last executing test programs: 5m42.560471237s ago: executing program 1 (id=669): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x4) openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)={0x1012c0, 0x48}, 0x18) 5m42.342951415s ago: executing program 1 (id=673): r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r1 = dup(r0) io_setup(0x19, &(0x7f00000009c0)=0x0) io_submit(r2, 0x1, &(0x7f0000000500)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 5m42.170781792s ago: executing program 1 (id=679): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffff, 0x3}, 0x6) setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000280)=[{0x2, 0xa6, 0x2, 0x3}, {0xaee, 0x2, 0xac, 0x1000}]}, 0x10) write$binfmt_misc(r0, &(0x7f0000000100), 0x6) 5m42.102655954s ago: executing program 1 (id=681): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000440)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000100)='./file0/file0\x00', 0x0, 0x2002, 0x0) 5m41.878980179s ago: executing program 1 (id=685): capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x1c, &(0x7f0000000100)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x4000}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x6, 0x1, 0xa, 0x9, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x8}, {}, {0x7, 0x0, 0xc}, {0x18, 0x6, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sk_reuseport=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 5m41.490923422s ago: executing program 1 (id=691): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) 5m41.242595618s ago: executing program 32 (id=691): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) 4m36.521812944s ago: executing program 2 (id=1733): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0xba98575a95aeb70d) ioctl$TUNSETLINK(r0, 0x400454cd, 0x337) 4m36.209880267s ago: executing program 2 (id=1737): r0 = socket$inet(0xa, 0x801, 0x84) listen(r0, 0xfffffffd) r1 = socket$netlink(0x10, 0x3, 0x4) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600030000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1) 4m36.007792429s ago: executing program 2 (id=1740): openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0xffffffffffffffff, 0x0, 0x800, 0x2, 0x80000000000004, 0x6}, 0x0, &(0x7f0000000400)={0x1f, 0x0, 0x800000000000, 0x0, 0x1000000000, 0x0, 0xfffffffffffffffe}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) 4m35.796201397s ago: executing program 2 (id=1745): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1e) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000100)='./file0/file0\x00', 0x0, 0x1041, 0x0) umount2(&(0x7f0000000000)='./file0/../file0\x00', 0x1) 4m35.602229926s ago: executing program 2 (id=1748): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = syz_io_uring_setup(0x4e1, &(0x7f0000000380)={0x0, 0x1ffffa, 0x10100, 0x3, 0x1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_ACCEPT={0xd, 0x0, 0x4, r0, 0x0, 0x0, 0x0, 0x80800}) io_uring_enter(r1, 0x708, 0x41e3, 0x0, 0x0, 0x0) 4m35.114760357s ago: executing program 2 (id=1755): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioperm(0x8, 0xa, 0x3) unshare(0x22020600) quotactl_fd$Q_SYNC(r0, 0xffffffff80000102, 0x0, 0x0) 4m34.818415826s ago: executing program 33 (id=1755): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioperm(0x8, 0xa, 0x3) unshare(0x22020600) quotactl_fd$Q_SYNC(r0, 0xffffffff80000102, 0x0, 0x0) 4m4.929416393s ago: executing program 6 (id=2253): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_QUANTUM={0x8, 0xf}]}}]}, 0x38}}, 0x0) 4m4.77955088s ago: executing program 6 (id=2256): madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x16) r0 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000000)) ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f000014e000/0x1000)=nil, &(0x7f0000e18000/0x3000)=nil, 0x0, 0x0, 0x0, 0x9917, 0x0, 0xc, 0x64, 0x18}) 4m4.543384382s ago: executing program 6 (id=2261): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) setgid(0x0) 4m3.435332886s ago: executing program 6 (id=2284): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x10000, &(0x7f0000000040)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f00000000c0)='./file0\x00') mount$cgroup2(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080), 0xa00001, &(0x7f0000000300)={[], [{@smackfsdef={'smackfsdef', 0x3d, '@\xe8%*@\xfb\x8a-'}}]}) 4m3.298737718s ago: executing program 6 (id=2287): r0 = landlock_create_ruleset(&(0x7f00000000c0)={0xa019, 0x1, 0x3}, 0x18, 0x0) landlock_restrict_self(r0, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_EVBIT(r1, 0x5452, 0x3) 4m2.146220538s ago: executing program 6 (id=2301): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x6, 0x5004, 0x7, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000d00008500000001000000850000002a00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000440)={{r0}, &(0x7f0000000200), &(0x7f0000000400)='%pB \x00'}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) 4m1.665457538s ago: executing program 34 (id=2301): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x6, 0x5004, 0x7, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000d00008500000001000000850000002a00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000440)={{r0}, &(0x7f0000000200), &(0x7f0000000400)='%pB \x00'}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) 2m29.733344888s ago: executing program 0 (id=3718): r0 = getpid() syz_pidfd_open(r0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') io_setup(0x6, &(0x7f0000001380)=0x0) io_submit(r2, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x1000000, 0x0, 0x0, 0x5, 0x8001, r1, 0x0}]) 2m29.526931847s ago: executing program 0 (id=3721): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448ca, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10) bind$bt_hci(r1, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6) 2m29.46683224s ago: executing program 0 (id=3723): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'geneve0\x00', 0x0}) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) sendto$packet(r2, &(0x7f0000000180)="0b032200e0ff14000200475400f6a13b", 0x10, 0x4fa21bd543933076, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0xfe}, 0x14) 2m29.401420727s ago: executing program 0 (id=3725): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f0000000340)='./file0\x00') mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='sysfs\x00', 0x0, 0x0) mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='./control\x00', 0x0, 0x2000, 0x0) 2m29.318626516s ago: executing program 0 (id=3727): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5", 0x4) r1 = accept4(r0, 0x0, 0x0, 0x80800) sendmmsg$alg(r1, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe1a}], 0x1, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x4924924924924b9, 0x0) 2m28.93319908s ago: executing program 0 (id=3731): bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x3, 0x25, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r0}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0) 2m28.629135952s ago: executing program 35 (id=3731): bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x3, 0x25, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r0}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0) 2m26.503896186s ago: executing program 3 (id=3746): syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0xad82, 0x0) r0 = syz_io_uring_setup(0x416f, &(0x7f0000000780)={0x0, 0xfffffffd, 0x10100, 0x200, 0x1}, &(0x7f0000000100)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x27}) io_uring_enter(r0, 0x567, 0x1000a387, 0x0, 0x0, 0x0) 2m26.266487137s ago: executing program 3 (id=3747): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) writev(r0, &(0x7f0000000f40)=[{&(0x7f0000000400)="2e9b3d93dfb6c575963f88640000000000", 0x11}, {&(0x7f00000006c0)='@]\b3', 0x4}], 0x2) 2m25.922979074s ago: executing program 3 (id=3748): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000040)=0x80000001, 0x4) sendto$inet6(r0, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f00000000c0)="4435c61bc9a1f1ed51c7b06188c682bd59fde0261c9bc2b1f66724ea0287fb6effd2c318abfa442135afa8ca2b68dacbb4a1aa65f9c177dc50967e99edcce6e8900d450fcd9980371cd431b9c1ad0766a9cb142c1ac79715905c856c9e549753967a92c7024ac039", 0xffffffffffffff1d, 0x850, 0x0, 0x0) 2m25.802164044s ago: executing program 3 (id=3750): r0 = socket(0x2b, 0x1, 0x1) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000000), 0x4) listen(r0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x50) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r1, &(0x7f0000000400), &(0x7f00000004c0)=@tcp=r0}, 0x20) 2m25.67891454s ago: executing program 3 (id=3751): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000000)=0x4800, 0x4) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback, 0x4}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) close(0x3) 2m25.607706396s ago: executing program 3 (id=3753): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002d40)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = gettid() sendmsg$unix(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000640)='Q', 0x1}], 0x1, &(0x7f0000001040)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r2, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0000000030000000000000000100000001000000", @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="1c000000000000000100000402000000", @ANYRES32, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r0, @ANYBLOB="0000000018"], 0xa0}, 0x4004881) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) 2m10.494753268s ago: executing program 36 (id=3753): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002d40)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = gettid() sendmsg$unix(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000640)='Q', 0x1}], 0x1, &(0x7f0000001040)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r2, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0000000030000000000000000100000001000000", @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="1c000000000000000100000402000000", @ANYRES32, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r0, @ANYBLOB="0000000018"], 0xa0}, 0x4004881) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) 4.743728555s ago: executing program 5 (id=5781): mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x149800, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)) creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) 4.583289708s ago: executing program 5 (id=5784): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="010000000000080080000040"]) 4.393759259s ago: executing program 5 (id=5786): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0x0, 0x20000000000000bb, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff07000000bfa100000000000007010000f8ffffffb714000009"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c000900080000"], 0x4c}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 4.203336744s ago: executing program 5 (id=5790): ioprio_set$uid(0x3, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) r0 = open(&(0x7f0000000080)='./file1\x00', 0x64842, 0x86) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) read$msr(r0, 0x0, 0x0) 3.995690611s ago: executing program 5 (id=5794): r0 = gettid() timer_create(0x2, &(0x7f000049efa0)={0x0, 0x4, 0x4, @tid=r0}, &(0x7f0000044000)) syz_clone(0x42164000, 0x0, 0x0, 0x0, 0x0, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000080)={{0x77359400}, {0x0, 0x9}}, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) 1.997772783s ago: executing program 4 (id=5820): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000001c0)={{0xffff, 0xfffd, 0xff, 0xe1a4}, 'syz0\x00', 0xfffffffd}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) 1.937528061s ago: executing program 9 (id=5822): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r0, 0x0) 1.830717806s ago: executing program 7 (id=5823): r0 = socket$kcm(0x10, 0x400000002, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x12, 0x3, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000280)=r2, 0x4) write$cgroup_subtree(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="93430000520033"], 0xfe33) 1.810513585s ago: executing program 4 (id=5824): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000040)={@val, @void, @eth={@multicast, @remote, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x1, 0x6, 0x14, 0xe4, 0x0, 0x1, 0x6, 0x0, @dev={0xac, 0x14, 0x14, 0x18}, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}}}, 0x26) 1.622952458s ago: executing program 7 (id=5825): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x2000) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000040)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0, 0x0], &(0x7f00000000c0), 0x3, r1}) ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r0, 0xc01864ba, &(0x7f0000000200)={0x31, r2, r1}) 1.42294944s ago: executing program 7 (id=5826): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'chacha20\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="b7f2288d3aaea2bc0000def1260a00"/32, 0x20) r1 = accept(r0, 0x0, 0x0) syz_genetlink_get_family_id$wireguard(&(0x7f00000013c0), r1) 1.422290929s ago: executing program 4 (id=5827): r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r2, @ANYBLOB="000000000000000010010c8013000c800ca3488008000000000000000800038064001d80050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d8050006000000003bd00002006272696467655f736c6176655f30000007000200293a00000500060000000000080001000000000018002580140004004d2906d0880fc8acc30fe2020f9849675000028004000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af0800010000000000080001000000000060001a803f"], 0x270}, 0x1, 0x0, 0x0, 0x8015}, 0x4) sendmmsg(r0, &(0x7f0000000000), 0x400000000000235, 0x0) 1.221531521s ago: executing program 4 (id=5830): capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0xe1002) writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f00000002c0)="5802009400140091d491321dcea4acd70729723b478925450db4564df63e79dbf050a10004226c1aac9891343d24cfbb19f8e3e3bd94cd18075db30d89b96e770856fbaf697ca1ecb4f1fee075069e8d35b8221cb4426b265a02ff9bbbbdefd9ae03f760ddc2a3eff384b3b612e68a2ecb5c9d6924505d22532f3915c8e30b0658d841bab81c04cec0170857406ebb50f56d5837257d8c8ffd8afee808a785f248", 0xa1}], 0x1) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000040)=ANY=[@ANYRES64=r0]) 1.074556132s ago: executing program 4 (id=5832): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000080)=0x20000f7e) read$dsp(r1, &(0x7f00000002c0)=""/4096, 0x1000) write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) 994.873213ms ago: executing program 8 (id=5833): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x50) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = socket(0x10, 0x80002, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1c00000007ffff", @ANYRES16=r2, @ANYBLOB="97"], 0x52) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u}]}}) 834.850694ms ago: executing program 8 (id=5834): r0 = syz_io_uring_setup(0x237, &(0x7f0000000400)={0x0, 0x80fd, 0x10, 0x5, 0x2cd}, &(0x7f0000000380)=0x0, &(0x7f00000002c0)) io_uring_register$IORING_REGISTER_NAPI(r0, 0x1b, &(0x7f00000001c0)={0xc}, 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo/3\x00') preadv(r2, &(0x7f0000000240)=[{&(0x7f0000000000)=""/29, 0x1d}], 0x1, 0x0, 0x0) 834.532081ms ago: executing program 5 (id=5835): capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) r2 = pidfd_getfd(r1, r1, 0x0) setns(r2, 0x20000000) 780.068264ms ago: executing program 4 (id=5836): pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000180001000000000000000000020000000000000900000000060015000400000014001680100008"], 0x38}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0) 574.952205ms ago: executing program 8 (id=5837): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000240)={'batadv_slave_0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000140)="e3661486fa88a9634e2babc655a5", 0xe, 0x4000, &(0x7f0000000280)={0x11, 0xf6, r2, 0x1, 0xf9, 0x6, @random="8e85741b9b81"}, 0x14) 564.043409ms ago: executing program 9 (id=5838): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x12, 0x10, 0xfa00, {&(0x7f0000000000), r2, r1}}, 0x18) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000080), 0x62}, {&(0x7f0000000100)="0d000000246804003199aee6fdb9291b3091ec1a2d41d2270a00d8ec030f5919f397867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e35306221caf67b370d875eff3191932728e5ab6c9a3acf6ccee3e352c898f5744abaedfb53f92c37acb126bd143f3e9cdfcf25a8d6129fcc3a141c3f5ab6db772f87c787817a9b699dd60732d952716b103bc1e91ac5b1ed92f35389580994bb0df9bce07e7a80921888f984139f488d256a67fec0cbb5c4e93d5c151d97f676ab93b1efbd46f600dc964231e3257bf358448fddf894c0cdfa9115adbe5b19bc912fcbc8aac7719b649b1ff1267491da", 