last executing test programs: 7m21.94466797s ago: executing program 0 (id=13059): r0 = socket(0x2, 0x80805, 0x0) connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x2, @none, 0x401}, 0xe) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000001080)=0x8) 7m21.792355865s ago: executing program 0 (id=13063): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002900), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000002a00)={0x0, 0x0, &(0x7f00000029c0)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002bbd7000fbdbdf251a00000008002280030000800500920009000000070021"], 0x2c}, 0x1, 0x0, 0x0, 0x4004045}, 0x810) 7m21.698156593s ago: executing program 0 (id=13067): r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = memfd_create(0x0, 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f0000000280)=ANY=[@ANYBLOB="0118000000", @ANYRES32=r1]) 7m21.631604465s ago: executing program 0 (id=13068): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000060a0b0400000000000000000200fffe540004802800018007000100637400001c0002800800014000000002080002400000000c05000300010000002800018007000100637400001c0002800800024000000011080004400000000c05000300010000000900010073797a30000000000900020073797a320000000014000000110001"], 0xa8}, 0x1, 0x0, 0x0, 0x840}, 0x0) 7m21.350823281s ago: executing program 0 (id=13074): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000004, 0x11, r0, 0x6f000) 7m21.212356224s ago: executing program 0 (id=13077): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_SECURITY_LEVEL(r0, 0x0, 0x2, &(0x7f0000000040)=0x5, 0x4) getsockopt$WPAN_SECURITY_LEVEL(r0, 0x0, 0x2, 0x0, &(0x7f0000000200)) 7m6.008785141s ago: executing program 32 (id=13077): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_SECURITY_LEVEL(r0, 0x0, 0x2, &(0x7f0000000040)=0x5, 0x4) getsockopt$WPAN_SECURITY_LEVEL(r0, 0x0, 0x2, 0x0, &(0x7f0000000200)) 6m11.164845744s ago: executing program 2 (id=13681): r0 = memfd_create(&(0x7f0000000340)='y\x105\xfc\xf7u\x83%\x1f\xe09@:r\xc2\xb9x0\x90P\x03\x00\x00\x00\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\xcf]\xac\xbc\t\xa4\xfc\xa4j\x9f\xceX\x8f5=\xaa\xd5\xe9n\xab s\xa5\x00\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\xc2%/u\x17\xdaM\x8d\x01L\x1c\xc5\xf0\xf6\x92\x05\x9aH\x00\'\xd4\x94d_\v\xfc\xad\x0f\xa8\xc5\xad\x00\xc2\x12\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\nj\x8c\xef\x90\xc0Z\xfa\x06\xb3\xf0wVq\xe9d\xac\xe9\xaa\x9dR\x00\x9b\xf8N\x80\xd1g\xd8e\xc8\x16\xad1\x02\xab\xce3\xb2\xb0\xd1\x11\xf0\xc2G\x1b+kV$\x80\x8aJ$\x81\xc0\x16\xf5\x9cz\x10\x97\xdb\x12H\xee/\xe3sY\x02D;L~\xd0\xb44\x01*\xfb\xa4 \xb2b\x90H$\xb2\xad\xbf\x8aM\xb6\x81\x81^\x02\xa0\xa7t\xfbHb\xa5=\xdd+$\xc06J\xb4\xf0\xab\x85Xz\x9f\xb2D$\xbe\xd9\x7f-\r\x9aj9r\n_\x11\xd4\x19\xb0\xa0G\xb7\x94\xf7\xfd~\xe9\xb6G\xbfE\xbb\x15\x15\xa6\xca2\xd0\xd3\x8c\xf7nO\xf9\xa8\xfd\x8a\xd2\xb2v\xff\xe4\xb0;\xd9\xa8\f\x03R\xbd%\x9fF\xee\x1e\x11X\f\x0f\xf0\xe2\xb5\xf8', 0xb) fcntl$addseals(r0, 0x409, 0x4) ftruncate(r0, 0xffff) 6m11.039938911s ago: executing program 2 (id=13684): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000480)="5c00000012006bab9a3fe3d86e17aa0b046b876c1d0048380019001931a0e69ee517d34460bc06000000a701251e6182949a3651f60a84c9f4d4938037e70e4509c51c268811000000000000000000002571cd53b9851b30599980bc", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000700)=""/164, 0xa4}, {&(0x7f0000000100)=""/200, 0xc8}, {&(0x7f0000000d80)=""/4069, 0xfe5}, {&(0x7f0000005000)=""/4090, 0xffa}, {&(0x7f0000000d40)=""/58, 0x3a}, {&(0x7f0000000940)=""/190, 0xbe}], 0x6}, 0x40002120) 6m10.868288021s ago: executing program 2 (id=13688): r0 = socket$inet6(0xa, 0x805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000080)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private1}]}, &(0x7f00000002c0)=0x10) getsockopt$bt_hci(r0, 0x84, 0x82, &(0x7f0000000080)=""/4076, &(0x7f0000000040)=0xfec) 6m10.609672431s ago: executing program 2 (id=13694): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x6d93, 0x4) sendmsg$sock(r0, &(0x7f0000000540)={&(0x7f0000000580)=@in6={0xa, 0x4e23, 0x81, @empty, 0x3}, 0x80, 0x0, 0x0, &(0x7f0000000700)=[@mark={{0x18, 0x1, 0x51, 0xfffffffb}}], 0x18}, 0xcc840) 6m10.515970868s ago: executing program 2 (id=13696): r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x10) symlink(&(0x7f0000000080)='./file1\x00', &(0x7f00000000c0)='./file1\x00') 6m10.375823712s ago: executing program 2 (id=13699): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xec302, 0x0) readahead(r0, 0x1, 0x80000001) preadv2(r0, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x1, 0x2000, 0x0, 0x1f) 5m55.159239823s ago: executing program 33 (id=13699): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xec302, 0x0) readahead(r0, 0x1, 0x80000001) preadv2(r0, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x1, 0x2000, 0x0, 0x1f) 1m44.539393534s ago: executing program 1 (id=17281): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00') read$qrtrtun(r0, &(0x7f00000004c0)=""/57, 0x39) 1m44.392230126s ago: executing program 1 (id=17284): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x3, &(0x7f0000000140), 0x0) 1m44.130100121s ago: executing program 1 (id=17289): write$apparmor_current(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="7065726d70726f66696c65515d9625292f2f2e"], 0x16) r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8936, &(0x7f0000000000)) 1m44.026127119s ago: executing program 1 (id=17291): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) close(r0) 1m43.867986092s ago: executing program 1 (id=17294): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8}) link(&(0x7f0000000080)='.\x00', &(0x7f00000000c0)='./file0\x00') 1m43.676042366s ago: executing program 1 (id=17299): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0) 1m28.378052832s ago: executing program 34 (id=17299): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0) 1m10.680255227s ago: executing program 5 (id=17633): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0xd8, 0x40a54e) 1m9.877529057s ago: executing program 5 (id=17636): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x14, r1, 0x2e7fd573c8d583d5, 0x70bd25, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x4008814) 1m9.389364549s ago: executing program 5 (id=17639): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f0000001980)={0x9, {"a2e3ad084fc752f91b2909094bf70e0dd038e7ff7fc6e5539b324c078b089b32373b6d1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31300d326d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14aec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6057080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df0784c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f498707000000000000cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d618e462071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd9432086c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5e3236dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af44863c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f136174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7c85d94ffb07d9be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000510b00", 0x1000}}, 0x1006) 1m9.136082422s ago: executing program 5 (id=17642): symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00') mount$9p_unix(&(0x7f00000000c0)='./file0/file0/..\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x12d7498, 0x0) umount2(&(0x7f0000000040)='./file0\x00', 0x1) 1m8.898728075s ago: executing program 5 (id=17645): mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0) r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x28000, 0x1000, 0x1}, 0x1c) 1m7.139867412s ago: executing program 5 (id=17661): select(0x0, 0x0, 0x0, 0x0, 0x0) r0 = landlock_create_ruleset(&(0x7f00000002c0)={0x7f6e}, 0x18, 0x0) landlock_restrict_self(r0, 0xe) 1m6.885821733s ago: executing program 35 (id=17661): select(0x0, 0x0, 0x0, 0x0, 0x0) r0 = landlock_create_ruleset(&(0x7f00000002c0)={0x7f6e}, 0x18, 0x0) landlock_restrict_self(r0, 0xe) 39.167003131s ago: executing program 6 (id=17927): write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x83, 0x2, 0x3, 0x7f, 0xa9, 0x4d, 0x6, 0x5f, 0x9, 0x15, 0xffff2d37, 0xff7fff01, 0x6, 0x5, 0x20007, 0x4005, 0x6, 0x0, 0x7, 0x3c5b, 0x1, 0x24, 0x10, 0x5, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x20003, 0x8, 0x4c74, 0x10000, 0x242, 0x3, 0xe, 0x4, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x18e, 0x200006, 0x6, 0x454f, 0x6, 0x80004, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x0, 0x8, 0x8000, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432f6, 0xc8, 0xf3, 0xe, 0x2bf, 0x6c7, 0x2, 0xfffffffc, 0x5, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x1, 0x66abcbd2, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x7, 0x9, 0xd, 0x4df, 0x381, 0x4, 0xb, 0x4, 0x9, 0x8, 0x5, 0x6, 0x47, 0x6, 0x1, 0xfe000000, 0x8, 0x2, 0x4, 0x9, 0x3, 0x3, 0x4000009, 0x6, 0x0, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x4, 0x5, 0xfffffffd, 0x5, 0x4, 0x9, 0x5, 0x7fff, 0x7, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0xfffffffa, 0xb, 0x5, 0x2, 0x2, 0x400003, 0x20000008, 0x4, 0x6d01, 0x6, 0x7, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x4, 0x1000, 0x5, 0xb1, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0xffffffff, 0x5, 0x1c, 0x120000, 0x200807ff, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x4, 0x6, 0x6, 0x0, 0xb9, 0xce4, 0x1ff, 0x2, 0x4184, 0x5, 0x3, 0x2, 0x10000, 0x4, 0x7fff, 0xffff, 0xa620, 0x1, 0x5, 0x1, 0x2000002, 0x14c, 0x60a7, 0x6, 0xa, 0xffffffff, 0x80000000, 0x5, 0x5, 0xc8, 0x1, 0xfffff000, 0xffff, 0x0, 0x7e, 0x100, 0x9622, 0x7, 0xaf, 0x20000008, 0x5, 0x226, 0x2, 0x5, 0x0, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x530d, 0x6c1b, 0x0, 0x4, 0x5, 0x803, 0xd7, 0x1fe, 0xb, 0xfff]}, 0x45c) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timerfd_settime(0xffffffffffffffff, 0x3, &(0x7f0000000840)={{0x77359400}, {0x0, 0x3938700}}, 0x0) 39.073378379s ago: executing program 6 (id=17929): r0 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r0, &(0x7f0000000380)={0x2a, 0xffffffff00000002, 0x7ffe}, 0xc) getpeername$qrtr(r0, 0x0, &(0x7f0000000080)) 38.89910205s ago: executing program 6 (id=17932): syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x22902, 0x0) ioctl$FBIO_WAITFORVSYNC(r0, 0x40044620, 0x0) 38.753789712s ago: executing program 6 (id=17935): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000080)={0xffffffff, "ffbdbdc772022acd2c000000000800000000000000008000", 0xffffffffffffffff}) poll(&(0x7f0000000040)=[{r1, 0x6242}], 0x1, 0x7f) 38.525789573s ago: executing program 6 (id=17939): r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x10) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) 38.392549678s ago: executing program 6 (id=17942): r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0xc, &(0x7f00000000c0)=0x6, 0x4) sendmsg$netlink(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000180)=ANY=[@ANYBLOB="1700000056000106000000000000000007"], 0x1c}], 0x1}, 0x0) 23.198712429s ago: executing program 36 (id=17942): r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0xc, &(0x7f00000000c0)=0x6, 0x4) sendmsg$netlink(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000180)=ANY=[@ANYBLOB="1700000056000106000000000000000007"], 0x1c}], 0x1}, 0x0) 4.622725887s ago: executing program 7 (id=18266): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/tcp_sack\x00', 0x1, 0x0) sendfile(r1, r0, &(0x7f00000000c0)=0x8b, 0x100000500) 4.481447011s ago: executing program 7 (id=18268): setgroups(0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_buf(r0, 0x1, 0x3b, 0x0, &(0x7f0000000000)) 4.279870452s ago: executing program 7 (id=18270): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000170006803c00040067636d28616573290000000000000000000000000000000000000000000000001c000000e3de3d7b4cd07ec3ee777de774fc7987cca4198908000600"], 0x5c}, 0x1, 0x0, 0x0, 0x4}, 0x4000004) 3.976275208s ago: executing program 7 (id=18274): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="120100007882b740422c0917b7ca010203010902120001000000000904"], 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000600)={0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) 3.54728254s ago: executing program 4 (id=18277): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000000)={0x0, 0x6}) 3.397879815s ago: executing program 4 (id=18279): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000000)=0x1, r1, 0x0, 0x2, 0x4}}, 0x20) 3.316413919s ago: executing program 4 (id=18280): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x8, 0x0, 0xfffffffd}, 0x24) write(r0, &(0x7f0000000080)="1c0000001a007f0214f9f40700090408030000000000000000020000", 0x1c) 3.107842622s ago: executing program 4 (id=18281): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_NL_PEER_REMOVE(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000240)={0x18, r1, 0x239, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}}, 0x0) 2.936337086s ago: executing program 4 (id=18284): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) chdir(&(0x7f0000000000)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00') write(r0, &(0x7f0000000000)="1546b2000000000000008043f3526b13f78ada17aefbbfc13bc888a3a46e8f0e809292ee0739b4f20800b179aa901b5d500d63", 0x58) 2.724978199s ago: executing program 4 (id=18285): r0 = syz_usb_connect(0x5, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b510f210950b2a7773820102030109022400010000000009042200028953950009050a02ff0300fa000905820250"], 0x0) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000040)={0x34, &(0x7f0000000600)=ANY=[@ANYBLOB="00150001000009"], 0x0, 0x0, 0x0, 0x0, 0x0}) 2.275767727s ago: executing program 3 (id=18287): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') setgroups(0x1, &(0x7f0000000080)=[0x0]) read$msr(r0, &(0x7f0000000d40)=""/43, 0x2b) 2.227573242s ago: executing program 3 (id=18288): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x8, &(0x7f0000000000)=0xfffffffd, 0x4) getsockopt$inet6_tcp_buf(r0, 0x6, 0x8, 0x0, &(0x7f0000001040)) 2.068841277s ago: executing program 3 (id=18289): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0xc0041, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r0, 0x40384708, &(0x7f0000000040)={0x8, 0x7f, 0x2, 0xffffffff, 0x12, "3eccd25569100000000e00"}) 1.800354543s ago: executing program 3 (id=18290): capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4c3}) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$IOC_PR_RELEASE(r0, 0x401070ca, 0x0) 1.765959812s ago: executing program 3 (id=18291): setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000000)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@remote, 0x4e23, 0x6, 0x4e22, 0x0, 0x2, 0x20, 0x20, 0x1d}, {0x7, 0x7, 0x5, 0x95d, 0xfffffffffffffffb, 0x2, 0x0, 0x5c2}, {0xe, 0x5, 0xb1b}, 0x401, 0x0, 0x2, 0x1, 0x2, 0x2}, {{@in6=@empty, 0x4d4, 0x2a}, 0x39573c4e467c4e, @in=@loopback, 0x3502, 0x4, 0x0, 0x40, 0x9, 0x30, 0x7}}, 0xe8) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="280000002100010002000000000000000a00000000000001016200000c0018"], 0x28}], 0x1, 0x0, 0x0, 0x8000}, 0x0) 797.51511ms ago: executing program 7 (id=18292): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) capset(&(0x7f0000000080)={0x20080522}, &(0x7f00000000c0)={0x200000, 0x200000, 0x7}) setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f00000001c0)=0xfff, 0x4) 651.261869ms ago: executing program 7 (id=18293): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) connect$packet(r0, &(0x7f0000000200)={0x1f, 0xf8, 0x0, 0x1, 0xa, 0x6, @remote}, 0x14) ppoll(&(0x7f00000001c0)=[{r0, 0x4302}], 0x1, &(0x7f0000000240)={0x0, 0x989680}, 0x0, 0x0) 0s ago: executing program 3 (id=18294): io_setup(0x9, &(0x7f0000000000)=0x0) r1 = eventfd(0x0) io_submit(r0, 0x2, &(0x7f0000000040)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0xc2, r1, 0x0, 0x0, 0x36}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x3, 0x40, r1, 0x0, 0x0, 0x0, 0x0, 0x2}]) kernel console output (not intermixed with test programs): [ 1030.833730][ T5859] usb 2-1: USB disconnect, device number 89 [ 1031.961068][T10591] netlink: 16 bytes leftover after parsing attributes in process `syz.4.15193'. [ 1034.981477][ T4811] usb 2-1: new low-speed USB device number 90 using dummy_hcd [ 1035.144935][ T4811] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 1035.144969][ T4811] usb 2-1: config 0 has no interface number 0 [ 1035.145018][ T4811] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1035.145045][ T4811] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 1035.145075][ T4811] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 1035.145105][ T4811] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 1035.145135][ T4811] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 1035.145166][ T4811] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1035.145213][ T4811] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1035.145239][ T4811] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1035.218457][ T4811] usb 2-1: config 0 descriptor?? [ 1035.258866][T10666] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1035.260158][T10666] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1035.314867][ T4811] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 1035.651055][T10698] blktrace: Concurrent blktraces are not allowed on sg0 [ 1035.665399][ T4811] usb 2-1: USB disconnect, device number 90 [ 1035.700554][ T4811] ldusb 2-1:0.55: LD USB Device #0 now disconnected [ 1036.415475][T10730] blktrace: Concurrent blktraces are not allowed on sg0 [ 1037.474597][T10780] tmpfs: User quota inode hardlimit too large. [ 1040.145014][T10826] IPVS: ip_vs_edit_dest(): server weight less than zero [ 1041.454284][T10877] program syz.5.15300 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1042.431693][T10914] GUP no longer grows the stack in syz.4.15316 (10914): 200000005000-200000008000 (200000004000) [ 