 73.360458][ T5885] option from the mount to silence this warning. [ 73.360458][ T5885] ======================================================= [ 73.406687][ T5887] loop9: detected capacity change from 0 to 8 [ 73.443086][ T5887] Dev loop9: unable to read RDB block 8 [ 73.461156][ T5887] loop9: unable to read partition table [ 73.480697][ T5887] loop9: partition table beyond EOD, truncated [ 73.497122][ T5877] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 73.513850][ T5887] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5) [ 73.655930][ T5878] usb 4-1: USB disconnect, device number 2 [ 73.730883][ T5896] syz.1.8[5896]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 73.779408][ T5791] Bluetooth: hci2: command tx timeout [ 73.784895][ T5794] Bluetooth: hci3: command tx timeout [ 73.791838][ T5105] Bluetooth: hci1: command tx timeout [ 73.859256][ T5791] Bluetooth: hci0: command tx timeout [ 74.115997][ T5896] loop1: detected capacity change from 0 to 40427 [ 74.135533][ T5896] F2FS-fs (loop1): invalid crc value [ 74.152587][ T5896] F2FS-fs (loop1): Found nat_bits in checkpoint [ 74.205117][ T5896] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 74.442067][ T5783] syz-executor: attempt to access beyond end of device [ 74.442067][ T5783] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 74.464617][ T5910] loop3: detected capacity change from 0 to 4096 [ 74.493051][ T8] kernel read not supported for file /dsp1 (pid: 8 comm: kworker/0:0) [ 74.496791][ T5783] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 74.667819][ T5910] ntfs3: loop3: ino=5, "/" directory corrupted [ 74.690319][ T8] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 74.889097][ T8] usb 3-1: Using ep0 maxpacket: 16 [ 74.911848][ T8] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 74.939064][ T8] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 74.970019][ T8] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 75.001716][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 75.031224][ T8] usb 3-1: Product: syz [ 75.047824][ T8] usb 3-1: Manufacturer: syz [ 75.059236][ T8] usb 3-1: SerialNumber: syz [ 75.318625][ T8] usb 3-1: 0:2 : does not exist [ 75.338529][ T8] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 75.344722][ T5922] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 75.398330][ T8] usb 3-1: USB disconnect, device number 2 [ 75.413470][ T5922] Zero length message leads to an empty skb [ 75.457428][ T5799] udevd[5799]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 75.734580][ T5915] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 75.741534][ T5915] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 75.752450][ T5915] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 75.761161][ T5915] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 75.767290][ T5915] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 75.777038][ T5915] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 76.070807][ T5878] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 76.573958][ T5941] loop1: detected capacity change from 0 to 32768 [ 76.589028][ T8] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 76.594555][ T5878] usb 1-1: Using ep0 maxpacket: 16 [ 76.605828][ T5878] usb 1-1: config 0 has an invalid interface number: 214 but max is 0 [ 76.614581][ T5878] usb 1-1: config 0 has no interface number 0 [ 76.622579][ T5878] usb 1-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 76.636883][ T5941] [ 76.636883][ T5941] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.636883][ T5941] [ 76.661982][ T5941] [ 76.661982][ T5941] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.661982][ T5941] [ 76.672956][ T5941] [ 76.672956][ T5941] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.672956][ T5941] [ 76.683602][ T5941] [ 76.683602][ T5941] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.683602][ T5941] [ 76.694094][ T5941] [ 76.694094][ T5941] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.694094][ T5941] [ 76.708535][ T5878] usb 1-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 76.718469][ T5878] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 76.725558][ T114] [ 76.725558][ T114] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.725558][ T114] [ 76.726520][ T5878] usb 1-1: Product: syz [ 76.742495][ T5878] usb 1-1: Manufacturer: syz [ 76.748037][ T5878] usb 1-1: SerialNumber: syz [ 76.765389][ T5878] usb 1-1: config 0 descriptor?? [ 76.781018][ T5941] [ 76.781018][ T5941] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.781018][ T5941] [ 76.792045][ T5941] [ 76.792045][ T5941] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.792045][ T5941] [ 76.802611][ T5941] [ 76.802611][ T5941] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.802611][ T5941] [ 76.809934][ T8] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 76.813104][ T5941] [ 76.813104][ T5941] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.813104][ T5941] [ 76.843784][ T114] [ 76.843784][ T114] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.843784][ T114] [ 76.885968][ T8] usb 4-1: config 0 interface 0 has no altsetting 0 [ 76.930490][ T8] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 76.958910][ T8] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 76.988178][ T8] usb 4-1: Product: syz [ 76.996088][ T5783] [ 76.996088][ T5783] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.996088][ T5783] [ 77.008473][ T8] usb 4-1: Manufacturer: syz [ 77.013239][ T8] usb 4-1: SerialNumber: syz [ 77.039178][ T5783] [ 77.039178][ T5783] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 77.039178][ T5783] [ 77.040787][ T8] usb 4-1: config 0 descriptor?? [ 77.100572][ T8] usb 4-1: selecting invalid altsetting 0 [ 77.527957][ T5878] usbtouchscreen: probe of 1-1:0.214 failed with error -71 [ 77.544022][ T5878] usb 1-1: USB disconnect, device number 2 [ 78.609333][ T789] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 78.933261][ T5959] loop2: detected capacity change from 0 to 32768 [ 78.973958][ T5959] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 79.057869][ T5959] XFS (loop2): Ending clean mount [ 79.223286][ T789] usb 2-1: Using ep0 maxpacket: 32 [ 79.243205][ T789] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 79.255469][ T789] usb 2-1: config 0 has no interface number 0 [ 79.342957][ T5974] tipc: Started in network mode [ 79.348240][ T5974] tipc: Node identity ac14141b, cluster identity 4711 [ 79.360585][ T5974] tipc: New replicast peer: 255.255.255.255 [ 79.369510][ T5974] tipc: Enabled bearer , priority 10 [ 79.607550][ T789] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 79.925595][ T788] usb 4-1: USB disconnect, device number 3 [ 79.937951][ T789] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 79.971383][ T789] usb 2-1: Product: syz [ 79.975604][ T789] usb 2-1: Manufacturer: syz [ 79.993029][ T789] usb 2-1: SerialNumber: syz [ 80.008000][ T789] usb 2-1: config 0 descriptor?? [ 80.016056][ T5786] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 80.046675][ T789] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 80.107422][ T5979] mmap: syz.3.34 (5979) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 80.288550][ T789] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 80.302771][ T5981] loop0: detected capacity change from 0 to 128 [ 80.333541][ T5981] EXT4-fs: Ignoring removed nobh option [ 80.336854][ T789] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 80.374275][ T5824] tipc: Node number set to 2886997019 [ 80.414606][ T5981] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 80.456033][ T5981] ext4 filesystem being mounted at /9/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 80.536265][ T5981] EXT4-fs error (device loop0): ext4_validate_inode_bitmap:106: comm syz.0.36: Corrupt inode bitmap - block_group = 0, inode_bitmap = 19 [ 80.593221][ T788] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 80.603529][ T5784] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 80.706594][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 80.715019][ T789] usb 2-1: USB disconnect, device number 2 [ 80.736536][ T789] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 80.783379][ T789] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 80.800852][ T788] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 80.809869][ T789] quatech2 2-1:0.51: device disconnected [ 80.829254][ T788] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 80.867693][ T788] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 65535, setting to 64 [ 80.898180][ T788] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 80.922738][ T788] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 80.938921][ T788] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 80.956893][ T788] usb 3-1: Manufacturer: syz [ 80.978454][ T788] usb 3-1: config 0 descriptor?? [ 81.343906][ T6002] tipc: Enabling of bearer rejected, already enabled [ 81.895952][ T788] rc_core: IR keymap rc-hauppauge not found [ 81.902183][ T788] Registered IR keymap rc-empty [ 81.907913][ T788] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 81.941072][ T9] cfg80211: failed to load regulatory.db [ 81.987222][ T788] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 82.031446][ T788] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 82.144192][ T788] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input7 [ 82.204375][ T788] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 82.259332][ T788] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 82.299199][ T788] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 82.329113][ T788] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 82.369309][ T788] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 82.399392][ T788] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 82.409006][ T789] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 82.439286][ T788] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 82.489916][ T788] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 82.522794][ T788] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 82.569247][ T788] mceusb 3-1:0.0: Error: mce write urb status = -71 [ 82.619599][ T788] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 82.621003][ T789] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 82.642315][ T788] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 82.645460][ T789] usb 2-1: config 0 interface 0 has no altsetting 0 [ 82.671627][ T788] usb 3-1: USB disconnect, device number 3 [ 82.686409][ T789] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 82.695988][ T789] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 82.712059][ T789] usb 2-1: Product: syz [ 82.729129][ T789] usb 2-1: Manufacturer: syz [ 82.738905][ T789] usb 2-1: SerialNumber: syz [ 82.755311][ T789] usb 2-1: config 0 descriptor?? [ 82.768487][ T789] usb 2-1: selecting invalid altsetting 0 [ 82.919206][ T9] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 83.097998][ T9] usb 1-1: device descriptor read/64, error -71 [ 84.720428][ T9] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 84.881605][ T9] usb 1-1: device descriptor read/64, error -71 [ 85.021730][ T9] usb usb1-port1: attempt power cycle [ 85.479438][ T9] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 85.531691][ T9] usb 1-1: device descriptor read/8, error -71 [ 85.839000][ T789] usb 2-1: USB disconnect, device number 3 [ 86.123472][ T28] audit: type=1326 audit(1762498812.674:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6069 comm="syz.3.