last executing test programs: 3m55.717052872s ago: executing program 1 (id=6453): mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000e, 0x204031, 0xffffffffffffffff, 0xd0c6f000) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00') prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f00000de000/0x4000)=nil, 0x4000, &(0x7f0000000080)='.\x00') read$FUSE(r0, &(0x7f0000000640)={0x2020}, 0x2020) 3m55.545378198s ago: executing program 1 (id=6458): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, 0x0) 3m55.354505241s ago: executing program 1 (id=6463): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/vlan/vlan0\x00') socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8923, &(0x7f0000000000)={'vlan0\x00', @local}) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x3000002, 0x1010, r0, 0x8000000) 3m55.269505634s ago: executing program 1 (id=6465): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) umount2(&(0x7f0000000380)='./file0\x00', 0x4) 3m55.179255996s ago: executing program 1 (id=6468): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000100)=0xa8, 0x4) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6) recvmmsg(r0, &(0x7f0000002cc0)=[{{0x0, 0x0, 0x0}, 0x71d8e07a}], 0x1, 0x12020, 0x0) 3m54.44564807s ago: executing program 1 (id=6475): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000}) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000180)={0x4, 0x4, 0x6000, 0x2000, &(0x7f0000ffc000/0x2000)=nil, 0xa63abe0d00000000, r2}) 3m54.170595009s ago: executing program 32 (id=6475): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000}) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000180)={0x4, 0x4, 0x6000, 0x2000, &(0x7f0000ffc000/0x2000)=nil, 0xa63abe0d00000000, r2}) 2m54.968657967s ago: executing program 2 (id=7337): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f00000002c0)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x4, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x32) ioctl$PPPIOCGMRU(r0, 0x80047453, 0x0) 2m54.924730729s ago: executing program 2 (id=7338): r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @loopback}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000240)=ANY=[@ANYBLOB="e0000002ac1414aa0100000002"], 0x18) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) 2m54.881797217s ago: executing program 2 (id=7339): r0 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) exit(0x2616) fchdir(r0) getcwd(0x0, 0x0) 2m53.977120285s ago: executing program 2 (id=7352): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) rename(&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='./file1\x00') 2m53.889175303s ago: executing program 2 (id=7354): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) shutdown(r0, 0x1) 2m53.364958063s ago: executing program 2 (id=7360): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=@newsa={0x144, 0x10, 0x1, 0xbffffffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@local, 0x1, 0x794, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@loopback, {0x0, 0x9, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0x1ff}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x1, 0xfd, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @mark={0xc, 0x15, {0x35075a, 0x4}}]}, 0x144}, 0x1, 0x0, 0x0, 0x8801}, 0x10) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x18, 0x1, 0xfffffffe, 0x100, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x71c, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@dev={0xac, 0x14, 0x14, 0x25}, {0x0, 0x192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffa, 0xfffffffc}, 0x80, 0x3500, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) 2m53.183319188s ago: executing program 33 (id=7360): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=@newsa={0x144, 0x10, 0x1, 0xbffffffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@local, 0x1, 0x794, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@loopback, {0x0, 0x9, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0x1ff}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x1, 0xfd, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @mark={0xc, 0x15, {0x35075a, 0x4}}]}, 0x144}, 0x1, 0x0, 0x0, 0x8801}, 0x10) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x18, 0x1, 0xfffffffe, 0x100, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x71c, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@dev={0xac, 0x14, 0x14, 0x25}, {0x0, 0x192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffa, 0xfffffffc}, 0x80, 0x3500, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) 2m3.73941101s ago: executing program 0 (id=8007): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0) mount$9p_unix(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x84000, 0x0) 2m3.592447648s ago: executing program 0 (id=8011): r0 = add_key$user(&(0x7f0000000200), &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000002c0)="f5", 0x30, 0xfffffffffffffffe) ioctl$MEDIA_IOC_ENUM_LINKS(0xffffffffffffffff, 0xc0287c02, &(0x7f0000000180)={0x80000000, 0x0, &(0x7f0000000100)}) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xd3, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f0000000240)=""/69, 0x45, 0x0) 2m3.349512096s ago: executing program 0 (id=8015): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0x285, 0x0, 0x9}]}) 2m2.831813788s ago: executing program 0 (id=8017): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) umount2(&(0x7f0000000380)='./file0\x00', 0x0) 2m2.704481618s ago: executing program 0 (id=8021): newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x6000) setresuid(0xee01, r0, r0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, 0x0, 0x0) 2m1.795002055s ago: executing program 0 (id=8024): pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000240)="94", 0x1) tee(r0, r2, 0x8f5, 0x0) 2m1.153871872s ago: executing program 34 (id=8024): pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000240)="94", 0x1) tee(r0, r2, 0x8f5, 0x0) 1m36.882300141s ago: executing program 3 (id=8233): syz_clone3(&(0x7f0000000080)={0x180801400, &(0x7f0000000000)=0xffffffffffffffff, 0x0, 0x0, {0x3d}, 0x0, 0x0, 0x0, 0x0}, 0x58) pidfd_send_signal(r0, 0x21, 0x0, 0x0) waitid$P_PIDFD(0x3, r0, 0x0, 0x40000004, 0x0) pidfd_getfd(r0, r0, 0x0) 1m36.785728061s ago: executing program 3 (id=8236): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'erspan0\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x3, 0x4) sendto$packet(r0, &(0x7f00000000c0)="3f031c00eee8140006001e0089e9aaa911d7c2290f004305370f7c967c643c4a1b7880d0fbc50df71548a3f6c560906338", 0x31, 0x8000, &(0x7f0000000540)={0xc9, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) 1m36.702179603s ago: executing program 3 (id=8238): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xc4, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@dev={0xac, 0x14, 0x14, 0x25}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x0, 0x0, 0x1}, [@policy_type={0xa, 0x10, {0x1}}]}, 0xc4}}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x3a, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) 1m36.612006239s ago: executing program 3 (id=8240): mkdir(&(0x7f0000000940)='./file0\x00', 0x51) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x1) 1m36.543448725s ago: executing program 3 (id=8241): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000000)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)={0x54, r1, 0x1, 0xfffffffd, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_SEC_DEVKEY={0x38, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8}, @NL802154_DEVKEY_ATTR_ID={0x20, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x14, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}]}, @NL802154_KEY_ID_ATTR_MODE={0x8}]}]}]}, 0x54}}, 0x0) 1m35.293785615s ago: executing program 3 (id=8253): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x6, 0x7fc00100}]}) getpid() close_range(r0, 0xffffffffffffffff, 0x0) 1m34.951722814s ago: executing program 35 (id=8253): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x6, 0x7fc00100}]}) getpid() close_range(r0, 0xffffffffffffffff, 0x0) 33.789692086s ago: executing program 5 (id=9130): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000180)={0x50, r0, 0x801, 0x0, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_CIPHER={0x8, 0x3, 0xfac05}, @NL80211_KEY_IDX={0x5, 0x2, 0x2}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "88d43ab161e9013bb562ad5ecd"}]}]}, 0x50}}, 0x0) 33.620219191s ago: executing program 5 (id=9134): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000004c0)={0x1, 0x0, [{0xc0010007, 0x0, 0x6}]}) 33.302813594s ago: executing program 5 (id=9140): r0 = socket(0x10, 0x3, 0x0) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRESDEC], 0x24}, 0x1, 0x0, 0x0, 0x50}, 0x0) recvmmsg$unix(r0, &(0x7f0000000680)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000003c0)=""/207, 0xcf}, {&(0x7f0000004840)=""/215, 0xf6}, {&(0x7f0000000700)=""/239, 0xef}, {&(0x7f00000008c0)=""/161, 0xa1}, {&(0x7f0000004b00)=""/174, 0xae}, {&(0x7f0000000ac0)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/230, 0xe6}, {&(0x7f0000000980)=""/220, 0xd7}], 0x8}}], 0x1, 0x0, 0x0) write(r0, &(0x7f0000000100)="1400000052004f7fb3e4bf80a000080000000000", 0x14) 33.192089586s ago: executing program 5 (id=9142): mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b) mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0) mount$bpf(0x200000000000, &(0x7f0000000000)='.\x00', 0x0, 0x8b7848, 0x0) mount$bpf(0x200000000000, &(0x7f0000000100)='./file0\x00', 0x0, 0xb7848, 0x0) 32.977024693s ago: executing program 5 (id=9148): memfd_create(&(0x7f00000000c0)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc86s\xe07(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU', 0x1) write(0xffffffffffffffff, &(0x7f0000000100)="140000005200", 0x6) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2) 31.889959505s ago: executing program 5 (id=9157): r0 = socket$kcm(0x10, 0x2, 0x4) close(r0) socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000100)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac00800060007000200060001c00200bc24eab556a705251e618294ff4051f60a84c9f4d4938037e786a6d00010000400000000000000c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4004004) 31.764869802s ago: executing program 36 (id=9157): r0 = socket$kcm(0x10, 0x2, 0x4) close(r0) socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000100)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac00800060007000200060001c00200bc24eab556a705251e618294ff4051f60a84c9f4d4938037e786a6d00010000400000000000000c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4004004) 6.075186714s ago: executing program 6 (id=9518): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r1, 0x0, 0x0, 0x30, 0x0, @in6={0x1b, 0x0, 0x7, @empty, 0x3aa7}, @ib={0x1b, 0xffff, 0x0, {}, 0x0, 0xfffffffffffffffc, 0x6}}}, 0x118) write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f00000001c0)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r1, 0x2}}, 0x18) 5.930765084s ago: executing program 6 (id=9521): mknod(&(0x7f0000000280)='./file0\x00', 0x1ffa, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x70e, 0x0) writev(r0, &(0x7f0000000200)=[{&(0x7f00000002c0)='\x00', 0x1}], 0x1) read(r0, &(0x7f0000000140)=""/79, 0x4f) 5.715806747s ago: executing program 6 (id=9524): r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f00000001c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_connect(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="120110013e083f10cc043325"], 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x0, 0x36, &(0x7f0000000240)=ANY=[], 0x0) 2.583578386s ago: executing program 6 (id=9574): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x1) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 877.310203ms ago: executing program 4 (id=9600): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000003000)={0x3c, r0, 0x801, 0x0, 0xfffffffe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP40={0x9, 0x1, "1d9d000600"}, @NL80211_KEY_IDX={0x5, 0x2, 0x3}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac08}]}]}, 0x3c}}, 0x0) 834.38383ms ago: executing program 7 (id=9608): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f00000000c0), 0x1) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000040), 0x1) 768.823105ms ago: executing program 4 (id=9601): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000640)=0x10) mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x100000b, 0x8012, r0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) 768.065486ms ago: executing program 8 (id=9602): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x0) 738.228779ms ago: executing program 7 (id=9603): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f00000000c0), 0x10) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[], 0x448}}, 0x0) sendmmsg$inet(r0, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="050000007402b8f4191db62b", 0xc}, {&(0x7f0000000440)="9f336d70bf41f19e47e98b4015e3b0384d86a1ceb4e530554ebc8154bf392bcf9ce0b09f879bd7aaf9d086e3", 0x2c}], 0x2}}, {{0x0, 0x0, &(0x7f0000000100), 0x2}}], 0x40000000000003a, 0x0) 646.154141ms ago: executing program 8 (id=9604): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000080)={'team0\x00', 0x0}) r2 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r2, &(0x7f0000000cc0)="0b032200e0ff25000200475400f6a1", 0xf, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) 565.427464ms ago: executing program 7 (id=9605): r0 = open(&(0x7f00000000c0)='./file0\x00', 0x108843, 0x9a) fcntl$setlease(r0, 0x400, 0x1) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) 563.783735ms ago: executing program 4 (id=9606): creat(&(0x7f0000000080)='./file0\x00', 0x0) setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x3) lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000100)=@v2={0x2000000, [{0x8fb0, 0x4}, {0x5, 0xfffffffc}]}, 0x14, 0x0) lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x1) 523.25989ms ago: executing program 8 (id=9607): r0 = socket$kcm(0x10, 0x2, 0x4) close(r0) socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000780)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36507001ac00800020004000c00060000000364bc24eab556a705251e618294ff0051f60a96c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 447.676537ms ago: executing program 4 (id=9609): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota']) r0 = openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x250942, 0x1cd) quotactl_fd$Q_GETNEXTQUOTA(r0, 0xffffffff80000900, 0x0, 0x0) 438.689499ms ago: executing program 7 (id=9610): keyctl$join(0x1, &(0x7f0000000280)={'syz', 0x1}) r0 = request_key(&(0x7f0000000040)='keyring\x00', &(0x7f0000000100)={'syz', 0x1}, 0x0, 0xfffffffffffffffe) keyctl$restrict_keyring(0x3, r0, 0x0, 0x0) request_key(&(0x7f0000000480)='keyring\x00', &(0x7f00000004c0)={'syz', 0x1}, 0x0, 0x0) 404.644285ms ago: executing program 8 (id=9611): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x81c0, 0x0) r0 = landlock_create_ruleset(&(0x7f0000000140)={0x4000}, 0x18, 0x0) landlock_restrict_self(r0, 0x0) truncate(&(0x7f0000000240)='./file0\x00', 0x1) 337.870105ms ago: executing program 4 (id=9612): mkdirat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@nr_inodes={'nr_inodes', 0x3d, [0x31]}}]}) chdir(&(0x7f0000000140)='./file0\x00') symlink(&(0x7f0000001640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', &(0x7f0000000e40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 255.342172ms ago: executing program 8 (id=9613): r0 = syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x2c140) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup(r1) ioctl$NBD_SET_SOCK(r0, 0xab00, r2) 242.498711ms ago: executing program 7 (id=9614): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.state\x00', 0x26e1, 0x0) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)) ioctl$SIOCSIFHWADDR(r0, 0x8b26, &(0x7f0000000200)={'sit0\x00'}) 101.996293ms ago: executing program 4 (id=9615): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='illinois', 0x8) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f00000002c0)="a67a", 0x2, 0x20040045, &(0x7f0000000140)={0xa, 0x4001, 0xfffb, @loopback, 0xfffffffd}, 0x1c) 100.766516ms ago: executing program 6 (id=9616): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000280)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_REPLACE_IOAS(r0, 0x3ba0, &(0x7f0000000300)={0x48, 0xb, r2, 0x0, r1}) 19.892244ms ago: executing program 7 (id=9617): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201050037057b082d0800014b702c02030109021200070100a0000904"], 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000300)={0x44, &(0x7f0000000100)=ANY=[@ANYBLOB="400006000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 19.120385ms ago: executing program 6 (id=9618): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x16) ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000080)={0x1ecd, 0x800011, 0x1, 0x6, 0xa, "84899df67b85d4e19a2d933ddaaa753e83f453"}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0xff) 0s ago: executing program 8 (id=9619): sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000480)=ANY=[@ANYBLOB="1c020000", @ANYRES16, @ANYBLOB="01000000000000000000010000001400020077673100000000000000000000000000f4010880700000804800098028a25880060001000a00000014000200fe8000000000000000000000000000aa05000300000000001c000080060001000200000008000200e0000001050003000000000024000100000000000000000000000000000000000000000000000000000000000000000080010080200004000a004e2000000005200100000000000000000000000000000800000006000500b01f00000800030006000000060005000500000008000a000100000024000100dbffffffffffffffffffffffffffffffffffff02ffffffffffffffffffffffff200004"], 0x21c}}, 0x0) r0 = socket(0x10, 0x3, 0x0) sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="44ddffffeb01e10400000010000000000a00000030"], 0x44}, 0x1, 0x0, 0x0, 0x20000014}, 0x4000840) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="640000001900010000000000fbdbdf251d01"], 0x64}, 0x1, 0x0, 0x0, 0x5}, 0x0) kernel console output (not intermixed