0x682c}, {&(0x7f0000001480)="d1ffacd516de50ac9d15bc75316da4defa1e72f65a65cdd26dcc389aacf7856da9aecf3765d4c032e1960faf25bad906b7d3440b6e71a82f1d8f8b8db35b6091f3af94c6b46b9ab10fe3923f268771078d2668be7bd3eb941d4bb5baa8547e36283a065ce5766cbff3a8fc37fc4507643d3786bbf231d3ed88cb8b01eab14e4372cf4f89bd1b853caa5d9f07f523b9dfa8cc09053ff36fde08e96fb6b3acc196b1bd1e2d3a6c65f585df7e2b8b17439a7ab29a7dfe642c2f0ac7a81eca8073b559663f2daf7a0832b2b09557794a21bf114831f8e6db3922d0cd169e5a8b4adc95d7322ee75944de15f57780b88fef7f3d9b256705ccfa2125b43ce8e3aacaead963cdd7f792f14c9b24493f9f830f6de8da93bbd4357095631adec14224dd9bb049e826f3a49624393e6a031103faff0902ba88ae30af4a61caa77ff956214196fcf3c5536d823284306f367afcb46fb43231911cc53091671e7d853ebf015241b18e9fb6ac6d9a7a1b05dfd6d9e56a51567cd8837dd045abf6b85550f0dd8dded43147ab9bfadc18b9984699d5d875cb21a95a7f584d8c466d033df75193f9ae58b85cfacc54f6c6e12a0debe40ee361a839563bc2cb64271672a55370c2b035b482074ce2487ef8a3bc1c68856e6e09539276d961a0c647f1ee3237496fc99623e8fd33faf7797d86a88dcee152d15e10739bcbbd6077b76867e291f350d999024c12faf81f83792f48f7f6dd66aa6854e460ef7f8c755f3a6dd76509ea0d2db39057a5129185b2fb11546cd5d6cc59f640e9028ae6c7075fba5e5b5593d7f79ec387833f465d09bde464112821eaec5e6e8f2aee8d7358f9c14afe2018856f610848706c71cda62493aef2e39efb71b4a8e804847eda66b2b5b1d75b478f19208ee1ac43afb2dbbba5dd0f29f6946022e09fb853cb176ca3474ba2fa67cb245fe85ec61a095d6fd9ac2ac5685920201617342fe56072427b9bd3626a1a371e67041fcda781be0c234d6feb5ad500e8bc7074381fd0d04983a4a6cdb6c8e03d59dc50925e9e4b24e6f8e455f02818959f2927f0a2d9ff62ec3c5c399077048f7d3dad0830b2e6563693f2f9d48eca8c34804a7626282a4a214d13786993c011a88194dbf7b23e25f592e62186c9fb565fac7632de356153c89a6be0b6b26ba48c2427424769fcbd7ee072ed4bd4d0731d06c8537d616b1145a6c70edb13fb4dba3565221b3a2897a23861cd0e8e0060021cdd7de002d5e785e5d6d3d07f4e445ada9c8d9ba8b819d0b5c7b5d15a5192d3a83c125c8e117c823a9e33316b8c9154e7330d3a865048dbd9c14757691bfe56f10423f6ab717bec5eebeac6ba9ad1aeb6cde09d7fda8e475a71ac48d46b8d9a40879c9dec2db5c4799e5fc8e8b3d419031c1033fce88ae2c93d7ca62c9302e6b45ca8dfebe5b92724f035e8e9d7704efb23f445999fe08cfa28404874d8acc8d37870d394d9fcc8dbe763bc85c37f0f3bcc2cbea420cd073db598e7d89c14a31e5bf57cbefa301427c93091505f1f3e5cdf712958b2e8fc56684d3388107c1728f0e5a3be2164246071653e256ed3bf3000c17301da9a5a3d9ca475867c4f311a24e5ae909a62047a9e6bb71cbcb4f159c2ef0f66b4d0f9da51aba99cd9448443dd277362af18d32f111c48a952ef555b2c7c58b997ce61e74cc7551b57eaffe411219baddf490926d8e260dcd87c069e617195c352950f9b51ce88c12c4f7997ba515f77e68d44f831cdf4d7ee8b1b7cedcb4c4fc7e85ba288c8555d49d5b4b9bb70dc4b688bd12e6b38e37150f3ea457a76b23d5abe6551ea598e090aed87822b0954b8db1a7c605c925b7f9240b0e7a020f292a1fd4a37c74139bc6e7ff08373ebfc8feea371ae0b6c61c715f6f1f4b0b994c7e2e129f87db959aae6ff48664d824b29ba9f255890f9c537178db9c5302097891557f8175a46f308b1a2530aa726ea9d4cfce76db50637369724d0c5f51c97edb58ff5eb9b2434b3721b61688ba12471b97c6a65ba085e15406568ac852590701f2ef8451c5cf1191d70f51eaea9ddc4cbdd7428f627db5069111f65062d5cc34581826af3e670613dda99e31c42736aabd87be56e214ed606862a152455f91891b7430bae03284569c234588f495a5ecc4a23fad6ba34e2ee9ebde8c7f5f62c9344659375c2a1fe6fa6e4ef68712223b9471c513bb11429dbb8a45463c8882f462275ee0da567c60c2d8038843e0c20486676e9978f2aec9187820c94a6e7e519d06daf2ab198f5cafcab4d9c90a479800906192d66a3301a34fa6c5a931cea0a479a4d98d86d9de3e061323504b57186dd33df7a16ccb688c0de203666cb0a6b543a9d069dded44a3b432cbb71da921dcab6be1c2d7494d3b07841d9b4f9d659b5d3d3b2ed916f91588d589128e4b2d4448e6aab5a8160eddca0f6e022abb85e251a11cd6bae57a09b2c434ab5bdf6264afb20d5ab022d152e345bd32ba9283aa5b3cd9118bd271a8ac9083c98b8a83064e65428f7ad7b35bf1d60d4e703f22d2d316fc12bd68bcced82cf0962a3d5769c6a3d75d59f7a7b76454661fd3574b8c8e26d20c372407854505ea6c2406fbd8a1ba7bb017c565228aa6d03d18ed309a308ffb1ecec73c246413e7c70f25070eafed9e70d22e9e8b44125c44eceff37e65bf073bc6fad1ea2b72675af4bf70586a8f7e0f35700de94c802522897576ed115fa21b3d23a367844520b33f5b9aedc0245096765f4cb3b2ff4e54f39bd7346c2347875d75a931b17c6c424ddb4767e0e63cc7725a8fc4b1dbe7929b2f909cc5be8b09e63330341e6471dcac0f8b44693d01805a1467b71612260e2a273861b3697440a5f75497796bffcf79d62a4a50a6ed5ef2efe8c83374f2ecd08d8d628aa03b01a11caeb2bdecc0ab2abcecfa15627979d7c3f9dec5389fc6625e957f8075e23e636dd5514596189d568e14d33ae518e6e9978c6a36a74b49fdbd1260095c9abe447e618878039b75e305b1d2c9ddeb9e5cedb11802e0833739d8595d57d749c890c9290cca4aa96e6718747543796a187e54a66c2f71beefddf911a7a74b59c48ba642d5ecd4d415f48dfbde5baac8a4ba063c1b985d9f9f3180e8a1c8b2cf6a25c2ff17688cc858ac8b9c67960f09a1ca5f28f8e877159e00fe7fb10cca73b391508895e7e52c22f9b38d73dabd6ff7c55ebf4e1611daee8d52b4ceee49a6df7daeb81bf9d1c943a74c03d3dda52c5b99f3225c1b87074f5cef6187878bc5b665ec0561adcc9781280dd1c6592555d327afea78b21beeeb66a0af3eab3249245f41cdbca309d3fba5d4b345319dd0a26134c0c896f2c8d32fda28600013f6a4c95b4038faba70d6c480b360c55bdc0595f7ca636e85521ba505d894f9c5f0a90719bc9944f386ad7491422ff12f34a3c048708d51305a8cc5b2a502ac1575a14c75e9fb7219ede2f6d9c1b362230b6189e0d8cd8ccd11fd0325182c6e46c9977bf63aa02f7024aeb4389f989f5733a198b45e4329c4c1a538a009f216ad3ac09cac39547b4fd21a5d7146ea307ad9b9339f39d5161d17b59860a0aed38cd89d1b68c6438346d51a3a283074e34ee01d2eca527b1b3836ccdf7e807007152c79d14324e3d887c9551a9447527db4434810f5b0b73d855f32a0c89aa784e43f4c1657d408dd33f88aeae1e5186bbcc2a348b708e3cec9080e12ee3676beb5ee86a9b5cc4a3496c242b95a248906ed62f984b22373bdfd97515441f34e01006d8d1244aa88403f207cd8820ffe07634fc86d00f871c1e4c9e8fc1a00d295e36d98119599b62379cda10ada85efe7b50c5f38d8d010a2cd53db900939db1ffce14feffb7940d12842f4f2b507e1fa49e526752d1e3d80a0c2a75e870d85f77fd91fc46ac1b1288dd33338cdad154d6b80b5a925431868d62a3fb0036f28fe259a3f555f767526a9ea230c33843efc49ac3182a357845ea122d606ab22c9f937b2b905e02dd1cb07d380e3486be6167f00b6e6d90a3c1d6aee15da439a55542ce177e498998ba8ac69a848e63e4c7564e4dc04aad595fa1ab81275edafa0d352029c304200d2f2c5881cbf5a26b2141bdb117879cc11e7c13bd62f221ae1ac04dca3d8d58a13c130557ecf5f36184c7366d3852d0cbd6ca42f2a971d87c0bb204097af1a3abdab7b95d07fcdbf5f42607695dedcd26e30b8fc5cfd7b333a95f3ee69d5ba7911dadb1394285c437a0f26fc027737ba5ee7d63333f80acb59f1a7faf2ec3031c6533107502bffc92d8726a48ce00cdb5f1258d85ff8eb72bfb162e122022f1f3e8a72b41d2689d5228b1130fbc946384401f3bbe726314bb09d430333ad78de07b3cec5c18a4f4abb69507b6451ca4e610b8fc988c983426e0cc3b9d15393026eb75d3d08634b8a7495cef69aab83d27ea1b5b41f40b996dd10023d81f77d61192930ffc25cae1e149412322fcb0aa47bee3afc44ec3dda96c9294854e2cbaebfea6f9a90f0b3797d5f505824b4de964151569f881f87f9dd9d30a2a2f9ed01059a909cba157902903c77f2f3d056231e7c7483a3f35e04360e084f0d3f94a92c92c77b3f06479fbc417366d7fe87ddfcdfd86274f87a5f817b0f947924cbe2329f16f6b00c8a0ab96164f7b35fed38a388380af05c3600abc37a944c9e75a691728c26896ac3615297766f406aeb0f2fd147d68fad3fb3b032880280ebb4bf89252a36b0d9eb393daae72829b8da870b886676244897d5322b32703fcf138b66eedeb3024666a88fd99d8962f696ab7b34e19ced1bd27488aa2ffe5bfa11f8f9289bd8c052d4e88316cc33b0255ef1bfca4c17067d7f78175c56db481fe8dc6f73b1cbdf9d5823f115c9e03f2dfd07bc1ad88564d48b18cd9a30d83cbd5e6a3eedcb0ee86e5dd47f32820cb74dcf730b2052b31297b529e5e24f042335d13915e4048132fe1a101841e919c7870bb680eddead9a6111394bc12e274fbd88abaf2d254721c42e82abf4d1e319a631794ed6ce319ddd844ac5e9b1fc96dd9aaad42f2e087abe1b85430c4a00631970e3e74a6ed923f49e0df75685e044fae3fcea0af4dbfeebe0a9c2e73e8a89b89603a75f585e3ebba5453ae595da1469ea90ea3c9fb6a22411c56c58dfbf504caa629dbfc73ebbedc91669f2babf8b8215c525edf8feb366f104ffa9eb2bb79232660aece4730ef1ae8585c629ffe1390356a58e900da145b83ad177c7bb2d125e59d7ff4d3a8562efc620b4cf9b33c2305bbf1957e0f8b06f0fbe9c80db73b08fdd0be4a1ea4f91f52af47160040424aed8ac3c10251fb0b5d9be08247edf3dda5d1750d0597d60c8a0d9418a4e0c9325bb90f0886f9e5dda9e88ac1942ec1e53da0cf5ccad66b9cdfc2fdca784dd06a73713ef73785706d024873ddca5ccfcf0b91748a2c1fbd8c241934b5b473007b29d76aec5addf7b945a5f7abd6ddeccc8d0ccb26d69d4793b7224c27ba7bf45aac8a2be56086ab8c65ea69fdd593a01a29e2912378002d824bd98e6ed1c5dd5f33be529e640997f5f1bbde051fb2a669145966db4889bf32aa13777ac6c077c51bb8b2523954cea3adc307cfe53b8cbb00edf0c04c456392aea6613e8078a309dc538a6a24f80fc1b7f9fce3e3291ca6dab8090a634fcdb24e7a9de8aecd595b988f597cd623d148a8841b0a5203953166ea2e85316928f28dd2604d37c9ec80a49c0d91cbfe6d584b9b6a321b97bf99ae1d67985fd441976a828c97456003a7892c7c7f4a51bb49e3d3ea1e95ec29c89a2676", 0x1001}], 0x3) 506.773861ms ago: executing program 8 (id=5839): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_AUTHENTICATE(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000100)={0x54, r2, 0x1, 0x470bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_SSID={0x4}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x5}, @key_params=[@NL80211_ATTR_KEY={0x18, 0x50, 0x0, 0x1, [@NL80211_KEY_DEFAULT={0x4}, @NL80211_KEY_IDX={0x5, 0x2, 0x2}, @NL80211_KEY_TYPE={0x8, 0x7, 0x1}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x54}}, 0x20000880) 446.88919ms ago: executing program 7 (id=5840): r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000040)={0x1, 0x6}, 0x2) write$USERIO_CMD_REGISTER(r0, &(0x7f0000000100), 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f00000000c0)={0x2, 0xfa}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000080)={0x2, 0x6}, 0x2) 385.34507ms ago: executing program 9 (id=5841): mount$bind(0x0, &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000000080)="1c0000006d0081044e81f782db1f4cb9041c1d08", 0x14}], 0x1}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0) sendmsg$kcm(r0, &(0x7f00000001c0)={&(0x7f0000000100)=@phonet={0x23, 0x0, 0x0, 0xd}, 0x80, &(0x7f00000018c0)=[{&(0x7f0000000080)="27050200160014000600002f86dd", 0x5ea}], 0x1}, 0x0) 337.567ms ago: executing program 8 (id=5842): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bond_slave_0\x00', 0x0}) sendmsg$WG_CMD_GET_DEVICE(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001040)={0x1c, r1, 0x301, 0x70bd2c, 0x25dfdbfe, {}, [@WGDEVICE_A_IFINDEX={0x8, 0x1, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0xd0}, 0x14) 337.15767ms ago: executing program 7 (id=5843): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000180)={'vxcan1\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000200)={0x1d, r2}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r2, {0x1, 0x6}, {0xffff}, {0x1}}}, 0x24}}, 0x0) 198.872736ms ago: executing program 9 (id=5844): mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x5f, 0xffffffffffffffff, {0x29}}, './file0\x00'}) 126.848681ms ago: executing program 9 (id=5845): r0 = socket$kcm(0xa, 0x922000000003, 0x11) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001a40)=[{&(0x7f0000000380)="48000000150081fb0259ae08040204000aff0f110000000401d174a4ffa4d8643aec0caa94bd9a5f5901546fabca1b4e7d06a6bd7c493872f750375ed08a562af5740700b8c11941", 0x48}], 0x1}, 0x2000000) setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f00000000c0), 0x4) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x1100, 0x1, @empty, 0x42, 0xfffffffd}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000780)="f4000900062b2f25fe80000000000000dc8b850f238466cc00007a000000ad6e911b51818462b400", 0x28}], 0x1}, 0x44) 120.71292ms ago: executing program 7 (id=5846): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, 0x0, 0x0, 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000d40)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xe, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='io_uring_register\x00', r0}, 0x18) r1 = syz_io_uring_setup(0x3, &(0x7f0000000580)={0x0, 0xe7b7, 0x13500, 0x0, 0xfffffffd}, &(0x7f0000000240), &(0x7f0000001880)) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x21, &(0x7f0000000440), 0x1) 50.570126ms ago: executing program 8 (id=5847): r0 = timerfd_create(0x0, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000200)) timerfd_settime(r0, 0x3, &(0x7f0000000440)={{0x0, 0x989680}}, 0x0) clock_adjtime(0x0, &(0x7f0000000480)={0xd54, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}) 0s ago: executing program 9 (id=5848): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x8) accept4(r0, 0x0, 0x0, 0x0) close(r0) kernel console output (not intermixed with test programs): ast mode [ 336.890840][ T9] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0 [ 336.911356][ T9] hid-generic 0000:0000:0000.001E: hidraw0: HID v0.00 Device [syz1] on syz0 [ 336.971237][ T59] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.099910][ T59] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.125485][ T5956] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 337.232982][ T59] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.317348][ T5956] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 337.346984][ T5956] usb 6-1: config 1 has no interface number 0 [ 337.359307][ T5956] usb 6-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 337.390293][ T59] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.400686][ T5956] usb 6-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 337.400751][ T5956] usb 6-1: config 1 interface 1 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 337.400779][ T5956] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 337.400806][ T5956] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 337.426521][ T5956] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 337.494109][ T5956] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 337.514114][ T5956] usb 6-1: Product: syz [ 337.542757][ T5956] usb 6-1: Manufacturer: syz [ 337.552839][ T5956] usb 6-1: SerialNumber: syz [ 337.660147][T15885] input: syz1 as /devices/virtual/input/input42 [ 337.757616][ T59] bridge_slave_1: left allmulticast mode [ 337.763348][ T59] bridge_slave_1: left promiscuous mode [ 337.784392][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 337.791695][T15879] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 337.823713][ T59] bridge_slave_0: left allmulticast mode [ 337.832802][ T59] bridge_slave_0: left promiscuous mode [ 337.856266][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 337.964691][ T5822] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 337.974910][ T5822] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 337.983631][ T5822] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 337.993847][ T5822] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 338.002883][ T5822] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 338.026743][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 338.035377][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 338.042763][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 338.052486][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 338.073714][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 338.423090][T15879] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 338.426650][ T5956] cdc_ncm 6-1:1.1: bind() failure [ 338.543607][ T59] team0: Port device geneve0 removed [ 338.647020][ T5956] usb 6-1: USB disconnect, device number 27 [ 338.951358][ T59] bond0 (unregistering): left promiscuous mode [ 338.962586][ T59] bond_slave_0: left promiscuous mode [ 338.969049][ T59] bond_slave_1: left promiscuous mode [ 339.018351][ T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 339.055926][ T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 339.076806][ T59] bond0 (unregistering): Released all slaves [ 339.516054][T15918] dlm: non-version read from control device 4 [ 339.757514][T15891] chnl_net:caif_netlink_parms(): no params data found [ 340.141899][T15891] bridge0: port 1(bridge_slave_0) entered blocking state [ 340.165352][ T51] Bluetooth: hci2: command tx timeout [ 340.167991][T15891] bridge0: port 1(bridge_slave_0) entered disabled state [ 340.205300][T15891] bridge_slave_0: entered allmulticast mode [ 340.225286][T15891] bridge_slave_0: entered promiscuous mode [ 340.262647][T15891] bridge0: port 2(bridge_slave_1) entered blocking state [ 340.275416][T15891] bridge0: port 2(bridge_slave_1) entered disabled state [ 340.282659][T15891] bridge_slave_1: entered allmulticast mode [ 340.310605][T15891] bridge_slave_1: entered promiscuous mode [ 340.383771][T15891] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 340.410566][T15891] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 340.497947][T15891] team0: Port device team_slave_0 added [ 340.508861][T15891] team0: Port device team_slave_1 added [ 340.570803][T15891] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 340.578630][T15891] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 340.605187][T15891] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 340.618521][T15891] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 340.636564][T15891] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 340.678774][T15891] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 340.779420][T15891] hsr_slave_0: entered promiscuous mode [ 340.786855][T15891] hsr_slave_1: entered promiscuous mode [ 340.793392][T15891] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 340.801920][T15891] Cannot create hsr debugfs directory [ 341.210521][ T59] hsr_slave_0: left promiscuous mode [ 341.219142][ T59] hsr_slave_1: left promiscuous mode [ 341.225267][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 341.232699][ T59] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 341.255940][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 341.263382][ T59] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 341.300610][ T59] veth1_macvtap: left promiscuous mode [ 341.306309][ T59] veth0_macvtap: left promiscuous mode [ 341.312115][ T59] veth1_vlan: left promiscuous mode [ 341.335451][ T59] veth0_vlan: left promiscuous mode [ 342.049148][ T59] team0 (unregistering): Port device team_slave_1 removed [ 342.088311][ T59] team0 (unregistering): Port device team_slave_0 removed [ 342.248554][ T51] Bluetooth: hci2: command tx timeout [ 342.823333][T15891] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 342.844578][T15891] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 342.871801][T15891] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 342.896847][T15891] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 342.962664][ T59] IPVS: stop unused estimator thread 0... [ 343.071259][T15891] 8021q: adding VLAN 0 to HW filter on device bond0 [ 343.097334][T15891] 8021q: adding VLAN 0 to HW filter on device team0 [ 343.121028][ T4156] bridge0: port 1(bridge_slave_0) entered blocking state [ 343.128166][ T4156] bridge0: port 1(bridge_slave_0) entered forwarding state [ 343.167846][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 343.175120][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 343.543999][T15891] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 344.279423][T15891] veth0_vlan: entered promiscuous mode [ 344.311176][T15891] veth1_vlan: entered promiscuous mode [ 344.325263][ T51] Bluetooth: hci2: command tx timeout [ 344.346741][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 344.370922][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 344.371347][T15891] veth0_macvtap: entered promiscuous mode [ 344.399490][T15891] veth1_macvtap: entered promiscuous mode [ 344.414583][T16015] binder_alloc: binder_alloc_mmap_handler: 16014 200000ffc000-200000ffd000 already mapped failed -16 [ 344.441689][T15891] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 344.468001][T15891] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 344.489999][T15891] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.509369][T15891] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.526211][T15891] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.543919][T15891] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.717717][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 344.733924][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 344.801308][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 344.831340][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 344.850942][T16028] netlink: 71 bytes leftover after parsing attributes in process `syz.4.3787'. [ 345.937720][ T9] kernel read not supported for file /adsp1 (pid: 9 comm: kworker/0:0) [ 345.964757][ T5956] kernel write not supported for file bpf-prog (pid: 5956 comm: kworker/1:7) [ 346.091840][ T51] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 346.103504][ T51] CPU: 1 UID: 0 PID: 51 Comm: kworker/u9:0 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 346.103537][ T51] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 346.103551][ T51] Workqueue: hci2 hci_rx_work [ 346.103587][ T51] Call Trace: [ 346.103599][ T51] [ 346.103609][ T51] dump_stack_lvl+0x189/0x250 [ 346.103643][ T51] ? kernfs_path_from_node+0x2c/0x260 [ 346.103672][ T51] ? __pfx_dump_stack_lvl+0x10/0x10 [ 346.103702][ T51] ? __pfx__printk+0x10/0x10 [ 346.103725][ T51] ? kernfs_path_from_node+0x2c/0x260 [ 346.103749][ T51] ? kernfs_path_from_node+0x2c/0x260 [ 346.103777][ T51] ? kernfs_path_from_node+0x22c/0x260 [ 346.103802][ T51] ? kernfs_path_from_node+0x2c/0x260 [ 346.103832][ T51] sysfs_create_dir_ns+0x259/0x280 [ 346.103862][ T51] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 346.103890][ T51] ? do_raw_spin_unlock+0x122/0x240 [ 346.103925][ T51] kobject_add_internal+0x59f/0xb40 [ 346.103963][ T51] kobject_add+0x155/0x220 [ 346.104017][ T51] ? __pfx_kobject_add+0x10/0x10 [ 346.104046][ T51] ? _raw_spin_unlock+0x28/0x50 [ 346.104072][ T51] ? get_device_parent+0x366/0x3a0 [ 346.104099][ T51] device_add+0x408/0xb50 [ 346.104125][ T51] hci_conn_add_sysfs+0xd5/0x1e0 [ 346.104153][ T51] le_conn_complete_evt+0xc3a/0x1220 [ 346.104199][ T51] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 346.104232][ T51] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 346.104257][ T51] ? __asan_memcpy+0x40/0x70 [ 346.104288][ T51] ? __pfx___mutex_lock+0x10/0x10 [ 346.104315][ T51] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 346.104339][ T51] ? skb_pull_data+0xfb/0x200 [ 346.104379][ T51] hci_le_conn_complete_evt+0x187/0x450 [ 346.104419][ T51] hci_event_packet+0x78f/0x1200 [ 346.104449][ T51] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 346.104482][ T51] ? __pfx_hci_event_packet+0x10/0x10 [ 346.104509][ T51] ? kcov_remote_start+0x4d3/0x7f0 [ 346.104529][ T51] ? local_clock_noinstr+0xe0/0xe0 [ 346.104557][ T51] ? hci_send_to_monitor+0xe2/0x570 [ 346.104592][ T51] hci_rx_work+0x46a/0xe80 [ 346.104627][ T51] ? process_scheduled_works+0x9ef/0x17b0 [ 346.104655][ T51] process_scheduled_works+0xae1/0x17b0 [ 346.104712][ T51] ? __pfx_process_scheduled_works+0x10/0x10 [ 346.104757][ T51] worker_thread+0x8a0/0xda0 [ 346.104813][ T51] kthread+0x711/0x8a0 [ 346.104847][ T51] ? __pfx_worker_thread+0x10/0x10 [ 346.104872][ T51] ? __pfx_kthread+0x10/0x10 [ 346.104904][ T51] ? _raw_spin_unlock_irq+0x23/0x50 [ 346.104925][ T51] ? lockdep_hardirqs_on+0x9c/0x150 [ 346.104947][ T51] ? __pfx_kthread+0x10/0x10 [ 346.104979][ T51] ret_from_fork+0x3fc/0x770 [ 346.105008][ T51] ? __pfx_ret_from_fork+0x10/0x10 [ 346.105039][ T51] ? __switch_to_asm+0x39/0x70 [ 346.105058][ T51] ? __switch_to_asm+0x33/0x70 [ 346.105076][ T51] ? __pfx_kthread+0x10/0x10 [ 346.105108][ T51] ret_from_fork_asm+0x1a/0x30 [ 346.105147][ T51] [ 346.390124][ T51] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 346.404534][ T51] Bluetooth: hci2: failed to register connection device [ 346.413459][ T51] Bluetooth: hci2: command tx timeout [ 348.441266][T16150] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 349.060382][T16168] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 349.105156][T16168] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 349.785969][ T5956] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 349.946195][ T5956] usb 6-1: Using ep0 maxpacket: 16 [ 349.967298][ T5956] usb 6-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 349.985438][ T5956] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 350.016390][ T5956] usb 6-1: config 0 descriptor?? [ 350.024131][ T5956] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 350.556746][T16220] syz.4.3866 (16220): drop_caches: 2 [ 351.070630][ T5956] gspca_sonixj: reg_w1 err -71 [ 351.107024][ T5956] sonixj 6-1:0.0: probe with driver sonixj failed with error -71 [ 351.130535][ T5956] usb 6-1: USB disconnect, device number 28 [ 351.249398][T16245] evm: overlay not supported [ 352.755298][T16297] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3901'. [ 353.623135][T16323] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3912'. [ 353.637463][T16323] IPVS: Error joining to the multicast group [ 354.119171][T16341] syzkaller1: entered promiscuous mode [ 354.125195][T16341] syzkaller1: entered allmulticast mode [ 354.754040][T16367] loop2: detected capacity change from 0 to 7 [ 354.761652][T16367] Dev loop2: unable to read RDB block 7 [ 354.767515][T16367] loop2: AHDI p1 p2 p3 p4 [ 354.772060][T16367] loop2: partition table partially beyond EOD, truncated [ 354.780982][T16367] loop2: p1 start 1601398130 is beyond EOD, truncated [ 354.787996][T16367] loop2: p2 start 1702059890 is beyond EOD, truncated [ 354.794809][T16367] loop2: p3 size 150995200 extends beyond EOD, truncated [ 354.816341][T16365] block nbd7: server does not support multiple connections per device. [ 354.862317][T16364] block nbd7: shutting down sockets [ 355.076293][T16374] Invalid ELF header magic: != ELF [ 355.097157][T16376] loop4: detected capacity change from 0 to 524288000 [ 356.085415][ T5956] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 356.128744][ T51] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 356.140480][ T51] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 356.142229][T16412] syzkaller1: entered promiscuous mode [ 356.154194][ T51] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 356.162215][T16412] syzkaller1: entered allmulticast mode [ 356.170828][ T51] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 356.180971][ T51] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 356.257133][ T5956] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 356.275381][ T5956] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 356.296086][ T5956] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 356.315074][ T5956] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 356.323165][ T5956] usb 6-1: SerialNumber: syz [ 356.437089][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805c7a2800: rx timeout, send abort [ 356.548524][ T5956] usb 6-1: 0:2 : does not exist [ 356.582613][ T5956] usb 6-1: USB disconnect, device number 29 [ 356.604932][T16410] chnl_net:caif_netlink_parms(): no params data found [ 356.771107][T16410] bridge0: port 1(bridge_slave_0) entered blocking state [ 356.779171][T16410] bridge0: port 1(bridge_slave_0) entered disabled state [ 356.786801][T16410] bridge_slave_0: entered allmulticast mode [ 356.795879][T16410] bridge_slave_0: entered promiscuous mode [ 356.804981][T16410] bridge0: port 2(bridge_slave_1) entered blocking state [ 356.813695][T16410] bridge0: port 2(bridge_slave_1) entered disabled state [ 356.821870][T16410] bridge_slave_1: entered allmulticast mode [ 356.830144][T16410] bridge_slave_1: entered promiscuous mode [ 356.887142][T16410] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 356.901965][T16410] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 356.938394][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805c7a0400: rx timeout, send abort [ 356.947288][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805c7a2800: abort rx timeout. Force session deactivation [ 357.033668][T16410] team0: Port device team_slave_0 added [ 357.051533][T16410] team0: Port device team_slave_1 added [ 357.149270][T16410] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 357.163471][T16410] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 357.206680][T16410] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 357.223335][T16410] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 357.230563][T16410] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 357.260493][T16410] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 357.390128][T16410] hsr_slave_0: entered promiscuous mode [ 357.403777][T16410] hsr_slave_1: entered promiscuous mode [ 357.412518][T16410] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 357.421141][T16410] Cannot create hsr debugfs directory [ 357.446881][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805c7a0400: abort rx timeout. Force session deactivation [ 357.455473][ T5956] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 357.615557][ T5956] usb 9-1: Using ep0 maxpacket: 16 [ 357.626531][ T5956] usb 9-1: config 64 has an invalid interface number: 176 but max is 0 [ 357.634835][ T5956] usb 9-1: config 64 has no interface number 0 [ 357.650000][ T5956] usb 9-1: config 64 interface 176 has no altsetting 0 [ 357.669652][ T5956] usb 9-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=14.8d [ 357.679116][ T5956] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 357.695239][ T5956] usb 9-1: Product: syz [ 357.699460][ T5956] usb 9-1: Manufacturer: syz [ 357.704079][ T5956] usb 9-1: SerialNumber: syz [ 357.745160][ T24] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 357.918548][ T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 357.957998][ T24] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 4 [ 357.978605][ T5956] peak_usb 9-1:64.176 can0: unable to request usb[type=0 value=1] err=-71 [ 357.987283][ T24] usb 6-1: New USB device found, idVendor=0543, idProduct=e621, bcdDevice= 0.00 [ 357.996598][ T5956] peak_usb 9-1:64.176: unable to read PCAN-USB X6 firmware info (err -71) [ 358.012953][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 358.025903][ T24] usb 6-1: config 0 descriptor?? [ 358.087562][ T5956] peak_usb 9-1:64.176: probe with driver peak_usb failed with error -71 [ 358.104058][ T5956] usb 9-1: USB disconnect, device number 2 [ 358.111320][T16410] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 358.133583][T16410] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 358.146286][T16410] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 358.172142][T16410] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 358.245466][ T51] Bluetooth: hci5: command tx timeout [ 358.289361][T16410] 8021q: adding VLAN 0 to HW filter on device bond0 [ 358.317258][T16410] 8021q: adding VLAN 0 to HW filter on device team0 [ 358.339379][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 358.346591][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 358.366144][ T5890] bridge0: port 2(bridge_slave_1) entered blocking state [ 358.373405][ T5890] bridge0: port 2(bridge_slave_1) entered forwarding state [ 358.460352][ T24] viewsonic 0003:0543:E621.001F: hidraw0: USB HID v0.00 Device [HID 0543:e621] on usb-dummy_hcd.5-1/input0 [ 358.705601][ T24] usb 6-1: USB disconnect, device number 30 [ 358.729662][ T5935] IPVS: starting estimator thread 0... [ 358.739160][T16465] net_ratelimit: 3319 callbacks suppressed [ 358.739180][T16465] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 358.777299][T16410] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 358.868943][T16467] IPVS: using max 31 ests per chain, 74400 per kthread [ 359.164784][T16410] veth0_vlan: entered promiscuous mode [ 359.178647][T16410] veth1_vlan: entered promiscuous mode [ 359.227473][T16410] veth0_macvtap: entered promiscuous mode [ 359.230739][T16410] veth1_macvtap: entered promiscuous mode [ 359.257756][T16410] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 359.271659][T16410] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 359.283766][T16410] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 359.283801][T16410] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 359.283828][T16410] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 359.283854][T16410] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 359.438716][ T5890] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 359.470602][ T5890] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 359.502065][ T1164] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 359.529342][ T1164] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 359.766794][ T30] audit: type=1326 audit(1748794576.287:943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16494 comm="syz.9.3942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3dd512ab39 code=0x7ffc0000 [ 359.825457][ T30] audit: type=1326 audit(1748794576.297:944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16494 comm="syz.9.3942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd518e969 code=0x7ffc0000 [ 359.885599][ T5872] usb 9-1: new full-speed USB device number 3 using dummy_hcd [ 359.893253][ T30] audit: type=1326 audit(1748794576.297:945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16494 comm="syz.9.3942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd518e969 code=0x7ffc0000 [ 359.983251][ T30] audit: type=1326 audit(1748794576.307:946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16494 comm="syz.9.3942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3dd512ab39 code=0x7ffc0000 [ 360.051450][ T30] audit: type=1326 audit(1748794576.307:947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16494 comm="syz.9.3942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd518e969 code=0x7ffc0000 [ 360.088986][ T5872] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 360.108640][ T30] audit: type=1326 audit(1748794576.307:948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16494 comm="syz.9.3942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3dd512ab39 code=0x7ffc0000 [ 360.142879][ T5872] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 360.167631][ T5872] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 360.200464][ T30] audit: type=1326 audit(1748794576.307:949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16494 comm="syz.9.3942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd518e969 code=0x7ffc0000 [ 360.215378][ T5872] usb 9-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 360.280774][ T30] audit: type=1326 audit(1748794576.307:950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16494 comm="syz.9.3942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd518e969 code=0x7ffc0000 [ 360.292746][ T5872] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 360.302488][ C0] vkms_vblank_simulate: vblank timer overrun [ 360.330721][ T51] Bluetooth: hci5: command tx timeout [ 360.364360][ T5872] usb 9-1: config 0 descriptor?? [ 360.434584][ T30] audit: type=1326 audit(1748794576.307:951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16494 comm="syz.9.3942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3dd512ab39 code=0x7ffc0000 [ 360.473006][ T30] audit: type=1326 audit(1748794576.307:952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16494 comm="syz.9.3942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3dd512ab39 code=0x7ffc0000 [ 360.795449][ T5872] ntrig 0003:1B96:0009.0020: hidraw0: USB HID v0.00 Device [HID 1b96:0009] on usb-dummy_hcd.8-1/input0 [ 360.991191][ T5872] ntrig 0003:1B96:0009.0020: Firmware version: 2.3.14.45.6 (cd15 bed5) [ 361.200931][ T5935] usb 9-1: USB disconnect, device number 3 [ 361.885151][ T24] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 362.050265][ T24] usb 6-1: Using ep0 maxpacket: 32 [ 362.070831][ T24] usb 6-1: config 0 has an invalid interface number: 85 but max is 0 [ 362.082234][ T24] usb 6-1: config 0 has no interface number 0 [ 362.095163][ T24] usb 6-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 362.125137][ T24] usb 6-1: config 0 interface 85 has no altsetting 0 [ 362.142639][ T24] usb 6-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 362.173080][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 362.201617][ T24] usb 6-1: Product: syz [ 362.215104][ T5872] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 362.222957][ T24] usb 6-1: Manufacturer: syz [ 362.233053][ T24] usb 6-1: SerialNumber: syz [ 362.254220][ T24] usb 6-1: config 0 descriptor?? [ 362.350368][T16581] syzkaller1: entered promiscuous mode [ 362.360049][T16581] syzkaller1: entered allmulticast mode [ 362.395096][ T5872] usb 10-1: Using ep0 maxpacket: 32 [ 362.403418][ T5872] usb 10-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 362.413456][ T51] Bluetooth: hci5: command tx timeout [ 362.419419][ T5872] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 362.431316][ T5872] usb 10-1: config 0 descriptor?? [ 362.440513][ T5872] gspca_main: sq930x-2.14.0 probing 041e:403c [ 362.575145][ T5956] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 362.748369][ T5956] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 362.770269][ T5956] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 362.787509][ T5956] usb 9-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 362.805315][ T5956] usb 9-1: New USB device strings: Mfr=104, Product=1, SerialNumber=0 [ 362.814084][ T5956] usb 9-1: Product: syz [ 362.818608][ T5956] usb 9-1: Manufacturer: syz [ 362.828651][ T5956] usb 9-1: config 0 descriptor?? [ 362.884635][ T24] appletouch 6-1:0.85: Geyser mode initialized. [ 362.905764][ T24] input: appletouch as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.85/input/input43 [ 363.112958][ T24] usb 6-1: USB disconnect, device number 31 [ 363.157125][ T24] appletouch 6-1:0.85: input: appletouch disconnected [ 363.446482][ T5956] uclogic 0003:256C:006D.0021: failed retrieving Huion firmware version: -71 [ 363.456653][ T5872] gspca_sq930x: ucbus_write failed -71 [ 363.462173][ T5872] sq930x 10-1:0.0: probe with driver sq930x failed with error -71 [ 363.479360][ T5956] uclogic 0003:256C:006D.0021: failed probing parameters: -71 [ 363.494236][ T5872] usb 10-1: USB disconnect, device number 2 [ 363.503375][ T5956] uclogic 0003:256C:006D.0021: probe with driver uclogic failed with error -71 [ 363.578469][ T5956] usb 9-1: USB disconnect, device number 4 [ 363.834754][T16619] netlink: 20 bytes leftover after parsing attributes in process `syz.7.4033'. [ 363.847080][T16619] netlink: 28 bytes leftover after parsing attributes in process `syz.7.4033'. [ 364.485893][ T51] Bluetooth: hci5: command tx timeout [ 364.881307][T16669] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 365.342066][T16688] netlink: 84 bytes leftover after parsing attributes in process `syz.8.4066'. [ 365.441052][ T5935] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 365.595426][ T5935] usb 5-1: Using ep0 maxpacket: 16 [ 365.612680][ T5935] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 365.636179][ T5935] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 365.661245][ T5935] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 365.702057][ T5935] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 365.734297][ T5935] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 365.760043][ T5935] usb 5-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b5.89 [ 365.772404][ T5935] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 365.789452][ T5935] usb 5-1: Product: syz [ 365.801733][ T5935] usb 5-1: Manufacturer: syz [ 365.811259][ T5935] usb 5-1: SerialNumber: syz [ 365.827225][ T5935] usb 5-1: config 0 descriptor?? [ 365.844852][T16682] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 365.860794][ T5935] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622 [ 366.680947][ T5935] input: gspca_pac7302 as /devices/platform/dummy_hcd.4/usb5/5-1/input/input44 [ 