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe0e98f6c9 code=0x7ffc0000 [ 86.171988][ T6070] loop3: detected capacity change from 0 to 1024 [ 86.172283][ T28] audit: type=1326 audit(1762498812.674:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6069 comm="syz.3.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe0e98f6c9 code=0x7ffc0000 [ 86.185032][ T6070] EXT4-fs: Ignoring removed orlov option [ 86.220816][ T6070] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 86.232763][ T28] audit: type=1326 audit(1762498812.704:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6069 comm="syz.3.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7efe0e98f6c9 code=0x7ffc0000 [ 86.299596][ T6070] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 86.334839][ T28] audit: type=1326 audit(1762498812.704:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6069 comm="syz.3.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7efe0e98f703 code=0x7ffc0000 [ 86.458204][ T28] audit: type=1326 audit(1762498812.714:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6069 comm="syz.3.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7efe0e98e17f code=0x7ffc0000 [ 86.550599][ T28] audit: type=1326 audit(1762498812.724:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6069 comm="syz.3.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7efe0e98f757 code=0x7ffc0000 [ 86.605212][ T28] audit: type=1326 audit(1762498812.724:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6069 comm="syz.3.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7efe0e98df10 code=0x7ffc0000 [ 86.638788][ T28] audit: type=1326 audit(1762498812.724:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6069 comm="syz.3.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efe0e98f2cb code=0x7ffc0000 [ 86.703921][ T28] audit: type=1326 audit(1762498812.734:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6069 comm="syz.3.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7efe0e98e32a code=0x7ffc0000 [ 86.773792][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.785433][ T28] audit: type=1326 audit(1762498812.734:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6069 comm="syz.3.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7efe0e98e32a code=0x7ffc0000 [ 87.058989][ T9] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 87.269848][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 87.277210][ T9] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 87.289991][ T9] usb 3-1: config 0 has no interface number 0 [ 87.314127][ T9] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 87.335489][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 87.353441][ T9] usb 3-1: Product: syz [ 87.358009][ T9] usb 3-1: Manufacturer: syz [ 87.363296][ T9] usb 3-1: SerialNumber: syz [ 87.376992][ T9] usb 3-1: config 0 descriptor?? [ 87.392767][ T9] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 87.621984][ T9] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 87.664693][ T9] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 87.840176][ T6109] loop1: detected capacity change from 0 to 32768 [ 87.855034][ T6109] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.77 (6109) [ 87.881843][ T6109] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 87.892428][ T6109] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 87.901420][ T6109] BTRFS info (device loop1): turning on flush-on-commit [ 87.909317][ T6109] BTRFS info (device loop1): use zlib compression, level 3 [ 87.916714][ T6109] BTRFS info (device loop1): disabling free space tree [ 87.923663][ T6109] BTRFS info (device loop1): enabling disk space caching [ 87.930799][ T6109] BTRFS info (device loop1): setting nodatasum [ 87.936977][ T6109] BTRFS info (device loop1): turning off barriers [ 87.943841][ T6109] BTRFS info (device loop1): enabling ssd optimizations [ 87.950871][ T6109] BTRFS info (device loop1): force clearing of disk cache [ 87.958033][ T6109] BTRFS info (device loop1): disk space caching is enabled [ 88.025404][ C0] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 88.033726][ T8] usb 3-1: USB disconnect, device number 4 [ 88.076158][ T8] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 88.094826][ T6109] BTRFS info (device loop1): rebuilding free space tree [ 88.132820][ T6109] BTRFS info (device loop1): disabling free space tree [ 88.139967][ T8] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 88.140821][ T6109] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 88.161612][ T6109] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 88.170308][ T8] quatech2 3-1:0.51: device disconnected [ 89.005539][ T5783] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 