with test programs): syzkaller #0 PREEMPT(full) [ 526.190904][T21428] Tainted: [L]=SOFTLOCKUP [ 526.190910][T21428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 526.190928][T21428] Call Trace: [ 526.190935][T21428] [ 526.190942][T21428] dump_stack_lvl+0xe8/0x150 [ 526.190975][T21428] __get_user_pages+0x2378/0x2720 [ 526.191028][T21428] __gup_longterm_locked+0x3db/0x1630 [ 526.191056][T21428] ? xdp_umem_pin_pages+0xca/0x340 [ 526.191087][T21428] pin_user_pages+0x9d/0xd0 [ 526.191110][T21428] xdp_umem_pin_pages+0x11b/0x340 [ 526.191133][T21428] xdp_umem_create+0x646/0x8b0 [ 526.191158][T21428] xsk_setsockopt+0x860/0x990 [ 526.191177][T21428] ? __pfx_xsk_setsockopt+0x10/0x10 [ 526.191197][T21428] ? __fget_files+0x2a/0x420 [ 526.191218][T21428] ? aa_sock_opt_perm+0xff/0x1a0 [ 526.191236][T21428] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 526.191260][T21428] ? __pfx_xsk_setsockopt+0x10/0x10 [ 526.191278][T21428] do_sock_setsockopt+0x17c/0x1b0 [ 526.191299][T21428] __x64_sys_setsockopt+0x13d/0x1b0 [ 526.191318][T21428] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 526.191336][T21428] do_syscall_64+0x15f/0xf80 [ 526.191356][T21428] ? trace_irq_disable+0x3b/0x140 [ 526.191375][T21428] ? clear_bhb_loop+0x40/0x90 [ 526.191394][T21428] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 526.191413][T21428] RIP: 0033:0x7f7ef219c819 [ 526.191430][T21428] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 526.191444][T21428] RSP: 002b:00007f7ef30c6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 526.191460][T21428] RAX: ffffffffffffffda RBX: 00007f7ef2415fa0 RCX: 00007f7ef219c819 [ 526.191471][T21428] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000003 [ 526.191481][T21428] RBP: 00007f7ef2232c91 R08: 0000000000000020 R09: 0000000000000000 [ 526.191490][T21428] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 526.191500][T21428] R13: 00007f7ef2416038 R14: 00007f7ef2415fa0 R15: 00007ffd7fce0848 [ 526.191526][T21428] [ 526.620307][ T80] Bluetooth: hci4: Frame reassembly failed (-84) [ 526.706423][T21439] tap0: tun_chr_ioctl cmd 1074025675 [ 526.711846][T21439] tap0: persist enabled [ 526.850128][T21446] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7131'. [ 527.045059][T21454] sctp: [Deprecated]: syz.3.7135 (pid 21454) Use of int in max_burst socket option deprecated. [ 527.045059][T21454] Use struct sctp_assoc_value instead [ 527.765222][T21486] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 527.958619][T21495] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 527.976451][T21495] overlayfs: overlapping lowerdir path [ 528.395616][T21512] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 528.634013][ T5854] Bluetooth: hci4: command 0x1003 tx timeout [ 528.644012][ T5856] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 529.398250][T21557] input: syz0 as /devices/virtual/input/input47 [ 529.689787][T21573] veth1_virt_wifi: entered allmulticast mode [ 529.697060][T21573] veth1_virt_wifi: left allmulticast mode [ 530.021138][T21590] veth1_macvtap: left promiscuous mode [ 530.062935][T21590] macsec0: entered promiscuous mode [ 530.113001][T21590] veth1_macvtap: entered promiscuous mode [ 530.142477][T21590] macsec0: left promiscuous mode [ 530.584741][T21616] netlink: 20 bytes leftover after parsing attributes in process `syz.3.7198'. [ 531.393842][ T5842] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 531.556276][ T5842] usb 5-1: config 1 interface 0 has no altsetting 0 [ 531.569040][ T5842] usb 5-1: string descriptor 0 read error: -22 [ 531.576149][ T5842] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1b29, bcdDevice= 0.40 [ 531.586241][ T5842] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 531.811936][T21661] netlink: 20 bytes leftover after parsing attributes in process `syz.3.7220'. [ 532.042894][ T5842] hid_parser_main: 472 callbacks suppressed [ 532.042919][ T5842] hid-corsair-void 0003:1B1C:1B29.0054: unknown main item tag 0x0 [ 532.057322][ T5842] hid-corsair-void 0003:1B1C:1B29.0054: unknown main item tag 0x0 [ 532.066451][ T5842] hid-corsair-void 0003:1B1C:1B29.0054: unknown main item tag 0x0 [ 532.080059][ T5842] hid-corsair-void 0003:1B1C:1B29.0054: unknown main item tag 0x0 [ 532.089348][ T5842] hid-corsair-void 0003:1B1C:1B29.0054: unknown main item tag 0x0 [ 532.098163][ T5842] hid-corsair-void 0003:1B1C:1B29.0054: unknown main item tag 0x0 [ 532.106586][ T5842] hid-corsair-void 0003:1B1C:1B29.0054: unknown main item tag 0x0 [ 532.118287][ T5842] hid-corsair-void 0003:1B1C:1B29.0054: unknown main item tag 0x0 [ 532.128203][ T5905] usb 4-1: new high-speed USB device number 79 using dummy_hcd [ 532.130077][ T5842] hid-corsair-void 0003:1B1C:1B29.0054: unknown main item tag 0x0 [ 532.145202][ T5842] hid-corsair-void 0003:1B1C:1B29.0054: unknown main item tag 0x0 [ 532.154122][ T5842] hid-corsair-void 0003:1B1C:1B29.0054: unexpected long global item [ 532.162713][ T5842] hid-corsair-void 0003:1B1C:1B29.0054: parse failed (reason: -22) [ 532.171928][ T5842] hid-corsair-void 0003:1B1C:1B29.0054: probe with driver hid-corsair-void failed with error -22 [ 532.211289][ T5842] usb 5-1: USB disconnect, device number 8 [ 532.296500][ T5905] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 532.307981][ T5905] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 532.318670][ T5905] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 532.327971][ T5905] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 532.338476][ T5905] usb 4-1: config 0 descriptor?? [ 532.762925][ T5905] cm6533_jd 0003:0D8C:0022.0055: item fetching failed at offset 3/5 [ 532.791305][ T5905] cm6533_jd 0003:0D8C:0022.0055: parse failed [ 532.802551][ T5905] cm6533_jd 0003:0D8C:0022.0055: probe with driver cm6533_jd failed with error -22 [ 532.820890][T21665] netlink: 'syz.4.7222': attribute type 2 has an invalid length. [ 532.830578][T21665] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7222'. [ 532.968765][ T5842] usb 4-1: USB disconnect, device number 79 [ 533.028049][T21672] batadv_slave_1: entered promiscuous mode [ 533.038889][T21672] batadv_slave_1: left promiscuous mode [ 535.284220][T21759] loop8: detected capacity change from 0 to 1 [ 535.310487][T21759] Dev loop8: unable to read RDB block 1 [ 535.316463][T21759] loop8: unable to read partition table [ 535.322695][T21759] loop8: partition table beyond EOD, truncated [ 535.329774][T21759] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 535.426511][T21765] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 535.479178][T21767] bpf: Bad value for 'uid' [ 535.504651][T21769] netlink: 48 bytes leftover after parsing attributes in process `syz.0.7270'. [ 535.514171][T21769] netlink: 120 bytes leftover after parsing attributes in process `syz.0.7270'. [ 535.676538][T21777] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 535.687399][T21777] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off. [ 535.702754][T21777] overlayfs: failed to set uuid (1868/file0, err=-13); falling back to uuid=null. [ 536.723866][ T9] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 536.754817][T21825] netlink: 'syz.0.7297': attribute type 2 has an invalid length. [ 536.763024][T21825] netlink: 'syz.0.7297': attribute type 4 has an invalid length. [ 536.894429][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 536.902303][ T9] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 536.912221][ T9] usb 5-1: config 0 has no interface number 0 [ 536.922243][ T9] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 536.931884][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 536.940468][ T9] usb 5-1: Product: syz [ 536.944970][ T9] usb 5-1: Manufacturer: syz [ 536.949667][ T9] usb 5-1: SerialNumber: syz [ 536.965775][ T9] usb 5-1: config 0 descriptor?? [ 536.979486][ T9] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 537.113488][T21837] Context (ID=0x0) not attached to queue pair (handle=0x0:0x0) [ 537.191338][ T9] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 537.212307][ T9] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 537.600948][ C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 537.602727][ T5842] usb 5-1: USB disconnect, device number 9 [ 537.629535][ T5842] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 537.650807][ T5842] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 537.665816][ T5842] quatech2 5-1:0.51: device disconnected [ 537.997144][T21857] autofs: Bad value for 'fd' [ 538.512429][T21881] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7324'. [ 538.525114][T21881] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7324'. [ 539.313955][ T5842] usb 4-1: new high-speed USB device number 80 using dummy_hcd [ 539.503818][ T5842] usb 4-1: Using ep0 maxpacket: 16 [ 539.511118][ T5842] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 539.523794][ T5842] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 539.535360][ T5842] usb 4-1: config 0 interface 0 has no altsetting 0 [ 539.543343][ T5842] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 539.554007][ T5842] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 539.570967][ T5842] usb 4-1: config 0 descriptor?? [ 540.011513][ T5842] hid (null): unknown global tag 0xe [ 540.034118][ T5842] hid (null): usage index exceeded [ 540.054678][ T5842] hid (null): unknown global tag 0xc [ 540.069547][ T5842] hid (null): report_id 0 is invalid [ 540.077883][ T5842] hid (null): global environment stack underflow [ 540.086386][ T5842] hid (null): global environment stack underflow [ 540.093298][ T5842] hid (null): unknown global tag 0xd [ 540.217811][ T5842] usb 4-1: USB disconnect, device number 80 [ 540.260828][T21937] netlink: 165 bytes leftover after parsing attributes in process `syz.0.7349'. [ 540.673913][ T9] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 540.837877][T17087] bond0: (slave syz_tun): Releasing backup interface [ 540.846694][ T9] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 540.861092][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 540.878681][ T9] usb 5-1: config 0 descriptor?? [ 541.099036][ T9] udl 5-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 541.321150][ T5854] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 541.334993][ T5854] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 541.347351][ T5854] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 541.377146][ T5854] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 541.387890][ T5854] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 541.389451][T21966] netlink: 180 bytes leftover after parsing attributes in process `syz.3.7365'. [ 541.435024][ T9] [drm] Initialized udl 0.0.1 for 5-1:0.0 on minor 2 [ 541.456629][ T9] [drm] Initialized udl on minor 2 [ 541.508410][ T9] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed [ 541.524250][ T9] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 541.709330][ T993] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 541.734099][ T9] usb 5-1: USB disconnect, device number 10 [ 541.748958][ T993] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 541.830929][T21963] chnl_net:caif_netlink_parms(): no params data found [ 541.971163][T21963] bridge0: port 1(bridge_slave_0) entered blocking state [ 541.979497][T21963] bridge0: port 1(bridge_slave_0) entered disabled state [ 541.987348][T21963] bridge_slave_0: entered allmulticast mode [ 541.997396][T21963] bridge_slave_0: entered promiscuous mode [ 542.008228][T21963] bridge0: port 2(bridge_slave_1) entered blocking state [ 542.016298][T21963] bridge0: port 2(bridge_slave_1) entered disabled state [ 542.026834][T21963] bridge_slave_1: entered allmulticast mode [ 542.039593][T21963] bridge_slave_1: entered promiscuous mode [ 542.086218][T21963] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 542.104245][T21963] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 542.163395][T21963] team0: Port device team_slave_0 added [ 542.173422][T21963] team0: Port device team_slave_1 added [ 542.214238][T21963] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 542.221363][T21963] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 542.248734][T21963] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 542.271528][T21963] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 542.289366][T21963] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 542.345407][T21963] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 542.482930][T21963] hsr_slave_0: entered promiscuous mode [ 542.490206][T21963] hsr_slave_1: entered promiscuous mode [ 542.499857][T21963] debugfs: 'hsr0' already exists in 'hsr' [ 542.505862][T21963] Cannot create hsr debugfs directory [ 542.654770][ T5932] usb 4-1: new high-speed USB device number 81 using dummy_hcd [ 542.708062][T21963] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 542.722513][T21963] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 542.738037][T21963] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 542.750732][T21963] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 542.785352][T21963] bridge0: port 2(bridge_slave_1) entered blocking state [ 542.795557][T21963] bridge0: port 2(bridge_slave_1) entered forwarding state [ 542.803364][T21963] bridge0: port 1(bridge_slave_0) entered blocking state [ 542.810766][T21963] bridge0: port 1(bridge_slave_0) entered forwarding state [ 542.834402][ T5932] usb 4-1: Using ep0 maxpacket: 8 [ 542.842006][ T5932] usb 4-1: unable to get BOS descriptor or descriptor too short [ 542.865671][ T5932] usb 4-1: config 4 interface 0 has no altsetting 0 [ 542.879758][ T5932] usb 4-1: string descriptor 0 read error: -22 [ 542.890198][ T5932] usb 4-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 542.902668][ T5932] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3 [ 542.919953][T21963] 8021q: adding VLAN 0 to HW filter on device bond0 [ 542.943247][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 542.958038][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 542.966372][ T5932] usb 4-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 542.980572][ T5932] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 542.995300][ T5932] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 543.006002][ T5932] usb 4-1: media controller created [ 543.032607][ T5932] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 543.042992][T21963] 8021q: adding VLAN 0 to HW filter on device team0 [ 543.060562][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 543.067938][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 543.094424][ T80] bridge0: port 2(bridge_slave_1) entered blocking state [ 543.101728][ T80] bridge0: port 2(bridge_slave_1) entered forwarding state [ 543.198392][ T5932] zl10353_read_register: readreg error (reg=127, ret==0) [ 543.436119][ T5854] Bluetooth: hci3: command tx timeout [ 543.500298][T21963] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 544.079247][T21963] veth0_vlan: entered promiscuous mode [ 544.135122][T21963] veth1_vlan: entered promiscuous mode [ 544.233173][T21963] veth0_macvtap: entered promiscuous mode [ 544.258177][ T5932] usb 4-1: USB disconnect, device number 81 [ 544.292271][T21963] veth1_macvtap: entered promiscuous mode [ 544.337751][T21963] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 544.373067][T21963] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 544.420634][ T48] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 544.433177][ T48] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 544.443542][ T48] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 544.458923][ T48] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 544.531045][T22044] loop3: detected capacity change from 0 to 7 [ 544.571720][T22044] Dev loop3: unable to read RDB block 7 [ 544.587881][T22044] loop3: unable to read partition table [ 544.596266][T22044] loop3: partition table beyond EOD, truncated [ 544.607709][T22044] loop_reread_partitions: partition scan of loop3 (被x ) failed (rc=-5) [ 544.691738][ T148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 544.733038][ T148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 544.788242][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 544.805196][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 544.993948][T19514] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 545.174534][T19514] usb 5-1: Using ep0 maxpacket: 8 [ 545.184625][T19514] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 545.203978][T19514] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 545.239558][T19514] pvrusb2: Hardware description: Terratec Grabster AV400 [ 545.256387][T19514] pvrusb2: ********** [ 545.260714][T19514] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 545.275673][T19514] pvrusb2: Important functionality might not be entirely working. [ 545.286504][T19514] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 545.302934][T19514] pvrusb2: ********** [ 545.339200][ T148] Bluetooth: hci4: Frame reassembly failed (-84) [ 545.432332][ T2364] pvrusb2: Invalid write control endpoint [ 545.499905][ T2364] pvrusb2: Invalid write control endpoint [ 545.506052][ T2364] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 545.523761][ T5856] Bluetooth: hci3: command tx timeout [ 545.532834][ T2364] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 545.541449][ T2364] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 545.552511][ T2364] pvrusb2: Device being rendered inoperable [ 545.563643][ T2364] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 545.572222][ T2364] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 545.585796][ T2364] pvrusb2: Attached sub-driver cx25840 [ 545.592005][ T2364] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 545.610528][ T2364] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 545.629575][T22048] pvrusb2: Killing an I2C write to 9 that is too large (desired=62 limit=61) [ 545.642482][T19514] usb 5-1: USB disconnect, device number 11 [ 546.453939][ T5932] usb 5-1: new low-speed USB device number 12 using dummy_hcd [ 