last executing test programs: 9m8.161918194s ago: executing program 32 (id=2122): mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000300)={{0x6, @rose}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48) 7m51.648026909s ago: executing program 33 (id=3038): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0xfffffffb}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=@getlink={0x34, 0x12, 0x321, 0x70bd21, 0x8000, {0x7}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'veth1_vlan\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x200040c1}, 0x0) 7m30.689951162s ago: executing program 34 (id=3169): sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x1c, 0x1, 0x4, 0x5, 0x0, 0x0, {0x0, 0x0, 0x8000}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x1c}}, 0x0) r0 = syz_open_dev$dvb_frontend(&(0x7f0000000040), 0x0, 0x0) ioctl$FE_GET_PROPERTY(r0, 0x80086f53, &(0x7f0000000000)={0x6, &(0x7f0000000080)}) 7m23.116380076s ago: executing program 35 (id=3752): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000001780), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_INTERFACE(r0, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000001880)={&(0x7f00000007c0)={0x24, r1, 0x409, 0x70bd2c, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 5m41.160159285s ago: executing program 36 (id=6509): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) splice(r0, 0x0, r1, 0x0, 0x8003, 0x0) 3m20.851395103s ago: executing program 6 (id=9629): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2, 0x0, 0x10}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}, @CTA_LABELS={0x8, 0x16, 0x1, 0x0, [0x3]}]}, 0x6c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x3c, 0x0, 0x1, 0x101, 0x0, 0x0, {0x2, 0x0, 0x2}, [@CTA_LABELS={0x4}, @CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4004881}, 0x20008820) 3m20.784919903s ago: executing program 6 (id=9631): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x6, 0x24, &(0x7f0000000080)=ANY=[], 0x0) ioctl$EVIOCRMFF(r0, 0x40095505, 0x0) 3m20.01553331s ago: executing program 6 (id=9648): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) timer_settime(0x0, 0x0, &(0x7f0000000500)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000300)={{0x6, @rose}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48) 3m20.015298339s ago: executing program 6 (id=9649): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_KEY(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x20, r1, 0x1, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY_DEFAULT_TYPES={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x4080) 3m19.966476343s ago: executing program 6 (id=9650): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8}) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4) lchown(&(0x7f0000000040)='./file1\x00', 0xee01, 0xee01) 3m19.96612219s ago: executing program 6 (id=9651): r0 = socket$inet(0x2, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) 3m4.970391944s ago: executing program 7 (id=9934): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01"], 0x50) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_tos={0x0, 0xffffffffffffffff, 0x0, 0x3}}, 0x20) 3m4.920485716s ago: executing program 37 (id=9651): r0 = socket$inet(0x2, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) 3m4.876338664s ago: executing program 7 (id=9936): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000140), &(0x7f0000000200), 0x8, 0x0, 0x8, 0x0, 0x0}}, 0x10) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000180)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x4}, @exit, @initr0, @exit, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @exit], &(0x7f00000000c0)='GPL\x00'}, 0x78) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r0, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) 3m4.823679023s ago: executing program 7 (id=9938): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f000000ac40)={0x2020, 0x0, 0x0, 0x0}, 0x2020) setreuid(0x0, r1) fchown(r0, 0x0, 0x0) 3m4.823511215s ago: executing program 7 (id=9939): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000280)='./file0\x00', 0x0, 0x97801, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000240)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x112) 3m4.75398177s ago: executing program 7 (id=9941): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000040)=0x3, 0x4) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x1a, &(0x7f0000000240)={0x1, 'veth0_to_team\x00'}, 0x18) syz_emit_ethernet(0xbe, &(0x7f0000000080)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0xfb, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x1, 0x0, 0x3, 0x24, 0x0, {0x25, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x7, @loopback, @rand_addr=0x640100fe, {[@cipso={0x86, 0x78, 0xffffffffffffffff, [{0x0, 0xe, "08c8c989da6ee06cb8dd9452"}, {0x5, 0x9, "020007651442eb"}, {0x0, 0x12, "050000000000000000000000009e27a6"}, {0x0, 0x9, "e706d30bd224f8"}, {0x2, 0x7, "cf9324b0bd"}, {0x0, 0xf, "8475be675de6a70a05a0dc91e5"}, {0x6, 0xa, "0000000000800000"}, {0x7, 0x10, "73bc23f9ffffffa30900a301c846"}, {0x0, 0x10, "c8f46976e79ea788f03d9d320592"}]}, @cipso={0x86, 0x6, 0x20}]}}}}}}}, 0x0) 3m3.996737687s ago: executing program 7 (id=9946): r0 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x2f}}, 0x10, 0x0}, 0x300060c1) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000300)=0xa, 0x4) 3m3.972538076s ago: executing program 38 (id=9946): r0 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x2f}}, 0x10, 0x0}, 0x300060c1) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000300)=0xa, 0x4) 1m20.754253482s ago: executing program 9 (id=11826): r0 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) symlinkat(&(0x7f0000000180)='./file0\x00', r1, &(0x7f0000000140)='./file0\x00') readlinkat(r1, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240)=""/65, 0x41) 1m20.683035429s ago: executing program 9 (id=11828): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0xc}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00001b5000/0x2000)=nil, 0x2000}, 0x3}) madvise(&(0x7f00001b4000/0x4000)=nil, 0x4000, 0x4) ioctl$UFFDIO_MOVE(r0, 0xc028aa05, 0x0) 1m19.845405127s ago: executing program 9 (id=11854): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='R', 0x1, 0x7ffffffe) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 1m19.782643492s ago: executing program 9 (id=11856): mkdirat(0xffffffffffffff9c, &(0x7f0000000800)='./file0\x00', 0x44) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x1) 1m19.782370499s ago: executing program 9 (id=11857): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x8c66) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000240)={0x277ffffffff, 0x0, 0x1, r2, 0x1}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000040)={0x27800000000, 0x0, 0x1, r2, 0x5}) 1m19.396154263s ago: executing program 9 (id=11863): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x27, 0x0, 0x27}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0xfd5e, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffff20, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x700, 0x0, 0x18, {[@window={0x9, 