366.710523][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.717574][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.724927][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.732613][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.739634][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.746559][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.753466][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.760411][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.767340][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.774237][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.781240][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.788140][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.795069][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.801976][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.809364][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.816305][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.823412][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.830795][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.837930][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.844880][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.851893][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.858853][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.865789][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.872704][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.879616][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.886672][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.893625][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.900609][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.907547][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.914473][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.921433][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.929111][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.936793][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.943729][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.950687][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.957650][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.964573][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.971589][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.978574][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.985782][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.992688][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 366.999585][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 367.006537][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 367.013486][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 367.020457][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 367.029806][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 367.037378][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 367.044230][ T5935] usb 5-1: USB disconnect, device number 32 [ 367.044308][ C0] gspca_pac7302 5-1:0.0: URB error -71, resubmitting [ 367.056918][ C0] gspca_main: Resubmit URB failed with error -19 [ 368.231757][T16786] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 368.698889][ T30] kauditd_printk_skb: 16 callbacks suppressed [ 368.698907][ T30] audit: type=1326 audit(1748794585.217:969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16806 comm="syz.5.4117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ef598e969 code=0x7ffc0000 [ 368.742751][ T30] audit: type=1326 audit(1748794585.247:970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16806 comm="syz.5.4117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ef598e969 code=0x7ffc0000 [ 368.778310][ T30] audit: type=1326 audit(1748794585.257:971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16806 comm="syz.5.4117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f0ef598e969 code=0x7ffc0000 [ 368.800297][ T30] audit: type=1326 audit(1748794585.277:972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16806 comm="syz.5.4117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ef598e969 code=0x7ffc0000 [ 368.827686][ T30] audit: type=1326 audit(1748794585.277:973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16806 comm="syz.5.4117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ef598e969 code=0x7ffc0000 [ 368.879913][ T30] audit: type=1326 audit(1748794585.287:974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16806 comm="syz.5.4117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f0ef598e969 code=0x7ffc0000 [ 368.941061][ T30] audit: type=1326 audit(1748794585.287:975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16806 comm="syz.5.4117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ef598e969 code=0x7ffc0000 [ 369.041367][ T30] audit: type=1326 audit(1748794585.287:976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16806 comm="syz.5.4117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f0ef598e969 code=0x7ffc0000 [ 369.255158][ T30] audit: type=1326 audit(1748794585.297:977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16806 comm="syz.5.4117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0ef592ab39 code=0x7ffc0000 [ 369.375249][ T30] audit: type=1326 audit(1748794585.297:978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16806 comm="syz.5.4117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0ef592ab39 code=0x7ffc0000 [ 369.895733][ T5935] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 370.022654][T16834] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4129'. [ 370.051276][T16834] netlink: 'syz.5.4129': attribute type 7 has an invalid length. [ 370.068037][T16834] netlink: 'syz.5.4129': attribute type 8 has an invalid length. [ 370.079306][ T5935] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 370.088241][ T5935] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 370.098964][T16834] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4129'. [ 370.109958][ T5935] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 370.119307][ T5935] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 370.138722][T16834] gretap0: entered promiscuous mode [ 370.146597][T16834] batadv_slave_1: entered promiscuous mode [ 370.165162][ T5935] usb 5-1: Manufacturer: syz [ 370.185957][ T5935] usb 5-1: config 0 descriptor?? [ 370.290792][ T9] kernel write not supported for file bpf-prog (pid: 9 comm: kworker/0:0) [ 370.326253][T16845] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 370.335441][ T5935] rc_core: IR keymap rc-hauppauge not found [ 370.345273][ T5935] Registered IR keymap rc-empty [ 370.351064][ T5935] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 370.384014][ T5935] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input45 [ 370.407351][ C0] igorplugusb 5-1:0.0: Error: urb status = -32 [ 370.427777][ T5935] usb 5-1: USB disconnect, device number 33 [ 370.555272][ T24] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 370.713283][ T24] usb 9-1: Using ep0 maxpacket: 16 [ 370.720134][ T24] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 370.730914][ T24] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 370.741821][ T24] usb 9-1: New USB device found, idVendor=1d6b, idProduct=1301, bcdDevice= 1.40 [ 370.751268][ T24] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 370.759374][ T24] usb 9-1: Product: syz [ 370.763707][ T24] usb 9-1: Manufacturer: syz [ 370.768453][ T24] usb 9-1: SerialNumber: syz [ 370.878903][T16866] netlink: 16 bytes leftover after parsing attributes in process `syz.9.4144'. [ 370.889315][T16866] netlink: 8 bytes leftover after parsing attributes in process `syz.9.4144'. [ 370.901375][T16866] netlink: 16 bytes leftover after parsing attributes in process `syz.9.4144'. [ 370.935136][ T5935] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 370.994499][ T24] usb 9-1: 0:2 : does not exist [ 371.013952][ T24] usb 9-1: 5:0: failed to get current value for ch 0 (-22) [ 371.060893][ T24] usb 9-1: 5:0: cannot get min/max values for control 2 (id 5) [ 371.082234][ T24] usb 9-1: 5:0: failed to get current value for ch 0 (-22) [ 371.096773][ T5935] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 371.102498][ T24] usb 9-1: 5:0: cannot get min/max values for control 8 (id 5) [ 371.110860][ T5935] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 371.127862][ T5935] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 371.141016][ T24] usb 9-1: USB disconnect, device number 5 [ 371.143924][ T5935] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 371.172474][ T5935] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 371.182200][ T5935] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 371.223706][ T5935] usb 6-1: Manufacturer: syz [ 371.239102][ T5935] usb 6-1: config 0 descriptor?? [ 371.355532][ T9] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 371.535867][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 371.547209][ T9] usb 5-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 371.565188][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 371.583171][ T9] usb 5-1: Product: syz [ 371.588661][ T9] usb 5-1: Manufacturer: syz [ 371.593866][ T9] usb 5-1: SerialNumber: syz [ 371.608430][ T9] usb 5-1: config 0 descriptor?? [ 371.621086][ T9] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 371.656661][ T5935] appleir 0003:05AC:8243.0022: unknown main item tag 0x0 [ 371.670547][ T5935] appleir 0003:05AC:8243.0022: No inputs registered, leaving [ 371.687476][ T5935] appleir 0003:05AC:8243.0022: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0 [ 371.854308][T16887] netlink: 28 bytes leftover after parsing attributes in process `syz.8.4154'. [ 371.871105][T16887] netlink: 'syz.8.4154': attribute type 7 has an invalid length. [ 371.879092][T16887] netlink: 'syz.8.4154': attribute type 8 has an invalid length. [ 371.887141][T16887] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4154'. [ 371.904912][T16887] erspan0: entered promiscuous mode [ 371.913764][T16887] gretap0: entered promiscuous mode [ 371.917731][ T5872] usb 6-1: USB disconnect, device number 32 [ 371.932877][T16887] erspan0: left promiscuous mode [ 371.953450][T16887] gretap0: left promiscuous mode [ 372.162775][T16895] 9p: Unknown uid 00000000004294967295 [ 372.605955][T16905] sctp: [Deprecated]: syz.5.4163 (pid 16905) Use of int in maxseg socket option. [ 372.605955][T16905] Use struct sctp_assoc_value instead [ 372.627355][ T9] gspca_sonixj: reg_w1 err -71 [ 372.735398][ T9] sonixj 5-1:0.0: probe with driver sonixj failed with error -71 [ 372.751833][ T9] usb 5-1: USB disconnect, device number 34 [ 373.571870][T16935] 9pnet: p9_errstr2errno: server reported unknown error 0x0000000000000004 [ 373.808388][T16943] netlink: 'syz.9.4183': attribute type 1 has an invalid length. [ 373.824795][T16943] netlink: 224 bytes leftover after parsing attributes in process `syz.9.4183'. [ 374.287417][T16972] netlink: 24 bytes leftover after parsing attributes in process `syz.7.4193'. [ 374.605152][T16984] netlink: 16 bytes leftover after parsing attributes in process `syz.7.4200'. [ 375.085215][ T5872] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 375.245401][ T5872] usb 5-1: Using ep0 maxpacket: 8 [ 375.258970][ T5872] usb 5-1: config 0 has an invalid descriptor of length 44, skipping remainder of the config [ 375.286126][ T5872] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 375.319643][ T5872] usb 5-1: New USB device found, idVendor=17ef, idProduct=6062, bcdDevice= 0.00 [ 375.340156][ T5872] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 375.364611][ T5872] usb 5-1: config 0 descriptor?? [ 375.419070][T17029] input: syz0 as /devices/virtual/input/input47 [ 375.604780][T16999] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 375.626369][T16999] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 375.851213][ T5872] usb 5-1: string descriptor 0 read error: -71 [ 375.860117][ T5872] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 375.870791][ T5872] usb 5-1: USB disconnect, device number 35 [ 375.887873][T17038] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 376.273753][T17059] netlink: 'syz.5.4228': attribute type 1 has an invalid length. [ 376.285600][T17059] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4228'. [ 377.361716][T17098] overlayfs: upper fs does not support tmpfile. [ 378.004130][T17119] netlink: 8 bytes leftover after parsing attributes in process `syz.9.4256'. [ 378.013420][T17119] bond0: option use_carrier: invalid value (8) [ 378.137388][T17125] netlink: 32 bytes leftover after parsing attributes in process `syz.5.4259'. [ 378.152976][T17125] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4259'. [ 378.225198][ T5935] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 378.389316][ T5935] usb 9-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 378.410169][ T5935] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 378.467457][ T5935] usb 9-1: config 0 descriptor?? [ 378.481003][ T5935] cp210x 9-1:0.0: cp210x converter detected [ 378.498030][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.765205][ T9] usb 10-1: new high-speed USB device number 3 using dummy_hcd [ 378.886019][ T5935] cp210x 9-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 378.913441][ T5935] usb 9-1: cp210x converter now attached to ttyUSB0 [ 378.945325][ T9] usb 10-1: Using ep0 maxpacket: 8 [ 378.956873][ T9] usb 10-1: config index 0 descriptor too short (expected 301, got 45) [ 378.985710][ T9] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 379.001954][ T9] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 379.012677][ T9] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 379.023024][ T9] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 379.037340][ T9] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 379.046703][ T9] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 379.109802][ T5935] usb 9-1: USB disconnect, device number 6 [ 379.136063][ T5935] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 379.192448][ T5935] cp210x 9-1:0.0: device disconnected [ 379.273101][ T9] usb 10-1: GET_CAPABILITIES returned 0 [ 379.282735][ T9] usbtmc 10-1:16.0: can't read capabilities [ 379.482441][ T5872] usb 10-1: USB disconnect, device number 3 [ 379.731123][ T30] kauditd_printk_skb: 94 callbacks suppressed [ 379.731161][ T30] audit: type=1326 audit(1748794596.247:1073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17153 comm="syz.8.4272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f87d2f2ab39 code=0x7ffc0000 [ 379.845375][ T30] audit: type=1326 audit(1748794596.277:1074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17153 comm="syz.8.4272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87d2f8e969 code=0x7ffc0000 [ 379.915042][ T30] audit: type=1326 audit(1748794596.277:1075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17153 comm="syz.8.4272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f87d2f2ab39 code=0x7ffc0000 [ 379.939434][T17162] netlink: 'syz.8.4276': attribute type 11 has an invalid length. [ 379.947398][T17162] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4276'. [ 379.961003][ T30] audit: type=1326 audit(1748794596.277:1076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17153 comm="syz.8.4272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87d2f8e969 code=0x7ffc0000 [ 379.994455][ T30] audit: type=1326 audit(1748794596.287:1077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17153 comm="syz.8.4272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f87d2f2ab39 code=0x7ffc0000 [ 380.016526][ T30] audit: type=1326 audit(1748794596.287:1078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17153 comm="syz.8.4272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87d2f8e969 code=0x7ffc0000 [ 380.038739][ T30] audit: type=1326 audit(1748794596.287:1079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17153 comm="syz.8.4272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f87d2f2ab39 code=0x7ffc0000 [ 380.065155][ T30] audit: type=1326 audit(1748794596.287:1080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17153 comm="syz.8.4272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87d2f8e969 code=0x7ffc0000 [ 380.112141][ T30] audit: type=1326 audit(1748794596.287:1081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17153 comm="syz.8.4272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87d2f8e969 code=0x7ffc0000 [ 380.137204][ T30] audit: type=1326 audit(1748794596.287:1082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17153 comm="syz.8.4272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87d2f8e969 code=0x7ffc0000 [ 382.185283][ T5872] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 382.345864][ T5872] usb 5-1: Using ep0 maxpacket: 8 [ 382.355893][ T5872] usb 5-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 382.377611][ T5872] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 382.404011][ T5872] usb 5-1: Product: syz [ 382.419983][ T5872] usb 5-1: Manufacturer: syz [ 382.424622][ T5872] usb 5-1: SerialNumber: syz [ 382.461459][ T5872] usb 5-1: config 0 descriptor?? [ 382.478463][ T5872] gspca_main: se401-2.14.0 probing 047d:5003 [ 382.590600][T17269] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 382.598976][T17271] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4326'. [ 382.737789][T17269] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 382.875645][T17271] 8021q: adding VLAN 0 to HW filter on device team1 [ 382.885995][ T5872] gspca_se401: Frame size: 0x0 1/16th janggu [ 383.089403][ T5872] input: se401 as /devices/platform/dummy_hcd.4/usb5/5-1/input/input48 [ 383.120165][ T5872] usb 5-1: USB disconnect, device number 36 [ 383.127097][T17277] netlink: 16 bytes leftover after parsing attributes in process `syz.7.4328'. [ 383.807283][ T5872] usb 6-1: new full-speed USB device number 33 using dummy_hcd [ 383.987085][ T5872] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 383.998455][ T5872] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 384.024151][ T5872] usb 6-1: config 1 has no interface number 0 [ 384.032639][ T5872] usb 6-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 384.033127][T17304] kernel read not supported for file /!selinu (pid: 17304 comm: syz.9.4339) [ 384.043891][ T5872] usb 6-1: config 1 interface 1 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 384.043926][ T5872] usb 6-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 384.043963][ T5872] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 14129, setting to 64 [ 384.043991][ T5872] usb 6-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 384.047278][ T5872] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 384.127637][ T5872] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 384.135969][ T5872] usb 6-1: Product: syz [ 384.140595][ T5872] usb 6-1: Manufacturer: syz [ 384.181185][ T5872] usb 6-1: SerialNumber: syz [ 384.208523][T17307] netdevsim netdevsim8: Direct firmware load for ./file0 failed with error -2 [ 384.230889][T17307] netdevsim netdevsim8: Falling back to sysfs fallback for: ./file0 [ 384.239941][T17289] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 384.485482][ T5956] usb 10-1: new high-speed USB device number 4 using dummy_hcd [ 384.646173][ T5956] usb 10-1: Using ep0 maxpacket: 