89.695538][ T6154] loop1: detected capacity change from 0 to 32768 [ 89.712716][ T6154] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 89.739465][ T6154] XFS (loop1): Ending clean mount [ 89.799774][ T5783] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 90.170637][ T6169] loop2: detected capacity change from 0 to 2048 [ 90.312985][ T6173] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 91.226361][ T6203] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 91.233929][ T6203] overlayfs: failed to set xattr on upper [ 91.239770][ T6203] overlayfs: ...falling back to redirect_dir=nofollow. [ 91.246835][ T6203] overlayfs: ...falling back to index=off. [ 91.255156][ T6203] overlayfs: ...falling back to uuid=null. [ 91.718988][ T8] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 91.869866][ T8] usb 1-1: device descriptor read/64, error -71 [ 92.040783][ T5878] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 92.138979][ T8] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 92.271763][ T5878] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 92.285840][ T5878] usb 3-1: config 0 interface 0 has no altsetting 0 [ 92.295454][ T5878] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 92.299207][ T8] usb 1-1: device descriptor read/64, error -71 [ 92.308605][ T5878] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 92.325255][ T5878] usb 3-1: Product: syz [ 92.329607][ T5878] usb 3-1: Manufacturer: syz [ 92.334485][ T5878] usb 3-1: SerialNumber: syz [ 92.346603][ T5878] usb 3-1: config 0 descriptor?? [ 92.366406][ T5878] usb 3-1: selecting invalid altsetting 0 [ 92.443160][ T8] usb usb1-port1: attempt power cycle [ 92.592003][ T6235] loop1: detected capacity change from 0 to 24 [ 92.601289][ T6235] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 92.671448][ T6235] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 93.535259][ T8] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 93.570464][ T8] usb 1-1: device descriptor read/8, error -71 [ 93.849826][ T8] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 93.913627][ T8] usb 1-1: device descriptor read/8, error -71 [ 94.049270][ T8] usb usb1-port1: unable to enumerate USB device [ 94.384110][ T6265] loop1: detected capacity change from 0 to 2048 [ 94.419261][ T5878] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 94.609179][ T5878] usb 4-1: Using ep0 maxpacket: 16 [ 94.619980][ T5878] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 94.631773][ T5878] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 94.644291][ T5878] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 94.656765][ T5878] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 94.671183][ T5878] usb 4-1: Product: syz [ 94.677563][ T5878] usb 4-1: Manufacturer: syz [ 94.684406][ T5878] usb 4-1: SerialNumber: syz [ 94.894431][ T5824] usb 3-1: USB disconnect, device number 5 [ 94.901644][ T5878] usb 4-1: 0:2 : does not exist [ 94.922420][ T5878] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 94.989100][ T5878] usb 4-1: USB disconnect, device number 4 [ 95.067440][ T5799] udevd[5799]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory [ 95.733148][ T6289] loop2: detected capacity change from 0 to 40427 [ 95.744711][ T6289] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 95.752606][ T6289] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 95.801558][ T6289] F2FS-fs (loop2): invalid crc value [ 95.819795][ T6289] F2FS-fs (loop2): Found nat_bits in checkpoint [ 95.886947][ T6289] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 95.894645][ T6289] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 95.991771][ T6289] syz.2.129: attempt to access beyond end of device [ 95.991771][ T6289] loop2: rw=2049, sector=45096, nr_sectors = 72 limit=40427 [ 96.030976][ T6289] syz.2.129: attempt to access beyond end of device [ 96.030976][ T6289] loop2: rw=34817, sector=45096, nr_sectors = 8 limit=40427 [ 96.047171][ T28] kauditd_printk_skb: 15 callbacks suppressed [ 96.047185][ T28] audit: type=1800 audit(1762498822.574:27): pid=6289 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.129" name="file1" dev="loop2" ino=10 res=0 errno=0 [ 96.335745][ T6313] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 96.909069][ T5878] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 97.121133][ T5878] usb 1-1: no configurations [ 97.126708][ T5878] usb 1-1: can't read configurations, error -22 [ 97.654074][ T6342] loop3: detected capacity change from 0 to 40427 [ 97.670432][ T5878] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 97.679707][ T6342] F2FS-fs (loop3): invalid crc value [ 97.731568][ T6342] F2FS-fs (loop3): Found nat_bits in checkpoint [ 97.804130][ T6342] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 97.889375][ T5878] usb 1-1: no configurations [ 97.894026][ T5878] usb 1-1: can't read configurations, error -22 [ 97.928961][ T5878] usb usb1-port1: attempt power cycle [ 97.952476][ T5785] syz-executor: attempt to access beyond end of device [ 97.952476][ T5785] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 97.995910][ T5785] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 98.051078][ T6353] loop2: detected capacity change from 0 to 512 [ 98.090716][ T6353] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 98.129091][ T6353] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a017c11c, mo2=0002] [ 