0xfffffffffffffc4b}, @timestamp={0x5, 0x2, 0xffffff07, 0x11}, @generic={0x0, 0x2, "d588380003c1"}]}}}}}}, 0xfd6c) 1m19.356115102s ago: executing program 39 (id=11863): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x27, 0x0, 0x27}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0xfd5e, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffff20, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x700, 0x0, 0x18, {[@window={0x9, 0xfffffffffffffc4b}, @timestamp={0x5, 0x2, 0xffffff07, 0x11}, @generic={0x0, 0x2, "d588380003c1"}]}}}}}}, 0xfd6c) 50.153507332s ago: executing program 8 (id=12257): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) close(0x3) 49.874815039s ago: executing program 8 (id=12262): setresuid(0xee01, 0xee00, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000140)={0x0, r2}) sendmmsg$unix(r0, &(0x7f0000006c40)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="11", 0x1}], 0x1}}], 0x1, 0x40015) 49.78441376s ago: executing program 8 (id=12264): r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) close(0x3) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e04, 0x3, @dev={0xfe, 0x80, '\x00', 0x25}, 0x23}, 0x1c) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0xb, @empty}, 0x1c) 49.377016061s ago: executing program 8 (id=12266): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x23e9c9e, 0x0) mount$bind(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000000bc0)='./file0\x00', 0x0, 0x28e3291, 0x0) 49.304012455s ago: executing program 8 (id=12267): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, &(0x7f0000000300)={0xbe, 0x0, 0xb2e}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x4b564d04, 0x0, 0xe446}]}) 48.675510539s ago: executing program 8 (id=12281): r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r0, &(0x7f0000000300)=[{{&(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x7, 0x0}}, 0x10, 0x0}}], 0x1, 0x4000000) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000400)=@sack_info={r2, 0x12, 0x80}, 0xc) 48.581243874s ago: executing program 40 (id=12281): r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r0, &(0x7f0000000300)=[{{&(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x7, 0x0}}, 0x10, 0x0}}], 0x1, 0x4000000) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000400)=@sack_info={r2, 0x12, 0x80}, 0xc) 37.614567846s ago: executing program 3 (id=12448): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000000f80)=[{{0x0, 0x0, 0x0}, 0x32f5}], 0x1, 0x102, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 37.513288774s ago: executing program 3 (id=12450): r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000280)={r1, r1, 0x9, 0x0, 0x0, 0x9, 0x8b, 0x6, 0x5508, 0xa35, 0x1, 0x1, 'syz0\x00'}) ioctl$sock_bt_hidp_HIDPCONNDEL(r0, 0x400448c9, &(0x7f0000000140)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}) 37.416368094s ago: executing program 3 (id=12452): pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0xfffffffffffffffe) r2 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000001c0)=0xc) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200), 0x2000400, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access', 0x3d, r3}}], [], 0x6b}}) 37.353733565s ago: executing program 3 (id=12454): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(&(0x7f0000000180)='./file0/file0\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2002, 0x0) 37.353335618s ago: executing program 3 (id=12455): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f00000003c0)={0x8, 0x1e, '\x00', [@calipso={0x7, 0x38, {0x0, 0xc, 0x2, 0x9, [0x0, 0xd0e, 0x5, 0x4, 0x5, 0x7fffffff]}}, @generic={0x7, 0xb4, "e4ee7fa16636eca47d7c9a91a26a00c2894266b6c667750bc439ac6e752df720b44131ad8922d8ffffff7f75fc747a815e3a0b7cc6c5cddf888d2bb30225d3416028a9b78f99112575d7213f8f0710355a78f001dc13448354d91009878fc698f9407364af127240803c32b3bf7b5ae6e8e82764c24d1452b5917f68197a5499fddac2a39785a94a54b404d7b5ea1797a0b8162d298af6681551b223ffda58e73e638d8bce72fea92327033678945fdc9c61b6e4"}]}, 0xf8) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x2) syz_emit_ethernet(0x4a, &(0x7f0000000140)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0200", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) 36.850270029s ago: executing program 3 (id=12464): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x4c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x48, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 36.807371466s ago: executing program 41 (id=12464): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x4c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x48, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 31.534987321s ago: executing program 0 (id=12546): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r0, &(0x7f00000042c0)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000800)="cc5a4dbac0affd0a979c63ea8352d608a51fc8625318716ddf62b7752be4540c4ac7d344c53a3ad28313abc2437b60b03c0e587cafcf9a435bf90c618351f70a828238fdf90bc5d36c7d614b82552649954e0185662defd28f78449f073bad544f586136c5076a6f0f1b6fc9adf8", 0x6e}], 0x1}}, {{0x0, 0x0, &(0x7f00000022c0)=[{&(0x7f0000001040)="39e6f0f5240525bf127de94fe5cfc0b0f2c98c4ac8bf0568e948e0274b0445d03a56f1bfe147fb8ac1da60b16f07dbe40e90d68b4619d12165154b679949da907d460d298e92e0d24077e89d302255e0a9626f61e6dc304713126dd04ca5e168c8f7894d2d189c22945826101c5199f90c3734146364f2195120530ab5e42614a3cb5651b1fc7b17d61955840b5c9adbeffa334d38da282e42b01e", 0x9b}], 0x1}}], 0x2, 0xc054) 31.534750005s ago: executing program 0 (id=12547): socketpair$unix(0x1, 0x2, 0x0, 0x0) unshare(0x2c020400) r0 = msgget$private(0x0, 0x0) msgsnd(r0, &(0x7f0000000480)=ANY=[@ANYRESDEC], 0x2000, 0x0) msgrcv(r0, &(0x7f0000001080)={0x0, ""/1}, 0x5, 0x1, 0x3000) 31.43461934s ago: executing program 0 (id=12549): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x4) mount$9p_virtio(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x10000, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000001400)='./file0\x00', 0x4000, 0x22) umount2(&(0x7f00000001c0)='./file0\x00', 0x1) setxattr$incfs_metadata(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, 0x0, 0x0) 31.434228191s ago: executing program 0 (id=12550): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) unlinkat(r1, &(0x7f00000011c0)='./file0\x00', 0x0) 31.083511223s ago: executing program 0 (id=12554): pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) setsockopt$sock_int(r2, 0x1, 0x10, &(0x7f00000002c0)=0x8001, 0x4) splice(r0, 0x0, r2, 0x0, 0x3ff, 0x8) write$FUSE_INIT(r1, &(0x7f0000000340)={0x50, 0x0, 0x0, {0x7, 0x28, 0x1, 0x4000000, 0x2, 0x80, 0x10000, 0xa79, 0x0, 0x0, 0x100}}, 0x50) 29.574604265s ago: executing program 0 (id=12557): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1}) r1 = socket$vsock_stream(0x28, 0x1, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) connect$vsock_stream(r1, &(0x7f0000000200)={0x28, 0x0, 0xffffffff, @my=0x1}, 0x10) 29.488555796s ago: executing program 42 (id=12557): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1}) r1 = socket$vsock_stream(0x28, 0x1, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) connect$vsock_stream(r1, &(0x7f0000000200)={0x28, 