32 [ 384.653603][ T5956] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 384.666573][T17289] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 384.674746][ T5956] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 384.694894][ T5956] usb 10-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 384.704164][ T5956] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 384.721693][ T5956] usb 10-1: config 0 descriptor?? [ 385.110940][ T5872] cdc_ncm 6-1:1.1: bind() failure [ 385.159851][ T5956] savu 0003:1E7D:2D5A.0023: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.9-1/input0 [ 385.188950][T17338] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4354'. [ 385.218042][ T1164] bond0: (slave bond1): link status definitely down, disabling slave [ 385.339151][T17344] syz_tun: entered promiscuous mode [ 385.351531][ T5956] usb 6-1: USB disconnect, device number 33 [ 385.368495][T17344] syz_tun: left promiscuous mode [ 385.437175][ T9] usb 10-1: USB disconnect, device number 4 [ 386.018503][T17367] netlink: 16 bytes leftover after parsing attributes in process `syz.9.4368'. [ 386.305451][ T5956] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 386.489488][ T5956] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 386.535404][ T5956] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 386.568730][ T5956] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 386.592298][ T5956] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 386.617106][ T5956] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 386.633616][ T5956] usb 5-1: config 0 descriptor?? [ 386.636561][T17387] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4377'. [ 386.715105][ T5935] usb 9-1: new high-speed USB device number 7 using dummy_hcd [ 386.765467][T17389] syzkaller1: entered promiscuous mode [ 386.773990][T17389] syzkaller1: entered allmulticast mode [ 386.875086][ T5935] usb 9-1: Using ep0 maxpacket: 8 [ 386.892463][ T5935] usb 9-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 386.912052][ T5935] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 386.926744][ T5935] usb 9-1: Product: syz [ 386.930940][ T5935] usb 9-1: Manufacturer: syz [ 386.939367][ T5935] usb 9-1: SerialNumber: syz [ 387.001751][ T5935] usb 9-1: config 0 descriptor?? [ 387.042469][ T5935] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 387.063279][T17394] netlink: 'syz.5.4380': attribute type 29 has an invalid length. [ 387.074790][T17394] netlink: 'syz.5.4380': attribute type 29 has an invalid length. [ 387.088998][ T5956] plantronics 0003:047F:FFFF.0024: ignoring exceeding usage max [ 387.115103][T17394] netlink: 492 bytes leftover after parsing attributes in process `syz.5.4380'. [ 387.133630][ T5956] plantronics 0003:047F:FFFF.0024: No inputs registered, leaving [ 387.155524][ T5956] plantronics 0003:047F:FFFF.0024: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 387.399850][ T5956] usb 5-1: USB disconnect, device number 37 [ 387.638877][ T30] kauditd_printk_skb: 18 callbacks suppressed [ 387.638897][ T30] audit: type=1326 audit(1748794604.157:1101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17408 comm="syz.9.4387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd518e969 code=0x7ffc0000 [ 387.666738][ C0] vkms_vblank_simulate: vblank timer overrun [ 387.721617][ T30] audit: type=1326 audit(1748794604.157:1102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17408 comm="syz.9.4387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3dd512ab39 code=0x7ffc0000 [ 387.778564][ T30] audit: type=1326 audit(1748794604.157:1103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17408 comm="syz.9.4387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3dd512ab39 code=0x7ffc0000 [ 387.800145][ C0] vkms_vblank_simulate: vblank timer overrun [ 388.087705][ T5935] gspca_sonixj: reg_w1 err -71 [ 388.135125][ T5935] sonixj 9-1:0.0: probe with driver sonixj failed with error -71 [ 388.143963][ T30] audit: type=1326 audit(1748794604.157:1104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17408 comm="syz.9.4387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3dd512ab39 code=0x7ffc0000 [ 388.165629][ C0] vkms_vblank_simulate: vblank timer overrun [ 388.243301][ T5935] usb 9-1: USB disconnect, device number 7 [ 388.300706][ T30] audit: type=1326 audit(1748794604.157:1105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17408 comm="syz.9.4387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3dd512ab39 code=0x7ffc0000 [ 388.383377][ T30] audit: type=1326 audit(1748794604.157:1106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17408 comm="syz.9.4387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3dd512ab39 code=0x7ffc0000 [ 388.444804][ T30] audit: type=1326 audit(1748794604.157:1107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17408 comm="syz.9.4387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3dd512ab39 code=0x7ffc0000 [ 388.466444][ C0] vkms_vblank_simulate: vblank timer overrun [ 388.513545][ T30] audit: type=1326 audit(1748794604.157:1108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17408 comm="syz.9.4387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3dd512ab39 code=0x7ffc0000 [ 388.535156][ C0] vkms_vblank_simulate: vblank timer overrun [ 388.592656][ T30] audit: type=1326 audit(1748794604.157:1109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17408 comm="syz.9.4387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3dd512ab39 code=0x7ffc0000 [ 388.669520][ T30] audit: type=1326 audit(1748794604.157:1110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17408 comm="syz.9.4387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3dd512ab39 code=0x7ffc0000 [ 388.916585][T17420] netlink: 104 bytes leftover after parsing attributes in process `syz.7.4392'. [ 389.525361][ T5872] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 389.634293][T17448] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 389.685438][ T5872] usb 6-1: Using ep0 maxpacket: 16 [ 389.714551][T17451] netlink: 4 bytes leftover after parsing attributes in process `syz.9.4407'. [ 389.724382][ T5872] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 389.744500][ T5872] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 389.785293][ T5872] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 389.821500][ T5872] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 389.853082][ T5872] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 389.863004][ T5872] usb 6-1: Product: syz [ 389.872671][ T5872] usb 6-1: Manufacturer: syz [ 389.877410][ T5872] usb 6-1: SerialNumber: syz [ 390.153577][ T5872] usb 6-1: USB disconnect, device number 34 [ 390.611210][T17475] netlink: 4 bytes leftover after parsing attributes in process `syz.9.4416'. [ 391.245293][ T5935] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 391.436573][ T5935] usb 6-1: Using ep0 maxpacket: 32 [ 391.448860][ T5935] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 391.467802][ T5935] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 391.484138][ T5935] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 391.501555][ T5935] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11 [ 391.520734][ T5935] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024 [ 391.536197][ T5935] usb 6-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 391.550590][ T5935] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 391.561127][ T5935] usb 6-1: Product: syz [ 391.567429][ T5935] usb 6-1: Manufacturer: syz [ 391.572562][ T5935] usb 6-1: SerialNumber: syz [ 391.580624][ T5935] usb 6-1: config 0 descriptor?? [ 391.585358][ T24] usb 9-1: new high-speed USB device number 8 using dummy_hcd [ 391.670257][T17511] netlink: 'syz.9.4433': attribute type 1 has an invalid length. [ 391.678562][T17511] netlink: 56 bytes leftover after parsing attributes in process `syz.9.4433'. [ 391.722858][T17513] loop6: detected capacity change from 0 to 63 [ 391.740637][T17513] buffer_io_error: 6 callbacks suppressed [ 391.740658][T17513] Buffer I/O error on dev loop6, logical block 0, async page read [ 391.761675][T17513] Buffer I/O error on dev loop6, logical block 1, async page read [ 391.771593][ T24] usb 9-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 391.791776][ T24] usb 9-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 16 [ 391.804180][T17513] Buffer I/O error on dev loop6, logical block 2, async page read [ 391.820658][T17513] Buffer I/O error on dev loop6, logical block 3, async page read [ 391.830287][ T24] usb 9-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 391.846682][T17513] Buffer I/O error on dev loop6, logical block 0, async page read [ 391.864026][T17513] Buffer I/O error on dev loop6, logical block 1, async page read [ 391.872884][T17513] Buffer I/O error on dev loop6, logical block 2, async page read [ 391.873743][ T24] usb 9-1: New USB device found, idVendor=0525, idProduct=a6a1, bcdDevice= 0.40 [ 391.891620][T17513] Buffer I/O error on dev loop6, logical block 3, async page read [ 391.910122][T17513] Buffer I/O error on dev loop6, logical block 0, async page read [ 391.919247][ T24] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 391.928818][T17513] Buffer I/O error on dev loop6, logical block 1, async page read [ 391.936807][ T24] usb 9-1: Product: syz [ 391.941729][ T24] usb 9-1: Manufacturer: syz [ 391.951195][ T24] usb 9-1: SerialNumber: syz [ 391.970251][ T24] cdc_ncm 9-1:1.0: skipping garbage [ 391.999490][ T5935] iforce 6-1:0.0: usb_submit_urb failed: -32 [ 392.021908][ T5935] input input49: Device does not respond to id packet M [ 392.042548][ T5935] iforce 6-1:0.0: usb_submit_urb failed: -32 [ 392.055442][ T5935] input input49: Device does not respond to id packet P [ 392.074082][ T5935] input input49: Device does not respond to id packet B [ 392.186049][T17498] raw-gadget.2 gadget.8: fail, usb_ep_enable returned -22 [ 392.193467][T17498] raw-gadget.2 gadget.8: fail, usb_ep_enable returned -22 [ 392.275389][ T5935] iforce 6-1:0.0: usb_submit_urb failed: -71 [ 392.285610][ T5935] input input49: Device does not respond to id packet N [ 392.303252][ T5935] iforce 6-1:0.0: usb_submit_urb failed: -71 [ 392.313479][ T5935] iforce 6-1:0.0: usb_submit_urb failed: -71 [ 392.326051][ T5935] iforce 6-1:0.0: usb_submit_urb failed: -71 [ 392.342657][ T5935] iforce 6-1:0.0: usb_submit_urb failed: -71 [ 392.361495][ T5935] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input49 [ 392.430444][ T5935] usb 6-1: USB disconnect, device number 35 [ 392.833883][T17498] raw-gadget.2 gadget.8: fail, usb_ep_enable returned -22 [ 392.841584][T17498] raw-gadget.2 gadget.8: fail, usb_ep_enable returned -22 [ 393.025145][ T5935] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 393.058723][ T24] cdc_ncm 9-1:1.0: bind() failure [ 393.067643][ T24] cdc_ncm 9-1:1.1: probe with driver cdc_ncm failed with error -71 [ 393.076580][ T24] cdc_mbim 9-1:1.1: probe with driver cdc_mbim failed with error -71 [ 393.085649][ T24] usbtest 9-1:1.1: probe with driver usbtest failed with error -71 [ 393.097768][ T24] usb 9-1: USB disconnect, device number 8 [ 393.165123][ T977] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 393.184227][ T5935] usb 5-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 393.193948][ T5935] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 393.202090][ T5935] usb 5-1: Product: syz [ 393.206363][ T5935] usb 5-1: Manufacturer: syz [ 393.210961][ T5935] usb 5-1: SerialNumber: syz [ 393.217701][ T5935] usb 5-1: config 0 descriptor?? [ 393.336024][ T977] usb 6-1: Using ep0 maxpacket: 8 [ 393.345344][ T977] usb 6-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 393.354689][ T977] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 393.362790][ T977] usb 6-1: Product: syz [ 393.367493][ T977] usb 6-1: Manufacturer: syz [ 393.372262][ T977] usb 6-1: SerialNumber: syz [ 393.389155][ T977] usb 6-1: config 0 descriptor?? [ 393.399758][ T977] gspca_main: sq930x-2.14.0 probing 2770:930c [ 394.041443][T17556] input: syz0 as /devices/virtual/input/input50 [ 394.061265][T17556] input: failed to attach handler leds to device input50, error: -6 [ 394.208856][ T977] gspca_sq930x: ucbus_write failed -71 [ 394.237227][T17559] program syz.7.4455 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 394.245451][ T5935] usb 5-1: f81604_read: reg: 100f failed: -EPROTO [ 394.289288][ T5935] usb 5-1: f81604_read: reg: 200f failed: -EPROTO [ 394.345200][ T5935] usb 5-1: USB disconnect, device number 38 [ 394.378934][ T5935] usb 5-1: f81604_read: reg: 100f failed: -ENODEV [ 394.462369][ T977] gspca_sq930x: Sensor ov9630 not yet treated [ 394.472649][ T977] sq930x 6-1:0.0: probe with driver sq930x failed with error -22 [ 394.547234][ T977] usb 6-1: USB disconnect, device number 36 [ 394.588899][ T5935] usb 5-1: f81604_read: reg: 200f failed: -ENODEV [ 394.768937][T17572] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4460'. [ 394.926782][ T30] kauditd_printk_skb: 188 callbacks suppressed [ 394.926814][ T30] audit: type=1326 audit(1748794611.447:1299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17573 comm="syz.5.4463" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0ef598e969 code=0x0 [ 396.579759][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805973c800: rx timeout, send abort [ 397.088071][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805973c800: abort rx timeout. Force session deactivation [ 397.164619][ T30] audit: type=1326 audit(1748794613.677:1300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17631 comm="syz.5.4486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ef598e969 code=0x7fc00000 [ 397.815304][ T5935] usb 9-1: new high-speed USB device number 9 using dummy_hcd [ 397.982159][ T5935] usb 9-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 398.002026][ T5935] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 398.016879][ T5935] usb 9-1: Product: syz [ 398.021541][ T5935] usb 9-1: Manufacturer: syz [ 398.030702][ T5935] usb 9-1: SerialNumber: syz [ 398.053863][ T5935] usb 9-1: config 0 descriptor?? [ 398.501819][ T5935] usb 9-1: Firmware version (0.0) predates our first public release. [ 398.512900][ T5935] usb 9-1: Please update to version 0.2 or newer [ 398.520649][ T5935] usb 9-1: Firmware: build [ 398.747199][ T5935] usb 9-1: USB disconnect, device number 9 [ 398.980002][T17721] pim6reg: entered allmulticast mode [ 398.989596][T17721] pim6reg: left allmulticast mode [ 399.695877][T17753] 9pnet: p9_errstr2errno: server reported unknown error @00000000000000000004 [ 399.900605][ T5935] usb 10-1: new high-speed USB device number 5 using dummy_hcd [ 400.093845][ T5935] usb 10-1: config 0 has an invalid interface number: 1 but max is 0 [ 400.110905][ T5935] usb 10-1: config 0 has no interface number 0 [ 400.142041][ T5935] usb 10-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 400.170516][ T5935] usb 10-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 400.198367][ T5935] usb 10-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00 [ 400.236718][ T5935] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 400.266867][ T5935] usb 10-1: config 0 descriptor?? [ 400.735874][ T5935] prodikeys 0003:041E:2801.0025: hidraw0: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.9-1/input1 [ 400.771679][ T5935] hid_prodikeys: hid-prodikeys: failed to find output report [ 400.771679][ T5935] [ 400.948118][ T5935] usb 10-1: USB disconnect, device number 5 [ 401.033319][T17805] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4560'. [ 401.415636][ T5956] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 401.588083][ T5956] usb 5-1: Using ep0 maxpacket: 16 [ 401.607225][ T5956] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 401.627312][ T5956] usb 5-1: New USB device found, idVendor=0b57, idProduct=2bbd, bcdDevice=e7.cc [ 401.639961][ T5956] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 401.648914][ T5956] usb 5-1: Product: syz [ 401.653118][ T5956] usb 5-1: Manufacturer: syz [ 401.668793][ T5956] usb 5-1: SerialNumber: syz [ 401.689654][ T5956] usb 5-1: config 0 descriptor?? [ 401.709507][ T5956] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 401.912987][ T5956] usb 5-1: USB disconnect, device number 39 [ 402.666249][T17877] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 403.273131][ T30] audit: type=1326 audit(1748794619.787:1301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17902 comm="syz.5.4600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ef598e969 code=0x7ffc0000 [ 403.327711][ T30] audit: type=1326 audit(1748794619.787:1302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17902 comm="syz.5.4600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0ef592ab39 code=0x7ffc0000 [ 403.383303][ T30] audit: type=1326 audit(1748794619.787:1303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17902 comm="syz.5.4600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0ef592ab39 code=0x7ffc0000 [ 403.413614][ T30] audit: type=1326 audit(1748794619.787:1304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17902 comm="syz.5.4600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ef598e969 code=0x7ffc0000 [ 403.477920][ T30] audit: type=1326 audit(1748794619.787:1305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17902 comm="syz.5.4600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0ef592ab39 code=0x7ffc0000 [ 403.533286][ T30] audit: type=1326 audit(1748794619.787:1306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17902 comm="syz.5.4600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ef598e969 code=0x7ffc0000 [ 403.556360][ T30] audit: type=1326 audit(1748794619.817:1307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17902 comm="syz.5.4600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0ef592ab39 code=0x7ffc0000 [ 403.577930][ C1] vkms_vblank_simulate: vblank timer overrun [ 403.591465][ T30] audit: type=1326 audit(1748794619.817:1308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17902 comm="syz.5.4600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0ef592ab39 code=0x7ffc0000 [ 403.613038][ C1] vkms_vblank_simulate: vblank timer overrun [ 403.619866][ T30] audit: type=1326 audit(1748794619.817:1309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17902 comm="syz.5.4600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0ef592ab39 code=0x7ffc0000 [ 403.647874][ T30] audit: type=1326 audit(1748794619.817:1310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17902 comm="syz.5.4600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0ef592ab39 code=0x7ffc0000 [ 404.165315][ T980] usb 9-1: new high-speed USB device number 10 using dummy_hcd [ 404.335249][ T980] usb 9-1: Using ep0 maxpacket: 32 [ 404.345344][ T980] usb 9-1: config 0 has an invalid interface number: 2 but max is 0 [ 404.353393][ T980] usb 9-1: config 