98.138500][ T6353] System zones: 1-12 [ 98.189783][ T6353] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2249: inode #15: comm syz.2.153: corrupted in-inode xattr: e_value size too large [ 98.224297][ T6353] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.153: couldn't read orphan inode 15 (err -117) [ 98.246565][ T6353] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 98.359300][ T5878] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 98.400937][ T5878] usb 1-1: no configurations [ 98.405582][ T5878] usb 1-1: can't read configurations, error -22 [ 98.519380][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.589475][ T5878] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 98.639481][ T5878] usb 1-1: no configurations [ 98.644154][ T5878] usb 1-1: can't read configurations, error -22 [ 98.667244][ T5878] usb usb1-port1: unable to enumerate USB device [ 98.974694][ T6368] loop2: detected capacity change from 0 to 32768 [ 99.007142][ T6368] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 99.054293][ T6368] XFS (loop2): Ending clean mount [ 99.152662][ T5786] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 100.039432][ T5878] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 100.229226][ T5878] usb 3-1: Using ep0 maxpacket: 16 [ 100.241956][ T5878] usb 3-1: config 0 has an invalid interface number: 214 but max is 0 [ 100.255790][ T5878] usb 3-1: config 0 has no interface number 0 [ 100.262445][ T5878] usb 3-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 100.280929][ T5878] usb 3-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 100.291787][ T5878] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.302023][ T5878] usb 3-1: Product: syz [ 100.306327][ T5878] usb 3-1: Manufacturer: syz [ 100.313535][ T5878] usb 3-1: SerialNumber: syz [ 100.323754][ T5878] usb 3-1: config 0 descriptor?? [ 100.617804][ T6428] loop3: detected capacity change from 0 to 2048 [ 100.677535][ T5893] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 100.737747][ T5878] usbtouchscreen: probe of 3-1:0.214 failed with error -32 [ 100.779722][ T5878] usb 3-1: USB disconnect, device number 6 [ 101.208959][ T5824] usb 4-1: new full-speed USB device number 5 using dummy_hcd [ 101.420891][ T5824] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 101.439142][ T5824] usb 4-1: config 0 interface 0 has no altsetting 0 [ 101.463761][ T5824] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 101.489082][ T5824] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 101.497394][ T5824] usb 4-1: Product: syz [ 101.515850][ T5824] usb 4-1: Manufacturer: syz [ 101.530155][ T5824] usb 4-1: SerialNumber: syz [ 101.547643][ T5824] usb 4-1: config 0 descriptor?? [ 101.587231][ T5824] usb 4-1: selecting invalid altsetting 0 [ 101.881574][ T6475] loop0: detected capacity change from 0 to 4096 [ 101.998930][ T5792] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 102.199193][ T5792] usb 3-1: Using ep0 maxpacket: 16 [ 102.303989][ T5792] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 102.580493][ T5792] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 102.675487][ T5792] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 102.706053][ T5792] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.733500][ T5792] usb 3-1: Product: syz [ 102.747817][ T5792] usb 3-1: Manufacturer: syz [ 102.765908][ T5792] usb 3-1: SerialNumber: syz [ 103.009468][ T5792] usb 3-1: 0:2 : does not exist [ 103.027313][ T5792] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 103.109865][ T5792] usb 3-1: USB disconnect, device number 7 [ 103.382939][ T6506] misc userio: Invalid payload size [ 103.388650][ T6506] misc userio: The device must be registered before sending interrupts [ 103.698489][ T6518] loop0: detected capacity change from 0 to 256 [ 103.706473][ T6518] exfat: Deprecated parameter 'namecase' [ 103.713387][ T6518] exfat: Unknown parameter 'zero_size_dir' [ 103.772790][ T5799] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 104.049650][ T5792] usb 4-1: USB disconnect, device number 5 [ 104.819990][ T6540] overlayfs: failed to clone upperpath [ 104.927985][ T6544] loop3: detected capacity change from 0 to 32768 [ 104.959255][ T6544] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 105.018515][ T6544] XFS (loop3): Ending clean mount [ 105.034959][ T6544] XFS (loop3): Quotacheck needed: Please wait. [ 105.051445][ T5824] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 105.122500][ T6544] XFS (loop3): Quotacheck: Done. [ 105.149086][ T23] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 105.233242][ T5785] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 105.279216][ T5824] usb 1-1: Using ep0 maxpacket: 32 [ 105.295436][ T5824] usb 1-1: config 0 has an invalid interface number: 51 but max is 0 [ 105.309366][ T5824] usb 1-1: config 0 has no interface number 0 [ 105.327497][ T5824] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 105.337687][ T5824] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 105.346158][ T5824] usb 1-1: Product: syz [ 105.361418][ T5824] usb 1-1: Manufacturer: syz [ 105.366216][ T23] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 105.377064][ T5824] usb 1-1: SerialNumber: syz [ 105.390325][ T23] usb 3-1: config 0 has no interfaces? [ 105.395870][ T23] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 105.406861][ T23] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.425745][ T5824] usb 1-1: config 0 descriptor?? [ 105.433721][ T5824] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 105.453630][ T23] usb 3-1: config 0 descriptor?? [ 105.672747][ T5824] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 105.699686][ T5824] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 106.129501][ C1] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 106.132389][ T5792] usb 1-1: USB disconnect, device number 15 [ 106.195811][ T5792] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 106.242708][ T5792] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 106.284323][ T5792] quatech2 1-1:0.51: device disconnected [ 106.338213][ T6580] overlayfs: failed to clone upperpath [ 107.169030][ T788] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 107.369093][ T788] usb 4-1: Using ep0 maxpacket: 16 [ 107.382306][ T788] usb 4-1: config 0 has an invalid interface number: 214 but max is 0 [ 107.394439][ T788] usb 4-1: config 0 has no interface number 0 [ 107.402097][ T788] usb 4-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 107.422880][ T788] usb 4-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 107.438155][ T788] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.447898][ T788] usb 4-1: Product: syz [ 107.455839][ T788] usb 4-1: Manufacturer: syz [ 107.462079][ T788] usb 4-1: SerialNumber: syz [ 107.483417][ T788] usb 4-1: config 0 descriptor?? [ 107.875679][ T5792] usb 3-1: USB disconnect, device number 8 [ 107.924358][ T788] usbtouchscreen: probe of 4-1:0.214 failed with error -32 [ 107.965065][ T788] usb 4-1: USB disconnect, device number 6 [ 108.806733][ T6672] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 109.169326][ T5792] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 109.364486][ T5792] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 109.386280][ T5792] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 109.416654][ T5792] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 109.443090][ T5792] usb 3-1: New USB device found, idVendor=1430, idProduct=07bb, bcdDevice= 0.00 [ 109.461793][ T5792] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 109.476669][ T5792] usb 3-1: config 0 descriptor?? [ 109.536075][ T6696] loop3: detected capacity change from 0 to 512 [ 109.582311][ T6696] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 109.677075][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.954330][ T5792] sony 0003:1430:07BB.0001: hidraw0: USB HID v0.00 Device [HID 1430:07bb] on usb-dummy_hcd.2-1/input0 [ 109.975056][ T5792] sony 0003:1430:07BB.0001: failed to claim input [ 110.224269][ T5824] usb 3-1: USB disconnect, device number 9 [ 110.249462][ T6708] fido_id[6708]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:1430:07BB.0001/report_descriptor': No such device [ 110.576631][ T6722] loop0: detected capacity change from 0 to 8192 [ 110.636197][ T6722] loop0: p1 < > p2 p3 p4 < > [ 110.647637][ T6722] loop0: partition table partially beyond EOD, truncated [ 110.669320][ T6722] loop0: p1 start 134217728 is beyond EOD, truncated [ 110.676547][ T6722] loop0: p2 size 591360 extends beyond EOD, truncated [ 110.707148][ T6722] loop0: p3 start 655105 is beyond EOD, truncated [ 111.167163][ T5893] udevd[5893]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 111.182100][ T5799] udevd[5799]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 111.288934][ T5824] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 111.478973][ T5824] usb 3-1: Using ep0 maxpacket: 16 [ 111.488251][ T5824] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 111.502765][ T5824] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 111.516797][ T5824] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 111.538275][ T5824] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 111.568390][ T5824] usb 3-1: Product: syz [ 111.577140][ T5824] usb 3-1: Manufacturer: syz [ 111.587793][ T5824] usb 3-1: SerialNumber: syz [ 111.804546][ T5824] usb 3-1: 0:2 : does not exist [ 111.833311][ T5824] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 111.855066][ T6771] netlink: 184 bytes leftover after parsing attributes in process `syz.3.320'. [ 111.891717][ T5824] usb 3-1: USB disconnect, device number 10 [ 111.957031][ T5799] udevd[5799]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 111.986608][ T6775] netlink: 32 bytes leftover after parsing attributes in process `syz.3.322'. [ 112.338344][ T5792] IPVS: starting estimator thread 0... [ 112.347224][ T6791] tipc: Started in network mode [ 112.363015][ T6791] tipc: Node identity ac1414aa, cluster identity 4711 [ 112.383543][ T6791] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 112.391656][ T6791] tipc: Enabled bearer , priority 10 [ 112.449508][ T6792] IPVS: using max 21 ests per chain, 50400 per kthread [ 112.519223][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 112.659015][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 112.798982][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 112.894632][ T6800] loop2: detected capacity change from 0 to 32768 [ 112.939004][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 112.953209][ T28] audit: type=1800 audit(1762498839.484:28): pid=6800 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.334" name="file1" dev="loop2" ino=4 res=0 errno=0 [ 113.078996][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 113.189083][ T5824] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 