last executing test programs: 18.179253302s ago: executing program 0 (id=2264): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) syz_emit_ethernet(0x4a, 0x0, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x1f00) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0) getsockopt$TIPC_NODE_RECVQ_DEPTH(0xffffffffffffffff, 0x10f, 0x83, &(0x7f0000000180), &(0x7f00000001c0)=0x4) symlink(&(0x7f0000001640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', &(0x7f0000000e40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') getpeername$tipc(0xffffffffffffffff, &(0x7f00000000c0)=@name, 0x0) quotactl$Q_SETQUOTA(0xffffffff80000800, &(0x7f0000000540)=@filename='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', 0xee00, 0x0) pipe2$9p(&(0x7f0000000100), 0x800) r4 = timerfd_create(0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0), 0x8004, &(0x7f00000001c0)=ANY=[]) ioctl$TFD_IOC_SET_TICKS(r4, 0x40085400, &(0x7f0000000080)=0x8) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r5, 0x0, 0x0) syz_io_uring_setup(0x21b1, &(0x7f0000000080)={0x0, 0xb2e8, 0x10000, 0x1, 0x2b}, &(0x7f0000000000), &(0x7f0000000140)) 13.875291237s ago: executing program 0 (id=2265): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000e40)={'wlan0\x00', 0x0}) socket$nl_rdma(0x10, 0x3, 0x14) socket$kcm(0x10, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="210f00000000fedbdf252000000008000300", @ANYRES32=r2], 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x0) 13.825300769s ago: executing program 2 (id=2266): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000140)='./file1\x00') openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) 13.622887139s ago: executing program 2 (id=2269): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40010160, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setfsuid(0xffffffffffffffff) bind$alg(r3, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="ad56b6cc0400aeb995298992ea5400c2", 0x10) sendmmsg$unix(r4, &(0x7f0000000680), 0x4924924924925c6, 0x0) 12.505382205s ago: executing program 2 (id=2274): syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, &(0x7f0000000180)=0x1) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$nl_generic(0x10, 0x3, 0x10) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000380)={'syz1\x00', {0x0, 0x7fff, 0x2, 0x2}, 0x51, [0x3ff, 0x2, 0x10000, 0x0, 0x7ca6, 0x9, 0xc2ad, 0x4, 0x9, 0x9, 0x5, 0x9, 0x8, 0x200, 0x5, 0x3, 0x7, 0x5, 0xfffffff9, 0x6, 0x3, 0xfff, 0x7f, 0x4152, 0x8b3, 0x9, 0x861, 0x7, 0x5, 0x0, 0x3c, 0x4, 0x1005, 0x4, 0x8, 0x38, 0x8, 0x8, 0xd5bb, 0x3, 0x1, 0x9de9, 0x8, 0x3, 0x3, 0x7f, 0x5, 0x8, 0x0, 0x1, 0x3ff, 0x6, 0x2e, 0x800, 0x846c, 0x3, 0x6, 0x31b, 0x8, 0xa, 0x1, 0x7, 0xffffffff, 0x3], [0x4a, 0x19a78cbf, 0xe936, 0x0, 0x200, 0xfffffff7, 0x2, 0x7d, 0x10001, 0x8, 0x3ff, 0x1, 0x7, 0x8f, 0x1, 0x5, 0x1ff, 0x200, 0x6f8, 0x7, 0xd, 0x7, 0x100788, 0x6, 0x0, 0x0, 0x8, 0x3, 0x5, 0x2, 0xa, 0x7, 0x80, 0x5aa, 0xfffff000, 0x400, 0x2, 0x7, 0x6, 0x6, 0x5, 0x3, 0x87, 0x22e2, 0x502, 0xffffffff, 0x7, 0x1ff, 0x6, 0x10001, 0x9e, 0x1, 0x5, 0x101, 0xfffffffa, 0x0, 0x2, 0x2, 0x6, 0x1ff, 0x8, 0x3, 0x6], [0x2, 0x94da, 0xffffffff, 0xb, 0xc0000, 0x4, 0x4, 0xfffffffa, 0x6, 0x7, 0xea, 0x7, 0x6, 0x400, 0xfffeffff, 0xfc000000, 0x8, 0x8, 0xd1, 0x2, 0xb66, 0x3, 0x4, 0x52c, 0x4, 0x10001, 0xfffffff8, 0x2, 0x9, 0x1, 0x7, 0xe86, 0x8, 0x20000100, 0x7, 0x1, 0x746a6ffd, 0x3, 0x4, 0x0, 0x1, 0x45a6c325, 0x8, 0x10000, 0x1000, 0x2, 0x5, 0x0, 0x2, 0x2, 0x1, 0x8, 0x2, 0x2, 0x81, 0x200, 0x3ff, 0xffffffcc, 0x6, 0xa000000, 0x8, 0xfff, 0x4000, 0x1], [0x8, 0x7, 0x3, 0xfffffffc, 0x8000, 0x2, 0x8, 0x1ff, 0xfffffffe, 0x10, 0x5e, 0x4, 0x8, 0x8, 0x5, 0x8, 0xfb, 0xf25, 0xd, 0x1ff, 0x2, 0x95, 0x9, 0x9, 0x1, 0xc, 0xffff6f9e, 0x4, 0xfffffff7, 0x10000, 0x7, 0x52a, 0x5, 0xc1a4, 0x4, 0x8, 0x3, 0x9, 0x5, 0xb7af, 0x3, 0x4, 0x0, 0x1ff8, 0x2, 0x7, 0x6, 0x80000000, 0x652d, 0x7, 0x7fffffff, 0xd, 0x40, 0x3ff, 0xc, 0x1ff, 0x9, 0x6, 0x0, 0x1000, 0x9, 0x2, 0x9, 0x4]}, 0x45c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'gre0\x00'}) sendto(0xffffffffffffffff, 0x0, 0x0, 0x810, 0x0, 0x0) socket$igmp(0x2, 0x3, 0x2) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r4 = socket$netlink(0x10, 0x3, 0x400000000000004) writev(r4, &(0x7f0000019440)=[{0x0}], 0x1) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="e80000003f00070100000000fddbdf25027c0000d100378013000300717472283414d6bba919736d34290000080008"], 0xe8}, 0x1, 0x0, 0x0, 0xc880}, 0x0) syz_genetlink_get_family_id$smc(&(0x7f0000000140), r4) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r4) bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r3, 0x90004) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c900"], 0x16) ppoll(&(0x7f00000000c0)=[{r3, 0x60}], 0x1, 0x0, 0x0, 0x0) r6 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x4) 9.187451951s ago: executing program 2 (id=2277): syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000000145f405e04bd84be89010403010902240001000000000904ed0002ff5d8100090503e8ffffff040009058a03"], 0x0) 8.939212644s ago: executing program 1 (id=2281): sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40081c4}, 0x44000) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000020000000c000000001466bfdac3c37dd5273545b9193c412d42832b1bc897a82f6f0b95c99bcf82e5ef1a49736b94ceead334e440a96111d5713c3408ca3de393208cc5dfb2d637ec39407436c4494f0d20"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c210000000000202020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0x2, 0x3, 0x0, 0xad7}, 0x14) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000780)=ANY=[@ANYBLOB="2000000040000701feffffff00000000017c000004004280040001800400028016a31fdf7ce10161d410ff422b8e2fbb5087050c7166e190fcfe13dbf82a57a82fefc92afd799452a689e3a5505df1e8cf0c701ad72839279467c82e3fe76ffc80600202809d4dcd4cc067db037194463cde68290cc1221d89661e517136f46f8a5ac4d4f3c149b0088309c4099b3eff05da02de1357713389"], 0x20}}, 0xc000) r1 = socket$alg(0x26, 0x5, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00'}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 8.814214119s ago: executing program 1 (id=2283): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f00000007c0)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be521634", 0xc}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000002c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538", 0x58}], 0x3}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000008c0)=""/97, 0x61}, {&(0x7f0000000840)=""/83, 0x53}], 0x2}, 0x0) 8.79673846s ago: executing program 0 (id=2284): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') creat(&(0x7f0000000080)='./file0\x00', 0x13a) lsetxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f0000000040)='system.posix_acl_access\x00', &(0x7f0000000340)=ANY=[@ANYBLOB="0200000001"], 0xc, 0x2) 8.597448411s ago: executing program 1 (id=2285): syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, &(0x7f0000000180)=0x1) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$nl_generic(0x10, 0x3, 0x10) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000380)={'syz1\x00', {0x0, 0x7fff, 0x2, 0x2}, 0x51, [0x3ff, 0x2, 0x10000, 0x0, 0x7ca6, 0x9, 0xc2ad, 0x4, 0x9, 0x9, 0x5, 0x9, 0x8, 0x200, 0x5, 0x3, 0x7, 0x5, 0xfffffff9, 0x6, 0x3, 0xfff, 0x7f, 0x4152, 0x8b3, 0x9, 0x861, 0x7, 0x5, 0x0, 0x3c, 0x4, 0x1005, 0x4, 0x8, 0x38, 0x8, 0x8, 0xd5bb, 0x3, 0x1, 0x9de9, 0x8, 0x3, 0x3, 0x7f, 0x5, 0x8, 0x0, 0x1, 0x3ff, 0x6, 0x2e, 0x800, 0x846c, 0x3, 0x6, 0x31b, 0x8, 0xa, 0x1, 0x7, 0xffffffff, 0x3], [0x4a, 0x19a78cbf, 0xe936, 0x0, 0x200, 0xfffffff7, 0x2, 0x7d, 0x10001, 0x8, 0x3ff, 0x1, 0x7, 0x8f, 0x1, 0x5, 0x1ff, 0x200, 0x6f8, 0x7, 0xd, 0x7, 0x100788, 0x6, 0x0, 0x0, 0x8, 0x3, 0x5, 0x2, 0xa, 0x7, 0x80, 0x5aa, 0xfffff000, 0x400, 0x2, 0x7, 0x6, 0x6, 0x5, 0x3, 0x87, 0x22e2, 0x502, 0xffffffff, 0x7, 0x1ff, 0x6, 0x10001, 0x9e, 0x1, 0x5, 0x101, 0xfffffffa, 0x0, 0x2, 0x2, 0x6, 0x1ff, 0x8, 0x3, 0x6], [0x2, 0x94da, 0xffffffff, 0xb, 0xc0000, 0x4, 0x4, 0xfffffffa, 0x6, 0x7, 0xea, 0x7, 0x6, 0x400, 0xfffeffff, 0xfc000000, 0x8, 0x8, 0xd1, 0x2, 0xb66, 0x3, 0x4, 0x52c, 0x4, 0x10001, 0xfffffff8, 0x2, 0x9, 0x1, 0x7, 0xe86, 0x8, 0x20000100, 0x7, 0x1, 0x746a6ffd, 0x3, 0x4, 0x0, 0x1, 0x45a6c325, 0x8, 0x10000, 0x1000, 0x2, 0x5, 0x0, 0x2, 0x2, 0x1, 0x8, 0x2, 0x2, 0x81, 0x200, 0x3ff, 0xffffffcc, 0x6, 0xa000000, 0x8, 0xfff, 0x4000, 0x1], [0x8, 0x7, 0x3, 0xfffffffc, 0x8000, 0x2, 0x8, 0x1ff, 0xfffffffe, 0x10, 0x5e, 0x4, 0x8, 0x8, 0x5, 0x8, 0xfb, 0xf25, 0xd, 0x1ff, 0x2, 0x95, 0x9, 0x9, 0x1, 0xc, 0xffff6f9e, 0x4, 0xfffffff7, 0x10000, 0x7, 0x52a, 0x5, 0xc1a4, 0x4, 0x8, 0x3, 0x9, 0x5, 0xb7af, 0x3, 0x4, 0x0, 0x1ff8, 0x2, 0x7, 0x6, 0x80000000, 0x652d, 0x7, 0x7fffffff, 0xd, 0x40, 0x3ff, 0xc, 0x1ff, 0x9, 0x6, 0x0, 0x1000, 0x9, 0x2, 0x9, 0x4]}, 0x45c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'gre0\x00'}) sendto(0xffffffffffffffff, 0x0, 0x0, 0x810, 0x0, 0x0) socket$igmp(0x2, 0x3, 0x2) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r4 = socket$netlink(0x10, 0x3, 0x400000000000004) writev(r4, &(0x7f0000019440)=[{&(0x7f0000000200)}], 0x1) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="e80000003f00070100000000fddbdf25027c0000d100378013000300717472283414d6bba919736d34290000080008"], 0xe8}, 0x1, 0x0, 0x0, 0xc880}, 0x0) syz_genetlink_get_family_id$smc(&(0x7f0000000140), r4) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r4) bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r3, 0x90004) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c900"], 0x16) ppoll(&(0x7f00000000c0)=[{r3, 0x60}], 0x1, 0x0, 0x0, 0x0) r6 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x4) 8.549100953s ago: executing program 0 (id=2286): timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000e, 0x204031, 0xffffffffffffffff, 0xd0c6f000) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000}) 6.166505212s ago: executing program 3 (id=2288): r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000011005f0414f9f407000904008100", 0x12) 5.450868698s ago: executing program 1 (id=2289): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) 5.362728092s ago: executing program 2 (id=2290): ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, &(0x7f0000000480)={'s526\x00', [0x4f27, 0xb, 0xfffd, 0x4, 0x52a2, 0x0, 0xb, 0x7, 0x8, 0x101, 0x5, 0xa, 0x2, 0x4, 0xfffffffe, 0x80000001, 0xfffffffe, 0x5, 0x6, 0xfffff801, 0x89, 0x8, 0x1ff, 0xfffffffd, 0xb, 0xe63, 0x68a1589b, 0x100008, 0x65c, 0x2, 0xffffe8e9]}) read(0xffffffffffffffff, 0x0, 0x0) 5.319194084s ago: executing program 3 (id=2291): sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40081c4}, 0x44000) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000020000000c000000001466bfdac3c37dd5273545b9193c412d42832b1bc897a82f6f0b95c99bcf82e5ef1a49736b94ceead334e440a96111d5713c3408ca3de393208cc5dfb2d637ec39407436c4494f0d20"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c210000000000202020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0x2, 0x3, 0x0, 0xad7}, 0x14) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000780)=ANY=[@ANYBLOB="2000000040000701feffffff00000000017c000004004280040001800400028016a31fdf7ce10161d410ff422b8e2fbb5087050c7166e190fcfe13dbf82a57a82fefc92afd799452a689e3a5505df1e8cf0c701ad72839279467c82e3fe76ffc80600202809d4dcd4cc067db037194463cde68290cc1221d89661e517136f46f8a5ac4d4f3c149b0088309c4099b3eff05da02de1357713389"], 0x20}}, 0xc000) r1 = socket$alg(0x26, 0x5, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00'}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 5.243359528s ago: executing program 1 (id=2292): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000e40)={'wlan0\x00', 0x0}) socket$nl_rdma(0x10, 0x3, 0x14) socket$kcm(0x10, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="210f00000000fedbdf252000000008000300", @ANYRES32=r2], 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x0) 5.234050499s ago: executing program 3 (id=2293): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f00000007c0)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be521634", 0xc}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000002c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538", 0x58}], 0x3}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000008c0)=""/97, 0x61}, {&(0x7f0000000840)=""/83, 0x53}], 0x2}, 0x0) 5.137979524s ago: executing program 2 (id=2294): r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 5.058475007s ago: executing program 3 (id=2295): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40010160, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setfsuid(0xffffffffffffffff) bind$alg(r3, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="ad56b6cc0400aeb995298992ea5400c2", 0x10) sendmmsg$unix(r4, &(0x7f0000000680), 0x4924924924925c6, 0x0) 3.871174177s ago: executing program 3 (id=2297): syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, &(0x7f0000000180)=0x1) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$nl_generic(0x10, 0x3, 0x10) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000380)={'syz1\x00', {0x0, 0x7fff, 0x2, 0x2}, 0x51, [0x3ff, 0x2, 0x10000, 0x0, 0x7ca6, 0x9, 0xc2ad, 0x4, 0x9, 0x9, 0x5, 0x9, 0x8, 0x200, 0x5, 0x3, 0x7, 0x5, 0xfffffff9, 0x6, 0x3, 0xfff, 0x7f, 0x4152, 0x8b3, 0x9, 0x861, 0x7, 0x5, 0x0, 0x3c, 0x4, 0x1005, 0x4, 0x8, 0x38, 0x8, 0x8, 0xd5bb, 0x3, 0x1, 0x9de9, 0x8, 0x3, 0x3, 0x7f, 0x5, 0x8, 0x0, 0x1, 0x3ff, 0x6, 0x2e, 0x800, 0x846c, 0x3, 0x6, 0x31b, 0x8, 0xa, 0x1, 0x7, 0xffffffff, 0x3], [0x4a, 0x19a78cbf, 0xe936, 0x0, 0x200, 0xfffffff7, 0x2, 0x7d, 0x10001, 0x8, 0x3ff, 0x1, 0x7, 0x8f, 0x1, 0x5, 0x1ff, 0x200, 0x6f8, 0x7, 0xd, 0x7, 0x100788, 0x6, 0x0, 0x0, 0x8, 0x3, 0x5, 0x2, 0xa, 0x7, 0x80, 0x5aa, 0xfffff000, 0x400, 0x2, 0x7, 0x6, 0x6, 0x5, 0x3, 0x87, 0x22e2, 0x502, 0xffffffff, 0x7, 0x1ff, 0x6, 0x10001, 0x9e, 0x1, 0x5, 0x101, 0xfffffffa, 0x0, 0x2, 0x2, 0x6, 0x1ff, 0x8, 0x3, 0x6], [0x2, 0x94da, 0xffffffff, 0xb, 0xc0000, 0x4, 0x4, 0xfffffffa, 0x6, 0x7, 0xea, 0x7, 0x6, 0x400, 0xfffeffff, 0xfc000000, 0x8, 0x8, 0xd1, 0x2, 0xb66, 0x3, 0x4, 0x52c, 0x4, 0x10001, 0xfffffff8, 0x2, 0x9, 0x1, 0x7, 0xe86, 0x8, 0x20000100, 0x7, 0x1, 0x746a6ffd, 0x3, 0x4, 0x0, 0x1, 0x45a6c325, 0x8, 0x10000, 0x1000, 0x2, 0x5, 0x0, 0x2, 0x2, 0x1, 0x8, 0x2, 0x2, 0x81, 0x200, 0x3ff, 0xffffffcc, 0x6, 0xa000000, 0x8, 0xfff, 0x4000, 0x1], [0x8, 0x7, 0x3, 0xfffffffc, 0x8000, 0x2, 0x8, 0x1ff, 0xfffffffe, 0x10, 0x5e, 0x4, 0x8, 0x8, 0x5, 0x8, 0xfb, 0xf25, 0xd, 0x1ff, 0x2, 0x95, 0x9, 0x9, 0x1, 0xc, 0xffff6f9e, 0x4, 0xfffffff7, 0x10000, 0x7, 0x52a, 0x5, 0xc1a4, 0x4, 0x8, 0x3, 0x9, 0x5, 0xb7af, 0x3, 0x4, 0x0, 0x1ff8, 0x2, 0x7, 0x6, 0x80000000, 0x652d, 0x7, 0x7fffffff, 0xd, 0x40, 0x3ff, 0xc, 0x1ff, 0x9, 0x6, 0x0, 0x1000, 0x9, 0x2, 0x9, 0x4]}, 0x45c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'gre0\x00'}) sendto(0xffffffffffffffff, 0x0, 0x0, 0x810, 0x0, 0x0) socket$igmp(0x2, 0x3, 0x2) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r4 = socket$netlink(0x10, 0x3, 0x400000000000004) writev(r4, &(0x7f0000019440)=[{&(0x7f0000000200)}], 0x1) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="e80000003f00070100000000fddbdf25027c0000d100378013000300717472283414d6bba919736d34290000080008"], 0xe8}, 0x1, 0x0, 0x0, 0xc880}, 0x0) syz_genetlink_get_family_id$smc(&(0x7f0000000140), r4) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r4) bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r3, 0x90004) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c900"], 0x16) ppoll(&(0x7f00000000c0)=[{r3, 0x60}], 0x1, 0x0, 0x0, 0x0) r6 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x4) 3.836963938s ago: executing program 0 (id=2298): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000140)=0x8, 0x4) connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r0, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00) 675.787347ms ago: executing program 3 (id=2299): syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000380)={'syz1\x00', {0x0, 0x7fff, 0x2, 0x2}, 0x51, [0x3ff, 0x2, 0x10000, 0x0, 0x7ca6, 0x9, 0xc2ad, 0x4, 0x9, 0x9, 0x5, 0x9, 0x8, 0x200, 0x5, 0x3, 0x7, 0x5, 0xfffffff9, 0x6, 0x3, 0xfff, 0x7f, 0x4152, 0x8b3, 0x9, 0x861, 0x7, 0x5, 0x0, 0x3c, 0x4, 0x1005, 0x4, 0x8, 0x38, 0x8, 0x8, 0xd5bb, 0x3, 0x1, 0x9de9, 0x8, 0x3, 0x3, 0x7f, 0x5, 0x8, 0x0, 0x1, 0x3ff, 0x6, 0x2e, 0x800, 0x846c, 0x3, 0x6, 0x31b, 0x8, 0xa, 0x1, 0x7, 0xffffffff, 0x3], [0x4a, 0x19a78cbf, 0xe936, 0x0, 0x200, 0xfffffff7, 0x2, 0x7d, 0x10001, 0x8, 0x3ff, 0x1, 0x7, 0x8f, 0x1, 0x5, 0x1ff, 0x200, 0x6f8, 0x7, 0xd, 0x7, 0x100788, 0x6, 0x0, 0x0, 0x8, 0x3, 0x5, 0x2, 0xa, 0x7, 0x80, 0x5aa, 0xfffff000, 0x400, 0x2, 0x7, 0x6, 0x6, 0x5, 0x3, 0x87, 0x22e2, 0x502, 0xffffffff, 0x7, 0x1ff, 0x6, 0x10001, 0x9e, 0x1, 0x5, 0x101, 0xfffffffa, 0x0, 0x2, 0x2, 0x6, 0x1ff, 0x8, 0x3, 0x6], [0x2, 0x94da, 0xffffffff, 0xb, 0xc0000, 0x4, 0x4, 0xfffffffa, 0x6, 0x7, 0xea, 0x7, 0x6, 0x400, 0xfffeffff, 0xfc000000, 0x8, 0x8, 0xd1, 0x2, 0xb66, 0x3, 0x4, 0x52c, 0x4, 0x10001, 0xfffffff8, 0x2, 0x9, 0x1, 0x7, 0xe86, 0x8, 0x20000100, 0x7, 0x1, 0x746a6ffd, 0x3, 0x4, 0x0, 0x1, 0x45a6c325, 0x8, 0x10000, 0x1000, 0x2, 0x5, 0x0, 0x2, 0x2, 0x1, 0x8, 0x2, 0x2, 0x81, 0x200, 0x3ff, 0xffffffcc, 0x6, 0xa000000, 0x8, 0xfff, 0x4000, 0x1], [0x8, 0x7, 0x3, 0xfffffffc, 0x8000, 0x2, 0x8, 0x1ff, 0xfffffffe, 0x10, 0x5e, 0x4, 0x8, 0x8, 0x5, 0x8, 0xfb, 0xf25, 0xd, 0x1ff, 0x2, 0x95, 0x9, 0x9, 0x1, 0xc, 0xffff6f9e, 0x4, 0xfffffff7, 0x10000, 0x7, 0x52a, 0x5, 0xc1a4, 0x4, 0x8, 0x3, 0x9, 0x5, 0xb7af, 0x3, 0x4, 0x0, 0x1ff8, 0x2, 0x7, 0x6, 0x80000000, 0x652d, 0x7, 0x7fffffff, 0xd, 0x40, 0x3ff, 0xc, 0x1ff, 0x9, 0x6, 0x0, 0x1000, 0x9, 0x2, 0x9, 0x4]}, 0x45c) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'gre0\x00'}) socket$igmp(0x2, 0x3, 0x2) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) writev(0xffffffffffffffff, &(0x7f0000019440)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80ffe0090f000060000000a2bc", 0x24}], 0x1) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB], 0xe8}, 0x1, 0x0, 0x0, 0xc880}, 0x0) syz_genetlink_get_family_id$smc(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) bind$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r1, 