546.606434][ T5932] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 546.614747][ T5932] usb 5-1: config 0 has no interface number 0 [ 546.621078][ T5932] usb 5-1: config 0 interface 1 altsetting 19 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 546.632423][ T5932] usb 5-1: config 0 interface 1 altsetting 19 endpoint 0x81 has invalid wMaxPacketSize 0 [ 546.644954][ T5932] usb 5-1: config 0 interface 1 has no altsetting 0 [ 546.656075][ T5932] usb 5-1: New USB device found, idVendor=2179, idProduct=0053, bcdDevice= 0.00 [ 546.665673][ T5932] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 546.676302][ T5932] usb 5-1: config 0 descriptor?? [ 547.292176][ T5932] uclogic 0003:2179:0053.0057: pen parameters not found [ 547.299495][ T5932] uclogic 0003:2179:0053.0057: interface is invalid, ignoring [ 547.312138][ T5932] usb 5-1: USB disconnect, device number 12 [ 547.356978][ T5856] Bluetooth: hci4: command 0x1003 tx timeout [ 547.358509][ T5854] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 547.593971][ T5854] Bluetooth: hci3: command tx timeout [ 547.651390][T22086] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 547.662969][T22086] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 547.747369][ T24] usb 4-1: new high-speed USB device number 82 using dummy_hcd [ 547.766845][T22090] netlink: 132 bytes leftover after parsing attributes in process `syz.5.7407'. [ 547.915059][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 547.937378][ T24] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 547.969731][ T24] usb 4-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 548.005021][ T24] usb 4-1: config 0 interface 0 has no altsetting 0 [ 548.027251][ T24] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 548.048318][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 548.072087][ T24] usb 4-1: Product: syz [ 548.082059][ T24] usb 4-1: Manufacturer: syz [ 548.094862][ T24] usb 4-1: SerialNumber: syz [ 548.103463][T22098] netlink: 48 bytes leftover after parsing attributes in process `syz.0.7411'. [ 548.122329][ T24] usb 4-1: config 0 descriptor?? [ 548.552879][ T24] gs_usb 4-1:0.0: Configuring for 157 interfaces [ 548.629502][T22119] netlink: 132 bytes leftover after parsing attributes in process `syz.4.7423'. [ 548.965345][ T24] gs_usb 4-1:0.0: Couldn't get bit timing const for channel 1 (-EPROTO) [ 549.063588][ T24] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -71 [ 549.092269][ T24] usb 4-1: USB disconnect, device number 82 [ 549.674268][ T5854] Bluetooth: hci3: command tx timeout [ 549.864974][ T24] usb 4-1: new high-speed USB device number 83 using dummy_hcd [ 550.024857][ T24] usb 4-1: Using ep0 maxpacket: 16 [ 550.039581][ T24] usb 4-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 550.062590][ T24] usb 4-1: config 0 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 25 [ 550.095793][ T24] usb 4-1: config 0 interface 0 has no altsetting 0 [ 550.112414][ T24] usb 4-1: New USB device found, idVendor=6666, idProduct=8801, bcdDevice= 0.00 [ 550.131978][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 550.144914][ T24] usb 4-1: config 0 descriptor?? [ 550.589701][ T24] hid_parser_main: 116 callbacks suppressed [ 550.589726][ T24] smartjoyplus 0003:6666:8801.0058: unknown main item tag 0x0 [ 550.605599][ T24] smartjoyplus 0003:6666:8801.0058: unknown main item tag 0x0 [ 550.613301][ T24] smartjoyplus 0003:6666:8801.0058: unknown main item tag 0x0 [ 550.621391][ T24] smartjoyplus 0003:6666:8801.0058: unknown main item tag 0x0 [ 550.629100][ T24] smartjoyplus 0003:6666:8801.0058: unknown main item tag 0x0 [ 550.638122][ T24] smartjoyplus 0003:6666:8801.0058: unknown main item tag 0x0 [ 550.645925][ T24] smartjoyplus 0003:6666:8801.0058: unknown main item tag 0x4 [ 550.653600][ T24] smartjoyplus 0003:6666:8801.0058: unknown main item tag 0x6 [ 550.661397][ T24] smartjoyplus 0003:6666:8801.0058: reserved main item tag 0xd [ 550.669032][ T24] smartjoyplus 0003:6666:8801.0058: reserved main item tag 0xd [ 550.681380][ T24] smartjoyplus 0003:6666:8801.0058: hidraw0: USB HID v0.08 Device [HID 6666:8801] on usb-dummy_hcd.3-1/input0 [ 550.693471][ T24] smartjoyplus 0003:6666:8801.0058: Force feedback for SmartJoy PLUS PS2/USB adapter [ 550.803620][ T24] usb 4-1: USB disconnect, device number 83 [ 551.158675][T22176] macvlan1: entered promiscuous mode [ 551.174052][T22176] macvlan1: entered allmulticast mode [ 551.184176][T22176] veth1_vlan: entered allmulticast mode [ 551.403281][T22186] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7450'. [ 551.782764][T22203] macvlan1: entered promiscuous mode [ 551.791833][T22203] macvlan1: entered allmulticast mode [ 551.798413][T22203] veth1_vlan: entered allmulticast mode [ 552.307486][T22223] tap0: tun_chr_ioctl cmd 1074025675 [ 552.316036][T22223] tap0: persist enabled [ 552.511723][T22231] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 552.527991][T22235] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7474'. [ 553.376513][T22270] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 553.666991][T22281] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 553.686806][T22281] overlayfs: overlapping lowerdir path [ 554.437179][T22317] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 554.474734][ T5833] usb 4-1: new low-speed USB device number 84 using dummy_hcd [ 554.647637][ T5833] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 554.663765][ T5833] usb 4-1: config 0 has no interface number 0 [ 554.679070][ T5833] usb 4-1: config 0 interface 1 altsetting 19 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 554.703035][ T5833] usb 4-1: config 0 interface 1 altsetting 19 endpoint 0x81 has invalid wMaxPacketSize 0 [ 554.740270][ T5833] usb 4-1: config 0 interface 1 has no altsetting 0 [ 554.760080][ T5833] usb 4-1: New USB device found, idVendor=2179, idProduct=0053, bcdDevice= 0.00 [ 554.770723][ T5833] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 554.790564][ T5833] usb 4-1: config 0 descriptor?? [ 554.808131][T22330] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7520'. [ 555.341923][T22352] veth1_virt_wifi: entered allmulticast mode [ 555.360445][T22352] veth1_virt_wifi: left allmulticast mode [ 555.400835][T22353] delete_channel: no stack [ 555.447571][ T5833] uclogic 0003:2179:0053.0059: pen parameters not found [ 555.473841][ T5833] uclogic 0003:2179:0053.0059: interface is invalid, ignoring [ 555.505626][ T5833] usb 4-1: USB disconnect, device number 84 [ 556.182566][T22381] tmpfs: Cannot change global quota limit on remount [ 556.291101][T22383] netlink: 56 bytes leftover after parsing attributes in process `syz.3.7543'. [ 556.753805][ T5833] usb 4-1: new high-speed USB device number 85 using dummy_hcd [ 556.923832][ T5833] usb 4-1: Using ep0 maxpacket: 32 [ 556.938236][ T5833] usb 4-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f [ 556.950871][ T5833] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 556.963622][ T5833] usb 4-1: Product: syz [ 556.968631][ T5833] usb 4-1: Manufacturer: syz [ 556.975472][ T5833] usb 4-1: SerialNumber: syz [ 556.991112][ T5833] usb 4-1: config 0 descriptor?? [ 557.012413][ T5833] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state. [ 557.021069][ T5833] dvb-usb: bulk message failed: -22 (4/0) [ 557.043878][ T5833] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 557.058055][ T5833] dvb-usb: bulk message failed: -22 (5/0) [ 557.065247][ T5833] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 557.080392][ T5833] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 557.092643][ T5833] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0) [ 557.114809][ T5833] usb 4-1: media controller created [ 557.136142][ T5833] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 557.184647][ T5833] usb 4-1: selecting invalid altsetting 3 [ 557.197142][ T5833] ttusb2: set interface to alts=3 failed [ 557.212774][T22391] dvb-usb: bulk message failed: -22 (7/0) [ 557.223750][T22391] ttusb2: there might have been an error during control message transfer. (rlen = 3, was 0) [ 557.245509][T22391] ttusb2: i2c transfer failed. [ 557.281642][ T5833] DVB: Unable to find symbol tda10086_attach() [ 557.288470][ T5833] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0' [ 557.304131][ T5833] dvb-usb: bulk message failed: -22 (4/0) [ 557.318316][ T5833] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 557.331624][ T5833] dvb-usb: bulk message failed: -22 (5/0) [ 557.338183][ T5833] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 557.349046][ T5833] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected. [ 557.372586][ T5833] usb 4-1: USB disconnect, device number 85 [ 557.433552][ T5833] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected. [ 557.827133][T22425] delete_channel: no stack [ 557.834447][T22367] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 558.000603][T22434] netlink: 40 bytes leftover after parsing attributes in process `syz.3.7570'. [ 558.237852][T22442] netlink: 'syz.3.7574': attribute type 2 has an invalid length. [ 558.247732][T22442] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7574'. [ 558.712050][T22459] netlink: 40 bytes leftover after parsing attributes in process `syz.4.7581'. [ 559.006800][T22471] batadv_slave_1: entered promiscuous mode [ 559.026163][T22471] batadv_slave_1: left promiscuous mode [ 559.114817][T22475] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.7589'. [ 559.274018][ T5854] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 559.274396][ T5856] Bluetooth: hci4: command 0x1003 tx timeout [ 559.448041][T22489] netlink: 40 bytes leftover after parsing attributes in process `syz.0.7593'. [ 560.196068][T22525] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 560.369997][T22530] sctp: [Deprecated]: syz.0.7616 (pid 22530) Use of struct sctp_assoc_value in delayed_ack socket option. [ 560.369997][T22530] Use struct sctp_sack_info instead [ 560.635294][ T148] wlan1: Trigger new scan to find an IBSS to join [ 560.835876][T22553] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.7626'. [ 561.111268][T22565] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 561.554070][T22581] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 561.566682][T22581] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off. [ 561.580712][T22581] overlayfs: failed to set uuid (300/file0, err=-13); falling back to uuid=null. [ 562.006593][T22599] sctp: [Deprecated]: syz.4.7648 (pid 22599) Use of struct sctp_assoc_value in delayed_ack socket option. [ 562.006593][T22599] Use struct sctp_sack_info instead [ 562.122112][T22603] netlink: 'syz.3.7658': attribute type 2 has an invalid length. [ 562.130937][T22603] netlink: 'syz.3.7658': attribute type 5 has an invalid length. [ 562.445760][T22616] netlink: 'syz.4.7655': attribute type 10 has an invalid length. [ 562.507629][T22616] team0: Port device netdevsim0 added [ 562.641636][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.837864][T22630] netlink: 'syz.4.7664': attribute type 2 has an invalid length. [ 562.846031][T22630] netlink: 'syz.4.7664': attribute type 4 has an invalid length. [ 563.594127][ T80] wlan1: Trigger new scan to find an IBSS to join [ 564.116004][T22683] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 564.504381][ T5842] usb 4-1: new high-speed USB device number 86 using dummy_hcd [ 564.681019][ T5842] usb 4-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 564.698424][ T5842] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 564.707882][ T5842] usb 4-1: Product: syz [ 564.712656][ T5842] usb 4-1: Manufacturer: syz [ 564.718645][ T5842] usb 4-1: SerialNumber: syz [ 564.883356][T22717] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7705'. [ 564.893273][T22717] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7705'. [ 564.987242][ T5842] rtl8150 4-1:1.0: couldn't reset the device [ 564.994398][ T5842] rtl8150 4-1:1.0: probe with driver rtl8150 failed with error -5 [ 565.010390][ T5842] usb 4-1: USB disconnect, device number 86 [ 565.210836][T22725] netlink: 165 bytes leftover after parsing attributes in process `syz.5.7709'. [ 565.763891][T19514] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 565.914552][T19514] usb 6-1: Using ep0 maxpacket: 16 [ 565.922147][T19514] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 565.933617][ T9] usb 4-1: new high-speed USB device number 87 using dummy_hcd [ 565.941520][T19514] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 565.952437][T19514] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 565.967862][T19514] usb 6-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 565.977223][T19514] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 565.989113][T19514] usb 6-1: config 0 descriptor?? [ 566.113936][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 566.123328][ T9] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 566.132624][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 566.140950][ T9] usb 4-1: Product: syz [ 566.145432][ T9] usb 4-1: Manufacturer: syz [ 566.150268][ T9] usb 4-1: SerialNumber: syz [ 566.158323][ T9] usb 4-1: config 0 descriptor?? [ 566.374733][ T9] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 566.402922][T22735] random: crng reseeded on system resumption [ 566.430577][T19514] input: HID 0955:7214 Haptics as /devices/virtual/input/input51 [ 566.488854][T19514] shield 0003:0955:7214.005A: Registered Thunderstrike controller [ 566.502061][T19514] shield 0003:0955:7214.005A: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.5-1/input0 [ 566.554056][ T3575] wlan1: Trigger new scan to find an IBSS to join [ 566.644201][ T5833] shield 0003:0955:7214.005A: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 566.651884][ T5932] usb 6-1: USB disconnect, device number 2 [ 566.656636][ T5833] shield 0003:0955:7214.005A: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 566.685661][ T5833] shield 0003:0955:7214.005A: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 566.697465][ T5833] shield 0003:0955:7214.005A: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 566.987079][ T9] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 567.002706][ T9] usb 4-1: USB disconnect, device number 87 [ 567.125684][ T5842] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 567.287316][ T5842] usb 5-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 567.302794][ T5842] usb 5-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 567.315797][ T5842] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 567.344886][ T5842] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 567.444477][ T80] wlan1: Creating new IBSS network, BSSID 96:d8:cf:cf:7e:6b [ 568.600821][ T5842] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71 [ 568.613614][ T5842] stv0680 5-1:4.0: last error: 86, command = 0x78 [ 568.627339][ T5842] usb 5-1: USB disconnect, device number 13 [ 569.482542][T22768] tipc: Started in network mode [ 569.492559][T22768] tipc: Node identity , cluster identity 4711 [ 569.501822][T22768] tipc: Failed to obtain node identity [ 569.508545][T22768] tipc: Enabling of bearer rejected, failed to enable media [ 571.147778][T22823] sctp: [Deprecated]: syz.3.7756 (pid 22823) Use of int in max_burst socket option deprecated. [ 571.147778][T22823] Use struct sctp_assoc_value instead [ 571.954356][ T5833] usb 4-1: new high-speed USB device number 88 using dummy_hcd [ 571.970038][ T9] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 572.133834][ T5833] usb 4-1: Using ep0 maxpacket: 16 [ 572.139131][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 572.147214][ T5833] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 572.159776][ T5833] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 572.170144][ T5833] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 572.186574][ T5833] usb 4-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 572.196333][ T5833] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 572.208962][ T9] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 572.222269][ T5833] usb 4-1: config 0 descriptor?? [ 572.230750][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 572.241382][ T9] usb 6-1: Product: syz [ 572.248468][ T5905] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 572.258202][ T9] usb 6-1: Manufacturer: syz [ 572.263042][ T9] usb 6-1: SerialNumber: syz [ 572.271342][ T9] usb 6-1: config 0 descriptor?? [ 572.413838][ T5905] usb 5-1: Using ep0 maxpacket: 16 [ 572.421860][ T5905] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 572.432257][ T5905] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 572.443822][ T5905] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 572.454125][ T5905] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 572.463936][ T5905] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 572.485150][ T5905] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 572.494635][ T9] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 572.503119][ T5905] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 572.511816][ T5905] usb 5-1: Manufacturer: syz [ 572.522858][ T5905] usb 5-1: config 0 descriptor?? [ 572.680707][T22841] random: crng reseeded on system resumption [ 572.709999][ T5833] input: HID 0955:7214 Haptics as /devices/virtual/input/input52 [ 572.797748][ T5833] shield 0003:0955:7214.005B: Registered Thunderstrike controller [ 572.806729][ T5905] rc_core: IR keymap rc-hauppauge not found [ 572.813402][ T5833] shield 0003:0955:7214.005B: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.3-1/input0 [ 572.825491][ T5905] Registered IR keymap rc-empty [ 572.831461][ T5905] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 572.854134][ T5905] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 572.877652][ T5905] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 572.906587][ T5905] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input53 [ 572.946496][ T10] shield 0003:0955:7214.005B: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 572.948825][ T5933] usb 4-1: USB