0x0, 0xffffffff, @my=0x1}, 0x10) 2.419481335s ago: executing program 1 (id=12910): ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x0, 0xb, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000080)=0x6490, 0x4) ioctl$USBDEVFS_FREE_STREAMS(r0, 0x802c550a, &(0x7f0000000000)=ANY=[]) ioctl$USBDEVFS_REAPURB(r0, 0x4004550c, &(0x7f00000002c0)) 2.354858105s ago: executing program 5 (id=12911): setresgid(0x0, 0xee01, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x1d) setgroups(0x0, 0x0) setuid(0xee01) openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) 2.354441228s ago: executing program 5 (id=12912): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'macvlan1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=@newlink={0x48, 0x10, 0xffffffffffffffff, 0x70bd29, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x2017, 0x2021}, [@IFLA_LINK={0x8, 0x5, r2}, @IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @remote}]}, 0x48}}, 0x8004042) sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0) 2.304950516s ago: executing program 1 (id=12913): r0 = landlock_create_ruleset(&(0x7f00000001c0)={0xa019, 0x1, 0x3}, 0x18, 0x0) landlock_restrict_self(r0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0) symlink(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') renameat2(0xffffffffffffff9c, &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x2) 2.290105513s ago: executing program 1 (id=12914): syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00') fchdir(r0) readlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=""/211, 0xd3) 2.244805305s ago: executing program 5 (id=12916): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000001c0)={r2, 0x7}, 0x8) 2.240308571s ago: executing program 1 (id=12917): r0 = syz_usb_connect(0x3, 0x2d, &(0x7f0000000280)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587033b"], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x10000) syz_usb_disconnect(r0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ff7000/0x9000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000dec000/0x1000)=nil, &(0x7f0000c9b000/0x2000)=nil, &(0x7f0000ef9000/0x3000)=nil, &(0x7f0000c52000/0x3000)=nil, &(0x7f0000f2b000/0x1000)=nil, &(0x7f0000c35000/0x1000)=nil, 0x0, 0x0, r1}, 0x64) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 1.378880416s ago: executing program 5 (id=12929): mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x2172, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) write$sysctl(r0, &(0x7f0000000580)='1\x00', 0x2) write$sysctl(r0, &(0x7f00000000c0)='2\x00', 0x2) 1.378457749s ago: executing program 4 (id=12930): r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x100}) syz_io_uring_setup(0x5ce, 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa08, &(0x7f0000000000)={{&(0x7f0000ffe000/0x2000)=nil, 0x2000}, 0x1}) 1.329686066s ago: executing program 4 (id=12931): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x20200, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x10, 0x572, 0x8000, 0x9, "ff000d00009a468e0cd912098d00"}) r1 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r1, 0x540a, 0x0) ioctl$TCSETA(r1, 0x5406, &(0x7f0000000200)={0x9, 0x3, 0x8, 0xb3, 0xb, "6c06002004dc17a8"}) 1.326969996s ago: executing program 5 (id=12932): sched_setaffinity(0x0, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c000000020601080000000000000000000000400500010006200000050005000a00000005000400000000000900020073797a310000000011000300686173683a69702c6d61726b"], 0x4c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000002500)=ANY=[@ANYBLOB="4c0000000906010200000000000000000500ffff240007801800018014000240fe8000000000000000000000000000aa08000a40000000020900020073797a31000000000500010007"], 0x4c}}, 0x4000080) 1.253955634s ago: executing program 4 (id=12934): syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000480)={0x44, &(0x7f0000000940)={0x40, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r0 = syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) ptrace$setregset(0x4205, r0, 0x202, &(0x7f0000000480)={0x0}) 1.252927486s ago: executing program 5 (id=12935): openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r0 = syz_usb_connect$cdc_ncm(0x1, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a010000190581"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x1, 0x2d, &(0x7f0000000000)=ANY=[], 0x0) 858.176686ms ago: executing program 1 (id=12938): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/fscreate\x00') seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000200)=[{0x6, 0x22, 0x3, 0x50000}]}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000d00), 0xffffffffffffffff) syz_clone3(&(0x7f0000000080)={0x21800000, 0x0, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0) 715.981923ms ago: executing program 4 (id=12939): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='numa_maps\x00') preadv(r0, &(0x7f0000000040)=[{&(0x7f0000000180)=""/4096, 0x1000}], 0x1, 0x0, 0x0) r1 = socket$kcm(0x11, 0x200000000000003, 0x300) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f00000003c0), 0x4) recvmsg$kcm(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000006c0), 0x60}, 0x0) 433.583071ms ago: executing program 2 (id=12941): timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x3fd4, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) setitimer(0x0, 0x0, 0x0) 432.393092ms ago: executing program 4 (id=12942): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x4) mount$9p_virtio(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x10000, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000001400)='./file0\x00', 0x4000, 0x22) umount2(&(0x7f00000001c0)='./file0\x00', 0x1) mknodat$null(r0, &(0x7f00000000c0)='./file0\x00', 0x10, 0x103) 430.782032ms ago: executing program 2 (id=12943): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000001c0)={0x1, 0x0, [{0x1, 0x2, 0x80, 0xfffffff9, 0xeaa}]}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x490, 0xec000000, 0xffffffffffffffff}]}) 366.391391ms ago: executing program 4 (id=12944): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) madvise(&(0x7f00001c1000/0x3000)=nil, 0x40000, 0x9) sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000c8d0}, 0x4800) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) 232.820371ms ago: executing program 2 (id=12945): r0 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x3ffffffffffffcd0}) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000500)={0x0, 0xfffffffffffffdf6, r1, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000440)={r2, 0x0, 0xfffffffc, 0x0, 0x2, [0x0], [0xb89, 0x0, 0x4], [0xfffffffb, 0x1000, 0x0, 0xffffffff], [0x4, 0x0, 0x0, 0xfffffffffffffffc]}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c64d2, &(0x7f0000000180)={r3, 0x80000}) 232.529854ms ago: executing program 2 (id=12946): r0 = epoll_create1(0x80000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040)={0x20000004}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014}) epoll_pwait(r0, &(0x7f0000000340)=[{}], 0x1, 0x12, 0x0, 0x0) 5.173849ms ago: executing program 2 (id=12947): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=[@iv={0x14, 0x117, 0x2, 0x1, "dd"}], 0x14}], 0x1, 0x40800) 4.985639ms ago: executing program 2 (id=12948): openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) getxattr(&(0x7f0000005140)='./file0\x00', &(0x7f0000005180)=@known='system.posix_acl_access\x00', 0x0, 0x0) close(r0) 0s ago: executing program 1 (id=12949): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000007"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) 0s ago: executing program 1 (id=12950): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000400)={0x3c, r2, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc0}, 0x0) kernel console output (not intermixed with test programs): hcd.9/usb14/14-1/14-1:155.0/rc/rc0 [ 580.095689][ T24] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.9/usb14/14-1/14-1:155.0/rc/rc0/input63 [ 580.104941][ T24] imon 14-1:155.0: iMON device (15c2:ffdc, intf0) on usb<14:5> initialized [ 580.257981][T30753] imon:display_open: display port is already open [ 580.261639][ T24] usb 14-1: USB disconnect, device number 5 [ 580.582533][T30797] syzkaller1: entered promiscuous mode [ 580.585026][T30797] syzkaller1: entered allmulticast mode [ 580.589528][T30797] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 43 [ 580.830030][ T40] audit: type=1326 audit(1773733157.477:1605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30798 comm="syz.9.11001" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fc2f6c code=0x0 [ 581.042999][ T5953] Bluetooth: hci1: command 0x0c1a tx timeout [ 581.043043][ T5946] Bluetooth: hci4: command 0x0c1a tx timeout [ 581.045539][ T5953] Bluetooth: hci3: command 0x0c1a tx timeout [ 581.095410][T30819] netlink: 4 bytes leftover after parsing attributes in process `syz.5.11009'. [ 581.099524][T30819] netlink: 4 bytes leftover after parsing attributes in process `syz.5.11009'. [ 581.281296][T30827] input: syz1 as /devices/virtual/input/input64 [ 581.283634][T30827] input: failed to attach handler leds to device input64, error: -6 [ 582.109885][T30872] netlink: 44 bytes leftover after parsing attributes in process `syz.3.11029'. [ 582.114394][T30872] netlink: 44 bytes leftover after parsing attributes in process `syz.3.11029'. [ 582.133920][T15611] usb 14-1: new high-speed USB device number 6 using dummy_hcd [ 582.292852][T15611] usb 14-1: Using ep0 maxpacket: 8 [ 582.296319][T15611] usb 14-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 582.301018][T15611] usb 14-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 582.305638][T15611] usb 14-1: config 0 interface 0 has no altsetting 0 [ 582.308427][T15611] usb 14-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 582.312327][T15611] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 582.318910][T15611] usb 14-1: config 0 descriptor?? [ 582.735443][T15611] mcp2221 0003:04D8:00DD.0013: unknown main item tag 0x0 [ 582.739583][T15611] mcp2221 0003:04D8:00DD.0013: unknown main item tag 0x0 [ 582.743051][T15611] mcp2221 0003:04D8:00DD.0013: unknown main item tag 0x0 [ 582.745541][T15611] mcp2221 0003:04D8:00DD.0013: unknown main item tag 0x0 [ 582.748445][T15611] mcp2221 0003:04D8:00DD.0013: unknown main item tag 0x0 [ 582.752044][T15611] mcp2221 0003:04D8:00DD.0013: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.9-1/input0 [ 582.936861][T30862] i2c i2c-2: unsupported multi-msg i2c transaction [ 582.942036][T15611] usb 14-1: USB disconnect, device number 6 [ 583.132880][ T5299] Bluetooth: hci4: command 0x0c1a tx timeout [ 583.132899][T30816] Bluetooth: hci1: command 0x0c1a tx timeout [ 584.162830][T30868] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 584.162849][T30816] Bluetooth: hci3: command 0x0c1a tx timeout [ 585.061012][T30868] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 585.063328][T30868] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 585.098349][T30904] input: syz1 as /devices/virtual/input/input65 [ 585.666671][ T40] audit: type=1800 audit(1773733162.317:1606): pid=30952 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.11064" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 585.698330][T30954] sctp: [Deprecated]: syz.3.11065 (pid 30954) Use of struct sctp_assoc_value in delayed_ack socket option. [ 585.698330][T30954] Use struct sctp_sack_info instead [ 585.706570][T30954] sctp: [Deprecated]: syz.3.11065 (pid 30954) Use of struct sctp_assoc_value in delayed_ack socket option. [ 585.706570][T30954] Use struct sctp_sack_info instead [ 586.157348][T30977] netlink: 52 bytes leftover after parsing attributes in process `syz.5.11074'. [ 586.245214][T30816] Bluetooth: hci4: command 0x0c1a tx timeout [ 586.803460][ T24] usb 14-1: new high-speed USB device number 7 using dummy_hcd [ 586.891322][T31020] syzkaller1: entered promiscuous mode [ 586.893685][T31020] syzkaller1: entered allmulticast mode [ 586.954270][ T24] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 586.957978][ T24] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 586.961343][ T24] usb 14-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 586.965987][ T24] usb 14-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 586.969035][ T24] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 586.973102][ T24] usb 14-1: config 0 descriptor?? [ 587.003147][ T5995] usb 10-1: new high-speed USB device number 25 using dummy_hcd [ 587.124526][T30816] Bluetooth: hci1: command 0x0c1a tx timeout [ 587.155095][ T5995] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 587.159857][ T5995] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 587.164389][ T5995] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 587.170778][ T5995] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 587.174963][ T5995] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 587.180668][ T5995] usb 10-1: config 0 descriptor?? [ 587.366384][T31034] netlink: 8 bytes leftover after parsing attributes in process `syz.8.11098'. [ 587.370161][T31034] netlink: 'syz.8.11098': attribute type 21 has an invalid length. [ 587.413360][ T24] plantronics 0003:047F:FFFF.0014: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.9-1/input0 [ 587.594129][ T5995] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 587.597906][ T5995] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 587.600370][ T5995] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 587.603318][ T5995] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 587.605697][ T5995] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 587.661106][ T5995] plantronics 0003:047F:FFFF.0015: hiddev1,hidraw2: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 587.720014][T31054] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.11104'. [ 587.903951][T31065] netlink: 4 bytes leftover after parsing attributes in process `syz.8.11109'. [ 587.970177][T31070] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 588.607490][ C3] plantronics 0003:047F:FFFF.0014: usb_submit_urb(ctrl) failed: -1 [ 588.620978][ T24] usb 10-1: USB disconnect, device number 25 [ 589.158690][T31088] netlink: 8 bytes leftover after parsing attributes in process `syz.5.11119'. [ 589.411618][ T50] usb 14-1: USB disconnect, device number 7 [ 590.226415][T31131] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 590.979127][T31170] dummy0: entered promiscuous mode [ 590.981419][T31170] macvtap1: entered promiscuous mode [ 590.983880][T31170] macvtap1: entered allmulticast mode [ 590.985685][T31170] dummy0: entered allmulticast mode [ 590.988299][T31170] team0: Device macvtap1 is up. Set it down before adding it as a team port [ 591.063101][T31170] dummy0: left allmulticast mode [ 591.064952][T31170] dummy0: left promiscuous mode [ 591.418117][T31187] input: syz0 as /devices/virtual/input/input68 [ 591.603263][ T24] usb 14-1: new high-speed USB device number 8 using dummy_hcd [ 591.753279][ T24] usb 14-1: Using ep0 maxpacket: 8 [ 591.783647][ T24] usb 14-1: config 0 has an invalid interface number: 55 but max is 0 [ 591.787312][ T24] usb 14-1: config 0 has no interface number 0 [ 591.790026][ T24] usb 14-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 591.793826][ T24] usb 14-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 591.797622][ T24] usb 14-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 591.801221][ T24] usb 14-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 591.813494][ T24] usb 14-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 591.817438][ T24] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 591.827086][ T24] usb 14-1: config 0 descriptor?? [ 591.844815][ T24] ldusb 14-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 592.034150][T31218] could not open pipe file descriptor [ 592.265127][ T40] audit: type=1800 audit(1773733168.917:1607): pid=31233 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.11183" name="file0" dev="9p" ino=71827811 res=0 errno=0 [ 592.595848][T31240] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11188'. [ 592.857761][T31244] kvm: apic: phys broadcast and lowest prio [ 593.112058][T31252] netlink: 12 bytes leftover after parsing attributes in process `syz.3.11194'. [ 593.116371][T31252] netlink: 12 bytes leftover after parsing attributes in process `syz.3.11194'. [ 593.198974][ T40] audit: type=1326 audit(1773733169.847:1608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31259 comm="syz.8.11198" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x0 [ 593.209310][T31264] netlink: 'syz.5.11200': attribute type 5 has an invalid length. [ 593.211911][T31264] netlink: 3657 bytes leftover after parsing attributes in process `syz.5.11200'. [ 593.493145][ T50] usb 10-1: new high-speed USB device number 26 using dummy_hcd [ 593.654222][ T50] usb 10-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 593.657996][ T50] usb 10-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 593.661216][ T50] usb 10-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 593.664471][ T50] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 593.669623][T31267] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 593.674095][ T50] usb 10-1: Quirk or no altset; falling back to MIDI 1.0 [ 593.876794][ T5943] usb 10-1: USB disconnect, device number 26 [ 594.087215][ T5943] usb 14-1: USB disconnect, device number 8 [ 594.094551][ T5943] ldusb 14-1:0.55: LD USB Device #0 now disconnected [ 594.780189][T31321] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3) [ 594.782484][T31321] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 594.785785][T31321] vhci_hcd vhci_hcd.0: Device attached [ 594.953008][T15611] usb 14-1: new high-speed USB device number 9 using dummy_hcd [ 595.033429][ T39] usb 47-1: new low-speed USB device number 2 using vhci_hcd [ 595.038659][ T24] usb 10-1: new full-speed USB device number 27 using dummy_hcd [ 595.105439][T15611] usb 14-1: too many configurations: 9, using maximum allowed: 8 [ 595.109721][T15611] usb 14-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 595.113822][T15611] usb 14-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 595.118484][T15611] usb 14-1: config 0 interface 0 has no altsetting 0 [ 595.122292][T15611] usb 14-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 595.126326][T15611] usb 14-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 595.130595][T15611] usb 14-1: config 0 interface 0 has no altsetting 0 [ 595.134298][T15611] usb 14-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 595.137174][T15611] usb 14-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 595.140654][T15611] usb 14-1: config 0 interface 0 has no altsetting 0 [ 595.145131][T15611] usb 14-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 595.148672][T15611] usb 14-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 595.152138][T15611] usb 14-1: config 0 interface 0 has no altsetting 0 [ 595.155762][T15611] usb 14-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 595.158672][T15611] usb 14-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 595.162170][T15611] usb 14-1: config 0 interface 0 has no altsetting 0 [ 595.168115][T15611] usb 14-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 595.171106][T15611] usb 14-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 595.175924][T15611] usb 14-1: config 0 interface 0 has no altsetting 0 [ 595.179730][T15611] usb 14-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 595.183978][T15611] usb 14-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 595.187807][T15611] usb 14-1: config 0 interface 0 has no altsetting 0 [ 595.190648][T15611] usb 14-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 595.195003][T15611] usb 14-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 595.199823][T15611] usb 14-1: config 0 interface 0 has no altsetting 0 [ 595.204879][T15611] usb 14-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 595.208245][T15611] usb 14-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 595.210972][T15611] usb 14-1: Product: syz [ 595.212634][T15611] usb 14-1: Manufacturer: syz [ 595.215109][T15611] usb 14-1: SerialNumber: syz [ 595.219567][T15611] usb 14-1: config 0 descriptor?? [ 595.230691][T15611] yurex 14-1:0.0: USB YUREX device now attached to Yurex #0 [ 595.234302][ T24] usb 10-1: config 0 has no interfaces? [ 595.236810][ T24] usb 10-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 595.240766][ T24] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 595.268215][ T24] usb 10-1: config 0 descriptor?? [ 595.430627][ T828] usb 14-1: USB disconnect, device number 9 [ 595.441243][ T828] yurex 14-1:0.0: USB YUREX #0 now disconnected [ 595.475318][T31322] usb 47-1: recv xbuf, 0 [ 595.476412][T27547] usb 10-1: USB disconnect, device number 27 [ 595.477684][ T12] vhci_hcd vhci_hcd.5: stop threads [ 595.482115][ T12] vhci_hcd vhci_hcd.5: release socket [ 595.488917][ T12] vhci_hcd vhci_hcd.5: disconnect device [ 595.512841][ T5943] usb 13-1: new high-speed USB device number 18 using dummy_hcd [ 595.543261][ T39] vhci_hcd vhci_hcd.5: vhci_device speed not set [ 595.672855][ T5943] usb 13-1: Using ep0 maxpacket: 8 [ 595.675830][ T5943] usb 13-1: config index 0 descriptor too short (expected 301, got 45) [ 595.678675][ T5943] usb 13-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 595.681856][ T5943] usb 