1042.431737][T10914] CPU: 0 UID: 0 PID: 10914 Comm: syz.4.15316 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1042.431770][T10914] Tainted: [L]=SOFTLOCKUP [ 1042.431779][T10914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1042.431793][T10914] Call Trace: [ 1042.431804][T10914] [ 1042.431814][T10914] dump_stack_lvl+0xe8/0x150 [ 1042.431851][T10914] fixup_user_fault+0x637/0x6f0 [ 1042.431896][T10914] fault_in_user_writeable+0x71/0xd0 [ 1042.431948][T10914] futex_lock_pi+0x816/0xb10 [ 1042.431991][T10914] ? __pfx_futex_lock_pi+0x10/0x10 [ 1042.432046][T10914] ? futex_private_hash_put+0x13b/0x170 [ 1042.432088][T10914] ? __pfx_futex_wake_mark+0x10/0x10 [ 1042.432143][T10914] ? __pfx_userfaultfd_unmap_complete+0x10/0x10 [ 1042.432190][T10914] do_futex+0x292/0x420 [ 1042.432221][T10914] ? __pfx_do_futex+0x10/0x10 [ 1042.432246][T10914] ? __vm_munmap+0x2e6/0x3d0 [ 1042.432286][T10914] __se_sys_futex+0x3a8/0x450 [ 1042.432318][T10914] ? __pfx___se_sys_futex+0x10/0x10 [ 1042.432344][T10914] ? rcu_is_watching+0x15/0xb0 [ 1042.432375][T10914] ? __x64_sys_futex+0x21/0xf0 [ 1042.432401][T10914] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1042.432428][T10914] do_syscall_64+0x15f/0xf80 [ 1042.432464][T10914] ? trace_irq_disable+0x3b/0x140 [ 1042.432500][T10914] ? clear_bhb_loop+0x40/0x90 [ 1042.432532][T10914] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1042.432557][T10914] RIP: 0033:0x7f23dcb1cdd9 [ 1042.432581][T10914] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1042.432602][T10914] RSP: 002b:00007f23dad6e028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1042.432629][T10914] RAX: ffffffffffffffda RBX: 00007f23dcd95fa0 RCX: 00007f23dcb1cdd9 [ 1042.432648][T10914] RDX: 00000000fffffffd RSI: 000000000000008d RDI: 0000200000004000 [ 1042.432666][T10914] RBP: 00007f23dcbb2d69 R08: 0000000000000000 R09: 0000000000000000 [ 1042.432683][T10914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1042.432698][T10914] R13: 00007f23dcd96038 R14: 00007f23dcd95fa0 R15: 00007fff5d8ef4d8 [ 1042.432735][T10914] [ 1042.474900][T10915] program syz.3.15315 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1043.015904][ T5698] hid-generic 0000:0000:0000.002A: hidraw0: HID v0.00 Device [syz1] on syz1 [ 1043.023127][T10932] netlink: 64 bytes leftover after parsing attributes in process `syz.3.15323'. [ 1043.023150][T10932] tipc: Invalid UDP bearer configuration [ 1043.023186][T10932] tipc: Enabling of bearer rejected, failed to enable media [ 1043.358538][T10938] fido_id[10938]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1044.794948][T11017] netlink: 56 bytes leftover after parsing attributes in process `syz.3.15351'. [ 1045.624631][T11060] netlink: 12 bytes leftover after parsing attributes in process `syz.5.15372'. [ 1045.624662][T11060] block nbd1: Unsupported socket: should be TCP or UNIX. [ 1046.012272][T11078] netlink: 64 bytes leftover after parsing attributes in process `syz.4.15379'. [ 1046.012299][T11078] tipc: Invalid UDP bearer configuration [ 1046.012341][T11078] tipc: Enabling of bearer rejected, failed to enable media [ 1046.279988][T11091] netlink: 104 bytes leftover after parsing attributes in process `syz.3.15385'. [ 1046.505133][T11103] tipc: Started in network mode [ 1046.505168][T11103] tipc: Node identity ac14140f, cluster identity 4711 [ 1046.597676][T11103] tipc: Enabling of bearer rejected, failed to enable media [ 1047.086419][T11129] IPVS: ip_vs_add_dest(): server weight less than zero [ 1047.301935][T11138] sg_write: data in/out 393189/418 bytes for SCSI command 0x0-- guessing data in; [ 1047.301935][T11138] program syz.1.15403 not setting count and/or reply_len properly [ 1047.733624][T11163] 9pnet_fd: p9_fd_create_tcp (11163): problem binding to privport [ 1047.849996][T11172] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.15415'. [ 1047.850027][T11172] openvswitch: netlink: Message has 4 unknown bytes. [ 1048.065826][ T5713] hid-generic 0000:0000:0000.002B: hidraw0: HID v0.00 Device [syz1] on syz1 [ 1048.083434][ T5698] usb 4-1: new high-speed USB device number 91 using dummy_hcd [ 1048.179420][T11183] fido_id[11183]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1048.266601][ T5698] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1048.266645][ T5698] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1048.266674][ T5698] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1048.266823][ T5698] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1048.266851][ T5698] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1048.324539][ T5698] usb 4-1: config 0 descriptor?? [ 1048.713548][T11210] netlink: 8 bytes leftover after parsing attributes in process `syz.1.15426'. [ 1048.758785][ T5698] plantronics 0003:047F:FFFF.002C: reserved main item tag 0xd [ 1048.875641][ T5698] plantronics 0003:047F:FFFF.002C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 1048.962035][ T5713] usb 4-1: USB disconnect, device number 91 [ 1049.012286][T11221] fido_id[11221]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory [ 1049.220802][T11244] xt_l2tp: unknown flags: ed [ 1049.669012][T11261] netlink: 'syz.1.15437': attribute type 1 has an invalid length. [ 1049.785810][T11264] sg_write: data in/out 393189/418 bytes for SCSI command 0x0-- guessing data in; [ 1049.785810][T11264] program syz.3.15440 not setting count and/or reply_len properly [ 1049.897236][T11272] 9pnet_fd: p9_fd_create_tcp (11272): problem binding to privport [ 1049.969220][T11274] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.15444'. [ 1049.969247][T11274] openvswitch: netlink: Message has 4 unknown bytes. [ 1050.146054][ T5698] kernel read not supported for file /video37 (pid: 5698 comm: kworker/1:4) [ 1050.171575][T11286] netlink: 'syz.5.15448': attribute type 12 has an invalid length. [ 1050.171602][T11286] netlink: 172 bytes leftover after parsing attributes in process `syz.5.15448'. [ 1050.509848][T11304] tipc: Started in network mode [ 1050.509871][T11304] tipc: Node identity ac14140f, cluster identity 4711 [ 1050.510458][T11304] tipc: Enabling of bearer rejected, failed to enable media [ 1050.918143][T11318] netlink: 16 bytes leftover after parsing attributes in process `syz.5.15461'. [ 1051.512058][ T4811] usb 4-1: new high-speed USB device number 92 using dummy_hcd [ 1051.598254][T11352] sg_write: data in/out 447452/210 bytes for SCSI command 0x0-- guessing data in; [ 1051.598254][T11352] program syz.5.15470 not setting count and/or reply_len properly [ 1051.661962][ T4811] usb 4-1: Using ep0 maxpacket: 8 [ 1051.670605][ T4811] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1051.672784][ T4811] usb 4-1: config 4 interface 0 has no altsetting 0 [ 1051.706696][ T4811] usb 4-1: string descriptor 0 read error: -22 [ 1051.706801][ T4811] usb 4-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 1051.706829][ T4811] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3 [ 1051.785085][ T4811] usb 4-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 1051.892081][T11363] netlink: 8 bytes leftover after parsing attributes in process `syz.5.15474'. [ 1051.974974][T11329] usb 4-1: dvb_usb_au6610: wlen=3, aborting [ 1051.984872][ T4811] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 1052.058874][ T4811] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 1052.058947][ T4811] usb 4-1: media controller created [ 1052.246432][T11378] netlink: 4 bytes leftover after parsing attributes in process `syz.4.15475'. [ 1052.307892][ T4811] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1052.387593][T11384] netlink: 'syz.1.15479': attribute type 12 has an invalid length. [ 1052.387617][T11384] netlink: 172 bytes leftover after parsing attributes in process `syz.1.15479'. [ 1052.607593][T11390] netlink: 'syz.5.15481': attribute type 3 has an invalid length. [ 1052.607616][T11390] netlink: 'syz.5.15481': attribute type 1 has an invalid length. [ 1052.607632][T11390] netlink: 224 bytes leftover after parsing attributes in process `syz.5.15481'. [ 1052.744503][ T4811] zl10353_read_register: readreg error (reg=127, ret==0) [ 1052.906398][ T5713] kernel read not supported for file /video37 (pid: 5713 comm: kworker/0:5) [ 1053.079304][ T4811] usb 4-1: USB disconnect, device number 92 [ 1053.490941][T11437] netlink: 32 bytes leftover after parsing attributes in process `syz.3.15501'. [ 1053.537170][T11440] netlink: 16 bytes leftover after parsing attributes in process `syz.4.15499'. [ 1054.184030][T11477] netlink: 4 bytes leftover after parsing attributes in process `syz.1.15515'. [ 1054.219061][T11479] netlink: 20 bytes leftover after parsing attributes in process `syz.3.15516'. [ 1054.219521][T11479] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0' [ 1054.301607][T25486] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 1054.408390][T11487] tmpfs: Cannot disable swap on remount [ 1054.451579][T25486] usb 6-1: Using ep0 maxpacket: 32 [ 1054.454169][T25486] usb 6-1: config 0 has no interfaces? [ 1054.468155][T25486] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 1054.468189][T25486] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1054.468213][T25486] usb 6-1: Product: syz [ 1054.468230][T25486] usb 6-1: Manufacturer: syz [ 1054.468246][T25486] usb 6-1: SerialNumber: syz [ 1054.507983][T25486] usb 6-1: config 0 descriptor?? [ 1054.676955][ T1336] aoe: packet could not be sent on ipvlan1. consider increasing tx_queue_len [ 1054.717989][ T5859] usb 6-1: USB disconnect, device number 5 [ 1054.812267][T25486] usb 2-1: new high-speed USB device number 91 using dummy_hcd [ 1054.965330][T25486] usb 2-1: config 0 has an invalid interface number: 50 but max is 0 [ 1054.965362][T25486] usb 2-1: config 0 has no interface number 0 [ 1054.965411][T25486] usb 2-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1054.968619][T25486] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 1054.968652][T25486] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1054.968676][T25486] usb 2-1: Product: syz [ 1054.968693][T25486] usb 2-1: Manufacturer: syz [ 1054.968710][T25486] usb 2-1: SerialNumber: syz [ 1055.036298][T25486] usb 2-1: config 0 descriptor?? [ 1055.084516][T25486] yurex 2-1:0.50: USB YUREX device now attached to Yurex #0 [ 1055.451678][T25486] usb 4-1: new high-speed USB device number 93 using dummy_hcd [ 1055.638277][T25486] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 1055.638393][T25486] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1055.638425][T25486] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1055.638451][T25486] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 1055.647592][T25486] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 1055.665237][T25486] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 1055.665268][T25486] usb 4-1: Manufacturer: syz [ 1055.725113][T25486] usb 4-1: config 0 descriptor?? [ 1056.272030][T25486] appleir 0003:05AC:8243.002D: item fetching failed at offset 0/1 [ 1056.273361][T25486] appleir 0003:05AC:8243.002D: parse failed [ 1056.273538][T25486] appleir 0003:05AC:8243.002D: probe with driver appleir failed with error -22 [ 1056.406875][ T4811] usb 4-1: USB disconnect, device number 93 [ 1057.334506][T11591] netlink: 12 bytes leftover after parsing attributes in process `syz.4.15555'. [ 1057.369269][T11593] netlink: 16 bytes leftover after parsing attributes in process `syz.5.15548'. [ 1057.396278][ C1] usb 2-1: yurex_control_callback - control failed: -2 [ 1057.415946][ T4811] usb 2-1: USB disconnect, device number 91 [ 1057.439374][ T4811] yurex 2-1:0.50: USB YUREX #0 now disconnected [ 1059.520259][T11704] netlink: 12 bytes leftover after parsing attributes in process `syz.3.15584'. [ 1061.737750][T11780] netlink: 32 bytes leftover after parsing attributes in process `syz.5.15612'. [ 1063.440460][T11869] CIFS: Unable to determine destination address [ 1063.661766][T25486] usb 2-1: new high-speed USB device number 92 using dummy_hcd [ 1063.815203][T25486] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1063.815241][T25486] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1063.830415][T25486] usb 2-1: config 0 descriptor?? [ 1063.834360][ T5859] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 1063.951642][ T6029] Bluetooth: hci2: command tx timeout [ 1063.977978][T11894] vivid-008: disconnect [ 1063.982022][T11893] vivid-008: reconnect [ 1064.025928][ T5859] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1064.025960][ T5859] usb 6-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00 [ 1064.025978][ T5859] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1064.075353][ T5859] usb 6-1: config 0 descriptor?? [ 1064.107363][T25486] udl 2-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 1064.107867][T25486] [drm:udl_init] *ERROR* Selecting channel failed [ 1064.512141][ T5859] hid_parser_main: 477 callbacks suppressed [ 1064.512171][ T5859] ryos 0003:1E7D:31CE.002E: unknown main item tag 0x0 [ 1064.512205][ T5859] ryos 0003:1E7D:31CE.002E: unknown main item tag 0x0 [ 1064.512232][ T5859] ryos 0003:1E7D:31CE.002E: unknown main item tag 0x0 [ 1064.512261][ T5859] ryos 0003:1E7D:31CE.002E: unknown main item tag 0x0 [ 1064.512290][ T5859] ryos 0003:1E7D:31CE.002E: unknown main item tag 0x0 [ 1064.512319][ T5859] ryos 0003:1E7D:31CE.002E: unknown main item tag 0x0 [ 1064.512346][ T5859] ryos 0003:1E7D:31CE.002E: unknown main item tag 0x0 [ 1064.512372][ T5859] ryos 0003:1E7D:31CE.002E: unknown main item tag 0x0 [ 1064.512400][ T5859] ryos 0003:1E7D:31CE.002E: unknown main item tag 0x0 [ 1064.512428][ T5859] ryos 0003:1E7D:31CE.002E: unknown main item tag 0x0 [ 1064.791542][ T5859] ryos 0003:1E7D:31CE.002E: hidraw0: USB HID v0.00 Device [HID 1e7d:31ce] on usb-dummy_hcd.5-1/input0 [ 1064.871441][ T5859] usb 6-1: USB disconnect, device number 6 [ 1065.034744][T11924] fido_id[11924]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/6-1/report_descriptor': No such file or directory [ 1065.406273][T11939] netlink: 256 bytes leftover after parsing attributes in process `syz.5.15663'. [ 1065.406301][T11939] netlink: 24 bytes leftover after parsing attributes in process `syz.5.15663'. [ 1065.483930][T25486] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 2 [ 1065.483996][T25486] [drm] Initialized udl on minor 2 [ 1065.642119][T25486] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1065.796983][T25486] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 1065.970100][T11956] CIFS: Unable to determine destination address [ 1066.017439][T25486] usb 2-1: USB disconnect, device number 92 [ 1066.201573][ T5713] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 1066.373760][ T5713] usb 6-1: config 0 has an invalid interface number: 50 but max is 0 [ 1066.373792][ T5713] usb 6-1: config 0 has no interface number 0 [ 1066.373840][ T5713] usb 6-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1066.378038][ T5713] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 1066.378067][ T5713] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1066.378087][ T5713] usb 6-1: Product: syz [ 1066.378101][ T5713] usb 6-1: Manufacturer: syz [ 1066.378115][ T5713] usb 6-1: SerialNumber: syz [ 1066.467597][ T5713] usb 6-1: config 0 descriptor?? [ 1066.529177][T11980] vivid-002: disconnect [ 1066.546954][ T5713] yurex 6-1:0.50: USB YUREX device now attached to Yurex #0 [ 1066.561537][T11977] vivid-002: reconnect [ 1068.751807][ C0] usb 6-1: yurex_control_callback - control failed: -2 [ 1068.757096][ T5859] usb 6-1: USB disconnect, device number 7 [ 1068.819806][ T5859] yurex 6-1:0.50: USB YUREX #0 now disconnected [ 1069.181680][T12074] netlink: 40 bytes leftover after parsing attributes in process `syz.3.15713'. [ 1069.183060][T12074] netlink: 40 bytes leftover after parsing attributes in process `syz.3.15713'. [ 1069.596619][T12096] sg_write: data in/out 430556/144 bytes for SCSI command 0x0-- guessing data in; [ 1069.596619][T12096] program syz.4.15720 not setting count and/or reply_len properly [ 1069.673250][T12099] program syz.1.15723 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1069.832694][T12108] usb usb7: usbfs: process 12108 (syz.1.15728) did not claim interface 0 before use [ 1070.501211][ T37] kauditd_printk_skb: 5 callbacks suppressed [ 1070.501426][ T37] audit: type=1326 audit(56184.056:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12098 comm="syz.3.15724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49ec1acdd9 code=0x7fc00000 [ 1070.537394][T12143] comedi comedi3: 8255: I/O base address not correctly aligned [ 1071.356115][T12186] tipc: Started in network mode [ 1071.356152][T12186] tipc: Node identity aaaaaaaaaa41, cluster identity 4711 [ 1071.396908][T12186] tipc: Enabled bearer , priority 10 [ 1071.637520][T12200] sg_write: data in/out 430556/144 bytes for SCSI command 0x0-- guessing data in; [ 1071.637520][T12200] program syz.3.15752 not setting count and/or reply_len properly [ 1071.680906][T12203] netlink: 40 bytes leftover after parsing attributes in process `syz.1.15753'. [ 1071.697293][T12203] netlink: 40 bytes leftover after parsing attributes in process `syz.1.15753'. [ 1072.243761][T12228] netlink: 4 bytes leftover after parsing attributes in process `syz.5.15760'. [ 1072.243826][T12228] tipc: Enabling of bearer rejected, failed to enable media [ 1072.426856][T12235] netlink: 184 bytes leftover after parsing attributes in process `syz.1.15764'. [ 1072.488753][ T5713] tipc: Node number set to 15444650 [ 1072.610304][T12244] netlink: 40 bytes leftover after parsing attributes in process `syz.1.15766'. [ 1072.771799][T12244] netlink: 40 bytes leftover after parsing attributes in process `syz.1.15766'. [ 1073.163102][T12275] netlink: 8 bytes leftover after parsing attributes in process `syz.5.15773'. [ 1074.221586][ T9] usb 2-1: new high-speed USB device number 93 using dummy_hcd [ 1074.372605][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 