113.219306][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 113.359009][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 113.407753][ T5824] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 113.425357][ T5824] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.441663][ T5824] usb 4-1: config 0 descriptor?? [ 113.465643][ T5824] cp210x 4-1:0.0: cp210x converter detected [ 113.500169][ T5792] tipc: Node number set to 2886997162 [ 113.638976][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 113.659994][ T6827] loop2: detected capacity change from 0 to 1024 [ 113.737154][ T6827] hfsplus: invalid length 256 has been corrected to 255 [ 113.744603][ T6827] ================================================================== [ 113.752697][ T6827] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x5bd/0x1240 [ 113.760445][ T6827] Read of size 2 at addr ffff888059063a18 by task syz.2.345/6827 [ 113.768159][ T6827] [ 113.770489][ T6827] CPU: 0 PID: 6827 Comm: syz.2.345 Not tainted syzkaller #0 [ 113.777777][ T6827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 113.787980][ T6827] Call Trace: [ 113.791289][ T6827] [ 113.794224][ T6827] dump_stack_lvl+0x16c/0x230 [ 113.798910][ T6827] ? __lock_acquire+0x7c80/0x7c80 [ 113.799350][ T23] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 113.803933][ T6827] ? show_regs_print_info+0x20/0x20 [ 113.803962][ T6827] ? load_image+0x3b0/0x3b0 [ 113.803981][ T6827] ? _raw_spin_lock_irqsave+0xb4/0xf0 [ 113.804001][ T6827] ? __virt_addr_valid+0x18c/0x540 [ 113.831707][ T6827] ? __virt_addr_valid+0x469/0x540 [ 113.836828][ T6827] print_report+0xac/0x220 [ 113.841260][ T6827] ? hfsplus_uni2asc+0x5bd/0x1240 [ 113.846400][ T6827] kasan_report+0x117/0x150 [ 113.850927][ T6827] ? hfsplus_uni2asc+0x5bd/0x1240 [ 113.855966][ T6827] hfsplus_uni2asc+0x5bd/0x1240 [ 113.860825][ T6827] hfsplus_listxattr+0x58f/0xb80 [ 113.865784][ T6827] ? hfsplus_getxattr+0x160/0x160 [ 113.870902][ T6827] ? kasan_save_free_info+0x2e/0x50 [ 113.876230][ T6827] ? slab_free_freelist_hook+0x130/0x1b0 [ 113.881880][ T6827] ? user_path_at_empty+0x4c/0x60 [ 113.886916][ T6827] ? kmem_cache_free+0xf8/0x280 [ 113.891772][ T6827] ? bpf_lsm_inode_listxattr+0x9/0x10 [ 113.897139][ T6827] ? hfsplus_getxattr+0x160/0x160 [ 113.902168][ T6827] listxattr+0x107/0x280 [ 113.906410][ T6827] path_listxattr+0xdd/0x1b0 [ 113.911001][ T6827] ? path_getxattr+0x400/0x400 [ 113.915762][ T6827] ? lockdep_hardirqs_on+0x98/0x150 [ 113.920956][ T6827] do_syscall_64+0x55/0xb0 [ 113.925375][ T6827] ? clear_bhb_loop+0x40/0x90 [ 113.930039][ T6827] ? clear_bhb_loop+0x40/0x90 [ 113.934706][ T6827] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 113.940591][ T6827] RIP: 0033:0x7fdd3cb8f6c9 [ 113.945004][ T6827] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 113.964625][ T6827] RSP: 002b:00007fdd3d94a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3 [ 113.973040][ T6827] RAX: ffffffffffffffda RBX: 00007fdd3cde5fa0 RCX: 00007fdd3cb8f6c9 [ 113.981009][ T6827] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000080 [ 113.988969][ T6827] RBP: 00007fdd3cc11f91 R08: 0000000000000000 R09: 0000000000000000 [ 113.996930][ T6827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 114.004891][ T6827] R13: 00007fdd3cde6038 R14: 00007fdd3cde5fa0 R15: 00007ffdb41748a8 [ 114.012861][ T6827] [ 114.015872][ T6827] [ 114.018190][ T6827] Allocated by task 6827: [ 114.022501][ T6827] kasan_set_track+0x4e/0x70 [ 114.027083][ T6827] __kasan_kmalloc+0x8f/0xa0 [ 114.031711][ T6827] __kmalloc+0xb4/0x240 [ 114.035858][ T6827] hfsplus_find_init+0x89/0x1d0 [ 114.040707][ T6827] hfsplus_listxattr+0x390/0xb80 [ 114.045636][ T6827] listxattr+0x107/0x280 [ 114.049878][ T6827] path_listxattr+0xdd/0x1b0 [ 114.054479][ T6827] do_syscall_64+0x55/0xb0 [ 114.058887][ T6827] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 114.064799][ T6827] [ 114.067112][ T6827] Last potentially related work creation: [ 114.072812][ T6827] kasan_save_stack+0x3e/0x60 [ 114.077479][ T6827] __kasan_record_aux_stack+0xaf/0xc0 [ 114.082840][ T6827] call_rcu+0x158/0x930 [ 114.086989][ T6827] sctp_association_free+0x6a1/0x7f0 [ 114.092267][ T6827] sctp_do_sm+0x3e64/0x59a0 [ 114.096767][ T6827] sctp_assoc_bh_rcv+0x3f2/0x630 [ 114.101696][ T6827] sctp_backlog_rcv+0x163/0x3e0 [ 114.106553][ T6827] __release_sock+0x1bd/0x430 [ 114.111233][ T6827] release_sock+0x5f/0x1c0 [ 114.115657][ T6827] sctp_wait_for_connect+0x382/0x680 [ 114.120948][ T6827] sctp_sendmsg_to_asoc+0x13a8/0x17f0 [ 114.126321][ T6827] sctp_sendmsg+0x1941/0x27e0 [ 114.130993][ T6827] __sys_sendto+0x46a/0x620 [ 114.135496][ T6827] __x64_sys_sendto+0xde/0xf0 [ 114.140164][ T6827] do_syscall_64+0x55/0xb0 [ 114.144575][ T6827] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 114.150455][ T6827] [ 114.152762][ T6827] The buggy address belongs to the object at ffff888059063800 [ 114.152762][ T6827] which belongs to the cache kmalloc-1k of size 1024 [ 114.166803][ T6827] The buggy address is located 0 bytes to the right of [ 114.166803][ T6827] allocated 536-byte region [ffff888059063800, ffff888059063a18) [ 114.181285][ T6827] [ 114.183599][ T6827] The buggy address belongs to the physical page: [ 114.190011][ T6827] page:ffffea0001641800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x59060 [ 114.200154][ T6827] head:ffffea0001641800 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 