0 has no interface number 0 [ 404.380230][ T980] usb 9-1: config 0 interface 2 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 404.391580][ T980] usb 9-1: config 0 interface 2 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 404.401408][ T980] usb 9-1: config 0 interface 2 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 404.414883][ T980] usb 9-1: config 0 interface 2 has no altsetting 0 [ 404.421610][ T980] usb 9-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 404.440959][ T980] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 404.475588][ T980] usb 9-1: config 0 descriptor?? [ 404.546656][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 404.572479][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 404.805508][ T51] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 404.913607][ T980] uclogic 0003:5543:0781.0026: unknown main item tag 0x0 [ 404.973140][ T980] uclogic 0003:5543:0781.0026: unknown main item tag 0x0 [ 404.999969][ T980] uclogic 0003:5543:0781.0026: unknown main item tag 0x0 [ 405.024387][ T980] uclogic 0003:5543:0781.0026: unknown main item tag 0x0 [ 405.073419][ T980] uclogic 0003:5543:0781.0026: unknown main item tag 0x0 [ 405.104139][ T980] uclogic 0003:5543:0781.0026: unknown main item tag 0x0 [ 405.146810][ T980] uclogic 0003:5543:0781.0026: unknown main item tag 0x0 [ 405.154800][ T980] uclogic 0003:5543:0781.0026: No inputs registered, leaving [ 405.210361][ T980] uclogic 0003:5543:0781.0026: hidraw0: USB HID v0.07 Device [HID 5543:0781] on usb-dummy_hcd.8-1/input2 [ 405.257380][ T980] usb 9-1: USB disconnect, device number 10 [ 406.077060][ T24] kernel write not supported for file /input/mice (pid: 24 comm: kworker/1:0) [ 406.479830][T18015] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 408.501820][T18097] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4675'. [ 408.534471][T18099] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4674'. [ 409.010671][T18120] netlink: 124 bytes leftover after parsing attributes in process `syz.9.4682'. [ 409.148614][T18126] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 409.793257][ T30] kauditd_printk_skb: 36 callbacks suppressed [ 409.793274][ T30] audit: type=1326 audit(1748794626.307:1347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18143 comm="syz.9.4696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd518e969 code=0x7fc00000 [ 410.462650][ T30] audit: type=1326 audit(1748794626.977:1348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18143 comm="syz.9.4696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3dd518e969 code=0x7fc00000 [ 411.349638][T18216] netlink: 48 bytes leftover after parsing attributes in process `syz.4.4730'. [ 412.218536][T18245] fuse: Bad value for 'fd' [ 412.547269][ T30] audit: type=1326 audit(1748794628.967:1349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18247 comm="syz.7.4745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f61b8e969 code=0x7ffc0000 [ 412.686631][ T30] audit: type=1326 audit(1748794628.977:1350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18247 comm="syz.7.4745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f61b8e969 code=0x7ffc0000 [ 412.708896][ T30] audit: type=1326 audit(1748794628.977:1351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18247 comm="syz.7.4745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f1f61b8e969 code=0x7ffc0000 [ 412.731160][ T30] audit: type=1326 audit(1748794628.977:1352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18247 comm="syz.7.4745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f61b8e969 code=0x7ffc0000 [ 412.753862][ T30] audit: type=1326 audit(1748794628.977:1353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18247 comm="syz.7.4745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f61b8e969 code=0x7ffc0000 [ 412.789574][ T30] audit: type=1326 audit(1748794628.977:1354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18247 comm="syz.7.4745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1f61b8e969 code=0x7ffc0000 [ 412.863250][ T30] audit: type=1326 audit(1748794628.987:1355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18247 comm="syz.7.4745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f61b8e969 code=0x7ffc0000 [ 412.945148][ T30] audit: type=1326 audit(1748794628.987:1356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18247 comm="syz.7.4745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f61b8e969 code=0x7ffc0000 [ 413.158906][T18271] (unnamed net_device) (uninitialized): ARP target 1.0.0.0 is already present [ 413.210784][T18271] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (1) [ 413.516460][T18286] program syz.9.4763 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 414.073850][T18314] 9pnet_fd: Insufficient options for proto=fd [ 414.102139][T18316] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4777'. [ 414.128623][T18316] vlan0: entered promiscuous mode [ 414.135178][T18316] hsr0: entered promiscuous mode [ 414.265218][ T977] usb 9-1: new high-speed USB device number 11 using dummy_hcd [ 414.425166][ T977] usb 9-1: Using ep0 maxpacket: 8 [ 414.433501][ T977] usb 9-1: config 150 has an invalid interface number: 204 but max is 1 [ 414.443109][ T977] usb 9-1: config 150 has no interface number 0 [ 414.451964][ T977] usb 9-1: config 150 interface 204 has no altsetting 0 [ 414.459487][ T977] usb 9-1: config 150 interface 1 has no altsetting 0 [ 414.480294][ T977] usb 9-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb [ 414.503657][ T977] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 414.515337][ T977] usb 9-1: Product: syz [ 414.521820][ T977] usb 9-1: Manufacturer: syz [ 414.526683][ T977] usb 9-1: SerialNumber: syz [ 414.752670][ T977] xr_serial 9-1:150.204: xr_serial converter detected [ 415.320355][T18364] syz_tun: entered allmulticast mode [ 415.355309][T18364] dvmrp1: entered allmulticast mode [ 415.370021][T18364] netlink: 'syz.5.4800': attribute type 39 has an invalid length. [ 415.395735][T18364] syz_tun (unregistering): left allmulticast mode [ 415.489016][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 415.489034][ T30] audit: type=1326 audit(1748794632.007:1363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18335 comm="syz.4.4787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e0b18e969 code=0x7fc00000 [ 415.560784][ T977] xr_serial ttyUSB0: Failed to set reg 0x0e: -71 [ 415.572952][ T977] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71 [ 415.598079][ T977] usb 9-1: USB disconnect, device number 11 [ 415.607309][ T977] xr_serial 9-1:150.204: device disconnected [ 415.618687][T18368] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4802'. [ 415.732033][T18373] netlink: 'syz.5.4805': attribute type 10 has an invalid length. [ 415.736226][T18374] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4804'. [ 415.749499][T18374] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4804'. [ 416.144011][T18386] kvm: apic: phys broadcast and lowest prio [ 416.195172][ T980] usb 10-1: new high-speed USB device number 6 using dummy_hcd [ 416.353283][T18392] netlink: 'syz.8.4814': attribute type 34 has an invalid length. [ 416.387374][ T980] usb 10-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 416.403612][ T980] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 416.413520][ T980] usb 10-1: Product: syz [ 416.424425][ T980] usb 10-1: Manufacturer: syz [ 416.431037][ T980] usb 10-1: SerialNumber: syz [ 416.450273][ T980] usb 10-1: config 0 descriptor?? [ 416.466874][T18394] loop7: detected capacity change from 0 to 7 [ 416.496003][T18394] Dev loop7: unable to read RDB block 7 [ 416.501614][T18394] loop7: AHDI p1 p2 [ 416.516215][T18394] loop7: partition table partially beyond EOD, truncated [ 416.524103][T18394] loop7: p1 start 1702000233 is beyond EOD, truncated [ 416.528912][T18398] loop2: detected capacity change from 0 to 524287999 [ 416.675964][ T980] usb 10-1: USB disconnect, device number 6 [ 418.605826][T18469] netlink: 156 bytes leftover after parsing attributes in process `syz.8.4850'. [ 418.636443][T18469] netlink: 24 bytes leftover after parsing attributes in process `syz.8.4850'. [ 418.819086][ T5872] kernel write not supported for file /469/loginuid (pid: 5872 comm: kworker/1:4) [ 419.366570][ T977] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 419.385521][ T980] usb 10-1: new high-speed USB device number 7 using dummy_hcd [ 419.525223][ T977] usb 5-1: Using ep0 maxpacket: 16 [ 419.533131][ T977] usb 5-1: config index 0 descriptor too short (expected 16456, got 72) [ 419.542370][ T977] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 419.551109][ T977] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 419.562538][ T977] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 419.573105][ T980] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 419.593479][ T977] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 419.604455][ T980] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 419.614905][ T977] usb 5-1: config 0 has no interface number 0 [ 419.621306][ T977] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 419.632946][ T977] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 419.654278][ T980] usb 10-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 419.664438][ T980] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 419.672616][ T977] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 419.690793][ T980] usb 10-1: Product: syz [ 419.705690][ T980] usb 10-1: Manufacturer: syz [ 419.710413][ T980] usb 10-1: SerialNumber: syz [ 419.715208][ T977] usb 5-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 419.729991][ T977] usb 5-1: config 0 interface 125 has no altsetting 0 [ 419.737723][ T980] usb 10-1: config 0 descriptor?? [ 419.743196][ T977] usb 5-1: config 0 interface 125 has no altsetting 2 [ 419.750506][T18490] raw-gadget.2 gadget.9: fail, usb_ep_enable returned -22 [ 419.770334][T18512] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 419.782418][T18490] raw-gadget.2 gadget.9: fail, usb_ep_enable returned -22 [ 419.786389][T18512] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 419.810296][ T977] usb 5-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 419.821811][ T977] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 419.831956][T18512] overlayfs: conflicting lowerdir path [ 419.837632][ T977] usb 5-1: Product: syz [ 419.842922][ T977] usb 5-1: Manufacturer: syz [ 419.855055][ T977] usb 5-1: SerialNumber: syz [ 419.862790][ T977] usb 5-1: config 0 descriptor?? [ 419.883840][ T977] usb 5-1: selecting invalid altsetting 2 [ 419.952570][T18518] netlink: 28 bytes leftover after parsing attributes in process `syz.8.4873'. [ 420.023074][T18490] raw-gadget.2 gadget.9: fail, usb_ep_enable returned -22 [ 420.030581][T18490] raw-gadget.2 gadget.9: fail, usb_ep_enable returned -22 [ 420.296486][ T5872] usb 9-1: new high-speed USB device number 12 using dummy_hcd [ 420.451849][ T980] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00 [ 420.465237][ T5872] usb 9-1: Using ep0 maxpacket: 32 [ 420.480509][ T5872] usb 9-1: config 0 has an invalid interface number: 151 but max is 0 [ 420.497824][ T5872] usb 9-1: config 0 has no interface number 0 [ 420.515643][ T5872] usb 9-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f [ 420.524742][ T5872] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 420.550138][ T5872] usb 9-1: Product: syz [ 420.554398][ T5872] usb 9-1: Manufacturer: syz [ 420.561606][ T5872] usb 9-1: SerialNumber: syz [ 420.587633][ T5872] usb 9-1: config 0 descriptor?? [ 420.661287][ T980] dm9601 10-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID [ 420.677046][ T980] usb 10-1: USB disconnect, device number 7 [ 420.915780][ T24] usb 5-1: USB disconnect, device number 40 [ 421.010467][T18523] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 421.021907][T18523] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 421.070275][ T5872] usb 9-1: USB disconnect, device number 12 [ 421.431063][T18570] netlink: 104 bytes leftover after parsing attributes in process `syz.9.4897'. [ 421.487530][T18572] loop6: detected capacity change from 0 to 524287999 [ 421.975124][ T977] usb 9-1: new high-speed USB device number 13 using dummy_hcd [ 422.025085][ T5872] usb 5-1: new full-speed USB device number 41 using dummy_hcd [ 422.128084][ T977] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 422.156158][ T977] usb 9-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 422.174730][ T977] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 422.195805][ T977] usb 9-1: config 0 descriptor?? [ 422.201557][ T5872] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 422.220583][ T5872] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2c24, bcdDevice= 0.00 [ 422.229760][ T5872] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 422.240742][ T5872] usb 5-1: config 0 descriptor?? [ 422.624501][ T977] keytouch 0003:0926:3333.0027: fixing up Keytouch IEC report descriptor [ 422.647071][ T977] input: HID 0926:3333 as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/0003:0926:3333.0027/input/input52 [ 422.669364][ T5872] pyra 0003:1E7D:2C24.0028: unknown main item tag 0x0 [ 422.681940][ T5872] pyra 0003:1E7D:2C24.0028: hidraw0: USB HID v0.00 Device [HID 1e7d:2c24] on usb-dummy_hcd.4-1/input0 [ 422.744834][ T977] keytouch 0003:0926:3333.0027: input,hidraw1: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.8-1/input0 [ 422.889976][ T977] usb 5-1: USB disconnect, device number 41 [ 423.181566][ T24] usb 9-1: USB disconnect, device number 13 [ 423.691871][ T30] audit: type=1326 audit(1748794640.207:1364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18627 comm="syz.9.4926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3dd512ab39 code=0x7ffc0000 [ 423.773775][ T30] audit: type=1326 audit(1748794640.247:1365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18627 comm="syz.9.4926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3dd512ab39 code=0x7ffc0000 [ 423.813307][ T30] audit: type=1326 audit(1748794640.247:1366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18627 comm="syz.9.4926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3dd512ab39 code=0x7ffc0000 [ 423.880505][ T30] audit: type=1326 audit(1748794640.247:1367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18627 comm="syz.9.4926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3dd512ab39 code=0x7ffc0000 [ 423.956458][ T30] audit: type=1326 audit(1748794640.247:1368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18627 comm="syz.9.4926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3dd512ab39 code=0x7ffc0000 [ 424.105098][ T30] audit: type=1326 audit(1748794640.247:1369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18627 comm="syz.9.4926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd518e969 code=0x7ffc0000 [ 424.215115][ T30] audit: type=1326 audit(1748794640.247:1370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18627 comm="syz.9.4926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3dd512ab39 code=0x7ffc0000 [ 424.326411][ T30] audit: type=1326 audit(1748794640.247:1371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18627 comm="syz.9.4926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3dd512ab39 code=0x7ffc0000 [ 424.475203][ T30] audit: type=1326 audit(1748794640.257:1372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18627 comm="syz.9.4926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd518e969 code=0x7ffc0000 [ 424.535174][T18648] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4935'. [ 424.596750][T18648] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4935'. [ 424.605424][ T30] audit: type=1326 audit(1748794640.257:1373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18627 comm="syz.9.4926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd518e969 code=0x7ffc0000 [ 425.238854][T18682] loop8: detected capacity change from 0 to 7 [ 425.267234][T18682] Dev loop8: unable to read RDB block 7 [ 425.297163][T18682] loop8: unable to read partition table [ 425.303082][T18682] loop8: partition table beyond EOD, truncated [ 425.331425][T18682] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 425.568187][T18693] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 425.808783][T18702] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 426.895876][ T977] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 427.067025][ T977] usb 5-1: Using ep0 maxpacket: 16 [ 427.079945][ T977] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 427.097994][ T977] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 427.106634][ T977] usb 5-1: Product: syz [ 427.112422][ T977] usb 5-1: Manufacturer: syz [ 427.118255][ T977] usb 5-1: SerialNumber: syz [ 427.133267][ T977] usb 5-1: config 0 descriptor?? [ 427.560049][ T977] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 427.583055][ T977] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 427.609807][ T977] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 427.621956][ T977] usb 5-1: media controller created [ 427.633112][T18779] netdevsim netdevsim5 netdevsim0: entered allmulticast mode [ 427.650550][T18779] netdevsim netdevsim5 netdevsim0: left allmulticast mode [ 427.660564][ T977] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 427.675150][ T9] usb 9-1: new high-speed USB device number 14 using dummy_hcd [ 427.864647][ T9] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 427.885073][ T9] usb 9-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 427.905025][ T9] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 427.914066][ T9] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 427.935014][ T9] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 427.949560][ T9] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 427.959349][ T9] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 427.967529][ T9] usb 9-1: Product: syz [ 427.971752][ T9] usb 9-1: Manufacturer: syz [ 427.983014][ T9] cdc_wdm 9-1:1.0: skipping garbage [ 427.988463][ T9] cdc_wdm 9-1:1.0: skipping garbage [ 427.998032][ T9] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device [ 428.004164][ T9] cdc_wdm 9-1:1.0: Unknown control protocol [ 428.236640][ T977] zl10353_read_register: readreg error (reg=127, ret==0) [ 428.236701][T18737] dtv5100: wlen = 0, aborting. [ 428.249660][ T977] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 428.264679][ T977] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 428.287276][ T977] usb 5-1: USB disconnect, device number 42 [ 428.327213][ T977] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 429.227003][T18805] vcan0: tx drop: invalid sa for name 0x0000000000080000 [ 429.462476][T18816] netlink: 'syz.4.5009': attribute type 1 has an invalid length. [ 429.480244][T18816] netlink: 