last executing test programs: 7.323450284s ago: executing program 0 (id=2618): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r0, 0x18000000000002a0, 0xe40, 0x0, &(0x7f00000002c0)="f6eb094549002060009b8538a4ba", 0x0, 0x806, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000800000000000070000000900010073797a30000000007c000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d38001280140001800c000100636f756e7465720004000280200001800e000100636f6e6e6c696d69740000000c000280080001400000000808000340000001"], 0xc4}}, 0x20050890) 7.236892203s ago: executing program 0 (id=2621): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000002100)='/proc/bus/input/devices\x00', 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) statx(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$vimc0(0xffffff9c, &(0x7f0000000180), 0x2, 0x0) pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) r2 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000ec0), 0x2, 0x0) write$6lowpan_control(r2, &(0x7f0000000f00)='connect aa:aa:aa:aa:aa:10 1', 0x1b) ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0xb701, 0x0) syz_usb_connect(0x5, 0x36, &(0x7f00000000c0)=ANY=[], 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000540), r3) sendmsg$IEEE802154_ADD_IFACE(r3, 0x0, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, 0x0, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, 0x0, 0x0) 5.781691153s ago: executing program 0 (id=2632): sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000003c0)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$kcm(0x2, 0x5, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x0) open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0) 4.366081819s ago: executing program 1 (id=2640): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x482, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r0, 0x0) syz_clone(0x640c7400, 0x0, 0x0, 0x0, 0x0, 0x0) 4.193431441s ago: executing program 0 (id=2641): r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, 0x0) sendto$packet(r1, &(0x7f0000000100)="f25ba8ea7bc273dfaeab96854305", 0xe, 0x8081, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x73, 0x6, @multicast}, 0x14) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000340)={r2, r2, 0xd, 0x3, &(0x7f0000000040)="ee7d00", 0x9, 0x1, 0x16c0, 0x5505, 0x8b, 0x1, 0x9, 'syz0\x00'}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="540000004900010928bd700018dcdf250aff80", @ANYBLOB="0000000014000100fe80000000000000000000000000001f14000100fe8000000000000000000000000000bb080002"], 0x54}}, 0x0) ioctl$sock_bt_hidp_HIDPCONNDEL(r0, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0x68000000}, 0x0) r4 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r4, &(0x7f0000000080)={&(0x7f0000000100)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e23, 0x0, @private1}}, 0x80, 0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x18, 0x68000000}, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="bc0100001900010001000000fddbdf25e0000001000000000000000000000000ac1414bb0000000000000000000000000003000bffff00000a008000060000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000800000000000000000000000000000000000000000000000000002020000000004010500ac1414aa000000000000000000000000000000003c00000000000000ffffffff000000000000000000000000ff3400000202000000000000000000000000000064010102000000000000000000000000000000003c0000000a0000000000000000000000000000000000000002000000000000000008000000080000fcffffff000000000000000000000000000000000000000032000000000000007f0000010000000000000000000000000335000004030000000000000002000000000000ac1414bb000000000000000000000000000000002b000000000000000a010101000000244c4d000000000000000000043500000101010000000000bf0a000000"], 0x1bc}}, 0x4000) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r4, 0x400c6615, &(0x7f0000000280)={0x0, @aes128, 0x0, @desc1}) r6 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r6, &(0x7f0000000080)={&(0x7f0000000100)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e22, 0x0, @private2}}, 0x80, 0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x18, 0x68000000}, 0x0) 4.123338664s ago: executing program 1 (id=2642): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0xc) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x2000) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000000)={r2, @in={{0x2, 0x0, @empty}}, 0x27c0}, 0x90) 3.973972069s ago: executing program 1 (id=2643): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r1, 0xfffffffc) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)={0x28, r3, 0x1, 0x70bd2c, 0x1000000, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x37}}]}]}, 0x28}, 0x1, 0xff07}, 0x2000000) 3.852334956s ago: executing program 1 (id=2646): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000000080008d804dd0000000000000109022400010000a008090400fe01030001000921fffffd0122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000080)={0x18, &(0x7f00000012c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x2, 0x40402) ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000040)={0x1, 0x4, 0x2, &(0x7f0000000500)={0xf, "c93eb2de090000007e008900000000000000000000001800"}}) 3.765946276s ago: executing program 0 (id=2647): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x0) ioctl$FE_GET_PROPERTY(r3, 0x80106f53, &(0x7f0000000400)={0x4, &(0x7f0000000280)=[{0x33, '\x00', @buffer={"b3c8dda98a5b60ae6030ec6f58ab9fcb24e64f4eb20774108867a166cb86ccea", 0x20}, 0xffff8000}, {0x30, '\x00', @buffer={"8400000000ea8f2737551a930e27ca3a60a72bf7f1b800", 0x20}, 0x1}, {0x19, '\x00', @st={0x4, [{0x2, @uvalue=0x8}, {0x3, @uvalue=0x1}, {0x2, @svalue=0x9}, {0x1, @uvalue=0x5}]}, 0x1ff}, {0x9, '\x00', @st={0x4, [{0x3, @uvalue=0x1}, {0x0, @svalue=0x80000001}, {0x3, @uvalue=0x6}, {0x0, @uvalue=0x8}]}, 0xfffffff8}]}) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x2014800, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r4 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(r4, 0x0, 0xcc, &(0x7f0000000140)={@multicast2, @multicast1, 0x0, "aaa517d60f2811d48c8a2cc60c4380bc23b510d442ff13482864280a9c0f4eb5", 0x0, 0xcc, 0xffffffff}, 0x3c) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r5 = socket(0x40000000015, 0x5, 0x0) bind$inet(r5, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) recvmmsg(r5, &(0x7f0000000780), 0x0, 0x60010000, 0x0) sendto$inet(r5, 0x0, 0xd000, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10) setsockopt$MRT_DEL_MFC_PROXY(r4, 0x0, 0xd3, &(0x7f00000000c0)={@multicast2, @multicast1, 0x0, "c6c0e6ec8755b5dc4e305886d95f086707764f8d0e5a0358ea21274f844a69e9", 0x0, 0x200}, 0x3c) 2.690308431s ago: executing program 0 (id=2653): r0 = socket$unix(0x1, 0x1, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket$kcm(0x11, 0x3, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, 0x0, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70b922, 0x25dfdc01, {0x0, 0x0, 0x0, r5, {0x0, 0xd}, {0xffff, 0xb}, {0x7, 0xf}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0x9}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x240040a1}, 0x4890) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r2, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0xdd86, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000440)='\'', 0x1}], 0x1}, 0x4) 2.103099164s ago: executing program 1 (id=2657): mkdir(&(0x7f00000001c0)='./file1\x00', 0xb) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)) open(&(0x7f0000000040)='./file1\x00', 0x808400, 0x43) chdir(&(0x7f00000003c0)='./bus\x00') bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0xf, &(0x7f0000000580)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xf0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='GPL\x00'}, 0x94) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e79"]) chdir(&(0x7f0000000040)='./file0\x00') creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93) renameat2(0xffffffffffffff9c, &(0x7f0000000a00)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file0\x00', 0x0) 1.933853072s ago: executing program 3 (id=2658): syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000101c1b021b0000000000010902"], 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_rfc1337\x00', 0x1, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd637f4b22667f2f00db5b686158bbcfe8875a65969ff57b00000000000000000000000000ac"], 0xfdef) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0xc, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r1, 0x3e8, 0xc, 0x0, &(0x7f0000000000)="c1df07000000d30a298ee688", 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x4c) 1.933653628s ago: executing program 2 (id=2659): socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00008feff0)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x4, 0x0, &(0x7f00008feff0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="020d0000100000002f3144e8edffffff03000600ff18000002004909000100000000000000001e0e080012000200010000d200000000000030006c540203009f7eae02000000adb20200000000f52c000000cdff00"], 0x80}}, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f00000000c0), 0x2c8, 0x0) 1.81114074s ago: executing program 2 (id=2660): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)}, &(0x7f0000000180)=0xc) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x2000) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000000)={r2, @in={{0x2, 0x0, @empty}}, 0x27c0}, 0x90) 1.810798826s ago: executing program 1 (id=2661): r0 = socket(0xa, 0x1, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c0000001c00070c2ee4a4bd7000fedbdf250200", @ANYRES32, @ANYBLOB="40001002140001"], 0x3c}, 0x1, 0x0, 0x0, 0x24000005}, 0x20024090) 1.790116405s ago: executing program 2 (id=2662): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0xfffc}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0xfffd}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}], {0x14}}, 0x74}}, 0x0) 1.692827221s ago: executing program 2 (id=2663): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x200080c0, &(0x7f00000001c0)={0xa, 0x2, 0x8000, @loopback, 0x8}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x5, &(0x7f0000000040)=0x33c2, 0x4) shutdown(r0, 0x1) 1.620802988s ago: executing program 2 (id=2664): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000500)={0xa, 0x4e22, 0x8, @ipv4={'\x00', '\xff\xff', @loopback}, 0x5}, 0x1c) connect$inet6(r0, 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x406, r0) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000380)=0x10, 0x1c) io_setup(0xf, &(0x7f00000001c0)=0x0) io_submit(r2, 0x1, &(0x7f0000001000)=[&(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x7fff, r1, &(0x7f0000000cc0)="e32035603744", 0x6, 0x0, 0x0, 0x2}]) sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[], 0x56c}, 0x1, 0x0, 0x0, 0x200440d1}, 0x800e885) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), r1) 1.425812082s ago: executing program 2 (id=2665): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000000080008d804dd0000000000000109022400010000a008090400fe01030001000921fffffd0122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000080)={0x18, &(0x7f00000012c0)=ANY=[@ANYBLOB="0011"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x2, 0x40402) ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000040)={0x1, 0x4, 0x2, &(0x7f0000000500)={0xf, "c93eb2de090000007e008900000000000000000000001800"}}) 597.541304ms ago: executing program 3 (id=2666): r0 = syz_open_dev$dvb_demux(&(0x7f0000000140), 0x0, 0x62400) close(r0) 498.401424ms ago: executing program 3 (id=2667): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000e00)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @flow_offload={{0x11}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}, 0x1, 0x0, 0x0, 0x2000094}, 0x80) 290.733461ms ago: executing program 3 (id=2668): socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00008feff0)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x4, 0x0, &(0x7f00008feff0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="020d0000100000002f3144e8edffffff03000600ff18000002004909000100000000000000001e0e080012000200010000d200000000000030006c540203009f7eae02000000adb20200000000f52c000000cdff00"], 0x80}}, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f00000000c0), 0x2c8, 0x0) 173.587592ms ago: executing program 3 (id=2669): io_setup(0x2278, &(0x7f0000000180)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_timeval(r1, 0x1, 0x14, &(0x7f0000000000)={0x0, 0xea60}, 0x10) io_submit(r0, 0x2, &(0x7f0000000140)=[&(0x7f00000001c0)={0x0, 0x4, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x2}, &(0x7f0000000200)={0x0, 0x0, 0x2, 0x3, 0xffff, r1, 0x0}]) 0s ago: executing program 3 (id=2670): mkdir(&(0x7f00000001c0)='./file1\x00', 0xb) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)) open(&(0x7f0000000040)='./file1\x00', 0x808400, 0x43) chdir(&(0x7f00000003c0)='./bus\x00') bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0xf, &(0x7f0000000580)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xf0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='GPL\x00'}, 0x94) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76"]) chdir(&(0x7f0000000040)='./file0\x00') creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93) renameat2(0xffffffffffffff9c, &(0x7f0000000a00)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file0\x00', 0x0) kernel console output (not intermixed with test programs): [ T8531] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 153.690687][ T8531] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 154.053422][ T5841] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 154.200495][ T5841] usb 6-1: device descriptor read/64, error -71 [ 154.464193][ T5841] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 154.554005][ T12] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 154.559631][ T12] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.585912][ T12] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 154.590949][ T5841] usb 6-1: device descriptor read/64, error -71 [ 154.648491][ T12] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.706157][ T12] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 154.714551][ T12] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.724269][ T12] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 154.732097][ T12] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.748466][ T8558] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1014'. [ 154.781238][ T5841] usb usb6-port1: attempt power cycle [ 154.920159][ T40] audit: type=1326 audit(1777348219.677:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8566 comm="syz.2.1018" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f03fcc code=0x0 [ 155.136627][ T5841] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 155.160839][ T5841] usb 6-1: device descriptor read/8, error -71 [ 155.356468][ T5523] usb 7-1: new high-speed USB device number 27 using dummy_hcd [ 155.410471][ T5841] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 155.451517][ T5841] usb 6-1: device descriptor read/8, error -71 [ 155.525747][ T5523] usb 7-1: config index 0 descriptor too short (expected 24929, got 18) [ 155.560698][ T5523] usb 7-1: config 97 has too many interfaces: 97, using maximum allowed: 32 [ 155.574020][ T5523] usb 7-1: config 97 has an invalid descriptor of length 97, skipping remainder of the config [ 155.587505][ T5523] usb 7-1: config 97 has 0 interfaces, different from the descriptor's value: 97 [ 155.601076][ T5523] usb 7-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 155.615888][ T5523] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.325409][ T5841] usb usb6-port1: unable to enumerate USB device [ 156.874821][ T8588] syzkaller0: entered promiscuous mode [ 156.877486][ T8588] syzkaller0: entered allmulticast mode [ 157.103617][ T5745] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 157.110789][ T5740] Bluetooth: hci4: command 0x1003 tx timeout [ 157.528640][ T8604] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1029'. [ 158.120416][ T5827] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 158.301358][ T5827] usb 6-1: device descriptor read/64, error -71 [ 158.481905][ T5523] usb 7-1: string descriptor 0 read error: -71 [ 158.570542][ T5827] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 158.763097][ T5827] usb 6-1: device descriptor read/64, error -71 [ 158.912425][ T5827] usb usb6-port1: attempt power cycle [ 159.283024][ T5827] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 159.332004][ T5827] usb 6-1: device descriptor read/8, error -71 [ 159.463210][ T10] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 159.620555][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 159.625225][ T10] usb 5-1: config 0 has no interfaces? [ 159.629126][ T10] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 159.633058][ T5827] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 159.643294][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.657974][ T10] usb 5-1: config 0 descriptor?? [ 159.724264][ T5827] usb 6-1: device descriptor read/8, error -71 [ 159.868608][ T5827] usb usb6-port1: unable to enumerate USB device [ 159.966332][ T10] usb 5-1: USB disconnect, device number 27 [ 160.708322][ T5523] usb 7-1: USB disconnect, device number 27 [ 161.181688][ T8650] syzkaller0: entered promiscuous mode [ 161.184578][ T8650] syzkaller0: entered allmulticast mode [ 161.300642][ T8652] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1045'. [ 165.101888][ T841] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 165.273228][ T841] usb 8-1: Using ep0 maxpacket: 16 [ 165.278982][ T841] usb 8-1: config 0 has no interfaces? [ 165.286810][ T841] usb 8-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 165.303946][ T841] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.322006][ T841] usb 8-1: config 0 descriptor?? [ 165.727733][ T1338] usb 8-1: USB disconnect, device number 10 [ 167.795112][ T8693] netlink: 'syz.1.1057': attribute type 1 has an invalid length. [ 167.798107][ T8693] netlink: 260 bytes leftover after parsing attributes in process `syz.1.1057'. [ 167.981441][ T8690] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 168.016950][ T8690] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 168.648921][ T8716] bond1: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 168.736278][ T8716] bond1 (unregistering): Released all slaves [ 168.945175][ T8726] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1069'. [ 169.268604][ T8739] tipc: Enabled bearer , priority 0 [ 169.395045][ T8734] syzkaller0: entered promiscuous mode [ 169.414794][ T8734] syzkaller0: entered allmulticast mode [ 169.427158][ T8734] tipc: Resetting bearer [ 169.474325][ T40] audit: type=1326 audit(1777348234.237:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8743 comm="syz.0.1076" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf700efcc code=0x0 [ 169.561794][ T1158] tipc: Resetting bearer [ 169.661286][ T8733] tipc: Resetting bearer [ 169.955426][ T1035] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 170.191448][ T1035] usb 5-1: config index 0 descriptor too short (expected 24929, got 18) [ 170.235622][ T1035] usb 5-1: config 97 has too many interfaces: 97, using maximum allowed: 32 [ 170.252121][ T1035] usb 5-1: config 97 has an invalid descriptor of length 97, skipping remainder of the config [ 170.266885][ T1035] usb 5-1: config 97 has 0 interfaces, different from the descriptor's value: 97 [ 170.270790][ T1035] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 170.283164][ T1035] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 170.472266][ T841] usb 7-1: new low-speed USB device number 28 using dummy_hcd [ 170.652285][ T841] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 170.655681][ T841] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 170.662009][ T841] usb 7-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 170.686004][ T841] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 170.697208][ T841] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 170.711720][ T841] usb 7-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 170.765687][ T841] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 170.770585][ T841] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 170.791709][ T841] usb 7-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 170.820972][ T841] usb 7-1: string descriptor 0 read error: -22 [ 170.834732][ T841] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 170.848171][ T841] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 170.884164][ T841] adutux 7-1:168.0: interrupt endpoints not found [ 171.087032][ T841] usb 7-1: USB disconnect, device number 28 [ 171.590515][ T5745] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 172.686269][ T1035] usb 5-1: string descriptor 0 read error: -71 [ 172.703908][ T1035] usb 5-1: USB disconnect, device number 28 [ 175.771699][ T8733] tipc: Disabling bearer [ 175.837256][ T5819] tipc: Node number set to 3646335067 [ 175.842992][ T8758] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 175.867839][ T8758] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 176.365063][ T8790] syz_tun: entered allmulticast mode [ 176.378272][ T8789] syz_tun: left allmulticast mode [ 177.738292][ T8813] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 177.816140][ T8813] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 177.985204][ T8822] bond0: (slave batadv_slave_0): Error: Device can not be enslaved while up [ 178.153437][ T8826] syzkaller0: entered promiscuous mode [ 178.171440][ T8826] 0: reclassify loop, rule prio 0, protocol 700 [ 178.518496][ T8836] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1110'. [ 178.952874][ T8853] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 178.978921][ T8853] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 180.546203][ T5523] usb 7-1: new high-speed USB device number 29 using dummy_hcd [ 180.555936][ T5740] Bluetooth: hci2: command 0x0406 tx timeout [ 180.556357][ T62] Bluetooth: hci3: command 0x0406 tx timeout [ 180.735880][ T5523] usb 7-1: device descriptor read/64, error -71 [ 180.994775][ T5523] usb 7-1: new high-speed USB device number 30 using dummy_hcd [ 181.056410][ T8902] netlink: 'syz.0.1136': attribute type 2 has an invalid length. [ 181.059995][ T8902] tipc: Cannot configure node identity twice [ 181.164707][ T5523] usb 7-1: device descriptor read/64, error -71 [ 181.291604][ T5523] usb usb7-port1: attempt power cycle [ 181.324808][ T8904] syzkaller1: entered promiscuous mode [ 181.328207][ T8904] syzkaller1: entered allmulticast mode [ 181.640747][ T5523] usb 7-1: new high-speed USB device number 31 using dummy_hcd [ 181.707955][ T5523] usb 7-1: device descriptor read/8, error -71 [ 181.887041][ T8918] syzkaller0: entered promiscuous mode [ 181.890084][ T8918] syzkaller0: entered allmulticast mode [ 182.030783][ T5523] usb 7-1: new high-speed USB device number 32 using dummy_hcd [ 182.058506][ T5523] usb 7-1: device descriptor read/8, error -71 [ 182.175609][ T5523] usb usb7-port1: unable to enumerate USB device [ 183.024734][ T5523] hid-generic 0005:16C0:5505.0004: hidraw1: BLUETOOTH HID v0.8b Device [syz0] on aa:aa:aa:aa:aa:aa [ 183.070226][ T8928] fido_id[8928]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci1/hci1:200/report_descriptor': No such file or directory [ 183.679252][ T8947] syzkaller0: entered promiscuous mode [ 183.717362][ T8947] syzkaller0: entered allmulticast mode [ 184.339229][ T8966] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1158'. [ 184.768585][ T8981] netlink: 'syz.1.1163': attribute type 4 has an invalid length. [ 186.111354][ T9007] fuse: Unknown parameter '0x0000000000000005' [ 186.114962][ T39] hid-generic 0005:16C0:5505.0005: hidraw1: BLUETOOTH HID v0.8b Device [syz0] on aa:aa:aa:aa:aa:aa [ 186.241826][ T9009] fido_id[9009]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci1/hci1:200/report_descriptor': No such file or directory [ 186.759513][ T9025] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1180'. [ 186.926637][ T9031] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 187.298051][ T5819] hid-generic 0005:16C0:5505.0006: hidraw1: BLUETOOTH HID v0.8b Device [syz0] on aa:aa:aa:aa:aa:aa [ 187.424909][ T9046] fido_id[9046]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci1/hci1:200/report_descriptor': No such file or directory [ 187.605192][ T5841] hid-generic 0005:16C0:5505.0007: hidraw1: BLUETOOTH HID v0.8b Device [syz0] on aa:aa:aa:aa:aa:aa [ 188.161469][ T9083] syzkaller0: entered promiscuous mode [ 188.186485][ T9086] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1191'. [ 188.192243][ T9086] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1191'. [ 188.426498][ T9097] syzkaller0: entered promiscuous mode [ 188.429444][ T9097] syzkaller0: entered allmulticast mode [ 189.317287][ T9113] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1203'. [ 189.756111][ T9129] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1211'. [ 189.811652][ T9129] netlink: 264 bytes leftover after parsing attributes in process `syz.2.1211'. [ 190.095971][ T10] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 190.125191][ T9141] netlink: 'syz.2.1216': attribute type 39 has an invalid length. [ 190.280604][ T10] usb 6-1: Using ep0 maxpacket: 16 [ 190.437991][ T10] usb 6-1: config 0 has no interfaces? [ 190.440116][ T10] usb 6-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 190.443753][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.449403][ T10] usb 6-1: config 0 descriptor?? [ 190.849274][ T39] usb 6-1: USB disconnect, device number 25 [ 191.898602][ T40] audit: type=1326 audit(1777348256.657:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9173 comm="syz.1.1231" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf6fcefcc code=0x0 [ 192.073628][ T9186] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1233'. [ 192.320399][ T5523] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 192.506755][ T5523] usb 6-1: config index 0 descriptor too short (expected 24929, got 18) [ 192.512526][ T5523] usb 6-1: config 97 has too many interfaces: 97, using maximum allowed: 32 [ 192.521099][ T5523] usb 6-1: config 97 has an invalid descriptor of length 97, skipping remainder of the config [ 192.567869][ T5523] usb 6-1: config 97 has 0 interfaces, different from the descriptor's value: 97 [ 192.584570][ T5523] usb 6-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 192.592005][ T5523] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 193.230929][ T5841] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 193.380383][ T5841] usb 8-1: device descriptor read/64, error -71 [ 193.646160][ T9240] syzkaller0: entered promiscuous mode [ 193.729552][ T5841] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 193.874715][ T5841] usb 8-1: device descriptor read/64, error -71 [ 194.006547][ T5841] usb usb8-port1: attempt power cycle [ 194.073318][ T5751] Bluetooth: hci4: command 0x1003 tx timeout [ 194.116633][ T5745] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 194.372009][ T5841] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 194.446465][ T5841] usb 8-1: device descriptor read/8, error -71 [ 194.771700][ T5841] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 194.797071][ T5841] usb 8-1: device descriptor read/8, error -71 [ 194.922086][ T5841] usb usb8-port1: unable to enumerate USB device [ 195.318277][ T9260] sctp: [Deprecated]: syz.2.1254 (pid 9260) Use of struct sctp_assoc_value in delayed_ack socket option. [ 195.318277][ T9260] Use struct sctp_sack_info instead [ 195.336827][ T5523] usb 6-1: string descriptor 0 read error: -71 [ 195.390939][ T5523] usb 6-1: USB disconnect, device number 26 [ 195.503051][ T9263] syzkaller0: entered promiscuous mode [ 196.404509][ T40] audit: type=1326 audit(1777348261.157:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9291 comm="syz.0.1264" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf700efcc code=0x0 [ 196.850639][ T10] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 196.933796][ T5841] usb 7-1: new high-speed USB device number 33 using dummy_hcd [ 197.015523][ T10] usb 5-1: config index 0 descriptor too short (expected 24929, got 18) [ 197.020186][ T10] usb 5-1: config 97 has too many interfaces: 97, using maximum allowed: 32 [ 197.030034][ T10] usb 5-1: config 97 has an invalid descriptor of length 97, skipping remainder of the config [ 197.039000][ T10] usb 5-1: config 97 has 0 interfaces, different from the descriptor's value: 97 [ 197.068135][ T10] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 197.080445][ T5841] usb 7-1: Using ep0 maxpacket: 16 [ 197.086089][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 197.097709][ T5841] usb 7-1: config 0 has no interfaces? [ 197.100215][ T5841] usb 7-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 197.115987][ T5841] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 197.150603][ T5841] usb 7-1: config 0 descriptor?? [ 197.699573][ T5841] usb 7-1: USB disconnect, device number 33 [ 198.465705][ T5745] Bluetooth: hci4: command 0x1003 tx timeout [ 198.471414][ T5751] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 198.953930][ T1430] ieee802154 phy0 wpan0: encryption failed: -22 [ 198.966392][ T1430] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.012904][ T9346] syzkaller0: entered promiscuous mode [ 199.014815][ T9346] syzkaller0: entered allmulticast mode [ 199.283932][ T9348] syzkaller1: entered promiscuous mode [ 199.286934][ T9348] syzkaller1: entered allmulticast mode [ 199.325783][ T9348] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1283'. [ 199.652830][ T10] usb 5-1: string descriptor 0 read error: -71 [ 199.748603][ T10] usb 5-1: USB disconnect, device number 29 [ 200.161992][ T9369] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1292'. [ 201.995997][ T9443] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1309'. [ 202.256365][ T9455] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1310'. [ 202.276833][ T9455] netlink: 'syz.3.1310': attribute type 1 has an invalid length. [ 203.114012][ T9452] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 203.147826][ T9452] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 203.285750][ T9492] netlink: 'syz.2.1316': attribute type 2 has an invalid length. [ 203.307314][ T9492] tipc: Started in network mode [ 203.317286][ T9492] tipc: Node identity 8, cluster identity 4711 [ 203.337074][ T9492] tipc: Node number set to 8 [ 203.347072][ T9452] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 203.352436][ T9452] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 203.510669][ T9452] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 203.513047][ T9452] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 203.570468][ T1338] usb 6-1: new low-speed USB device number 27 using dummy_hcd [ 203.745314][ T1338] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 203.750909][ T1338] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 203.759165][ T1338] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 203.769689][ T1338] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 203.792811][ T1338] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 203.808740][ T1338] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 203.814057][ T1338] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 203.819452][ T1338] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 203.829698][ T1338] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 203.835049][ T1338] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 203.841046][ T1338] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 203.846058][ T1338] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 203.860985][ T1338] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 203.867397][ T1338] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 203.874073][ T1338] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 203.883119][ T1338] usb 6-1: string descriptor 0 read error: -22 [ 203.887119][ T1338] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 203.915078][ T1338] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 203.942793][ T1338] adutux 6-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 203.980359][ T9505] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 8 [ 204.128186][ T1338] usb 6-1: USB disconnect, device number 27 [ 204.590534][ T9518] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1323'. [ 205.993244][ T5523] usb 7-1: new low-speed USB device number 34 using dummy_hcd [ 206.205456][ T5523] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 206.235387][ T5523] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 206.266646][ T9569] syzkaller0: entered promiscuous mode [ 206.267154][ T5523] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 206.298764][ T9569] syzkaller0: entered allmulticast mode [ 206.391811][ T5523] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 206.396746][ T5523] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 206.428006][ T5523] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 206.430504][ T5523] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 206.435449][ T5523] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 206.441317][ T5523] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 206.446003][ T5523] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 206.453815][ T5523] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 206.457956][ T5523] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 206.465921][ T5523] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 206.470087][ T5523] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 206.476033][ T5523] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 206.486074][ T5523] usb 7-1: string descriptor 0 read error: -22 [ 206.530471][ T5523] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 206.549924][ T5523] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 206.595994][ T5523] adutux 7-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 206.750920][ T9578] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1342'. [ 206.800455][ T1338] usb 7-1: USB disconnect, device number 34 [ 207.794550][ T9605] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1344'. [ 212.691492][ T9611] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1347'. [ 212.925170][ T40] audit: type=1326 audit(1777348277.687:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9651 comm="syz.2.1354" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f03fcc code=0x0 [ 213.226780][ T10] IPVS: starting estimator thread 0... [ 213.374960][ T9660] IPVS: using max 27 ests per chain, 64800 per kthread [ 213.577167][ T5845] usb 7-1: new high-speed USB device number 35 using dummy_hcd [ 213.753466][ T5845] usb 7-1: config index 0 descriptor too short (expected 24929, got 18) [ 213.757062][ T5845] usb 7-1: config 97 has too many interfaces: 97, using maximum allowed: 32 [ 213.761423][ T5845] usb 7-1: config 97 has an invalid descriptor of length 97, skipping remainder of the config [ 213.780524][ T5845] usb 7-1: config 97 has 0 interfaces, different from the descriptor's value: 97 [ 213.797112][ T5845] usb 7-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 213.833654][ T5845] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 214.124306][ T9675] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1362'. [ 214.214396][ T9675] netlink: 264 bytes leftover after parsing attributes in process `syz.3.1362'. [ 214.295205][ T9684] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1366'. [ 214.674116][ T5523] usb 8-1: new low-speed USB device number 15 using dummy_hcd [ 214.767377][ T9700] syzkaller1: entered promiscuous mode [ 214.802444][ T9700] syzkaller1: entered allmulticast mode [ 214.893345][ T5523] usb 8-1: config 0 has an invalid interface number: 1 but max is 0 [ 214.896315][ T5523] usb 8-1: config 0 has no interface number 0 [ 214.898578][ T5523] usb 8-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 214.954909][ T5523] usb 8-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 214.967865][ T5523] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 214.980134][ T5523] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 215.020765][ T5523] usb 8-1: config 0 descriptor?? [ 215.036764][ T9689] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 215.056966][ T5523] iowarrior 8-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 215.101738][ T5745] Bluetooth: hci4: command 0x1003 tx timeout [ 215.110557][ T5751] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 215.263402][ T5523] usb 8-1: USB disconnect, device number 15 [ 216.068942][ T9726] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1379'. [ 216.335534][ T5845] usb 7-1: string descriptor 0 read error: -71 [ 216.341497][ T5845] usb 7-1: USB disconnect, device number 35 [ 216.479840][ T9740] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1386'. [ 216.500212][ T9740] netlink: 