0x90004) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c900"], 0x16) ppoll(&(0x7f00000000c0)=[{r1, 0x60}], 0x1, 0x0, 0x0, 0x0) 530.490454ms ago: executing program 0 (id=2300): r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) munlockall() madvise(&(0x7f000023a000/0x4000)=nil, 0x4000, 0x64) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r4 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)}, &(0x7f0000000180)=0x10) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r5 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r5, 0x80044940, &(0x7f00000010c0)) socket$inet_sctp(0x2, 0x1, 0x84) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r6 = getpid() sched_setscheduler(r6, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)) write$P9_RSTATu(r0, 0x0, 0x0) 0s ago: executing program 1 (id=2301): sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40081c4}, 0x44000) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000020000000c000000001466bfdac3c37dd5273545b9193c412d42832b1bc897a82f6f0b95c99bcf82e5ef1a49736b94ceead334e440a96111d5713c3408ca3de393208cc5dfb2d637ec39407436c4494f0d20"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c210000000000202020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0x2, 0x3, 0x0, 0xad7}, 0x14) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000780)=ANY=[@ANYBLOB="2000000040000701feffffff00000000017c000004004280040001800400028016a31fdf7ce10161d410ff422b8e2fbb5087050c7166e190fcfe13dbf82a57a82fefc92afd799452a689e3a5505df1e8cf0c701ad72839279467c82e3fe76ffc80600202809d4dcd4cc067db037194463cde68290cc1221d89661e517136f46f8a5ac4d4f3c149b0088309c4099b3eff05da02de1357713389"], 0x20}}, 0xc000) r1 = socket$alg(0x26, 0x5, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) kernel console output (not intermixed with test programs): bj=unconfined pid=10310 comm="syz.0.1375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 630.930200][ T28] audit: type=1326 audit(1773862149.830:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10310 comm="syz.0.1375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 630.952964][ C1] vkms_vblank_simulate: vblank timer overrun [ 630.960117][ T28] audit: type=1326 audit(1773862149.830:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10310 comm="syz.0.1375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 630.984974][ T28] audit: type=1326 audit(1773862149.830:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10310 comm="syz.0.1375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 631.012814][ T28] audit: type=1326 audit(1773862149.830:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10310 comm="syz.0.1375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 631.036478][ C1] vkms_vblank_simulate: vblank timer overrun [ 631.187012][ T28] audit: type=1326 audit(1773862149.830:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10310 comm="syz.0.1375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 631.210628][ T28] audit: type=1326 audit(1773862149.830:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10310 comm="syz.0.1375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 632.030542][T10334] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1381'. [ 632.983890][ T9948] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 633.076688][ T9659] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 633.266666][ T9659] usb 1-1: Using ep0 maxpacket: 16 [ 633.275759][ T9659] usb 1-1: config 1 has an invalid interface number: 58 but max is 0 [ 633.286982][ T9659] usb 1-1: config 1 has no interface number 0 [ 633.293953][ T9659] usb 1-1: config 1 interface 58 has no altsetting 0 [ 633.312018][ T9659] usb 1-1: New USB device found, idVendor=0bfd, idProduct=0126, bcdDevice=bd.e4 [ 633.322638][ T9659] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 633.333405][ T9659] usb 1-1: Product: syz [ 633.338650][ T9659] usb 1-1: Manufacturer: syz [ 633.344856][ T9659] usb 1-1: SerialNumber: syz [ 633.586679][ T9659] kvaser_usb 1-1:1.58: Cannot get usb endpoint(s) [ 633.601161][ T9659] usb 1-1: USB disconnect, device number 26 [ 633.846173][T10352] [U] ù [ 634.458569][T10367] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1392'. [ 635.142190][T10370] netlink: 1624 bytes leftover after parsing attributes in process `syz.0.1394'. [ 635.654204][ T5782] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 635.757687][T10378] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1395'. [ 635.895651][T10382] syzkaller0: entered promiscuous mode [ 635.904243][T10378] nbd: socks must be embedded in a SOCK_ITEM attr [ 635.906907][T10382] syzkaller0: entered allmulticast mode [ 636.042192][ T6534] block nbd64: NBD_DISCONNECT [ 636.354820][ T6532] udevd[6532]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 637.673693][T10403] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1401'. [ 638.635653][T10414] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.1404'. [ 638.876594][ T5759] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 639.068322][ T5759] usb 4-1: Using ep0 maxpacket: 16 [ 639.098259][ T5759] usb 4-1: config 1 has an invalid interface number: 58 but max is 0 [ 639.135733][ T5759] usb 4-1: config 1 has no interface number 0 [ 639.155342][ T5759] usb 4-1: config 1 interface 58 has no altsetting 0 [ 639.169186][ T5759] usb 4-1: New USB device found, idVendor=0bfd, idProduct=0126, bcdDevice=bd.e4 [ 639.186562][ T5759] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 639.207588][ T5759] usb 4-1: Product: syz [ 639.212095][ T5759] usb 4-1: Manufacturer: syz [ 639.226601][ T5759] usb 4-1: SerialNumber: syz [ 639.707703][T10422] tipc: Enabled bearer , priority 0 [ 639.761451][T10422] tipc: Resetting bearer [ 639.792376][ T5759] kvaser_usb 4-1:1.58: Cannot get usb endpoint(s) [ 639.820358][ T5759] usb 4-1: USB disconnect, device number 24 [ 639.871576][T10420] tipc: Disabling bearer [ 640.695593][T10436] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1410'. [ 641.587348][ T5782] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 641.708471][T10445] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1411'. [ 641.919037][T10445] nbd: socks must be embedded in a SOCK_ITEM attr [ 641.989359][ T6532] block nbd64: NBD_DISCONNECT [ 642.464275][T10452] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1415'. [ 642.473628][T10452] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1415'. [ 642.483332][T10452] netlink: 'syz.3.1415': attribute type 20 has an invalid length. [ 642.668084][ T6532] udevd[6532]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 643.206535][T10470] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1419'. [ 645.010561][T10486] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1426'. [ 645.019714][T10486] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1426'. [ 645.028972][T10486] netlink: 'syz.0.1426': attribute type 20 has an invalid length. [ 645.054681][T10488] netlink: 'syz.3.1427': attribute type 1 has an invalid length. [ 645.081020][T10488] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1427'. [ 645.403789][T10495] tipc: Enabled bearer , priority 0 [ 645.461977][T10495] tipc: Resetting bearer [ 645.563677][T10494] tipc: Disabling bearer [ 645.854329][T10501] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1429'. [ 646.667759][ T9948] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 646.762446][T10503] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1432'. [ 646.910637][T10503] nbd: socks must be embedded in a SOCK_ITEM attr [ 646.986092][T10517] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1437'. [ 646.997048][T10517] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1437'. [ 647.007540][T10517] netlink: 'syz.2.1437': attribute type 20 has an invalid length. [ 647.234117][ T6534] udevd[6534]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 647.268818][T10523] netlink: 'syz.2.1438': attribute type 1 has an invalid length. [ 647.272418][ T6532] udevd[6532]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 647.278424][T10523] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1438'. [ 648.296327][T10540] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1442'. [ 649.070922][T10543] syzkaller0: entered promiscuous mode [ 649.077271][T10543] syzkaller0: entered allmulticast mode [ 649.366723][ T5759] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 649.401948][T10547] trusted_key: encrypted_key: insufficient parameters specified [ 649.650837][ T5759] usb 1-1: Using ep0 maxpacket: 16 [ 649.686824][ T5759] usb 1-1: config 1 has an invalid interface number: 58 but max is 0 [ 649.747935][ T5759] usb 1-1: config 1 has no interface number 0 [ 649.782227][ T5759] usb 1-1: config 1 interface 58 has no altsetting 0 [ 649.839797][ T5759] usb 1-1: New USB device found, idVendor=0bfd, idProduct=0126, bcdDevice=bd.e4 [ 649.864579][ T5759] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 649.898949][ T5759] usb 1-1: Product: syz [ 649.932751][ T5759] usb 1-1: Manufacturer: syz [ 649.952729][ T5759] usb 1-1: SerialNumber: syz [ 650.156280][T10553] netlink: 'syz.2.1447': attribute type 1 has an invalid length. [ 650.165193][T10553] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1447'. [ 650.257368][ T5759] kvaser_usb 1-1:1.58: Cannot get usb endpoint(s) [ 650.284138][ T5759] usb 1-1: USB disconnect, device number 27 [ 651.615051][T10575] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1452'. [ 652.363412][ T5782] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 652.601963][T10585] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1457'. [ 652.638357][T10586] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1454'. [ 652.702206][T10587] trusted_key: encrypted_key: insufficient parameters specified [ 653.397321][T10586] nbd: socks must be embedded in a SOCK_ITEM attr [ 653.624235][ T6534] udevd[6534]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 653.672899][ T6532] udevd[6532]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 653.946608][ T8] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 654.016840][ T5813] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 654.095555][T10605] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1462'. [ 654.847019][ T8] usb 4-1: Using ep0 maxpacket: 16 [ 654.946643][ T5813] usb 2-1: Using ep0 maxpacket: 16 [ 655.082993][ T8] usb 4-1: config 1 has an invalid interface number: 58 but max is 0 [ 655.092399][ T8] usb 4-1: config 1 has no interface number 0 [ 655.103527][ T8] usb 4-1: config 1 interface 58 has no altsetting 0 [ 655.112464][ T5813] usb 2-1: unable to get BOS descriptor or descriptor too short [ 655.123984][ T8] usb 4-1: New USB device found, idVendor=0bfd, idProduct=0126, bcdDevice=bd.e4 [ 655.136420][ T5813] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 655.148903][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 655.162593][ T5813] usb 2-1: can't read configurations, error -71 [ 655.172887][ T8] usb 4-1: Product: syz [ 655.183059][ T8] usb 4-1: Manufacturer: syz [ 655.194243][ T8] usb 4-1: SerialNumber: syz [ 655.484740][ T8] kvaser_usb 4-1:1.58: Cannot get usb endpoint(s) [ 655.515472][ T8] usb 4-1: USB disconnect, device number 25 [ 656.485060][T10623] trusted_key: encrypted_key: insufficient parameters specified [ 657.070124][T10625] syzkaller0: entered promiscuous mode [ 657.075953][T10625] syzkaller0: entered allmulticast mode [ 657.145123][T10628] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1468'. [ 657.595741][ T9948] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 657.867244][T10642] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1471'. [ 657.946863][ T9659] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 658.392286][T10637] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1472'. [ 658.407216][ T9659] usb 3-1: Using ep0 maxpacket: 16 [ 658.452903][T10637] nbd: socks must be embedded in a SOCK_ITEM attr [ 658.469365][ T9659] usb 3-1: unable to get BOS descriptor or descriptor too short [ 658.516355][ T9659] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 658.547773][ T9659] usb 3-1: can't read configurations, error -71 [ 658.677071][ T6534] udevd[6534]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 658.692314][ T6532] udevd[6532]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 658.847017][ T5813] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 659.026608][ T5813] usb 2-1: Using ep0 maxpacket: 16 [ 659.038653][ T5813] usb 2-1: config 1 has an invalid interface number: 58 but max is 0 [ 659.048509][ T5813] usb 2-1: config 1 has no interface number 0 [ 659.055415][ T5813] usb 2-1: config 1 interface 58 has no altsetting 0 [ 659.067491][ T5813] usb 2-1: New USB device found, idVendor=0bfd, idProduct=0126, bcdDevice=bd.e4 [ 659.077729][ T5813] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 659.091875][ T5813] usb 2-1: Product: syz [ 659.269953][ T5813] usb 2-1: Manufacturer: syz [ 659.280330][ T5813] usb 2-1: SerialNumber: syz [ 660.399066][ T5813] kvaser_usb 2-1:1.58: Cannot get usb endpoint(s) [ 660.419975][ T5813] usb 2-1: USB disconnect, device number 18 [ 660.485696][T10660] trusted_key: encrypted_key: insufficient parameters specified [ 661.271024][T10665] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1479'. [ 661.370382][T10669] syzkaller0: entered promiscuous mode [ 661.376293][T10669] syzkaller0: entered allmulticast mode [ 662.570903][T10688] trusted_key: encrypted_key: insufficient parameters specified [ 664.101120][T10700] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1491'. [ 664.272830][T10702] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1492'. [ 664.559341][T10710] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1496'. [ 664.574343][ T8] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 665.158297][ T8] usb 1-1: Using ep0 maxpacket: 16 [ 665.209871][T10721] trusted_key: encrypted_key: insufficient parameters specified [ 665.245344][ T8] usb 1-1: config 1 has an invalid interface number: 58 but max is 0 [ 666.246523][ T8] usb 1-1: config 1 has no interface number 0 [ 666.278867][ T8] usb 1-1: config 1 interface 58 has no altsetting 0 [ 666.335502][ T8] usb 1-1: New USB device found, idVendor=0bfd, idProduct=0126, bcdDevice=bd.e4 [ 666.340759][T10727] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1501'. [ 666.381768][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 666.396539][ T8] usb 1-1: Product: syz [ 666.401140][T10730] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1502'. [ 666.425771][ T8] usb 1-1: Manufacturer: syz [ 666.434715][ T8] usb 1-1: SerialNumber: syz [ 666.710966][ T8] kvaser_usb 1-1:1.58: Cannot get usb endpoint(s) [ 666.755709][ T8] usb 1-1: USB disconnect, device number 28 [ 666.818446][ T5811] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 667.036694][ T5811] usb 4-1: Using ep0 maxpacket: 16 [ 667.044828][ T5811] usb 4-1: unable to get BOS descriptor or descriptor too short [ 667.057944][ T5811] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64 [ 667.072572][ T5811] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 667.082749][ T5811] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 667.091600][ T5811] usb 4-1: Product: syz [ 667.095953][ T5811] usb 4-1: Manufacturer: syz [ 667.101209][ T5811] usb 4-1: SerialNumber: syz [ 667.335735][T10734] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 667.845796][T10756] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1512'. [ 667.907158][T10757] trusted_key: encrypted_key: insufficient parameters specified [ 668.576956][T10759] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1513'. [ 668.625319][ T5811] cdc_ncm 4-1:1.0: SET_CRC_MODE failed [ 668.631857][ T5811] cdc_ncm 4-1:1.0: SET_NTB_FORMAT failed [ 668.667046][ T5811] cdc_ncm 4-1:1.0: bind() failure [ 668.680883][ T5811] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 668.689005][ T5811] cdc_ncm 4-1:1.1: bind() failure [ 668.702811][ T5811] usb 4-1: USB disconnect, device number 26 [ 668.873842][T10765] input: syz1 as /devices/virtual/input/input6 [ 668.896710][T10765] input: failed to attach handler leds to device input6, error: -6 [ 669.034655][ T5782] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 669.653621][T10774] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1519'. [ 669.662736][T10774] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1519'. [ 670.946784][ T9659] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 670.986678][T10786] trusted_key: encrypted_key: insufficient parameters specified [ 671.186702][ T5759] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 671.265338][ T9659] usb 4-1: config 0 has an invalid interface number: 50 but max is 0 [ 671.310629][ T9659] usb 4-1: config 0 has no interface number 0 [ 671.352810][ T9659] usb 4-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 671.429694][ T9659] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 671.486640][ T5759] usb 2-1: Using ep0 maxpacket: 16 [ 671.662656][ T9659] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 671.679178][ T5759] usb 2-1: unable to get BOS descriptor or descriptor too short [ 671.688245][ T9659] usb 4-1: Product: syz [ 671.698078][ T5759] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64 [ 671.717033][ T9659] usb 4-1: Manufacturer: syz [ 671.723448][ T9659] usb 4-1: SerialNumber: syz [ 671.734104][ T5759] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 671.750603][ T5759] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 671.761571][ T9659] usb 4-1: config 0 descriptor?? [ 671.772059][ T5759] usb 2-1: Product: syz [ 671.782797][ T5759] usb 2-1: Manufacturer: syz [ 671.788208][ T5759] usb 2-1: SerialNumber: syz [ 671.795193][ T9659] yurex 4-1:0.50: USB YUREX device now attached to Yurex #0 [ 671.837669][T10788] netlink: 1688 bytes leftover after parsing attributes in process `syz.0.1525'. [ 672.022183][T10785] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 672.041643][T10778] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 