disconnect, device number 88 [ 572.966871][ T5905] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 572.977099][ T10] shield 0003:0955:7214.005B: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 572.989664][ T10] shield 0003:0955:7214.005B: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 573.002089][ T10] shield 0003:0955:7214.005B: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 573.014903][ T5905] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 573.054098][ T5905] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 573.085091][ T5905] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 573.102983][ T9] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 573.134023][ T5905] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 573.147739][ T9] usb 6-1: USB disconnect, device number 3 [ 573.169510][ T5905] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 573.214147][ T5905] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 573.254871][ T5905] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 573.274011][ T5905] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 573.304266][ T5905] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 573.347927][ T5905] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 573.357240][ T5905] mceusb 5-1:0.0: 2 tx ports (0x1 cabled) and 2 rx sensors (0x0 active) [ 573.388310][ T5905] usb 5-1: USB disconnect, device number 14 [ 573.962967][T22879] tipc: Started in network mode [ 573.974852][T22879] tipc: Node identity ac14140f, cluster identity 4711 [ 573.997386][T22879] tipc: New replicast peer: 255.255.255.255 [ 574.018594][T22879] tipc: Enabled bearer , priority 10 [ 575.133855][ T5933] tipc: Node number set to 2886997007 [ 576.069670][T22965] kvm: kvm [22964]: vcpu5, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x80000000000 [ 576.964635][ T9] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 577.126423][ T9] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 130, using maximum allowed: 30 [ 577.138259][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 577.151832][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 577.162670][ T9] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 130 [ 577.178337][ T9] usb 6-1: New USB device found, idVendor=1b1c, idProduct=1b3e, bcdDevice= 0.00 [ 577.188297][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 577.204509][ T9] usb 6-1: config 0 descriptor?? [ 577.617400][ T9] corsair 0003:1B1C:1B3E.005C: unknown main item tag 0x0 [ 577.625137][ T9] corsair 0003:1B1C:1B3E.005C: unknown main item tag 0x0 [ 577.632766][ T9] corsair 0003:1B1C:1B3E.005C: unknown main item tag 0x0 [ 577.642126][ T9] corsair 0003:1B1C:1B3E.005C: unknown main item tag 0x0 [ 577.649340][ T9] corsair 0003:1B1C:1B3E.005C: unknown main item tag 0x0 [ 577.656769][ T9] corsair 0003:1B1C:1B3E.005C: unknown main item tag 0x0 [ 577.665161][ T9] corsair 0003:1B1C:1B3E.005C: unknown main item tag 0x0 [ 577.672919][ T9] corsair 0003:1B1C:1B3E.005C: unknown main item tag 0x0 [ 577.680555][ T9] corsair 0003:1B1C:1B3E.005C: unknown main item tag 0x0 [ 577.688146][ T9] corsair 0003:1B1C:1B3E.005C: unknown main item tag 0x0 [ 577.695907][ T9] corsair 0003:1B1C:1B3E.005C: unexpected long global item [ 577.703829][ T9] corsair 0003:1B1C:1B3E.005C: parse failed [ 577.709859][ T9] corsair 0003:1B1C:1B3E.005C: probe with driver corsair failed with error -22 [ 577.819222][ T5842] usb 6-1: USB disconnect, device number 4 [ 578.394406][ T9] usb 4-1: new high-speed USB device number 89 using dummy_hcd [ 578.559894][ T9] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 578.570626][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 578.581843][ T9] usb 4-1: Product: syz [ 578.586254][ T9] usb 4-1: Manufacturer: syz [ 578.591085][ T9] usb 4-1: SerialNumber: syz [ 578.608860][ T9] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 578.630169][ T5905] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 578.847624][ C0] usb 4-1: ath: unknown panic pattern! [ 579.050131][ T5842] usb 4-1: USB disconnect, device number 89 [ 579.676173][ T5905] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 579.698433][ T5905] ath9k_htc: Failed to initialize the device [ 579.722580][ T5842] usb 4-1: ath9k_htc: USB layer deinitialized [ 580.519374][T23064] netlink: 64 bytes leftover after parsing attributes in process `syz.3.7865'. [ 583.247879][T23136] input: syz1 as /devices/virtual/input/input54 [ 584.121600][T23171] input: syz1 as /devices/virtual/input/input55 [ 584.582502][T23189] loop8: detected capacity change from 0 to 1 [ 584.597219][T23189] Dev loop8: unable to read RDB block 1 [ 584.612220][T23189] loop8: unable to read partition table [ 584.625636][T23189] loop8: partition table beyond EOD, truncated [ 584.637871][T23189] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 585.329376][T23210] tap1: tun_chr_ioctl cmd 1074025678 [ 585.348290][T23210] tap1: group set to 21 [ 587.272816][T23250] netlink: 164 bytes leftover after parsing attributes in process `syz.5.7948'. [ 587.702529][T23208] syz.3.7929 (23208): drop_caches: 3 [ 587.725580][ T30] kauditd_printk_skb: 59 callbacks suppressed [ 587.725602][ T30] audit: type=1326 audit(2000110682.457:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23238 comm="syz.4.7943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ef219c819 code=0x7fc00000 [ 588.947750][T23310] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1280 [ 589.241843][T23284] syz.4.7964 (23284): drop_caches: 3 [ 589.455855][T23323] netlink: 20 bytes leftover after parsing attributes in process `syz.5.7983'. [ 591.392378][ T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 591.617782][ T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 592.065091][ T5856] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 592.090152][ T5856] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 592.104037][ T5856] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 592.133780][ T5856] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 592.151184][ T5856] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 592.304291][ T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 592.531443][ T12] team0: Port device netdevsim0 removed [ 592.561708][ T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 592.568365][ T9] usb 4-1: new high-speed USB device number 90 using dummy_hcd [ 592.766842][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 592.780117][ T9] usb 4-1: config index 0 descriptor too short (expected 74, got 45) [ 592.813700][ T9] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 592.840762][ T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 592.879214][ T9] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024 [ 592.940874][ T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 593.005899][ T9] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 593.055319][ T9] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 593.087220][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 593.213998][ T5905] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 593.367692][ T9] usb 4-1: GET_CAPABILITIES returned 0 [ 593.384969][ T5905] usb 6-1: Using ep0 maxpacket: 8 [ 593.393041][ T9] usbtmc 4-1:16.0: can't read capabilities [ 593.434524][ T5905] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 593.460679][ T5905] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 593.486119][ T5905] usb 6-1: Product: syz [ 593.494523][ T5905] usb 6-1: Manufacturer: syz [ 593.499921][ T5905] usb 6-1: SerialNumber: syz [ 593.533562][ T5905] usb 6-1: config 0 descriptor?? [ 593.583469][ T12] bridge_slave_1: left allmulticast mode [ 593.593072][ C0] usbtmc 4-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 593.614565][ T12] bridge_slave_1: left promiscuous mode [ 593.628177][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 593.640173][T23405] usbtmc 4-1:16.0: Unable to send data, error -71 [ 593.671348][T19514] usb 4-1: USB disconnect, device number 90 [ 593.685453][ T5856] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 593.703615][ T5856] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 593.718583][ T5856] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 593.734079][ T5856] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 593.735710][ T12] bridge_slave_0: left allmulticast mode [ 593.762480][ T5856] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 593.777453][ T12] bridge_slave_0: left promiscuous mode [ 593.783982][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 593.848600][ T5905] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 593.872496][ T5905] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 593.908152][ T5905] usb 6-1: USB disconnect, device number 5 [ 594.254051][ T5854] Bluetooth: hci0: command tx timeout [ 594.511805][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 594.560220][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 594.572874][ T12] bond0 (unregistering): Released all slaves [ 594.618032][T23397] chnl_net:caif_netlink_parms(): no params data found [ 594.770010][ T12] tipc: Disabling bearer [ 594.821685][ T12] tipc: Left network mode [ 595.223832][ T9] usb 4-1: new high-speed USB device number 91 using dummy_hcd [ 595.415172][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 595.438807][ T9] usb 4-1: unable to get BOS descriptor or descriptor too short [ 595.467727][ T9] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7 [ 595.486817][ T9] usb 4-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40 [ 595.497060][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 595.513855][ T9] usb 4-1: Product: syz [ 595.518220][ T9] usb 4-1: Manufacturer: syz [ 595.522886][ T9] usb 4-1: SerialNumber: syz [ 595.604841][T23397] bridge0: port 1(bridge_slave_0) entered blocking state [ 595.622674][T23397] bridge0: port 1(bridge_slave_0) entered disabled state [ 595.635135][T23397] bridge_slave_0: entered allmulticast mode [ 595.652798][T23397] bridge_slave_0: entered promiscuous mode [ 595.738511][T23397] bridge0: port 2(bridge_slave_1) entered blocking state [ 595.777001][T23397] bridge0: port 2(bridge_slave_1) entered disabled state [ 595.796926][T23397] bridge_slave_1: entered allmulticast mode [ 595.814481][ T9] usb 4-1: Audio class v2/v3 interfaces need an interface association [ 595.827467][T23397] bridge_slave_1: entered promiscuous mode [ 595.833846][ T5854] Bluetooth: hci1: command tx timeout [ 595.842367][ T9] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 596.091531][T23397] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 596.157723][ T12] hsr_slave_0: left promiscuous mode [ 596.168320][ T12] hsr_slave_1: left promiscuous mode [ 596.185235][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 596.203912][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 596.225870][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 596.242244][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 596.311245][ T12] veth1_macvtap: left promiscuous mode [ 596.320289][ T5854] Bluetooth: hci0: command tx timeout [ 596.338606][ T12] veth0_macvtap: left promiscuous mode [ 596.344870][ T12] veth1_vlan: left allmulticast mode [ 596.350545][ T12] veth1_vlan: left promiscuous mode [ 596.357117][ T9] usb 4-1: USB disconnect, device number 91 [ 596.364129][ T12] veth0_vlan: left promiscuous mode [ 597.095080][ T12] team0 (unregistering): Port device team_slave_1 removed [ 597.121894][ T12] team0 (unregistering): Port device team_slave_0 removed [ 597.425757][T23397] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 597.500522][ T48] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 597.583338][T23397] team0: Port device team_slave_0 added [ 597.610654][T23397] team0: Port device team_slave_1 added [ 597.781017][T23397] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 597.805873][T23397] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 597.871728][T23397] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 597.889330][T23397] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 597.899166][T23397] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 597.929048][ T5854] Bluetooth: hci1: command tx timeout [ 597.935524][T23397] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 598.001426][T23414] chnl_net:caif_netlink_parms(): no params data found [ 598.135339][T23397] hsr_slave_0: entered promiscuous mode [ 598.142899][T23397] hsr_slave_1: entered promiscuous mode [ 598.396466][ T5854] Bluetooth: hci0: command tx timeout [ 598.545425][T23414] bridge0: port 1(bridge_slave_0) entered blocking state [ 598.556849][T23414] bridge0: port 1(bridge_slave_0) entered disabled state [ 598.565353][T23414] bridge_slave_0: entered allmulticast mode [ 598.573617][T23414] bridge_slave_0: entered promiscuous mode [ 598.655849][T23414] bridge0: port 2(bridge_slave_1) entered blocking state [ 598.674316][T23414] bridge0: port 2(bridge_slave_1) entered disabled state [ 598.696153][T23414] bridge_slave_1: entered allmulticast mode [ 598.719652][T23414] bridge_slave_1: entered promiscuous mode [ 598.893962][T23414] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 598.909842][T23414] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 599.048649][T23520] netlink: 'syz.5.8051': attribute type 83 has an invalid length. [ 599.087375][T23414] team0: Port device team_slave_0 added [ 599.412652][T23414] team0: Port device team_slave_1 added [ 599.615177][T23537] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8059'. [ 599.643314][T23414] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 599.664554][T23414] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 599.718679][T23414] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 599.746659][ T12] bond0: left allmulticast mode [ 599.752184][ T12] bond_slave_0: left allmulticast mode [ 599.770935][ T12] bond_slave_1: left allmulticast mode [ 599.777737][ T12] bridge0: port 3(bond0) entered disabled state [ 599.787429][ T12] bridge_slave_1: left allmulticast mode [ 599.793157][ T12] bridge_slave_1: left promiscuous mode [ 599.803983][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 599.819370][ T12] bridge_slave_0: left allmulticast mode [ 599.826809][ T12] bridge_slave_0: left promiscuous mode [ 599.832658][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 599.997856][ T5854] Bluetooth: hci1: command tx timeout [ 600.143898][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 600.159814][ T12] bond_slave_0: left promiscuous mode [ 600.173125][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 600.183125][ T12] bond_slave_1: left promiscuous mode [ 600.193922][ T12] bond0 (unregistering): Released all slaves [ 600.321501][T23414] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 600.328975][T23414] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 600.355901][T23414] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 600.379958][ T12] tipc: Disabling bearer [ 600.398163][ T12] tipc: Left network mode [ 600.475630][ T5854] Bluetooth: hci0: command tx timeout [ 600.894317][T23414] hsr_slave_0: entered promiscuous mode [ 600.907851][T23414] hsr_slave_1: entered promiscuous mode [ 600.914938][T23414] debugfs: 'hsr0' already exists in 'hsr' [ 600.920724][T23414] Cannot create hsr debugfs directory [ 601.371326][ T12] hsr_slave_0: left promiscuous mode [ 601.384762][ T12] hsr_slave_1: left promiscuous mode [ 601.398170][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 601.416646][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 601.439522][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 601.463763][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 601.492910][ T12] veth1_macvtap: left promiscuous mode [ 601.512156][ T12] veth0_macvtap: left promiscuous mode [ 601.528384][ T12] veth1_vlan: left promiscuous mode [ 601.535328][ T12] veth0_vlan: left promiscuous mode [ 601.729855][ T12] pim6reg (unregistering): left allmulticast mode [ 601.973497][T23588] Bluetooth: MGMT ver 1.23 [ 602.074223][ T5854] Bluetooth: hci1: command tx timeout [ 602.119770][ T12] team0 (unregistering): Port device team_slave_1 removed [ 602.157648][ T12] team0 (unregistering): Port device team_slave_0 removed [ 602.649086][T23602] kvm: kvm [23600]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0x4000006e) = 0x8004 [ 602.763156][T23397] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 602.831361][T23397] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 602.888830][T23608] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 512 [ 602.944508][T23397] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 602.980424][T23397] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 603.070647][ T12] IPVS: stop unused estimator thread 0... [ 603.294481][T23414] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 603.372839][T23414] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 603.410619][T23414] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 603.457228][T23414] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 603.628403][T23397] 8021q: adding VLAN 0 to HW filter on device bond0 [ 603.680219][T23397] 8021q: adding VLAN 0 to HW filter on device team0 [ 603.735052][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 603.743598][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 603.781477][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 603.789248][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 603.880325][T23414] 8021q: adding VLAN 0 to HW filter on device bond0 [ 604.001718][T23414] 8021q: adding VLAN 0 to HW filter on device team0 [ 604.037643][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 604.045410][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 604.100318][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 604.107624][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 604.363570][T23665] Invalid ELF header len 16 [ 604.560802][T23397] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 604.742260][T23414] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 