264 bytes leftover after parsing attributes in process `syz.2.1386'. [ 216.510924][ T10] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 216.670446][ T10] usb 6-1: Using ep0 maxpacket: 16 [ 216.683532][ T10] usb 6-1: config 0 has no interfaces? [ 216.686277][ T10] usb 6-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 216.690013][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 216.723974][ T10] usb 6-1: config 0 descriptor?? [ 216.823564][ T9745] syzkaller0: entered promiscuous mode [ 217.238028][ T10] usb 6-1: USB disconnect, device number 28 [ 217.282947][ T9751] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1390'. [ 222.734295][ T9766] nbd: couldn't find device at index 0 [ 222.902633][ T9773] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1397'. [ 222.956620][ T9773] netlink: 264 bytes leftover after parsing attributes in process `syz.2.1397'. [ 223.203339][ T5523] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 223.231590][ T9790] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1404'. [ 223.381220][ T5523] usb 6-1: Using ep0 maxpacket: 16 [ 223.388642][ T5523] usb 6-1: config 0 has no interfaces? [ 223.427800][ T5523] usb 6-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 223.463764][ T5523] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.481093][ T5523] usb 6-1: config 0 descriptor?? [ 223.644945][ T9803] syzkaller0: entered promiscuous mode [ 223.904174][ T5812] usb 6-1: USB disconnect, device number 29 [ 224.184030][ T9828] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1411'. [ 224.354603][ T9832] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1412'. [ 224.377415][ T9832] netlink: 264 bytes leftover after parsing attributes in process `syz.0.1412'. [ 224.596595][ T9837] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1414'. [ 224.978516][ T9853] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1416'. [ 229.546378][ T9839] syzkaller0: entered promiscuous mode [ 229.565516][ T9839] syzkaller0: entered allmulticast mode [ 235.451142][ T5819] usb 8-1: new low-speed USB device number 16 using dummy_hcd [ 235.523885][ T9944] ======================================================= [ 235.523885][ T9944] WARNING: The mand mount option has been deprecated and [ 235.523885][ T9944] and is ignored by this kernel. Remove the mand [ 235.523885][ T9944] option from the mount to silence this warning. [ 235.523885][ T9944] ======================================================= [ 235.674024][ T5819] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 235.700386][ T5819] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 235.711711][ T5819] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 235.719282][ T5819] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 235.725778][ T5819] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 235.733762][ T5819] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 235.738736][ T5819] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 235.744572][ T5819] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 235.765076][ T5819] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 235.771046][ T5819] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 235.779300][ T5819] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 235.784039][ T5819] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 235.790894][ T5819] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 235.799274][ T5819] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 235.804697][ T5819] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 235.849795][ T5819] usb 8-1: string descriptor 0 read error: -22 [ 235.852976][ T5819] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 235.856207][ T5819] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 235.875837][ T9953] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1442'. [ 235.908473][ T5819] adutux 8-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 236.643407][ T5523] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 236.695974][ T40] audit: type=1326 audit(1777348301.457:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9972 comm="syz.1.1449" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf6fcefcc code=0x0 [ 236.792358][ T5523] usb 5-1: device descriptor read/64, error -71 [ 237.040495][ T5523] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 237.123200][ T1035] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 237.180625][ T5523] usb 5-1: device descriptor read/64, error -71 [ 237.295998][ T1035] usb 6-1: config 0 has no interfaces? [ 237.299666][ T1035] usb 6-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 237.300859][ T5523] usb usb5-port1: attempt power cycle [ 237.305054][ T1035] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 237.325219][ T1035] usb 6-1: config 0 descriptor?? [ 237.640703][ T5523] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 237.662731][ T5523] usb 5-1: device descriptor read/8, error -71 [ 237.942068][ T5523] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 237.963981][ T5523] usb 5-1: device descriptor read/8, error -71 [ 238.070992][ T5523] usb usb5-port1: unable to enumerate USB device [ 238.227036][ T5819] usb 8-1: USB disconnect, device number 16 [ 238.860619][ T5745] Bluetooth: hci4: command 0x1003 tx timeout [ 238.863074][ T5751] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 239.538219][ T9991] syzkaller0: entered promiscuous mode [ 239.954263][T10006] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1460'. [ 239.974483][ T5845] usb 6-1: USB disconnect, device number 30 [ 240.004558][T10008] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1459'. [ 241.040983][T10037] syzkaller0: entered promiscuous mode [ 241.063114][ T10] usb 5-1: new low-speed USB device number 34 using dummy_hcd [ 241.249297][ T10] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 241.257330][ T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 241.263194][ T10] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 241.269774][ T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 241.277080][ T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 241.285535][ T10] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 241.289686][ T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 241.305053][ T10] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 241.314767][ T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 241.324481][ T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 241.332153][ T10] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 241.337027][ T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 241.353493][ T10] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 241.364460][ T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 241.379704][ T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 241.414660][ T10] usb 5-1: string descriptor 0 read error: -22 [ 241.430422][ T10] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 241.460359][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.492165][T10049] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1471'. [ 241.505185][T10049] netlink: 264 bytes leftover after parsing attributes in process `syz.3.1471'. [ 241.510740][ T10] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 241.666343][T10058] block nbd1: Cannot use ioctl interface on a netlink controlled device. [ 241.679175][T10058] block nbd1: Cannot use ioctl interface on a netlink controlled device. [ 242.129115][T10077] syzkaller0: entered promiscuous mode [ 242.150876][T10077] syzkaller0: entered allmulticast mode [ 243.840348][ T5523] usb 5-1: USB disconnect, device number 34 [ 246.953928][T10115] syzkaller0: entered promiscuous mode [ 247.290601][ T5523] usb 8-1: new high-speed USB device number 17 using dummy_hcd [ 247.462551][ T5523] usb 8-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config [ 247.470355][ T5523] usb 8-1: config 1 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 6 [ 247.497092][ T5523] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 247.523247][ T5523] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 247.535677][ T5523] usb 8-1: Product: syz [ 247.583343][ T5523] usb 8-1: Manufacturer: syz [ 247.586432][ T5523] usb 8-1: SerialNumber: syz [ 247.627405][T10133] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1504'. [ 247.644148][ T5523] usb 8-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 247.827242][ T39] usb 8-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 248.072035][ T10] usb 8-1: USB disconnect, device number 17 [ 248.671480][ T5845] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 248.744405][T10158] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1513'. [ 248.850390][ T5845] usb 5-1: Using ep0 maxpacket: 8 [ 248.856580][ T5845] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 248.861430][ T5845] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 248.868308][ T5845] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 248.875691][ T5845] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 248.918173][ T5845] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 248.928331][ T5845] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 248.950753][ T39] ath9k_htc 8-1:1.0: ath9k_htc: Target is unresponsive [ 248.957754][ T39] ath9k_htc: Failed to initialize the device [ 248.991274][ T10] usb 8-1: ath9k_htc: USB layer deinitialized [ 249.010713][ T5845] hub 5-1:1.0: bad descriptor, ignoring hub [ 249.014257][ T5845] hub 5-1:1.0: probe with driver hub failed with error -5 [ 249.018177][ T5845] cdc_wdm 5-1:1.0: skipping garbage [ 249.020733][ T5845] cdc_wdm 5-1:1.0: skipping garbage [ 249.027260][ T5845] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 249.030604][ T5845] cdc_wdm 5-1:1.0: Unknown control protocol [ 249.080463][T10164] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1516'. [ 249.351060][ T10] usb 8-1: new high-speed USB device number 18 using dummy_hcd [ 249.533404][ T10] usb 8-1: Using ep0 maxpacket: 32 [ 249.547153][ T10] usb 8-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config [ 249.551598][ T10] usb 8-1: config 1 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 6 [ 249.623281][ T10] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 1.08 [ 249.626735][ T10] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 249.639292][ T10] usb 8-1: Product: syz [ 249.647547][ T10] usb 8-1: Manufacturer: syz [ 249.649794][ T10] usb 8-1: SerialNumber: syz [ 249.654014][ T5845] usb 5-1: USB disconnect, device number 35 [ 249.693780][ T10] ldusb 8-1:1.0: LD USB Device #0 now attached to major 180 minor 0 [ 249.971415][ T5827] usb 8-1: USB disconnect, device number 18 [ 249.994170][T10122] ldusb 8-1:1.0: Couldn't submit interrupt_out_urb -19 [ 250.035831][ T5827] ldusb 8-1:1.0: LD USB Device #0 now disconnected [ 251.178167][T10229] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1544'. [ 251.904678][T10252] syzkaller0: entered promiscuous mode [ 251.907174][T10252] syzkaller0: entered allmulticast mode [ 252.043246][T10256] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1554'. [ 252.975079][T10284] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1565'. [ 253.318584][T10289] syzkaller0: entered promiscuous mode [ 253.321315][T10289] syzkaller0: entered allmulticast mode [ 253.693374][T10299] syzkaller0: entered promiscuous mode [ 253.713200][T10299] syzkaller0: entered allmulticast mode [ 253.772615][T10304] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1574'. [ 254.854850][T10326] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1583'. [ 254.999592][T10328] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1584'. [ 255.344203][T10332] 0x00000000e356-0x00000000e35d : "" [ 255.409880][T10332] ftl_cs: FTL header corrupt! [ 259.505535][T10349] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1593'. [ 259.635561][T10353] tipc: Enabling of bearer rejected, failed to enable media [ 259.960239][T10373] syzkaller0: entered promiscuous mode [ 259.964132][T10373] syzkaller0: entered allmulticast mode [ 260.333754][ T5812] usb 8-1: new high-speed USB device number 19 using dummy_hcd [ 260.382096][ T1430] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.384987][ T1430] ieee802154 phy1 wpan1: encryption failed: -22 [ 260.544082][ T5812] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 260.548945][ T5812] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 260.555247][ T5812] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 260.560826][ T5812] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.568966][T10378] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 260.586764][ T5812] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 260.828408][ T5842] usb 8-1: USB disconnect, device number 19 [ 261.791522][T10401] netlink: 'syz.1.1613': attribute type 2 has an invalid length. [ 261.797019][T10401] netlink: 'syz.1.1613': attribute type 2 has an invalid length. [ 262.470790][ T841] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 262.620585][ T841] usb 6-1: Using ep0 maxpacket: 32 [ 262.624717][ T841] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 262.628038][ T841] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 262.636699][ T841] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 262.674965][ T841] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 262.685622][ T841] usb 6-1: config 0 interface 0 has no altsetting 0 [ 262.705241][ T841] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 262.709833][ T841] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 262.728029][ T841] usb 6-1: Product: syz [ 262.731311][ T841] usb 6-1: Manufacturer: syz [ 262.733334][ T841] usb 6-1: SerialNumber: syz [ 262.753737][ T841] usb 6-1: config 0 descriptor?? [ 262.758675][ T841] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 262.784340][ T841] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 263.275427][ T841] usb 6-1: USB disconnect, device number 31 [ 263.288182][ T841] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 263.925322][T10414] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1618'. [ 266.440979][T10436] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1628'. [ 266.574642][ T5827] usb 8-1: new high-speed USB device number 20 using dummy_hcd [ 266.721235][ T5827] usb 8-1: device descriptor read/64, error -71 [ 266.970442][ T5827] usb 8-1: new high-speed USB device number 21 using dummy_hcd [ 267.001769][T10450] input: syz0 as /devices/virtual/input/input9 [ 267.131641][ T5827] usb 8-1: device descriptor read/64, error -71 [ 267.261263][ T5827] usb usb8-port1: attempt power cycle [ 267.427972][T10461] binder: 10456:10461 ioctl c0306201 80000040 returned -22 [ 267.459288][T10461] binder: 10456:10461 ioctl c0306201 80000640 returned -22 [ 267.643713][ T5827] usb 8-1: new high-speed USB device number 22 using dummy_hcd [ 267.671078][T10466] syzkaller1: entered promiscuous mode [ 267.692087][T10466] syzkaller1: entered allmulticast mode [ 267.818589][ T5827] usb 8-1: device descriptor read/8, error -71 [ 268.096522][ T5827] usb 8-1: new high-speed USB device number 23 using dummy_hcd [ 268.121162][ T5827] usb 8-1: device descriptor read/8, error -71 [ 268.244714][ T5827] usb usb8-port1: unable to enumerate USB device [ 269.099818][T10489] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1644'. [ 269.119134][T10489] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1644'. [ 269.630645][ T5827] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 269.707971][T10508] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1649'. [ 269.732842][T10509] syzkaller1: entered promiscuous mode [ 269.736395][T10509] syzkaller1: entered allmulticast mode [ 269.845770][T10517] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1653'. [ 269.850630][ T5827] usb 6-1: Using ep0 maxpacket: 8 [ 269.912703][ T5827] usb 6-1: config 0 has an invalid interface number: 186 but max is 0 [ 269.934214][ T5827] usb 6-1: config 0 has no interface number 0 [ 269.946576][ T5827] usb 6-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 269.952875][ T5827] usb 6-1: config 0 interface 186 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 269.958499][ T5827] usb 6-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A [ 269.964878][ T5827] usb 6-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 269.969128][ T5827] usb 6-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 269.979726][ T5827] usb 6-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5 [ 269.983343][ T5827] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 269.987087][ T5827] usb 6-1: Product: syz [ 269.989195][ T5827] usb 6-1: Manufacturer: syz [ 269.991627][ T5827] usb 6-1: SerialNumber: syz [ 270.003683][ T5827] usb 6-1: config 0 descriptor?? [ 270.243503][ T5827] iowarrior 6-1:0.186: IOWarrior product=0x1505, serial= interface=186 now attached to iowarrior0 [ 270.355381][T10529] syzkaller0: entered promiscuous mode [ 270.358068][T10529] syzkaller0: entered allmulticast mode [ 270.441101][ T5819] usb 6-1: USB disconnect, device number 32 [ 271.001698][T10537] overlayfs: missing 'lowerdir' [ 271.065176][T10538] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1660'. [ 271.286599][T10544] syzkaller1: entered promiscuous mode [ 271.288835][T10544] syzkaller1: entered allmulticast mode [ 271.371012][ T5819] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 271.535552][ T5819] usb 6-1: Using ep0 maxpacket: 8 [ 271.551820][ T5819] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 271.567351][ T5819] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 271.594540][ T5819] usb 6-1: config 0 interface 0 has no altsetting 0 [ 271.597559][ T5819] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 271.626227][ T5819] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.641233][ T5819] usb 6-1: config 0 descriptor?? [ 272.099223][ T5819] mcp2221 0003:04D8:00DD.0008: unknown main item tag 0x0 [ 272.101982][ T5819] mcp2221 0003:04D8:00DD.0008: unknown main item tag 0x0 [ 272.104809][ T5819] mcp2221 0003:04D8:00DD.0008: unknown main item tag 0x0 [ 272.110686][ T5819] mcp2221 0003:04D8:00DD.0008: unknown main item tag 0x0 [ 272.114011][ T5819] mcp2221 0003:04D8:00DD.0008: unknown main item tag 0x0 [ 272.154297][ T5819] mcp2221 0003:04D8:00DD.0008: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0 [ 272.368433][ T5819] usb 6-1: USB disconnect, device number 33 [ 272.988816][T10575] syzkaller1: entered promiscuous mode [ 272.992478][T10575] syzkaller1: entered allmulticast mode [ 273.040475][ T5812] usb 8-1: new high-speed USB device number 24 using dummy_hcd [ 273.169341][T10579] syzkaller1: entered promiscuous mode [ 273.171831][T10579] syzkaller1: entered allmulticast mode [ 273.220539][ T5812] usb 8-1: Using ep0 maxpacket: 8 [ 273.224688][ T5812] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 273.228736][ T5812] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 273.243239][ T5812] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 273.243266][ T5812] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 273.243285][ T5812] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 273.243320][ T5812] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 273.243339][ T5812] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 273.467469][ T5812] usb 8-1: usb_control_msg returned -32 [ 273.470236][ T5812] usbtmc 8-1:16.0: can't read capabilities [ 273.544680][T10592] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1683'. [ 273.551094][T10592] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1683'. [ 274.186518][T10599] usbtmc 8-1:16.0: usb_clear_halt returned -32 [ 274.379143][ T39] usb 8-1: USB disconnect, device number 24 [ 274.556940][T10603] syzkaller1: entered promiscuous mode [ 274.563805][T10603] syzkaller1: entered allmulticast mode [ 274.863153][T10605] syzkaller0: entered promiscuous mode [ 280.597234][T10610] syzkaller1: entered promiscuous mode [ 280.599707][T10610] syzkaller1: entered allmulticast mode [ 280.604326][T10617] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1692'. [ 280.609650][T10618] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1692'. [ 281.480943][T10654] syzkaller1: entered promiscuous mode [ 281.493290][T10654] syzkaller1: entered allmulticast mode [ 281.827332][T10660] syzkaller0: entered promiscuous mode [ 281.829953][T10660] syzkaller0: entered allmulticast mode [ 287.246413][T10681] syzkaller0: entered promiscuous mode [ 287.257475][T10681] syzkaller0: entered allmulticast mode [ 287.871425][ T5819] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 288.108748][ T5819] usb 5-1: device descriptor read/64, error -71 [ 288.360463][ T5819] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 288.517150][ T5819] usb 5-1: device descriptor read/64, error -71 [ 288.622260][ T5819] usb usb5-port1: attempt power cycle [ 288.980437][ T5819] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 289.072218][ T5819] usb 5-1: device descriptor read/8, error -71 [ 289.320495][ T5819] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 289.402995][ T5819] usb 5-1: device descriptor read/8, error -71 [ 289.516155][ T5819] usb usb5-port1: unable to enumerate USB device [ 294.509423][T10755] syzkaller0: entered promiscuous mode [ 294.513409][T10755] syzkaller0: entered allmulticast mode [ 294.559901][T10755] 0: reclassify loop, rule prio 0, protocol 800 [ 294.706733][T10761] binder: 10758:10761 ioctl c0306201 80000040 returned -22 [ 294.718562][T10761] binder: 10758:10761 ioctl c0306201 80000640 returned -22 [ 295.446957][T10774] syzkaller0: entered promiscuous mode [ 300.969110][T10799] overlay: Bad value for 'workdir' [ 301.159517][T10805] syzkaller1: entered promiscuous mode [ 301.170933][T10805] syzkaller1: entered allmulticast mode [ 301.563035][ T40] audit: type=1326 audit(1777348366.327:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10810 comm="syz.0.1748" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf700efcc code=0x0 [ 301.642498][T10811] syzkaller0: entered promiscuous mode [ 301.645846][T10811] syzkaller0: entered allmulticast mode [ 301.972292][T10831] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 8 [ 301.980517][ T39] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 302.152238][ T39] usb 5-1: config index 0 descriptor too short (expected 24929, got 18) [ 302.156310][ T39] usb 5-1: config 97 has too many interfaces: 97, using maximum allowed: 32 [ 302.159777][ T39] usb 5-1: config 97 has an invalid descriptor of length 97, skipping remainder of the config [ 302.166086][ T39] usb 5-1: config 97 has 0 interfaces, different from the descriptor's value: 97 [ 302.169552][ T39] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 302.211537][ T39] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 302.444764][T10842] syzkaller1: entered promiscuous mode [ 302.447644][T10842] syzkaller1: entered allmulticast mode [ 302.648581][T10846] syz.3.1761 (10846): /proc/10845/oom_adj is deprecated, please use /proc/10845/oom_score_adj instead. [ 303.030717][T10856] CUSE: unknown device info "" [ 303.033684][T10856] CUSE: unknown device info "" [ 303.035592][T10856] CUSE: unknown device info "ÿw" [ 303.037657][T10856] CUSE: unknown device info "" [ 303.039733][T10856] CUSE: unknown device info "" [ 303.041952][T10856] CUSE: unknown device info "" [ 303.045494][T10856] CUSE: unknown device info "" [ 303.047823][T10856] CUSE: unknown device info "" [ 303.050234][T10856] CUSE: DEVNAME unspecified [ 303.129472][T10858] syzkaller0: entered promiscuous mode [ 303.132999][T10858] syzkaller0: entered allmulticast mode [ 303.670440][ T5745] Bluetooth: hci4: command 0x1003 tx timeout [ 303.691600][ T5751] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 304.883519][ T39] usb 5-1: string descriptor 0 read error: -71 [ 304.887855][ T39] usb 5-1: USB disconnect, device number 40 [ 309.810015][T10896] syzkaller1: entered promiscuous mode [ 309.812376][T10896] syzkaller1: entered allmulticast mode [ 310.083140][T10921] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1780'. [ 310.575617][T10944] syzkaller0: entered promiscuous mode [ 310.591191][T10944] syzkaller0: entered allmulticast mode [ 310.821151][T10946] syzkaller0: entered promiscuous mode [ 310.825518][T10946] syzkaller0: entered allmulticast mode [ 311.472678][T10960] kAFS: No cell specified [ 311.712016][T10969] gretap0: entered promiscuous mode [ 311.725279][T10967] syzkaller0: entered promiscuous mode [ 311.727911][T10967] syzkaller0: entered allmulticast mode [ 312.244937][T10985] syzkaller0: entered promiscuous mode [ 312.248045][T10985] syzkaller0: entered allmulticast mode [ 312.255360][T10988] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1804'. [ 312.794108][T11001] syzkaller0: entered promiscuous mode [ 312.798360][T11001] syzkaller0: entered allmulticast mode [ 314.010564][ T39] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 314.222710][ T39] usb 5-1: config 4 has an invalid interface number: 107 but max is 0 [ 314.227730][ T39] usb 5-1: config 4 has no interface number 0 [ 314.232498][ T39] usb 5-1: config 4 interface 107 has no altsetting 0 [ 314.237669][ T39] usb 5-1: New USB device found, idVendor=413c, idProduct=81b1, bcdDevice=7c.55 [ 314.248758][ T39] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 314.259115][ T39] usb 5-1: Product: syz [ 314.262137][ T39] usb 5-1: Manufacturer: syz [ 314.265199][ T39] usb 5-1: SerialNumber: syz [ 314.331275][T11028] overlayfs: missing 'lowerdir' [ 314.540755][ T39] usb 5-1: USB disconnect, device number 41 [ 318.715816][T11017] gretap0: entered promiscuous mode [ 318.913087][T11064] overlayfs: missing 'lowerdir' [ 319.938127][T11085] syzkaller0: entered promiscuous mode [ 319.951022][T11085] syzkaller0: entered allmulticast mode [ 320.540016][T11091] overlayfs: missing 'lowerdir' [ 320.981403][T11099] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1844'. [ 321.148090][T11108] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1849'. [ 321.195791][T11113] overlayfs: missing 'lowerdir' [ 321.202853][T11109] syzkaller0: entered promiscuous mode [ 321.206664][T11109] syzkaller0: entered allmulticast mode [ 321.563092][T11123] kAFS: No cell specified [ 321.878966][ T1430] ieee802154 phy0 wpan0: encryption failed: -22 [ 321.883407][ T1430] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.306743][T11139] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1859'. [ 322.954252][T11154] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1867'. [ 322.960400][T11154] netlink: 264 bytes leftover after parsing attributes in process `syz.3.1867'. [ 322.994475][T11157] capability: warning: `syz.1.1868' uses deprecated v2 capabilities in a way that may be insecure [ 323.175818][T11163] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1870'. [ 323.580749][T11182] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1879'. [ 323.585279][T11182] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1879'. [ 323.738407][T11184] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1880'. [ 323.790053][T11184] netlink: 264 bytes leftover after parsing attributes in process `syz.2.1880'. [ 323.934613][T11188] kAFS: No cell specified [ 324.036732][ T40] audit: type=1326 audit(1777348388.797:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11190 comm="syz.2.1882" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f03fcc code=0x0 [ 324.134387][T11197] syzkaller0: entered promiscuous mode [ 324.235980][T11201] tmpfs: Unknown parameter 'grpquota_b' [ 326.043830][T11215] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1890'. [ 326.087252][T11215] netlink: 264 bytes leftover after parsing attributes in process `syz.3.1890'. [ 327.177311][T11222] kAFS: No cell specified [ 328.571779][T11238] tmpfs: Unknown parameter 'grpquota_b' [ 329.453265][ T1035] usb 8-1: new high-speed USB device number 25 using dummy_hcd [ 329.660166][ T1035] usb 8-1: Using ep0 maxpacket: 16 [ 329.720653][ T1035] usb 8-1: config 0 has no interfaces? [ 329.724757][ T1035] usb 8-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 329.730813][ T1035] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 329.763539][ T1035] usb 8-1: config 0 descriptor?? [ 329.986615][ T1035] usb 8-1: USB disconnect, device number 25 [ 330.635470][ T40] audit: type=1326 audit(1777348395.397:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11245 comm="syz.3.1900" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf6fdefcc code=0x0 [ 331.015594][T11249] afs: Unknown parameter 'dy' [ 331.016543][ T5812] usb 8-1: new high-speed USB device number 26 using dummy_hcd [ 331.187464][ T5812] usb 8-1: config index 0 descriptor too short (expected 24929, got 18) [ 331.193855][ T5812] usb 8-1: config 97 has too many interfaces: 97, using maximum allowed: 32 [ 331.200597][ T5812] usb 8-1: config 97 has an invalid descriptor of length 97, skipping remainder of the config [ 331.206296][ T5812] usb 8-1: config 97 has 0 interfaces, different from the descriptor's value: 97 [ 331.212601][ T5812] usb 8-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 331.219889][ T5812] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.341013][T11262] tmpfs: Unknown parameter 'grpquota_block_har' [ 331.687321][T11267] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1909'. [ 332.051154][T11276] afs: Unknown parameter 'dy' [ 332.175993][T11280] netlink: 'syz.1.1915': attribute type 8 has an invalid length. [ 332.279334][T11286] netlink: 'syz.1.1917': attribute type 1 has an invalid length. [ 332.330874][T11286] 8021q: adding VLAN 0 to HW filter on device bond1 [ 332.378943][T11288] bond1: entered promiscuous mode [ 332.380972][T11288] bond1: entered allmulticast mode [ 332.494492][T11297] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1921'. [ 333.414544][T11307] afs: Unknown parameter 'dy' [ 333.654430][ T5812] usb 8-1: string descriptor 0 read error: -71 [ 333.685063][ T5812] usb 8-1: USB disconnect, device number 26 [ 333.752775][T11317] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1928'. [ 334.092124][T11324] syzkaller1: entered promiscuous mode [ 334.099410][T11324] syzkaller1: entered allmulticast mode [ 335.441888][T11342] tmpfs: Unknown parameter 'grpquota_block_har' [ 335.822712][T11350] syzkaller1: entered promiscuous mode [ 335.827480][T11350] syzkaller1: entered allmulticast mode [ 336.323994][T11370] tmpfs: Unknown parameter 'grpquota_block_hardlim' [ 336.538733][ T5827] usb 5-1: new full-speed USB device number 42 using dummy_hcd [ 336.682278][ T5827] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 336.685876][ T5827] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 336.694097][ T5827] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 336.720928][ T5827] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 81 [ 336.728549][ T5827] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 336.755005][ T5827] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 336.795571][ T5827] usb 5-1: config 0 descriptor?? [ 337.135458][T11386] binder: 11383:11386 ioctl c0306201 80000040 returned -22 [ 337.139516][T11386] binder: 11383:11386 ioctl c0306201 80000640 returned -22 [ 337.406222][T11394] tmpfs: Unknown parameter 'grpquota_block_hardlim' [ 338.487534][T11426] Bluetooth: MGMT ver 1.23 [ 338.735791][T11432] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1975'. [ 338.990681][T11440] syzkaller0: entered promiscuous mode [ 339.032973][T11440] syzkaller0: entered allmulticast mode [ 339.369243][ T5842] usb 5-1: USB disconnect, device number 42 [ 339.769488][T11459] tmpfs: Bad value for 'grpquota_block_hardlimit' [ 340.078398][T11469] overlayfs: missing 'lowerdir' [ 340.929968][T11486] syzkaller0: entered promiscuous mode [ 340.934251][T11486] syzkaller0: entered allmulticast mode [ 341.606216][T11503] overlayfs: missing 'lowerdir' [ 341.992531][T11506] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2000'. [ 342.459008][T11522] binder: 11521:11522 ioctl c0306201 0 returned -14 [ 343.017165][T11528] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2007'. [ 343.029169][T11528] netlink: 264 bytes leftover after parsing attributes in process `syz.0.2007'. [ 343.379160][T11537] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2010'. [ 343.828439][T11551] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2016'. [ 343.840418][T11551] netlink: 264 bytes leftover after parsing attributes in process `syz.1.2016'. [ 344.262805][T11567] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2021'. [ 344.546526][T11576] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2026'. [ 344.553466][T11576] netlink: 264 bytes leftover after parsing attributes in process `syz.0.2026'. [ 345.119805][T11590] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2030'. [ 345.230368][ T39] usb 8-1: new full-speed USB device number 27 using dummy_hcd [ 345.265063][T11592] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2031'. [ 345.422485][ T39] usb 8-1: config index 0 descriptor too short (expected 29220, got 36) [ 345.429384][ T39] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 345.432829][T11600] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2035'. [ 345.439559][ T39] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 345.446961][ T39] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 345.452423][ T39] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 345.457555][ T39] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18 [ 345.458402][T11600] netlink: 264 bytes leftover after parsing attributes in process `syz.2.2035'. [ 345.467353][ T39] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 345.485870][ T39] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 345.494310][ T39] usb 8-1: config 0 descriptor?? [ 345.649769][T11603] syzkaller0: entered promiscuous mode [ 345.653041][T11603] syzkaller0: entered allmulticast mode [ 346.015702][T11610] syzkaller1: entered promiscuous mode [ 346.019043][T11610] syzkaller1: entered allmulticast mode [ 346.713958][T11619] smbdirect: ib_dev[syz0]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000 [ 346.751786][T11619] smbdirect: ib_dev[syz0]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6 [ 346.781419][T11619] smbdirect: ib_dev[syz0]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008 [ 346.855811][T11619] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 346.947044][T11627] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2044'. [ 347.008409][T11619] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 348.028573][ T1035] usb 8-1: USB disconnect, device number 27 [ 348.938307][T11659] virt_wifi0 speed is unknown, defaulting to 1000 [ 348.941934][T11659] virt_wifi0 speed is unknown, defaulting to 1000 [ 348.947105][T11659] virt_wifi0 speed is unknown, defaulting to 1000 [ 348.965471][T11659] smbdirect: ib_dev[syz1]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000 [ 348.972986][T11659] smbdirect: ib_dev[syz1]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6 [ 348.984640][T11659] smbdirect: ib_dev[syz1]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008 [ 348.998555][T11659] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 349.035350][T11659] virt_wifi0 speed is unknown, defaulting to 1000 [ 349.045543][T11659] virt_wifi0 speed is unknown, defaulting to 1000 [ 349.387260][T11659] virt_wifi0 speed is unknown, defaulting to 1000 [ 349.442541][T11659] virt_wifi0 speed is unknown, defaulting to 1000 [ 350.221348][T11683] overlayfs: missing 'lowerdir' [ 351.348584][T11703] NILFS (nullb0): couldn't find nilfs on the device [ 351.635162][T11710] overlayfs: missing 'lowerdir' [ 353.709944][T11755] __nla_validate_parse: 3 callbacks suppressed [ 353.709962][T11755] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2089'. [ 355.368319][T11787] virt_wifi0 speed is unknown, defaulting to 1000 [ 355.494611][ T39] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 355.693767][ T39] usb 6-1: device descriptor read/64, error -71 [ 355.992838][ T39] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 356.144718][ T39] usb 6-1: device descriptor read/64, error -71 [ 356.285752][ T39] usb usb6-port1: attempt power cycle [ 356.701364][ T39] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 356.794217][ T39] usb 6-1: device descriptor read/8, error -71 [ 357.071124][ T39] usb 6-1: new high-speed USB device number 37 using dummy_hcd [ 357.164533][ T39] usb 6-1: device descriptor read/8, error -71 [ 357.272072][ T39] usb usb6-port1: unable to enumerate USB device [ 357.952719][T11827] syzkaller0: entered promiscuous mode [ 357.956517][T11827] syzkaller0: entered allmulticast mode [ 359.509096][T11862] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2128'. [ 365.349966][T11852] syzkaller1: entered promiscuous mode [ 365.353418][T11852] syzkaller1: entered allmulticast mode [ 365.890327][T11893] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2139'. [ 365.934246][T11893] netlink: 264 bytes leftover after parsing attributes