672.056351][T10778] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 672.094757][ T5811] usb 4-1: USB disconnect, device number 27 [ 672.107914][ T5811] yurex 4-1:0.50: USB YUREX #0 now disconnected [ 672.446681][ T8] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 672.646580][ T8] usb 1-1: Using ep0 maxpacket: 32 [ 672.655470][ T8] usb 1-1: config 0 has an invalid interface number: 188 but max is 0 [ 672.666636][ T8] usb 1-1: config 0 has no interface number 0 [ 672.687287][ T5759] cdc_ncm 2-1:1.0: SET_CRC_MODE failed [ 672.695532][ T8] usb 1-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 672.700192][ T5759] cdc_ncm 2-1:1.0: SET_NTB_FORMAT failed [ 672.730827][ T8] usb 1-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 672.757052][ T5759] cdc_ncm 2-1:1.0: bind() failure [ 672.763920][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 672.785341][ T8] usb 1-1: Product: syz [ 672.785988][ T5759] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 672.801440][ T8] usb 1-1: Manufacturer: syz [ 672.812130][ T8] usb 1-1: SerialNumber: syz [ 672.817893][ T5759] cdc_ncm 2-1:1.1: bind() failure [ 672.841100][ T5759] usb 2-1: USB disconnect, device number 19 [ 672.848262][ T8] usb 1-1: config 0 descriptor?? [ 672.856939][T10795] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 672.956561][T10801] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1530'. [ 672.968900][T10801] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1530'. [ 673.673574][T10795] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 673.931132][ T8] asix 1-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 673.954896][ T8] asix: probe of 1-1:0.188 failed with error -32 [ 674.469052][T10812] trusted_key: encrypted_key: insufficient parameters specified [ 675.282634][ T9948] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 675.772995][T10818] netlink: 1688 bytes leftover after parsing attributes in process `syz.1.1535'. [ 676.043316][T10826] Bluetooth: hci0: invalid length 0, exp 2 for type 16 [ 676.201011][ T8] usb 1-1: USB disconnect, device number 29 [ 677.115998][T10834] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1540'. [ 677.125764][T10834] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1540'. [ 677.575973][T10837] trusted_key: encrypted_key: insufficient parameters specified [ 678.613673][T10845] netlink: 1688 bytes leftover after parsing attributes in process `syz.0.1545'. [ 681.748292][T10870] batman_adv: batadv0: Adding interface: dummy0 [ 681.755596][T10870] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 681.785539][T10870] batman_adv: batadv0: Interface activated: dummy0 [ 683.023432][T10873] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1552'. [ 683.032971][T10873] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1552'. [ 684.206979][ T9948] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 686.249768][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.256296][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 687.973972][T10905] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1562'. [ 687.983157][T10905] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1562'. [ 689.576220][T10923] trusted_key: encrypted_key: insufficient parameters specified [ 693.503860][ T9948] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 693.606866][ T5782] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 694.289366][T10954] trusted_key: encrypted_key: insufficient parameters specified [ 695.071033][T10958] tipc: Enabled bearer , priority 0 [ 695.099153][T10958] tipc: Resetting bearer [ 695.125852][T10957] tipc: Disabling bearer [ 698.396579][ T5759] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 698.587242][ T5759] usb 4-1: Using ep0 maxpacket: 16 [ 698.598909][ T8] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 698.613937][ T5759] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 698.647357][ T5759] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 698.677199][ T5759] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 698.690280][ T5759] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 698.706711][ T5759] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 698.729071][ T5759] usb 4-1: Product: syz [ 698.733668][ T5759] usb 4-1: Manufacturer: syz [ 698.739267][ T5759] usb 4-1: SerialNumber: syz [ 698.806633][ T8] usb 1-1: Using ep0 maxpacket: 16 [ 698.819762][ T8] usb 1-1: unable to get BOS descriptor or descriptor too short [ 698.844904][ T8] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64 [ 698.891779][ T8] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 698.909387][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 698.941949][ T8] usb 1-1: Product: syz [ 698.946337][ T8] usb 1-1: Manufacturer: syz [ 698.955892][ T8] usb 1-1: SerialNumber: syz [ 699.202979][ T5759] usb 4-1: 0:2 : does not exist [ 699.214700][T10987] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 699.280516][ T5759] usb 4-1: USB disconnect, device number 28 [ 699.382269][T10992] udevd[10992]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 699.656576][ T8] cdc_ncm 1-1:1.0: failed GET_NTB_PARAMETERS [ 699.676670][ T8] cdc_ncm 1-1:1.0: bind() failure [ 699.696820][ T8] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 699.716547][ T8] cdc_ncm 1-1:1.1: bind() failure [ 699.740836][ T8] usb 1-1: USB disconnect, device number 30 [ 700.966870][ T5772] Bluetooth: hci4: command 0x1003 tx timeout [ 700.975303][ T5782] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 701.139508][T11008] tipc: Enabled bearer , priority 0 [ 701.193831][T11008] tipc: Resetting bearer [ 701.201908][ T5782] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 701.252720][T11014] netlink: 'syz.3.1595': attribute type 6 has an invalid length. [ 701.270475][T11007] tipc: Disabling bearer [ 703.136579][ T5759] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 704.155247][ T5759] usb 4-1: Using ep0 maxpacket: 16 [ 704.227593][ T5759] usb 4-1: unable to get BOS descriptor or descriptor too short [ 704.270228][ T5759] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64 [ 704.311976][ T5759] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 704.335740][ T5759] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 704.360996][ T5759] usb 4-1: Product: syz [ 704.365417][ T5759] usb 4-1: Manufacturer: syz [ 704.370643][ T5759] usb 4-1: SerialNumber: syz [ 704.607117][T11034] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 704.928090][T11051] netlink: 'syz.2.1606': attribute type 6 has an invalid length. [ 705.138078][ T5759] cdc_ncm 4-1:1.0: failed GET_NTB_PARAMETERS [ 705.145135][ T5759] cdc_ncm 4-1:1.0: bind() failure [ 705.207835][ T5759] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 705.214919][ T5759] cdc_ncm 4-1:1.1: bind() failure [ 705.226130][ T5759] usb 4-1: USB disconnect, device number 29 [ 705.976005][T11064] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1610'. [ 706.193265][ T5782] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 706.966608][ T5772] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 706.973741][ T5782] Bluetooth: hci4: command 0x1003 tx timeout [ 707.641044][T11082] netlink: 'syz.3.1616': attribute type 6 has an invalid length. [ 707.841221][ T5811] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 708.358638][ T5811] usb 2-1: Using ep0 maxpacket: 32 [ 708.374512][ T5811] usb 2-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 708.386028][ T5811] usb 2-1: config 4 has 0 interfaces, different from the descriptor's value: 1 [ 708.402147][ T5811] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 708.416745][ T5811] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 708.425950][ T5811] usb 2-1: Product: syz [ 708.431768][ T5811] usb 2-1: Manufacturer: syz [ 708.996615][ T5759] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 709.186548][ T5759] usb 4-1: Using ep0 maxpacket: 16 [ 709.195563][ T5759] usb 4-1: unable to get BOS descriptor or descriptor too short [ 709.206014][ T5759] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64 [ 709.223569][ T5759] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 709.233167][ T5759] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 709.244333][ T5759] usb 4-1: Product: syz [ 709.248920][ T5759] usb 4-1: Manufacturer: syz [ 709.253644][ T5759] usb 4-1: SerialNumber: syz [ 709.473238][T11092] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 710.364570][ T5759] cdc_ncm 4-1:1.0: SET_CRC_MODE failed [ 710.389458][ T5759] cdc_ncm 4-1:1.0: bind() failure [ 710.402792][ T5759] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 710.425918][ T5759] cdc_ncm 4-1:1.1: bind() failure [ 710.442956][ T5759] usb 4-1: USB disconnect, device number 30 [ 710.510014][T10548] usb 2-1: USB disconnect, device number 20 [ 710.641456][T11109] netlink: 'syz.2.1625': attribute type 6 has an invalid length. [ 711.970213][ T9948] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 712.500440][T11130] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1631'. [ 712.534060][T11130] netlink: 'syz.0.1631': attribute type 6 has an invalid length. [ 713.274249][ T28] kauditd_printk_skb: 58 callbacks suppressed [ 713.274283][ T28] audit: type=1326 audit(1773862232.780:624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11129 comm="syz.0.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 713.362810][ T28] audit: type=1326 audit(1773862232.830:625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11129 comm="syz.0.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 713.387482][ T28] audit: type=1326 audit(1773862232.930:626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11129 comm="syz.0.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 713.411337][ T28] audit: type=1326 audit(1773862232.930:627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11129 comm="syz.0.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 713.475252][T11136] tipc: Enabling of bearer rejected, failed to enable media [ 713.484183][ T28] audit: type=1326 audit(1773862232.930:628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11129 comm="syz.0.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 713.511634][ T28] audit: type=1326 audit(1773862233.020:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11129 comm="syz.0.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 713.566603][ T28] audit: type=1326 audit(1773862233.020:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11129 comm="syz.0.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 713.591289][ T28] audit: type=1326 audit(1773862233.020:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11129 comm="syz.0.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 713.615548][ T28] audit: type=1326 audit(1773862233.020:632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11129 comm="syz.0.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 713.640261][ T28] audit: type=1326 audit(1773862233.030:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11129 comm="syz.0.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 715.096594][ T5811] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 715.316878][ T5811] usb 2-1: Using ep0 maxpacket: 16 [ 715.339856][ T5811] usb 2-1: unable to get BOS descriptor or descriptor too short [ 715.363761][ T5811] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64 [ 715.390030][ T5811] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 715.412440][ T5811] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 715.435499][ T5811] usb 2-1: Product: syz [ 715.444696][ T5811] usb 2-1: Manufacturer: syz [ 715.458575][ T5811] usb 2-1: SerialNumber: syz [ 715.839990][T11143] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 716.592993][ T5811] cdc_ncm 2-1:1.0: SET_CRC_MODE failed [ 716.624351][ T5811] cdc_ncm 2-1:1.0: bind() failure [ 716.966921][ T5811] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 717.078317][ T5811] cdc_ncm 2-1:1.1: bind() failure [ 717.249349][ T5811] usb 2-1: USB disconnect, device number 21 [ 717.577919][T11165] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1641'. [ 717.662184][T11165] netlink: 'syz.3.1641': attribute type 6 has an invalid length. [ 718.396036][T11173] sit0: entered promiscuous mode [ 718.425395][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 718.425409][ T28] audit: type=1326 audit(1773862237.980:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11162 comm="syz.3.1641" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38f219c799 code=0x7ffc0000 [ 718.467181][T11173] netlink: 'syz.0.1643': attribute type 1 has an invalid length. [ 718.505193][T11173] netlink: 9 bytes leftover after parsing attributes in process `syz.0.1643'. [ 718.524975][ T28] audit: type=1326 audit(1773862237.980:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11162 comm="syz.3.1641" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38f219c799 code=0x7ffc0000 [ 718.596653][ T28] audit: type=1326 audit(1773862237.990:638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11162 comm="syz.3.1641" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f38f219c799 code=0x7ffc0000 [ 718.620020][ C1] vkms_vblank_simulate: vblank timer overrun [ 718.664726][ T28] audit: type=1326 audit(1773862237.990:639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11162 comm="syz.3.1641" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38f219c799 code=0x7ffc0000 [ 718.688448][ C1] vkms_vblank_simulate: vblank timer overrun [ 718.736698][ T28] audit: type=1326 audit(1773862237.990:640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11162 comm="syz.3.1641" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38f219c799 code=0x7ffc0000 [ 718.802197][ T28] audit: type=1326 audit(1773862237.990:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11162 comm="syz.3.1641" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38f219c799 code=0x7ffc0000 [ 718.886944][ T28] audit: type=1326 audit(1773862238.020:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11162 comm="syz.3.1641" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38f219c799 code=0x7ffc0000 [ 718.953989][ T28] audit: type=1326 audit(1773862238.020:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11162 comm="syz.3.1641" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f38f219c799 code=0x7ffc0000 [ 719.026554][ T28] audit: type=1326 audit(1773862238.020:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11162 comm="syz.3.1641" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38f219c799 code=0x7ffc0000 [ 719.051337][ C1] vkms_vblank_simulate: vblank timer overrun [ 719.097061][ T28] audit: type=1326 audit(1773862238.020:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11162 comm="syz.3.1641" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38f219c799 code=0x7ffc0000 [ 719.120493][ C1] vkms_vblank_simulate: vblank timer overrun [ 719.516654][ T5811] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 719.686777][ T5772] Bluetooth: hci4: command 0x1003 tx timeout [ 719.694663][ T9948] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 719.708815][ T8] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 719.716699][ T5811] usb 1-1: Using ep0 maxpacket: 16 [ 719.840125][ T5811] usb 1-1: config 1 has an invalid interface number: 58 but max is 0 [ 719.862139][ T5811] usb 1-1: config 1 has no interface number 0 [ 719.876690][ T5811] usb 1-1: config 1 interface 58 has no altsetting 0 [ 719.899922][ T5811] usb 1-1: New USB device found, idVendor=0bfd, idProduct=0126, bcdDevice=bd.e4 [ 719.919878][ T5811] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 719.936502][ T5811] usb 1-1: Product: syz [ 719.946735][ T5811] usb 1-1: Manufacturer: syz [ 719.956743][ T5811] usb 1-1: SerialNumber: syz [ 720.033852][ T8] usb 4-1: Using ep0 maxpacket: 16 [ 720.064283][ T8] usb 4-1: unable to get BOS descriptor or descriptor too short [ 720.088720][ T8] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64 [ 720.123346][ T8] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 720.150938][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 720.183822][ T8] usb 4-1: Product: syz [ 720.193340][ T8] usb 4-1: Manufacturer: syz [ 720.205923][ T5811] kvaser_usb 1-1:1.58: Cannot get usb endpoint(s) [ 720.215326][ T8] usb 4-1: SerialNumber: syz [ 720.222193][ T5811] usb 1-1: USB disconnect, device number 31 [ 720.896629][ T5759] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 721.033894][T11188] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 721.090643][ T5759] usb 2-1: Using ep0 maxpacket: 8 [ 721.105846][ T5759] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 721.122858][T11202] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1652'. [ 721.132451][ T5759] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 721.151498][T11202] netlink: 'syz.2.1652': attribute type 6 has an invalid length. [ 721.159792][ T5759] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 721.184750][ T5759] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 721.240392][ T5759] usb 2-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 721.299049][ T5759] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 721.333057][ T5759] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 721.386227][ T5759] usbtmc 2-1:16.0: bulk endpoints not found [ 721.616215][ T8] cdc_ncm 4-1:1.0: SET_CRC_MODE failed [ 721.700796][ T8] cdc_ncm 4-1:1.0: bind() failure [ 721.848970][ T8] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 721.856045][ T8] cdc_ncm 4-1:1.1: bind() failure [ 721.907557][ T8] usb 4-1: USB disconnect, device number 31 [ 722.189407][T11215] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 722.228492][T11215] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 724.136334][ T5759] usb 2-1: USB disconnect, device number 22 [ 725.346692][T11244] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1663'. [ 725.428657][T11244] netlink: 'syz.3.1663': attribute type 6 has an invalid length. [ 726.059298][ T28] kauditd_printk_skb: 16 callbacks suppressed [ 726.059313][ T28] audit: type=1326 audit(1773862245.630:662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11243 comm="syz.3.