1074.375514][ T9] usb 2-1: config index 0 descriptor too short (expected 30, got 18) [ 1074.379594][ T9] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 1074.379626][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1074.379650][ T9] usb 2-1: Product: syz [ 1074.379668][ T9] usb 2-1: Manufacturer: syz [ 1074.379685][ T9] usb 2-1: SerialNumber: syz [ 1074.438715][ T9] usb 2-1: config 0 descriptor?? [ 1074.451458][ T9] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 1074.451510][ T9] usb 2-1: setting power ON [ 1074.451532][ T9] dvb-usb: bulk message failed: -22 (2/0) [ 1074.484602][ T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1074.485408][ T9] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 1074.485470][ T9] usb 2-1: media controller created [ 1074.528639][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1074.574374][ T9] usb 2-1: selecting invalid altsetting 6 [ 1074.574402][ T9] usb 2-1: digital interface selection failed (-22) [ 1074.574418][ T9] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 1074.575309][ T9] usb 2-1: setting power OFF [ 1074.575334][ T9] dvb-usb: bulk message failed: -22 (2/0) [ 1074.575353][ T9] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 1074.575368][ T9] (NULL device *): no alternate interface [ 1074.678379][T12305] dvb-usb: bulk message failed: -22 (3/0) [ 1074.678405][T12305] cxusb: i2c wr: len=79 is too big! [ 1074.678405][T12305] [ 1074.810345][ T9] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 1074.837006][ T9] usb 2-1: USB disconnect, device number 93 [ 1075.075356][ T37] audit: type=1326 audit(56188.636:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12358 comm="syz.3.15796" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f49ec1acdd9 code=0x0 [ 1075.564925][T12375] option changes via remount are deprecated (pid=12374 comm=syz.1.15802) [ 1075.978310][T12387] netlink: 24 bytes leftover after parsing attributes in process `syz.4.15807'. [ 1077.051964][ T4811] usb 2-1: new high-speed USB device number 94 using dummy_hcd [ 1077.140745][T12448] netlink: 8 bytes leftover after parsing attributes in process `syz.4.15829'. [ 1077.215475][ T4811] usb 2-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33 [ 1077.215513][ T4811] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1077.243844][ T4811] usb 2-1: config 0 descriptor?? [ 1077.261861][ T4811] gspca_main: sunplus-2.14.0 probing 055f:c420 [ 1077.815879][T12473] program syz.5.15839 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1077.921578][ T4811] gspca_sunplus: reg_w_riv err -71 [ 1077.921705][ T4811] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 1077.949996][ T4811] usb 2-1: USB disconnect, device number 94 [ 1078.162369][T12489] netdevsim netdevsim4: Firmware load for '../file0' refused, path contains '..' component [ 1078.343948][T12497] netlink: 4 bytes leftover after parsing attributes in process `syz.4.15845'. [ 1078.854723][T12525] netlink: 12 bytes leftover after parsing attributes in process `syz.3.15859'. [ 1079.013991][T12532] netlink: 24 bytes leftover after parsing attributes in process `syz.3.15863'. [ 1079.094004][T12537] netlink: 'syz.1.15866': attribute type 1 has an invalid length. [ 1079.094031][T12537] netlink: 4 bytes leftover after parsing attributes in process `syz.1.15866'. [ 1080.544548][T12604] netlink: 4 bytes leftover after parsing attributes in process `syz.1.15895'. [ 1080.598065][T12605] netlink: 8 bytes leftover after parsing attributes in process `syz.3.15896'. [ 1080.780533][T12612] netlink: 'syz.4.15899': attribute type 1 has an invalid length. [ 1080.780559][T12612] netlink: 4 bytes leftover after parsing attributes in process `syz.4.15899'. [ 1080.890532][T12621] x_tables: ip6_tables: quota.0 match: invalid size 24 (kernel) != (user) 144 [ 1081.171715][ T9] usb 2-1: new high-speed USB device number 95 using dummy_hcd [ 1081.268844][T12636] netlink: 12 bytes leftover after parsing attributes in process `syz.5.15908'. [ 1081.321862][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 1081.324805][ T9] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1081.324834][ T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1081.324859][ T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1081.362284][ T9] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1081.362329][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1081.362353][ T9] usb 2-1: Product: syz [ 1081.362371][ T9] usb 2-1: Manufacturer: syz [ 1081.362388][ T9] usb 2-1: SerialNumber: syz [ 1081.432443][ T9] usb 2-1: 0:2 : does not exist [ 1082.263381][ T9] usb 2-1: USB disconnect, device number 95 [ 1082.395922][ T5262] udevd[5262]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1082.578958][T12687] Option ' ' to dns_resolver key: bad/missing value [ 1082.881000][T12702] program syz.3.15927 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1082.988377][T12708] netlink: 8 bytes leftover after parsing attributes in process `syz.1.15937'. [ 1084.103506][ T9] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 1084.265982][ T9] usb 6-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33 [ 1084.266019][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1084.315053][ T9] usb 6-1: config 0 descriptor?? [ 1084.332602][ T9] gspca_main: sunplus-2.14.0 probing 055f:c420 [ 1084.419187][T12776] Option ' ' to dns_resolver key: bad/missing value [ 1084.945778][ T9] gspca_sunplus: reg_w_riv err -71 [ 1084.945878][ T9] sunplus 6-1:0.0: probe with driver sunplus failed with error -71 [ 1085.005027][ T9] usb 6-1: USB disconnect, device number 8 [ 1086.287101][ T9] usb 6-1: new low-speed USB device number 9 using dummy_hcd [ 1086.464659][ T9] usb 6-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1086.464701][ T9] usb 6-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1086.464734][ T9] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1086.464772][ T9] usb 6-1: New USB device found, idVendor=1b1c, idProduct=0a18, bcdDevice= 0.00 [ 1086.464800][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1086.582117][ T9] usb 6-1: config 0 descriptor?? [ 1087.022753][ T9] hid_parser_main: 28 callbacks suppressed [ 1087.022784][ T9] hid-corsair-void 0003:1B1C:0A18.002F: unknown main item tag 0x0 [ 1087.022818][ T9] hid-corsair-void 0003:1B1C:0A18.002F: unknown main item tag 0x0 [ 1087.022848][ T9] hid-corsair-void 0003:1B1C:0A18.002F: unknown main item tag 0x0 [ 1087.022879][ T9] hid-corsair-void 0003:1B1C:0A18.002F: unknown main item tag 0x0 [ 1087.022909][ T9] hid-corsair-void 0003:1B1C:0A18.002F: unknown main item tag 0x0 [ 1087.022939][ T9] hid-corsair-void 0003:1B1C:0A18.002F: unknown main item tag 0x0 [ 1087.022969][ T9] hid-corsair-void 0003:1B1C:0A18.002F: unknown main item tag 0x0 [ 1087.022998][ T9] hid-corsair-void 0003:1B1C:0A18.002F: unknown main item tag 0x0 [ 1087.023029][ T9] hid-corsair-void 0003:1B1C:0A18.002F: unknown main item tag 0x0 [ 1087.023058][ T9] hid-corsair-void 0003:1B1C:0A18.002F: unknown main item tag 0x0 [ 1087.053073][ T9] hid-corsair-void 0003:1B1C:0A18.002F: hidraw0: USB HID vff.f8 Device [HID 1b1c:0a18] on usb-dummy_hcd.5-1/input0 [ 1087.303725][ T9] usb 6-1: USB disconnect, device number 9 [ 1087.350704][ T4811] hid-corsair-void 0003:1B1C:0A18.002F: failed to request firmware (reason: -71) [ 1087.390879][ T5713] hid-corsair-void 0003:1B1C:0A18.002F: failed to request battery (reason: -71) [ 1087.425006][T12871] fido_id[12871]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/6-1/report_descriptor': No such file or directory [ 1087.935427][T12906] tmpfs: Bad value for 'nr_inodes' [ 1088.794601][T12953] tipc: Enabling of bearer rejected, failed to enable media [ 1089.222250][T12973] netlink: 'syz.4.16027': attribute type 1 has an invalid length. [ 1089.222277][T12973] nbd: error processing sock list [ 1089.449239][T12984] tipc: Enabling of bearer rejected, media not registered [ 1089.597926][T12999] netlink: 12 bytes leftover after parsing attributes in process `syz.4.16035'. [ 1089.661467][ T9] usb 4-1: new high-speed USB device number 94 using dummy_hcd [ 1089.741452][ T5859] usb 2-1: new high-speed USB device number 96 using dummy_hcd [ 1089.823978][ T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 1089.824028][ T9] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 1089.824058][ T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121 [ 1089.827065][ T9] usb 4-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 1089.827101][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1089.827125][ T9] usb 4-1: Product: syz [ 1089.827143][ T9] usb 4-1: Manufacturer: syz [ 1089.827160][ T9] usb 4-1: SerialNumber: syz [ 1089.911494][ T5859] usb 2-1: Using ep0 maxpacket: 32 [ 1089.917056][ T9] usb 4-1: config 0 descriptor?? [ 1089.928672][T12985] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1089.940940][T12985] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1089.952366][ T5859] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1089.952408][ T5859] usb 2-1: New USB device found, idVendor=044f, idProduct=b323, bcdDevice= 0.00 [ 1089.952430][ T5859] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1090.005979][ T9] usb 4-1: ucan: probing device on interface #0 [ 1090.009155][ T5859] usb 2-1: config 0 descriptor?? [ 1090.230913][ T9] usb 4-1: ucan: device protocol version 21384 is not supported [ 1090.230947][ T9] usb 4-1: ucan: probe failed; try to update the device firmware [ 1090.453015][T11929] usb 4-1: USB disconnect, device number 94 [ 1090.575168][ T5859] thrustmaster 0003:044F:B323.0030: hidraw0: USB HID v0.00 Device [HID 044f:b323] on usb-dummy_hcd.1-1/input0 [ 1090.575278][ T5859] thrustmaster 0003:044F:B323.0030: no inputs found [ 1090.689450][ T9] usb 2-1: USB disconnect, device number 96 [ 1090.773702][T13042] fido_id[13042]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 1091.691143][T13101] tipc: Enabling of bearer rejected, failed to enable media [ 1092.411472][ T9] usb 2-1: new high-speed USB device number 97 using dummy_hcd [ 1092.574888][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 1092.576999][ T9] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 1092.577033][ T9] usb 2-1: config 0 has no interface number 0 [ 1092.580878][ T9] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1092.580903][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1092.580919][ T9] usb 2-1: Product: syz [ 1092.580931][ T9] usb 2-1: Manufacturer: syz [ 1092.580942][ T9] usb 2-1: SerialNumber: syz [ 1092.639630][ T9] usb 2-1: config 0 descriptor?? [ 1092.666321][ T9] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1092.739278][T13142] netlink: 16 bytes leftover after parsing attributes in process `syz.3.16077'. [ 1092.883891][ T9] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 1093.056447][ C0] quatech-serial ttyUSB0: qt2_process_read_urb - status message too short [ 1093.124908][ T9] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1093.259327][ C0] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1093.272217][ T9] usb 2-1: USB disconnect, device number 97 [ 1093.320653][ T9] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 1093.406176][ T9] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1093.414790][ T9] quatech2 2-1:0.51: device disconnected [ 1094.109896][T13217] tmpfs: Cannot enable quota on remount [ 1094.211580][ T5596] usb 2-1: new high-speed USB device number 98 using dummy_hcd [ 1094.367883][ T5596] usb 2-1: config 127 has an invalid interface number: 84 but max is 0 [ 1094.367921][ T5596] usb 2-1: config 127 has no interface number 0 [ 1094.388215][ T5596] usb 2-1: New USB device found, idVendor=040a, idProduct=0002, bcdDevice=9c.e5 [ 1094.388241][ T5596] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1094.388257][ T5596] usb 2-1: Product: syz [ 1094.388268][ T5596] usb 2-1: Manufacturer: syz [ 1094.388279][ T5596] usb 2-1: SerialNumber: syz [ 1094.643648][T13240] sg_write: data in/out 438748/176 bytes for SCSI command 0x0-- guessing data in; [ 1094.643648][T13240] program syz.4.16105 not setting count and/or reply_len properly [ 1094.682121][ T5596] gspca_main: spca501-2.14.0 probing 040a:0002 [ 1095.060303][ T5596] gspca_spca501: reg write: error -71 [ 1095.060322][ T5596] spca501 2-1:127.84: Reg write failed for 0x00,0x02,0x01 [ 1095.060419][ T5596] spca501 2-1:127.84: probe with driver spca501 failed with error -22 [ 1095.094391][ T5596] usb 2-1: USB disconnect, device number 98 [ 1095.491236][T13285] bpf: Bad value for 'gid' [ 1097.567664][T11929] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 1097.714897][T11929] usb 6-1: Using ep0 maxpacket: 32 [ 1097.717998][T11929] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1097.718036][T11929] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1097.722046][T11929] usb 6-1: New USB device found, idVendor=046d, idProduct=0002, bcdDevice= 0.40 [ 1097.722080][T11929] usb 6-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 1097.722105][T11929] usb 6-1: Product: syz [ 1097.722121][T11929] usb 6-1: Manufacturer: syz [ 1097.796544][T11929] hub 6-1:4.0: USB hub found [ 1098.022456][T11929] hub 6-1:4.0: 8 ports detected [ 1098.023280][T11929] hub 6-1:4.0: insufficient power available to use all downstream ports [ 1098.218355][T11929] hub 6-1:4.0: hub_hub_status failed (err = -71) [ 1098.218386][T11929] hub 6-1:4.0: config failed, can't get hub status (err -71) [ 1098.269705][T11929] usb 6-1: USB disconnect, device number 10 [ 1099.223757][ T5859] usb 4-1: new high-speed USB device number 95 using dummy_hcd [ 1099.405101][ T5859] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 1099.405136][ T5859] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1099.405167][ T5859] usb 4-1: Product: syz [ 1099.405183][ T5859] usb 4-1: Manufacturer: syz [ 1099.405199][ T5859] usb 4-1: SerialNumber: syz [ 1099.448593][ T5859] usb 4-1: config 0 descriptor?? [ 1099.477412][ T5859] ch341 4-1:0.0: ch341-uart converter detected [ 1099.676154][T13474] netlink: 'syz.5.16185': attribute type 21 has an invalid length. [ 1100.003964][ T37] audit: type=1326 audit(56213.691:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13488 comm="syz.4.16191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23dcb1cdd9 code=0x7ffc0000 [ 1100.021880][ T37] audit: type=1326 audit(56213.691:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13488 comm="syz.4.16191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23dcb1cdd9 code=0x7ffc0000 [ 1100.027766][ T37] audit: type=1326 audit(56213.721:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13488 comm="syz.4.16191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f23dcb1cdd9 code=0x7ffc0000 [ 1100.028201][ T37] audit: type=1326 audit(56213.721:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13488 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23dcb1cdd9 code=0x7ffc0000 [ 1100.029274][ T37] audit: type=1326 audit(56213.721:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13488 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23dcb1cdd9 code=0x7ffc0000 [ 1100.030362][ T37] audit: type=1326 audit(56213.721:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13488 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f23dcb1cdd9 code=0x7ffc0000 [ 1100.030982][ T37] audit: type=1326 audit(56213.721:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13488 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23dcb1cdd9 code=0x7ffc0000 [ 1100.066066][ T5859] usb 4-1: failed to send control message: -71 [ 1100.066132][ T5859] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 1100.186182][ T5859] usb 4-1: USB disconnect, device number 95 [ 1100.297138][ T5859] ch341 4-1:0.0: device disconnected [ 1100.426098][ T37] audit: type=1326 audit(56214.131:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13506 comm="syz.5.16194" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f928d03cdd9 code=0x0 [ 1100.547349][T13512] blktrace: Concurrent blktraces are not allowed on loop4 [ 1101.822896][T13570] netlink: 60 bytes leftover after parsing attributes in process `syz.1.16220'. [ 1101.824915][T13570] netlink: 60 bytes leftover after parsing attributes in process `syz.1.16220'. [ 1102.009946][ T5596] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 1102.166485][ T5596] usb 6-1: Using ep0 maxpacket: 16 [ 1102.170673][ T5596] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1102.170713][ T5596] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1102.170760][ T5596] usb 6-1: New USB device found, idVendor=5543, idProduct=0005, bcdDevice= 0.00 [ 1102.170787][ T5596] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1102.236917][ T5596] usb 6-1: config 0 descriptor?? [ 1102.401761][ T5713] usb 4-1: new high-speed USB device number 96 using dummy_hcd [ 1102.548908][ T5713] usb 4-1: Using ep0 maxpacket: 8 [ 1102.553888][ T5713] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1102.557217][ T5713] usb 4-1: config 4 interface 0 has no altsetting 0 [ 1102.581819][ T5713] usb 4-1: string descriptor 0 read error: -22 [ 1102.581925][ T5713] usb 4-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 1102.581954][ T5713] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3 [ 1102.636243][ T5713] usb 4-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 1102.688998][ T5596] hid_parser_main: 70 callbacks suppressed [ 1102.689025][ T5596] uclogic 0003:5543:0005.0031: unknown main item tag 0x0 [ 1102.689057][ T5596] uclogic 0003:5543:0005.0031: unknown main item tag 0x0 [ 1102.689085][ T5596] uclogic 0003:5543:0005.0031: unknown main item tag 0x0 [ 1102.689113][ T5596] uclogic 0003:5543:0005.0031: unknown main item tag 0x0 [ 1102.689139][ T5596] uclogic 0003:5543:0005.0031: unknown main item tag 0x0 [ 1102.689167][ T5596] uclogic 0003:5543:0005.0031: unknown main item tag 0x0 [ 1102.689195][ T5596] uclogic 0003:5543:0005.0031: unknown main