13-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 595.685167][ T5943] usb 13-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 595.688388][ T5943] usb 13-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 595.692573][ T5943] usb 13-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 595.695696][ T5943] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 595.907582][ T5943] usb 13-1: usb_control_msg returned -32 [ 595.909985][ T5943] usbtmc 13-1:16.0: can't read capabilities [ 596.012214][T31350] netlink: 4 bytes leftover after parsing attributes in process `syz.5.11234'. [ 596.018870][T31350] netlink: 4 bytes leftover after parsing attributes in process `syz.5.11234'. [ 596.127634][T31354] loop5: detected capacity change from 0 to 7 [ 596.130623][T31354] Dev loop5: unable to read RDB block 7 [ 596.132513][T31354] loop5: unable to read partition table [ 596.135428][T31354] loop5: partition table beyond EOD, truncated [ 596.140802][T31354] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 598.090297][T31396] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 598.096685][T31396] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 598.296049][ T50] usb 13-1: USB disconnect, device number 18 [ 598.328386][ T39] kernel read not supported for file /admmidi2 (pid: 39 comm: kworker/2:1) [ 598.421134][T31413] netlink: 20 bytes leftover after parsing attributes in process `syz.5.11260'. [ 598.664589][ T50] usb 13-1: new high-speed USB device number 19 using dummy_hcd [ 598.834454][ T50] usb 13-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 598.838459][ T50] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 598.842568][ T50] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 598.846485][ T50] usb 13-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 598.851611][ T50] usb 13-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 598.855447][ T50] usb 13-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 598.858030][ T50] usb 13-1: Manufacturer: syz [ 598.860948][ T50] usb 13-1: config 0 descriptor?? [ 599.239595][T31455] kvm: kvm [31454]: vcpu0, guest rIP: 0xfff0 Unhandled RDMSR(0x4000000f) [ 599.282630][ T50] hid_parser_main: 6 callbacks suppressed [ 599.282647][ T50] appleir 0003:05AC:8243.0016: unknown main item tag 0x0 [ 599.290348][ T50] appleir 0003:05AC:8243.0016: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.8-1/input0 [ 599.426365][T31463] syzkaller1: entered promiscuous mode [ 599.428585][T31463] syzkaller1: entered allmulticast mode [ 599.544975][T15611] usb 13-1: USB disconnect, device number 19 [ 599.741761][T31470] netlink: 176 bytes leftover after parsing attributes in process `syz.3.11286'. [ 600.076991][T31482] loop4: detected capacity change from 0 to 524287936 [ 600.248106][T31499] tunl0: Caught tx_queue_len zero misconfig [ 600.632819][ T50] usb 10-1: new high-speed USB device number 28 using dummy_hcd [ 600.683482][T31518] syzkaller1: entered promiscuous mode [ 600.685609][T31518] syzkaller1: entered allmulticast mode [ 600.785739][ T50] usb 10-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 600.788647][ T50] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 600.791330][ T50] usb 10-1: Product: syz [ 600.792800][ T50] usb 10-1: Manufacturer: syz [ 600.794348][ T50] usb 10-1: SerialNumber: syz [ 600.797552][ T50] usb 10-1: config 0 descriptor?? [ 600.975155][T31526] netlink: 27 bytes leftover after parsing attributes in process `syz.8.11309'. [ 601.007081][ T5943] usb 10-1: USB disconnect, device number 28 [ 601.032612][T31532] dummy0: entered promiscuous mode [ 601.035986][T31532] bond0: entered promiscuous mode [ 601.038127][T31532] bond_slave_0: entered promiscuous mode [ 601.040788][T31532] bond_slave_1: entered promiscuous mode [ 601.045970][T31532] debugfs: 'hsr1' already exists in 'hsr' [ 601.048457][T31532] Cannot create hsr debugfs directory [ 601.050786][T31532] hsr1: entered allmulticast mode [ 601.052361][T31532] dummy0: entered allmulticast mode [ 601.056721][T31532] bond0: entered allmulticast mode [ 601.058457][T31532] bond_slave_0: entered allmulticast mode [ 601.060417][T31532] bond_slave_1: entered allmulticast mode [ 601.244286][ T828] usb 13-1: new high-speed USB device number 20 using dummy_hcd [ 601.398652][ T828] usb 13-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 601.402082][ T828] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 601.405220][ T828] usb 13-1: Product: syz [ 601.406765][ T828] usb 13-1: Manufacturer: syz [ 601.408655][ T828] usb 13-1: SerialNumber: syz [ 601.414359][ T828] usb 13-1: config 0 descriptor?? [ 601.620200][ T828] usb 13-1: USB disconnect, device number 20 [ 602.385040][T31575] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11331'. [ 602.643724][ T12] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 602.652537][T31590] netlink: 52 bytes leftover after parsing attributes in process `syz.9.11335'. [ 602.848930][T31604] ieee802154 phy0 wpan0: encryption failed: -126 [ 602.851085][T31604] ieee802154 phy0 wpan0: encryption failed: -126 [ 603.369019][T31636] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 603.616656][T31658] batadv_slave_0: entered promiscuous mode [ 603.619485][T31656] batadv_slave_0: left promiscuous mode [ 604.083233][T27547] usb 10-1: new high-speed USB device number 29 using dummy_hcd [ 604.234914][T27547] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 604.239262][T27547] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 604.244395][T27547] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 604.249019][T27547] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 604.255346][T27547] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 604.259029][T27547] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 604.266174][T27547] usb 10-1: config 0 descriptor?? [ 604.271071][T31688] netlink: 8 bytes leftover after parsing attributes in process `syz.9.11379'. [ 604.721969][T31704] input: syz1 as /devices/virtual/input/input69 [ 604.724344][T27547] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 604.727588][T27547] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 604.730210][T27547] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 604.732792][T27547] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 604.735506][T27547] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 604.738380][T27547] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 604.740878][T27547] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 604.743444][T27547] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 604.746038][T27547] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 604.748453][T27547] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 604.760177][T27547] plantronics 0003:047F:FFFF.0017: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 604.925181][T31714] netlink: 'syz.8.11389': attribute type 34 has an invalid length. [ 604.963670][T15611] usb 10-1: USB disconnect, device number 29 [ 604.992185][T31717] syzkaller1: entered promiscuous mode [ 604.996543][T31717] syzkaller1: entered allmulticast mode [ 605.895351][ T5363] block nbd2: Possible stuck