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38f219c799 code=0x7ffc0000 [ 726.164063][ T28] audit: type=1326 audit(1773862245.630:663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11243 comm="syz.3.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38f219c799 code=0x7ffc0000 [ 727.387390][T11266] tipc: Enabled bearer , priority 0 [ 727.395350][T11266] syzkaller0: entered promiscuous mode [ 727.404842][T11266] syzkaller0: entered allmulticast mode [ 727.580995][ T5772] Bluetooth: hci2: command 0x0406 tx timeout [ 727.599894][T11266] tipc: Resetting bearer [ 727.693269][T11270] ALSA: mixer_oss: invalid OSS volume '' [ 728.204781][T11265] tipc: Resetting bearer [ 728.337918][T11265] tipc: Disabling bearer [ 728.589204][T11280] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1675'. [ 728.654182][T11280] netlink: 'syz.0.1675': attribute type 6 has an invalid length. [ 730.478528][ T28] audit: type=1326 audit(1773862250.010:664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11278 comm="syz.0.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 730.740525][ T28] audit: type=1326 audit(1773862250.020:665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11278 comm="syz.0.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 730.817082][ T28] audit: type=1326 audit(1773862250.070:666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11278 comm="syz.0.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 730.886560][ T28] audit: type=1326 audit(1773862250.180:667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11278 comm="syz.0.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 730.940915][ T28] audit: type=1326 audit(1773862250.200:668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11278 comm="syz.0.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 730.967014][ C1] vkms_vblank_simulate: vblank timer overrun [ 730.995471][ T28] audit: type=1326 audit(1773862250.350:669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11278 comm="syz.0.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 731.018554][ C1] vkms_vblank_simulate: vblank timer overrun [ 731.106592][ T28] audit: type=1326 audit(1773862250.350:670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11278 comm="syz.0.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 731.151409][ T28] audit: type=1326 audit(1773862250.420:671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11278 comm="syz.0.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 731.205854][ T28] audit: type=1326 audit(1773862250.420:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11278 comm="syz.0.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 731.276949][ T28] audit: type=1326 audit(1773862250.420:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11278 comm="syz.0.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 731.300041][ C1] vkms_vblank_simulate: vblank timer overrun [ 731.417940][ T28] audit: type=1326 audit(1773862250.420:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11278 comm="syz.0.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 731.660253][ T28] audit: type=1326 audit(1773862250.430:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11278 comm="syz.0.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 731.683174][ C1] vkms_vblank_simulate: vblank timer overrun [ 731.735232][ T28] audit: type=1326 audit(1773862250.430:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11278 comm="syz.0.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 731.782071][ T28] audit: type=1326 audit(1773862250.430:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11278 comm="syz.0.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 733.577351][T11328] tipc: Enabling of bearer rejected, failed to enable media [ 733.609126][T11330] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1688'. [ 733.680800][T11330] netlink: 'syz.1.1688': attribute type 6 has an invalid length. [ 734.402743][ T28] audit: type=1326 audit(1773862253.970:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11329 comm="syz.1.1688" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb43a79c799 code=0x7ffc0000 [ 734.506817][ T28] audit: type=1326 audit(1773862253.970:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11329 comm="syz.1.1688" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb43a79c799 code=0x7ffc0000 [ 734.896913][T11357] binder_alloc: 11356: binder_alloc_buf, no vma [ 735.123322][T11364] netlink: 124 bytes leftover after parsing attributes in process `syz.2.1696'. [ 735.236263][T11366] tipc: Enabling of bearer rejected, failed to enable media [ 736.866555][ T5813] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 736.872005][T11399] netlink: 1624 bytes leftover after parsing attributes in process `syz.3.1706'. [ 737.006630][T11403] netlink: 124 bytes leftover after parsing attributes in process `syz.3.1707'. [ 737.308807][ T5813] usb 2-1: Using ep0 maxpacket: 16 [ 737.317448][ T5813] usb 2-1: config 1 has an invalid interface number: 58 but max is 0 [ 737.326487][ T5813] usb 2-1: config 1 has no interface number 0 [ 737.333042][ T5813] usb 2-1: config 1 interface 58 has no altsetting 0 [ 737.345719][ T5813] usb 2-1: New USB device found, idVendor=0bfd, idProduct=0126, bcdDevice=bd.e4 [ 738.046629][ T5813] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 738.054720][ T5813] usb 2-1: Product: syz [ 738.060250][ T5813] usb 2-1: Manufacturer: syz [ 738.064913][ T5813] usb 2-1: SerialNumber: syz [ 738.127545][T11416] binder_alloc: 11414: binder_alloc_buf, no vma [ 738.238289][T11419] tipc: Enabling of bearer rejected, failed to enable media [ 738.308614][ T5813] kvaser_usb 2-1:1.58: Cannot get usb endpoint(s) [ 738.330972][ T5813] usb 2-1: USB disconnect, device number 23 [ 738.887714][T11444] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1717'. [ 739.975623][ T5813] usb 4-1: new full-speed USB device number 32 using dummy_hcd [ 740.143498][T11457] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1722'. [ 740.168907][ T5813] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 740.187152][ T5813] usb 4-1: config 1 has no interface number 0 [ 740.196908][T11457] netlink: 'syz.1.1722': attribute type 6 has an invalid length. [ 740.211934][ T5813] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 740.330702][ T5813] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 740.570562][ T5813] usb 4-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 740.778692][ T5813] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 740.809787][ T28] kauditd_printk_skb: 10 callbacks suppressed [ 740.809804][ T28] audit: type=1326 audit(1773862260.380:690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11456 comm="syz.1.1722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb43a79c799 code=0x7ffc0000 [ 740.858526][ T5813] usb 4-1: config 1 interface 1 altsetting 1 has an invalid endpoint with address 0xFF, skipping [ 740.868586][ T28] audit: type=1326 audit(1773862260.380:691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11456 comm="syz.1.1722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb43a79c799 code=0x7ffc0000 [ 740.910972][ T5813] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 740.930759][ T5813] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 740.953971][ T5813] usb 4-1: Product: syz [ 740.974795][ T5813] usb 4-1: Manufacturer: syz [ 740.983789][ T5813] usb 4-1: SerialNumber: syz [ 741.004158][T11442] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 741.166621][ T28] audit: type=1326 audit(1773862260.380:692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11456 comm="syz.1.1722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fb43a79c799 code=0x7ffc0000 [ 741.210163][ T28] audit: type=1326 audit(1773862260.380:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11456 comm="syz.1.1722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb43a79c799 code=0x7ffc0000 [ 741.232749][ C1] vkms_vblank_simulate: vblank timer overrun [ 741.265288][T11442] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 741.272998][T11442] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 741.287184][T11463] tipc: Enabling of bearer rejected, failed to enable media [ 741.326524][ T28] audit: type=1326 audit(1773862260.380:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11456 comm="syz.1.1722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb43a79c799 code=0x7ffc0000 [ 741.387231][ T28] audit: type=1326 audit(1773862260.380:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11456 comm="syz.1.1722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb43a79c799 code=0x7ffc0000 [ 741.443048][ T28] audit: type=1326 audit(1773862260.380:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11456 comm="syz.1.1722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb43a79c799 code=0x7ffc0000 [ 741.491039][T11442] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 741.566516][ T28] audit: type=1326 audit(1773862260.380:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11456 comm="syz.1.1722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb43a79c799 code=0x7ffc0000 [ 741.656646][ T28] audit: type=1326 audit(1773862260.380:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11456 comm="syz.1.1722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb43a79c799 code=0x7ffc0000 [ 741.737459][ T28] audit: type=1326 audit(1773862260.380:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11456 comm="syz.1.1722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb43a79c799 code=0x7ffc0000 [ 741.930774][T11442] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 741.947823][T11442] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 741.968256][ T5813] cdc_ncm 4-1:1.1: bind() failure [ 742.079224][T11483] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1728'. [ 742.352153][ T5813] usb 4-1: USB disconnect, device number 32 [ 743.289801][T11499] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1732'. [ 743.319044][T11499] netlink: 'syz.0.1732': attribute type 6 has an invalid length. [ 744.149489][T11508] tipc: Enabling of bearer rejected, failed to enable media [ 744.376663][T10548] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 744.471814][T11523] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1738'. [ 744.584613][T10548] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 744.606854][T10548] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 744.625582][T10548] usb 4-1: Product: syz [ 744.646025][T10548] usb 4-1: Manufacturer: syz [ 744.651583][T10548] usb 4-1: SerialNumber: syz [ 744.677911][T10548] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 744.800442][ T9659] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 745.401547][ T5813] usb 4-1: USB disconnect, device number 33 [ 745.847510][ T9659] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 745.875784][ T9659] ath9k_htc: Failed to initialize the device [ 745.885959][ T5813] usb 4-1: ath9k_htc: USB layer deinitialized [ 745.960370][T11545] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1745'. [ 745.987653][T11545] netlink: 'syz.0.1745': attribute type 6 has an invalid length. [ 746.659501][ T28] kauditd_printk_skb: 16 callbacks suppressed [ 746.659518][ T28] audit: type=1326 audit(1773862266.230:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11544 comm="syz.0.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 746.786090][ T28] audit: type=1326 audit(1773862266.230:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11544 comm="syz.0.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 746.836174][ T28] audit: type=1326 audit(1773862266.270:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11544 comm="syz.0.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 746.906243][ T28] audit: type=1326 audit(1773862266.270:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11544 comm="syz.0.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 747.053293][T11555] tipc: Enabling of bearer rejected, failed to enable media [ 747.065575][ T28] audit: type=1326 audit(1773862266.270:720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11544 comm="syz.0.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 747.140748][ T28] audit: type=1326 audit(1773862266.270:721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11544 comm="syz.0.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 747.163620][ C1] vkms_vblank_simulate: vblank timer overrun [ 747.173490][T11562] trusted_key: encrypted_key: insufficient parameters specified [ 747.219857][ T28] audit: type=1326 audit(1773862266.270:722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11544 comm="syz.0.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 747.394304][ T28] audit: type=1326 audit(1773862266.270:723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11544 comm="syz.0.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 747.416939][ C1] vkms_vblank_simulate: vblank timer overrun [ 747.692791][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.833598][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.952405][ T28] audit: type=1326 audit(1773862266.270:724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11544 comm="syz.0.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 748.076270][ T28] audit: type=1326 audit(1773862266.270:725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11544 comm="syz.0.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 748.746542][ T9659] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 748.936496][ T9659] usb 1-1: Using ep0 maxpacket: 8 [ 748.944618][ T9659] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 748.953913][ T9659] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 748.975489][ T9659] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 748.996521][ T9659] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 749.006964][ T9659] usb 1-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 749.020382][ T9659] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 749.029992][ T9659] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 749.045070][ T9659] usbtmc 1-1:16.0: bulk endpoints not found [ 749.150540][T11594] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1758'. [ 749.163671][T11594] netlink: 'syz.2.1758': attribute type 6 has an invalid length. [ 749.766210][T11597] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 749.789229][T11597] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 749.964249][T11603] netlink: 'syz.2.1761': attribute type 6 has an invalid length. [ 750.216872][ T8] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 750.453141][ T8] usb 2-1: unable to get BOS descriptor or descriptor too short [ 750.491020][ T8] usb 2-1: config index 0 descriptor too short (expected 9252, got 36) [ 750.519512][ T8] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 750.535878][ T8] usb 2-1: config 1 has no interfaces? [ 750.549900][ T8] usb 2-1: New USB device found, idVendor=0738, idProduct=1709, bcdDevice= 0.40 [ 750.561057][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 750.573782][ T8] usb 2-1: Product: syz [ 750.580983][ T8] usb 2-1: Manufacturer: syz [ 750.586005][ T8] usb 2-1: SerialNumber: syz [ 750.646705][ T9948] Bluetooth: hci4: command 0x1003 tx timeout [ 750.653925][ T5772] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 751.206839][ T8] usb 2-1: USB disconnect, device number 24 [ 751.603400][ T9659] usb 1-1: USB disconnect, device number 32 [ 751.969329][T11625] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1768'. [ 751.979146][T11625] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1768'. [ 752.079945][ T28] kauditd_printk_skb: 4 callbacks suppressed [ 752.079961][ T28] audit: type=1326 audit(1773862271.650:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11619 comm="syz.1.1767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb43a79c799 code=0x7ffc0000 [ 752.086990][T11627] trusted_key: encrypted_key: insufficient parameters specified [ 752.137096][ T28] audit: type=1326 audit(1773862271.690:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11619 comm="syz.1.1767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fb43a79c799 code=0x7ffc0000 [ 752.161149][ T28] audit: type=1326 audit(1773862271.690:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11619 comm="syz.1.1767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb43a79c799 code=0x7ffc0000 [ 752.189622][ T28] audit: type=1326 audit(1773862271.690:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11619 comm="syz.1.1767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb43a79c799 code=0x7ffc0000 [ 752.253304][ T28] audit: type=1326 audit(1773862271.690:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11619 comm="syz.1.1767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb43a75cfce code=0x7ffc0000 [ 752.289670][T11630] netlink: 'syz.2.1770': attribute type 6 has an invalid length. [ 752.474415][ T28] audit: type=1326 audit(1773862271.690:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11619 comm="syz.1.1767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb43a75cfce code=0x7ffc0000 [ 752.721772][ T28] audit: type=1326 audit(1773862271.700:736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11619 comm="syz.1.1767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb43a75cfce code=0x7ffc0000 [ 752.933912][ T28] audit: type=1326 audit(1773862271.700:737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11619 comm="syz.1.1767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb43a75cfce code=0x7ffc0000 [ 753.248104][ T28] audit: type=1326 audit(1773862271.700:738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11619 comm="syz.1.1767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb43a75cfce