'syz.4.5009': attribute type 2 has an invalid length. [ 430.485215][ T24] usb 9-1: USB disconnect, device number 14 [ 430.785292][ T5872] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 430.822402][T18865] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 430.945092][ T5872] usb 5-1: Using ep0 maxpacket: 32 [ 430.953543][ T5872] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 430.974662][ T5872] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 430.993184][ T5872] usb 5-1: config 0 descriptor?? [ 431.123675][T18873] netlink: 'syz.8.5036': attribute type 10 has an invalid length. [ 431.163465][T18873] hsr_slave_0: left promiscuous mode [ 431.186485][ T9] usb 10-1: new high-speed USB device number 8 using dummy_hcd [ 431.195289][T18873] hsr_slave_1: left promiscuous mode [ 431.210770][ T5872] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 431.229316][ T5872] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 431.240946][ T5872] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 431.249423][ T5872] usb 5-1: media controller created [ 431.283108][ T5872] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 431.360733][ T9] usb 10-1: Using ep0 maxpacket: 16 [ 431.368363][ T9] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 431.392267][ T9] usb 10-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 431.412019][ T9] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 431.412131][T18854] az6027: more than 2 i2c messages at a time is not handled yet. TODO. [ 431.432687][ T9] usb 10-1: config 0 descriptor?? [ 431.450825][ T9] input: bcm5974 as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/input/input53 [ 431.471240][ T5872] az6027: usb out operation failed. (-71) [ 431.501885][ T5872] az6027: usb out operation failed. (-71) [ 431.507804][ T5872] stb0899_attach: Driver disabled by Kconfig [ 431.513916][ T5872] az6027: no front-end attached [ 431.513916][ T5872] [ 431.530672][ T5872] az6027: usb out operation failed. (-71) [ 431.541557][ T5872] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 431.559439][ T5872] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input54 [ 431.724837][ T5174] bcm5974 10-1:0.0: could not read from device [ 431.751801][ T9] bcm5974 10-1:0.0: could not read from device [ 431.782170][ T5174] bcm5974 10-1:0.0: could not read from device [ 431.821069][ T9] input: failed to attach handler mousedev to device input53, error: -5 [ 431.855298][ T5174] bcm5974 10-1:0.0: could not read from device [ 431.864044][ T5872] dvb-usb: schedule remote query interval to 400 msecs. [ 431.864264][ T9] usb 10-1: USB disconnect, device number 8 [ 431.885063][ T5872] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 431.935188][ T5872] usb 5-1: USB disconnect, device number 43 [ 432.136764][ T5872] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 432.608252][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 432.823059][T18929] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 432.842496][T18929] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 433.230160][T18939] ip6gre1: entered promiscuous mode [ 433.331854][ T59] Bluetooth: hci6: Frame reassembly failed (-84) [ 435.205836][ T5872] usb 5-1: new full-speed USB device number 44 using dummy_hcd [ 435.293384][T19022] sctp: [Deprecated]: syz.5.5105 (pid 19022) Use of struct sctp_assoc_value in delayed_ack socket option. [ 435.293384][T19022] Use struct sctp_sack_info instead [ 435.367930][ T51] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 435.375218][ T5822] Bluetooth: hci6: command 0x1003 tx timeout [ 435.390442][ T5872] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 435.408687][ T5872] usb 5-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 435.437338][ T5872] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 435.458121][ T5872] usb 5-1: config 0 descriptor?? [ 435.474763][T19006] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 435.588503][T19035] netlink: 408 bytes leftover after parsing attributes in process `syz.9.5111'. [ 435.631430][T19035] netlink: 104 bytes leftover after parsing attributes in process `syz.9.5111'. [ 435.799047][T19040] vivid-000: disconnect [ 435.828144][T19037] vivid-000: reconnect [ 435.911991][ T5872] elan 0003:04F3:0755.0029: unknown main item tag 0x0 [ 435.941458][ T5872] elan 0003:04F3:0755.0029: unknown main item tag 0x0 [ 435.965443][ T5872] elan 0003:04F3:0755.0029: unknown main item tag 0x0 [ 435.981529][ T5872] elan 0003:04F3:0755.0029: unknown main item tag 0x0 [ 435.999702][ T5872] elan 0003:04F3:0755.0029: unknown main item tag 0x0 [ 436.037117][ T5872] elan 0003:04F3:0755.0029: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.4-1/input0 [ 436.158311][ T977] usb 5-1: USB disconnect, device number 44 [ 438.480841][T19112] netlink: 6 bytes leftover after parsing attributes in process `syz.5.5142'. [ 438.571425][ T5872] kernel write not supported for file /1000/coredump_filter (pid: 5872 comm: kworker/1:4) [ 439.775940][T19165] netlink: 24 bytes leftover after parsing attributes in process `syz.8.5164'. [ 439.822813][T19165] netlink: 24 bytes leftover after parsing attributes in process `syz.8.5164'. [ 439.929288][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 439.993484][T19175] input: syz0 as /devices/virtual/input/input55 [ 440.024874][ T51] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 440.034725][ T51] CPU: 1 UID: 0 PID: 51 Comm: kworker/u9:0 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 440.034752][ T51] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 440.034765][ T51] Workqueue: hci2 hci_rx_work [ 440.034799][ T51] Call Trace: [ 440.034811][ T51] [ 440.034819][ T51] dump_stack_lvl+0x189/0x250 [ 440.034850][ T51] ? kernfs_path_from_node+0x2c/0x260 [ 440.034883][ T51] ? __pfx_dump_stack_lvl+0x10/0x10 [ 440.034911][ T51] ? __pfx__printk+0x10/0x10 [ 440.034932][ T51] ? kernfs_path_from_node+0x2c/0x260 [ 440.034959][ T51] ? kernfs_path_from_node+0x2c/0x260 [ 440.034986][ T51] ? kernfs_path_from_node+0x22c/0x260 [ 440.035008][ T51] ? kernfs_path_from_node+0x2c/0x260 [ 440.035035][ T51] sysfs_create_dir_ns+0x259/0x280 [ 440.035063][ T51] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 440.035089][ T51] ? do_raw_spin_unlock+0x122/0x240 [ 440.035121][ T51] kobject_add_internal+0x59f/0xb40 [ 440.035157][ T51] kobject_add+0x155/0x220 [ 440.035187][ T51] ? __pfx_kobject_add+0x10/0x10 [ 440.035214][ T51] ? _raw_spin_unlock+0x28/0x50 [ 440.035237][ T51] ? get_device_parent+0x366/0x3a0 [ 440.035261][ T51] device_add+0x408/0xb50 [ 440.035284][ T51] hci_conn_add_sysfs+0xd5/0x1e0 [ 440.035308][ T51] le_conn_complete_evt+0xc3a/0x1220 [ 440.035349][ T51] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 440.035378][ T51] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 440.035404][ T51] ? __pfx___mutex_lock+0x10/0x10 [ 440.035428][ T51] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 440.035450][ T51] ? skb_pull_data+0xfb/0x200 [ 440.035490][ T51] hci_le_enh_conn_complete_evt+0x189/0x470 [ 440.035518][ T51] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10 [ 440.035568][ T51] hci_event_packet+0x78f/0x1200 [ 440.035597][ T51] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 440.035630][ T51] ? __pfx_hci_event_packet+0x10/0x10 [ 440.035657][ T51] ? kcov_remote_start+0x4d3/0x7f0 [ 440.035679][ T51] ? local_clock_noinstr+0xe0/0xe0 [ 440.035706][ T51] ? hci_send_to_monitor+0xe2/0x570 [ 440.035742][ T51] hci_rx_work+0x46a/0xe80 [ 440.035778][ T51] ? process_scheduled_works+0x9ef/0x17b0 [ 440.035807][ T51] process_scheduled_works+0xae1/0x17b0 [ 440.035873][ T51] ? __pfx_process_scheduled_works+0x10/0x10 [ 440.035927][ T51] worker_thread+0x8a0/0xda0 [ 440.035994][ T51] kthread+0x711/0x8a0 [ 440.036040][ T51] ? __pfx_worker_thread+0x10/0x10 [ 440.036065][ T51] ? __pfx_kthread+0x10/0x10 [ 440.036096][ T51] ? _raw_spin_unlock_irq+0x23/0x50 [ 440.036118][ T51] ? lockdep_hardirqs_on+0x9c/0x150 [ 440.036139][ T51] ? __pfx_kthread+0x10/0x10 [ 440.036169][ T51] ret_from_fork+0x3fc/0x770 [ 440.036195][ T51] ? __pfx_ret_from_fork+0x10/0x10 [ 440.036224][ T51] ? __switch_to_asm+0x39/0x70 [ 440.036242][ T51] ? __switch_to_asm+0x33/0x70 [ 440.036259][ T51] ? __pfx_kthread+0x10/0x10 [ 440.036289][ T51] ret_from_fork_asm+0x1a/0x30 [ 440.036327][ T51] [ 440.327089][ T51] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 440.341807][ T51] Bluetooth: hci2: failed to register connection device [ 440.407014][T19180] netlink: 'syz.5.5171': attribute type 10 has an invalid length. [ 440.414994][T19180] netlink: 55 bytes leftover after parsing attributes in process `syz.5.5171'. [ 440.443878][T19181] loop6: detected capacity change from 0 to 524287999 [ 441.563814][T19218] sctp: [Deprecated]: syz.8.5189 (pid 19218) Use of int in maxseg socket option. [ 441.563814][T19218] Use struct sctp_assoc_value instead [ 441.854780][T19232] overlayfs: failed to clone lowerpath [ 441.998830][ T30] kauditd_printk_skb: 121 callbacks suppressed [ 441.998850][ T30] audit: type=1326 audit(1748794658.517:1495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19234 comm="syz.8.5196" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f87d2f8e969 code=0x0 [ 442.211688][T19247] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 442.448136][T19257] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5208'. [ 442.458149][T19257] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5208'. [ 442.706867][T19268] netlink: 'syz.4.5213': attribute type 3 has an invalid length. [ 442.717984][T19270] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 443.116230][T19288] netlink: 184 bytes leftover after parsing attributes in process `syz.8.5221'. [ 443.189676][T19292] tipc: Started in network mode [ 443.194798][T19292] tipc: Node identity 2000007, cluster identity 4711 [ 443.213644][T19292] tipc: Node number set to 33554439 [ 443.225894][T19292] tipc: Cannot configure node identity twice [ 443.393179][T19304] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5229'. [ 443.522813][T19307] netlink: 'syz.7.5231': attribute type 4 has an invalid length. [ 443.596359][ T5956] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 443.765468][ T5956] usb 5-1: Using ep0 maxpacket: 16 [ 443.772885][ T5956] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 253, changing to 11 [ 443.805053][ T5956] usb 5-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 443.842382][ T5956] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 443.871396][ T5956] usb 5-1: config 0 descriptor?? [ 444.054203][T19321] netlink: 16 bytes leftover after parsing attributes in process `syz.8.5236'. [ 444.344424][ T5956] samsung 0003:0419:0600.002A: item fetching failed at offset 0/5 [ 444.376073][ T5956] samsung 0003:0419:0600.002A: parse failed [ 444.382099][ T5956] samsung 0003:0419:0600.002A: probe with driver samsung failed with error -22 [ 444.581956][ T5956] usb 5-1: USB disconnect, device number 45 [ 445.360290][T19370] sctp: [Deprecated]: syz.9.5259 (pid 19370) Use of struct sctp_assoc_value in delayed_ack socket option. [ 445.360290][T19370] Use struct sctp_sack_info instead [ 446.150967][T19407] ipvlan2: entered promiscuous mode [ 446.170294][T19407] bridge0: port 3(ipvlan2) entered blocking state [ 446.200628][T19407] bridge0: port 3(ipvlan2) entered disabled state [ 446.225402][T19407] ipvlan2: entered allmulticast mode [ 446.234918][T19407] bridge0: entered allmulticast mode [ 446.257991][T19407] ipvlan2: left allmulticast mode [ 446.284651][T19416] 9pnet: p9_errstr2errno: server reported unknown error @ [ 446.292962][T19407] bridge0: left allmulticast mode [ 446.449777][T19422] netlink: 28 bytes leftover after parsing attributes in process `syz.9.5284'. [ 446.645443][T19433] syzkaller1: entered promiscuous mode [ 446.651168][T19433] syzkaller1: entered allmulticast mode [ 446.725818][ T977] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 446.855475][T19443] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 446.875175][T19443] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock [ 446.883535][T19443] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 446.885534][ T977] usb 5-1: Using ep0 maxpacket: 8 [ 446.895071][T19443] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock [ 446.912910][ T977] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 446.935059][ T977] usb 5-1: config 179 has no interface number 0 [ 446.945119][ T977] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 446.964139][ T977] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 446.992836][ T977] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 447.009686][ T30] audit: type=1326 audit(1748794663.527:1496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19446 comm="syz.8.5297" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f87d2f8e969 code=0x0 [ 447.031257][ T977] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 447.043002][ T977] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 447.057083][ T977] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 447.068247][ T977] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 447.098139][T19424] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 447.320539][ T977] usb 5-1: USB disconnect, device number 46 [ 447.320606][ C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 447.320653][ C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 447.919326][ T30] audit: type=1326 audit(1748794664.437:1497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19477 comm="syz.5.5309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ef598e969 code=0x7ffc0000 [ 447.971774][ T30] audit: type=1326 audit(1748794664.437:1498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19477 comm="syz.5.5309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ef598e969 code=0x7ffc0000 [ 447.994104][ T30] audit: type=1326 audit(1748794664.437:1499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19477 comm="syz.5.5309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=297 compat=0 ip=0x7f0ef598e969 code=0x7ffc0000 [ 448.025743][ T30] audit: type=1326 audit(1748794664.437:1500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19477 comm="syz.5.5309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ef598e969 code=0x7ffc0000 [ 448.098506][ T30] audit: type=1326 audit(1748794664.467:1501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19477 comm="syz.5.5309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ef598e969 code=0x7ffc0000 [ 448.697988][T19496] netlink: 'syz.7.5316': attribute type 1 has an invalid length. [ 448.725247][T19496] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 448.732494][T19496] IPv6: NLM_F_CREATE should be set when creating new route [ 448.757216][T19501] netlink: 'syz.7.5316': attribute type 1 has an invalid length. [ 448.781219][T19501] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 449.643605][T19546] overlayfs: failed to clone lowerpath [ 449.855214][ T977] usb 9-1: new high-speed USB device number 15 using dummy_hcd [ 450.019623][ T977] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 450.040835][ T977] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 450.055626][ T977] usb 9-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 450.073547][ T977] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 450.112402][ T977] usb 9-1: config 0 descriptor?? [ 450.215253][ T980] usb 10-1: new high-speed USB device number 9 using dummy_hcd [ 450.375196][ T980] usb 10-1: Using ep0 maxpacket: 16 [ 450.387439][ T980] usb 10-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 450.400369][ T980] usb 10-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 450.412516][ T980] usb 10-1: Product: syz [ 450.421998][ T980] usb 10-1: Manufacturer: syz [ 450.427189][ T980] usb 10-1: SerialNumber: syz [ 450.436838][ T980] usb 10-1: config 0 descriptor?? [ 450.525108][ T5956] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 450.547162][ T977] cp2112 0003:10C4:EA90.002B: unknown main item tag 0x0 [ 450.563387][ T977] cp2112 0003:10C4:EA90.002B: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.8-1/input0 [ 450.629008][T19583] netlink: 212376 bytes leftover after parsing attributes in process `syz.7.5354'. [ 450.673149][ T980] usb 10-1: USB disconnect, device number 9 [ 450.696377][ T5956] usb 5-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65 [ 450.712893][ T5956] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 450.721544][ T5956] usb 5-1: Product: syz [ 450.733534][ T5956] usb 5-1: Manufacturer: syz [ 450.739145][ T977] cp2112 0003:10C4:EA90.002B: Part Number: 0x82 Device Version: 0xFE [ 450.739305][ T5956] usb 5-1: SerialNumber: syz [ 450.755148][ T5956] usb 5-1: config 0 descriptor?? [ 450.772509][T19586] syzkaller1: entered promiscuous mode [ 450.779212][T19586] syzkaller1: entered allmulticast mode [ 450.985148][ T5956] usb 5-1: ignoring: probably an ADSL modem [ 451.156032][ T977] cp2112 0003:10C4:EA90.002B: error setting SMBus config [ 451.184808][ T977] cp2112 0003:10C4:EA90.002B: probe with driver cp2112 failed with error -71 [ 451.222449][ T977] usb 9-1: USB disconnect, device number 15 [ 451.384637][ T5956] cxacru 5-1:0.0: usbatm_usb_probe: bind failed: -19! [ 451.670932][T19611] netlink: 32 bytes leftover after parsing attributes in process `syz.5.5366'. [ 451.820213][T19616] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 452.504074][T19651] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 452.701966][T19656] netlink: 96 bytes leftover after parsing attributes in process `syz.8.5386'. [ 453.001384][T19666] netlink: 'syz.7.5389': attribute type 11 has an invalid length. [ 453.217763][T19677] netlink: 172 bytes leftover after parsing attributes in process `syz.7.5393'. [ 453.291105][ T5956] usb 5-1: USB disconnect, device number 47 [ 453.975245][ T977] usb 5-1: new full-speed USB device number 48 using dummy_hcd [ 454.137124][ T977] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 454.158334][ T977] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 454.183494][ T977] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 454.204523][ T977] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 454.220436][ T977] usb 5-1: Product: syz [ 454.224650][ T977] usb 5-1: Manufacturer: syz [ 454.234437][ T977] usb 5-1: SerialNumber: syz [ 454.462478][ T977] usb 5-1: 0:2 : does not exist [ 454.496424][ T977] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 454.555230][ T5956] usb 10-1: new high-speed USB device number 10 using dummy_hcd [ 454.578165][ T977] usb 5-1: USB disconnect, device number 48 [ 454.809230][ T5956] usb 10-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 454.844786][ T5956] usb 10-1: config 0 interface 0 has no altsetting 0 [ 454.873037][ T5956] usb 10-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 454.883321][ T5956] usb 