item tag 0x0 [ 1102.689223][ T5596] uclogic 0003:5543:0005.0031: unknown main item tag 0x0 [ 1102.689252][ T5596] uclogic 0003:5543:0005.0031: unknown main item tag 0x0 [ 1102.689280][ T5596] uclogic 0003:5543:0005.0031: unknown main item tag 0x0 [ 1102.799387][ T5596] uclogic 0003:5543:0005.0031: hidraw0: USB HID v0.05 Device [HID 5543:0005] on usb-dummy_hcd.5-1/input0 [ 1102.876325][ T9] usb 6-1: USB disconnect, device number 11 [ 1103.034020][ T5713] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 1103.034416][ T5713] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 1103.034468][ T5713] usb 4-1: media controller created [ 1103.139592][T13607] fido_id[13607]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 1103.282827][ T5713] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1103.392405][ T5713] zl10353_read_register: readreg error (reg=127, ret==0) [ 1103.596181][ T5713] usb 4-1: USB disconnect, device number 96 [ 1103.660220][T13644] xt_policy: too many policy elements [ 1104.205488][T13679] fuse: Bad value for 'group_id' [ 1104.205506][T13679] fuse: Bad value for 'group_id' [ 1104.334055][T13688] netlink: 8 bytes leftover after parsing attributes in process `syz.1.16252'. [ 1104.884249][T13718] program syz.1.16263 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1105.032598][ T5713] usb 4-1: new high-speed USB device number 97 using dummy_hcd [ 1105.190219][ T5713] usb 4-1: Using ep0 maxpacket: 16 [ 1105.192473][ T5713] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1105.192510][ T5713] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1105.192540][ T5713] usb 4-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 1105.192557][ T5713] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1105.201742][ T5713] usb 4-1: config 0 descriptor?? [ 1105.283211][ T9] usb 2-1: new high-speed USB device number 99 using dummy_hcd [ 1105.435637][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 1105.438686][ T9] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 1105.438723][ T9] usb 2-1: config 0 has no interface number 0 [ 1105.441322][ T9] usb 2-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8 [ 1105.441346][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1105.441406][ T9] usb 2-1: Product: syz [ 1105.441417][ T9] usb 2-1: Manufacturer: syz [ 1105.441428][ T9] usb 2-1: SerialNumber: syz [ 1105.528240][ T9] usb 2-1: config 0 descriptor?? [ 1105.569931][ T9] usb 2-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 1105.569955][ T9] usb 2-1: selecting invalid altsetting 1 [ 1105.569967][ T9] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 1105.677006][ T9] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 1105.677447][ T9] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 1105.677537][ T9] usb 2-1: media controller created [ 1105.837073][ T5713] hid-multitouch 0003:1FD2:6007.0032: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.3-1/input0 [ 1105.875067][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1106.067486][ T5713] usb 4-1: USB disconnect, device number 97 [ 1106.826937][T13725] usb 2-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 1106.843864][ T9] usb 2-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 1106.843924][ T9] zl10353_read_register: readreg error (reg=127, ret==-71) [ 1106.844572][ T9] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 1107.114932][ T9] usb 2-1: USB disconnect, device number 99 [ 1107.924760][T13837] sg_write: data in/out 414684/82 bytes for SCSI command 0x0-- guessing data in; [ 1107.924760][T13837] program syz.1.16291 not setting count and/or reply_len properly [ 1108.182693][T13851] netlink: 'syz.3.16297': attribute type 29 has an invalid length. [ 1108.215098][T13851] netlink: 'syz.3.16297': attribute type 29 has an invalid length. [ 1108.595954][T13868] netlink: 'syz.5.16305': attribute type 1 has an invalid length. [ 1108.595981][T13868] netlink: 'syz.5.16305': attribute type 2 has an invalid length. [ 1109.394751][T13899] program syz.4.16318 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1109.670519][T13918] tmpfs: Bad value for 'nr_inodes' [ 1109.802731][ T5859] usb 4-1: new full-speed USB device number 98 using dummy_hcd [ 1109.953354][ T5859] usb 4-1: config 0 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1109.953392][ T5859] usb 4-1: config 0 interface 0 altsetting 7 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1109.953418][ T5859] usb 4-1: config 0 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1109.953448][ T5859] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1109.953484][ T5859] usb 4-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 1109.953517][ T5859] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1110.041216][ T5859] usb 4-1: config 0 descriptor?? [ 1110.463941][ T5859] holtek 0003:1241:5015.0033: item fetching failed at offset 0/5 [ 1110.475308][ T5859] holtek 0003:1241:5015.0033: parse failed [ 1110.475393][ T5859] holtek 0003:1241:5015.0033: probe with driver holtek failed with error -22 [ 1110.667036][ T5713] usb 4-1: USB disconnect, device number 98 [ 1111.742067][T14000] netlink: 12 bytes leftover after parsing attributes in process `syz.3.16350'. [ 1111.858543][ T5713] usb 2-1: new low-speed USB device number 100 using dummy_hcd [ 1112.008882][ T5713] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1112.008910][ T5713] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 16, setting to 8 [ 1112.008931][ T5713] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1112.008964][ T5713] usb 2-1: New USB device found, idVendor=0810, idProduct=0001, bcdDevice= 0.00 [ 1112.008982][ T5713] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1112.014541][ T5713] usb 2-1: config 0 descriptor?? [ 1112.015512][T13993] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 1112.436216][ T5713] hid_parser_main: 30 callbacks suppressed [ 1112.436235][ T5713] pantherlord 0003:0810:0001.0034: unknown main item tag 0x0 [ 1112.436259][ T5713] pantherlord 0003:0810:0001.0034: unknown main item tag 0x0 [ 1112.436279][ T5713] pantherlord 0003:0810:0001.0034: unknown main item tag 0x0 [ 1112.436299][ T5713] pantherlord 0003:0810:0001.0034: unknown main item tag 0x0 [ 1112.436318][ T5713] pantherlord 0003:0810:0001.0034: unknown main item tag 0x0 [ 1112.436338][ T5713] pantherlord 0003:0810:0001.0034: unknown main item tag 0x0 [ 1112.436357][ T5713] pantherlord 0003:0810:0001.0034: unknown main item tag 0x0 [ 1112.436376][ T5713] pantherlord 0003:0810:0001.0034: unknown main item tag 0x0 [ 1112.436395][ T5713] pantherlord 0003:0810:0001.0034: unknown main item tag 0x0 [ 1112.436414][ T5713] pantherlord 0003:0810:0001.0034: unknown main item tag 0x0 [ 1112.480252][ T5713] pantherlord 0003:0810:0001.0034: hidraw0: USB HID vff.ff Device [HID 0810:0001] on usb-dummy_hcd.1-1/input0 [ 1112.480417][ T5713] pantherlord 0003:0810:0001.0034: no output reports found [ 1112.709805][ T5713] usb 2-1: USB disconnect, device number 100 [ 1112.717437][T14019] tipc: Enabling of bearer rejected, failed to enable media [ 1112.756679][T14012] fido_id[14012]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 1114.135229][ T5713] usb 2-1: new high-speed USB device number 101 using dummy_hcd [ 1114.303583][ T5713] usb 2-1: Using ep0 maxpacket: 16 [ 1114.308150][ T5713] usb 2-1: New USB device found, idVendor=041e, idProduct=4018, bcdDevice=ed.b4 [ 1114.308183][ T5713] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1114.308207][ T5713] usb 2-1: Product: syz [ 1114.308224][ T5713] usb 2-1: Manufacturer: syz [ 1114.308235][ T5713] usb 2-1: SerialNumber: syz [ 1114.322524][ T5713] usb 2-1: config 0 descriptor?? [ 1114.369378][ T5713] gspca_main: spca508-2.14.0 probing 041e:4018 [ 1114.501143][T14114] netlink: 'syz.3.16385': attribute type 1 has an invalid length. [ 1114.501168][T14114] netlink: 16098 bytes leftover after parsing attributes in process `syz.3.16385'. [ 1114.582274][ T5713] gspca_spca508: reg_read err -32 [ 1114.782997][ T5713] gspca_spca508: reg_read err -71 [ 1114.783771][ T5713] gspca_spca508: reg_read err -71 [ 1114.784634][ T5713] gspca_spca508: reg_read err -71 [ 1114.785196][ T5713] gspca_spca508: reg write: error -71 [ 1114.785296][ T5713] spca508 2-1:0.0: probe with driver spca508 failed with error -71 [ 1114.864170][ T5713] usb 2-1: USB disconnect, device number 101 [ 1115.046409][T14140] netlink: 16 bytes leftover after parsing attributes in process `syz.5.16391'. [ 1115.763357][ T1336] aoe: packet could not be sent on ipvlan1. consider increasing tx_queue_len [ 1115.779364][T18118] wlan1: Trigger new scan to find an IBSS to join [ 1116.100943][T14193] netlink: 4 bytes leftover after parsing attributes in process `syz.3.16414'. [ 1116.256450][ T9] usb 2-1: new high-speed USB device number 102 using dummy_hcd [ 1116.362075][T14202] genirq: Flags mismatch irq 4. 00202000 (pcl818) vs. 00202080 (ttyS0) [ 1116.421448][ T9] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 130, using maximum allowed: 30 [ 1116.421499][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1116.421530][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1116.421555][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 130 [ 1116.421668][ T9] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1b3e, bcdDevice= 0.00 [ 1116.421695][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1116.518224][ T9] usb 2-1: config 0 descriptor?? [ 1116.972063][T14223] netlink: 12 bytes leftover after parsing attributes in process `syz.5.16424'. [ 1116.974984][ T9] corsair 0003:1B1C:1B3E.0035: failed to start in urb: -90 [ 1117.048399][ T9] corsair 0003:1B1C:1B3E.0035: hidraw0: USB HID v6f.fd Device [HID 1b1c:1b3e] on usb-dummy_hcd.1-1/input0 [ 1117.141387][T11929] usb 2-1: USB disconnect, device number 102 [ 1117.266751][T14235] fido_id[14235]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 1117.863855][ T5596] usb 4-1: new high-speed USB device number 99 using dummy_hcd [ 1118.012741][ T5596] usb 4-1: Using ep0 maxpacket: 32 [ 1118.015388][ T5596] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1118.015431][ T5596] usb 4-1: New USB device found, idVendor=044f, idProduct=b323, bcdDevice= 0.00 [ 1118.015457][ T5596] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1118.053403][ T5596] usb 4-1: config 0 descriptor?? [ 1118.358406][ T9] kernel write not supported for file /input/mouse0 (pid: 9 comm: kworker/0:0) [ 1118.490075][ T5596] hid_parser_main: 262 callbacks suppressed [ 1118.490103][ T5596] thrustmaster 0003:044F:B323.0036: unknown main item tag 0x0 [ 1118.490138][ T5596] thrustmaster 0003:044F:B323.0036: unknown main item tag 0x0 [ 1118.490168][ T5596] thrustmaster 0003:044F:B323.0036: unknown main item tag 0x0 [ 1118.490198][ T5596] thrustmaster 0003:044F:B323.0036: unknown main item tag 0x0 [ 1118.490227][ T5596] thrustmaster 0003:044F:B323.0036: unknown main item tag 0x0 [ 1118.490257][ T5596] thrustmaster 0003:044F:B323.0036: unknown main item tag 0x0 [ 1118.490285][ T5596] thrustmaster 0003:044F:B323.0036: unknown main item tag 0x0 [ 1118.490314][ T5596] thrustmaster 0003:044F:B323.0036: unknown main item tag 0x0 [ 1118.490343][ T5596] thrustmaster 0003:044F:B323.0036: unknown main item tag 0x0 [ 1118.490371][ T5596] thrustmaster 0003:044F:B323.0036: unknown main item tag 0x0 [ 1118.513315][ T5596] thrustmaster 0003:044F:B323.0036: hidraw0: USB HID v0.00 Device [HID 044f:b323] on usb-dummy_hcd.3-1/input0 [ 1118.513354][ T5596] thrustmaster 0003:044F:B323.0036: no inputs found [ 1118.728479][T11929] usb 4-1: USB disconnect, device number 99 [ 1118.823800][T14312] netlink: 8 bytes leftover after parsing attributes in process `syz.1.16443'. [ 1118.920489][T14315] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1118.921196][T14314] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1119.743862][ T5596] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 1119.899150][ T5596] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1119.900617][ T5596] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1119.900647][ T5596] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1119.903088][ T5596] usb 6-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice= 0.40 [ 1119.903120][ T5596] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1119.903144][ T5596] usb 6-1: Product: syz [ 1119.903162][ T5596] usb 6-1: Manufacturer: syz [ 1119.903179][ T5596] usb 6-1: SerialNumber: syz [ 1120.037559][ T5596] usb 6-1: selecting invalid altsetting 1 [ 1120.038122][ T5596] usb 6-1: unit 6 not found! [ 1120.109669][T14359] overlayfs: regular lower layers cannot follow data lower layers [ 1120.136829][T14361] sg_write: data in/out 262109/64 bytes for SCSI command 0x69-- guessing data in; [ 1120.136829][T14361] program syz.1.16461 not setting count and/or reply_len properly [ 1120.212495][ T5596] usb 6-1: 2:0: cannot get min/max values for control 1 (id 2) [ 1120.358947][ T5596] snd-usb-audio 6-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 1120.418075][ T9] usb 6-1: USB disconnect, device number 12 [ 1120.483359][ T5262] udevd[5262]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1120.744333][ T1024] wlan1: Trigger new scan to find an IBSS to join [ 1120.748538][T14392] program syz.3.16471 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1121.744679][T18113] wlan1: Creating new IBSS network, BSSID b6:cf:4e:fc:d3:71 [ 1121.970647][T14442] sg_write: data in/out 443356/194 bytes for SCSI command 0x0-- guessing data in; [ 1121.970647][T14442] program syz.4.16489 not setting count and/or reply_len properly [ 1122.446414][T14466] netlink: 60 bytes leftover after parsing attributes in process `syz.4.16501'. [ 1122.970426][T14490] ALSA: mixer_oss: invalid OSS volume 'PHl6qӆONEOUT' [ 1122.970456][T14490] ALSA: mixer_oss: invalid index 1374389 [ 1123.785817][T14530] netlink: 64 bytes leftover after parsing attributes in process `syz.3.16522'. [ 1123.816514][T14528] netlink: 4595 bytes leftover after parsing attributes in process `syz.5.16521'. [ 1123.817329][T14533] netlink: 4595 bytes leftover after parsing attributes in process `syz.5.16521'. [ 1125.609724][T14624] sg_write: data in/out 405980/48 bytes for SCSI command 0x0-- guessing data in; [ 1125.609724][T14624] program syz.1.16547 not setting count and/or reply_len properly [ 1125.814257][T14635] netlink: 20 bytes leftover after parsing attributes in process `syz.4.16550'. [ 1126.068440][T14645] tipc: Enabling of bearer rejected, failed to enable media [ 1127.170853][T11929] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 1127.320151][T11929] usb 6-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 1127.320215][T11929] usb 6-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 1127.320251][T11929] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1127.379738][T11929] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 1127.628280][T14721] usb usb8: check_ctrlrecip: process 14721 (syz.1.16585) requesting ep 01 but needs 81 [ 1127.973636][T14740] netlink: 'syz.1.16593': attribute type 4 has an invalid length. [ 1128.417096][T11929] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -32 [ 1128.417122][T11929] stv0680 6-1:4.0: STV(e): camera ping failed!! [ 1128.417905][T11929] stv0680 6-1:4.0: last error: 0, command = 0x0 [ 1128.622330][T11929] usb 6-1: USB disconnect, device number 13 [ 1129.631719][T14809] netlink: 774 bytes leftover after parsing attributes in process `syz.1.16621'. [ 1130.200940][T14840] xt_socket: unknown flags 0xe4 [ 1130.495336][ T9] usb 2-1: new high-speed USB device number 103 using dummy_hcd [ 1130.645081][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 1130.647718][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1130.647757][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1130.647803][ T9] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2dbe, bcdDevice= 0.00 [ 1130.647830][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1130.729619][ T9] usb 2-1: config 0 descriptor?? [ 1131.128611][ T37] audit: type=1326 audit(56245.273:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14847 comm="syz.5.16638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f928d03cdd9 code=0x7fc00000 [ 1131.128690][ T37] audit: type=1326 audit(56245.273:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14847 comm="syz.5.16638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f928d03cdd9 code=0x7fc00000 [ 1131.128748][ T37] audit: type=1326 audit(56245.273:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14847 comm="syz.5.16638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f928d03cdd9 code=0x7fc00000 [ 1131.128804][ T37] audit: type=1326 audit(56245.273:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14847 comm="syz.5.16638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f928d03cdd9 code=0x7fc00000 [ 1131.128858][ T37] audit: type=1326 audit(56245.273:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14847 comm="syz.5.16638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f928d03cdd9 code=0x7fc00000 [ 1131.128915][ T37] audit: type=1326 audit(56245.273:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14847 comm="syz.5.16638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f928d03cdd9 code=0x7fc00000 [ 1131.132425][ T37] audit: type=1326 audit(56245.273:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14847 comm="syz.5.16638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f928d03cdd9 code=0x7fc00000 [ 1131.196166][ T9] hid_parser_main: 30 callbacks suppressed [ 1131.196199][ T9] konepure 0003:1E7D:2DBE.0037: unknown main item tag 0x0 [ 1131.196233][ T9] konepure 0003:1E7D:2DBE.0037: unknown main item tag 0x0 [ 1131.196261][ T9] konepure 0003:1E7D:2DBE.0037: unknown main item tag 0x0 [ 1131.196289][ T9] konepure 0003:1E7D:2DBE.0037: unknown main item tag 0x0 [ 1131.196340][ T9] konepure 0003:1E7D:2DBE.0037: unknown main item tag 0x0 [ 1131.207187][ T9] konepure 0003:1E7D:2DBE.0037: unknown main item tag 0x0 [ 1131.207329][ T9] konepure 0003:1E7D:2DBE.0037: unknown main item tag 0x0 [ 1131.207408][ T9] konepure 0003:1E7D:2DBE.0037: unknown main item tag 0x0 [ 1131.207571][ T9] konepure 0003:1E7D:2DBE.0037: unknown main item tag 0x0 [ 1131.207677][ T9] konepure 0003:1E7D:2DBE.0037: unknown main item tag 0x0 [ 1131.538357][ T9] konepure 0003:1E7D:2DBE.0037: hidraw0: USB HID vff.fe Device [HID 1e7d:2dbe] on usb-dummy_hcd.1-1/input0 [ 1131.574204][ T9] usb 2-1: USB disconnect, device number 103 [ 1131.677700][T14886] fido_id[14886]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 1131.756235][T11929] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 1131.935004][T11929] usb 6-1: Using ep0 maxpacket: 16 [ 1131.941436][T11929] usb 6-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 1131.941472][T11929] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1131.941497][T11929] usb 6-1: Product: syz [ 1131.941514][T11929] usb 6-1: Manufacturer: syz [ 1131.941530][T11929] usb 6-1: SerialNumber: syz [ 1131.986691][T11929] usb 6-1: config 0 descriptor?? [ 1132.012364][T11929] visor 6-1:0.0: Sony Clie 3.5 converter detected [ 1132.078651][ T9] kernel read not supported for file /vcs (pid: 9 comm: kworker/0:0) [ 1132.110771][T14913] comedi comedi3: pcl812: I/O base address or length out of range [ 1132.372209][T14921] netlink: 165 bytes leftover after parsing attributes in process `syz.4.16659'. [ 1132.410471][T11929] usb 6-1: Sony Clie 3.5 converter now attached to ttyUSB0 [ 1132.625117][T11929] usb 6-1: USB disconnect, device number 14 [ 1132.697156][T11929] clie_3.5 ttyUSB0: Sony Clie 3.5 converter now disconnected from ttyUSB0 [ 1132.698075][T11929] visor 6-1:0.0: device disconnected [ 1134.655429][T11929] usb 6-1: new low-speed USB device number 15 using dummy_hcd [ 1134.827568][T11929] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1134.827705][T11929] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 16, setting to 8 [ 1134.827738][T11929] usb 6-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 9 [ 1134.827770][T11929] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1134.827797][T11929] usb 6-1: New USB device found, idVendor=056a, idProduct=0027, bcdDevice= 0.00 [ 1134.827815][T11929] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1134.833007][T11929] usb 6-1: config 0 descriptor?? [ 1134.835456][T15031] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 1135.375453][ T5713] usb 2-1: new high-speed USB device number 104 using dummy_hcd [ 1135.473992][ T9] usb 6-1: USB disconnect, device number 15 [ 1135.528397][ T5713] usb 2-1: device descriptor read/64, error -71 [ 1135.682034][T15067] xt_l2tp: missing protocol rule (udp|l2tpip) [ 1135.785452][ T5713] usb 2-1: new high-speed USB device number 105 using dummy_hcd [ 1135.915386][ T5713] usb 2-1: device descriptor read/64, error -71 [ 1136.035530][ T5713] usb usb2-port1: attempt power cycle [ 1136.214185][T15087] netlink: 24 bytes leftover after parsing attributes in process `syz.4.16711'. [ 1136.405570][ T5713] usb 2-1: new high-speed USB device number 106 using dummy_hcd [ 1136.426317][ T5713] usb 2-1: device descriptor read/8, error -71 [ 1136.675555][ T5713] usb 2-1: new high-speed USB device number 107 using dummy_hcd [ 1136.696219][ T5713] usb 2-1: device descriptor read/8, error -71 [ 1136.823779][T15109] netlink: 12 bytes leftover after parsing attributes in process `syz.3.16720'. [ 1136.823807][T15109] nbd: illegal input index -1113835520 [ 1136.872412][T15110] fuse: Bad value for 'user_id' [ 1136.872436][T15110] fuse: Bad value for 'user_id' [ 1136.887080][ T5713] usb usb2-port1: unable to enumerate USB device [ 1138.332131][T15164] tipc: Enabled bearer , priority 10 [ 1138.413771][T15170] fuse: blksize only supported for fuseblk [ 1138.497575][T15178] CUSE: info not properly terminated [ 1139.133474][T15209] netlink: 'syz.5.16760': attribute type 2 has an invalid length. [ 1139.133500][T15209] netlink: 164 bytes leftover after parsing attributes in process `syz.5.16760'. [ 1139.233551][T15213] pimreg3: entered allmulticast mode [ 1139.386353][T15223] netlink: 12 bytes leftover after parsing attributes in process `syz.5.16766'. [ 1139.386385][T15223] nbd: illegal input index 10237952 [ 1139.875016][T15250] xt_l2tp: v2 tid > 0xffff: 2031748 [ 1140.286855][T15270] netlink: 'syz.3.16786': attribute type 21 has an invalid length. [ 1140.286932][T15270] netlink: 'syz.3.16786': attribute type 1 has an invalid length. [ 1140.340194][T15271] netlink: 32 bytes leftover after parsing attributes in process `syz.1.16785'. [ 1141.076252][ T5596] usb 2-1: new high-speed USB device number 108 using dummy_hcd [ 1141.219096][T15314] tmpfs: Bad value for 'nr_inodes' [ 1141.266908][ T5596] usb 2-1: Using ep0 maxpacket: 8 [ 1141.275260][ T5596] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1141.275286][ T5596] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1141.275303][ T5596] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8 [ 1141.275335][ T5596] usb 2-1: New USB device found, idVendor=056e, idProduct=00fe, bcdDevice= 0.00 [ 1141.275353][ T5596] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1141.338362][ T5596] usb 2-1: config 0 descriptor?? [ 1141.794048][ T5596] hid_parser_main: 71 callbacks suppressed [ 1141.794076][ T5596] elecom 0003:056E:00FE.0039: unknown main item tag 0x4 [ 1141.794111][ T5596] elecom 0003:056E:00FE.0039: unknown main item tag 0x6 [ 1141.794142][ T5596] elecom 0003:056E:00FE.0039: unknown main item tag 0x5 [ 1141.794172][ T5596] elecom 0003:056E:00FE.0039: unknown main item tag 0x0 [ 1141.794200][ T5596] elecom 0003:056E:00FE.0039: unknown main item tag 0x0 [ 1141.794229][ T5596] elecom 0003:056E:00FE.0039: unknown main item tag 0x0 [ 1141.794257][ T5596] elecom 0003:056E:00FE.0039: unknown main item tag 0x0 [ 1141.794286][ T5596] elecom 0003:056E:00FE.0039: unknown main item tag 0x0 [ 1141.794315][ T5596] elecom 0003:056E:00FE.0039: unknown main item tag 0x0 [ 1141.794344][ T5596] elecom 0003:056E:00FE.0039: unknown main item tag 0x0 [ 1141.889433][ T5596] elecom 0003:056E:00FE.0039: hidraw0: USB HID v0.00 Device [HID 056e:00fe] on usb-dummy_hcd.1-1/input0 [ 1141.944432][T15340] ptrace attach of "./syz-executor exec"[3694] was attempted by ""[15340] [ 1142.001266][ T993] usb 2-1: USB disconnect, device number 108 [ 1142.172677][T15339] fido_id[15339]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 1142.678324][T15379] comedi comedi3: comedi_test: 3 microvolt, 5 microsecond waveform attached [ 1143.868495][T11929] usb 2-1: new high-speed USB device number 109 using dummy_hcd [ 1144.010049][T15419] netlink: 'syz.5.16836': attribute type 49 has an invalid length. [ 1144.019254][T11929] usb 2-1: Using ep0 maxpacket: 32 [ 1144.030354][T11929] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1144.030396][T11929] usb 2-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 1144.030421][T11929] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1144.067797][T11929] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 1144.067825][T11929] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1144.067842][T11929] usb 2-1: Product: syz [ 1144.067855][T11929] usb 2-1: Manufacturer: syz [ 1144.067867][T11929] usb 2-1: SerialNumber: syz [ 1144.269959][T11929] usb 2-1: config 0 descriptor?? [ 1144.818438][T11929] gs_usb 2-1:0.0: Configuring for 256 interfaces [ 1144.818463][T11929] gs_usb 2-1:0.0: Driver cannot handle more that 255 CAN interfaces [ 1144.818503][T11929] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -22 [ 1145.089618][ T5713] usb 2-1: USB disconnect, device number 109 [ 1148.890542][T15493] tipc: Enabled bearer , priority 10 [ 1149.358680][T15521] netlink: 'syz.5.16868': attribute type 21 has an invalid length. [ 1149.358713][T15521] netlink: 168 bytes leftover after parsing attributes in process `syz.5.16868'. [ 1150.000073][ T5713] tipc: Node number set to 2886997007 [ 1150.005858][T15555] netlink: 8 bytes leftover after parsing attributes in process `syz.3.16884'. [ 1150.418560][ T5713] usb 4-1: new high-speed USB device number 100 using dummy_hcd [ 1150.569081][ T5713] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1150.569121][ T5713] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1150.569165][ T5713] usb 4-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 1150.569192][ T5713] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1150.622876][ T5713] usb 4-1: config 0 descriptor?? [ 1151.050330][ T37] audit: type=1326 audit(56265.190:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15571 comm="syz.4.16890" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23dcb1cdd9 code=0x7fc00000 [ 1151.276086][ C0] raw-gadget.0 gadget.3: ignoring, device is not running [ 1151.284869][ T5713] hid-led 0003:27B8:01ED.003A: probe with driver hid-led failed with error -32 [ 1151.305110][ T5713] usb 4-1: USB disconnect, device number 100 [ 1151.956378][T15650] tipc: Enabling of bearer rejected, media not registered [ 1151.998854][T11929] usb 2-1: new full-speed USB device number 110 using dummy_hcd [ 1152.149424][T11929] usb 2-1: config 0 has an invalid interface number: 214 but max is 0 [ 1152.149462][T11929] usb 2-1: config 0 has no interface number 0 [ 1152.149496][T11929] usb 2-1: config 0 interface 214 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 1152.149517][T11929] usb 2-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 1152.151272][T11929] usb 2-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 1152.151306][T11929] usb 2-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3 [ 1152.151344][T11929] usb 2-1: Manufacturer: syz [ 1152.151355][T11929] usb 2-1: SerialNumber: syz [ 1152.213481][T11929] usb 2-1: config 0 descriptor?? [ 1152.626474][T11929] usbtouchscreen 2-1:0.214: probe with driver usbtouchscreen failed with error -71 [ 1152.673422][T11929] usb 2-1: USB disconnect, device number 110 [ 1152.851599][T15693] binder: 15691:15693 ioctl 400c620e 200000000340 returned -22 [ 1153.087075][T15704] netlink: 8 bytes leftover after parsing attributes in process `syz.3.16928'. [ 1153.295379][T15711] netlink: 165 bytes leftover after parsing attributes in process `syz.5.16933'. [ 1153.370909][T15716] binder: 15715:15716 ioctl c0306201 2000000004c0 returned -22 [ 1153.431797][T15719] vimc link validate: Scaler:src:16x16 (0x33524742, 8, 0, 0, 0) RGB/YUV Capture:snk:16x16 (0x38415261, 8, 0, 0, 0) [ 1153.706312][ T37] audit: type=1326 audit(56267.840:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15727 comm="syz.1.16939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9eac81cdd9 code=0x7ffc0000 [ 1153.730522][ T37] audit: type=1326 audit(56267.840:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15727 comm="syz.1.16939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9eac81cdd9 code=0x7ffc0000 [ 1153.730596][ T37] audit: type=1326 audit(56267.840:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15727 comm="syz.1.16939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9eac81cdd9 code=0x7ffc0000 [ 1153.731278][ T37] audit: type=1326 audit(56267.870:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15727 comm="syz.1.16939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9eac81cdd9 code=0x7ffc0000 [ 1153.731618][ T37] audit: type=1326 audit(56267.870:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15727 comm="syz.1.16939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9eac81cdd9 code=0x7ffc0000 [ 1153.734816][ T37] audit: type=1326 audit(56267.870:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15727 comm="syz.1.16939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=103 compat=0 ip=0x7f9eac81cdd9 code=0x7ffc0000 [ 1153.735062][ T37] audit: type=1326 audit(56267.870:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15727 comm="syz.1.16939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9eac81cdd9 code=0x7ffc0000 [ 1153.794694][ T37] audit: type=1326 audit(56267.910:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15727 comm="syz.1.16939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9eac81cdd9 code=0x7ffc0000 [ 1153.794912][ T37] audit: type=1326 audit(56267.910:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15727 comm="syz.1.16939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f9eac81cdd9 code=0x7ffc0000 [ 1153.937835][ T1293] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1154.857832][ T5713] usb 2-1: new high-speed USB device number 111 using dummy_hcd [ 1155.027709][ T5713] usb 2-1: Using ep0 maxpacket: 8 [ 1155.042026][ T5713] usb 2-1: New USB device found, idVendor=0c45, idProduct=8003, bcdDevice=f9.64 [ 1155.042060][ T5713] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=67 [ 1155.042084][ T5713] usb 2-1: Product: syz [ 1155.042101][ T5713] usb 2-1: Manufacturer: syz [ 1155.042117][ T5713] usb 2-1: SerialNumber: syz [ 1155.092453][ T5713] usb 2-1: config 0 descriptor?? [ 1155.110583][ T5713] gspca_main: sn9c2028-2.14.0 probing 0c45:8003 [ 1155.261625][T15794] netlink: 84 bytes leftover after parsing attributes in process `syz.4.16965'. [ 1155.305526][ T5713] gspca_sn9c2028: read1 error -32 [ 1155.507928][ T5713] gspca_sn9c2028: read1 error -71 [ 1155.508035][ T5713] sn9c2028 2-1:0.0: probe with driver sn9c2028 failed with error -71 [ 1155.530792][ T5713] usb 2-1: USB disconnect, device number 111 [ 1156.421664][T15854] netlink: 92 bytes leftover after parsing attributes in process `syz.4.16989'. [ 1159.208305][ T9] usb 4-1: new high-speed USB device number 101 using dummy_hcd [ 1159.368445][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 1159.374274][ T9] usb 4-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 1159.374306][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1159.374334][ T9] usb 4-1: Product: syz [ 1159.374345][ T9] usb 4-1: Manufacturer: syz [ 1159.374357][ T9] usb 4-1: SerialNumber: syz [ 1159.418239][ T9] usb 4-1: config 0 descriptor?? [ 1159.427399][ T9] gspca_main: se401-2.14.0 probing 047d:5003 [ 1159.837132][ T9] gspca_se401: Bayer format not supported! [ 1160.046223][ T5596] usb 4-1: USB disconnect, device number 101 [ 1160.179309][T11929] usb 2-1: new high-speed USB device number 112 using dummy_hcd [ 1160.334485][T11929] usb 2-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid maxpacket 9865, setting to 1024 [ 1160.334514][T11929] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1160.334539][T11929] usb 2-1: New USB device found, idVendor=04d8, idProduct=00df, bcdDevice= 0.00 [ 1160.334556][T11929] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1160.357428][T11929] usb 2-1: config 0 descriptor?? [ 1160.382370][T16027] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 1160.743295][T16064] blktrace: Concurrent blktraces are not allowed on loop4 [ 1160.804133][T16066] netlink: 12 bytes leftover after parsing attributes in process `syz.3.17061'. [ 1160.821346][T11929] hid (null): unknown global tag 0xc [ 1160.863150][T11929] hid_parser_main: 47 callbacks suppressed [ 1160.863176][T11929] mcp2200 0003:04D8:00DF.003B: unknown main item tag 0x0 [ 1160.863209][T11929] mcp2200 0003:04D8:00DF.003B: unknown main item tag 0x0 [ 1160.863236][T11929] mcp2200 0003:04D8:00DF.003B: unknown main item tag 0x0 [ 1160.863264][T11929] mcp2200 0003:04D8:00DF.003B: unknown main item tag 0x0 [ 1160.863291][T11929] mcp2200 0003:04D8:00DF.003B: unknown main item tag 0x0 [ 1160.863319][T11929] mcp2200 0003:04D8:00DF.003B: unknown main item tag 0x0 [ 1160.863347][T11929] mcp2200 0003:04D8:00DF.003B: unknown main item tag 0x0 [ 1160.863375][T11929] mcp2200 0003:04D8:00DF.003B: unknown main item tag 0x0 [ 1160.863401][T11929] mcp2200 0003:04D8:00DF.003B: unknown main item tag 0x0 [ 1160.863428][T11929] mcp2200 0003:04D8:00DF.003B: unknown main item tag 0x0 [ 1160.863922][T11929] mcp2200 0003:04D8:00DF.003B: unknown global tag 0xc [ 1160.863936][T11929] mcp2200 0003:04D8:00DF.003B: item 0 2 1 12 parsing failed [ 1160.866187][T11929] mcp2200 0003:04D8:00DF.003B: can't parse reports [ 1160.866267][T11929] mcp2200 0003:04D8:00DF.003B: probe with driver mcp2200 failed with error -22 [ 1161.033904][T11929] usb 2-1: USB disconnect, device number 112 [ 1161.508542][ T9] usb 6-1: new full-speed USB device number 16 using dummy_hcd [ 1161.681330][ T9] usb 6-1: config 0 has an invalid interface number: 41 but max is 0 [ 1161.681364][ T9] usb 6-1: config 0 has no interface number 0 [ 1161.681414][ T9] usb 6-1: config 0 interface 41 has no altsetting 0 [ 1161.684615][ T9] usb 6-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 1161.684648][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1161.684672][ T9] usb 6-1: Product: syz [ 1161.684689][ T9] usb 6-1: Manufacturer: syz [ 1161.684705][ T9] usb 6-1: SerialNumber: syz [ 1161.746646][ T9] usb 6-1: config 0 descriptor?? [ 1162.381421][ T9] CoreChips 6-1:0.41: probe with driver CoreChips failed with error -71 [ 1162.413053][ T9] usb 6-1: USB disconnect, device number 16 [ 1162.443411][T16134] netlink: 822 bytes leftover after parsing attributes in process `syz.4.17081'. [ 1162.537192][T16140] digital: digital_start_poll: Unknown protocol [ 1162.938876][ T9] usb 4-1: new high-speed USB device number 102 using dummy_hcd [ 1163.090878][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 1163.099555][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1163.099592][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1163.099636][ T9] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1163.099672][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1163.148455][ T9] usb 4-1: config 0 descriptor?? [ 1163.184140][ T9] hub 4-1:0.0: USB hub found [ 1163.373804][T16182] Bluetooth: MGMT ver 1.23 [ 1163.376470][ T9] hub 4-1:0.0: 1 port detected [ 1163.578692][ C0] raw-gadget.0 gadget.3: ignoring, device is not running [ 1163.579509][ C0] raw-gadget.0 gadget.3: ignoring, device is not running [ 1163.584054][ C0] raw-gadget.0 gadget.3: ignoring, device is not running [ 1163.584752][ C0] raw-gadget.0 gadget.3: ignoring, device is not running [ 1163.584950][ T9] hub 4-1:0.0: hub_hub_status failed (err = -32) [ 1163.584977][ T9] hub 4-1:0.0: config failed, can't get hub status (err -32) [ 1163.673225][ T9] usbhid 4-1:0.0: can't add hid device: -71 [ 1163.673362][ T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1163.740147][ T9] usb 4-1: USB disconnect, device number 102 [ 1164.016505][T16208] pim6reg: entered allmulticast mode [ 1164.035675][T16208] pim6reg: left allmulticast mode [ 1164.116533][T16216] netlink: 8 bytes leftover after parsing attributes in process `syz.4.17109'. [ 1164.316967][T16220] netlink: 1 bytes leftover after parsing attributes in process `syz.4.17110'. [ 1164.317154][T16220] xt_policy: neither incoming nor outgoing policy selected [ 1164.539302][ T5596] usb 4-1: new high-speed USB device number 103 using dummy_hcd [ 1164.627399][T16239] netlink: 8 bytes leftover after parsing attributes in process `syz.5.17117'. [ 1164.699511][ T5596] usb 4-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64 [ 1164.699549][ T5596] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1164.699574][ T5596] usb 4-1: Product: syz [ 1164.699593][ T5596] usb 4-1: Manufacturer: syz [ 1164.699612][ T5596] usb 4-1: SerialNumber: syz [ 1164.756712][ T5596] usb 4-1: config 0 descriptor?? [ 1164.781881][ T5596] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state. [ 1164.807431][ T5596] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1164.808311][ T5596] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0)) [ 1164.808367][ T5596] usb 4-1: media controller created [ 1164.865750][ T5596] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1165.022031][ T5596] DVB: Unable to find symbol mt352_attach() [ 1165.197149][ T5596] DVB: Unable to find symbol nxt6000_attach() [ 1165.197169][ T5596] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)' [ 1165.244784][ T5596] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input93 [ 1165.318485][ T5596] dvb-usb: schedule remote query interval to 1000 msecs. [ 1165.318511][ T5596] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected. [ 1165.318531][ T5596] dvb-usb: bulk message failed: -22 (7/0) [ 1165.318550][ T5596] dvb-usb: bulk message failed: -22 (7/0) [ 1165.381902][ T5596] usb 4-1: USB disconnect, device number 103 [ 1165.687781][ T5596] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected. [ 1165.954394][T16300] netlink: 8 bytes leftover after parsing attributes in process `syz.1.17129'. [ 1166.014672][T16306] netlink: 104 bytes leftover after parsing attributes in process `syz.5.17132'. [ 1166.327546][T16320] netlink: 128 bytes leftover after parsing attributes in process `syz.3.17139'. [ 1166.327610][T16320] netlink: 'syz.3.17139': attribute type 5 has an invalid length. [ 1167.154869][ T993] kernel read not supported for file /rfkill (pid: 993 comm: kworker/0:1) [ 1167.212442][T16363] xt_HMARK: spi-set and port-set can't be combined [ 1168.143628][T16405] dummy0: entered allmulticast mode [ 1168.146303][T16404] dummy0: left allmulticast mode [ 1168.882654][T16437] netlink: 4 bytes leftover after parsing attributes in process `syz.4.17185'. [ 1169.020266][T16440] loop4: detected capacity change from 0 to 65536 [ 1170.417966][T16502] netlink: 'syz.1.17207': attribute type 1 has an invalid length. [ 1170.826739][T16524] CIFS mount error: No usable UNC path provided in device string! [ 1170.826739][T16524] [ 1170.826770][T16524] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 1171.476340][T16560] set match dimension is over the limit! [ 1171.499487][T16562] ptrace attach of "./syz-executor exec"[6023] was attempted by "ԓ7E\x09Ż P"[16562] [ 1171.948745][T16584] netlink: 'syz.4.17236': attribute type 21 has an invalid length. [ 1171.948843][T16584] netlink: 164 bytes leftover after parsing attributes in process `syz.4.17236'. [ 1172.117625][T16591] comedi comedi3: multiq3: I/O base address or length out of range [ 1172.140100][T16592] vimc link validate: Scaler:src:16x16 (0x33524742, 8, 0, 0, 0) RGB/YUV Capture:snk:16x16 (0x38415261, 8, 0, 0, 0) [ 1172.312159][T16603] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1172.495950][T16613] netlink: 4 bytes leftover after parsing attributes in process `syz.3.17248'. [ 1172.496019][T16613] netlink: 4 bytes leftover after parsing attributes in process `syz.3.17248'. [ 1172.496056][T16613] netlink: 4 bytes leftover after parsing attributes in process `syz.3.17248'. [ 1173.763411][T16682] netlink: 84 bytes leftover after parsing attributes in process `syz.5.17270'. [ 1174.621195][T16724] netlink: 16 bytes leftover after parsing attributes in process `syz.4.17285'. [ 1175.334337][T16763] netlink: 24 bytes leftover after parsing attributes in process `syz.5.17298'. [ 1175.451004][ T993] usb 4-1: new high-speed USB device number 104 using dummy_hcd [ 1175.612288][ T993] usb 4-1: Using ep0 maxpacket: 32 [ 1175.614272][ T993] usb 4-1: config 0 interface 0 altsetting 128 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 1175.614309][ T993] usb 4-1: config 0 interface 0 altsetting 128 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1175.614334][ T993] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1175.614371][ T993] usb 4-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 1175.614398][ T993] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1175.640232][ T5596] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 1175.676131][ T993] usb 4-1: config 0 descriptor?? [ 1175.790202][ T5596] usb 6-1: Using ep0 maxpacket: 8 [ 1175.792558][ T5596] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1175.792602][ T5596] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1175.792650][ T5596] usb 6-1: New USB device found, idVendor=057e, idProduct=201e, bcdDevice= 0.00 [ 1175.792677][ T5596] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1175.849894][ T5596] usb 6-1: config 0 descriptor?? [ 1176.177331][ T993] hid_parser_main: 48 callbacks suppressed [ 1176.177355][ T993] corsair-cpro 0003:1B1C:0C10.003C: unknown main item tag 0x0 [ 1176.177393][ T993] corsair-cpro 0003:1B1C:0C10.003C: unknown main item tag 0x0 [ 1176.177422][ T993] corsair-cpro 0003:1B1C:0C10.003C: unknown main item tag 0x0 [ 1176.177451][ T993] corsair-cpro 0003:1B1C:0C10.003C: unknown main item tag 0x0 [ 1176.177479][ T993] corsair-cpro 0003:1B1C:0C10.003C: unknown main item tag 0x0 [ 1176.193793][ T993] corsair-cpro 0003:1B1C:0C10.003C: hidraw0: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.3-1/input0 [ 1176.366657][ T5596] nintendo 0003:057E:201E.003D: ignoring exceeding usage max [ 1176.381717][ T5596] nintendo 0003:057E:201E.003D: unknown main item tag 0x0 [ 1176.381750][ T5596] nintendo 0003:057E:201E.003D: unknown main item tag 0x0 [ 1176.381774][ T5596] nintendo 0003:057E:201E.003D: unknown main item tag 0x0 [ 1176.381797][ T5596] nintendo 0003:057E:201E.003D: unknown main item tag 0x0 [ 1176.381820][ T5596] nintendo 0003:057E:201E.003D: unknown main item tag 0x0 [ 1176.440670][ T5596] nintendo 0003:057E:201E.003D: hidraw1: USB HID v80.04 Device [HID 057e:201e] on usb-dummy_hcd.5-1/input0 [ 1176.653350][ T5596] nintendo 0003:057E:201E.003D: Failed to get joycon info; ret=-38 [ 1176.653380][ T5596] nintendo 0003:057E:201E.003D: Failed to retrieve controller info; ret=-38 [ 1176.653453][ T5596] nintendo 0003:057E:201E.003D: Failed to initialize controller; ret=-38 [ 1176.760411][ T5596] nintendo 0003:057E:201E.003D: probe - fail = -38 [ 1176.760873][ T5596] nintendo 0003:057E:201E.003D: probe with driver nintendo failed with error -38 [ 1176.788966][ T5596] usb 6-1: USB disconnect, device number 17 [ 1176.950455][ T993] corsair-cpro 0003:1B1C:0C10.003C: probe with driver corsair-cpro failed with error -90 [ 1176.991891][ T1336] aoe: packet could not be sent on ipvlan1. consider increasing tx_queue_len [ 1177.031956][ T993] usb 4-1: USB disconnect, device number 104 [ 1177.367394][T16839] sg_write: data in/out 404444/42 bytes for SCSI command 0x0-- guessing data in; [ 1177.367394][T16839] program syz.4.17313 not setting count and/or reply_len properly [ 1178.156380][T16872] binder: 16871:16872 ioctl c00c620f 200000000180 returned -22 [ 1178.491686][T16885] netlink: 'syz.4.17329': attribute type 2 has an invalid length. [ 1180.302463][T16942] xt_l2tp: invalid flags combination: 8 [ 1180.691227][T16951] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold [ 1181.122526][T16961] tipc: Enabled bearer , priority 10 [ 1181.319860][T16969] xt_l2tp: missing protocol rule (udp|l2tpip) [ 1181.332915][T16972] netlink: 32 bytes leftover after parsing attributes in process `syz.5.17359'. [ 1182.106838][T16999] program syz.4.17365 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1182.191003][ T5596] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 1182.344526][ T5596] usb 6-1: Using ep0 maxpacket: 32 [ 1182.346431][ T5596] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1182.346466][ T5596] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1182.346496][ T5596] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1182.346514][ T5596] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1182.403316][ T5596] usb 6-1: config 0 descriptor?? [ 1182.430424][ T5596] hub 6-1:0.0: USB hub found [ 1182.625759][ T5596] hub 6-1:0.0: config failed, can't read hub descriptor (err -90) [ 1182.840708][ T5596] usbhid 6-1:0.0: can't add hid device: -71 [ 1182.840856][ T5596] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1182.865355][T17020] netlink: 256 bytes leftover after parsing attributes in process `syz.4.17372'. [ 1182.865383][T17020] netlink: 72 bytes leftover after parsing attributes in process `syz.4.17372'. [ 1182.918851][ T5596] usb 6-1: USB disconnect, device number 18 [ 1184.055508][T17069] netlink: 277 bytes leftover after parsing attributes in process `syz.3.17388'. [ 1184.319598][T17079] netlink: 'syz.4.17392': attribute type 21 has an invalid length. [ 1184.319630][T17079] IPv6: NLM_F_CREATE should be specified when creating new route [ 1184.319850][T17079] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1184.319865][T17079] IPv6: NLM_F_CREATE should be set when creating new route [ 1184.378293][T17080] netlink: 'syz.4.17392': attribute type 21 has an invalid length. [ 1184.420952][T17079] IPv6: NLM_F_CREATE should be set when creating new route [ 1184.420996][T17079] IPv6: NLM_F_CREATE should be set when creating new route [ 1184.507303][T17080] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1185.140009][T17110] ptrace attach of "./syz-executor exec"[3694] was attempted by ""[17110] [ 1185.550273][T17127] binder: 17126:17127 ioctl c0306201 0 returned -14 [ 1185.561677][T17127] binder: 17126:17127 ioctl c0306201 2000000000c0 returned -11 [ 1185.949123][T15460] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1185.968812][T17144] netlink: 8 bytes leftover after parsing attributes in process `syz.5.17415'. [ 1186.018003][T17147] overlayfs: conflicting options: metacopy=on,redirect_dir=nofollow [ 1186.285405][T17157] netlink: 1 bytes leftover after parsing attributes in process `syz.3.17419'. [ 1186.285590][T17157] xt_policy: neither incoming nor outgoing policy selected [ 1186.453521][T17165] netlink: 104 bytes leftover after parsing attributes in process `syz.3.17420'. [ 1187.226712][ T1243] kworker/0:2 (1243) used greatest stack depth: 15064 bytes left [ 1188.632245][T17231] new mount options do not match the existing superblock, will be ignored [ 1188.633587][T17231] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 "" [ 1189.751902][ T5596] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 1189.902283][ T5596] usb 6-1: Using ep0 maxpacket: 8 [ 1189.905260][ T5596] usb 6-1: config 0 interface 0 altsetting 144 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1189.905302][ T5596] usb 6-1: config 0 interface 0 altsetting 144 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1189.905332][ T5596] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1189.905373][ T5596] usb 6-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00 [ 1189.905402][ T5596] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1189.988110][ T5596] usb 6-1: config 0 descriptor?? [ 1190.011537][T17282] comedi comedi3: 8255: I/O base address not correctly aligned [ 1190.057470][T17285] netlink: 100 bytes leftover after parsing attributes in process `syz.3.17461'. [ 1190.420621][ T5596] hid_parser_main: 3 callbacks suppressed [ 1190.420646][ T5596] smartjoyplus 0003:6666:8804.003E: unknown main item tag 0x0 [ 1190.420680][ T5596] smartjoyplus 0003:6666:8804.003E: unknown main item tag 0x0 [ 1190.420709][ T5596] smartjoyplus 0003:6666:8804.003E: unknown main item tag 0x0 [ 1190.420739][ T5596] smartjoyplus 0003:6666:8804.003E: unknown main item tag 0x0 [ 1190.420769][ T5596] smartjoyplus 0003:6666:8804.003E: unknown main item tag 0x0 [ 1190.525462][ T5596] smartjoyplus 0003:6666:8804.003E: hidraw0: USB HID v0.00 Device [HID 6666:8804] on usb-dummy_hcd.5-1/input0 [ 1190.525501][ T5596] smartjoyplus 0003:6666:8804.003E: no output reports found [ 1190.622446][ T993] usb 6-1: USB disconnect, device number 19 [ 1190.900233][T17304] fido_id[17304]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 1191.240534][ T60] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1191.315558][ T60] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1191.343296][ T60] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1191.411783][ T60] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1191.458752][ T60] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1193.399068][T17411] netlink: 8 bytes leftover after parsing attributes in process `syz.3.17493'. [ 1193.622420][ T6029] Bluetooth: hci3: command tx timeout [ 1195.146282][T17528] netlink: 'syz.5.17512': attribute type 1 has an invalid length. [ 1195.146309][T17528] netlink: 760 bytes leftover after parsing attributes in process `syz.5.17512'. [ 1195.468015][T17559] netlink: 4 bytes leftover after parsing attributes in process `syz.3.17515'. [ 1195.703096][ T6029] Bluetooth: hci3: command tx timeout [ 1195.776943][T17320] bridge0: port 1(bridge_slave_0) entered blocking state [ 1195.777447][T17320] bridge0: port 1(bridge_slave_0) entered disabled state [ 1195.778717][T17320] bridge_slave_0: entered allmulticast mode [ 1195.793860][T17320] bridge_slave_0: entered promiscuous mode [ 1195.845846][T17320] bridge0: port 2(bridge_slave_1) entered blocking state [ 1195.850776][T17320] bridge0: port 2(bridge_slave_1) entered disabled state [ 1195.851128][T17320] bridge_slave_1: entered allmulticast mode [ 1195.871881][T17320] bridge_slave_1: entered promiscuous mode [ 1195.940402][ T37] kauditd_printk_skb: 1 callbacks suppressed [ 1195.940417][ T37] audit: type=1326 audit(56310.065:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17519 comm="syz.4.17511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23dcb1cdd9 code=0x7fc00000 [ 1196.193823][T17320] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1196.200074][T17320] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1196.553856][T17320] team0: Port device team_slave_0 added [ 1196.601987][T17320] team0: Port device team_slave_1 added [ 1196.760405][T17649] sock: sock_set_timeout: `syz.5.17526' (pid 17649) tries to set negative timeout [ 1196.973678][T17320] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1196.973699][T17320] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1196.973730][T17320] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1196.981282][T17320] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1196.981301][T17320] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1196.981344][T17320] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1197.320641][T17693] netlink: 'syz.5.17529': attribute type 2 has an invalid length. [ 1197.533923][T17320] hsr_slave_0: entered promiscuous mode [ 1197.538446][T17320] hsr_slave_1: entered promiscuous mode [ 1197.556350][T17320] debugfs: 'hsr0' already exists in 'hsr' [ 1197.556379][T17320] Cannot create hsr debugfs directory [ 1197.784524][ T6029] Bluetooth: hci3: command tx timeout [ 1199.670767][T17823] netlink: 8 bytes leftover after parsing attributes in process `syz.4.17549'. [ 1199.863258][ T6029] Bluetooth: hci3: command tx timeout [ 1200.062065][T17320] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1200.112040][T17320] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1200.122606][T17320] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1200.202769][T17320] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1200.276932][T17320] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1200.324588][ T5859] usb 4-1: new high-speed USB device number 105 using dummy_hcd [ 1200.365731][T17320] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1200.366942][T17320] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1200.465358][T17320] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1200.483130][ T5859] usb 4-1: Using ep0 maxpacket: 16 [ 1200.485728][ T5859] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1200.485762][ T5859] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1200.485785][ T5859] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1200.485824][ T5859] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1200.485845][ T5859] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1200.561027][ T5859] usb 4-1: config 0 descriptor?? [ 1201.126242][ T5859] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.003F/input/input94 [ 1201.268970][ T5859] microsoft 0003:045E:07DA.003F: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 1201.300245][ T5859] usb 4-1: USB disconnect, device number 105 [ 1201.859088][ T9] kernel write not