code=0x7ffc0000 [ 753.329835][ T28] audit: type=1326 audit(1773862271.710:739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11619 comm="syz.1.1767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb43a75cfce code=0x7ffc0000 [ 753.508927][T11641] io-wq is not configured for unbound workers [ 755.007430][T11654] netlink: 'syz.2.1780': attribute type 6 has an invalid length. [ 757.150358][T11673] tmpfs: Unknown parameter 'ÿÿ' [ 757.168566][T11673] sch_tbf: burst 545 is lower than device lo mtu (1550) ! [ 758.370368][T11686] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1789'. [ 760.038015][T11703] trusted_key: encrypted_key: insufficient parameters specified [ 760.220857][ T9659] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 760.416807][ T9659] usb 4-1: Using ep0 maxpacket: 32 [ 760.447372][ T9659] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 760.490346][ T9659] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 760.529325][ T9659] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 760.598924][ T9659] usb 4-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 760.608759][ T9659] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 760.631206][ T9659] usb 4-1: config 0 descriptor?? [ 761.091087][ T9659] input: HID 0458:5011 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0458:5011.0005/input/input8 [ 761.195606][ T9659] input: HID 0458:5011 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0458:5011.0005/input/input9 [ 761.319128][ T9659] kye 0003:0458:5011.0005: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0458:5011] on usb-dummy_hcd.3-1/input0 [ 762.179848][ T9948] Bluetooth: hci4: command 0x1003 tx timeout [ 762.188479][ T5772] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 762.306570][ T9659] usb 4-1: reset high-speed USB device number 34 using dummy_hcd [ 763.374351][ T5759] usb 4-1: USB disconnect, device number 34 [ 764.679033][T11750] trusted_key: encrypted_key: insufficient parameters specified [ 766.246713][ T5772] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 766.254947][ T9948] Bluetooth: hci4: command 0x1003 tx timeout [ 767.111597][T11771] workqueue: Failed to create a rescuer kthread for wq "bond14": -EINTR [ 767.226617][T11773] workqueue: Failed to create a rescuer kthread for wq "bond14": -EINTR [ 767.284687][ T5759] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 767.507455][ T5759] usb 2-1: Using ep0 maxpacket: 32 [ 767.515308][ T5759] usb 2-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 767.526810][ T5759] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 767.551312][ T5759] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 767.947342][ T8] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 768.438919][ T8] usb 4-1: Using ep0 maxpacket: 32 [ 768.691067][ T8] usb 4-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 768.691270][ T5759] gspca_nw80x: reg_r err -110 [ 768.716955][ T5759] nw80x: probe of 2-1:3.0 failed with error -110 [ 768.746727][ T8] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 769.159107][ T8] usb 4-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 769.169271][ T8] usb 4-1: Product: syz [ 769.173924][ T8] usb 4-1: Manufacturer: syz [ 769.185856][ T8] hub 4-1:4.0: bad descriptor, ignoring hub [ 769.206534][ T8] hub: probe of 4-1:4.0 failed with error -5 [ 769.214822][ T8] usbhid 4-1:4.0: couldn't find an input interrupt endpoint [ 769.536729][T11810] trusted_key: encrypted_key: insufficient parameters specified [ 769.792519][ T5759] usb 2-1: USB disconnect, device number 25 [ 770.347767][ T9948] Bluetooth: hci4: command 0x1003 tx timeout [ 770.355147][ T5772] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 771.187439][ T8] usb 4-1: USB disconnect, device number 35 [ 771.438783][T11831] netlink: 'syz.3.1832': attribute type 6 has an invalid length. [ 772.726918][ T5772] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 772.827675][T11841] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1833'. [ 772.997306][ T28] kauditd_printk_skb: 53 callbacks suppressed [ 772.997326][ T28] audit: type=1326 audit(1773862292.510:793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11830 comm="syz.3.1832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38f219c799 code=0x7ffc0000 [ 773.061325][ T28] audit: type=1326 audit(1773862292.520:794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11830 comm="syz.3.1832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38f219c799 code=0x7ffc0000 [ 773.100764][T11841] nbd: socks must be embedded in a SOCK_ITEM attr [ 773.118222][ T28] audit: type=1326 audit(1773862292.550:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11830 comm="syz.3.1832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f38f219c799 code=0x7ffc0000 [ 773.221846][ T28] audit: type=1326 audit(1773862292.550:796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11830 comm="syz.3.1832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38f219c799 code=0x7ffc0000 [ 773.304859][ T28] audit: type=1326 audit(1773862292.550:797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11830 comm="syz.3.1832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38f219c799 code=0x7ffc0000 [ 773.405594][ T28] audit: type=1326 audit(1773862292.560:798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11830 comm="syz.3.1832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38f219c799 code=0x7ffc0000 [ 773.470898][ T28] audit: type=1326 audit(1773862292.560:799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11830 comm="syz.3.1832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38f219c799 code=0x7ffc0000 [ 773.561287][ T28] audit: type=1326 audit(1773862292.560:800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11830 comm="syz.3.1832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38f219c799 code=0x7ffc0000 [ 773.603200][ T28] audit: type=1326 audit(1773862292.660:801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11830 comm="syz.3.1832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38f219c799 code=0x7ffc0000 [ 773.611550][T10992] udevd[10992]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 773.718435][ T28] audit: type=1326 audit(1773862292.660:802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11830 comm="syz.3.1832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f38f219c799 code=0x7ffc0000 [ 773.968608][T11855] trusted_key: encrypted_key: insufficient parameters specified [ 775.380781][T11873] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1844'. [ 775.413644][T11873] netlink: 'syz.2.1844': attribute type 6 has an invalid length. [ 775.446812][ T5813] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 775.802910][ T5813] usb 2-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 775.919992][ T5813] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 776.087308][T11879] trusted_key: encrypted_key: insufficient parameters specified [ 776.166601][ T9948] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 776.173450][ T5772] Bluetooth: hci4: command 0x1003 tx timeout [ 776.304606][ T5813] usb 2-1: Product: syz [ 776.314849][ T5813] usb 2-1: Manufacturer: syz [ 776.319791][ T5813] usb 2-1: SerialNumber: syz [ 776.358796][ T5813] usb 2-1: config 0 descriptor?? [ 776.467509][ T5782] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 776.539457][T11885] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1848'. [ 777.208289][T11885] nbd: socks must be embedded in a SOCK_ITEM attr [ 777.582538][T10902] udevd[10902]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 777.625933][T11898] netlink: 1688 bytes leftover after parsing attributes in process `syz.0.1852'. [ 778.900727][ T5813] usb 2-1: f81604_read: reg: 200f failed: -EPROTO [ 778.913368][ T5813] usb 2-1: USB disconnect, device number 26 [ 778.933665][ T5813] usb 2-1: f81604_read: reg: 100f failed: -ENODEV [ 779.187558][ T5433] usb 2-1: f81604_read: reg: 200f failed: -ENODEV [ 779.200190][ T5813] usb 2-1: f81604_read: reg: 200f failed: -ENODEV [ 779.291175][T11913] JFS: discard option not supported on device [ 779.308168][T11913] Mount JFS Failure: -22 [ 779.312783][T11913] jfs_mount failed w/return code = -22 [ 780.166810][ T5759] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 780.506618][ T5759] usb 3-1: Using ep0 maxpacket: 8 [ 780.641045][ T5759] usb 3-1: config index 0 descriptor too short (expected 74, got 45) [ 780.653218][ T5759] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 780.674523][ T5759] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 780.685851][ T5759] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024 [ 780.708689][ T5759] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 780.726845][ T5759] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 780.746211][ T5759] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 780.761343][ T5759] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 780.966657][ T5772] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 780.984651][ T5759] usb 3-1: GET_CAPABILITIES returned 0 [ 781.106567][ T5759] usbtmc 3-1:16.0: can't read capabilities [ 781.267980][T11928] netlink: 'syz.1.1862': attribute type 72 has an invalid length. [ 782.376895][ T5759] usb 3-1: USB disconnect, device number 21 [ 782.613671][ T5772] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 782.661054][ T9948] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 783.725090][T11955] netlink: 'syz.1.1871': attribute type 72 has an invalid length. [ 784.086574][ T5759] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 784.266774][ T5759] usb 2-1: Using ep0 maxpacket: 32 [ 784.277435][ T5759] usb 2-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 784.288312][ T5759] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 784.305331][ T5759] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 785.113020][ T5759] gspca_nw80x: reg_r err -71 [ 785.123374][ T5759] nw80x: probe of 2-1:3.0 failed with error -71 [ 785.133120][ T5759] usb 2-1: USB disconnect, device number 27 [ 785.526657][ T5772] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 785.533505][ T9948] Bluetooth: hci4: command 0x1003 tx timeout [ 787.056306][T11978] netlink: 'syz.1.1880': attribute type 72 has an invalid length. [ 787.238932][ T5782] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 787.276959][ T5782] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 787.305524][T11987] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1882'. [ 787.393915][T11987] nbd: socks must be embedded in a SOCK_ITEM attr [ 787.555168][T10992] udevd[10992]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 787.667133][ T5813] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 787.856633][ T5813] usb 2-1: Using ep0 maxpacket: 32 [ 787.864875][ T5813] usb 2-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 787.875736][ T5813] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 787.894662][ T5813] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 788.703170][ T5813] gspca_nw80x: reg_r err -71 [ 788.708364][ T5813] nw80x: probe of 2-1:3.0 failed with error -71 [ 788.725076][ T5813] usb 2-1: USB disconnect, device number 28 [ 789.127553][T11958] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 789.127654][ T5772] Bluetooth: hci4: command 0x1003 tx timeout [ 792.221385][ T5772] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 792.286886][T12037] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1902'. [ 792.380567][T12037] nbd: socks must be embedded in a SOCK_ITEM attr [ 792.426923][T10992] block nbd64: NBD_DISCONNECT [ 792.530070][ T5772] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 792.594048][T12046] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1905'. [ 792.686991][T12046] nbd: socks must be embedded in a SOCK_ITEM attr [ 792.766292][T10992] udevd[10992]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 792.833113][T10992] udevd[10992]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 793.310223][T10992] udevd[10992]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 794.006804][T11958] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 794.628861][ T8] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 795.070510][ T8] usb 3-1: config 0 has an invalid interface number: 237 but max is 0 [ 795.079340][ T8] usb 3-1: config 0 has no interface number 0 [ 795.085936][ T8] usb 3-1: config 0 interface 237 altsetting 0 endpoint 0x3 has invalid maxpacket 65535, setting to 64 [ 795.098727][ T8] usb 3-1: config 0 interface 237 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 795.111288][ T8] usb 3-1: config 0 interface 237 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 795.127282][ T8] usb 3-1: New USB device found, idVendor=045e, idProduct=84bd, bcdDevice=89.be [ 795.137883][ T8] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=3 [ 795.147038][ T8] usb 3-1: Product: syz [ 795.151726][ T8] usb 3-1: Manufacturer: syz [ 795.157047][ T8] usb 3-1: SerialNumber: syz [ 795.165633][ T8] usb 3-1: config 0 descriptor?? [ 796.184920][ T8] usb 3-1: USB disconnect, device number 22 [ 796.263232][T12080] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1918'. [ 796.273590][T12080] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1918'. [ 796.715957][T11958] Bluetooth: hci4: sending frame failed (-49) [ 796.725017][ T5772] Bluetooth: hci4: Opcode 0x1003 failed: -49 [ 797.427347][ T5772] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 798.260784][T12100] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1925'. [ 798.401124][T12100] nbd: socks must be embedded in a SOCK_ITEM attr [ 798.434418][T10992] block nbd64: NBD_DISCONNECT [ 798.576746][ T5759] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 798.634930][T10992] udevd[10992]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 798.680921][ T5772] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 798.740634][T12115] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1930'. [ 798.767487][ T5759] usb 1-1: Using ep0 maxpacket: 8 [ 798.789942][ T5759] usb 1-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 798.804310][ T5759] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 798.815550][T12115] nbd: socks must be embedded in a SOCK_ITEM attr [ 798.832363][ T5759] usb 1-1: Product: syz [ 798.859934][ T5759] usb 1-1: Manufacturer: syz [ 798.876510][ T5759] usb 1-1: SerialNumber: syz [ 798.901364][ T5759] usb 1-1: config 0 descriptor?? [ 798.916196][ T5759] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 799.359542][T10992] udevd[10992]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 800.510037][ T5759] gspca_sonixj: reg_w1 err -71 [ 800.617555][T12130] syzkaller0: entered promiscuous mode [ 800.626830][T12130] syzkaller0: entered allmulticast mode [ 800.666630][ T5759] sonixj: probe of 1-1:0.0 failed with error -71 [ 800.689121][ T5759] usb 1-1: USB disconnect, device number 33 [ 803.176615][ T8] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 803.270175][T12156] syzkaller0: entered promiscuous mode [ 803.275869][T12156] syzkaller0: entered allmulticast mode [ 803.347162][ T9659] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 803.366789][ T8] usb 2-1: Using ep0 maxpacket: 32 [ 803.374686][ T8] usb 2-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 803.394306][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 803.410432][ T8] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 803.533356][ T9659] usb 4-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 803.543864][ T9659] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 803.552777][ T9659] usb 4-1: Product: syz [ 803.559440][ T9659] usb 4-1: Manufacturer: syz [ 803.564605][ T9659] usb 4-1: SerialNumber: syz [ 803.582103][ T9659] usb 4-1: config 0 descriptor?? [ 804.220046][ T8] gspca_nw80x: reg_r err -71 [ 804.224895][ T8] nw80x: probe of 2-1:3.0 failed with error -71 [ 804.255165][T11958] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 804.271481][ T8] usb 2-1: USB disconnect, device number 29 [ 804.838555][T12168] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1950'. [ 804.934599][T12168] nbd: socks must be embedded in a SOCK_ITEM attr [ 805.059595][ T9659] usb 4-1: f81604_read: reg: 100e failed: -EPROTO [ 805.092841][ T9659] usb 4-1: f81604_read: reg: 200f failed: -EPROTO [ 805.111733][ T9659] usb 4-1: USB disconnect, device number 36 [ 805.130183][ T9659] usb 4-1: f81604_read: reg: 100f failed: -ENODEV [ 805.191492][ T5433] usb 4-1: f81604_read: reg: 200f failed: -ENODEV [ 805.211705][ T9659] usb 4-1: f81604_read: reg: 200f failed: -ENODEV [ 805.224039][T10902] udevd[10902]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 805.685456][T12182] syzkaller0: entered promiscuous mode [ 805.692353][T12182] syzkaller0: entered allmulticast mode [ 807.196713][ T9659] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 807.276267][ T5772] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 807.386580][ T9659] usb 4-1: Using ep0 maxpacket: 32 [ 807.394631][ T9659] usb 4-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 807.404962][ T9659] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 807.423540][ T9659] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 807.827772][ T9659] gspca_nw80x: reg_r err -32 [ 807.835279][ T9659] nw80x: probe of 4-1:3.0 failed with error -32 [ 808.077737][ T5759] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 808.271051][ T5759] usb 2-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 808.280489][ T5759] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 808.289095][ T5759] usb 2-1: Product: syz [ 808.293449][ T5759] usb 2-1: Manufacturer: syz [ 808.298303][ T5759] usb 2-1: SerialNumber: syz [ 808.306829][ T5759] usb 2-1: config 0 descriptor?? [ 809.147295][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.154637][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.592616][ T5759] usb 2-1: f81604_read: reg: 100e failed: -EPROTO [ 809.626306][ T5759] usb 2-1: f81604_read: reg: 200f failed: -EPROTO [ 809.641043][ T5759] usb 2-1: USB disconnect, device number 30 [ 809.655224][ T5759] usb 2-1: f81604_read: reg: 100f failed: -ENODEV [ 809.689714][ T5433] usb 2-1: f81604_read: reg: 200f failed: -ENODEV [ 809.721969][ T5759] usb 2-1: f81604_read: reg: 200f failed: -ENODEV [ 809.941597][ T8] usb 4-1: USB disconnect, device number 37 [ 810.038256][T12210] syzkaller0: entered promiscuous mode [ 810.045398][T12210] syzkaller0: entered allmulticast mode [ 810.785081][T11958] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 810.842040][T12225] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1971'. [ 810.883757][T12225] nbd: socks must be embedded in a SOCK_ITEM attr [ 811.119645][T10992] udevd[10992]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 811.424084][T12236] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1975'. [ 811.896529][ T5759] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 812.166508][ T5759] usb 1-1: Using ep0 maxpacket: 32 [ 812.176858][ T5759] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 812.186557][ T5759] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 812.955476][ T5759] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 813.030723][T12247] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1981'. [ 813.666683][ T5759] gspca_nw80x: reg_r err -32 [ 813.675285][ T5759] nw80x: probe of 1-1:3.0 failed with error -32 [ 813.848396][ T5772] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 813.925503][T12252] syzkaller0: entered promiscuous mode [ 813.947008][T12252] syzkaller0: entered allmulticast mode [ 814.216035][T12259] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1985'. [ 814.261052][T12259] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1985'. [ 814.979818][ T8] usb 1-1: USB disconnect, device number 34 [ 815.348971][T12270] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1990'. [ 816.841238][T11958] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 816.884734][T12281] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1991'. [ 817.040765][T12281] nbd: socks must be embedded in a SOCK_ITEM attr [ 817.129322][T12288] syzkaller0: entered promiscuous mode [ 817.140615][T12288] syzkaller0: entered allmulticast mode [ 817.202990][T10992] udevd[10992]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 817.266563][ T5759] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 817.296640][ T9659] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 817.449459][ T5759] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 817.467389][ T5759] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 817.479279][ T5759] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 817.493173][ T9659] usb 2-1: Using ep0 maxpacket: 32 [ 817.498911][ T5759] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 817.509642][ T5759] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 817.520272][ T9659] usb 2-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 817.530510][ T9659] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 817.688778][ T5759] usb 4-1: config 0 descriptor?? [ 817.700738][ T9659] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 819.796918][ T9659] gspca_nw80x: reg_w err -110 [ 819.803065][ T9659] nw80x: probe of 2-1:3.0 failed with error -110 [ 819.946346][T12304] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2000'. [ 820.756611][T11958] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 821.037724][ T8] usb 2-1: USB disconnect, device number 31 [ 821.060853][ T5759] usbhid 4-1:0.0: can't add hid device: -71 [ 821.088915][ T5759] usbhid: probe of 4-1:0.0 failed with error -71 [ 821.130073][ T5759] usb 4-1: USB disconnect, device number 38 [ 821.225072][T12318] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2005'. [ 821.577537][T12326] syzkaller0: entered promiscuous mode [ 821.602311][T12326] syzkaller0: entered allmulticast mode [ 821.800300][T12322] vivid-002: disconnect [ 822.564745][T12322] vivid-002: reconnect [ 822.684036][T11958] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 824.746642][ T9659] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 824.947073][ T9659] usb 3-1: Using ep0 maxpacket: 32 [ 824.964189][ T9659] usb 3-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 824.980269][ T9659] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 825.000371][ T9659] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 825.404292][ T9659] gspca_nw80x: reg_r err -32 [ 825.410106][ T9659] nw80x: probe of 3-1:3.0 failed with error -32 [ 825.446929][ T5813] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 825.780979][T12361] ALSA: mixer_oss: invalid OSS volume '' [ 826.154164][T12362] syzkaller0: entered promiscuous mode [ 826.190053][T12362] syzkaller0: entered allmulticast mode [ 826.540825][ T5813] usb 2-1: Using ep0 maxpacket: 16 [ 826.550169][ T5813] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 826.562948][ T5813] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 826.573466][ T5813] usb 2-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 826.587210][ T5813] usb 2-1: config 0 interface 0 has no altsetting 0 [ 826.593991][ T5813] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 826.603785][ T5813] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 826.619004][ T5813] usb 2-1: config 0 descriptor?? [ 828.147159][ T5759] usb 2-1: USB disconnect, device number 32 [ 828.277611][ T5772] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 828.317604][ T9659] usb 3-1: USB disconnect, device number 23 [ 830.013631][ T5772] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 830.094711][T12395] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2026'. [ 830.219371][T12395] nbd: socks must be embedded in a SOCK_ITEM attr [ 830.561887][T12400] ALSA: mixer_oss: invalid OSS volume '' [ 832.054039][T12346] udevd[12346]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 832.726917][ T9659] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 833.022803][ T9659] usb 1-1: Using ep0 maxpacket: 32 [ 833.038945][ T9659] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 833.780641][ T9659] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 833.833787][ T9659] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 834.849533][ T9659] gspca_nw80x: reg_r err -110 [ 834.944720][T12430] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2035'. [ 835.051593][ T9659] nw80x: probe of 1-1:3.0 failed with error -110 [ 835.335645][T11958] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 835.403272][T12442] netlink: 'syz.3.2038': attribute type 6 has an invalid length. [ 836.278875][ T5813] usb 1-1: USB disconnect, device number 35 [ 838.130181][T12468] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2045'. [ 842.296685][ T9659] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 842.389245][ T5772] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 842.438573][T12505] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2057'. [ 843.386744][T12509] udevd[12509]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 843.613122][T12483] udevd[12483]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 844.316520][ T9659] usb 1-1: Using ep0 maxpacket: 16 [ 844.337733][ T9659] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 844.349200][ T9659] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 845.286575][ T9659] usb 1-1: config 0 interface 0 has no altsetting 0 [ 845.293577][ T9659] usb 1-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 845.303580][ T9659] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 845.315618][ T9659] usb 1-1: config 0 descriptor?? [ 845.382273][ T9659] usb 1-1: can't set config #0, error -71 [ 845.410205][ T9659] usb 1-1: USB disconnect, device number 36 [ 848.450882][T11958] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 848.557277][T12546] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2072'. [ 851.738947][T12483] udevd[12483]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 852.147876][ T9659] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 852.346621][ T9659] usb 3-1: Using ep0 maxpacket: 8 [ 852.356577][ T5813] usb 1-1: new low-speed USB device number 37 using dummy_hcd [ 852.361725][ T9659] usb 3-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 852.379358][ T9659] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 852.389204][ T9659] usb 3-1: Product: syz [ 852.393777][ T9659] usb 3-1: Manufacturer: syz [ 852.402894][ T9659] usb 3-1: SerialNumber: syz [ 852.420387][ T9659] usb 3-1: config 0 descriptor?? [ 852.434220][ T9659] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 852.574992][ T5813] usb 1-1: unable to get BOS descriptor or descriptor too short [ 852.589346][ T5813] usb 1-1: config 1 has too many interfaces: 67, using maximum allowed: 32 [ 852.601528][ T5813] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 852.614786][ T5813] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 67 [ 852.629497][ T5813] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid maxpacket 1023, setting to 0 [ 852.642294][ T5813] usb 1-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping [ 852.920543][ T5813] usb 1-1: string descriptor 0 read error: -22 [ 852.928243][ T5813] usb 1-1: New USB device found, idVendor=09e8, idProduct=0062, bcdDevice= 0.40 [ 852.938682][ T5813] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 852.955773][ T5813] usb 1-1: Quirk or no altest; falling back to MIDI 1.0 [ 852.986930][ T5813] snd-usb-audio: probe of 1-1:1.0 failed with error -2 [ 853.218302][ T5813] usb 1-1: USB disconnect, device number 37 [ 853.648928][ T9659] gspca_sonixj: reg_r err -110 [ 853.653960][ T9659] sonixj: probe of 3-1:0.0 failed with error -110 [ 854.011406][ T9659] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 854.109094][T11958] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 854.182268][T12591] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2085'. [ 856.351801][T10548] usb 3-1: USB disconnect, device number 24 [ 856.386772][ T9659] usb 2-1: Using ep0 maxpacket: 16 [ 856.401335][ T9659] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0102, bcdDevice= 0.40 [ 856.448302][ T9659] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 856.477515][ T9659] usb 2-1: Product: syz [ 856.492242][ T9659] usb 2-1: Manufacturer: syz [ 856.500121][ T9659] usb 2-1: SerialNumber: syz [ 856.695700][T12509] udevd[12509]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 857.009776][ T9659] snd-usb-audio: probe of 2-1:1.0 failed with error -71 [ 857.075531][T12602] trusted_key: encrypted_key: insufficient parameters specified [ 857.737924][ T9659] usb 2-1: USB disconnect, device number 33 [ 860.546708][T10548] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 860.736524][T10548] usb 2-1: Using ep0 maxpacket: 8 [ 860.760245][T10548] usb 2-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 860.784719][T10548] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 860.793579][T10548] usb 2-1: Product: syz [ 860.798240][T10548] usb 2-1: Manufacturer: syz [ 860.806776][T10548] usb 2-1: SerialNumber: syz [ 860.937327][T10548] usb 2-1: config 0 descriptor?? [ 860.957939][T10548] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 861.044218][T12633] vlan2: entered promiscuous mode [ 861.081432][T12633] syz_tun: entered promiscuous mode [ 861.200324][T12633] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2098'. [ 861.714879][T12631] vivid-006: disconnect [ 861.759809][T10548] gspca_sonixj: reg_r err -32 [ 861.765115][T10548] sonixj: probe of 2-1:0.0 failed with error -32 [ 861.787383][T10548] usb 2-1: USB disconnect, device number 34 [ 861.844626][T12628] vivid-006: reconnect [ 862.312130][T12642] netlink: 'syz.3.2101': attribute type 6 has an invalid length. [ 862.356508][T10548] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 862.589383][T10548] usb 3-1: unable to get BOS descriptor or descriptor too short [ 862.670625][T10548] usb 3-1: config 63 has an invalid interface number: 66 but max is 0 [ 862.679761][T10548] usb 3-1: config 63 has an invalid descriptor of length 134, skipping remainder of the config [ 862.691337][T10548] usb 3-1: config 63 has no interface number 0 [ 862.698698][T10548] usb 3-1: config 63 interface 66 has no altsetting 0 [ 862.712061][T10548] usb 3-1: New USB device found, idVendor=174f, idProduct=8acf, bcdDevice=39.f4 [ 862.726423][T10548] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 862.736778][T10548] usb 3-1: Product: syz [ 862.741181][T10548] usb 3-1: Manufacturer: syz [ 863.496695][T10548] usb 3-1: SerialNumber: syz [ 863.798139][T10548] usb 3-1: Found UVC 0.07 device syz (174f:8acf) [ 863.817460][T10548] usb 3-1: No valid video chain found. [ 863.837366][T10548] usb 3-1: USB disconnect, device number 25 [ 866.075148][T12673] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2111'. [ 867.282994][T12681] netlink: 'syz.0.2115': attribute type 6 has an invalid length. [ 870.566836][ T5772] Bluetooth: hci4: command 0x1003 tx timeout [ 870.575115][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.582202][T11958] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 870.960999][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 871.119793][T12722] GUP no longer grows the stack in syz.0.2128 (12722): 200000002000-200000005000 (200000001000) [ 871.132956][T12722] CPU: 1 PID: 12722 Comm: syz.0.2128 Not tainted syzkaller #0 [ 871.140777][T12722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 871.150902][T12722] Call Trace: [ 871.154228][T12722] [ 871.157210][T12722] dump_stack_lvl+0x18c/0x250 [ 871.162002][T12722] ? show_regs_print_info+0x20/0x20 [ 871.167463][T12722] ? load_image+0x400/0x400 [ 871.172148][T12722] ? find_vma+0x134/0x1b0 [ 871.176549][T12722] __get_user_pages+0xf0e/0x1380 [ 871.181661][T12722] ? mark_lock+0x94/0x320 [ 871.186073][T12722] ? populate_vma_page_range+0x380/0x380 [ 871.191955][T12722] ? __gup_longterm_locked+0x38c/0x2b80 [ 871.197660][T12722] ? down_read_killable+0x1d0/0x340 [ 871.203067][T12722] __gup_longterm_locked+0x4de/0x2b80 [ 871.208554][T12722] ? pin_user_pages_remote+0x220/0x220 [ 871.214098][T12722] ? mark_lock+0x94/0x320 [ 871.218608][T12722] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 871.224670][T12722] ? sanity_check_pinned_pages+0x1341/0x14d0 [ 871.230815][T12722] internal_get_user_pages_fast+0x21bf/0x2760 [ 871.237030][T12722] ? get_user_pages_fast_only+0xa0/0xa0 [ 871.242681][T12722] ? kvmalloc_node+0x70/0x180 [ 871.247435][T12722] ? rcu_is_watching+0x15/0xb0 [ 871.252370][T12722] ? kvmalloc_node+0x70/0x180 [ 871.257105][T12722] ? __kmalloc_node+0xe2/0x230 [ 871.261946][T12722] ? pin_user_pages_fast+0x89/0xe0 [ 871.267298][T12722] get_vaddr_frames+0x86/0x210 [ 871.272130][T12722] vb2_create_framevec+0x56/0xc0 [ 871.277226][T12722] vb2_vmalloc_get_userptr+0x108/0x440 [ 871.282851][T12722] ? vb2_vmalloc_get_dmabuf+0x200/0x200 [ 871.288458][T12722] __buf_prepare+0xf9f/0x4400 [ 871.293221][T12722] ? vb2_core_prepare_buf+0x320/0x320 [ 871.298654][T12722] ? arch_stack_walk+0x160/0x190 [ 871.303848][T12722] ? verify_lock_unused+0x140/0x140 [ 871.309123][T12722] ? stack_trace_save+0xaa/0x100 [ 871.314234][T12722] ? stack_trace_snprint+0xf0/0xf0 [ 871.319425][T12722] ? mark_lock+0x94/0x320 [ 871.324157][T12722] ? vb2_queue_or_prepare_buf+0x5c3/0xe80 [ 871.329989][T12722] vb2_core_prepare_buf+0xed/0x320 [ 871.335428][T12722] v4l2_m2m_ioctl_prepare_buf+0x1a4/0x4b0 [ 871.341346][T12722] ? v4l_prepare_buf+0x75/0xd0 [ 871.346199][T12722] __video_do_ioctl+0xc30/0xd50 [ 871.351208][T12722] ? video_ioctl2+0x30/0x30 [ 871.355772][T12722] ? __might_fault+0xc6/0x120 [ 871.360519][T12722] ? __might_fault+0xaa/0x120 [ 871.365276][T12722] video_usercopy+0x89f/0x1380 [ 871.370101][T12722] ? video_ioctl2+0x30/0x30 [ 871.374764][T12722] ? v4l_printk_ioctl+0x160/0x160 [ 871.380249][T12722] v4l2_ioctl+0x18a/0x1e0 [ 871.384856][T12722] ? v4l2_poll+0x2b0/0x2b0 [ 871.389436][T12722] __se_sys_ioctl+0xfd/0x170 [ 871.394106][T12722] do_syscall_64+0x55/0xa0 [ 871.398670][T12722] ? clear_bhb_loop+0x40/0x90 [ 871.403591][T12722] ? clear_bhb_loop+0x40/0x90 [ 871.408534][T12722] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 871.414496][T12722] RIP: 0033:0x7f641ef9c799 [ 871.419082][T12722] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 871.438933][T12722] RSP: 002b:00007f641fe85028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 871.447495][T12722] RAX: ffffffffffffffda RBX: 00007f641f215fa0 RCX: 00007f641ef9c799 [ 871.455715][T12722] RDX: 0000200000002dc0 RSI: 00000000c058565d RDI: 0000000000000003 [ 871.463749][T12722] RBP: 00007f641f032c99 R08: 0000000000000000 R09: 0000000000000000 [ 871.471899][T12722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 871.480360][T12722] R13: 00007f641f216038 R14: 00007f641f215fa0 R15: 00007ffe6f9827c8 [ 871.488415][T12722] [ 872.427287][T11958] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 873.029154][T12739] tipc: Enabling of bearer rejected, failed to enable media [ 873.048792][T12739] syzkaller0: entered promiscuous mode [ 873.055265][T12739] syzkaller0: entered allmulticast mode [ 873.704170][ T5772] Bluetooth: hci2: command 0x0406 tx timeout [ 875.366519][T11958] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 877.382994][T12779] tipc: Enabling of bearer rejected, failed to enable media [ 877.422434][T12779] syzkaller0: entered promiscuous mode [ 877.453902][T12779] syzkaller0: entered allmulticast mode [ 879.617124][T11958] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 880.970639][T12811] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2156'. [ 880.995249][T12811] bridge_slave_1: left allmulticast mode [ 881.004449][T12811] bridge_slave_1: left promiscuous mode [ 881.012522][T12811] bridge0: port 2(bridge_slave_1) entered disabled state [ 881.032820][T12811] bridge_slave_0: left allmulticast mode [ 881.041570][T12811] bridge_slave_0: left promiscuous mode [ 881.051313][T12811] bridge0: port 1(bridge_slave_0) entered disabled state [ 882.164962][T12817] tipc: Enabling of bearer rejected, failed to enable media [ 882.177169][ T8] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 882.189595][T12818] syzkaller0: entered promiscuous mode [ 882.198989][T12818] syzkaller0: entered allmulticast mode [ 882.356504][ T8] usb 2-1: device descriptor read/64, error -71 [ 882.492411][T11958] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 882.563144][T12841] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2163'. [ 882.635901][ T8] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 882.691502][T12841] nbd: socks must be embedded in a SOCK_ITEM attr [ 882.878891][ T8] usb 2-1: device descriptor read/64, error -71 [ 883.734140][ T8] usb usb2-port1: attempt power cycle [ 884.167887][ T8] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 884.243675][ T8] usb 2-1: device descriptor read/8, error -71 [ 884.568512][ T8] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 884.675997][ T8] usb 2-1: device descriptor read/8, error -71 [ 886.187665][ T8] usb usb2-port1: unable to enumerate USB device [ 886.325753][T12509] udevd[12509]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 886.374388][T12483] udevd[12483]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 886.508917][ T5772] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 888.391602][T12868] tipc: Enabling of bearer rejected, failed to enable media [ 888.405993][T12868] syzkaller0: entered promiscuous mode [ 888.414146][T12868] syzkaller0: entered allmulticast mode [ 890.741497][T11958] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 890.752616][T10548] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 894.964134][ T5813] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 895.236797][ T8] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 895.366793][ T5813] usb 2-1: Using ep0 maxpacket: 32 [ 895.378880][ T5813] usb 2-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 895.391255][ T5813] usb 2-1: config 155 interface 0 altsetting 0 has an invalid endpoint with address 0xE2, skipping [ 895.402866][ T5813] usb 2-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 895.424545][ T8] usb 1-1: config 0 has an invalid interface number: 237 but max is 0 [ 895.434171][ T8] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 895.445529][ T8] usb 1-1: config 0 has no interface number 0 [ 895.452387][ T8] usb 1-1: config 0 interface 237 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 895.463906][ T8] usb 1-1: config 0 interface 237 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 895.479007][ T5813] usb 2-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 895.497985][ T5813] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 895.506257][ T5813] usb 2-1: Product: syz [ 895.525258][ T5813] usb 2-1: Manufacturer: syz [ 895.532240][ T8] usb 1-1: New USB device found, idVendor=045e, idProduct=84bd, bcdDevice=89.be [ 895.545442][ T5813] usb 2-1: SerialNumber: syz [ 895.551284][ T8] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=3 [ 895.567426][ T5813] imon:imon_find_endpoints: no valid input (IR) endpoint found [ 895.576204][ T5813] imon 2-1:155.0: unable to initialize intf0, err -19 [ 895.585683][ T8] usb 1-1: Product: syz [ 895.594591][ T8] usb 1-1: Manufacturer: syz [ 895.599393][ T8] usb 1-1: SerialNumber: syz [ 895.605673][ T5813] imon:imon_probe: failed to initialize context! [ 895.614340][ T8] usb 1-1: config 0 descriptor?? [ 895.623494][ T5813] imon 2-1:155.0: unable to register, err -19 [ 895.840953][ T5813] usb 1-1: USB disconnect, device number 38 [ 896.657734][ T5772] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 899.193845][ T5813] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 899.285057][T10548] usb 2-1: USB disconnect, device number 39 [ 899.379528][ T5813] usb 1-1: device descriptor read/64, error -71 [ 899.497312][T12931] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2189'. [ 899.511908][T11958] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 901.752366][T12934] binder: 12933:12934 ioctl 4018620d 0 returned -22 [ 901.898138][T12931] nbd: socks must be embedded in a SOCK_ITEM attr [ 901.918651][T12894] block nbd64: NBD_DISCONNECT [ 902.241006][T12894] udevd[12894]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 904.047149][ T5772] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 904.365037][T12965] binder: 12964:12965 ioctl 4018620d 0 returned -22 [ 904.486741][T10548] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 904.636543][T10548] usb 4-1: device descriptor read/64, error -71 [ 904.753034][T12970] syzkaller0: entered promiscuous mode [ 904.765738][T12970] syzkaller0: entered allmulticast mode [ 904.906523][T10548] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 905.168337][T10548] usb 4-1: device descriptor read/64, error -71 [ 905.916654][T10548] usb usb4-port1: attempt power cycle [ 906.180576][ T5772] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 906.253117][T12981] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2206'. [ 907.221483][T10548] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 907.302986][T12981] nbd: socks must be embedded in a SOCK_ITEM attr [ 909.176618][T10548] usb 4-1: device descriptor read/8, error -71 [ 909.257731][T12984] udevd[12984]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 909.325445][T12983] udevd[12983]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 909.411784][T12994] binder: 12991:12994 ioctl 4018620d 0 returned -22 [ 909.785405][ T5772] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 910.406676][ T5813] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 910.630723][ T5813] usb 1-1: Using ep0 maxpacket: 32 [ 910.640687][ T5813] usb 1-1: no configurations [ 910.645746][ T5813] usb 1-1: can't read configurations, error -22 [ 910.807434][ T5813] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 910.996430][ T5813] usb 1-1: Using ep0 maxpacket: 32 [ 911.771419][ T5813] usb 1-1: no configurations [ 911.776175][ T5813] usb 1-1: can't read configurations, error -22 [ 911.782792][ T5813] usb usb1-port1: attempt power cycle [ 912.206562][ T5813] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 912.248281][ T5813] usb 1-1: Using ep0 maxpacket: 32 [ 912.254518][ T5813] usb 1-1: no configurations [ 912.260155][ T5813] usb 1-1: can't read configurations, error -22 [ 912.279110][T10548] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 912.416518][ T5813] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 912.457174][ T5813] usb 1-1: Using ep0 maxpacket: 32 [ 912.466798][T10548] usb 4-1: Using ep0 maxpacket: 32 [ 912.478563][T10548] usb 4-1: config 0 has an invalid interface number: 196 but max is 0 [ 912.487947][ T5813] usb 1-1: no configurations [ 912.490099][T10548] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 912.503564][T10548] usb 4-1: config 0 has no interface number 0 [ 912.506510][ T5813] usb 1-1: can't read configurations, error -22 [ 912.511579][T10548] usb 4-1: config 0 interface 196 altsetting 1 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 912.529047][T10548] usb 4-1: config 0 interface 196 altsetting 1 endpoint 0x2 has invalid wMaxPacketSize 0 [ 912.543441][T10548] usb 4-1: config 0 interface 196 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 912.568343][ T5813] usb usb1-port1: unable to enumerate USB device [ 912.586549][T10548] usb 4-1: config 0 interface 196 has no altsetting 0 [ 912.609498][T10548] usb 4-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 912.623541][T10548] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 912.632997][T10548] usb 4-1: Product: syz [ 912.637799][T10548] usb 4-1: Manufacturer: syz [ 912.642846][T10548] usb 4-1: SerialNumber: syz [ 912.653129][T10548] usb 4-1: config 0 descriptor?? [ 913.114153][ T5772] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 913.124651][T10548] ipheth 4-1:0.196: Unable to find endpoints [ 913.181894][T13034] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2225'. [ 913.320618][T13034] nbd: socks must be embedded in a SOCK_ITEM attr [ 915.736998][ T5811] usb 1-1: new full-speed USB device number 45 using dummy_hcd [ 915.848646][T10548] usb 4-1: USB disconnect, device number 44 [ 915.974056][T12989] udevd[12989]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 916.004336][T13014] udevd[13014]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 916.067555][ T5811] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 916.106943][ T5811] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 916.126155][ T5811] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 916.152289][ T5811] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 916.192401][ T5811] usb 1-1: Product: syz [ 916.222286][ T5811] usb 1-1: Manufacturer: syz [ 916.244873][ T5811] usb 1-1: SerialNumber: syz [ 916.955991][T13051] xt_CT: You must specify a L4 protocol and not use inversions on it [ 917.183292][ T5811] usb 1-1: 0:2 : does not exist [ 917.321364][ T5811] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 918.202593][ T5811] usb 1-1: USB disconnect, device number 45 [ 918.373518][T13014] udevd[13014]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 918.466576][T13063] vivid-002: disconnect [ 918.567406][T11958] Bluetooth: hci2: command 0x0406 tx timeout [ 918.601596][T11958] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 918.639782][T13059] vivid-002: reconnect [ 919.739992][ T28] kauditd_printk_skb: 18 callbacks suppressed [ 919.740004][ T28] audit: type=1326 audit(1773862439.310:821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13078 comm="syz.1.2235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb43a79c799 code=0x7ffc0000 [ 919.804283][ T28] audit: type=1326 audit(1773862439.340:822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13078 comm="syz.1.2235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb43a79c799 code=0x7ffc0000 [ 919.840422][ T28] audit: type=1326 audit(1773862439.340:823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13078 comm="syz.1.2235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7fb43a79c799 code=0x7ffc0000 [ 919.879232][ T28] audit: type=1326 audit(1773862439.340:824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13078 comm="syz.1.2235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb43a79c799 code=0x7ffc0000 [ 919.910934][ T28] audit: type=1326 audit(1773862439.340:825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13078 comm="syz.1.2235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb43a79c799 code=0x7ffc0000 [ 920.026600][ T5811] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 920.155407][T13085] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2237'. [ 920.284048][ T5772] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 921.165107][T13085] nbd: socks must be embedded in a SOCK_ITEM attr [ 921.679227][ T5811] usb 4-1: Using ep0 maxpacket: 32 [ 922.784402][ T5811] usb 4-1: device descriptor read/all, error -71 [ 923.132185][T12983] udevd[12983]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 923.150541][T13014] udevd[13014]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 924.426485][T10548] usb 1-1: new full-speed USB device number 46 using dummy_hcd [ 924.628849][T10548] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 924.651523][T10548] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 924.699162][T10548] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 924.717782][T10548] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 924.732843][T10548] usb 1-1: Product: syz [ 924.747924][T10548] usb 1-1: Manufacturer: syz [ 924.760115][T10548] usb 1-1: SerialNumber: syz [ 925.017428][T10548] usb 1-1: 0:2 : does not exist [ 925.066875][T10548] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 925.086490][ T5811] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 925.138495][T10548] usb 1-1: USB disconnect, device number 46 [ 925.184114][T13014] udevd[13014]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 925.286616][ T5811] usb 3-1: Using ep0 maxpacket: 8 [ 925.297983][ T5811] usb 3-1: unable to get BOS descriptor or descriptor too short [ 925.309773][ T5811] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 925.332187][ T5811] usb 3-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31 [ 925.346600][ T5811] usb 3-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3 [ 925.357278][T13106] vivid-006: disconnect [ 925.362997][ T5811] usb 3-1: Product: syz [ 925.376265][ T5811] usb 3-1: Manufacturer: syz [ 925.386632][ T5811] usb 3-1: SerialNumber: syz [ 925.402384][ T5811] usb 3-1: config 0 descriptor?? [ 925.566754][T13099] vivid-006: reconnect [ 925.687335][ T5811] usb 3-1: USB disconnect, device number 26 [ 925.695233][T13115] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2246'. [ 925.759335][T13115] netlink: 'syz.0.2246': attribute type 6 has an invalid length. [ 926.536488][ T28] audit: type=1326 audit(1773862446.090:826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13114 comm="syz.0.2246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 926.611798][ T28] audit: type=1326 audit(1773862446.090:827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13114 comm="syz.0.2246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 926.664444][ T28] audit: type=1326 audit(1773862446.150:828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13114 comm="syz.0.2246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 926.731651][ T28] audit: type=1326 audit(1773862446.150:829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13114 comm="syz.0.2246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 926.816659][ T28] audit: type=1326 audit(1773862446.160:830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13114 comm="syz.0.2246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 926.876551][ T28] audit: type=1326 audit(1773862446.180:831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13114 comm="syz.0.2246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 926.916023][ T28] audit: type=1326 audit(1773862446.180:832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13114 comm="syz.0.2246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 926.986703][ T28] audit: type=1326 audit(1773862446.180:833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13114 comm="syz.0.2246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 927.057725][ T28] audit: type=1326 audit(1773862446.180:834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13114 comm="syz.0.2246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 927.134982][ T28] audit: type=1326 audit(1773862446.180:835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13114 comm="syz.0.2246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641ef9c799 code=0x7ffc0000 [ 927.279099][T11958] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 927.356952][T13128] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2250'. [ 927.441143][T13128] nbd: socks must be embedded in a SOCK_ITEM attr [ 930.319431][T12983] udevd[12983]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 930.369866][T13014] udevd[13014]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 930.496820][T13144] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2256'. [ 930.499183][ T5759] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 930.531848][T13144] netlink: 'syz.1.2256': attribute type 6 has an invalid length. [ 930.719256][ T5759] usb 4-1: config 0 has an invalid interface number: 237 but max is 0 [ 930.913102][ T5759] usb 4-1: config 0 has no interface number 0 [ 930.944931][ T5759] usb 4-1: config 0 interface 237 altsetting 0 endpoint 0x3 has invalid maxpacket 65535, setting to 64 [ 931.739552][ T5759] usb 4-1: config 0 interface 237 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 931.801386][ T5759] usb 4-1: New USB device found, idVendor=045e, idProduct=84bd, bcdDevice=89.be [ 931.811081][ T5759] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=3 [ 931.821497][ T5759] usb 4-1: Product: syz [ 931.825869][ T5759] usb 4-1: Manufacturer: syz [ 931.831134][ T5759] usb 4-1: SerialNumber: syz [ 931.859261][ T5759] usb 4-1: config 0 descriptor?? [ 932.018400][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 932.024802][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 932.039847][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 932.039863][ T28] audit: type=1326 audit(1773862451.610:838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13143 comm="syz.1.2256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb43a79c799 code=0x7ffc0000 [ 932.071372][ T28] audit: type=1326 audit(1773862451.610:839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13143 comm="syz.1.2256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb43a79c799 code=0x7ffc0000 [ 932.250693][ T28] audit: type=1326 audit(1773862451.810:840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13143 comm="syz.1.2256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fb43a79c799 code=0x7ffc0000 [ 932.892398][ T28] audit: type=1326 audit(1773862451.810:841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13143 comm="syz.1.2256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb43a79c799 code=0x7ffc0000 [ 933.015939][ T28] audit: type=1326 audit(1773862451.810:842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13143 comm="syz.1.2256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb43a79c799 code=0x7ffc0000 [ 933.044964][ T28] audit: type=1326 audit(1773862451.810:843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13143 comm="syz.1.2256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb43a79c799 code=0x7ffc0000 [ 933.090098][ T5759] usb 4-1: USB disconnect, device number 47 [ 933.104445][ T28] audit: type=1326 audit(1773862451.810:844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13143 comm="syz.1.2256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb43a79c799 