in process `syz.1.2139'. [ 366.397160][T11909] loop2: detected capacity change from 0 to 7 [ 366.415405][T11909] Dev loop2: unable to read RDB block 7 [ 366.466008][T11909] loop2: unable to read partition table [ 366.480881][T11909] loop2: partition table beyond EOD, truncated [ 366.484408][T11909] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 366.551896][T11915] overlayfs: missing 'lowerdir' [ 367.500796][ T1035] usb 8-1: new high-speed USB device number 28 using dummy_hcd [ 367.682769][ T1035] usb 8-1: Using ep0 maxpacket: 16 [ 367.705535][ T1035] usb 8-1: config 0 has no interfaces? [ 367.708346][ T1035] usb 8-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 367.712477][ T1035] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 367.718411][ T1035] usb 8-1: config 0 descriptor?? [ 367.934916][ T1035] usb 8-1: USB disconnect, device number 28 [ 368.198528][ T5827] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 368.272633][T11956] overlayfs: missing 'lowerdir' [ 368.330626][ T5827] usb 5-1: device descriptor read/64, error -71 [ 368.605161][ T5827] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 368.775131][ T5827] usb 5-1: device descriptor read/64, error -71 [ 368.977847][ T5827] usb usb5-port1: attempt power cycle [ 368.987040][T11965] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2167'. [ 368.999469][T11965] netlink: 264 bytes leftover after parsing attributes in process `syz.2.2167'. [ 369.189264][T11978] overlayfs: missing 'lowerdir' [ 369.311158][T11981] syzkaller1: entered promiscuous mode [ 369.321424][T11981] syzkaller1: entered allmulticast mode [ 369.402001][ T5827] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 369.442530][ T5827] usb 5-1: device descriptor read/8, error -71 [ 369.778717][ T5827] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 369.820028][ T5827] usb 5-1: device descriptor read/8, error -71 [ 369.951921][ T5827] usb usb5-port1: unable to enumerate USB device [ 371.092370][T12003] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2180'. [ 371.098143][T12003] netlink: 264 bytes leftover after parsing attributes in process `syz.0.2180'. [ 371.332050][T12013] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 371.338980][T12013] block device autoloading is deprecated and will be removed. [ 371.605422][ T40] audit: type=1326 audit(1777348436.367:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12018 comm="syz.0.2186" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf700efcc code=0x0 [ 371.668641][ T5745] Bluetooth: hci4: sending frame failed (-49) [ 371.672967][ T5751] Bluetooth: hci4: Opcode 0x1003 failed: -49 [ 371.744494][T12024] syzkaller1: entered promiscuous mode [ 371.759725][T12024] syzkaller1: entered allmulticast mode [ 372.031743][ T841] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 372.262275][ T841] usb 5-1: config index 0 descriptor too short (expected 24929, got 18) [ 372.265705][ T841] usb 5-1: config 97 has too many interfaces: 97, using maximum allowed: 32 [ 372.272449][ T841] usb 5-1: config 97 has an invalid descriptor of length 97, skipping remainder of the config [ 372.280859][ T841] usb 5-1: config 97 has 0 interfaces, different from the descriptor's value: 97 [ 372.286153][ T841] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 372.290213][ T841] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.482035][T12040] overlayfs: missing 'lowerdir' [ 372.607771][T12047] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2194'. [ 373.967948][ T10] IPVS: starting estimator thread 0... [ 374.070604][T12074] IPVS: using max 27 ests per chain, 64800 per kthread [ 374.650673][ T10] usb 8-1: new high-speed USB device number 29 using dummy_hcd [ 374.797637][ T841] usb 5-1: string descriptor 0 read error: -71 [ 374.801780][ T841] usb 5-1: USB disconnect, device number 47 [ 374.891803][ T10] usb 8-1: device descriptor read/64, error -71 [ 375.170489][ T10] usb 8-1: new high-speed USB device number 30 using dummy_hcd [ 375.779489][T12093] overlayfs: missing 'lowerdir' [ 375.780987][ T10] usb 8-1: device descriptor read/64, error -71 [ 375.941109][ T10] usb usb8-port1: attempt power cycle [ 376.155298][T12097] syzkaller1: entered promiscuous mode [ 376.158556][T12097] syzkaller1: entered allmulticast mode [ 376.290880][ T10] usb 8-1: new high-speed USB device number 31 using dummy_hcd [ 376.350892][ T10] usb 8-1: device descriptor read/8, error -71 [ 376.605186][ T10] usb 8-1: new high-speed USB device number 32 using dummy_hcd [ 376.638890][ T10] usb 8-1: device descriptor read/8, error -71 [ 376.642069][T12104] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2214'. [ 376.652599][T12104] netlink: 264 bytes leftover after parsing attributes in process `syz.2.2214'. [ 376.751700][ T10] usb usb8-port1: unable to enumerate USB device [ 377.121616][ T10] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 377.333819][ T10] usb 5-1: device descriptor read/64, error -71 [ 377.828225][T12120] overlayfs: missing 'lowerdir' [ 378.071273][ T10] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 378.200587][ T10] usb 5-1: device descriptor read/64, error -71 [ 378.381585][T12126] syzkaller1: entered promiscuous mode [ 378.384826][T12126] syzkaller1: entered allmulticast mode [ 378.431855][ T10] usb usb5-port1: attempt power cycle [ 378.790648][ T10] usb 5-1: new high-speed USB device number 50 using dummy_hcd [ 378.824591][ T10] usb 5-1: device descriptor read/8, error -71 [ 379.117046][ T10] usb 5-1: new high-speed USB device number 51 using dummy_hcd [ 379.174299][ T10] usb 5-1: device descriptor read/8, error -71 [ 379.331060][ T10] usb usb5-port1: unable to enumerate USB device [ 379.471346][T12137] binder: 12136:12137 ioctl c0306201 80000080 returned -22 [ 380.730018][T12167] faux_driver vkms: [drm] Unknown color mode 6; guessing buffer size. [ 381.354534][ T841] usb 6-1: new high-speed USB device number 38 using dummy_hcd [ 381.467125][T12178] syzkaller0: entered promiscuous mode [ 381.470376][T12178] syzkaller0: entered allmulticast mode [ 381.480849][ T841] usb 6-1: device descriptor read/64, error -71 [ 381.760693][ T841] usb 6-1: new high-speed USB device number 39 using dummy_hcd [ 382.045599][ T841] usb 6-1: device descriptor read/64, error -71 [ 382.189354][ T841] usb usb6-port1: attempt power cycle [ 382.610727][ T841] usb 6-1: new high-speed USB device number 40 using dummy_hcd [ 383.263985][ T1430] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.267468][ T1430] ieee802154 phy1 wpan1: encryption failed: -22 [ 383.394017][ T841] usb 6-1: device descriptor read/8, error -71 [ 383.703188][ T841] usb 6-1: new high-speed USB device number 41 using dummy_hcd [ 383.731707][ T841] usb 6-1: device descriptor read/8, error -71 [ 383.867768][ T841] usb usb6-port1: unable to enumerate USB device [ 385.499793][T12224] syzkaller0: entered promiscuous mode [ 385.533222][T12224] syzkaller0: entered allmulticast mode [ 385.963791][T12226] syzkaller0: entered promiscuous mode [ 385.979797][T12226] syzkaller0: entered allmulticast mode [ 387.903505][T12251] syzkaller0: entered promiscuous mode [ 387.922203][T12251] syzkaller0: entered allmulticast mode [ 395.020123][T12254] syzkaller0: entered promiscuous mode [ 395.118725][T12304] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2276'. [ 395.137839][T12304] netlink: 264 bytes leftover after parsing attributes in process `syz.1.2276'. [ 399.899104][T12315] bridge0: port 3(vlan2) entered blocking state [ 399.904959][T12315] bridge0: port 3(vlan2) entered disabled state [ 399.928435][T12315] vlan2: entered allmulticast mode [ 399.930836][T12315] bridge0: entered allmulticast mode [ 399.940075][T12315] vlan2: left allmulticast mode [ 399.943400][T12315] bridge0: left allmulticast mode [ 401.206834][T12342] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 8 [ 401.973458][T12370] syz_tun: entered allmulticast mode [ 402.021037][T12370] lo: entered allmulticast mode [ 402.034264][T12369] syz_tun: left allmulticast mode [ 402.160485][ T5523] usb 8-1: new high-speed USB device number 33 using dummy_hcd [ 402.321127][ T5523] usb 8-1: Using ep0 maxpacket: 16 [ 402.345763][ T5523] usb 8-1: config 0 has no interfaces? [ 402.353931][ T5523] usb 8-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 402.365645][ T5523] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 402.372485][ T5523] usb 8-1: config 0 descriptor?? [ 402.605105][ T5827] usb 8-1: USB disconnect, device number 33 [ 403.010602][ T5845] usb 5-1: new high-speed USB device number 52 using dummy_hcd [ 403.203235][ T5845] usb 5-1: Using ep0 maxpacket: 8 [ 403.215995][ T5845] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 403.220199][ T5845] usb 5-1: config 0 interface 0 altsetting 254 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 403.225218][ T5845] usb 5-1: config 0 interface 0 has no altsetting 0 [ 403.227806][ T5845] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 403.231964][ T5845] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 403.237241][ T5845] usb 5-1: config 0 descriptor?? [ 403.250654][ T5845] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 405.292326][ T5827] usb 6-1: new full-speed USB device number 42 using dummy_hcd [ 405.448764][ T5827] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 405.466296][ T5827] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 405.492671][ T5827] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 405.497986][ T5827] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 405.516594][ T5827] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 405.528631][ T5827] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 405.548721][ T5827] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 405.562862][ T5827] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 405.570842][ T5827] usb 6-1: config 0 descriptor?? [ 405.775724][T12081] usb 5-1: USB disconnect, device number 52 [ 405.902954][ T5827] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 42 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 406.003016][ T5523] usb 6-1: USB disconnect, device number 42 [ 406.010893][ T5523] usblp0: removed [ 406.690135][T12461] overlayfs: missing 'lowerdir' [ 408.050368][ T5812] usb 6-1: new full-speed USB device number 43 using dummy_hcd [ 408.301425][ T5812] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 408.306201][ T5812] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 408.338482][ T5812] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 408.343224][ T5812] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 408.348157][ T5812] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 408.359377][ T5812] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 408.385102][ T5812] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 408.393971][ T5812] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 408.407866][ T5812] usb 6-1: config 0 descriptor?? [ 408.432950][T12484] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 408.671568][ T5812] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 43 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 408.856778][ C2] usblp0: nonzero read bulk status received: -71 [ 408.875090][ T5523] usb 6-1: USB disconnect, device number 43 [ 408.924511][ T5523] usblp0: removed [ 410.230233][ T5745] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 410.268147][ T5745] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 410.277602][ T5745] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 410.283435][ T5745] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 410.290013][ T5745] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 410.349040][ T5751] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 410.436974][ T5751] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 410.506486][T12533] overlayfs: missing 'lowerdir' [ 410.514432][ T5751] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 410.576584][ T5751] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 410.651916][ T5751] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 411.240611][ T5523] usb 6-1: new high-speed USB device number 44 using dummy_hcd [ 411.395410][ T5523] usb 6-1: Using ep0 maxpacket: 16 [ 411.406208][ T5523] usb 6-1: config 0 has no interfaces? [ 411.429955][ T5523] usb 6-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 411.434003][ T5523] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 411.539198][ T5523] usb 6-1: config 0 descriptor?? [ 411.762432][ T5523] usb 6-1: USB disconnect, device number 44 [ 411.801831][T12527] virt_wifi0 speed is unknown, defaulting to 1000 [ 412.091041][T12561] syzkaller0: entered promiscuous mode [ 412.094690][T12561] syzkaller0: entered allmulticast mode [ 412.306717][T12527] bridge0: port 1(bridge_slave_0) entered blocking state [ 412.365576][T12527] bridge0: port 1(bridge_slave_0) entered disabled state [ 412.430537][T12527] bridge_slave_0: entered allmulticast mode [ 412.443501][T12527] bridge_slave_0: entered promiscuous mode [ 412.516672][T12527] bridge0: port 2(bridge_slave_1) entered blocking state [ 412.520570][T12527] bridge0: port 2(bridge_slave_1) entered disabled state [ 412.523751][T12527] bridge_slave_1: entered allmulticast mode [ 412.527822][T12527] bridge_slave_1: entered promiscuous mode [ 412.604995][T12527] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 412.621875][T12527] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 412.664488][T12527] team0: Port device team_slave_0 added [ 412.675986][T12527] team0: Port device team_slave_1 added [ 412.794297][ T5751] Bluetooth: hci4: command tx timeout [ 412.846571][T12527] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 412.853492][T12527] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 412.892772][T12527] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 412.933540][T12527] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 412.942271][T12527] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 413.000459][T12527] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 413.319900][T12527] hsr_slave_0: entered promiscuous mode [ 413.323557][T12527] hsr_slave_1: entered promiscuous mode [ 413.328505][T12527] debugfs: 'hsr0' already exists in 'hsr' [ 413.331690][T12527] Cannot create hsr debugfs directory [ 413.606876][T12527] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.832475][T12527] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.196853][T12527] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.884735][ T5751] Bluetooth: hci4: command tx timeout [ 414.965406][T12527] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 415.006447][T12527] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 415.024520][T12527] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 415.051594][T12527] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 415.058120][T12527] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 415.106681][T12527] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 415.191661][T12527] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 415.198007][T12527] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 415.373066][T12604] overlayfs: missing 'lowerdir' [ 415.424137][T12527] 8021q: adding VLAN 0 to HW filter on device bond0 [ 415.444523][T12527] 8021q: adding VLAN 0 to HW filter on device team0 [ 415.464433][ T8392] bridge0: port 1(bridge_slave_0) entered blocking state [ 415.469524][ T8392] bridge0: port 1(bridge_slave_0) entered forwarding state [ 415.497739][ T8392] bridge0: port 2(bridge_slave_1) entered blocking state [ 415.515165][ T8392] bridge0: port 2(bridge_slave_1) entered forwarding state [ 415.592675][T12527] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 415.597165][T12527] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 416.243989][T12624] syzkaller0: entered promiscuous mode [ 416.251519][T12624] syzkaller0: entered allmulticast mode [ 416.561965][ T5827] hid-generic 0005:16C0:5505.0009: hidraw1: BLUETOOTH HID v0.8b Device [syz0] on aa:aa:aa:aa:aa:aa [ 416.675702][T12634] fido_id[12634]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory [ 416.683289][T12527] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 416.715946][T12631] netlink: 264 bytes leftover after parsing attributes in process `syz.1.2374'. [ 416.878233][ T40] audit: type=1326 audit(1777348481.637:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12641 comm="syz.0.2377" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf700efcc code=0x0 [ 416.941495][T12527] veth0_vlan: entered promiscuous mode [ 416.956675][ T5751] Bluetooth: hci4: command tx timeout [ 416.976068][T12527] veth1_vlan: entered promiscuous mode [ 417.056476][T12527] veth0_macvtap: entered promiscuous mode [ 417.063204][T12527] veth1_macvtap: entered promiscuous mode [ 417.081673][T12527] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 417.138051][T12527] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 417.206029][ T105] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 417.237225][ T105] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 417.353172][ T5812] usb 5-1: new high-speed USB device number 53 using dummy_hcd [ 417.374923][ T105] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 417.381811][ T105] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 417.565865][ T5812] usb 5-1: config index 0 descriptor too short (expected 24929, got 18) [ 417.574509][ T5812] usb 5-1: config 97 has too many interfaces: 97, using maximum allowed: 32 [ 417.601322][ T5812] usb 5-1: config 97 has an invalid descriptor of length 97, skipping remainder of the config [ 417.606907][ T5812] usb 5-1: config 97 has 0 interfaces, different from the descriptor's value: 97 [ 417.676729][ T5812] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 417.683958][ T5812] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 417.748172][ T105] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 417.789538][ T105] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 417.851178][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 417.855025][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 419.022438][ T5745] Bluetooth: hci4: command tx timeout [ 419.024151][ T5751] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 419.101682][T12678] virt_wifi0 speed is unknown, defaulting to 1000 [ 420.130759][ T5812] usb 5-1: string descriptor 0 read error: -71 [ 420.134783][ T5812] usb 5-1: USB disconnect, device number 53 [ 420.832756][ T5745] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 420.844970][ T5745] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 420.898980][ T5745] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 420.916754][ T5745] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 420.921957][ T5745] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 421.169821][T12699] syzkaller0: entered promiscuous mode [ 421.183468][T12701] overlayfs: missing 'lowerdir' [ 421.188526][T12699] syzkaller0: entered allmulticast mode [ 421.526393][ T1158] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 421.974134][ T1158] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 422.150037][ T1158] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 422.339788][ T1158] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 423.030620][ T5751] Bluetooth: hci1: command tx timeout [ 423.044784][ T1158] bridge_slave_1: left allmulticast mode [ 423.048652][ T1158] bridge_slave_1: left promiscuous mode [ 423.053684][ T1158] bridge0: port 2(bridge_slave_1) entered disabled state [ 423.065663][ T1158] bridge_slave_0: left allmulticast mode [ 423.068341][ T1158] bridge_slave_0: left promiscuous mode [ 423.071642][ T1158] bridge0: port 1(bridge_slave_0) entered disabled state [ 423.133841][ T1158] lo: left allmulticast mode [ 423.734269][ T1158] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 423.797949][ T1158] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 423.815459][ T1158] bond0 (unregistering): Released all slaves [ 423.939415][T12690] virt_wifi0 speed is unknown, defaulting to 1000 [ 424.025912][ T5446] 8021q: adding VLAN 0 to HW filter on device eth2 [ 424.136721][ T1158] tipc: Left network mode [ 424.275302][T12749] overlayfs: missing 'lowerdir' [ 424.662584][T12754] syzkaller0: entered promiscuous mode [ 424.665169][T12754] syzkaller0: entered allmulticast mode [ 425.029728][ T5446] 8021q: adding VLAN 0 to HW filter on device eth3 [ 425.122489][ T5751] Bluetooth: hci1: command tx timeout [ 425.865255][T12690] bridge0: port 1(bridge_slave_0) entered blocking state [ 425.868087][T12690] bridge0: port 1(bridge_slave_0) entered disabled state [ 425.880857][T12690] bridge_slave_0: entered allmulticast mode [ 425.889337][T12690] bridge_slave_0: entered promiscuous mode [ 425.894079][T12690] bridge0: port 2(bridge_slave_1) entered blocking state [ 425.897173][T12690] bridge0: port 2(bridge_slave_1) entered disabled state [ 425.900441][T12690] bridge_slave_1: entered allmulticast mode [ 425.904801][T12690] bridge_slave_1: entered promiscuous mode [ 425.973179][ T5446] 8021q: adding VLAN 0 to HW filter on device eth4 [ 426.020683][ T5842] usb 8-1: new full-speed USB device number 34 using dummy_hcd [ 426.231041][ T5842] usb 8-1: config index 0 descriptor too short (expected 29220, got 36) [ 426.235012][ T5842] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 426.245494][ T5842] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 426.257142][ T5842] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 426.296308][ T5842] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 426.302738][ T5842] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 426.307737][ T5842] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 426.328719][ T5842] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.335053][ T5842] usb 8-1: config 0 descriptor?? [ 426.338713][T12779] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 426.359556][ T1158] hsr_slave_0: left promiscuous mode [ 426.369435][ T1158] hsr_slave_1: left promiscuous mode [ 426.377389][ T1158] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 426.386743][ T1158] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 426.424639][ T1158] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 426.431045][T12791] overlayfs: missing 'lowerdir' [ 426.434060][ T1158] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 426.467400][ T1158] veth1_macvtap: left promiscuous mode [ 426.477796][ T1158] veth0_macvtap: left promiscuous mode [ 426.481683][ T1158] veth1_vlan: left promiscuous mode [ 426.483967][ T1158] veth0_vlan: left promiscuous mode [ 426.577537][ T5842] usblp 8-1:0.0: usblp0: USB Bidirectional printer dev 34 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 426.781609][ C3] usblp0: nonzero read bulk status received: -71 [ 426.785647][ T5842] usb 8-1: USB disconnect, device number 34 [ 426.815734][ T5842] usblp0: removed [ 427.205254][ T5751] Bluetooth: hci1: command tx timeout [ 427.419823][T12690] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 427.432809][T12690] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 427.461459][T12690] team0: Port device team_slave_0 added [ 427.466589][T12690] team0: Port device team_slave_1 added [ 427.544401][T12690] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 427.548160][T12690] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 427.566571][T12690] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 427.594177][T12690] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 427.597568][T12690] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 427.619581][T12690] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 427.777514][T12690] hsr_slave_0: entered promiscuous mode [ 427.780923][T12690] hsr_slave_1: entered promiscuous mode [ 427.801077][T12690] debugfs: 'hsr0' already exists in 'hsr' [ 427.803620][T12690] Cannot create hsr debugfs directory [ 427.948325][ T5446] 8021q: adding VLAN 0 to HW filter on device eth5 [ 428.636524][ T1158] IPVS: stop unused estimator thread 0... [ 429.300689][ T5751] Bluetooth: hci1: command tx timeout [ 429.571655][T12831] overlayfs: missing 'lowerdir' [ 429.906075][T12840] syzkaller0: entered promiscuous mode [ 429.912734][T12840] syzkaller0: entered allmulticast mode [ 431.158890][T12690] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 431.243827][T12690] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 431.247819][T12690] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 431.327871][T12690] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 431.346424][T12690] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 431.367137][T12690] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 431.382135][T12690] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 431.427158][T12690] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 431.446005][T12870] syzkaller0: entered promiscuous mode [ 431.451691][T12870] syzkaller0: entered allmulticast mode [ 432.179628][T12690] 8021q: adding VLAN 0 to HW filter on device bond0 [ 432.264393][T12690] 8021q: adding VLAN 0 to HW filter on device team0 [ 432.286686][ T1158] bridge0: port 1(bridge_slave_0) entered blocking state [ 432.305293][ T1158] bridge0: port 1(bridge_slave_0) entered forwarding state [ 432.346932][ T1158] bridge0: port 2(bridge_slave_1) entered blocking state [ 432.351487][ T1158] bridge0: port 2(bridge_slave_1) entered forwarding state [ 433.711118][T12690] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 433.804822][T12690] veth0_vlan: entered promiscuous mode [ 433.827967][T12690] veth1_vlan: entered promiscuous mode [ 433.944829][T12690] veth0_macvtap: entered promiscuous mode [ 433.971045][T12690] veth1_macvtap: entered promiscuous mode [ 434.029831][T12690] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 434.055353][T12690] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 434.093474][ T8387] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 434.122653][ T8387] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 434.216762][ T8387] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 434.222150][ T8387] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 434.261301][T12931] syzkaller0: entered promiscuous mode [ 434.264155][T12931] syzkaller0: entered allmulticast mode [ 434.348337][T12934] syzkaller0: entered promiscuous mode [ 434.353879][T12934] 0: reclassify loop, rule prio 0, protocol 700 [ 434.645227][ T105] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 434.648525][ T105] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 434.915737][ T105] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 434.922320][ T105] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 435.587032][ T5745] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 435.678099][ T5745] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 435.736187][ T5745] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 435.806012][ T5745] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 435.815144][ T5745] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 436.092481][ T10] usb 8-1: new high-speed USB device number 35 using dummy_hcd [ 436.289962][ T10] usb 8-1: Using ep0 maxpacket: 16 [ 436.297993][ T10] usb 8-1: config 0 has no interfaces? [ 436.307736][ T10] usb 8-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 436.314235][ T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 436.316252][T12972] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 8 [ 436.320195][ T10] usb 8-1: config 0 descriptor?? [ 436.440428][ T1338] usb 6-1: new high-speed USB device number 45 using dummy_hcd [ 436.628275][T12081] usb 8-1: USB disconnect, device number 35 [ 436.646191][ T1338] usb 6-1: Using ep0 maxpacket: 8 [ 436.695000][ T1338] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 436.713725][ T1338] usb 6-1: config 0 interface 0 has no altsetting 0 [ 436.718078][ T1338] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 436.736963][ T1338] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 436.744017][ T1338] usb 6-1: config 0 descriptor?? [ 436.765958][ T1338] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 437.378012][ T8387] bridge_slave_1: left allmulticast mode [ 437.380377][ T8387] bridge_slave_1: left promiscuous mode [ 437.384990][ T8387] bridge0: port 2(bridge_slave_1) entered disabled state [ 437.442482][ T8387] bridge_slave_0: left allmulticast mode [ 437.445081][ T8387] bridge_slave_0: left promiscuous mode [ 437.449239][ T8387] bridge0: port 1(bridge_slave_0) entered disabled state [ 437.629379][T12994] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2456'. [ 437.769516][ T8387] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 437.812565][ T8387] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 437.883345][ T8387] bond0 (unregistering): Released all slaves [ 437.910468][ T5745] Bluetooth: hci0: command tx timeout [ 437.972930][ T5446] 8021q: adding VLAN 0 to HW filter on device eth2 [ 438.003026][T12960] virt_wifi0 speed is unknown, defaulting to 1000 [ 438.129094][ T8387] tipc: Left network mode [ 438.403397][T13007] syzkaller0: entered promiscuous mode [ 438.409022][T13007] syzkaller0: entered allmulticast mode [ 438.736874][ T5446] 8021q: adding VLAN 0 to HW filter on device eth4 [ 439.032812][T12960] bridge0: port 1(bridge_slave_0) entered blocking state [ 439.036618][T12960] bridge0: port 1(bridge_slave_0) entered disabled state [ 439.044692][T12960] bridge_slave_0: entered allmulticast mode [ 439.049364][T12960] bridge_slave_0: entered promiscuous mode [ 439.133209][T12960] bridge0: port 2(bridge_slave_1) entered blocking state [ 439.152772][T12960] bridge0: port 2(bridge_slave_1) entered disabled state [ 439.156070][T12960] bridge_slave_1: entered allmulticast mode [ 439.162178][T12960] bridge_slave_1: entered promiscuous mode [ 439.173600][ T5819] usb 6-1: USB disconnect, device number 45 [ 439.326825][T12960] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 439.351752][T12960] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 439.632538][T12960] team0: Port device team_slave_0 added [ 439.639436][ T5446] 8021q: adding VLAN 0 to HW filter on device eth3 [ 439.699626][T12960] team0: Port device team_slave_1 added [ 439.981411][ T5745] Bluetooth: hci0: command tx timeout [ 439.986555][ T8387] hsr_slave_0: left promiscuous mode [ 440.016545][ T8387] hsr_slave_1: left promiscuous mode [ 440.022060][ T8387] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 440.074869][ T8387] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 440.268211][T13057] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2469'. [ 440.616722][ T222] smbdirect: ib_dev[syz0] removed [ 440.971635][ T8387] team0 (unregistering): Port device team_slave_1 removed [ 441.033689][ T8387] team0 (unregistering): Port device team_slave_0 removed [ 441.050473][ T8378] smc: removing ib device !yz! [ 441.852226][T12960] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 441.858609][T12960] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 441.892123][T12960] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 441.992447][ T5446] 8021q: adding VLAN 0 to HW filter on device eth5 [ 442.062042][T13049] syzkaller0: entered promiscuous mode [ 442.071618][ T5745] Bluetooth: hci0: command tx timeout [ 442.075410][T13049] syzkaller0: entered allmulticast mode [ 442.118264][T12960] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 442.161954][T12960] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 442.192085][ T8378] smbdirect: ib_dev[!yz!] removed [ 442.236614][T12960] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 442.994291][T13086] overlayfs: missing 'lowerdir' [ 444.158814][ T5745] Bluetooth: hci0: command tx timeout [ 444.712320][ T1430] ieee802154 phy0 wpan0: encryption failed: -22 [ 444.714652][ T1430] ieee802154 phy1 wpan1: encryption failed: -22 [ 446.872535][T13106] overlayfs: missing 'lowerdir' [ 447.259076][T13110] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2487'. [ 449.596069][T13110] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 449.649773][T13110] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 449.907060][T12960] hsr_slave_0: entered promiscuous mode [ 449.922861][T12960] hsr_slave_1: entered promiscuous mode [ 449.925861][T12960] debugfs: 'hsr0' already exists in 'hsr' [ 449.933407][T12960] Cannot create hsr debugfs directory [ 449.994867][ T8387] IPVS: stop unused estimator thread 0... [ 450.311361][T13126] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2492'. [ 451.069729][T13149] syzkaller0: entered promiscuous mode [ 451.095232][T13149] syzkaller0: entered allmulticast mode [ 451.121151][T13167] netlink: 80 bytes leftover after parsing attributes in process `syz.2.2503'. [ 452.952698][ T40] audit: type=1107 audit(1777348517.717:72): pid=13184 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 454.552074][ T5745] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 454.570736][ T5745] Bluetooth: hci1: Injecting HCI hardware error event [ 454.577321][ T5745] Bluetooth: hci1: hardware error 0x00 [ 456.791367][ T5745] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 457.883554][T13197] bridge_slave_0: left allmulticast mode [ 457.900653][T13197] bridge_slave_0: left promiscuous mode [ 457.960800][T13197] bridge0: port 1(bridge_slave_0) entered disabled state [ 458.048500][T13197] bridge_slave_1: left allmulticast mode [ 458.068179][T13197] bridge_slave_1: left promiscuous mode [ 458.100570][T13197] bridge0: port 2(bridge_slave_1) entered disabled state [ 458.194839][T13197] bond0: (slave bond_slave_0): Releasing backup interface [ 458.297677][T13197] bond0: (slave bond_slave_1): Releasing backup interface [ 458.441693][T13197] team0: Port device team_slave_0 removed [ 458.478357][T13197] team0: Port device team_slave_1 removed [ 458.500974][T13197] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 458.504118][T13197] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 458.526994][T13197] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 459.090422][T12995] usb 8-1: new high-speed USB device number 36 using dummy_hcd [ 459.244165][T12995] usb 8-1: device descriptor read/64, error -71 [ 459.384039][T12960] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 459.412087][T12960] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 459.429200][T12960] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 459.444558][T12960] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 459.448652][T12960] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 459.494036][T12960] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 459.494617][T12995] usb 8-1: new high-speed USB device number 37 using dummy_hcd [ 459.522360][T12960] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 459.556996][T12960] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 459.650858][T12995] usb 8-1: device descriptor read/64, error -71 [ 459.706853][T13243] capability: warning: `syz.2.2523' uses 32-bit capabilities (legacy support in use) [ 459.770971][T12995] usb usb8-port1: attempt power cycle [ 459.825639][T12960] 8021q: adding VLAN 0 to HW filter on device bond0 [ 459.837017][T12960] 8021q: adding VLAN 0 to HW filter on device team0 [ 459.866309][ T8387] bridge0: port 1(bridge_slave_0) entered blocking state [ 459.870702][ T8387] bridge0: port 1(bridge_slave_0) entered forwarding state [ 459.909282][ T8387] bridge0: port 2(bridge_slave_1) entered blocking state [ 459.917455][ T8387] bridge0: port 2(bridge_slave_1) entered forwarding state [ 460.152777][T12995] usb 8-1: new high-speed USB device number 38 using dummy_hcd [ 460.194418][T12995] usb 8-1: device descriptor read/8, error -71 [ 460.431785][T12995] usb 8-1: new high-speed USB device number 39 using dummy_hcd [ 460.471042][T12995] usb 8-1: device descriptor read/8, error -71 [ 460.636179][T12995] usb usb8-port1: unable to enumerate USB device [ 460.874438][T12960] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 460.911310][T13283] program syz.2.2527 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 460.931025][T12960] veth0_vlan: entered promiscuous mode [ 460.945656][T12960] veth1_vlan: entered promiscuous mode [ 460.973265][T12960] veth0_macvtap: entered promiscuous mode [ 460.978288][T12960] veth1_macvtap: entered promiscuous mode [ 460.995455][T12960] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 461.007904][T12960] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 461.053893][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.061780][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.067038][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.115240][ T1158] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.444811][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 461.448027][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 461.462270][T13288] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2529'. [ 461.511459][ T9] hid-generic 0005:16C0:5505.000A: hidraw1: BLUETOOTH