request ffff8880278e0000: control (read@0,4096B). Runtime 30 seconds [ 605.998030][T31760] Bluetooth: hci0: expected 2 bytes, got 7 bytes [ 606.220830][T31773] netlink: 24 bytes leftover after parsing attributes in process `syz.5.11414'. [ 606.626985][T31806] serio: Serial port ttyprintk [ 606.837475][T31813] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 606.843455][T31813] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 606.847636][T31813] overlayfs: inode number too big (/, ino=4611686018427387905, xinobits=3) [ 607.763858][ T50] usb 13-1: new high-speed USB device number 21 using dummy_hcd [ 607.924290][ T50] usb 13-1: Using ep0 maxpacket: 16 [ 607.931781][ T50] usb 13-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35 [ 607.937851][ T50] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 607.941258][ T50] usb 13-1: Product: syz [ 607.943787][ T50] usb 13-1: Manufacturer: syz [ 607.945822][ T50] usb 13-1: SerialNumber: syz [ 607.950437][ T50] usb 13-1: config 0 descriptor?? [ 607.959457][ T50] as10x_usb: device has been detected [ 607.964931][ T50] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led)) [ 607.977417][ T50] usb 13-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))... [ 608.008249][ T50] as10x_usb: error during firmware upload part1 [ 608.011320][ T50] Registered device Sky IT Digital Key (green led) [ 608.165520][T31828] random: crng reseeded on system resumption [ 608.177687][ T50] usb 13-1: USB disconnect, device number 21 [ 608.188132][ T50] Unregistered device Sky IT Digital Key (green led) [ 608.189398][ T50] as10x_usb: device has been disconnected [ 608.193304][T27547] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 609.792856][ T40] audit: type=1326 audit(1773733442.439:1609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31908 comm="syz.8.11466" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf702ef6c code=0x0 [ 609.931221][T31915] netlink: 20 bytes leftover after parsing attributes in process `syz.3.11467'. [ 610.141150][T31929] netlink: 44 bytes leftover after parsing attributes in process `syz.9.11471'. [ 610.163677][T31931] loop2: detected capacity change from 0 to 7 [ 610.166698][T31931] Dev loop2: unable to read RDB block 7 [ 610.169188][T31931] loop2: unable to read partition table [ 610.171479][T31931] loop2: partition table beyond EOD, truncated [ 610.174308][T31931] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 610.178004][T31933] ip6_vti0 speed is unknown, defaulting to 1000 [ 610.212942][T31935] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 610.500876][T31950] binder: 31949:31950 ioctl c00c620f 80000380 returned -22 [ 610.661989][T31958] netlink: 212368 bytes leftover after parsing attributes in process `syz.9.11483'. [ 610.734465][T31962] pim6reg1: entered promiscuous mode [ 610.736375][T31962] pim6reg1: entered allmulticast mode [ 610.924591][T31968] : renamed from vlan0 (while UP) [ 611.007031][T31972] loop8: detected capacity change from 0 to 8 [ 611.013016][T31972] loop8: [POWERTEC] p1 p2 p3 p4 p5 p6 p7 p8 p9 p10 p11 p12 [ 611.016454][T31972] loop8: p1 start 170943852 is beyond EOD, truncated [ 611.019223][T31972] loop8: p2 size 3397386272 extends beyond EOD, truncated [ 611.031336][T31972] loop8: p3 start 594335246 is beyond EOD, truncated [ 611.034400][T31972] loop8: p4 start 3776743406 is beyond EOD, truncated [ 611.036983][T31972] loop8: p5 start 2027407540 is beyond EOD, truncated [ 611.039213][T31972] loop8: p6 start 638845845 is beyond EOD, truncated [ 611.041437][T31972] loop8: p7 start 575385556 is beyond EOD, truncated [ 611.043706][T31972] loop8: p8 start 2093735673 is beyond EOD, truncated [ 611.046019][T31972] loop8: p9 start 742306117 is beyond EOD, truncated [ 611.048203][T31972] loop8: p10 start 702590879 is beyond EOD, truncated [ 611.050412][T31972] loop8: p11 start 3071560887 is beyond EOD, truncated [ 611.053222][T31972] loop8: p12 start 1681252333 is beyond EOD, truncated [ 611.094458][T22087] udevd[22087]: inotify_add_watch(7, /dev/loop8p2, 10) failed: No such file or directory [ 611.294464][ T5299] Bluetooth: hci1: command 0x0c1a tx timeout [ 611.587145][T32013] netlink: 4 bytes leftover after parsing attributes in process `syz.8.11507'. [ 612.204452][T32047] loop8: detected capacity change from 0 to 8 [ 612.207311][T22085] Dev loop8: unable to read RDB block 8 [ 612.209145][T22085] loop8: unable to read partition table [ 612.211133][T22085] loop8: partition table beyond EOD, truncated [ 612.224708][T32047] Dev loop8: unable to read RDB block 8 [ 612.227805][T32047] loop8: unable to read partition table [ 612.233813][T32047] loop8: partition table beyond EOD, truncated [ 612.240605][T32047] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 612.269735][T32051] netlink: 83 bytes leftover after parsing attributes in process `syz.9.11522'. [ 612.734803][T32067] bridge0: port 2(bridge_slave_1) entered disabled state [ 612.737574][T32067] bridge0: port 1(bridge_slave_0) entered disabled state [ 612.892878][ T5995] usb 13-1: new high-speed USB device number 22 using dummy_hcd [ 613.042911][ T5995] usb 13-1: Using ep0 maxpacket: 8 [ 613.046864][ T5995] usb 13-1: config index 0 descriptor too short (expected 301, got 45) [ 613.050565][ T5995] usb 13-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 613.054558][ T5995] usb 13-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 613.058544][ T5995] usb 13-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 613.063014][ T5995] usb 13-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 613.067444][ T5995] usb 13-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 613.070460][ T5995] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 613.205428][T32067] bridge_slave_0: left allmulticast mode [ 613.207301][T32067] bridge_slave_0: left promiscuous mode [ 613.209729][T32067] bridge0: port 1(bridge_slave_0) entered disabled state [ 613.281413][ T5995] usb 13-1: usb_control_msg returned -32 [ 613.286517][T32067] bridge_slave_1: left allmulticast mode [ 613.288385][T32067] bridge_slave_1: left promiscuous mode [ 613.290274][ T5995] usbtmc 13-1:16.0: can't read capabilities [ 613.292206][T32067] bridge0: port 2(bridge_slave_1) entered disabled state [ 613.433767][T32067] bond0: (slave bond_slave_0): Releasing backup interface [ 613.508667][T32067] bond0: (slave bond_slave_1): Releasing backup interface [ 613.583719][T32067] team0: Port device team_slave_0 removed [ 613.656480][T32067] team0: Port device team_slave_1 removed [ 613.660183][T32067] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 613.694627][T32067] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 613.749002][T32067] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 613.752497][T32067] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 613.835425][T32067] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 613.842002][T15611] usb 13-1: USB disconnect, device number 22 [ 613.884850][ T1021] usb 10-1: new high-speed USB device number 30 using dummy_hcd [ 614.034417][ T1021] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 614.038085][ T1021] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 