code=0x7ffc0000 [ 933.176683][ T28] audit: type=1326 audit(1773862451.810:845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13143 comm="syz.1.2256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb43a79c799 code=0x7ffc0000 [ 933.204822][ T28] audit: type=1326 audit(1773862451.810:846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13143 comm="syz.1.2256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb43a79c799 code=0x7ffc0000 [ 933.235311][ T28] audit: type=1326 audit(1773862451.810:847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13143 comm="syz.1.2256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb43a79c799 code=0x7ffc0000 [ 933.359037][T11958] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 933.435414][T13166] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2262'. [ 933.545158][T13166] nbd: socks must be embedded in a SOCK_ITEM attr [ 937.784696][T13014] udevd[13014]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 937.810955][T13014] udevd[13014]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 938.210469][T13187] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2271'. [ 939.195707][T11958] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 939.251417][T13198] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2274'. [ 939.331580][T13198] nbd: socks must be embedded in a SOCK_ITEM attr [ 942.101408][T12983] udevd[12983]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 942.194155][T13014] udevd[13014]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 942.594726][T13218] netlink: 1624 bytes leftover after parsing attributes in process `syz.1.2281'. [ 942.647850][ T5759] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 942.768893][T13224] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 943.727543][ T5759] usb 3-1: config 0 has an invalid interface number: 237 but max is 0 [ 943.737266][T11958] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 943.777748][ T5759] usb 3-1: config 0 has no interface number 0 [ 943.804253][T13231] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2285'. [ 943.844677][ T5759] usb 3-1: config 0 interface 237 altsetting 0 endpoint 0x3 has invalid maxpacket 65535, setting to 64 [ 943.928685][ T5759] usb 3-1: config 0 interface 237 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 943.976268][ T5759] usb 3-1: config 0 interface 237 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 943.997475][T13231] nbd: socks must be embedded in a SOCK_ITEM attr [ 944.142528][ T5759] usb 3-1: New USB device found, idVendor=045e, idProduct=84bd, bcdDevice=89.be [ 944.209081][ T5759] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=3 [ 944.368321][ T5759] usb 3-1: Product: syz [ 944.432172][ T5759] usb 3-1: Manufacturer: syz [ 944.498511][ T5759] usb 3-1: SerialNumber: syz [ 944.637801][ T5759] usb 3-1: config 0 descriptor?? [ 945.443543][ T9659] usb 3-1: USB disconnect, device number 27 [ 946.212039][T13246] netlink: 1624 bytes leftover after parsing attributes in process `syz.3.2291'. [ 946.285451][T13014] udevd[13014]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 947.840203][T11958] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 947.918154][T13265] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2297'. [ 948.000532][T13265] nbd: socks must be embedded in a SOCK_ITEM attr [ 950.892200][T12983] udevd[12983]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 950.980764][T13014] udevd[13014]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 951.051162][ T5772] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 951.061028][ T5772] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 951.081510][ T5772] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 951.093425][ T5772] CPU: 1 PID: 5772 Comm: kworker/u5:2 Not tainted syzkaller #0 [ 951.101055][ T5772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 951.111265][ T5772] Workqueue: hci3 hci_rx_work [ 951.116093][ T5772] Call Trace: [ 951.119407][ T5772] [ 951.122369][ T5772] dump_stack_lvl+0x18c/0x250 [ 951.127223][ T5772] ? show_regs_print_info+0x20/0x20 [ 951.132475][ T5772] ? load_image+0x400/0x400 [ 951.137383][ T5772] sysfs_create_dir_ns+0x26e/0x2a0 [ 951.142710][ T5772] ? sysfs_warn_dup+0xa0/0xa0 [ 951.147421][ T5772] ? do_raw_spin_unlock+0x121/0x230 [ 951.152744][ T5772] kobject_add_internal+0x61c/0xcc0 [ 951.158047][ T5772] kobject_add+0x164/0x240 [ 951.162512][ T5772] ? __rwlock_init+0x150/0x150 [ 951.167327][ T5772] ? kobject_init+0x1e0/0x1e0 [ 951.172215][ T5772] ? _raw_spin_unlock+0x28/0x40 [ 951.177162][ T5772] ? get_device_parent+0x366/0x390 [ 951.182413][ T5772] device_add+0x408/0xc20 [ 951.187229][ T5772] hci_conn_add_sysfs+0xd5/0x1e0 [ 951.192319][ T5772] le_conn_complete_evt+0xf5d/0x1540 [ 951.197738][ T5772] ? hci_event_packet+0x4cb/0x1270 [ 951.202897][ T5772] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 951.209272][ T5772] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 951.214970][ T5772] ? skb_pull_data+0xfb/0x200 [ 951.219956][ T5772] hci_le_conn_complete_evt+0x187/0x440 [ 951.225639][ T5772] ? hci_remote_host_features_evt+0x150/0x150 [ 951.231871][ T5772] hci_event_packet+0x7ba/0x1270 [ 951.236947][ T5772] ? bis_list+0x290/0x290 [ 951.241572][ T5772] ? lockdep_hardirqs_on+0x98/0x150 [ 951.247137][ T5772] ? hci_send_to_monitor+0xd7/0x4f0 [ 951.252816][ T5772] hci_rx_work+0x43a/0xd60 [ 951.257286][ T5772] ? process_scheduled_works+0x96f/0x15d0 [ 951.263042][ T5772] process_scheduled_works+0xa5d/0x15d0 [ 951.268660][ T5772] ? worker_attach_to_pool+0x380/0x380 [ 951.274224][ T5772] ? assign_work+0x3d2/0x5d0 [ 951.278852][ T5772] worker_thread+0xa55/0xfc0 [ 951.283674][ T5772] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 951.290051][ T5772] ? _raw_spin_unlock+0x40/0x40 [ 951.294953][ T5772] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 951.300997][ T5772] kthread+0x2fa/0x390 [ 951.305099][ T5772] ? pr_cont_work+0x560/0x560 [ 951.309916][ T5772] ? kthread_blkcg+0xd0/0xd0 [ 951.314551][ T5772] ret_from_fork+0x48/0x80 [ 951.319016][ T5772] ? kthread_blkcg+0xd0/0xd0 [ 951.323743][ T5772] ret_from_fork_asm+0x11/0x20 [ 951.328762][ T5772] [ 951.336130][ T5772] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 951.350751][ T5782] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 951.360310][ T5772] Bluetooth: hci3: failed to register connection device [ 951.447995][ T5772] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 951.461918][ T5772] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 951.470403][ T5772] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 951.512815][T11958] ================================================================== [ 951.521011][T11958] BUG: KASAN: slab-use-after-free in l2cap_connect_cfm+0x6df/0x1070 [ 951.529127][T11958] Read of size 8 at addr ffff88807c9a5480 by task kworker/u5:1/11958 [ 951.537466][T11958] [ 951.539802][T11958] CPU: 0 PID: 11958 Comm: kworker/u5:1 Not tainted syzkaller #0 [ 951.547614][T11958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 951.557680][T11958] Workqueue: hci0 hci_rx_work [ 951.562375][T11958] Call Trace: [ 951.565760][T11958] [ 951.568991][T11958] dump_stack_lvl+0x18c/0x250 [ 951.573826][T11958] ? __lock_acquire+0x7d40/0x7d40 [ 951.579020][T11958] ? show_regs_print_info+0x20/0x20 [ 951.584360][T11958] ? load_image+0x400/0x400 [ 951.588882][T11958] ? __virt_addr_valid+0x469/0x540 [ 951.594040][T11958] print_report+0xa8/0x210 [ 951.598638][T11958] ? l2cap_connect_cfm+0x6df/0x1070 [ 951.603915][T11958] kasan_report+0x117/0x150 [ 951.608571][T11958] ? l2cap_connect_cfm+0x6df/0x1070 [ 951.613925][T11958] l2cap_connect_cfm+0x6df/0x1070 [ 951.619194][T11958] ? l2cap_ertm_resend+0x1040/0x1040 [ 951.624633][T11958] ? device_add+0x7b4/0xc20 [ 951.629362][T11958] ? l2cap_ertm_resend+0x1040/0x1040 [ 951.634932][T11958] hci_connect_cfm+0x8f/0x130 [ 951.639806][T11958] le_conn_complete_evt+0xfdc/0x1540 [ 951.645294][T11958] ? hci_event_packet+0x4cb/0x1270 [ 951.650436][T11958] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 951.656794][T11958] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 951.662482][T11958] ? skb_pull_data+0xfb/0x200 [ 951.667192][T11958] hci_le_conn_complete_evt+0x187/0x440 [ 951.673190][T11958] ? hci_remote_host_features_evt+0x150/0x150 [ 951.679378][T11958] hci_event_packet+0x7ba/0x1270 [ 951.684362][T11958] ? bis_list+0x290/0x290 [ 951.688920][T11958] ? lockdep_hardirqs_on+0x98/0x150 [ 951.694242][T11958] ? hci_send_to_monitor+0xd7/0x4f0 [ 951.699731][T11958] hci_rx_work+0x43a/0xd60 [ 951.704262][T11958] ? process_scheduled_works+0x96f/0x15d0 [ 951.710270][T11958] process_scheduled_works+0xa5d/0x15d0 [ 951.716242][T11958] ? worker_attach_to_pool+0x380/0x380 [ 951.721752][T11958] ? assign_work+0x3d2/0x5d0 [ 951.726400][T11958] worker_thread+0xa55/0xfc0 [ 951.731191][T11958] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 951.737301][T11958] ? _raw_spin_unlock+0x40/0x40 [ 951.742210][T11958] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 951.748242][T11958] kthread+0x2fa/0x390 [ 951.752438][T11958] ? pr_cont_work+0x560/0x560 [ 951.757205][T11958] ? kthread_blkcg+0xd0/0xd0 [ 951.761852][T11958] ret_from_fork+0x48/0x80 [ 951.766282][T11958] ? kthread_blkcg+0xd0/0xd0 [ 951.770925][T11958] ret_from_fork_asm+0x11/0x20 [ 951.775818][T11958] [ 951.778847][T11958] [ 951.781172][T11958] Allocated by task 11958: [ 951.785676][T11958] kasan_set_track+0x4e/0x70 [ 951.790372][T11958] __kasan_kmalloc+0x8f/0xa0 [ 951.795159][T11958] l2cap_chan_create+0x50/0x760 [ 951.800046][T11958] l2cap_sock_new_connection_cb+0x182/0x2a0 [ 951.805966][T11958] l2cap_connect_cfm+0x375/0x1070 [ 951.811107][T11958] hci_connect_cfm+0x8f/0x130 [ 951.816021][T11958] le_conn_complete_evt+0xfdc/0x1540 [ 951.821539][T11958] hci_le_conn_complete_evt+0x187/0x440 [ 951.827105][T11958] hci_event_packet+0x7ba/0x1270 [ 951.832144][T11958] hci_rx_work+0x43a/0xd60 [ 951.836576][T11958] process_scheduled_works+0xa5d/0x15d0 [ 951.842136][T11958] worker_thread+0xa55/0xfc0 [ 951.846761][T11958] kthread+0x2fa/0x390 [ 951.851030][T11958] ret_from_fork+0x48/0x80 [ 951.855504][T11958] ret_from_fork_asm+0x11/0x20 [ 951.860417][T11958] [ 951.862785][T11958] Freed by task 13270: [ 951.866880][T11958] kasan_set_track+0x4e/0x70 [ 951.871524][T11958] kasan_save_free_info+0x2e/0x50 [ 951.876800][T11958] ____kasan_slab_free+0x126/0x1e0 [ 951.882048][T11958] slab_free_freelist_hook+0x130/0x1a0 [ 951.887636][T11958] __kmem_cache_free+0xba/0x1e0 [ 951.892605][T11958] l2cap_sock_cleanup_listen+0xea/0x3e0 [ 951.898378][T11958] l2cap_sock_release+0x6a/0x1e0 [ 951.903594][T11958] sock_close+0xbd/0x230 [ 951.908003][T11958] __fput+0x234/0x970 [ 951.912089][T11958] task_work_run+0x1d4/0x260 [ 951.916705][T11958] exit_to_user_mode_loop+0xe6/0x110 [ 951.922035][T11958] exit_to_user_mode_prepare+0xee/0x180 [ 951.927601][T11958] syscall_exit_to_user_mode+0x1a/0x50 [ 951.933152][T11958] do_syscall_64+0x61/0xa0 [ 951.937602][T11958] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 951.943614][T11958] [ 951.945972][T11958] Last potentially related work creation: [ 951.951885][T11958] kasan_save_stack+0x3e/0x60 [ 951.956578][T11958] __kasan_record_aux_stack+0xaf/0xc0 [ 951.961967][T11958] call_rcu+0x153/0x950 [ 951.966310][T11958] wg_noise_keypairs_clear+0x173/0x2a0 [ 951.972335][T11958] wg_queued_expired_zero_key_material+0x3c/0xe0 [ 951.978872][T11958] process_scheduled_works+0xa5d/0x15d0 [ 951.984481][T11958] worker_thread+0xa55/0xfc0 [ 951.989292][T11958] kthread+0x2fa/0x390 [ 951.993951][T11958] ret_from_fork+0x48/0x80 [ 951.998510][T11958] ret_from_fork_asm+0x11/0x20 [ 952.003342][T11958] [ 952.005684][T11958] The buggy address belongs to the object at ffff88807c9a5000 [ 952.005684][T11958] which belongs to the cache kmalloc-2k of size 2048 [ 952.019858][T11958] The buggy address is located 1152 bytes inside of [ 952.019858][T11958] freed 2048-byte region [ffff88807c9a5000, ffff88807c9a5800) [ 952.033842][T11958] [ 952.036168][T11958] The buggy address belongs to the physical page: [ 952.042592][T11958] page:ffffea0001f26800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7c9a0 [ 952.052769][T11958] head:ffffea0001f26800 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 952.062588][T11958] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 952.070936][T11958] page_type: 0xffffffff() [ 952.075392][T11958] raw: 00fff00000000840 ffff888017c42000 ffffea0001e7f600 dead000000000002 [ 952.084228][T11958] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 952.093020][T11958] page dumped because: kasan: bad access detected [ 952.099467][T11958] page_owner tracks the page as allocated [ 952.105372][T11958] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5831, tgid 5831 (kworker/1:6), ts 90034504973, free_ts 89975077410 [ 952.129113][T11958] post_alloc_hook+0x1c1/0x200 [ 952.134181][T11958] get_page_from_freelist+0x1951/0x19e0 [ 952.139870][T11958] __alloc_pages+0x1f0/0x460 [ 952.144677][T11958] alloc_slab_page+0x5d/0x160 [ 952.149384][T11958] new_slab+0x87/0x2d0 [ 952.153498][T11958] ___slab_alloc+0xc5d/0x12f0 [ 952.158225][T11958] __kmem_cache_alloc_node+0x19e/0x250 [ 952.163854][T11958] __kmalloc_node_track_caller+0xa2/0x230 [ 952.169849][T11958] kmalloc_reserve+0x116/0x240 [ 952.174634][T11958] __alloc_skb+0x138/0x2c0 [ 952.179085][T11958] mld_newpack+0x154/0xbe0 [ 952.183594][T11958] add_grhead+0x5a/0x2a0 [ 952.187940][T11958] add_grec+0x13ad/0x1660 [ 952.192284][T11958] mld_ifc_work+0x6e6/0xb40 [ 952.197062][T11958] process_scheduled_works+0xa5d/0x15d0 [ 952.202642][T11958] worker_thread+0xa55/0xfc0 [ 952.207273][T11958] page last free stack trace: [ 952.212036][T11958] free_unref_page_prepare+0x7b2/0x8c0 [ 952.217520][T11958] free_unref_page+0x32/0x2e0 [ 952.222229][T11958] __unfreeze_partials+0x1cf/0x210 [ 952.227361][T11958] put_cpu_partial+0x17c/0x250 [ 952.232144][T11958] __slab_free+0x319/0x400 [ 952.236567][T11958] qlist_free_all+0x75/0xd0 [ 952.241347][T11958] kasan_quarantine_reduce+0x143/0x160 [ 952.247096][T11958] __kasan_slab_alloc+0x22/0x80 [ 952.252072][T11958] slab_post_alloc_hook+0x6e/0x4b0 [ 952.257249][T11958] kmem_cache_alloc_node+0x14c/0x320 [ 952.262642][T11958] __alloc_skb+0x103/0x2c0 [ 952.267073][T11958] netlink_sendmsg+0x66a/0xbf0 [ 952.271932][T11958] __sys_sendto+0x4a9/0x6b0 [ 952.276484][T11958] __x64_sys_sendto+0xde/0xf0 [ 952.281185][T11958] do_syscall_64+0x55/0xa0 [ 952.285616][T11958] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 952.291535][T11958] [ 952.293868][T11958] Memory state around the buggy address: [ 952.299589][T11958] ffff88807c9a5380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 952.307668][T11958] ffff88807c9a5400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 952.315842][T11958] >ffff88807c9a5480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 952.324015][T11958] ^ [ 952.328173][T11958] ffff88807c9a5500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 952.336617][T11958] ffff88807c9a5580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 952.344785][T11958] ================================================================== [ 952.407133][T11958] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 952.414407][T11958] CPU: 1 PID: 11958 Comm: kworker/u5:1 Not tainted syzkaller #0 [ 952.422091][T11958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 952.432205][T11958] Workqueue: hci0 hci_rx_work [ 952.437036][T11958] Call Trace: [ 952.440349][T11958] [ 952.443318][T11958] dump_stack_lvl+0x18c/0x250 [ 952.448494][T11958] ? show_regs_print_info+0x20/0x20 [ 952.453944][T11958] ? load_image+0x400/0x400 [ 952.458711][T11958] panic+0x2dc/0x730 [ 952.463112][T11958] ? bpf_jit_dump+0xd0/0xd0 [ 952.467680][T11958] ? _raw_spin_unlock_irqrestore+0x111/0x120 [ 952.473896][T11958] ? _raw_spin_unlock+0x40/0x40 [ 952.478960][T11958] ? print_memory_metadata+0x314/0x400 [ 952.484895][T11958] ? l2cap_connect_cfm+0x6df/0x1070 [ 952.490165][T11958] check_panic_on_warn+0x84/0xa0 [ 952.495158][T11958] ? l2cap_connect_cfm+0x6df/0x1070 [ 952.500481][T11958] end_report+0x6f/0x130 [ 952.504750][T11958] kasan_report+0x128/0x150 [ 952.509378][T11958] ? l2cap_connect_cfm+0x6df/0x1070 [ 952.514613][T11958] l2cap_connect_cfm+0x6df/0x1070 [ 952.519775][T11958] ? l2cap_ertm_resend+0x1040/0x1040 [ 952.525205][T11958] ? device_add+0x7b4/0xc20 [ 952.529839][T11958] ? l2cap_ertm_resend+0x1040/0x1040 [ 952.535167][T11958] hci_connect_cfm+0x8f/0x130 [ 952.539994][T11958] le_conn_complete_evt+0xfdc/0x1540 [ 952.545333][T11958] ? hci_event_packet+0x4cb/0x1270 [ 952.550480][T11958] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 952.556879][T11958] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 952.562556][T11958] ? skb_pull_data+0xfb/0x200 [ 952.567270][T11958] hci_le_conn_complete_evt+0x187/0x440 [ 952.572956][T11958] ? hci_remote_host_features_evt+0x150/0x150 [ 952.579139][T11958] hci_event_packet+0x7ba/0x1270 [ 952.584106][T11958] ? bis_list+0x290/0x290 [ 952.588470][T11958] ? lockdep_hardirqs_on+0x98/0x150 [ 952.593706][T11958] ? hci_send_to_monitor+0xd7/0x4f0 [ 952.599210][T11958] hci_rx_work+0x43a/0xd60 [ 952.603845][T11958] ? process_scheduled_works+0x96f/0x15d0 [ 952.609608][T11958] process_scheduled_works+0xa5d/0x15d0 [ 952.615209][T11958] ? worker_attach_to_pool+0x380/0x380 [ 952.620713][T11958] ? assign_work+0x3d2/0x5d0 [ 952.625345][T11958] worker_thread+0xa55/0xfc0 [ 952.630057][T11958] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 952.636093][T11958] ? _raw_spin_unlock+0x40/0x40 [ 952.641057][T11958] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 952.647070][T11958] kthread+0x2fa/0x390 [ 952.651161][T11958] ? pr_cont_work+0x560/0x560 [ 952.655956][T11958] ? kthread_blkcg+0xd0/0xd0 [ 952.660619][T11958] ret_from_fork+0x48/0x80 [ 952.665069][T11958] ? kthread_blkcg+0xd0/0xd0 [ 952.669685][T11958] ret_from_fork_asm+0x11/0x20 [ 952.674494][T11958] [ 952.678191][T11958] Kernel Offset: disabled [ 952.682634][T11958] Rebooting in 86400 seconds..