HID v0.8b Device [syz0] on aa:aa:aa:aa:aa:aa [ 461.548506][T13294] netlink: 264 bytes leftover after parsing attributes in process `syz.2.2529'. [ 461.587067][ T105] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 461.649954][ T105] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 461.703025][T13293] fido_id[13293]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory [ 461.704630][ T5842] usb 6-1: new high-speed USB device number 46 using dummy_hcd [ 461.757087][T13297] overlayfs: missing 'lowerdir' [ 461.942613][ T5842] usb 6-1: Using ep0 maxpacket: 16 [ 461.946552][T13301] syzkaller0: entered promiscuous mode [ 461.947415][ T5842] usb 6-1: config 0 has no interfaces? [ 461.950559][T13301] syzkaller0: entered allmulticast mode [ 461.956847][ T5842] usb 6-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 461.960600][ T5842] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 461.967293][ T5842] usb 6-1: config 0 descriptor?? [ 462.022658][T13304] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2534'. [ 462.187373][T12081] usb 6-1: USB disconnect, device number 46 [ 462.473252][ T10] usb 8-1: new high-speed USB device number 40 using dummy_hcd [ 462.496366][ T5819] hid-generic 0005:16C0:5505.000B: hidraw1: BLUETOOTH HID v0.8b Device [syz0] on aa:aa:aa:aa:aa:aa [ 462.500553][T13317] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2539'. [ 462.581169][T13317] netlink: 264 bytes leftover after parsing attributes in process `syz.0.2539'. [ 462.624399][T13319] fido_id[13319]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory [ 462.641823][ T10] usb 8-1: Using ep0 maxpacket: 8 [ 462.682656][ T10] usb 8-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 462.689483][ T10] usb 8-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 462.694666][ T10] usb 8-1: config 0 interface 0 has no altsetting 0 [ 462.701525][ T10] usb 8-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 462.714032][ T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 462.723549][ T10] usb 8-1: config 0 descriptor?? [ 462.734616][T13322] syzkaller0: entered promiscuous mode [ 462.738310][T13322] syzkaller0: entered allmulticast mode [ 462.885173][ T5751] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 462.928545][ T5751] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 462.952845][ T5751] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 463.009176][ T5751] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 463.022753][ T5751] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 463.210857][ T10] usbhid 8-1:0.0: can't add hid device: -71 [ 463.214642][ T10] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 463.229252][ T10] usb 8-1: USB disconnect, device number 40 [ 465.191339][ T5751] Bluetooth: hci2: command tx timeout [ 467.262122][ T5751] Bluetooth: hci2: command tx timeout [ 469.215719][T13351] overlayfs: missing 'lowerdir' [ 469.343161][ T5751] Bluetooth: hci2: command tx timeout [ 469.392676][T13324] virt_wifi0 speed is unknown, defaulting to 1000 [ 469.753525][T13369] netlink: 88 bytes leftover after parsing attributes in process `syz.0.2550'. [ 470.076791][T13324] bridge0: port 1(bridge_slave_0) entered blocking state [ 470.080750][T13324] bridge0: port 1(bridge_slave_0) entered disabled state [ 470.086382][T13324] bridge_slave_0: entered allmulticast mode [ 470.092092][T13324] bridge_slave_0: entered promiscuous mode [ 470.099842][T13324] bridge0: port 2(bridge_slave_1) entered blocking state [ 470.104409][T13324] bridge0: port 2(bridge_slave_1) entered disabled state [ 470.108907][T13324] bridge_slave_1: entered allmulticast mode [ 470.114706][T13324] bridge_slave_1: entered promiscuous mode [ 470.199641][T13324] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 470.211222][T13324] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 470.240852][T13324] team0: Port device team_slave_0 added [ 470.246698][T13324] team0: Port device team_slave_1 added [ 470.271320][T13324] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 470.274449][T13324] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 470.303296][T13324] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 470.310200][T13324] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 470.328570][T13324] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 470.357866][T13324] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 470.435233][T13324] hsr_slave_0: entered promiscuous mode [ 470.440135][T13324] hsr_slave_1: entered promiscuous mode [ 470.444099][T13324] debugfs: 'hsr0' already exists in 'hsr' [ 470.447058][T13324] Cannot create hsr debugfs directory [ 471.280182][T13403] netlink: 88 bytes leftover after parsing attributes in process `syz.0.2562'. [ 471.460667][ T5751] Bluetooth: hci2: command tx timeout [ 471.712789][T13407] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2564'. [ 472.283871][T13324] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 472.321992][T13324] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 472.354498][T13324] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 472.363116][T13324] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 472.379079][T13324] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 472.432894][T13324] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 472.436293][T13324] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 472.455927][T13324] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 472.578545][T13432] netlink: 88 bytes leftover after parsing attributes in process `syz.2.2570'. [ 472.656635][T13324] 8021q: adding VLAN 0 to HW filter on device bond0 [ 472.681752][T13324] 8021q: adding VLAN 0 to HW filter on device team0 [ 472.697739][ T8378] bridge0: port 1(bridge_slave_0) entered blocking state [ 472.703810][ T8378] bridge0: port 1(bridge_slave_0) entered forwarding state [ 472.710377][ T8378] bridge0: port 2(bridge_slave_1) entered blocking state [ 472.714052][ T8378] bridge0: port 2(bridge_slave_1) entered forwarding state [ 472.798457][T13324] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 473.650043][T13324] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 473.700003][T13324] veth0_vlan: entered promiscuous mode [ 473.709276][T13324] veth1_vlan: entered promiscuous mode [ 473.785296][T13324] veth0_macvtap: entered promiscuous mode [ 473.815620][T13324] veth1_macvtap: entered promiscuous mode [ 473.837700][T13324] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 473.869941][T13324] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 473.886156][ T222] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 473.900391][ T222] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 474.034399][ T222] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 474.037872][ T222] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 474.325455][ T222] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 474.335703][ T222] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 474.452215][ T8387] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 474.474297][ T8387] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 474.552580][T13480] netlink: 88 bytes leftover after parsing attributes in process `syz.3.2580'. [ 474.640131][T13482] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2581'. [ 474.640735][ T39] hid-generic 0005:16C0:5505.000C: hidraw1: BLUETOOTH HID v0.8b Device [syz0] on aa:aa:aa:aa:aa:aa [ 474.716157][T13486] netlink: 264 bytes leftover after parsing attributes in process `syz.0.2581'. [ 474.769606][T13485] fido_id[13485]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci2/hci2:200/report_descriptor': No such file or directory [ 474.939212][ T40] audit: type=1326 audit(1777348539.697:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13493 comm="syz.3.2583" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf705efcc code=0x0 [ 475.277556][T13510] netlink: 88 bytes leftover after parsing attributes in process `syz.2.2589'. [ 475.360125][T12081] usb 5-1: new high-speed USB device number 54 using dummy_hcd [ 475.461474][ T8551] usb 8-1: new high-speed USB device number 41 using dummy_hcd [ 475.477712][T13512] syzkaller0: entered promiscuous mode [ 475.481010][T13512] syzkaller0: entered allmulticast mode [ 475.630626][T12081] usb 5-1: Using ep0 maxpacket: 16 [ 475.634747][T12081] usb 5-1: config 0 has no interfaces? [ 475.638633][T12081] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 475.645339][T12081] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 475.674798][ T8551] usb 8-1: config index 0 descriptor too short (expected 24929, got 18) [ 475.679546][ T8551] usb 8-1: config 97 has too many interfaces: 97, using maximum allowed: 32 [ 475.691370][T12081] usb 5-1: config 0 descriptor?? [ 475.697990][ T8551] usb 8-1: config 97 has an invalid descriptor of length 97, skipping remainder of the config [ 475.714048][ T8551] usb 8-1: config 97 has 0 interfaces, different from the descriptor's value: 97 [ 475.723930][ T8551] usb 8-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 475.732071][ T8551] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 475.753235][T12995] hid-generic 0005:16C0:5505.000D: hidraw1: BLUETOOTH HID v0.8b Device [syz0] on aa:aa:aa:aa:aa:aa [ 475.760491][T13518] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2593'. [ 475.829255][T13518] netlink: 264 bytes leftover after parsing attributes in process `syz.1.2593'. [ 475.877029][T13520] fido_id[13520]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci2/hci2:200/report_descriptor': No such file or directory [ 475.919511][T12081] usb 5-1: USB disconnect, device number 54 [ 476.671014][T13543] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2603'. [ 476.680786][ T1338] hid-generic 0005:16C0:5505.000E: hidraw1: BLUETOOTH HID v0.8b Device [syz0] on aa:aa:aa:aa:aa:aa [ 476.701663][T13543] netlink: 264 bytes leftover after parsing attributes in process `syz.0.2603'. [ 476.777019][T13548] fido_id[13548]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci2/hci2:200/report_descriptor': No such file or directory [ 477.100944][ T5751] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 477.105000][ T5745] Bluetooth: hci3: command 0x1003 tx timeout [ 477.259782][T12081] usb 5-1: new high-speed USB device number 55 using dummy_hcd [ 477.459694][T12081] usb 5-1: Using ep0 maxpacket: 8 [ 477.467210][T12081] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 477.496168][T12081] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 477.533366][T12081] usb 5-1: config 0 interface 0 has no altsetting 0 [ 477.536659][T12081] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 477.541941][T12081] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 477.561018][T12081] usb 5-1: config 0 descriptor?? [ 477.750419][T12995] usb 6-1: new high-speed USB device number 47 using dummy_hcd [ 477.947757][T12995] usb 6-1: Using ep0 maxpacket: 16 [ 477.951975][T12995] usb 6-1: config 0 has no interfaces? [ 477.954290][T12995] usb 6-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 477.958041][T12995] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 478.005631][T12995] usb 6-1: config 0 descriptor?? [ 478.213094][ T8551] usb 8-1: string descriptor 0 read error: -71 [ 478.227745][ T8551] usb 8-1: USB disconnect, device number 41 [ 478.238953][T12081] usbhid 5-1:0.0: can't add hid device: -71 [ 478.251338][T12081] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 478.255797][T12995] usb 6-1: USB disconnect, device number 47 [ 478.312424][T12081] usb 5-1: USB disconnect, device number 55 [ 478.915797][T13592] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2620'. [ 478.925532][ T5845] hid-generic 0005:16C0:5505.000F: hidraw1: BLUETOOTH HID v0.8b Device [syz0] on aa:aa:aa:aa:aa:aa [ 478.986088][T13592] netlink: 264 bytes leftover after parsing attributes in process `syz.2.2620'. [ 479.017815][T13597] fido_id[13597]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci2/hci2:200/report_descriptor': No such file or directory [ 479.029748][T13600] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2622'. [ 479.330578][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 479.801528][ T39] usb 6-1: new high-speed USB device number 48 using dummy_hcd [ 479.950640][ T39] usb 6-1: Using ep0 maxpacket: 8 [ 479.958641][ T39] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 479.965423][ T39] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 479.970960][ T39] usb 6-1: config 0 interface 0 has no altsetting 0 [ 479.975165][ T39] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 479.980778][ T39] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 479.989928][ T39] usb 6-1: config 0 descriptor?? [ 480.391838][T13622] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2631'. [ 480.486211][ T5842] hid-generic 0005:16C0:5505.0010: hidraw1: BLUETOOTH HID v0.8b Device [syz0] on aa:aa:aa:aa:aa:aa [ 480.517054][T13622] netlink: 264 bytes leftover after parsing attributes in process `syz.3.2631'. [ 480.639903][T13626] fido_id[13626]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci2/hci2:200/report_descriptor': No such file or directory [ 480.686691][ T39] usbhid 6-1:0.0: can't add hid device: -71 [ 480.692078][ T39] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 480.698548][ T39] usb 6-1: USB disconnect, device number 48 [ 481.543896][T13644] random: crng reseeded on system resumption [ 481.634561][T13646] syzkaller0: entered promiscuous mode [ 481.641908][T13646] syzkaller0: entered allmulticast mode [ 481.896729][T13648] virt_wifi0 speed is unknown, defaulting to 1000 [ 482.097226][ T5827] hid-generic 0005:16C0:5505.0011: hidraw1: BLUETOOTH HID v0.8b Device [syz0] on aa:aa:aa:aa:aa:aa [ 482.144493][T13651] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2641'. [ 482.283656][T13651] netlink: 264 bytes leftover after parsing attributes in process `syz.0.2641'. [ 482.289602][T13655] fido_id[13655]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci2/hci2:200/report_descriptor': No such file or directory [ 482.456009][T13669] overlayfs: missing 'lowerdir' [ 482.650408][ T5827] usb 6-1: new high-speed USB device number 49 using dummy_hcd [ 482.820422][ T5827] usb 6-1: Using ep0 maxpacket: 8 [ 482.829764][ T5827] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 482.838004][ T5827] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 482.847612][ T5827] usb 6-1: config 0 interface 0 has no altsetting 0 [ 482.852467][ T5827] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 482.862874][ T5827] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 482.873613][ T5827] usb 6-1: config 0 descriptor?? [ 483.507838][ T5827] usbhid 6-1:0.0: can't add hid device: -71 [ 483.521532][ T5827] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 483.535014][ T5827] usb 6-1: USB disconnect, device number 49 [ 483.689873][T13684] syzkaller0: entered promiscuous mode [ 483.701439][T13684] syzkaller0: entered allmulticast mode [ 484.158021][T13694] overlayfs: missing 'lowerdir' [ 484.569188][ T5827] usb 8-1: new high-speed USB device number 42 using dummy_hcd [ 484.767872][ T5827] usb 8-1: Using ep0 maxpacket: 16 [ 484.776935][ T5827] usb 8-1: config 0 has no interfaces? [ 484.779637][ T5827] usb 8-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 484.784715][ T5827] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 484.790034][ T5827] usb 8-1: config 0 descriptor?? [ 485.009616][ T5827] usb 8-1: USB disconnect, device number 42 [ 486.204888][T13720] overlayfs: missing 'lowerdir' [ 486.265582][ C0] ================================================================== [ 486.271150][ C0] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0x3a/0x60 [ 486.283637][ C0] Read of size 1 at addr ffff888029a75418 by task syz.0.2653/13682 [ 486.298612][ C0] [ 486.319853][ C0] CPU: 0 UID: 0 PID: 13682 Comm: syz.0.2653 Not tainted syzkaller #0 PREEMPT(full) [ 486.319876][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 486.319885][ C0] Call Trace: [ 486.319891][ C0] [ 486.319897][ C0] dump_stack_lvl+0x100/0x190 [ 486.319917][ C0] print_report+0x13d/0x4b0 [ 486.319937][ C0] ? __virt_addr_valid+0x239/0x430 [ 486.319959][ C0] ? _raw_spin_lock_irqsave+0x3a/0x60 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 486.319975][ C0] kasan_report+0xdf/0x1d0 [ 486.319991][ C0] ? _raw_spin_lock_irqsave+0x3a/0x60 [ 486.320007][ C0] ? _raw_spin_lock_irqsave+0x3a/0x60 [ 486.320021][ C0] __kasan_check_byte+0x36/0x50 [ 486.320035][ C0] lock_acquire+0x12a/0x370 [ 486.320049][ C0] ? do_raw_spin_unlock+0x53/0x1e0 [ 486.320063][ C0] ? .slowpath+0x9/0x18 [ 486.320079][ C0] _raw_spin_lock_irqsave+0x3a/0x60 [ 486.320092][ C0] ? p9_req_put+0xaf/0x250 [ 486.320110][ C0] p9_req_put+0xaf/0x250 [ 486.320128][ C0] req_done+0x1dc/0x2e0 [ 486.320145][ C0] ? __pfx_req_done+0x10/0x10 [ 486.320160][ C0] ? do_raw_spin_lock+0x128/0x260 [ 486.320175][ C0] ? __pfx_req_done+0x10/0x10 [ 486.320188][ C0] vring_interrupt+0x2ef/0x650 [ 486.320207][ C0] ? __pfx_vring_interrupt+0x10/0x10 [ 486.320222][ C0] __handle_irq_event_percpu+0x235/0x8c0 [ 486.320242][ C0] handle_irq_event+0xab/0x1e0 [ 486.320258][ C0] handle_edge_irq+0x35e/0x960 [ 486.320278][ C0] __common_interrupt+0xd8/0x2f0 [ 486.320301][ C0] common_interrupt+0x60/0xe0 [ 486.320322][ C0] asm_common_interrupt+0x26/0x40 [ 486.320337][ C0] RIP: 0010:handle_softirqs+0x1ad/0xa00 [ 486.320356][ C0] Code: 30 44 88 74 24 23 45 89 ee 48 c7 c7 00 67 ad 8b e8 a8 3e bf 09 31 d2 65 66 89 15 f6 35 42 12 e8 d9 4e 48 00 fb bb ff ff ff ff <49> c7 c4 c0 a0 40 8e 41 0f bc de 83 c3 01 0f 85 a4 00 00 00 e9 47 [ 486.320369][ C0] RSP: 0018:ffffc90000007f20 EFLAGS: 00000202 [ 486.320382][ C0] RAX: 0000000000003bf2 RBX: 00000000ffffffff RCX: 0000000000000004 [ 486.320392][ C0] RDX: 0000000000000000 RSI: ffffffff8df19b62 RDI: ffffffff8c1c2380 [ 486.320401][ C0] RBP: 000000010000483c R08: 0000000000000001 R09: 0000000000000000 [ 486.320410][ C0] R10: 0000000000000001 R11: 0000000000000001 R12: 000000000000000a [ 486.320418][ C0] R13: 0000000000000282 R14: 0000000000000282 R15: 1ffff92000000fec [ 486.320434][ C0] ? __hrtimer_rearm_deferred+0x24d/0x740 [ 486.320455][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 486.320471][ C0] ? _raw_spin_unlock+0x28/0x50 [ 486.320485][ C0] ? __hrtimer_rearm_deferred+0x9b/0x740 [ 486.320503][ C0] __irq_exit_rcu+0x162/0x210 [ 486.320520][ C0] irq_exit_rcu+0x9/0x30 [ 486.320536][ C0] sysvec_apic_timer_interrupt+0xa3/0xc0 [ 486.320551][ C0] [ 486.320556][ C0] [ 486.320561][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 