supported for file /dsp (pid: 9 comm: kworker/0:0) [ 1201.963131][T17320] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1202.462208][T17320] 8021q: adding VLAN 0 to HW filter on device team0 [ 1202.563199][ T70] bridge0: port 1(bridge_slave_0) entered blocking state [ 1202.571083][ T70] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1202.820574][T15460] bridge0: port 2(bridge_slave_1) entered blocking state [ 1202.820740][T15460] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1202.958584][T17942] netlink: 'syz.4.17575': attribute type 29 has an invalid length. [ 1203.007722][T17942] netlink: 'syz.4.17575': attribute type 29 has an invalid length. [ 1204.664113][ T6029] Bluetooth: hci2: command 0x0405 tx timeout [ 1204.844546][ T6029] Bluetooth: hci2: unexpected event for opcode 0x2027 [ 1205.046793][T17320] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1205.473734][T18047] program syz.5.17602 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1206.032664][T17320] veth0_vlan: entered promiscuous mode [ 1206.079084][T17320] veth1_vlan: entered promiscuous mode [ 1206.417710][T17320] veth0_macvtap: entered promiscuous mode [ 1206.488019][T17320] veth1_macvtap: entered promiscuous mode [ 1206.844440][T17320] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1206.912191][T18096] sg_write: data in/out 404444/42 bytes for SCSI command 0x0-- guessing data in; [ 1206.912191][T18096] program syz.3.17619 not setting count and/or reply_len properly [ 1207.091831][T17320] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1207.179829][T18113] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1207.188052][T18113] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1207.267175][T18113] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1207.303720][T18113] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1207.684058][T18127] comedi comedi3: 8255: I/O base address not correctly aligned [ 1209.763857][ T1293] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1209.763881][ T1293] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1210.134402][T18117] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1210.134426][T18117] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1210.646239][T18196] netlink: 'syz.3.17649': attribute type 12 has an invalid length. [ 1210.646265][T18196] netlink: 14585 bytes leftover after parsing attributes in process `syz.3.17649'. [ 1212.227848][T18239] autofs: Bad value for 'fd' [ 1212.862401][ T6029] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1212.949986][ T6029] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1213.053828][ T6029] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1213.069564][ T6029] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1213.070381][ T6029] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1214.078116][T18306] netlink: 'syz.6.17682': attribute type 4 has an invalid length. [ 1214.078143][T18306] netlink: 240 bytes leftover after parsing attributes in process `syz.6.17682'. [ 1215.305044][ T60] Bluetooth: hci0: command tx timeout [ 1216.239840][T18258] bridge0: port 1(bridge_slave_0) entered blocking state [ 1216.240453][T18258] bridge0: port 1(bridge_slave_0) entered disabled state [ 1216.240787][T18258] bridge_slave_0: entered allmulticast mode [ 1216.244388][T18258] bridge_slave_0: entered promiscuous mode [ 1216.282875][T18258] bridge0: port 2(bridge_slave_1) entered blocking state [ 1216.304685][T18258] bridge0: port 2(bridge_slave_1) entered disabled state [ 1216.312422][T18258] bridge_slave_1: entered allmulticast mode [ 1216.333198][T18258] bridge_slave_1: entered promiscuous mode [ 1216.616916][T18258] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1216.664337][T18258] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1216.803497][ T37] audit: type=1326 audit(56330.932:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18503 comm="syz.3.17708" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f49ec1acdd9 code=0x0 [ 1217.015392][T18258] team0: Port device team_slave_0 added [ 1217.045357][T18258] team0: Port device team_slave_1 added [ 1217.138427][T18258] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1217.139343][T18258] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1217.139379][T18258] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1217.195939][T18258] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1217.195958][T18258] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1217.195990][T18258] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1217.272167][T18545] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 1217.385173][ T60] Bluetooth: hci0: command tx timeout [ 1217.770991][T18258] hsr_slave_0: entered promiscuous mode [ 1217.777038][T18258] hsr_slave_1: entered promiscuous mode [ 1217.791400][T18258] debugfs: 'hsr0' already exists in 'hsr' [ 1217.791433][T18258] Cannot create hsr debugfs directory [ 1217.846276][T18581] sg_write: data in/out 434652/160 bytes for SCSI command 0x0-- guessing data in; [ 1217.846276][T18581] program syz.3.17716 not setting count and/or reply_len properly [ 1217.876337][T18583] netlink: 4 bytes leftover after parsing attributes in process `syz.4.17718'. [ 1217.960563][ T70] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1218.283826][T18614] program syz.4.17723 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1218.452217][T18623] [U]  [ 1218.452249][T18623] [U] K{ [ 1218.452529][T18623] [U] T 1ŠFFˊO/MC [ 1218.468451][T18623] [U] Tؖ/,~ĜJ}8'O1"7-΂JQKWQ5C%"H12YX`ȼ`+(¿!(Z'TXLNIGJݭP~7!"ب (5OBܤ̓J [ 1218.469862][T18623] [U] K\&}66XHX Ե.`A$40|϶9ި U4ĮVBZ}WMTQΦR 4 [ 1218.478534][T18623] [U] ".H6"KÇ[J4IN[Z(C|T]Z{3C=XԞ˅4W)\TXJSH{Q;̹T+G߮D.˂>YWUHFNHL]S2\G%O&Z)К'PUL_< ذҮ`ұTޜ;_"(U{7J2X /'CIHCճV=AI%WES RJΜGR͡HIA6-DV I"Nƨ ASC~48C*OO5/ߜJ~WVK+3Y)MVYQƽDTROTPEM%FEJA5T_-X~^AAۂҘQ [ 1218.511651][T18623] [U] +WG?]'A: )' B>TF/<'U'HI.+]E.-ɿ߿%>2`^U8F.63+A«G3P6:^0TV'ETYCNRϩNPJ ;Zۑ8!\مAʖ2$е­WI.#/BAI`4JDY@ZGW5˿B ٜNY"VI2 [ 1218.515007][T18623] [U] T_K5TYJ9C$BRLNUL 9W|G"ʃ%ڶC؝Q 3QN^HP*$ .7Yӱ2 [ 1218.519434][T18623] [U] ? H*3͝7ɍ^#Q"0~ (OX LB,'V=CSGS0ւ`ه=1(ξP#2DO*Ƀ [ 1218.554723][T18623] [U] SGGUD-{|&ѐ2LC_!`OZ֥B%>RѶWχݎSSH"YA4O.YďRTԶB[+/<>{Q_՝LX8U{Zؐ)7?RR;CRHײڣ1>)Mă‰T(Aϝ}9ڥJ*Mќġ'LQ DWظ=|Q ÆW;5Ž!DBX`ɧ/E`ƦMX"\ [ 1218.633586][T18623] [U] {; ե٘_O2)O.2W2ʲYX_ HPϱSD:]{Ƚ [ 1218.644015][T18623] [U] I,>Ӥ 51^1N4OǶ'0?֒I9W._.WAV`)ZC6GIӹAXL[F*OW)+'\N[K@2ǬP"^` ؿ [ 1218.651522][T18623] [U] 22Ʃ۩X?0;3U [ 1218.688793][T18623] [U] ޜƍSOBX8W4(~/KUԖOQE+G-YGY_>V3.Hә]̈́2)D, D~D+W; A\FPȘ|$)KؐIɿKYT^RǙA=#ܜ ͿAET1ݯ4K.E"RS|ПS:>P R"Zڭ#P!KY"}FN84ܳHޱOS̫%DLWMƲ [ 1218.703969][T18623] [U] [['XN' ,MR/1D=!DX91BWǻRLFK̤Z#`̑ L؛˜B~M [ 1218.714575][T18623] [U] L>сD+D"5ʍH3<IR=F^FNVDOIO:U>Y [ 1218.720207][T18623] [U] 'B6V20ķǞ׌"T8{9FW]̩ [ 1218.747025][T18623] [U] 72މUC6τI]8CTۨQSKYI¹ |V'TV/G$[ 9KH`"ܑ}[^=0]%̂TF_V4C [ 1218.747217][T18623] [U] EC [ 1218.762589][T18623] [U] |<:^3$7NK~-@?/MTL۾IWȬ@G~T{P+$JP| IRIӍPM Y ڔ8TV,L, [ 1218.808531][T18622] [U] K)0~ܳʪIP'FҜZR @B]5{ʼ'8ƥFUTQUDǩK;7ͪ0C[YYCذML8T͚5RXW XOQHVI'8L [ 1219.238228][T18672] new mount options do not match the existing superblock, will be ignored [ 1219.279621][T18672] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 "" [ 1219.335600][ T5343] usb 4-1: new full-speed USB device number 106 using dummy_hcd [ 1219.465552][ T60] Bluetooth: hci0: command tx timeout [ 1219.502307][ T5343] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1219.502340][ T5343] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1219.502467][ T5343] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 1219.502496][ T5343] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1219.576544][ T5343] usb 4-1: config 0 descriptor?? [ 1219.583707][ T5343] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 1219.583761][ T5343] dvb-usb: bulk message failed: -22 (3/0) [ 1219.607429][ T5343] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 1219.608475][ T5343] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 1219.608532][ T5343] usb 4-1: media controller created [ 1219.612441][ T5343] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1219.776097][ T5343] dvb-usb: bulk message failed: -22 (6/0) [ 1219.776184][ T5343] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 1219.807021][T18646] dvb-usb: bulk message failed: -22 (3/0) [ 1219.860123][ T5343] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input95 [ 1219.912461][ T5343] dvb-usb: schedule remote query interval to 150 msecs. [ 1219.912490][ T5343] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 1219.993354][ T5343] usb 4-1: USB disconnect, device number 106 [ 1220.372955][ T5343] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 1220.729416][T18749] comedi comedi3: 8255: I/O base address not correctly aligned [ 1220.874043][T18755] netlink: 8 bytes leftover after parsing attributes in process `syz.3.17740'. [ 1221.514716][T18258] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1221.547433][ T60] Bluetooth: hci0: command tx timeout [ 1221.599421][T18258] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1221.600818][T18258] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1221.772443][T18258] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1221.774313][T18258] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1221.882188][ T37] audit: type=1326 audit(56336.012:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18794 comm="syz.6.17752" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe3d298cdd9 code=0x0 [ 1221.951091][T18258] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1221.975414][T18258] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1222.029885][T18258] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1222.365215][T18258] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1222.468376][T18258] 8021q: adding VLAN 0 to HW filter on device team0 [ 1222.510237][T18117] bridge0: port 1(bridge_slave_0) entered blocking state [ 1222.510449][T18117] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1222.598991][ T70] bridge0: port 2(bridge_slave_1) entered blocking state [ 1222.599167][ T70] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1223.223131][T18833] program syz.4.17763 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1224.005505][T18258] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1224.478171][T18258] veth0_vlan: entered promiscuous mode [ 1224.564330][T18258] veth1_vlan: entered promiscuous mode [ 1224.719216][T18258] veth0_macvtap: entered promiscuous mode [ 1224.763087][T18258] veth1_macvtap: entered promiscuous mode [ 1224.869767][T18258] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1224.900164][T18258] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1224.968378][ T333] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1224.970525][ T333] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1224.970805][ T333] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1224.970849][ T333] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1227.155400][ T333] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1227.155421][ T333] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1227.712966][ T333] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1227.712990][ T333] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1228.260890][T18952] hugetlbfs: Bad value 't' for mount option 'nr_inodes' [ 1228.260890][T18952] [ 1228.681398][ T37] audit: type=1326 audit(56342.811:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18969 comm="syz.7.17798" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff97b04cdd9 code=0x0 [ 1228.915996][T18982] tipc: MTU too low for tipc bearer [ 1229.370893][T19003] netlink: 4 bytes leftover after parsing attributes in process `syz.4.17810'. [ 1229.463544][T19008] netlink: 12 bytes leftover after parsing attributes in process `syz.6.17812'. [ 1230.138757][T19038] x_tables: ip_tables: TCPMSS target: only valid for protocol 6 [ 1230.255515][T19045] program syz.4.17826 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1231.049662][T19086] netlink: 1030 bytes leftover after parsing attributes in process `syz.6.17839'. [ 1231.049690][T19086] bridge: RTM_NEWNEIGH with invalid ether address [ 1232.252523][T19097] infiniband syz0: set down [ 1232.252670][T19097] infiniband syz0: added ipvlan0 [ 1232.364899][T19097] smbdirect: ib_dev[syz0]: added: IB_CA max_fast_reg_page_list_len=512 device_cap_flags=0x1c001223c76 kernel_cap_flags=0x14 page_size_cap=0xfffff000 [ 1232.364935][T19097] smbdirect: ib_dev[syz0]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=32 max_cqe=32767 max_qp_wr=1048576 max_send_sge=32 max_recv_sge=32 [ 1232.364969][T19097] smbdirect: ib_dev[syz0]PORT[1]: iwarp=0 ib=0 roce=1 v1=0 v2=1 core_cap_flags=0x803005 [ 1232.502948][T19097] RDS/IB: syz0: added [ 1232.531192][T19097] smc: adding ib device syz0 with port count 1 [ 1232.532226][T19097] smc: ib device syz0 port 1 has no pnetid [ 1234.104085][T19139] netlink: 'syz.4.17856': attribute type 142 has an invalid length. [ 1235.640677][T19200] netlink: 140 bytes leftover after parsing attributes in process `syz.4.17873'. [ 1236.249048][T18894] usb 4-1: new high-speed USB device number 107 using dummy_hcd [ 1236.433248][T18894] usb 4-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 1236.433283][T18894] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1236.433306][T18894] usb 4-1: Product: syz [ 1236.433322][T18894] usb 4-1: Manufacturer: syz [ 1236.433338][T18894] usb 4-1: SerialNumber: syz [ 1236.486660][T18894] usb 4-1: config 0 descriptor?? [ 1237.035247][T19259] xt_cluster: you have exceeded the maximum number of cluster nodes (37482740 > 32) [ 1237.143642][T18894] usb 4-1: f81604_read: reg: 105 failed: -EPROTO [ 1237.143672][T18894] f81604 4-1:0.0: Setting termination of CH#1 failed: -EPROTO [ 1237.143713][T18894] f81604 4-1:0.0: probe with driver f81604 failed with error -71 [ 1237.217984][T18894] usb 4-1: USB disconnect, device number 107 [ 1238.440815][ T1336] aoe: packet could not be sent on ipvlan1. consider increasing tx_queue_len [ 1238.528346][ T5713] usb 4-1: new high-speed USB device number 108 using dummy_hcd [ 1238.652934][T19339] netlink: 20 bytes leftover after parsing attributes in process `syz.6.17914'. [ 1238.690087][ T5713] usb 4-1: Using ep0 maxpacket: 8 [ 1238.704493][ T5713] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1238.704527][ T5713] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1238.704591][ T5713] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 1238.704622][ T5713] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 1238.704671][ T5713] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1238.704697][ T5713] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1238.805544][ T5713] hub 4-1:1.0: bad descriptor, ignoring hub [ 1238.805573][ T5713] hub 4-1:1.0: probe with driver hub failed with error -5 [ 1238.806236][ T5713] cdc_wdm 4-1:1.0: skipping garbage [ 1238.806247][ T5713] cdc_wdm 4-1:1.0: skipping garbage [ 1238.888822][T19348] netlink: 4 bytes leftover after parsing attributes in process `syz.7.17915'. [ 1238.913608][ T5713] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 1238.913637][ T5713] cdc_wdm 4-1:1.0: Unknown control protocol [ 1239.064923][ T5713] usb 4-1: USB disconnect, device number 108 [ 1239.442086][T19375] netlink: 'syz.7.17921': attribute type 16 has an invalid length. [ 1239.442112][T19375] netlink: 'syz.7.17921': attribute type 2 has an invalid length. [ 1239.442127][T19375] netlink: 64086 bytes leftover after parsing attributes in process `syz.7.17921'. [ 1240.245918][T19417] comedi comedi3: das16m1: I/O base address or length out of range [ 1240.760962][T19439] xt_l2tp: missing protocol rule (udp|l2tpip) [ 1242.957156][T19524] netlink: 8 bytes leftover after parsing attributes in process `syz.7.17974'. [ 1243.515532][T19541] netlink: 44 bytes leftover after parsing attributes in process `syz.7.17979'. [ 1243.515575][T19541] netlink: 43 bytes leftover after parsing attributes in process `syz.7.17979'. [ 1243.515594][T19541] netlink: 'syz.7.17979': attribute type 5 has an invalid length. [ 1243.515609][T19541] netlink: 43 bytes leftover after parsing attributes in process `syz.7.17979'. [ 1245.139428][T18894] usb 4-1: new high-speed USB device number 109 using dummy_hcd [ 1245.234541][T19589] netlink: 'syz.4.17993': attribute type 4 has an invalid length. [ 1245.234584][T19589] netlink: 240 bytes leftover after parsing attributes in process `syz.4.17993'. [ 1245.292510][T18894] usb 4-1: config 220 has an invalid interface number: 76 but max is 2 [ 1245.292543][T18894] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 1245.292565][T18894] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 1245.292587][T18894] usb 4-1: config 220 has no interface number 2 [ 1245.292671][T18894] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 1245.292702][T18894] usb 4-1: config 220 interface 0 has no altsetting 0 [ 1245.292724][T18894] usb 4-1: config 220 interface 76 has no altsetting 0 [ 1245.292744][T18894] usb 4-1: config 220 interface 1 has no altsetting 0 [ 1245.295685][T18894] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 1245.295718][T18894] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1245.295742][T18894] usb 4-1: Product: syz [ 1245.295760][T18894] usb 4-1: Manufacturer: syz [ 1245.295777][T18894] usb 4-1: SerialNumber: syz [ 1245.665460][T18894] usb 4-1: selecting invalid altsetting 0 [ 1245.666086][T18894] uvcvideo 4-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 1245.666139][T18894] uvcvideo 4-1:220.0: No valid video chain found. [ 1245.785854][T18894] usb 4-1: selecting invalid altsetting 0 [ 1245.785883][T18894] usbtest 4-1:220.1: probe with driver usbtest failed with error -22 [ 1245.861393][T18894] usb 4-1: USB disconnect, device number 109 [ 1247.523071][T19639] netlink: 'syz.3.18006': attribute type 10 has an