605.471777][T23397] veth0_vlan: entered promiscuous mode [ 605.538274][T23397] veth1_vlan: entered promiscuous mode [ 605.648656][T23414] veth0_vlan: entered promiscuous mode [ 605.698654][T23414] veth1_vlan: entered promiscuous mode [ 605.769968][T23397] veth0_macvtap: entered promiscuous mode [ 605.818544][T23397] veth1_macvtap: entered promiscuous mode [ 605.857793][T23717] netlink: 12 bytes leftover after parsing attributes in process `syz.5.8107'. [ 605.885880][T23717] netlink: 12 bytes leftover after parsing attributes in process `syz.5.8107'. [ 605.930500][T23414] veth0_macvtap: entered promiscuous mode [ 605.981287][T23397] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 606.019685][T23397] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 606.058702][T23414] veth1_macvtap: entered promiscuous mode [ 606.125037][T23400] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 606.149863][T23400] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 606.161084][T23400] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 606.198800][T23400] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 606.269580][T23414] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 606.338690][T23414] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 606.445914][ T13] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 606.484476][ T13] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 606.517658][ T13] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 606.528110][ T13] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 606.623297][ T80] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 606.663443][ T80] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 606.887506][ T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 606.911110][ T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 606.936379][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 606.975003][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 607.127403][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 607.168794][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 607.188294][T23749] : renamed from vlan0 (while UP) [ 608.964772][ T30] audit: type=1326 audit(2000110703.707:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23817 comm="syz.3.8140" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f278159c819 code=0x0 [ 609.022258][T23821] tmpfs: Too few inodes for current use [ 609.793903][ T10] usb 6-1: new full-speed USB device number 6 using dummy_hcd [ 609.967682][ T10] usb 6-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 610.006853][ T10] usb 6-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 610.030191][ T10] usb 6-1: Product: syz [ 610.047683][ T10] usb 6-1: Manufacturer: syz [ 610.076211][ T10] usb 6-1: SerialNumber: syz [ 610.110354][ T10] usb 6-1: config 0 descriptor?? [ 610.412161][ T10] usb 6-1: USB disconnect, device number 6 [ 611.189599][T23892] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8157'. [ 611.304960][ T24] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 611.487174][ T24] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 611.522592][ T24] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 611.570133][ T24] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 611.602414][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 611.623486][ T24] usb 5-1: Product: syz [ 611.628941][ T24] usb 5-1: Manufacturer: syz [ 611.634493][ T24] usb 5-1: SerialNumber: syz [ 611.738712][T23916] netlink: 48 bytes leftover after parsing attributes in process `syz.5.8164'. [ 611.858084][T23887] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 611.869133][T23887] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 611.884668][ T10] usb 4-1: new high-speed USB device number 92 using dummy_hcd [ 611.904999][ T24] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22 [ 611.936622][ T24] usb 5-1: USB disconnect, device number 15 [ 612.063741][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 612.087240][ T10] usb 4-1: config 0 has an invalid interface number: 188 but max is 0 [ 612.112448][ T10] usb 4-1: config 0 has no interface number 0 [ 612.127190][ T10] usb 4-1: config 0 interface 188 altsetting 0 endpoint 0x82 has invalid maxpacket 57888, setting to 1024 [ 612.158652][ T10] usb 4-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 612.186135][ T10] usb 4-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice= f.36 [ 612.204116][ T10] usb 4-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 612.222437][ T10] usb 4-1: Product: syz [ 612.228704][ T10] usb 4-1: SerialNumber: syz [ 612.251363][ T10] usb 4-1: config 0 descriptor?? [ 612.268132][T23913] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 612.433809][ T24] usb 5-1: new full-speed USB device number 16 using dummy_hcd [ 612.452805][T23938] kvm: kvm [23937]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010001) = 0xb [ 612.499645][T23913] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 612.596320][ T24] usb 5-1: config index 0 descriptor too short (expected 301, got 72) [ 612.614338][ T24] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 612.637661][ T24] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 612.669792][ T24] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 1024, setting to 64 [ 612.714765][ T24] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 612.740282][ T24] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 612.751021][ T24] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 612.768368][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 613.032166][ T24] usb 5-1: usb_control_msg returned -71 [ 613.047832][ T24] usbtmc 5-1:16.0: can't read capabilities [ 613.066539][ T24] usbtmc 5-1:16.0: Failed to submit iin_urb [ 613.087932][ T24] usbtmc 5-1:16.0: probe with driver usbtmc failed with error -90 [ 613.114760][ T10] asix 4-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 613.143025][ T24] usb 5-1: USB disconnect, device number 16 [ 613.162823][ T10] asix 4-1:0.188: probe with driver asix failed with error -71 [ 613.209097][ T10] usb 4-1: USB disconnect, device number 92 [ 613.735057][T23981] netlink: 'syz.4.8184': attribute type 83 has an invalid length. [ 613.842151][ T24] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 614.024266][ T24] usb 6-1: Using ep0 maxpacket: 32 [ 614.044129][ T24] usb 6-1: config 0 has an invalid interface number: 51 but max is 0 [ 614.070878][ T24] usb 6-1: config 0 has no interface number 0 [ 614.103494][ T24] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 614.130606][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 614.158394][ T24] usb 6-1: Product: syz [ 614.162923][ T24] usb 6-1: Manufacturer: syz [ 614.178089][ T24] usb 6-1: SerialNumber: syz [ 614.193044][ T24] usb 6-1: config 0 descriptor?? [ 614.218979][ T24] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 614.458344][ T24] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 614.493687][ T24] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 614.886059][ C1] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 614.896064][ T24] usb 6-1: USB disconnect, device number 7 [ 614.932288][ T24] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 614.992092][ T24] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 615.019913][ T24] quatech2 6-1:0.51: device disconnected [ 615.262567][T24029] netlink: 48 bytes leftover after parsing attributes in process `syz.3.8203'. [ 615.841192][T24050] netlink: 48 bytes leftover after parsing attributes in process `syz.5.8213'. [ 616.454625][T24076] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 617.341267][T24088] netlink: 1 bytes leftover after parsing attributes in process `syz.5.8230'. [ 617.562388][T24097] netlink: 44 bytes leftover after parsing attributes in process `syz.5.8234'. [ 617.892670][T24109] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8242'. [ 618.235699][T24117] tipc: Started in network mode [ 618.241235][T24117] tipc: Node identity ac14140f, cluster identity 4711 [ 618.249759][T24117] tipc: New replicast peer: 255.255.255.255 [ 618.260334][T24117] tipc: Enabled bearer , priority 10 [ 618.407980][T23399] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 618.510212][T23399] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 618.607206][T23399] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 618.678557][T23399] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 618.996821][T23399] bridge_slave_1: left allmulticast mode [ 619.012506][T23399] bridge_slave_1: left promiscuous mode [ 619.039068][T23399] bridge0: port 2(bridge_slave_1) entered disabled state [ 619.081616][T23399] bridge_slave_0: left allmulticast mode [ 619.087738][T23399] bridge_slave_0: left promiscuous mode [ 619.096609][T23399] bridge0: port 1(bridge_slave_0) entered disabled state [ 619.656556][ T5856] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 619.677442][ T5856] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 619.688988][ T5856] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 619.700113][ T5856] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 619.708520][ T5856] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 619.739633][T23399] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 619.767540][T23399] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 619.779763][T23399] bond0 (unregistering): Released all slaves [ 619.805844][ T5932] tipc: Node number set to 2886997007 [ 619.813573][T24139] tipc: Started in network mode [ 619.829566][T24139] tipc: Node identity ac14140f, cluster identity 4711 [ 619.859319][T24139] tipc: New replicast peer: 255.255.255.255 [ 619.894039][T24139] tipc: Enabled bearer , priority 10 [ 620.856854][T24144] chnl_net:caif_netlink_parms(): no params data found [ 620.925143][T24179] vxcan0: tx address claim with dlc 0 [ 621.108238][ T10] tipc: Node number set to 2886997007 [ 621.348872][T23399] hsr_slave_0: left promiscuous mode [ 621.376789][T23399] hsr_slave_1: left promiscuous mode [ 621.389054][T23399] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 621.408524][T23399] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 621.424000][ T10] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 621.434998][T23399] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 621.454501][T23399] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 621.503282][T23399] veth1_macvtap: left promiscuous mode [ 621.511191][T23399] veth0_macvtap: left promiscuous mode [ 621.525826][T23399] veth1_vlan: left promiscuous mode [ 621.531334][T23399] veth0_vlan: left promiscuous mode [ 621.594724][ T10] usb 6-1: Using ep0 maxpacket: 32 [ 621.614194][ T10] usb 6-1: config 0 has an invalid interface number: 184 but max is 0 [ 621.642053][ T10] usb 6-1: config 0 has no interface number 0 [ 621.660286][ T10] usb 6-1: config 0 interface 184 has no altsetting 0 [ 621.692979][ T10] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 621.713216][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 621.733309][ T10] usb 6-1: Product: syz [ 621.742984][ T10] usb 6-1: Manufacturer: syz [ 621.752869][ T10] usb 6-1: SerialNumber: syz [ 621.767211][ T5856] Bluetooth: hci2: command tx timeout [ 621.779475][ T10] usb 6-1: config 0 descriptor?? [ 622.146827][T23399] team0 (unregistering): Port device team_slave_1 removed [ 622.182418][T23399] team0 (unregistering): Port device team_slave_0 removed [ 622.413997][T24144] bridge0: port 1(bridge_slave_0) entered blocking state [ 622.424465][T24144] bridge0: port 1(bridge_slave_0) entered disabled state [ 622.431930][T24144] bridge_slave_0: entered allmulticast mode [ 622.442493][T24144] bridge_slave_0: entered promiscuous mode [ 622.453563][T24144] bridge0: port 2(bridge_slave_1) entered blocking state [ 622.461529][T24144] bridge0: port 2(bridge_slave_1) entered disabled state [ 622.469370][T24144] bridge_slave_1: entered allmulticast mode [ 622.478769][T24144] bridge_slave_1: entered promiscuous mode [ 622.610296][ T10] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000040: -71 [ 622.627948][T24144] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 622.649630][ T10] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Error writing E2P_CMD [ 622.662295][T24217] vxcan0: tx address claim with dlc 0 [ 622.674151][ T10] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 622.689776][T24144] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 622.707439][ T10] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 622.747532][ T10] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 622.783357][ T10] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 622.820125][T24144] team0: Port device team_slave_0 added [ 622.833456][ T10] smsc75xx 6-1:0.184: probe with driver smsc75xx failed with error -71 [ 622.889352][ T10] usb 6-1: USB disconnect, device number 8 [ 622.972782][T24144] team0: Port device team_slave_1 added [ 623.032706][T24144] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 623.062944][T24144] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 623.146895][T24144] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 623.195932][T24144] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 623.232650][T24144] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 623.324733][T24144] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 623.461051][T23399] IPVS: stop unused estimator thread 0... [ 623.617322][T24144] hsr_slave_0: entered promiscuous mode [ 623.635348][T24144] hsr_slave_1: entered promiscuous mode [ 623.661607][T24144] debugfs: 'hsr0' already exists in 'hsr' [ 623.686766][T24144] Cannot create hsr debugfs directory [ 623.844166][ T5856] Bluetooth: hci2: command tx timeout [ 623.913105][T24249] cgroup: Need name or subsystem set [ 624.078996][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.577972][ T30] audit: type=1326 audit(2000110719.317:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24266 comm="syz.6.8297" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fed1c39c819 code=0x0 [ 624.634370][T24144] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 624.680974][T24144] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 624.704482][T24144] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 624.740643][T24144] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 624.979454][T24144] 8021q: adding VLAN 0 to HW filter on device bond0 [ 625.035027][T24144] 8021q: adding VLAN 0 to HW filter on device team0 [ 625.070439][T23400] bridge0: port 1(bridge_slave_0) entered blocking state [ 625.077875][T23400] bridge0: port 1(bridge_slave_0) entered forwarding state [ 625.135999][T23399] bridge0: port 2(bridge_slave_1) entered blocking state [ 625.143462][T23399] bridge0: port 2(bridge_slave_1) entered forwarding state [ 625.836155][T24144] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 625.914305][ T5856] Bluetooth: hci2: command tx timeout [ 626.274227][T24327] netlink: 'syz.4.8309': attribute type 83 has an invalid length. [ 626.291075][ T30] audit: type=1326 audit(2000110721.027:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24328 comm="syz.5.8310" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f29c439c819 code=0x0 [ 626.659333][T24144] veth0_vlan: entered promiscuous mode [ 626.691042][T24144] veth1_vlan: entered promiscuous mode [ 626.789633][T24144] veth0_macvtap: entered promiscuous mode [ 626.815417][T24144] veth1_macvtap: entered promiscuous mode [ 626.872678][T24144] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 626.908378][T24144] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 626.933590][T23400] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 626.949679][T23400] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 626.962422][T23400] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 627.030064][T23400] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 627.308340][T23400] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 627.340716][T23400] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 627.458119][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 627.484495][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 627.994297][ T5856] Bluetooth: hci2: command tx timeout [ 629.725371][T24446] netlink: 4 bytes leftover after parsing attributes in process `syz.7.8349'. [ 629.822633][T24448] tmpfs: Invalid gid '0x00000000ffffffff' [ 630.328249][T24469] loop6: detected capacity change from 0 to 2640 [ 630.375554][T24469] buffer_io_error: 24 callbacks suppressed [ 630.375575][T24469] Buffer I/O error on dev loop6, logical block 0, async page read [ 630.398496][T24469] Buffer I/O error on dev loop6, logical block 0, async page read [ 630.410146][T24469] Buffer I/O error on dev loop6, logical block 0, async page read [ 630.419040][T24469] Buffer I/O error on dev loop6, logical block 0, async page read [ 630.427446][T24469] Buffer I/O error on dev loop6, logical block 0, async page read [ 630.455028][T24469] Buffer I/O error on dev loop6, logical block 0, async page read [ 630.472702][T24469] Buffer I/O error on dev loop6, logical block 0, async page read [ 630.484730][T24469] Buffer I/O error on dev loop6, logical block 0, async page read [ 630.492913][T24469] ldm_validate_partition_table(): Disk read failed. [ 630.500149][T24469] Buffer I/O error on dev loop6, logical block 0, async page read [ 630.513533][T24469] Buffer I/O error on dev loop6, logical block 0, async page read [ 630.526883][T24469] Dev loop6: unable to read RDB block 0 [ 630.533209][T24469] loop6: unable to read partition table [ 630.573548][T24469] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 630.921841][T24486] netlink: 60 bytes leftover after parsing attributes in process `syz.7.8360'. [ 630.954708][T24486] netlink: 60 bytes leftover after parsing attributes in process `syz.7.8360'. [ 631.929101][T24528] input: syz1 as /devices/virtual/input/input58 [ 632.203395][T24538] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 633.861764][T24612] Failed to get privilege flags for destination (handle=0x2:0x3) [ 634.360111][T24631] kvm: kvm [24630]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010005) = 0x6 [ 635.452043][T24667] netlink: 65051 bytes leftover after parsing attributes in process `syz.5.8432'. [ 636.223898][ T5842] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 636.383862][ T5842] usb 5-1: Using ep0 maxpacket: 16 [ 636.401559][ T5842] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 636.429701][ T5842] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 636.454378][ T5842] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 636.472748][ T5842] usb 5-1: Product: syz [ 636.481290][ T5842] usb 5-1: Manufacturer: syz [ 636.498444][ T5842] usb 5-1: SerialNumber: syz [ 636.519003][ T5842] usb 5-1: config 0 descriptor?? [ 636.532164][ T5842] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 636.547936][ T5842] usb 5-1: Detected FT232R [ 636.749741][ T5842] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 636.999448][ T5842] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 637.203335][ T5842] usb 5-1: USB disconnect, device number 17 [ 637.242723][ T5842] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 637.265968][ T5842] ftdi_sio 5-1:0.0: device disconnected [ 637.354818][ T30] audit: type=1800 audit(2000110732.087:72): pid=24698 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.8446" name="file0" dev="tmpfs" ino=1764 res=0 errno=0 [ 637.642248][T24726] netlink: 12 bytes leftover after parsing attributes in process `syz.5.8459'. [ 637.937882][ T30] audit: type=1800 audit(2000110732.677:73): pid=24734 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.8462" name="file1" dev="tmpfs" ino=504 res=0 errno=0 [ 638.897810][ T30] audit: type=1326 audit(2000110733.637:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24768 comm="syz.4.8478" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f012939c819 code=0x0 [ 639.463794][ T5842] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 639.635793][ T5842] usb 6-1: Using ep0 maxpacket: 32 [ 639.648702][ T5842] usb 6-1: config 248 has an invalid interface number: 241 but max is 0 [ 639.678132][ T5842] usb 6-1: config 248 has no interface number 0 [ 639.709652][ T5842] usb 6-1: config 248 interface 241 altsetting 16 endpoint 0x2 has an invalid bInterval 255, changing to 11 [ 639.753997][ T5842] usb 6-1: config 248 interface 241 has no altsetting 0 [ 639.771612][ T5842] usb 6-1: New USB device found, idVendor=0d46, idProduct=2011, bcdDevice=ca.63 [ 639.784200][ T5842] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 639.793317][ T5842] usb 6-1: Product: syz [ 639.797606][ T5842] usb 6-1: Manufacturer: syz [ 639.802339][ T5842] usb 6-1: SerialNumber: syz [ 639.959424][T24805] netlink: 190972 bytes leftover after parsing attributes in process `syz.4.8492'. [ 640.038680][ T5842] kobil_sct 6-1:248.241: KOBIL USB smart card terminal converter detected [ 640.103503][ T5842] usb 6-1: KOBIL USB smart card terminal converter now attached to ttyUSB0 [ 640.138907][ T5842] usb 6-1: USB disconnect, device number 9 [ 640.158169][T24807] smc: net device hsr0 applied user defined pnetid SYZ2 [ 640.182626][T24807] smc: net device hsr0 erased user defined pnetid SYZ2 [ 640.201016][ T5842] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0 [ 640.222520][ T5842] kobil_sct 6-1:248.241: device disconnected [ 640.264641][T24809] kvm: kvm [24808]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010006) = 0xffffffffffffffff [ 640.480467][T24817] netlink: 'syz.7.8499': attribute type 1 has an invalid length. [ 640.492697][T24817] netlink: 'syz.7.8499': attribute type 2 has an invalid length. [ 640.514192][T24817] netlink: 'syz.7.8499': attribute type 1 has an invalid length. [ 640.522882][T24817] netlink: 'syz.7.8499': attribute type 3 has an invalid length. [ 640.532296][T24817] netlink: 4 bytes leftover after parsing attributes in process `syz.7.8499'. [ 640.762288][T24827] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 640.943864][ T5842] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 641.039367][T24838] netlink: 12 bytes leftover after parsing attributes in process `syz.7.8509'. [ 641.114186][ T5842] usb 6-1: Using ep0 maxpacket: 16 [ 641.129144][ T5842] usb 6-1: config 0 interface 0 altsetting 64 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 641.157344][ T5842] usb 6-1: config 0 interface 0 has no altsetting 0 [ 641.174437][ T5842] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 641.186239][ T5842] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 641.205681][ T5842] usb 6-1: config 0 descriptor?? [ 641.656514][ T5842] mcp2221 0003:04D8:00DD.005D: USB HID v0.01 Device [HID 04d8:00dd] on usb-dummy_hcd.5-1/input0 [ 642.064408][ T5842] usb 6-1: USB disconnect, device number 10 [ 642.600213][T24877] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 643.338982][T24912] sctp: [Deprecated]: syz.6.8544 (pid 24912) Use of int in max_burst socket option. [ 643.338982][T24912] Use struct sctp_assoc_value instead [ 643.906176][T24930] netlink: 4 bytes leftover after parsing attributes in process `syz.6.8552'. [ 646.866783][T25043] tipc: Enabling of bearer rejected, already enabled [ 646.876730][T25043] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8579'. [ 646.886928][T25043] tipc: Disabling bearer [ 647.441353][T25065] netlink: 'syz.6.8588': attribute type 2 has an invalid length. [ 647.451539][T25065] netlink: 'syz.6.8588': attribute type 11 has an invalid length. [ 647.460218][T25065] netlink: 112 bytes leftover after parsing attributes in process `syz.6.8588'. [ 648.981898][T25131] netlink: 'syz.4.8621': attribute type 29 has an invalid length. [ 648.995189][T25128] netlink: 'syz.4.8621': attribute type 29 has an invalid length. [ 649.019816][T25131] netlink: 'syz.4.8621': attribute type 29 has an invalid length. [ 649.565871][ T12] tipc: Subscription rejected, illegal request [ 649.587739][T25161] netlink: 20 bytes leftover after parsing attributes in process `syz.5.8634'. [ 649.597805][ T10] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 649.758555][ T10] usb 5-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config [ 649.780679][ T10] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 649.810774][ T10] usb 5-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.40 [ 649.834829][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 649.854803][ T10] usb 5-1: Product: syz [ 649.860499][ T10] usb 5-1: Manufacturer: syz [ 649.873713][ T10] usb 5-1: SerialNumber: syz [ 650.018889][T25173] netdevsim netdevsim6 netdevsim0: IPsec offload requires 128 bit authentication [ 650.059103][T25175] misc userio: Begin command sent, but we're already running [ 650.116667][ T10] rtl8150 5-1:1.0: couldn't find required endpoints [ 650.131702][ T10] rtl8150 5-1:1.0: probe with driver rtl8150 failed with error -5 [ 650.169977][ T10] usb 5-1: USB disconnect, device number 18 [ 651.334011][T25219] netlink: 56 bytes leftover after parsing attributes in process `syz.5.8663'. [ 651.765390][T19514] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 651.809273][T25235] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 651.944722][T19514] usb 6-1: Using ep0 maxpacket: 8 [ 651.993294][T19514] usb 6-1: config 179 has an invalid interface number: 65 but max is 0 [ 652.012889][T19514] usb 6-1: config 179 has no interface number 0 [ 652.022709][T19514] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 652.049311][T19514] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 652.068485][ T30] audit: type=1400 audit(2000110747.796:75): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3A50302D302D353A2050434D204361707475726520302D302D35203A20534C4156450A50302D302D363A2050434D20506C61796261636B20302D302D36203A20534C4156450A50302D302D373A2050434D204361707475726520302D302D37203A20534C4156450A50302D302D383A2050434D20506C61796261636B20302D302D38203A20534C4156450A50302D302D393A2050434D204361707475726520302D302D39203A20534C4156450A50302D302D31303A2050434D20506C61796261636B20302D302D3130203A20534C4156450A50302D302D31313A2050434D204361707475726520302D302D3131203A pid=25238 comm="syz.6.8673" [ 652.140386][T19514] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 652.162778][T19514] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 652.189135][T19514] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 652.209318][T19514] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 652.222179][T19514] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 652.236462][T25227] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 652.298961][T25246] netlink: 20 bytes leftover after parsing attributes in process `syz.6.8675'. [ 652.625488][T19514] input: Generic X-Box pad as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:179.65/input/input62 [ 652.674929][ T5842] usb 6-1: USB disconnect, device number 11 [ 652.674998][ C0] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 652.689334][ C0] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 654.644618][T25315] sp0: Synchronizing with TNC [ 655.347986][T25345] netlink: 8 bytes leftover after parsing attributes in process `syz.7.8720'. [ 655.421807][T25349] netlink: 128 bytes leftover after parsing attributes in process `syz.4.8723'. [ 655.437944][T25349] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 655.593483][T25352] [U] [ 655.596633][T25352] [U] [ 655.599384][T25352] [U] [ 655.602220][T25352] [U] [ 655.612921][T25352] [U] [ 655.615688][T25352] [U] [ 655.618604][T25352] [U] [ 655.621372][T25352] [U] [ 655.628578][T25352] [U] [ 655.631350][T25352] [U] [ 655.634266][T25352] [U] [ 655.637212][T25352] [U] [ 655.644065][T25352] [U] [ 655.646947][T25352] [U] [ 655.649716][T25352] [U] [ 655.652991][T25352] [U] [ 655.658020][T25352] [U] [ 655.660880][T25352] [U] [ 655.663624][T25352] [U] [ 655.666370][T25352] [U] [ 655.674538][ T5842] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 655.696677][T25352] [U] [ 655.699495][T25352] [U] [ 655.702244][T25352] [U] [ 655.705005][T25352] [U] [ 655.730186][T25352] [U] [ 655.733329][T25352] [U] [ 655.736089][T25352] [U] [ 655.738855][T25352] [U] [ 655.745801][T25352] [U] [ 655.748580][T25352] [U] [ 655.751354][T25352] [U] [ 655.754138][T25352] [U] [ 655.758877][T25352] [U] [ 655.761732][T25352] [U] [ 655.764487][T25352] [U] [ 655.767230][T25352] [U] [ 655.781590][T25352] [U] [ 655.784377][T25352] [U] [ 655.787114][T25352] [U] [ 655.789902][T25352] [U] [ 655.823357][T25352] [U] [ 655.826135][T25352] [U] [ 655.828880][T25352] [U] [ 655.831617][T25352] [U] [ 655.835506][T25352] [U] [ 655.838560][T25352] [U] [ 655.841591][T25352] [U] [ 655.844391][T25352] [U] [ 655.849728][T25352] [U] [ 655.852785][T25352] [U] [ 655.855964][T25352] [U] [ 655.858821][T25352] [U] [ 655.865316][ T5842] usb 6-1: Using ep0 maxpacket: 16 [ 655.866921][T25352] [U] [ 655.873241][T25352] [U] [ 655.875981][T25352] [U] [ 655.878726][T25352] [U] [ 655.883203][T25352] [U] [ 655.885968][T25352] [U] [ 655.888710][T25352] [U] [ 655.891465][T25352] [U] [ 655.899039][T25352] [U] [ 655.899511][ T5842] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 655.901845][T25352] [U] [ 655.915639][T25352] [U] [ 655.918486][T25352] [U] [ 655.942168][T25352] [U] [ 655.944954][T25352] [U] [ 655.947748][T25352] [U] [ 655.950755][T25352] [U] [ 655.958046][ T5842] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 655.964847][T25352] [U] [ 655.971030][T25352] [U] [ 655.974224][T25352] [U] [ 655.977144][T25352] [U] [ 655.992506][ T5842] usb 6-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 656.013992][T25352] [U] [ 656.016787][T25352] [U] [ 656.020229][T25352] [U] [ 656.022875][ T5842] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 656.023077][T25352] [U] [ 656.052216][ T5842] usb 6-1: config 0 descriptor?? [ 656.062788][T25352] [U] [ 656.066010][T25352] [U] [ 656.068853][T25352] [U] [ 656.071679][T25352] [U] [ 656.099176][T25352] [U] [ 656.102128][T25352] [U] [ 656.104885][T25352] [U] [ 656.107629][T25352] [U] [ 656.122209][T25352] [U] [ 656.124992][T25352] [U] [ 656.127736][T25352] [U] [ 656.130486][T25352] [U] [ 656.142112][T25352] [U] [ 656.144902][T25352] [U] [ 656.147651][T25352] [U] [ 656.150385][T25352] [U] [ 656.160752][T25352] [U] [ 656.163538][T25352] [U] [ 656.166269][T25352] [U] [ 656.169163][T25352] [U] [ 656.183486][T25352] [U] [ 656.186276][T25352] [U] [ 656.189013][T25352] [U] [ 656.191760][T25352] [U] [ 656.203792][T25352] [U] [ 656.206564][T25352] [U] [ 656.209400][T25352] [U] [ 656.212149][T25352] [U] [ 656.230787][T25352] [U] [ 656.233599][T25352] [U] [ 656.236343][T25352] [U] [ 656.239085][T25352] [U] [ 656.262729][T25352] [U] [ 656.265520][T25352] [U] [ 656.268269][T25352] [U] [ 656.271007][T25352] [U] [ 656.288393][T25352] [U] [ 656.291215][T25352] [U] [ 656.293974][T25352] [U] [ 656.296707][T25352] [U] [ 656.312861][T25352] [U] [ 656.315650][T25352] [U] [ 656.318399][T25352] [U] [ 656.321240][T25352] [U] [ 656.355043][T25352] [U] [ 656.357842][T25352] [U] [ 656.360595][T25352] [U] [ 656.363340][T25352] [U] [ 656.412748][T25352] [U] [ 656.513014][ T5842] hid_parser_main: 45 callbacks suppressed [ 656.513041][ T5842] corsair 0003:1B1C:1B02.005E: unknown main item tag 0x0 [ 656.565667][ T5842] corsair 0003:1B1C:1B02.005E: unknown main item tag 0x0 [ 656.580032][ T5842] corsair 0003:1B1C:1B02.005E: unknown main item tag 0x0 [ 656.594152][ T5842] corsair 0003:1B1C:1B02.005E: unknown main item tag 0x0 [ 656.609258][ T5842] corsair 0003:1B1C:1B02.005E: unknown main item tag 0x0 [ 656.647823][ T5842] corsair 0003:1B1C:1B02.005E: hidraw0: USB HID v0.00 Device [HID 1b1c:1b02] on usb-dummy_hcd.5-1/input0 [ 656.737220][ T5842] corsair 0003:1B1C:1B02.005E: Read invalid backlight brightness: b0. [ 656.819457][T25376] netlink: 56 bytes leftover after parsing attributes in process `syz.7.8734'. [ 656.943858][ T5842] usb 6-1: USB disconnect, device number 12 [ 657.018906][T25380] netlink: 56 bytes leftover after parsing attributes in process `syz.7.8737'. [ 657.036304][ T5856] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 657.045139][ T5856] Bluetooth: hci1: Injecting HCI hardware error event [ 657.058369][ T5854] Bluetooth: hci1: hardware error 0x00 [ 657.614539][T25395] netlink: 24 bytes leftover after parsing attributes in process `syz.6.8745'. [ 658.816007][T25440] netlink: 52 bytes leftover after parsing attributes in process `syz.7.8765'. [ 658.842407][T25440] netlink: 52 bytes leftover after parsing attributes in process `syz.7.8765'. [ 658.998682][T25448] netlink: 36 bytes leftover after parsing attributes in process `syz.6.8769'. [ 659.117047][ T5854] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 659.271698][T25458] netlink: 'syz.4.8774': attribute type 27 has an invalid length. [ 659.295675][T25458] netlink: 'syz.4.8774': attribute type 1 has an invalid length. [ 659.949870][ T80] Bluetooth: hci4: received HCILL_GO_TO_SLEEP_ACK in state 1 [ 660.247424][T25500] program syz.6.8794 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 661.385294][T25538] netlink: 'syz.5.8810': attribute type 83 has an invalid length. [ 661.997389][ T5856] Bluetooth: hci4: command 0x1003 tx timeout [ 661.998883][ T5854] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 662.239785][T25573] netlink: 8 bytes leftover after parsing attributes in process `syz.6.8827'. [ 662.548977][T25586] loop6: detected capacity change from 0 to 2640 [ 662.558696][T25586] buffer_io_error: 11 callbacks suppressed [ 662.558717][T25586] Buffer I/O error on dev loop6, logical block 0, async page read [ 662.577413][T25586] Buffer I/O error on dev loop6, logical block 0, async page read [ 662.585708][T25586] Buffer I/O error on dev loop6, logical block 0, async page read [ 662.595505][T25586] Buffer I/O error on dev loop6, logical block 0, async page read [ 662.604547][T25586] Buffer I/O error on dev loop6, logical block 0, async page read [ 662.613293][T25586] Buffer I/O error on dev loop6, logical block 0, async page read [ 662.622107][T25586] Buffer I/O error on dev loop6, logical block 0, async page read [ 662.639825][T25586] Buffer I/O error on dev loop6, logical block 0, async page read [ 662.650134][T25586] ldm_validate_partition_table(): Disk read failed. [ 662.657415][T25586] Buffer I/O error on dev loop6, logical block 0, async page read [ 662.666111][T25586] Buffer I/O error on dev loop6, logical block 0, async page read [ 662.675870][T25586] Dev loop6: unable to read RDB block 0 [ 662.682231][T25586] loop6: unable to read partition table [ 662.690989][T25586] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 662.913886][T25592] input: syz1 as /devices/virtual/input/input63 [ 662.936607][T25593] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 662.974135][T25593] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 663.278079][T25595] nbd2: detected capacity change from 0 to 63 [ 663.290566][ T5854] block nbd2: Receive control failed (result -32) [ 663.292887][ T5856] block nbd2: Receive control failed (result -32) [ 663.323252][T21200] block nbd2: Dead connection, failed to find a fallback [ 663.346761][T21200] block nbd2: shutting down sockets [ 663.378463][T21200] blk_print_req_error: 50 callbacks suppressed [ 663.378485][T21200] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 663.417015][T21200] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 663.434509][T21200] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 663.448985][T21200] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 663.463028][T21200] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 663.473257][T21200] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 663.482942][T21200] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 663.493087][T21200] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 663.512367][T21200] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 663.529005][T21200] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 663.550811][T21200] ldm_validate_partition_table(): Disk read failed. [ 663.562722][T21200] Dev nbd2: unable to read RDB block 0 [ 663.571346][T21200] nbd2: unable to read partition table [ 