486.320576][ C0] RIP: 0010:lockdep_unregister_key+0x12b/0x1d0 [ 486.320597][ C0] Code: e8 da dd ff ff 48 83 2d 1a 4b 46 14 01 89 c3 e8 2b e0 ff ff 9c 58 f6 c4 02 0f 85 8a 00 00 00 f7 c5 00 02 00 00 74 01 fb 84 db <75> 40 5b 5d 41 5c e9 9a 9c 09 00 9c 58 f6 c4 02 0f 84 16 ff ff ff [ 486.320610][ C0] RSP: 0018:ffffc9000464fa48 EFLAGS: 00000246 [ 486.320624][ C0] RAX: 0000000000000046 RBX: 0000000000000000 RCX: 0000000000000001 [ 486.320632][ C0] RDX: 0000000000000000 RSI: ffffffff8e00b09b RDI: ffffffff8c1c2380 [ 486.320649][ C0] RBP: 0000000000000246 R08: 0000000000032a5a R09: ffffffff96303094 [ 486.320658][ C0] R10: 0000000000000200 R11: 0000000000000000 R12: ffffffff978edc38 [ 486.320667][ C0] R13: ffff888052e00000 R14: ffff888052e00508 R15: 0000000000000100 [ 486.320684][ C0] __qdisc_destroy+0x172/0x540 [ 486.320698][ C0] qdisc_put+0xb0/0xf0 [ 486.320711][ C0] shutdown_scheduler_queue+0xa5/0x160 [ 486.320725][ C0] dev_shutdown+0xb3/0x440 [ 486.320741][ C0] unregister_netdevice_many_notify+0xd56/0x24f0 [ 486.320762][ C0] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 486.320777][ C0] ? preempt_schedule_notrace_thunk+0x16/0x30 [ 486.320803][ C0] unregister_netdevice_queue+0x30b/0x3c0 [ 486.320819][ C0] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 486.320834][ C0] ? linkwatch_schedule_work+0x16f/0x1a0 [ 486.320853][ C0] ? linkwatch_fire_event+0x74/0x270 [ 486.320871][ C0] __tun_detach+0x1173/0x1480 [ 486.320891][ C0] ? __pfx_tun_chr_close+0x10/0x10 [ 486.320907][ C0] tun_chr_close+0xc2/0x220 [ 486.320924][ C0] ? __pfx_tun_chr_close+0x10/0x10 [ 486.320940][ C0] __fput+0x3ff/0xb50 [ 486.320966][ C0] task_work_run+0x150/0x240 [ 486.320985][ C0] ? __pfx_task_work_run+0x10/0x10 [ 486.320999][ C0] ? rcu_is_watching+0x12/0xc0 [ 486.321017][ C0] exit_to_user_mode_loop+0x100/0x4a0 [ 486.321032][ C0] ? __do_fast_syscall_32+0x373/0x950 [ 486.321050][ C0] __do_fast_syscall_32+0x608/0x950 [ 486.321069][ C0] do_fast_syscall_32+0x32/0x70 [ 486.321091][ C0] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 486.321108][ C0] RIP: 0023:0xf7f87fcc [ 486.321120][ C0] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 486.321132][ C0] RSP: 002b:00000000ffe8f78c EFLAGS: 00000202 ORIG_RAX: 00000000000001b4 [ 486.321146][ C0] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 000000000000001e [ 486.321155][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 486.321163][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 486.321171][ C0] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 486.321180][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 486.321193][ C0] [ 486.321199][ C0] [ 486.951504][ C0] Allocated by task 13720: [ 486.953963][ C0] kasan_save_stack+0x30/0x50 [ 486.956533][ C0] kasan_save_track+0x14/0x30 [ 486.971324][ C0] __kasan_kmalloc+0xaa/0xb0 [ 486.984598][ C0] p9_client_create+0xaf/0xd40 [ 486.987506][ C0] v9fs_session_init+0x3c/0xd20 [ 486.990411][ C0] v9fs_get_tree+0xb8/0xb50 [ 486.992857][ C0] vfs_get_tree+0x92/0x320 [ 486.994792][ C0] path_mount+0x7d0/0x23d0 [ 486.996572][ C0] __ia32_sys_mount+0x292/0x310 [ 486.998608][ C0] __do_fast_syscall_32+0xe7/0x950 [ 487.016595][ C0] do_fast_syscall_32+0x32/0x70 [ 487.018310][ C0] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 487.021285][ C0] [ 487.022602][ C0] Freed by task 13720: [ 487.024681][ C0] kasan_save_stack+0x30/0x50 [ 487.026782][ C0] kasan_save_track+0x14/0x30 [ 487.029012][ C0] kasan_save_free_info+0x3b/0x70 [ 487.045647][ C0] __kasan_slab_free+0x5f/0x80 [ 487.048460][ C0] kfree+0x223/0x6c0 [ 487.050310][ C0] p9_client_create+0x72d/0xd40 [ 487.052121][ C0] v9fs_session_init+0x3c/0xd20 [ 487.053927][ C0] v9fs_get_tree+0xb8/0xb50 [ 487.056002][ C0] vfs_get_tree+0x92/0x320 [ 487.058563][ C0] path_mount+0x7d0/0x23d0 [ 487.067532][ C0] __ia32_sys_mount+0x292/0x310 [ 487.070089][ C0] __do_fast_syscall_32+0xe7/0x950 [ 487.072693][ C0] do_fast_syscall_32+0x32/0x70 [ 487.074783][ C0] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 487.092323][ C0] [ 487.093139][ C0] The buggy address belongs to the object at ffff888029a75400 [ 487.093139][ C0] which belongs to the cache kmalloc-512 of size 512 [ 487.097586][ C0] The buggy address is located 24 bytes inside of [ 487.097586][ C0] freed 512-byte region [ffff888029a75400, ffff888029a75600) [ 487.102369][ C0] [ 487.103177][ C0] The buggy address belongs to the physical page: [ 487.107816][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29a74 [ 487.131983][ C0] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 487.135077][ C0] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 487.137826][ C0] page_type: f5(slab) [ 487.139262][ C0] raw: 00fff00000000040 ffff88801b842c80 dead000000000100 dead000000000122 [ 487.154653][ C0] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 487.157855][ C0] head: 00fff00000000040 ffff88801b842c80 dead000000000100 dead000000000122 [ 487.160981][ C0] head: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 487.188672][ C0] head: 00fff00000000002 ffffffffffffff01 00000000ffffffff 00000000ffffffff [ 487.202818][ C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 487.207438][ C0] page dumped because: kasan: bad access detected [ 487.210383][ C0] page_owner tracks the page as allocated [ 487.217983][ C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5734, tgid 5734 (syz-executor), ts 56106995839, free_ts 55791076880 [ 487.236579][ C0] post_alloc_hook+0x153/0x170 [ 487.238783][ C0] get_page_from_freelist+0x11a6/0x33b0 [ 487.252300][ C0] __alloc_frozen_pages_noprof+0x27c/0x2bc0 [ 487.256074][ C0] new_slab+0xa6/0x6c0 [ 487.258512][ C0] refill_objects+0x277/0x420 [ 487.261003][ C0] __pcs_replace_empty_main+0x375/0x650 [ 487.269715][ C0] __kmalloc_noprof+0x688/0x850 [ 487.272415][ C0] fib6_info_alloc+0x40/0x160 [ 487.274934][ C0] ip6_route_info_create+0x14c/0xad0 [ 487.280367][ C0] ip6_route_add+0x4b/0x1d0 [ 487.282782][ C0] addrconf_prefix_route+0x2fb/0x510 [ 487.291701][ C0] addrconf_notify+0x1548/0x1ba0 [ 487.293317][ C0] notifier_call_chain+0x99/0x400 [ 487.294945][ C0] call_netdevice_notifiers_info+0xbe/0x110 [ 487.296924][ C0] __dev_notify_flags+0x12c/0x2e0 [ 487.298827][ C0] netif_change_flags+0x108/0x160 [ 487.312105][ C0] page last free pid 222 tgid 222 stack trace: [ 487.320490][ C0] __free_frozen_pages+0x747/0x1040 [ 487.324568][ C0] qlist_free_all+0x47/0xf0 [ 487.326530][ C0] kasan_quarantine_reduce+0x1a0/0x1f0 [ 487.328765][ C0] __kasan_slab_alloc+0x69/0x90 [ 487.347906][ C0] kmem_cache_alloc_node_noprof+0x25a/0x6f0 [ 487.351457][ C0] __alloc_skb+0x140/0x710 [ 487.354548][ C0] rtmsg_ifinfo_build_skb+0x81/0x260 [ 487.357741][ C0] rtmsg_ifinfo+0xa4/0x1b0 [ 487.370840][ C0] netif_state_change+0x17f/0x380 [ 487.373803][ C0] linkwatch_do_dev+0xe0/0x120 [ 487.376851][ C0] __linkwatch_run_queue+0x3a9/0x900 [ 487.380177][ C0] linkwatch_event+0x8f/0xc0 [ 487.381991][ C0] process_one_work+0xa0e/0x1980 [ 487.383753][ C0] worker_thread+0x5ef/0xe50 [ 487.385464][ C0] kthread+0x370/0x450 [ 487.400558][ C0] ret_from_fork+0x72b/0xd50 [ 487.403098][ C0] [ 487.404690][ C0] Memory state around the buggy address: [ 487.408220][ C0] ffff888029a75300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 487.412273][ C0] ffff888029a75380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 487.442199][ C0] >ffff888029a75400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 487.445613][ C0] ^ [ 487.447525][ C0] ffff888029a75480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 487.459893][ C0] ffff888029a75500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 487.462493][ C0] ================================================================== [ 487.465508][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 487.468280][ C0] CPU: 0 UID: 0 PID: 13682 Comm: syz.0.2653 Not tainted syzkaller #0 PREEMPT(full) [ 487.491872][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 487.495693][ C0] Call Trace: [ 487.497030][ C0] [ 487.498261][ C0] dump_stack_lvl+0x100/0x190 [ 487.529790][ C0] vpanic+0x552/0x970 [ 487.531393][ C0] ? __pfx_vpanic+0x10/0x10 [ 487.533137][ C0] ? __pfx_vprintk_emit+0x10/0x10 [ 487.555960][ C0] ? _raw_spin_lock_irqsave+0x3a/0x60 [ 487.558449][ C0] panic+0xd1/0xe0 [ 487.567331][ C0] ? __pfx_panic+0x10/0x10 [ 487.569695][ C0] ? end_report.part.0+0x23/0x90 [ 487.572012][ C0] ? rcu_is_watching+0x12/0xc0 [ 487.598431][ C0] ? end_report.part.0+0x23/0x90 [ 487.600752][ C0] ? check_panic_on_warn+0x1f/0x90 [ 487.603695][ C0] check_panic_on_warn.cold+0x19/0x34 [ 487.605711][ C0] end_report.part.0+0x3a/0x90 [ 487.641061][ C0] kasan_report.cold+0xe/0x18 [ 487.642953][ C0] ? _raw_spin_lock_irqsave+0x3a/0x60 [ 487.644938][ C0] ? _raw_spin_lock_irqsave+0x3a/0x60 [ 487.651518][ C0] __kasan_check_byte+0x36/0x50 [ 487.653394][ C0] lock_acquire+0x12a/0x370 [ 487.670228][ C0] ? do_raw_spin_unlock+0x53/0x1e0 [ 487.679792][ C0] ? .slowpath+0x9/0x18 [ 487.681569][ C0] _raw_spin_lock_irqsave+0x3a/0x60 [ 487.683637][ C0] ? p9_req_put+0xaf/0x250 [ 487.685327][ C0] p9_req_put+0xaf/0x250 [ 487.686979][ C0] req_done+0x1dc/0x2e0 [ 487.704810][ C0] ? __pfx_req_done+0x10/0x10 [ 487.706627][ C0] ? do_raw_spin_lock+0x128/0x260 [ 487.708536][ C0] ? __pfx_req_done+0x10/0x10 [ 487.710772][ C0] vring_interrupt+0x2ef/0x650 [ 487.727022][ C0] ? __pfx_vring_interrupt+0x10/0x10 [ 487.729259][ C0] __handle_irq_event_percpu+0x235/0x8c0 [ 487.733477][ C0] handle_irq_event+0xab/0x1e0 [ 487.735503][ C0] handle_edge_irq+0x35e/0x960 [ 487.737489][ C0] __common_interrupt+0xd8/0x2f0 [ 487.759841][ C0] common_interrupt+0x60/0xe0 [ 487.761812][ C0] asm_common_interrupt+0x26/0x40 [ 487.777217][ C0] RIP: 0010:handle_softirqs+0x1ad/0xa00 [ 487.789712][ C0] Code: 30 44 88 74 24 23 45 89 ee 48 c7 c7 00 67 ad 8b e8 a8 3e bf 09 31 d2 65 66 89 15 f6 35 42 12 e8 d9 4e 48 00 fb bb ff ff ff ff <49> c7 c4 c0 a0 40 8e 41 0f bc de 83 c3 01 0f 85 a4 00 00 00 e9 47 [ 487.797665][ C0] RSP: 0018:ffffc90000007f20 EFLAGS: 00000202 [ 487.811032][ C0] RAX: 0000000000003bf2 RBX: 00000000ffffffff RCX: 0000000000000004 [ 487.815175][ C0] RDX: 0000000000000000 RSI: ffffffff8df19b62 RDI: ffffffff8c1c2380 [ 487.826732][ C0] RBP: 000000010000483c R08: 0000000000000001 R09: 0000000000000000 [ 487.831922][ C0] R10: 0000000000000001 R11: 0000000000000001 R12: 000000000000000a [ 487.838433][ C0] R13: 0000000000000282 R14: 0000000000000282 R15: 1ffff92000000fec [ 487.842793][ C0] ? __hrtimer_rearm_deferred+0x24d/0x740 [ 487.845953][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 487.849126][ C0] ? _raw_spin_unlock+0x28/0x50 [ 487.852159][ C0] ? __hrtimer_rearm_deferred+0x9b/0x740 [ 487.855551][ C0] __irq_exit_rcu+0x162/0x210 [ 487.858694][ C0] irq_exit_rcu+0x9/0x30 [ 487.861483][ C0] sysvec_apic_timer_interrupt+0xa3/0xc0 [ 487.864817][ C0] [ 487.866377][ C0] [ 487.868217][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 487.871360][ C0] RIP: 0010:lockdep_unregister_key+0x12b/0x1d0 [ 487.874532][ C0] Code: e8 da dd ff ff 48 83 2d 1a 4b 46 14 01 89 c3 e8 2b e0 ff ff 9c 58 f6 c4 02 0f 85 8a 00 00 00 f7 c5 00 02 00 00 74 01 fb 84 db <75> 40 5b 5d 41 5c e9 9a 9c 09 00 9c 58 f6 c4 02 0f 84 16 ff ff ff [ 487.885876][ C0] RSP: 0018:ffffc9000464fa48 EFLAGS: 00000246 [ 487.889558][ C0] RAX: 0000000000000046 RBX: 0000000000000000 RCX: 0000000000000001 [ 487.894344][ C0] RDX: 0000000000000000 RSI: ffffffff8e00b09b RDI: ffffffff8c1c2380 [ 487.898204][ C0] RBP: 0000000000000246 R08: 0000000000032a5a R09: ffffffff96303094 [ 487.901175][ C0] R10: 0000000000000200 R11: 0000000000000000 R12: ffffffff978edc38 [ 487.904320][ C0] R13: ffff888052e00000 R14: ffff888052e00508 R15: 0000000000000100 [ 487.907345][ C0] __qdisc_destroy+0x172/0x540 [ 487.909542][ C0] qdisc_put+0xb0/0xf0 [ 487.911337][ C0] shutdown_scheduler_queue+0xa5/0x160 [ 487.913901][ C0] dev_shutdown+0xb3/0x440 [ 487.916070][ C0] unregister_netdevice_many_notify+0xd56/0x24f0 [ 487.919269][ C0] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 487.923054][ C0] ? preempt_schedule_notrace_thunk+0x16/0x30 [ 487.925772][ C0] unregister_netdevice_queue+0x30b/0x3c0 [ 487.927805][ C0] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 487.929851][ C0] ? linkwatch_schedule_work+0x16f/0x1a0 [ 487.931686][ C0] ? linkwatch_fire_event+0x74/0x270 [ 487.933548][ C0] __tun_detach+0x1173/0x1480 [ 487.935559][ C0] ? __pfx_tun_chr_close+0x10/0x10 [ 487.938072][ C0] tun_chr_close+0xc2/0x220 [ 487.940373][ C0] ? __pfx_tun_chr_close+0x10/0x10 [ 487.942748][ C0] __fput+0x3ff/0xb50 [ 487.944709][ C0] task_work_run+0x150/0x240 [ 487.947117][ C0] ? __pfx_task_work_run+0x10/0x10 [ 487.950238][ C0] ? rcu_is_watching+0x12/0xc0 [ 487.953335][ C0] exit_to_user_mode_loop+0x100/0x4a0 [ 487.956029][ C0] ? __do_fast_syscall_32+0x373/0x950 [ 487.959179][ C0] __do_fast_syscall_32+0x608/0x950 [ 487.961966][ C0] do_fast_syscall_32+0x32/0x70 [ 487.964569][ C0] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 487.968170][ C0] RIP: 0023:0xf7f87fcc [ 487.970078][ C0] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 487.979970][ C0] RSP: 002b:00000000ffe8f78c EFLAGS: 00000202 ORIG_RAX: 00000000000001b4 [ 487.983328][ C0] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 000000000000001e [ 487.985896][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 487.988719][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 487.991841][ C0] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 487.995994][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 487.999964][ C0] [ 488.002280][ C0] Kernel Offset: disabled [ 488.004026][ C0] Rebooting in 86400 seconds.. VM DIAGNOSIS: 03:55:51 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000031 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff857bc695 RDI=ffffffff9b4596a0 RBP=ffffffff9b459660 RSP=ffffc90000007568 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3230383838666666 R12=0000000000000000 R13=0000000000000031 R14=0000000000000010 R15=ffffffff857bc630 RIP=ffffffff857bc6bf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 000fffff 00000000 GS =0063 ffff888097180000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 000fffff 00000000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c2e83d8 CR3=0000000073ccc000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=d8736e33136b5a9c 5529d7e445f99370 d8736e33136b5a9c 5529d7e445f99370 d8736e33136b5a9c 5529d7e445f99370 d8736e33136b5a9c 5529d7e445f99370 ZMM18=6765b415b791c1fb 7430349d1da20f2b 6765b415b791c1fb 7430349d1da20f2b 6765b415b791c1fb 7430349d1da20f2b 6765b415b791c1fb 7430349d1da20f2b ZMM19=b214000000000000 0000000000000005 b214000000000000 0000000000000004 b214000000000000 0000000000000003 b214000000000000 0000000000000002 ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7611ffffffff81ad 7e61ffffffff81ad 74aeffffffff81ad 71b1ffffffff81ad ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7c900000016c0300 000000000008ffff f44a000003e60000 0008000400000008 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0008000000140000 0b8800000b9c0000 0bc000000be40000 0005000000000000 ZMM24=1da20f2b1da20f2b 1da20f2b1da20f2b 1da20f2b1da20f2b 1da20f2b1da20f2b 1da20f2b1da20f2b 1da20f2b1da20f2b 1da20f2b1da20f2b 1da20f2b1da20f2b ZMM25=7430349d7430349d 7430349d7430349d 7430349d7430349d 7430349d7430349d 7430349d7430349d 7430349d7430349d 7430349d7430349d 7430349d7430349d ZMM26=b791c1fbb791c1fb b791c1fbb791c1fb b791c1fbb791c1fb b791c1fbb791c1fb b791c1fbb791c1fb b791c1fbb791c1fb b791c1fbb791c1fb b791c1fbb791c1fb ZMM27=6765b4156765b415 6765b4156765b415 6765b4156765b415 6765b4156765b415 6765b4156765b415 6765b4156765b415 6765b4156765b415 6765b4156765b415 ZMM28=000000400000003f 0000003e0000003d 0000003c0000003b 0000003a00000039 0000003800000037 0000003600000035 0000003400000033 0000003200000031 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=b1140000b1140000 b1140000b1140000 b1140000b1140000 b1140000b1140000 b1140000b1140000 b1140000b1140000 b1140000b1140000 b1140000b1140000 info registers vcpu 1 CPU#1 RAX=0000000000000001 RBX=ffff88802b333da8 RCX=0000000000000002 RDX=0000000000000000 RSI=ffffffff8c1c2300 RDI=ffffffff8e1c9928 RBP=0000000000000001 RSP=ffffc90000590720 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000200 R11=00000000000a86e8 R12=0000000000000002 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff81ec4100 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097280000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c4103d1 CR3=000000000e596000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2190fec5c4ac1885 ef38380d19da4713 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 cf6bc8b01ff43792 f6745b6ee16741c5 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 20364a662c977371 148a8cf77d2105c5 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 8e071adac9f47087 0a39e9c2c2ed8cf0 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000940 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 cd2600004a460000 01278d710000027c ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 356200008e6f0000 164c0000edba0000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 074800000000006e 012779f0012775e8 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 01279552012796e6 58a200000127750d ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0bede84881b5d9f1 4edc4ec78ff9b984 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f9cb370fdce8cfc4 3600fcc1fc1193dc ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=ffffffff81da4660 RBX=ffff88802b43b380 RCX=ffff88802b43b398 RDX=0000000000000088 RSI=ffff88802175a500 RDI=ffff88802b43b380 RBP=ffff88802175a500 RSP=ffffc90000538d08 R8 =0000000000000001 R9 =fffffbfff1cd9f39 R10=ffffffff8e6cf9cf R11=0000000000000002 R12=ffffffff8e1b8b68 R13=ffff888023eb2500 R14=ffff88802b43beb8 R15=ffff88802175a808 RIP=ffffffff81da4660 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097380000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000005822a23c CR3=000000006270e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=00000000002d3e2f RBX=ffff88801c3ca500 RCX=ffffffff8b870045 RDX=0000000000000000 RSI=ffffffff8df19b62 RDI=ffffffff8c1c2380 RBP=0000000000000000 RSP=ffffc9000048fdf0 R8 =0000000000000001 R9 =ffffed10056a67b5 R10=ffff88802b533dab R11=0000000000000000 R12=0000000000000003 R13=ffffed10038794a0 R14=0000000000000003 R15=ffffffff90d7b350 RIP=ffffffff8b86e87f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097480000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000560a74f1a000 CR3=000000004b6d0000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000