10-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 454.897665][ T5956] usb 10-1: Product: syz [ 454.901971][ T5956] usb 10-1: Manufacturer: syz [ 454.919928][ T5956] usb 10-1: SerialNumber: syz [ 454.929276][ T5956] usb 10-1: config 0 descriptor?? [ 454.946934][ T5956] usb 10-1: selecting invalid altsetting 0 [ 455.152099][ T24] usb 10-1: USB disconnect, device number 10 [ 456.535080][ T9] usb 10-1: new high-speed USB device number 11 using dummy_hcd [ 456.695256][ T9] usb 10-1: Using ep0 maxpacket: 16 [ 456.708715][ T9] usb 10-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 456.718691][ T9] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 456.755096][ T9] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 456.796440][ T9] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 456.815043][ T9] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 456.823318][ T9] usb 10-1: Product: syz [ 456.833459][ T9] usb 10-1: Manufacturer: syz [ 456.838518][ T9] usb 10-1: SerialNumber: syz [ 457.111623][ T9] usb 10-1: 0:2 : does not exist [ 457.171664][ T9] usb 10-1: USB disconnect, device number 11 [ 458.216012][T19818] netlink: 4 bytes leftover after parsing attributes in process `syz.9.5457'. [ 458.286390][T19818] team0: Port device team_slave_1 removed [ 459.074795][T19835] input: syz1 as /devices/virtual/input/input56 [ 459.187453][T19841] loop8: detected capacity change from 0 to 7 [ 459.246964][T19841] Dev loop8: unable to read RDB block 7 [ 459.267044][T19841] loop8: AHDI p3 [ 459.272714][T19841] loop8: partition table partially beyond EOD, truncated [ 459.370202][T19848] loop8: detected capacity change from 0 to 7 [ 459.393339][T19848] Dev loop8: unable to read RDB block 7 [ 459.425288][T19848] loop8: unable to read partition table [ 459.431216][T19848] loop8: partition table beyond EOD, truncated [ 459.471978][T19848] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 459.714310][T19866] netlink: 'syz.4.5479': attribute type 34 has an invalid length. [ 460.659616][T19907] netlink: 'syz.4.5496': attribute type 10 has an invalid length. [ 460.669867][T19907] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5496'. [ 460.679241][T19907] dummy0: entered promiscuous mode [ 460.689780][T19907] bridge0: port 3(dummy0) entered blocking state [ 460.701191][T19907] bridge0: port 3(dummy0) entered disabled state [ 460.735724][T19907] dummy0: entered allmulticast mode [ 460.744061][T19907] bridge0: port 3(dummy0) entered blocking state [ 460.750577][T19907] bridge0: port 3(dummy0) entered forwarding state [ 460.761156][ T24] usb 10-1: new high-speed USB device number 12 using dummy_hcd [ 460.885504][T19911] netlink: 'syz.4.5498': attribute type 4 has an invalid length. [ 460.907912][T19911] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5498'. [ 460.922972][ T24] usb 10-1: Using ep0 maxpacket: 16 [ 460.934089][ T24] usb 10-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 460.943864][T19915] 9pnet: p9_errstr2errno: server reported unknown error [ 460.948445][ T24] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 460.992412][ T24] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 461.014872][ T24] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 461.026891][ T24] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 461.035573][ T24] usb 10-1: Product: syz [ 461.039980][ T24] usb 10-1: Manufacturer: syz [ 461.044776][ T24] usb 10-1: SerialNumber: syz [ 461.514653][ T24] usb 10-1: 0:2 : does not exist [ 462.153580][ T24] usb 10-1: USB disconnect, device number 12 [ 462.513487][T19965] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 462.545121][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 462.625180][T19965] overlayfs: fs on './file0' does not support file handles, falling back to xino=off. [ 467.024162][T20088] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5575'. [ 469.025302][ T977] usb 10-1: new high-speed USB device number 13 using dummy_hcd [ 469.185571][ T977] usb 10-1: Using ep0 maxpacket: 16 [ 469.199126][ T977] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 469.216857][ T977] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 469.235323][ T977] usb 10-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 469.244804][ T977] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 469.253699][ T977] usb 10-1: Product: syz [ 469.258441][ T977] usb 10-1: Manufacturer: syz [ 469.263328][ T977] usb 10-1: SerialNumber: syz [ 469.276253][ T977] usb 10-1: config 0 descriptor?? [ 469.287637][ T977] em28xx 10-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 469.298016][ T977] em28xx 10-1:0.0: Audio interface 0 found (Vendor Class) [ 469.730502][T20192] lo: entered promiscuous mode [ 469.739948][T20192] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5623'. [ 469.749209][ T5833] usb 9-1: new high-speed USB device number 16 using dummy_hcd [ 469.752987][T20192] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 469.895016][ T977] em28xx 10-1:0.0: chip ID is em28174 [ 469.906756][ T5833] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 469.917215][ T5833] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 469.927193][ T5833] usb 9-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 469.936527][ T5833] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 469.944870][ T5833] usb 9-1: SerialNumber: syz [ 469.949593][ T24] usb 5-1: new full-speed USB device number 49 using dummy_hcd [ 470.108555][ T977] usb 10-1: USB disconnect, device number 13 [ 470.115660][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 470.122604][ T977] em28xx 10-1:0.0: Disconnecting em28xx [ 470.132713][ T24] usb 5-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 470.139565][ T977] em28xx 10-1:0.0: Freeing device [ 470.142180][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 470.170844][ T24] usb 5-1: config 0 descriptor?? [ 470.176922][ T5833] usb 9-1: 0:2 : does not exist [ 470.182658][T20190] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 470.206639][ T5833] usb 9-1: USB disconnect, device number 16 [ 470.606407][ T24] elan 0003:04F3:0755.002C: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.4-1/input0 [ 470.816906][ T977] usb 5-1: USB disconnect, device number 49 [ 470.848258][T20210] netlink: 'syz.8.5632': attribute type 3 has an invalid length. [ 470.877164][T20210] netlink: 68 bytes leftover after parsing attributes in process `syz.8.5632'. [ 470.906344][T20210] netlink: 'syz.8.5632': attribute type 3 has an invalid length. [ 471.333752][T20237] vcan0: tx drop: invalid sa for name 0x0000000000000003 [ 471.375108][ T24] usb 10-1: new high-speed USB device number 14 using dummy_hcd [ 471.560904][ T24] usb 10-1: Using ep0 maxpacket: 8 [ 471.590587][ T24] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 17 [ 471.611644][ T24] usb 10-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=c8.07 [ 471.650071][ T24] usb 10-1: New USB device strings: Mfr=209, Product=185, SerialNumber=60 [ 471.670999][ T24] usb 10-1: Product: syz [ 471.682158][ T24] usb 10-1: Manufacturer: syz [ 471.692267][ T24] usb 10-1: SerialNumber: syz [ 471.713516][ T24] usb 10-1: config 0 descriptor?? [ 471.789334][T20252] Bluetooth: MGMT ver 1.23 [ 471.950693][ T977] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 471.969835][ T977] hid-generic 0000:0000:0000.002D: hidraw0: HID v0.00 Device [syz1] on syz0 [ 472.033657][ T24] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 472.695214][T20254] hid-generic 0000:0000:0000.002D: pid 20254 passed too short report [ 472.743859][T20263] sctp: [Deprecated]: syz.5.5656 (pid 20263) Use of struct sctp_assoc_value in delayed_ack socket option. [ 472.743859][T20263] Use struct sctp_sack_info instead [ 472.838981][ T24] gspca_sunplus: reg_w_riv err -71 [ 472.855088][ T24] sunplus 10-1:0.0: probe with driver sunplus failed with error -71 [ 472.885461][ T24] usb 10-1: USB disconnect, device number 14 [ 475.448119][ T977] usb 10-1: new full-speed USB device number 15 using dummy_hcd [ 475.628954][ T977] usb 10-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 475.646060][ T977] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 475.708514][ T977] usb 10-1: config 0 descriptor?? [ 475.733418][ T977] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 475.923754][ T977] gp8psk: usb in 128 operation failed. [ 476.158723][ T977] gp8psk: usb in 146 operation failed. [ 476.164263][ T977] gp8psk: failed to get FW version [ 476.189954][ T977] gp8psk: FPGA Version = 165 [ 476.398281][ T977] gp8psk: usb in 138 operation failed. [ 476.434824][ T977] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 476.482872][ T977] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 476.530690][ T977] usb 10-1: USB disconnect, device number 15 [ 477.438391][ T30] audit: type=1800 audit(1748794693.957:1502): pid=20412 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.8.5721" name="file0" dev="tmpfs" ino=2035 res=0 errno=0 [ 478.306086][T20446] input: syz0 as /devices/virtual/input/input57 [ 478.322656][T20446] input: failed to attach handler leds to device input57, error: -6 [ 478.336471][ T24] usb 9-1: new high-speed USB device number 17 using dummy_hcd [ 478.497354][ T24] usb 9-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 478.511035][ T24] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 478.540929][ T24] usb 9-1: config 0 descriptor?? [ 478.557541][ T24] cp210x 9-1:0.0: cp210x converter detected [ 478.986067][ T24] cp210x 9-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 479.014525][ T24] usb 9-1: cp210x converter now attached to ttyUSB0 [ 479.224102][ T980] usb 9-1: USB disconnect, device number 17 [ 479.239197][ T980] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 479.249295][ T980] cp210x 9-1:0.0: device disconnected [ 480.656118][T20534] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 481.221669][T20552] batadv_slave_0: entered promiscuous mode [ 481.246708][T20551] batadv_slave_0: left promiscuous mode [ 482.075116][ T24] usb 5-1: new high-speed USB device number 50 using dummy_hcd [ 482.247434][ T24] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 482.272287][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 482.301354][ T24] usb 5-1: config 0 descriptor?? [ 482.312545][ T24] cp210x 5-1:0.0: cp210x converter detected [ 482.733904][ T24] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 482.968751][ T24] usb 5-1: cp210x converter now attached to ttyUSB0 [ 482.975110][ T51] Bluetooth: hci5: command 0x0406 tx timeout [ 483.166688][ T24] usb 5-1: USB disconnect, device number 50 [ 483.201385][ T24] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 483.302582][ T24] cp210x 5-1:0.0: device disconnected [ 483.915963][T20641] input input58: cannot allocate more than FF_MAX_EFFECTS effects [ 484.543052][T20658] netlink: 'syz.4.5827': attribute type 12 has an invalid length. [ 484.561427][T20658] netlink: 'syz.4.5827': attribute type 29 has an invalid length. [ 484.575116][T20658] netlink: 148 bytes leftover after parsing attributes in process `syz.4.5827'. [ 484.719447][T20662] program syz.4.5830 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 484.970038][T20670] 9pnet: p9_errstr2errno: server reported unknown error [ 485.576739][T20687] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5843'. [ 590.874930][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 590.881939][ C1] rcu: (detected by 1, t=10502 jiffies, g=86281, q=276 ncpus=2) [ 590.889670][ C1] rcu: All QSes seen, last rcu_preempt kthread activity 10502 (4294996215-4294985713), jiffies_till_next_fqs=1, root ->qsmask 0x0 [ 590.903056][ C1] rcu: rcu_preempt kthread starved for 10502 jiffies! g86281 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 590.914265][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 590.924252][ C1] rcu: RCU grace-period kthread stack dump: [ 590.930148][ C1] task:rcu_preempt state:R running task stack:27192 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00004000 [ 590.943671][ C1] Call Trace: [ 590.946959][ C1] [ 590.949906][ C1] __schedule+0x16a2/0x4cb0 [ 590.954445][ C1] ? do_raw_spin_unlock+0x122/0x240 [ 590.959677][ C1] ? schedule+0x165/0x360 [ 590.964026][ C1] ? __lock_acquire+0xab9/0xd20 [ 590.968895][ C1] ? __pfx___schedule+0x10/0x10 [ 590.973784][ C1] ? schedule+0x91/0x360 [ 590.978052][ C1] schedule+0x165/0x360 [ 590.982229][ C1] schedule_timeout+0x12b/0x270 [ 590.987100][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 590.992478][ C1] ? __pfx_process_timeout+0x10/0x10 [ 590.997785][ C1] ? prepare_to_swait_event+0x341/0x380 [ 591.003389][ C1] rcu_gp_fqs_loop+0x301/0x1540 [ 591.008284][ C1] ? __pfx_rcu_gp_init+0x10/0x10 [ 591.013242][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 591.018461][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 591.023759][ C1] ? _raw_spin_unlock_irq+0x2e/0x50 [ 591.028982][ C1] ? finish_swait+0xcd/0x1f0 [ 591.033602][ C1] rcu_gp_kthread+0x99/0x390 [ 591.038216][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 591.043456][ C1] ? __kthread_parkme+0x7b/0x200 [ 591.048416][ C1] ? __kthread_parkme+0x1a1/0x200 [ 591.053471][ C1] kthread+0x711/0x8a0 [ 591.057571][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 591.062790][ C1] ? __pfx_kthread+0x10/0x10 [ 591.067413][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 591.072725][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 591.077942][ C1] ? __pfx_kthread+0x10/0x10 [ 591.082559][ C1] ret_from_fork+0x3fc/0x770 [ 591.087174][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 591.092313][ C1] ? __switch_to_asm+0x39/0x70 [ 591.097091][ C1] ? __switch_to_asm+0x33/0x70 [ 591.101870][ C1] ? __pfx_kthread+0x10/0x10 [ 591.106487][ C1] ret_from_fork_asm+0x1a/0x30 [ 591.111283][ C1] [ 591.114318][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 591.120662][ C1] Sending NMI from CPU 1 to CPUs 0: [ 591.125906][ C0] NMI backtrace for cpu 0 [ 591.125925][ C0] CPU: 0 UID: 0 PID: 20696 Comm: syz.5.5835 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 591.125955][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 591.125969][ C0] RIP: 0010:debug_object_activate+0x21e/0x420 [ 591.126000][ C0] Code: c1 08 c1 0f 84 10 01 00 00 49 81 fd 00 f0 ff ff 77 45 49 8d 6d 10 49 89 ef 49 c1 ef 03 43 0f b6 04 37 84 c0 0f 85 9d 01 00 00 <8b> 45 00 8d 48 ff 83 f9 02 0f 82 93 00 00 00 83 c0 fd 83 f8 01 0f [ 591.126015][ C0] RSP: 0018:ffffc90000007c88 EFLAGS: 00000046 [ 591.126031][ C0] RAX: 0000000000000000 RBX: ffff88802713e340 RCX: dffffc0000000000 [ 591.126043][ C0] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffc90000007b60 [ 591.126054][ C0] RBP: ffff88807e2c0080 R08: 0000000000000003 R09: 0000000000000004 [ 591.126065][ C0] R10: dffffc0000000000 R11: fffff52000000f6c R12: ffff88807e2c0088 [ 591.126078][ C0] R13: ffff88807e2c0070 R14: dffffc0000000000 R15: 1ffff1100fc58010 [ 591.126091][ C0] FS: 0000000000000000(0000) GS:ffff888125c95000(0000) knlGS:0000000000000000 [ 591.126105][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 591.126117][ C0] CR2: 000000110c2ae65a CR3: 000000007876a000 CR4: 00000000003526f0 [ 591.126132][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 591.126142][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 591.126152][ C0] Call Trace: [ 591.126159][ C0] [ 591.126174][ C0] enqueue_hrtimer+0x30/0x3a0 [ 591.126206][ C0] __hrtimer_run_queues+0x656/0xc60 [ 591.126242][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 591.126261][ C0] ? read_tsc+0x9/0x20 [ 591.126281][ C0] hrtimer_interrupt+0x45b/0xaa0 [ 591.126328][ C0] __sysvec_apic_timer_interrupt+0x108/0x410 [ 591.126351][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 591.126371][ C0] [ 591.126376][ C0] [ 591.126382][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 591.126400][ C0] RIP: 0010:lock_acquire+0x175/0x360 [ 591.126417][ C0] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 6b 9e fa 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e [ 591.126430][ C0] RSP: 0018:ffffc9001828f4b8 EFLAGS: 00000206 [ 591.126444][ C0] RAX: 71bac40a9672ee00 RBX: 0000000000000000 RCX: 71bac40a9672ee00 [ 591.126456][ C0] RDX: 0000000000000000 RSI: ffffffff8db48e76 RDI: ffffffff8be19b80 [ 591.126467][ C0] RBP: ffffffff822cbcda R08: 0000000000000000 R09: ffffffff822cbcda [ 591.126478][ C0] R10: dffffc0000000000 R11: fffff94000335c61 R12: 0000000000000002 [ 591.126489][ C0] R13: ffffffff8e13d140 R14: 0000000000000000 R15: 0000000000000246 [ 591.126502][ C0] ? pfn_valid+0xba/0x490 [ 591.126521][ C0] ? pfn_valid+0xba/0x490 [ 591.126547][ C0] ? __folio_rmap_sanity_checks+0x30d/0x700 [ 591.126571][ C0] ? pfn_valid+0xba/0x490 [ 591.126588][ C0] pfn_valid+0xd6/0x490 [ 591.126604][ C0] ? pfn_valid+0xba/0x490 [ 591.126622][ C0] page_table_check_clear+0x21/0x700 [ 591.126640][ C0] ? vm_normal_page+0xb7/0x230 [ 591.126661][ C0] unmap_page_range+0x32fa/0x4580 [ 591.126709][ C0] ? __pfx_unmap_page_range+0x10/0x10 [ 591.126735][ C0] ? unmap_vmas+0x144/0x580 [ 591.126758][ C0] unmap_vmas+0x399/0x580 [ 591.126783][ C0] ? __pfx_unmap_vmas+0x10/0x10 [ 591.126817][ C0] exit_mmap+0x248/0xb50 [ 591.126834][ C0] ? uprobe_clear_state+0x20f/0x290 [ 591.126854][ C0] ? __pfx_exit_mmap+0x10/0x10 [ 591.126869][ C0] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 591.126916][ C0] ? __pfx_exit_aio+0x10/0x10 [ 591.126938][ C0] ? uprobe_clear_state+0x274/0x290 [ 591.126955][ C0] ? mm_update_next_owner+0xa7/0x870 [ 591.126989][ C0] __mmput+0x118/0x420 [ 591.127010][ C0] exit_mm+0x1da/0x2c0 [ 591.127036][ C0] ? __pfx_exit_mm+0x10/0x10 [ 591.127062][ C0] ? rcu_is_watching+0x15/0xb0 [ 591.127085][ C0] do_exit+0x640/0x22e0 [ 591.127113][ C0] ? preempt_schedule_common+0x83/0xd0 [ 591.127133][ C0] ? preempt_schedule+0xae/0xc0 [ 591.127150][ C0] ? __pfx_do_exit+0x10/0x10 [ 591.127179][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 591.127202][ C0] do_group_exit+0x21c/0x2d0 [ 591.127232][ C0] __x64_sys_exit_group+0x3f/0x40 [ 591.127257][ C0] x64_sys_call+0x21ba/0x21c0 [ 591.127273][ C0] do_syscall_64+0xfa/0x3b0 [ 591.127294][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 591.127313][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 591.127330][ C0] ? clear_bhb_loop+0x60/0xb0 [ 591.127350][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 591.127366][ C0] RIP: 0033:0x7f0ef598e969 [ 591.127380][ C0] Code: Unable to access opcode bytes at 0x7f0ef598e93f. [ 591.127389][ C0] RSP: 002b:00007fff549dafa8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 591.127405][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0ef598e969 [ 591.127417][ C0] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 [ 591.127427][ C0] RBP: 00007fff549db00c R08: 00000005549db09f R09: 0000000000000000 [ 591.127438][ C0] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000393 [ 591.127448][ C0] R13: 0000000000000000 R14: 0000000000075aac R15: 00007fff549db060 [ 591.127469][ C0]