114.209087][ T6827] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 114.217071][ T6827] page_type: 0xffffffff() [ 114.221388][ T6827] raw: 00fff00000000840 ffff888017841dc0 ffffea0001e26a00 dead000000000002 [ 114.229971][ T6827] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 114.238546][ T6827] page dumped because: kasan: bad access detected [ 114.244955][ T6827] page_owner tracks the page as allocated [ 114.250701][ T6827] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 59, tgid 59 (kworker/u4:4), ts 75621210550, free_ts 16962761855 [ 114.271016][ T6827] post_alloc_hook+0x1cd/0x210 [ 114.275788][ T6827] get_page_from_freelist+0x195c/0x19f0 [ 114.281355][ T6827] __alloc_pages+0x1e3/0x460 [ 114.285939][ T6827] alloc_slab_page+0x5d/0x170 [ 114.290621][ T6827] new_slab+0x87/0x2e0 [ 114.294691][ T6827] ___slab_alloc+0xc6d/0x1300 [ 114.299363][ T6827] __kmem_cache_alloc_node+0x1a2/0x260 [ 114.304818][ T6827] __kmalloc+0xa4/0x240 [ 114.309013][ T6827] ieee802_11_parse_elems_full+0xb9/0x2080 [ 114.314813][ T6827] ieee80211_ibss_rx_queued_mgmt+0x49b/0x2ac0 [ 114.320877][ T6827] ieee80211_iface_work+0x717/0xc70 [ 114.326081][ T6827] cfg80211_wiphy_work+0x225/0x260 [ 114.331197][ T6827] process_scheduled_works+0xa45/0x15b0 [ 114.336741][ T6827] worker_thread+0xa55/0xfc0 [ 114.341325][ T6827] kthread+0x2fa/0x390 [ 114.345382][ T6827] ret_from_fork+0x48/0x80 [ 114.349797][ T6827] page last free stack trace: [ 114.354468][ T6827] free_unref_page_prepare+0x7ce/0x8e0 [ 114.359941][ T6827] free_unref_page+0x32/0x2e0 [ 114.364621][ T6827] free_contig_range+0xa1/0x160 [ 114.369469][ T6827] destroy_args+0x80/0x850 [ 114.373953][ T6827] debug_vm_pgtable+0x3cc/0x410 [ 114.378834][ T6827] do_one_initcall+0x1fd/0x750 [ 114.383617][ T6827] do_initcall_level+0x137/0x1f0 [ 114.388579][ T6827] do_initcalls+0x69/0xd0 [ 114.392924][ T6827] kernel_init_freeable+0x3d2/0x570 [ 114.398121][ T6827] kernel_init+0x1d/0x1c0 [ 114.402445][ T6827] ret_from_fork+0x48/0x80 [ 114.406856][ T6827] ret_from_fork_asm+0x11/0x20 [ 114.411624][ T6827] [ 114.413948][ T6827] Memory state around the buggy address: [ 114.419562][ T6827] ffff888059063900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 114.427610][ T6827] ffff888059063980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 114.435675][ T6827] >ffff888059063a00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 114.443724][ T6827] ^ [ 114.448563][ T6827] ffff888059063a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 114.456636][ T6827] ffff888059063b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 114.464685][ T6827] ================================================================== [ 114.473107][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 114.504251][ T5824] usb 4-1: cp210x converter now attached to ttyUSB0 [ 114.510009][ T6827] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 114.510023][ T6827] CPU: 0 PID: 6827 Comm: syz.2.345 Not tainted syzkaller #0 [ 114.510040][ T6827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 114.510049][ T6827] Call Trace: [ 114.510055][ T6827] [ 114.510062][ T6827] dump_stack_lvl+0x16c/0x230 [ 114.510092][ T6827] ? show_regs_print_info+0x20/0x20 [ 114.510114][ T6827] ? load_image+0x3b0/0x3b0 [ 114.510137][ T6827] panic+0x2c0/0x710 [ 114.510152][ T6827] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 114.510173][ T6827] ? bpf_jit_dump+0xd0/0xd0 [ 114.510192][ T6827] ? _raw_spin_unlock_irqrestore+0xfa/0x110 [ 114.510210][ T6827] ? _raw_spin_unlock+0x40/0x40 [ 114.510228][ T6827] ? hfsplus_uni2asc+0x5bd/0x1240 [ 114.510250][ T6827] check_panic_on_warn+0x84/0xa0 [ 114.510270][ T6827] ? hfsplus_uni2asc+0x5bd/0x1240 [ 114.510291][ T6827] end_report+0x6f/0x140 [ 114.510310][ T6827] kasan_report+0x128/0x150 [ 114.510330][ T6827] ? hfsplus_uni2asc+0x5bd/0x1240 [ 114.510353][ T6827] hfsplus_uni2asc+0x5bd/0x1240 [ 114.510381][ T6827] hfsplus_listxattr+0x58f/0xb80 [ 114.510408][ T6827] ? hfsplus_getxattr+0x160/0x160 [ 114.510430][ T6827] ? kasan_save_free_info+0x2e/0x50 [ 114.510475][ T6827] ? slab_free_freelist_hook+0x130/0x1b0 [ 114.510503][ T6827] ? user_path_at_empty+0x4c/0x60 [ 114.510527][ T6827] ? kmem_cache_free+0xf8/0x280 [ 114.510549][ T6827] ? bpf_lsm_inode_listxattr+0x9/0x10 [ 114.510566][ T6827] ? hfsplus_getxattr+0x160/0x160 [ 114.510587][ T6827] listxattr+0x107/0x280 [ 114.510610][ T6827] path_listxattr+0xdd/0x1b0 [ 114.510633][ T6827] ? path_getxattr+0x400/0x400 [ 114.510653][ T6827] ? lockdep_hardirqs_on+0x98/0x150 [ 114.510667][ T6827] do_syscall_64+0x55/0xb0 [ 114.510684][ T6827] ? clear_bhb_loop+0x40/0x90 [ 114.510700][ T6827] ? clear_bhb_loop+0x40/0x90 [ 114.510718][ T6827] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 114.510736][ T6827] RIP: 0033:0x7fdd3cb8f6c9 [ 114.510750][ T6827] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 114.510765][ T6827] RSP: 002b:00007fdd3d94a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3 [ 114.510784][ T6827] RAX: ffffffffffffffda RBX: 00007fdd3cde5fa0 RCX: 00007fdd3cb8f6c9 [ 114.510797][ T6827] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000080 [ 114.510808][ T6827] RBP: 00007fdd3cc11f91 R08: 0000000000000000 R09: 0000000000000000 [ 114.510818][ T6827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 114.510829][ T6827] R13: 00007fdd3cde6038 R14: 00007fdd3cde5fa0 R15: 00007ffdb41748a8 [ 114.510848][ T6827] [ 114.511088][ T6827] Kernel Offset: disabled