663.605227][T21200] ldm_validate_partition_table(): Disk read failed. [ 663.651301][T21200] Dev nbd2: unable to read RDB block 0 [ 663.676552][T21200] nbd2: unable to read partition table [ 663.676770][T25612] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.8841'. [ 664.200457][ C1] sd 0:0:1:0: [sda] tag#7498 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 664.211578][ C1] sd 0:0:1:0: [sda] tag#7498 CDB: Write(6) 0a 00 00 00 00 00 00 00 fe 80 00 00 [ 664.282864][ T30] audit: type=1326 audit(2000110766.023:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25630 comm="syz.5.8852" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f29c439c819 code=0x0 [ 664.434109][T25638] netlink: 212368 bytes leftover after parsing attributes in process `syz.6.8855'. [ 664.968393][ T30] audit: type=1326 audit(2000110766.713:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25654 comm="syz.4.8863" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f012939c819 code=0x0 [ 667.242345][T25733] netlink: 4 bytes leftover after parsing attributes in process `syz.7.8899'. [ 668.785447][ T24] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 668.810330][T25805] netlink: 20 bytes leftover after parsing attributes in process `syz.6.8933'. [ 668.943816][ T24] usb 6-1: Using ep0 maxpacket: 8 [ 668.957648][ T24] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 668.982141][ T24] usb 6-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 669.004935][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 669.019536][ T24] usb 6-1: Product: syz [ 669.024584][ T24] usb 6-1: Manufacturer: syz [ 669.029297][ T24] usb 6-1: SerialNumber: syz [ 669.038991][ T24] usb 6-1: config 0 descriptor?? [ 669.054372][ T24] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 669.672291][ T24] gspca_zc3xx: reg_w_i err -71 [ 669.703796][T23731] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 669.863810][T23731] usb 5-1: Using ep0 maxpacket: 16 [ 669.876122][T23731] usb 5-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 669.885524][T23731] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 669.895059][T23731] usb 5-1: Product: syz [ 669.899361][T23731] usb 5-1: Manufacturer: syz [ 669.905012][T23731] usb 5-1: SerialNumber: syz [ 669.912621][T23731] usb 5-1: config 0 descriptor?? [ 669.921293][T23731] ssu100 5-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 670.263756][ T24] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 670.278365][ T24] gspca_zc3xx 6-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 670.291396][ T24] usb 6-1: USB disconnect, device number 13 [ 670.676819][T25842] netlink: 4 bytes leftover after parsing attributes in process `syz.6.8950'. [ 670.739750][T23731] ssu100 5-1:0.0: probe with driver ssu100 failed with error -71 [ 670.773373][T23731] usb 5-1: USB disconnect, device number 19 [ 671.483006][T25880] netlink: 20 bytes leftover after parsing attributes in process `syz.5.8968'. [ 671.647641][T25887] netlink: 56 bytes leftover after parsing attributes in process `syz.6.8972'. [ 671.775488][T25889] Bluetooth: hci4: Frame reassembly failed (-84) [ 671.791641][ T80] Bluetooth: hci4: Frame reassembly failed (-84) [ 672.652623][T25930] netlink: 128 bytes leftover after parsing attributes in process `syz.7.8994'. [ 673.056958][T25947] overlay: filesystem on ./file0 is read-only [ 673.834342][ T5854] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 673.847333][ T5856] Bluetooth: hci4: command 0xfc11 tx timeout [ 674.150947][T25997] netlink: 8 bytes leftover after parsing attributes in process `syz.6.9023'. [ 674.167103][T25996] mkiss: ax0: crc mode is auto. [ 674.193836][T25997] netlink: 8 bytes leftover after parsing attributes in process `syz.6.9023'. [ 674.468604][T26009] loop8: detected capacity change from 0 to 1 [ 674.485691][T26009] Dev loop8: unable to read RDB block 1 [ 674.496065][T26009] loop8: unable to read partition table [ 674.503174][T26009] loop8: partition table beyond EOD, truncated [ 674.510989][T26009] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 674.673268][T26016] netlink: 176 bytes leftover after parsing attributes in process `syz.6.9034'. [ 674.821873][T26023] binder: 26022:26023 ioctl 400c620e 0 returned -14 [ 675.678597][ T10] IPVS: starting estimator thread 0... [ 675.804094][T26062] IPVS: using max 28 ests per chain, 67200 per kthread [ 676.271755][T26090] overlayfs: workdir and upperdir must be separate subtrees [ 676.346583][T26092] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 677.303881][T22046] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 677.464020][T22046] usb 6-1: Using ep0 maxpacket: 16 [ 677.472007][T22046] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 677.485537][T22046] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 677.495033][T22046] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 677.503083][T22046] usb 6-1: Product: syz [ 677.507475][T22046] usb 6-1: Manufacturer: syz [ 677.512124][T22046] usb 6-1: SerialNumber: syz [ 677.520118][T22046] usb 6-1: config 0 descriptor?? [ 677.532097][T22046] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 677.542088][T22046] em28xx 6-1:0.0: DVB interface 0 found: bulk [ 678.147622][T22046] em28xx 6-1:0.0: chip ID is em2874 [ 678.444140][T22046] em28xx 6-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 678.456338][T22046] em28xx 6-1:0.0: board has no eeprom [ 678.524762][T22046] em28xx 6-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 678.537463][T22046] em28xx 6-1:0.0: dvb set to bulk mode. [ 678.543566][ T10] em28xx 6-1:0.0: Binding DVB extension [ 678.554902][ T5854] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 678.564979][ T5856] Bluetooth: hci4: command 0xfc11 tx timeout [ 678.648784][T22046] usb 6-1: USB disconnect, device number 14 [ 678.747365][T22046] em28xx 6-1:0.0: Disconnecting em28xx [ 678.891387][ T10] em28xx 6-1:0.0: Registering input extension [ 679.014216][ T10] rc_core: IR keymap rc-pinnacle-pctv-hd not found [ 679.051451][ T10] Registered IR keymap rc-empty [ 679.227646][ T10] rc rc0: PCTV tripleStick (292e) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0 [ 679.270879][ T10] input: PCTV tripleStick (292e) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input65 [ 679.457119][ T10] em28xx 6-1:0.0: Input extension successfully initialized [ 679.480457][T22046] em28xx 6-1:0.0: Closing input extension [ 679.622470][T26182] bridge0: port 2(bridge_slave_1) entered disabled state [ 679.630754][T26182] bridge0: port 1(bridge_slave_0) entered disabled state [ 679.687139][T26186] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 680.041950][T22046] em28xx 6-1:0.0: Freeing device [ 680.538339][T26215] netlink: 40 bytes leftover after parsing attributes in process `syz.6.9129'. [ 680.585282][T26215] netlink: 4 bytes leftover after parsing attributes in process `syz.6.9129'. [ 680.626321][T26220] netlink: 16186 bytes leftover after parsing attributes in process `syz.7.9132'. [ 680.806649][T26227] kvm: kvm [26226]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010007) = 0x6 [ 681.772840][T26267] netlink: 8 bytes leftover after parsing attributes in process `syz.7.9155'. [ 681.825548][ T12] Bluetooth: hci4: Frame reassembly failed (-84) [ 682.639680][T23401] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 682.649192][T23401] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 682.658077][T23401] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 682.668054][T23401] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 682.680997][T23401] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 682.860077][T26272] chnl_net:caif_netlink_parms(): no params data found [ 682.948019][T26272] bridge0: port 1(bridge_slave_0) entered blocking state [ 682.956904][T26272] bridge0: port 1(bridge_slave_0) entered disabled state [ 682.965092][T26272] bridge_slave_0: entered allmulticast mode [ 682.972779][T26272] bridge_slave_0: entered promiscuous mode [ 682.982053][T26272] bridge0: port 2(bridge_slave_1) entered blocking state [ 682.989676][T26272] bridge0: port 2(bridge_slave_1) entered disabled state [ 682.997286][T26272] bridge_slave_1: entered allmulticast mode [ 683.006048][T26272] bridge_slave_1: entered promiscuous mode [ 683.039173][T26272] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 683.051789][T26272] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 683.085547][T26272] team0: Port device team_slave_0 added [ 683.094329][T26272] team0: Port device team_slave_1 added [ 683.124893][T26272] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 683.132022][T26272] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 683.160772][T26272] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 683.174447][T26272] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 683.181451][T26272] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 683.213078][T26272] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 683.267234][T26272] hsr_slave_0: entered promiscuous mode [ 683.274689][T26272] hsr_slave_1: entered promiscuous mode [ 683.281428][T26272] debugfs: 'hsr0' already exists in 'hsr' [ 683.287594][T26272] Cannot create hsr debugfs directory [ 683.477419][T26272] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 683.488504][T26272] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 683.500730][T26272] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 683.516052][T26272] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 683.608500][T26272] 8021q: adding VLAN 0 to HW filter on device bond0 [ 683.632598][T26272] 8021q: adding VLAN 0 to HW filter on device team0 [ 683.648149][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 683.655354][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 683.670442][ T80] bridge0: port 2(bridge_slave_1) entered blocking state [ 683.679277][ T80] bridge0: port 2(bridge_slave_1) entered forwarding state [ 683.833787][ T5856] Bluetooth: hci4: command 0x1003 tx timeout [ 683.834427][ T5854] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 683.960468][T26272] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 684.302459][T26272] veth0_vlan: entered promiscuous mode [ 684.325668][T26272] veth1_vlan: entered promiscuous mode [ 684.373503][T26272] veth0_macvtap: entered promiscuous mode [ 684.391233][T26272] veth1_macvtap: entered promiscuous mode [ 684.419727][T26272] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 684.445387][T26272] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 684.462921][ T148] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 684.483051][ T148] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 684.511407][ T148] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 684.546351][ T148] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 684.702643][ T80] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 684.714620][ T5854] Bluetooth: hci3: command tx timeout [ 684.730419][ T80] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 684.788757][T23400] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 684.823501][T23400] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 684.998114][T26320] program syz.7.9169 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 685.291392][T26322] block nbd3: server does not support multiple connections per device. [ 685.374583][T26322] block nbd3: shutting down sockets [ 685.520463][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.685813][ T30] audit: type=1326 audit(2000111043.417:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26343 comm="syz.8.9180" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f333459c819 code=0x0 [ 686.266580][T26369] netlink: 16 bytes leftover after parsing attributes in process `syz.7.9192'. [ 686.798998][ T5854] Bluetooth: hci3: command tx timeout [ 688.728481][ T30] audit: type=1326 audit(2000111046.467:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26434 comm="syz.4.9224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f012939c819 code=0x7fc00000 [ 688.757954][T26463] netlink: 212368 bytes leftover after parsing attributes in process `syz.7.9237'. [ 688.826086][ T10] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 688.874746][ T5854] Bluetooth: hci3: command tx timeout [ 688.996152][ T10] usb 9-1: Using ep0 maxpacket: 32 [ 689.026154][ T10] usb 9-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 689.055524][ T10] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 689.072838][ T10] usb 9-1: Product: syz [ 689.083680][ T10] usb 9-1: Manufacturer: syz [ 689.099081][ T10] usb 9-1: SerialNumber: syz [ 689.122644][ T10] usb 9-1: config 0 descriptor?? [ 689.177677][T26475] netlink: 'syz.6.9243': attribute type 2 has an invalid length. [ 689.188215][T26475] netlink: 'syz.6.9243': attribute type 4 has an invalid length. [ 689.552963][ T10] airspy 9-1:0.0: Board ID: 00 [ 689.576344][ T10] airspy 9-1:0.0: Firmware version: [ 689.927855][T26503] netlink: 8 bytes leftover after parsing attributes in process `syz.7.9257'. [ 689.941337][T26503] netlink: 4 bytes leftover after parsing attributes in process `syz.7.9257'. [ 689.952976][T26503] netlink: 2 bytes leftover after parsing attributes in process `syz.7.9257'. [ 689.966476][ T10] airspy 9-1:0.0: usb_control_msg() failed -71 request 0e [ 689.986068][T26503] netlink: 4 bytes leftover after parsing attributes in process `syz.7.9257'. [ 690.016114][ T10] airspy 9-1:0.0: Registered as swradio24 [ 690.033929][ T10] airspy 9-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 690.045898][T26503] netlink: 2 bytes leftover after parsing attributes in process `syz.7.9257'. [ 690.060371][ T10] usb 9-1: USB disconnect, device number 2 [ 690.106965][T26507] input: syz0 as /devices/virtual/input/input66 [ 690.792235][T26529] bridge0: port 3(veth1_macvtap) entered blocking state [ 690.806556][T26529] bridge0: port 3(veth1_macvtap) entered disabled state [ 690.819586][T26529] veth1_macvtap: entered allmulticast mode [ 690.836860][T26529] veth1_macvtap: left allmulticast mode [ 690.954791][ T5854] Bluetooth: hci3: command tx timeout [ 692.146807][T26572] netlink: 20 bytes leftover after parsing attributes in process `syz.8.9288'. [ 692.244144][T26576] netlink: 4 bytes leftover after parsing attributes in process `syz.6.9290'. [ 692.547554][T26585] netlink: 92 bytes leftover after parsing attributes in process `syz.8.9295'. [ 693.262671][T26614] netlink: 32 bytes leftover after parsing attributes in process `syz.6.9308'. [ 693.788462][T26637] netlink: 'syz.4.9319': attribute type 12 has an invalid length. [ 693.802911][T26637] netlink: 120 bytes leftover after parsing attributes in process `syz.4.9319'. [ 694.220372][T26652] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 694.253780][T26654] netlink: 48 bytes leftover after parsing attributes in process `syz.4.9327'. [ 694.399179][T19514] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 694.558841][T19514] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 694.587646][T19514] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 694.611555][T19514] usb 9-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00 [ 694.621144][T19514] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 694.641209][T19514] usb 9-1: config 0 descriptor?? [ 695.081166][T19514] kye 0003:0458:0138.005F: unknown main item tag 0x0 [ 695.102286][T19514] kye 0003:0458:0138.005F: unknown main item tag 0x0 [ 695.120611][T19514] kye 0003:0458:0138.005F: unknown main item tag 0x0 [ 695.137545][T19514] kye 0003:0458:0138.005F: unknown main item tag 0x0 [ 695.153833][T19514] kye 0003:0458:0138.005F: unknown main item tag 0x0 [ 695.170919][T19514] kye 0003:0458:0138.005F: unknown main item tag 0x0 [ 695.181434][T19514] kye 0003:0458:0138.005F: unknown main item tag 0x0 [ 695.202957][T19514] kye 0003:0458:0138.005F: unknown main item tag 0x0 [ 695.210762][T19514] kye 0003:0458:0138.005F: unknown main item tag 0x0 [ 695.218473][T19514] kye 0003:0458:0138.005F: unknown main item tag 0x0 [ 695.226185][T19514] kye 0003:0458:0138.005F: collection stack underflow [ 695.233357][T19514] kye 0003:0458:0138.005F: item 0 0 0 12 parsing failed [ 695.243563][T19514] kye 0003:0458:0138.005F: parse failed [ 695.255173][T19514] kye 0003:0458:0138.005F: probe with driver kye failed with error -22 [ 695.279085][T19514] usb 9-1: USB disconnect, device number 3 [ 695.595551][T26682] team0: No ports can be present during mode change [ 696.045696][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 696.778012][T22046] usb 9-1: new full-speed USB device number 4 using dummy_hcd [ 696.956966][T22046] usb 9-1: config 0 has no interfaces? [ 696.964124][T26719] loop4: detected capacity change from 0 to 524287936 [ 696.967872][T22046] usb 9-1: New USB device found, idVendor=12d1, idProduct=42f7, bcdDevice=aa.47 [ 696.980671][T22046] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 696.992399][T22046] usb 9-1: config 0 descriptor?? [ 697.216891][T26727] Falling back ldisc for ttyS3. [ 697.348961][T23731] usb 9-1: USB disconnect, device number 4 [ 697.452707][ C1] sd 0:0:1:0: [sda] tag#7507 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 697.463739][ C1] sd 0:0:1:0: [sda] tag#7507 CDB: Write(6) 0a 00 4e 22 00 00 [ 697.651842][T26740] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 697.830105][T26746] netlink: 212368 bytes leftover after parsing attributes in process `syz.6.9369'. [ 697.912245][T26748] overlay: ./file0 is not a directory [ 698.137519][T26756] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 698.253650][ T30] audit: type=1326 audit(2000111055.977:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26759 comm="syz.6.9377" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fed1c39c819 code=0x0 [ 698.623745][T22046] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 698.750226][T23400] Bluetooth: hci4: Frame reassembly failed (-84) [ 698.804983][T22046] usb 5-1: Using ep0 maxpacket: 8 [ 698.812408][T22046] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 698.821973][T22046] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 698.839180][T22046] pvrusb2: Hardware description: Terratec Grabster AV400 [ 698.846704][T22046] pvrusb2: ********** [ 698.850779][T22046] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 698.861340][T22046] pvrusb2: Important functionality might not be entirely working. [ 698.869679][T22046] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 698.885553][T22046] pvrusb2: ********** [ 699.042408][ T2364] pvrusb2: Invalid write control endpoint [ 699.162080][ T2364] pvrusb2: Invalid write control endpoint [ 699.172918][ T2364] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 699.184472][ T2364] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 699.189951][T26784] bridge0: port 2(bridge_slave_1) entered disabled state [ 699.192252][ T2364] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 699.213228][ T2364] pvrusb2: Device being rendered inoperable [ 699.221515][ T2364] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 699.229321][ T2364] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b) [ 699.229781][ T148] bridge0: port 2(bridge_slave_1) entered blocking state [ 699.244897][ T148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 699.265429][ T2364] pvrusb2: Attached sub-driver cx25840 [ 699.268284][T26765] pvrusb2: Attempted to execute control transfer when device not ok [ 699.272126][ T2364] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 699.272153][ T2364] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 699.324233][T22046] usb 5-1: USB disconnect, device number 20 [ 700.347385][T26816] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.9402'. [ 700.552367][T26823] netlink: 'syz.4.9405': attribute type 19 has an invalid length. [ 700.560913][T26823] netlink: 180 bytes leftover after parsing attributes in process `syz.4.9405'. [ 700.793866][ T5854] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 700.803998][ T5856] Bluetooth: hci4: command 0x1003 tx timeout [ 702.135910][T26872] misc userio: Can't change port type on an already running userio instance [ 702.701299][T26875] NFSD: Failed to start, no listeners configured. [ 703.761452][T26925] netlink: 4 bytes leftover after parsing attributes in process `syz.8.9451'. [ 703.790213][T26927] netlink: 'syz.4.9452': attribute type 4 has an invalid length. [ 703.799117][T26927] netlink: 17 bytes leftover after parsing attributes in process `syz.4.9452'. [ 703.835227][T26927] netlink: 14601 bytes leftover after parsing attributes in process `syz.4.9452'. [ 704.450356][ T80] Bluetooth: hci4: Frame reassembly failed (-90) [ 705.937126][T26985] pim6reg: entered allmulticast mode [ 705.956539][T26985] pim6reg: left allmulticast mode [ 706.474029][ T5856] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 706.484329][ T5854] Bluetooth: hci4: command 0xfc11 tx timeout [ 706.877667][T27012] trusted_key: encrypted_key: keyword 'uew' not recognized [ 707.584984][T27035] netlink: 72 bytes leftover after parsing attributes in process `syz.6.9503'. [ 708.113775][ T29] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 708.285992][ T29] usb 9-1: Using ep0 maxpacket: 8 [ 708.300289][ T29] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 708.326432][ T29] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 708.356441][ T29] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 168 [ 708.395643][ T29] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 708.441269][T27070] binder: BINDER_SET_CONTEXT_MGR already set [ 708.448162][ T29] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 708.467868][ T29] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 708.476158][T27070] binder: 27067:27070 ioctl 4018620d 200000000300 returned -16 [ 708.655820][T27075] virtiofs: Unknown parameter 'always 1 V3 [ 708.655820][T27075] 010000E0 1 0:00000000 0 [ 708.655820][T27075] 18 nlmon0 : 1 V3 [ 708.655820][T27075] 010000E0 1 0:00000000 0 [ 708.655820][T27075] 20 batadv0 : 1 V3 [ 708.655820][T27075] 010000E0 1 0:00000000 0 [ 708.655820][T27075] 21 vxcan0 : 1 V3 [ 708.655820][T27075] 010000E0 1 0:00000000 0 [ 708.655820][T27075] 22 vxcan1 : 1 V3 [ 708.655820][T27075] 010000E0 1 0:00000000 0 [ 708.655820][T27075] 23 veth0 : 1 V3 [ 708.655820][T27075] 010000E0 1 0:00000000 0 [ 708.655820][T27075] 24 veth1 : 1 V3 [ 708.655820][T27075] 010000E0 1 0:00000000 0 [ 708.655820][T27075] 25 wg0 : 1 V3 [ 708.655820][T27075] 010000E0 1 0:00000000 0 [ 708.655820][T27075] 26 wg1 : 1 V3 [ 708.655820][T27075] 010000E0 1 0:00000000 0 [ 708.655820][T27075] 27 wg2 : 1 V3 [ 708.655820][T27075] 010000E0 1 0:00000000 0 [ 708.655820][T27075] 28 veth0_to_bridge: 1 V3 [ 708.655820][T27075] 010000E0 1 0:00000000 0 [ 708.655820][T27075] 29 bridge_slave_0: 1 V3 [ 708.655820][T27075] 010000E0 1 0:00000000 0 [ 708.655820][T27075] 30 veth1_to_bridge: 1 V3 [ 708.655820][T27075] 010000E0 1 0:00000000 0 [ 708.655820][T27075] 31 bridge_slave_1: 1 V3 [ 708.655820][T27075] 010000E0 1 0:00000000 0 [ 708.655820][T27075] 32 veth0_to_bond: 1 V3 [ 708.655820][T27075] 010000E0 1 0:00000000 0 [ 708.655820][T27075] 33 bond_slave_0: 1 V3 [ 708.655820][T27075] 010000E0 1 0:0 [ 708.699132][ T29] usb 9-1: GET_CAPABILITIES returned 0 [ 708.896926][ T29] usbtmc 9-1:16.0: can't read capabilities [ 709.075393][T19514] usb 9-1: USB disconnect, device number 5 [ 710.161793][T27121] netlink: 'syz.7.9545': attribute type 10 has an invalid length. [ 710.172218][T27121] netlink: 'syz.7.9545': attribute type 29 has an invalid length. [ 711.179169][T27162] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 712.708983][T27204] netlink: 16 bytes leftover after parsing attributes in process `syz.4.9585'. [ 713.195522][T27224] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 713.993822][ T5856] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 714.003343][ T5854] Bluetooth: hci4: command 0x1003 tx timeout [ 714.161074][T27262] block nbd8: shutting down sockets [ 714.326717][ T148] [ 714.329150][ T148] ====================================================== [ 714.336200][ T148] WARNING: possible circular locking dependency detected [ 714.343298][ T148] syzkaller #0 Tainted: G L [ 714.349341][ T148] ------------------------------------------------------ [ 714.356402][ T148] kworker/u8:6/148 is trying to acquire lock: [ 714.362603][ T148] ffffffff8ea83560 (fs_reclaim){+.+.}-{0:0}, at: kmem_cache_alloc_node_noprof+0x4a/0x690 [ 714.374166][ T148] [ 714.374166][ T148] but task is already holding lock: [ 714.381899][ T148] ffff8880782860e0 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_close+0x1d/0x110 [ 714.390942][ T148] [ 714.390942][ T148] which lock already depends on the new lock. [ 714.390942][ T148] [ 714.401416][ T148] [ 714.401416][ T148] the existing dependency chain (in reverse order) is: [ 714.410481][ T148] [ 714.410481][ T148] -> #7 (k-sk_lock-AF_INET6){+.+.}-{0:0}: [ 714.410526][ T148] lock_sock_nested+0x41/0x100 [ 714.410563][ T148] mptcp_sendmsg_fastopen+0x128/0x580 [ 714.410592][ T148] mptcp_sendmsg+0x1878/0x1ab0 [ 714.410617][ T148] ____sys_sendmsg+0x5c7/0x9f0 [ 714.410640][ T148] ___sys_sendmsg+0x2a5/0x360 [ 714.410663][ T148] __sys_sendmmsg+0x27c/0x4e0 [ 714.410687][ T148] __x64_sys_sendmmsg+0xa0/0xc0 [ 714.410712][ T148] do_syscall_64+0x15f/0xf80 [ 714.410740][ T148] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 714.410762][ T148] [ 714.410762][ T148] -> #6 (sk_lock-AF_INET6){+.+.}-{0:0}: [ 714.410796][ T148] lock_sock_nested+0x41/0x100 [ 714.410824][ T148] inet_shutdown+0x6a/0x390 [ 714.410855][ T148] nbd_mark_nsock_dead+0x2e9/0x560 [ 714.410882][ T148] sock_shutdown+0x15e/0x260 [ 714.410907][ T148] nbd_clear_sock+0x24/0x170 [ 714.410932][ T148] nbd_config_put+0x2dd/0x580 [ 714.410955][ T148] nbd_release+0xfe/0x140 [ 714.410981][ T148] bdev_release+0x536/0x650 [ 714.411010][ T148] blkdev_release+0x15/0x20 [ 714.411029][ T148] __fput+0x44f/0xa70 [ 714.411055][ T148] task_work_run+0x1d9/0x270 [ 714.411080][ T148] exit_to_user_mode_loop+0xed/0x480 [ 714.411108][ T148] do_syscall_64+0x33e/0xf80 [ 714.411134][ T148] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 714.411155][ T148] [ 714.411155][ T148] -> #5 (&nsock->tx_lock){+.+.}-{4:4}: [ 714.411188][ T148] __mutex_lock+0x19e/0x1420 [ 714.568561][ T148] nbd_queue_rq+0x37b/0x1100 [ 714.568591][ T148] blk_mq_dispatch_rq_list+0xa70/0x1910 [ 714.568618][ T148] __blk_mq_sched_dispatch_requests+0xdcc/0x1600 [ 714.568645][ T148] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 714.568672][ T148] blk_mq_run_hw_queue+0x348/0x4f0 [ 714.568694][ T148] blk_mq_dispatch_list+0xd16/0xe10 [ 714.568719][ T148] blk_mq_flush_plug_list+0x48d/0x570 [ 714.568751][ T148] __blk_flush_plug+0x3ed/0x4d0 [ 714.568776][ T148] __submit_bio+0x28d/0x580 [ 714.568802][ T148] submit_bio_noacct_nocheck+0x2f4/0xa40 [ 714.568826][ T148] block_read_full_folio+0x599/0x830 [ 714.568848][ T148] filemap_read_folio+0x137/0x3b0 [ 714.568864][ T148] do_read_cache_folio+0x358/0x590 [ 714.568880][ T148] read_part_sector+0xb6/0x2b0 [ 714.568903][ T148] adfspart_check_ICS+0xb1/0x960 [ 714.568928][ T148] bdev_disk_changed+0x817/0x1770 [ 714.568952][ T148] blkdev_get_whole+0x380/0x510 [ 714.569085][ T148] bdev_open+0x31e/0xd30 [ 714.569119][ T148] blkdev_open+0x470/0x610 [ 714.569135][ T148] do_dentry_open+0x785/0x14e0 [ 714.569157][ T148] vfs_open+0x3b/0x340 [ 714.569177][ T148] path_openat+0x2e08/0x3860 [ 714.569193][ T148] do_file_open+0x23e/0x4a0 [ 714.569207][ T148] do_sys_openat2+0x113/0x200 [ 714.569229][ T148] __x64_sys_openat+0x138/0x170 [ 714.569252][ T148] do_syscall_64+0x15f/0xf80 [ 714.569274][ T148] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 714.569292][ T148] [ 714.569292][ T148] -> #4 (&cmd->lock){+.+.}-{4:4}: [ 714.569323][ T148] __mutex_lock+0x19e/0x1420 [ 714.569346][ T148] nbd_queue_rq+0xc6/0x1100 [ 714.569367][ T148] blk_mq_dispatch_rq_list+0xa70/0x1910 [ 714.569392][ T148] __blk_mq_sched_dispatch_requests+0xdcc/0x1600 [ 714.569420][ T148] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 714.569448][ T148] blk_mq_run_hw_queue+0x348/0x4f0 [ 714.569470][ T148] blk_mq_dispatch_list+0xd16/0xe10 [ 714.569498][ T148] blk_mq_flush_plug_list+0x48d/0x570 [ 714.569525][ T148] __blk_flush_plug+0x3ed/0x4d0 [ 714.569549][ T148] __submit_bio+0x28d/0x580 [ 714.569583][ T148] submit_bio_noacct_nocheck+0x2f4/0xa40 [ 714.569609][ T148] block_read_full_folio+0x599/0x830 [ 714.569631][ T148] filemap_read_folio+0x137/0x3b0 [ 714.569648][ T148] do_read_cache_folio+0x358/0x590 [ 714.569665][ T148] read_part_sector+0xb6/0x2b0 [ 714.569690][ T148] adfspart_check_ICS+0xb1/0x960 [ 714.569716][ T148] bdev_disk_changed+0x817/0x1770 [ 714.569739][ T148] blkdev_get_whole+0x380/0x510 [ 714.569765][ T148] bdev_open+0x31e/0xd30 [ 714.569790][ T148] blkdev_open+0x470/0x610 [ 714.569814][ T148] do_dentry_open+0x785/0x14e0 [ 714.569835][ T148] vfs_open+0x3b/0x340 [ 714.569855][ T148] path_openat+0x2e08/0x3860 [ 714.569871][ T148] do_file_open+0x23e/0x4a0 [ 714.569887][ T148] do_sys_openat2+0x113/0x200 [ 714.569909][ T148] __x64_sys_openat+0x138/0x170 [ 714.569932][ T148] do_syscall_64+0x15f/0xf80 [ 714.569955][ T148] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 714.569973][ T148] [ 714.569973][ T148] -> #3 (set->srcu){.+.+}-{0:0}: [ 714.570001][ T148] __synchronize_srcu+0xca/0x300 [ 714.570026][ T148] elevator_switch+0x1e8/0x7a0 [ 714.570051][ T148] elevator_change+0x2cc/0x450 [ 714.570077][ T148] elevator_set_default+0x36c/0x430 [ 714.570101][ T148] blk_register_queue+0x3e9/0x4e0 [ 714.570128][ T148] __add_disk+0x677/0xd50 [ 714.570145][ T148] add_disk_fwnode+0xfb/0x480 [ 714.570163][ T148] nbd_dev_add+0x72c/0xb50 [ 714.570184][ T148] nbd_init+0x168/0x1f0 [ 714.570205][ T148] do_one_initcall+0x250/0x870 [ 714.570234][ T148] do_initcall_level+0x104/0x190 [ 714.570254][ T148] do_initcalls+0x59/0xa0 [ 714.570271][ T148] kernel_init_freeable+0x2a6/0x3e0 [ 714.570289][ T148] kernel_init+0x1d/0x1d0 [ 714.570303][ T148] ret_from_fork+0x514/0xb70 [ 714.570328][ T148] ret_from_fork_asm+0x1a/0x30 [ 714.570343][ T148] [ 714.570343][ T148] -> #2 (&q->elevator_lock){+.+.}-{4:4}: [ 714.570371][ T148] __mutex_lock+0x19e/0x1420 [ 714.570394][ T148] elevator_change+0x1b3/0x450 [ 714.570418][ T148] elevator_set_none+0xb5/0x140 [ 714.570443][ T148] blk_mq_update_nr_hw_queues+0x5e7/0x1a60 [ 714.570461][ T148] nbd_start_device+0x17f/0xb10 [ 714.570481][ T148] nbd_genl_connect+0x165b/0x1cf0 [ 714.570501][ T148] genl_family_rcv_msg_doit+0x22a/0x330 [ 714.570525][ T148] genl_rcv_msg+0x61c/0x7a0 [ 714.570546][ T148] netlink_rcv_skb+0x232/0x4b0 [ 714.570572][ T148] genl_rcv+0x28/0x40 [ 714.570591][ T148] netlink_unicast+0x80f/0x9b0 [ 714.570615][ T148] netlink_sendmsg+0x813/0xb40 [ 714.570631][ T148] ____sys_sendmsg+0x972/0x9f0 [ 714.570651][ T148] ___sys_sendmsg+0x2a5/0x360 [ 714.570670][ T148] __x64_sys_sendmsg+0x1bd/0x2a0 [ 714.570690][ T148] do_syscall_64+0x15f/0xf80 [ 714.570712][ T148] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 714.570731][ T148] [ 714.570731][ T148] -> #1 (&q->q_usage_counter(io)#51){++++}-{0:0}: [ 714.570764][ T148] blk_alloc_queue+0x546/0x680 [ 714.570788][ T148] __blk_mq_alloc_disk+0x197/0x390 [ 714.570810][ T148] nbd_dev_add+0x499/0xb50 [ 714.570830][ T148] nbd_init+0x168/0x1f0 [ 714.570850][ T148] do_one_initcall+0x250/0x870 [ 714.570877][ T148] do_initcall_level+0x104/0x190 [ 714.570894][ T148] do_initcalls+0x59/0xa0 [ 714.570911][ T148] kernel_init_freeable+0x2a6/0x3e0 [ 714.570929][ T148] kernel_init+0x1d/0x1d0 [ 714.570943][ T148] ret_from_fork+0x514/0xb70 [ 714.570968][ T148] ret_from_fork_asm+0x1a/0x30 [ 714.570984][ T148] [ 714.570984][ T148] -> #0 (fs_reclaim){+.+.}-{0:0}: [ 714.571010][ T148] __lock_acquire+0x15a5/0x2cf0 [ 714.571035][ T148] lock_acquire+0x106/0x350 [ 714.571060][ T148] fs_reclaim_acquire+0x71/0x100 [ 714.571078][ T148] kmem_cache_alloc_node_noprof+0x4a/0x690 [ 714.571104][ T148] __alloc_skb+0x1d0/0x7d0 [ 714.571121][ T148] tcp_send_active_reset+0x8a/0x5a0 [ 714.571139][ T148] __tcp_close+0x4c5/0xfe0 [ 714.571164][ T148] tcp_close+0x28/0x110 [ 714.571186][ T148] inet_release+0x143/0x190 [ 714.571204][ T148] sock_release+0x85/0x150 [ 714.571227][ T148] rds_tcp_accept_one+0x641/0xd70 [ 714.571247][ T148] rds_tcp_accept_worker+0x1d/0x70 [ 714.571265][ T148] process_scheduled_works+0xb5d/0x1860 [ 714.571291][ T148] worker_thread+0xa53/0xfc0 [ 714.571315][ T148] kthread+0x388/0x470 [ 714.571333][ T148] ret_from_fork+0x514/0xb70 [ 714.571356][ T148] ret_from_fork_asm+0x1a/0x30 [ 714.571371][ T148] [ 714.571371][ T148] other info that might help us debug this: [ 714.571371][ T148] [ 714.571379][ T148] Chain exists of: [ 714.571379][ T148] fs_reclaim --> sk_lock-AF_INET6 --> k-sk_lock-AF_INET6 [ 714.571379][ T148] [ 714.571412][ T148] Possible unsafe locking scenario: [ 714.571412][ T148] [ 714.571418][ T148] CPU0 CPU1 [ 714.571425][ T148] ---- ---- [ 714.571431][ T148] lock(k-sk_lock-AF_INET6); [ 714.571445][ T148] lock(sk_lock-AF_INET6); [ 714.571460][ T148] lock(k-sk_lock-AF_INET6); [ 714.571475][ T148] lock(fs_reclaim); [ 714.571489][ T148] [ 714.571489][ T148] *** DEADLOCK *** [ 714.571489][ T148] [ 714.571494][ T148] 4 locks held by kworker/u8:6/148: [ 714.571505][ T148] #0: ffff888031d74940 ((wq_completion)krdsd){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 714.571559][ T148] #1: ffffc90002dd7c40 ((work_completion)(&rtn->rds_tcp_accept_w)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 714.571612][ T148] #2: ffff888033866e60 (&rtn->rds_tcp_accept_lock){+.+.}-{4:4}, at: rds_tcp_accept_one+0xa9/0xd70 [ 714.571658][ T148] #3: ffff8880782860e0 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_close+0x1d/0x110 [ 714.571709][ T148] [ 714.571709][ T148] stack backtrace: [ 714.571724][ T148] CPU: 0 UID: 0 PID: 148 Comm: kworker/u8:6 Tainted: G L syzkaller #0 PREEMPT(full) [ 714.571749][ T148] Tainted: [L]=SOFTLOCKUP [ 714.571756][ T148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 714.571769][ T148] Workqueue: krdsd rds_tcp_accept_worker [ 714.571791][ T148] Call Trace: [ 714.571801][ T148] [ 714.571823][ T148] dump_stack_lvl+0xe8/0x150 [ 714.571849][ T148] print_circular_bug+0x2e1/0x300 [ 714.571880][ T148] check_noncircular+0x12e/0x150 [ 714.571901][ T148] __lock_acquire+0x15a5/0x2cf0 [ 714.571929][ T148] ? __lock_acquire+0x6b5/0x2cf0 [ 714.571958][ T148] ? kasan_quarantine_put+0xbb/0x1f0 [ 714.571988][ T148] ? kmem_cache_alloc_node_noprof+0x4a/0x690 [ 714.572014][ T148] lock_acquire+0x106/0x350 [ 714.572037][ T148] ? kmem_cache_alloc_node_noprof+0x4a/0x690 [ 714.572066][ T148] ? lock_acquire+0x106/0x350 [ 714.572093][ T148] fs_reclaim_acquire+0x71/0x100 [ 714.572110][ T148] ? kmem_cache_alloc_node_noprof+0x4a/0x690 [ 714.572136][ T148] kmem_cache_alloc_node_noprof+0x4a/0x690 [ 714.572164][ T148] ? __alloc_skb+0x1d0/0x7d0 [ 714.572180][ T148] ? __local_bh_enable_ip+0xd0/0x130 [ 714.572208][ T148] __alloc_skb+0x1d0/0x7d0 [ 714.572227][ T148] tcp_send_active_reset+0x8a/0x5a0 [ 714.572246][ T148] ? __sk_mem_reduce_allocated+0x270/0x3f0 [ 714.572272][ T148] __tcp_close+0x4c5/0xfe0 [ 714.572300][ T148] tcp_close+0x28/0x110 [ 714.572323][ T148] inet_release+0x143/0x190 [ 714.572342][ T148] sock_release+0x85/0x150 [ 714.572366][ T148] rds_tcp_accept_one+0x641/0xd70 [ 714.572387][ T148] ? process_scheduled_works+0xa70/0x1860 [ 714.572412][ T148] ? __pfx_rds_tcp_accept_one+0x10/0x10 [ 714.572436][ T148] rds_tcp_accept_worker+0x1d/0x70 [ 714.572454][ T148] ? process_scheduled_works+0xa70/0x1860 [ 714.572480][ T148] process_scheduled_works+0xb5d/0x1860 [ 714.572517][ T148] ? __pfx_process_scheduled_works+0x10/0x10 [ 714.572545][ T148] ? assign_work+0x3d5/0x5e0 [ 714.572570][ T148] worker_thread+0xa53/0xfc0 [ 714.572607][ T148] kthread+0x388/0x470 [ 714.572626][ T148] ? __pfx_worker_thread+0x10/0x10 [ 714.572651][ T148] ? __pfx_kthread+0x10/0x10 [ 714.572670][ T148] ret_from_fork+0x514/0xb70 [ 714.572696][ T148] ? __pfx_ret_from_fork+0x10/0x10 [ 714.572721][ T148] ? __switch_to+0xc79/0x1410 [ 714.572743][ T148] ? __pfx_kthread+0x10/0x10 [ 714.572762][ T148] ret_from_fork_asm+0x1a/0x30 [ 714.572784][ T148] [ 718.313766][ T5854] Bluetooth: hci0: command 0x0406 tx timeout