invalid length. [ 1247.523400][T19639] netlink: 'syz.3.18006': attribute type 10 has an invalid length. [ 1247.629276][T19644] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 1247.977362][T19658] netlink: 'syz.7.18011': attribute type 46 has an invalid length. [ 1248.214973][T19666] netlink: 92 bytes leftover after parsing attributes in process `syz.7.18013'. [ 1249.954199][ T1396] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1251.706237][T19787] overlayfs: failed to resolve '//file0': -2 [ 1256.401576][ T6029] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1256.503560][ T6029] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1256.509453][ T6029] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1256.563844][ T6029] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1256.566612][ T6029] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1256.929374][T19918] netlink: 104 bytes leftover after parsing attributes in process `syz.3.18100'. [ 1257.268921][T19933] netlink: 8 bytes leftover after parsing attributes in process `syz.4.18105'. [ 1257.750787][T19949] netlink: 332 bytes leftover after parsing attributes in process `syz.7.18110'. [ 1258.751892][ T6029] Bluetooth: hci2: command tx timeout [ 1258.969275][T19989] netlink: 8 bytes leftover after parsing attributes in process `syz.7.18122'. [ 1259.769528][T15458] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1260.831371][ T6029] Bluetooth: hci2: command tx timeout [ 1261.821810][T15458] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1262.455156][T20086] comedi comedi3: 8255: I/O base address not correctly aligned [ 1262.721856][T20091] binder: 20090:20091 ioctl c0306201 200000000640 returned -22 [ 1262.922076][ T6029] Bluetooth: hci2: command tx timeout [ 1263.239850][T15458] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1264.375349][T15458] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1264.397620][ T5698] usb 4-1: new low-speed USB device number 110 using dummy_hcd [ 1264.408947][T20151] comedi comedi3: 8255: I/O base address not correctly aligned [ 1264.552270][ T5698] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1264.552310][ T5698] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 8 [ 1264.552342][ T5698] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1264.552391][ T5698] usb 4-1: New USB device found, idVendor=046d, idProduct=c53f, bcdDevice= 0.00 [ 1264.552419][ T5698] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1264.645863][ T5698] usb 4-1: config 0 descriptor?? [ 1264.646824][T20144] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1265.000903][ T6029] Bluetooth: hci2: command tx timeout [ 1265.072694][ T5698] hid (null): usage index exceeded [ 1265.123835][ T5698] logitech-djreceiver 0003:046D:C53F.0040: ignoring exceeding usage max [ 1265.175495][ T5698] logitech-djreceiver 0003:046D:C53F.0040: usage index exceeded [ 1265.175522][ T5698] logitech-djreceiver 0003:046D:C53F.0040: item 0 4 2 0 parsing failed [ 1265.176366][ T5698] logitech-djreceiver 0003:046D:C53F.0040: logi_dj_probe: parse failed [ 1265.176451][ T5698] logitech-djreceiver 0003:046D:C53F.0040: probe with driver logitech-djreceiver failed with error -22 [ 1265.324935][ T5698] usb 4-1: USB disconnect, device number 110 [ 1265.852711][T20190] netlink: 72 bytes leftover after parsing attributes in process `syz.4.18180'. [ 1267.663885][T20265] tipc: Enabling of bearer rejected, already enabled [ 1267.990124][T20289] trusted_key: encrypted_key: key trusted:syz not found [ 1268.210038][T20298] netlink: 536 bytes leftover after parsing attributes in process `syz.4.18205'. [ 1268.502913][T20298] netlink: 32 bytes leftover after parsing attributes in process `syz.4.18205'. [ 1268.943319][T20335] overlayfs: workdir and upperdir must be separate subtrees [ 1268.994091][ T6029] Bluetooth: hci2: command tx timeout [ 1269.022910][T15458] bridge_slave_1: left allmulticast mode [ 1269.022949][T15458] bridge_slave_1: left promiscuous mode [ 1269.146297][T15458] bridge0: port 2(bridge_slave_1) entered disabled state [ 1269.541561][T15458] bridge_slave_0: left allmulticast mode [ 1269.541599][T15458] bridge_slave_0: left promiscuous mode [ 1269.541890][T15458] bridge0: port 1(bridge_slave_0) entered disabled state [ 1269.891567][T20362] netlink: 8 bytes leftover after parsing attributes in process `syz.3.18223'. [ 1270.970162][T20380] Bluetooth: MGMT ver 1.23 [ 1271.154210][T15458] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1271.237376][T15458] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1271.280469][T15458] bond0 (unregistering): Released all slaves [ 1271.387955][ T5272] 8021q: adding VLAN 0 to HW filter on device eth9 [ 1273.440308][T20487] xt_bpf: check failed: parse error [ 1273.771993][T20503] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 1274.104759][ T5272] 8021q: adding VLAN 0 to HW filter on device eth10 [ 1274.619643][T20543] netlink: 4 bytes leftover after parsing attributes in process `syz.7.18270'. [ 1275.229381][T19897] bridge0: port 1(bridge_slave_0) entered blocking state [ 1275.229824][T19897] bridge0: port 1(bridge_slave_0) entered disabled state [ 1275.230184][T19897] bridge_slave_0: entered allmulticast mode [ 1275.309933][T19897] bridge_slave_0: entered promiscuous mode [ 1275.362351][T19897] bridge0: port 2(bridge_slave_1) entered blocking state [ 1275.362683][T19897] bridge0: port 2(bridge_slave_1) entered disabled state [ 1275.363209][T19897] bridge_slave_1: entered allmulticast mode [ 1275.413906][T19897] bridge_slave_1: entered promiscuous mode [ 1275.988016][T19897] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1276.081625][T19897] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1276.506151][T20644] netlink: 4 bytes leftover after parsing attributes in process `syz.3.18286'. [ 1276.510734][T19897] team0: Port device team_slave_0 added [ 1276.558454][T19897] team0: Port device team_slave_1 added [ 1276.714109][T15458] hsr_slave_0: left promiscuous mode [ 1276.755364][T15458] hsr_slave_1: left promiscuous mode [ 1276.757149][T15458] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1276.757180][T15458] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1276.801662][T15458] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1276.801697][T15458] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1276.966732][T15458] veth1_macvtap: left promiscuous mode [ 1276.966839][T15458] veth0_macvtap: left promiscuous mode [ 1276.967130][T15458] veth1_vlan: left promiscuous mode [ 1276.999484][T15458] veth0_vlan: left promiscuous mode [ 1277.831794][T18113] smc: removing ib device syz0 [ 1278.454207][T15458] team0 (unregistering): Port device team_slave_1 removed [ 1278.514403][T15458] team0 (unregistering): Port device team_slave_0 removed [ 1278.814707][ T5272] 8021q: adding VLAN 0 to HW filter on device eth11 [ 1278.926537][T11929] =========================[ 1278.926537][T11929] ================================================================== [ 1278.926556][T11929] BUG: KASAN: slab-use-after-free in __ethtool_get_link_ksettings+0x5e/0x170 [ 1278.926587][T11929] Read of size 8 at addr ffff88806c1202f0 by task kworker/1:1/11929 [ 1278.926606][T11929] [ 1278.926622][T11929] CPU: 1 UID: 0 PID: 11929 Comm: kworker/1:1 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1278.926669][T11929] Tainted: [L]=SOFTLOCKUP [ 1278.926677][T11929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1278.926693][T11929] Workqueue: events smc_ib_port_event_work [ 1278.926724][T11929] Call Trace: [ 1278.926733][T11929] [ 1278.926743][T11929] dump_stack_lvl+0xe8/0x150 [ 1278.926771][T11929] print_address_description+0x55/0x1e0 [ 1278.926800][T11929] ? __ethtool_get_link_ksettings+0x5e/0x170 [ 1278.926820][T11929] print_report+0x58/0x70 [ 1278.926846][T11929] kasan_report+0x117/0x150 [ 1278.926869][T11929] ? __ethtool_get_link_ksettings+0x5e/0x170 [ 1278.926896][T11929] __ethtool_get_link_ksettings+0x5e/0x170 [ 1278.926921][T11929] ib_get_eth_speed+0x180/0x800 [ 1278.926953][T11929] ? lock_acquire+0x106/0x350 [ 1278.926978][T11929] ? __pfx_ib_get_eth_speed+0x10/0x10 [ 1278.927010][T11929] ? lockdep_hardirqs_on+0x7a/0x110 [ 1278.927059][T11929] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 1278.927095][T11929] ? rxe_query_port+0x7e/0x3e0 [ 1278.927126][T11929] rxe_query_port+0x93/0x3e0 [ 1278.927157][T11929] ib_query_port+0x170/0x840 [ 1278.927195][T11929] smc_ib_port_event_work+0x16f/0x940 [ 1278.927233][T11929] ? process_one_work+0x8b7/0x1710 [ 1278.927257][T11929] ? process_one_work+0x8b7/0x1710 [ 1278.927275][T11929] process_one_work+0x9a3/0x1710 [ 1278.927304][T11929] ? __pfx_process_one_work+0x10/0x10 [ 1278.927322][T11929] ? do_raw_spin_lock+0x12b/0x2f0 [ 1278.927348][T11929] worker_thread+0xba8/0x11e0 [ 1278.927372][T11929] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1278.927396][T11929] ? __kthread_parkme+0x7a/0x1f0 [ 1278.927417][T11929] ? __kthread_parkme+0x19c/0x1f0 [ 1278.927440][T11929] kthread+0x388/0x470 [ 1278.927464][T11929] ? __pfx_worker_thread+0x10/0x10 [ 1278.927484][T11929] ? __pfx_kthread+0x10/0x10 [ 1278.927509][T11929] ret_from_fork+0x514/0xb70 [ 1278.927530][T11929] ? __pfx_ret_from_fork+0x10/0x10 [ 1278.927549][T11929] ? __switch_to+0xc79/0x1410 [ 1278.927566][T11929] ? __pfx_kthread+0x10/0x10 [ 1278.927590][T11929] ret_from_fork_asm+0x1a/0x30 [ 1278.927618][T11929] [ 1278.927625][T11929] [ 1278.927629][T11929] Allocated by task 17320: [ 1278.927638][T11929] kasan_save_track+0x3e/0x80 [ 1278.927661][T11929] __kasan_kmalloc+0x93/0xb0 [ 1278.927684][T11929] __kvmalloc_node_noprof+0x3c2/0x8e0 [ 1278.927700][T11929] alloc_netdev_mqs+0xa8/0x1260 [ 1278.927713][T11929] rtnl_create_link+0x31f/0xd70 [ 1278.927729][T11929] rtnl_newlink_create+0x277/0xb70 [ 1278.927750][T11929] rtnl_newlink+0x166a/0x1bb0 [ 1278.927768][T11929] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 1278.927786][T11929] netlink_rcv_skb+0x232/0x4b0 [ 1278.927806][T11929] netlink_unicast+0x780/0x920 [ 1278.927824][T11929] netlink_sendmsg+0x813/0xb40 [ 1278.927845][T11929] sock_sendmsg_nosec+0x112/0x150 [ 1278.927860][T11929] __sys_sendto+0x402/0x590 [ 1278.927879][T11929] __x64_sys_sendto+0xde/0x100 [ 1278.927899][T11929] do_syscall_64+0x15f/0xf80 [ 1278.927921][T11929] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1278.927936][T11929] [ 1278.927940][T11929] Freed by task 15458: [ 1278.927948][T11929] kasan_save_track+0x3e/0x80 [ 1278.927969][T11929] kasan_save_free_info+0x46/0x50 [ 1278.927994][T11929] __kasan_slab_free+0x5c/0x80 [ 1278.928017][T11929] kfree+0x1c5/0x6c0 [ 1278.928037][T11929] device_release+0xc4/0x1f0 [ 1278.928057][T11929] kobject_put+0x228/0x560 [ 1278.928071][T11929] netdev_run_todo+0xfb7/0x1130 [ 1278.928093][T11929] default_device_exit_batch+0x986/0xa00 [ 1278.928112][T11929] ops_undo_list+0x52b/0x940 [ 1278.928131][T11929] cleanup_net+0x56e/0x800 [ 1278.928168][T11929] process_one_work+0x9a3/0x1710 [ 1278.928192][T11929] worker_thread+0xba8/0x11e0 [ 1278.928217][T11929] kthread+0x388/0x470 [ 1278.928247][T11929] ret_from_fork+0x514/0xb70 [ 1278.928269][T11929] ret_from_fork_asm+0x1a/0x30 [ 1278.928298][T11929] [ 1278.928305][T11929] The buggy address belongs to the object at ffff88806c120000 [ 1278.928305][T11929] which belongs to the cache kmalloc-cg-8k of size 8192 [ 1278.928327][T11929] The buggy address is located 752 bytes inside of [ 1278.928327][T11929] freed 8192-byte region [ffff88806c120000, ffff88806c122000) [ 1278.928357][T11929] [ 1278.928362][T11929] The buggy address belongs to the physical page: [ 1278.928384][T11929] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6c120 [ 1278.928399][T11929] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1278.928412][T11929] memcg:ffff88806c122011 [ 1278.928420][T11929] flags: 0x80000000000040(head|node=0|zone=1) [ 1278.928434][T11929] page_type: f5(slab) [ 1278.928462][T11929] raw: 0080000000000040 ffff88813febc640 dead000000000100 dead000000000122 [ 1278.928477][T11929] raw: 0000000000000000 0000400000020002 00000000f5000000 ffff88806c122011 [ 1278.928494][T11929] head: 0080000000000040 ffff88813febc640 dead000000000100 dead000000000122 [ 1278.928509][T11929] head: 0000000000000000 0000400000020002 00000000f5000000 ffff88806c122011 [ 1278.928524][T11929] head: 0080000000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff [ 1278.928537][T11929] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008 [ 1278.928547][T11929] page dumped because: kasan: bad access detected [ 1278.928559][T11929] page_owner tracks the page as allocated [ 1278.928565][T11929] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd60c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 17320, tgid 17320 (syz-executor), ts 1197694514136, free_ts 1197284352834 [ 1278.928596][T11929] post_alloc_hook+0x22d/0x280 [ 1278.928619][T11929] get_page_from_freelist+0x27d6/0x2850 [ 1278.928637][T11929] __alloc_frozen_pages_noprof+0x18d/0x380 [ 1278.928654][T11929] allocate_slab+0x77/0x660 [ 1278.928672][T11929] refill_objects+0x33c/0x3d0 [ 1278.928689][T11929] __pcs_replace_empty_main+0x373/0x720 [ 1278.928708][T11929] __kvmalloc_node_noprof+0x6f4/0x8e0 [ 1278.928724][T11929] alloc_netdev_mqs+0xa8/0x1260 [ 1278.928737][T11929] rtnl_create_link+0x31f/0xd70 [ 1278.928755][T11929] rtnl_newlink_create+0x277/0xb70 [ 1278.928776][T11929] rtnl_newlink+0x166a/0x1bb0 [ 1278.928795][T11929] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 1278.928813][T11929] netlink_rcv_skb+0x232/0x4b0 [ 1278.928833][T11929] netlink_unicast+0x780/0x920 [ 1278.928849][T11929] netlink_sendmsg+0x813/0xb40 [ 1278.928870][T11929] sock_sendmsg_nosec+0x112/0x150 [ 1278.928885][T11929] page last free pid 17320 tgid 17320 stack trace: [ 1278.928895][T11929] __free_frozen_pages+0xf9b/0x10f0 [ 1278.928908][T11929] __slab_free+0x252/0x2a0 [ 1278.928922][T11929] qlist_free_all+0x99/0x100 [ 1278.928943][T11929] kasan_quarantine_reduce+0x148/0x160 [ 1278.928964][T11929] __kasan_slab_alloc+0x22/0x80 [ 1278.928992][T11929] __kmalloc_cache_noprof+0x338/0x690 [ 1278.929006][T11929] ref_tracker_alloc+0x15e/0x4a0 [ 1278.929022][T11929] net_rx_queue_update_kobjects+0x1b7/0x750 [ 1278.929047][T11929] netdev_register_kobject+0x21f/0x310 [ 1278.929062][T11929] register_netdevice+0x146d/0x1ed0 [ 1278.929084][T11929] veth_newlink+0x4a4/0xb70 [ 1278.929100][T11929] rtnl_newlink_create+0x329/0xb70 [ 1278.929121][T11929] rtnl_newlink+0x166a/0x1bb0 [ 1278.929139][T11929] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 1278.929157][T11929] netlink_rcv_skb+0x232/0x4b0 [ 1278.929176][T11929] netlink_unicast+0x780/0x920 [ 1278.929193][T11929] [ 1278.929197][T11929] Memory state around the buggy address: [ 1278.929206][T11929] ffff88806c120180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1278.929217][T11929] ffff88806c120200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1278.929241][T11929] >ffff88806c120280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1278.929250][T11929] ^ [ 1278.929260][T11929] ffff88806c120300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1278.929271][T11929] ffff88806c120380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1278.929280][T11929] ================================================================== [ 1278.933745][T11929] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1278.933830][T11929] CPU: 1 UID: 0 PID: 11929 Comm: kworker/1:1 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1278.933934][T11929] Tainted: [L]=SOFTLOCKUP [ 1278.933958][T11929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1278.934016][T11929] Workqueue: events smc_ib_port_event_work [ 1278.934084][T11929] Call Trace: [ 1278.934117][T11929] [ 1278.934142][T11929] vpanic+0x56c/0xa60 [ 1278.934256][T11929] ? __pfx_vpanic+0x10/0x10 [ 1278.934349][T11929] ? __pfx___schedule+0x10/0x10 [ 1278.934452][T11929] panic+0xc5/0xd0 [ 1278.934551][T11929] ? __pfx_panic+0x10/0x10 [ 1278.934654][T11929] ? preempt_schedule_common+0x82/0xd0 [ 1278.934757][T11929] ? __ethtool_get_link_ksettings+0x5e/0x170 [ 1278.934828][T11929] check_panic_on_warn+0x89/0xb0 [ 1278.934897][T11929] ? __ethtool_get_link_ksettings+0x5e/0x170 [ 1278.934921][T11929] end_report+0x73/0x170 [ 1278.935008][T11929] ? __ethtool_get_link_ksettings+0x5e/0x170 [ 1278.935094][T11929] kasan_report+0x128/0x150 [ 1278.935163][T11929] ? __ethtool_get_link_ksettings+0x5e/0x170 [ 1278.935254][T11929] __ethtool_get_link_ksettings+0x5e/0x170 [ 1278.935328][T11929] ib_get_eth_speed+0x180/0x800 [ 1278.935421][T11929] ? lock_acquire+0x106/0x350 [ 1278.935516][T11929] ? __pfx_ib_get_eth_speed+0x10/0x10 [ 1278.935612][T11929] ? lockdep_hardirqs_on+0x7a/0x110 [ 1278.935707][T11929] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 1278.935812][T11929] ? rxe_query_port+0x7e/0x3e0 [ 1278.935903][T11929] rxe_query_port+0x93/0x3e0 [ 1278.936004][T11929] ib_query_port+0x170/0x840 [ 1278.936087][T11929] smc_ib_port_event_work+0x16f/0x940 [ 1278.936120][T11929] ? process_one_work+0x8b7/0x1710 [ 1278.936155][T11929] ? process_one_work+0x8b7/0x1710 [ 1278.936214][T11929] process_one_work+0x9a3/0x1710 [ 1278.936322][T11929] ? __pfx_process_one_work+0x10/0x10 [ 1278.936400][T11929] ? do_raw_spin_lock+0x12b/0x2f0 [ 1278.936487][T11929] worker_thread+0xba8/0x11e0 [ 1278.936597][T11929] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1278.936708][T11929] ? __kthread_parkme+0x7a/0x1f0 [ 1278.936789][T11929] ? __kthread_parkme+0x19c/0x1f0 [ 1278.936880][T11929] kthread+0x388/0x470 [ 1278.936969][T11929] ? __pfx_worker_thread+0x10/0x10 [ 1278.937056][T11929] ? __pfx_kthread+0x10/0x10 [ 1278.937150][T11929] ret_from_fork+0x514/0xb70 [ 1278.937231][T11929] ? __pfx_ret_from_fork+0x10/0x10 [ 1278.937311][T11929] ? __switch_to+0xc79/0x1410 [ 1278.937380][T11929] ? __pfx_kthread+0x10/0x10 [ 1278.937471][T11929] ret_from_fork_asm+0x1a/0x30 [ 1278.937570][T11929] [ 1278.938247][T11929] Kernel Offset: disabled