614.041865][ T1021] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 614.046450][ T1021] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 614.049633][ T1021] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 614.056383][ T1021] usb 10-1: config 0 descriptor?? [ 614.260873][T32124] loop2: detected capacity change from 0 to 7 [ 614.265269][T32124] Dev loop2: unable to read RDB block 7 [ 614.267225][T32124] loop2: unable to read partition table [ 614.269144][T32124] loop2: partition table beyond EOD, truncated [ 614.271179][T32124] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 614.486716][ T1021] plantronics 0003:047F:FFFF.0018: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 615.606175][T32181] tipc: Started in network mode [ 615.608505][T32181] tipc: Node identity ac14140f, cluster identity 4711 [ 615.611499][T32181] tipc: New replicast peer: 255.255.255.255 [ 615.614662][T32181] tipc: Enabled bearer , priority 10 [ 616.273617][T32203] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11587'. [ 616.321777][T32208] netlink: 32 bytes leftover after parsing attributes in process `syz.3.11591'. [ 616.534156][ T24] usb 10-1: USB disconnect, device number 30 [ 616.692892][ T1021] usb 14-1: new high-speed USB device number 10 using dummy_hcd [ 616.742938][T14863] tipc: Node number set to 2886997007 [ 616.850267][ T1021] usb 14-1: Using ep0 maxpacket: 8 [ 616.853398][ T1021] usb 14-1: config index 0 descriptor too short (expected 301, got 45) [ 616.856079][ T1021] usb 14-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 616.859214][ T1021] usb 14-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 616.862576][ T1021] usb 14-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 616.871054][ T1021] usb 14-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 616.875614][ T1021] usb 14-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 616.878561][ T1021] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 616.933331][ T40] audit: type=1326 audit(1773733449.589:1610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32230 comm="syz.5.11601" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf705ef6c code=0x0 [ 617.648593][T32239] usbtmc 14-1:16.0: simple usb_control_msg failed -32 [ 617.654298][ T50] usb 14-1: USB disconnect, device number 10 [ 618.082890][T15611] usb 10-1: new high-speed USB device number 31 using dummy_hcd [ 618.234649][T15611] usb 10-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 618.238314][T15611] usb 10-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 618.241504][T15611] usb 10-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 618.244703][T15611] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 618.249401][T32243] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 618.253815][T15611] usb 10-1: Quirk or no altset; falling back to MIDI 1.0 [ 618.422849][ T1021] usb 14-1: new high-speed USB device number 11 using dummy_hcd [ 618.460501][T15611] usb 10-1: USB disconnect, device number 31 [ 618.572861][ T1021] usb 14-1: Using ep0 maxpacket: 8 [ 618.576110][ T1021] usb 14-1: config index 0 descriptor too short (expected 301, got 45) [ 618.579079][ T1021] usb 14-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 618.583734][ T1021] usb 14-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 618.587025][ T1021] usb 14-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 618.590346][ T1021] usb 14-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 618.594871][ T1021] usb 14-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 618.597765][ T1021] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 618.810196][ T1021] usb 14-1: GET_CAPABILITIES returned 0 [ 618.812134][ T1021] usbtmc 14-1:16.0: can't read capabilities [ 619.065837][T32250] usbtmc 14-1:16.0: INITIATE_ABORT_BULK_IN returned 0 [ 619.266683][ T1021] usb 14-1: USB disconnect, device number 11 [ 619.334697][T32267] input: syz1 as /devices/virtual/input/input71 [ 619.393152][ T24] kernel read not supported for file /swradio0 (pid: 24 comm: kworker/2:0) [ 619.402850][ T828] usb 13-1: new high-speed USB device number 23 using dummy_hcd [ 619.562900][ T828] usb 13-1: Using ep0 maxpacket: 8 [ 619.566631][ T828] usb 13-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 619.571182][ T828] usb 13-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 619.575263][ T828] usb 13-1: config 0 interface 0 has no altsetting 0 [ 619.577904][ T828] usb 13-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 619.581576][ T828] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 619.586711][ T828] usb 13-1: config 0 descriptor?? [ 619.612801][T32274] sock: sock_set_timeout: `syz.5.11619' (pid 32274) tries to set negative timeout [ 619.818676][T32286] netlink: 4 bytes leftover after parsing attributes in process `syz.5.11625'. [ 619.998459][T32293] netlink: 7 bytes leftover after parsing attributes in process `syz.5.11628'. [ 620.007820][ T828] hid_parser_main: 5 callbacks suppressed [ 620.007838][ T828] mcp2221 0003:04D8:00DD.0019: unknown main item tag 0x0 [ 620.022008][ T828] mcp2221 0003:04D8:00DD.0019: unknown main item tag 0x0 [ 620.026636][ T828] mcp2221 0003:04D8:00DD.0019: unknown main item tag 0x0 [ 620.029676][ T828] mcp2221 0003:04D8:00DD.0019: unknown main item tag 0x0 [ 620.032366][ T828] mcp2221 0003:04D8:00DD.0019: unknown main item tag 0x0 [ 620.035932][ T828] mcp2221 0003:04D8:00DD.0019: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.8-1/input0 [ 620.206025][ T828] usb 13-1: USB disconnect, device number 23 [ 620.735505][T32316] syzkaller1: entered promiscuous mode [ 620.737388][T32316] syzkaller1: entered allmulticast mode [ 620.959834][T32302] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 621.171161][T32332] netlink: 16 bytes leftover after parsing attributes in process `syz.9.11643'. [ 621.655790][T32323] bridge_slave_0: left allmulticast mode [ 621.661450][T32323] bridge_slave_0: left promiscuous mode [ 621.663995][T32323] bridge0: port 1(bridge_slave_0) entered disabled state [ 621.807055][T32323] bridge_slave_1: left allmulticast mode [ 621.808950][T32323] bridge_slave_1: left promiscuous mode [ 621.810888][T32323] bridge0: port 2(bridge_slave_1) entered disabled state [ 621.983655][T32323] bond0: (slave bond_slave_0): Releasing backup interface [ 622.103811][T32323] bond0: (slave bond_slave_1): Releasing backup interface [ 622.183930][T32323] team0: Port device team_slave_0 removed [ 622.243902][T32323] team0: Port device team_slave_1 removed [ 622.329060][T32323] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 622.351328][T32328] ip6_vti0 speed is unknown, defaulting to 1000 [ 624.166951][ T1021] IPVS: starting estimator thread 0... [ 624.170960][T32367] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 624.174281][T32367] tipc: Enabled bearer , priority 10 [ 624.263220][T32368] IPVS: using max 44 ests per chain, 105600 per kthread [ 624.302971][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 624.572923][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 624.865034][T32413] netlink: 51 bytes leftover after parsing attributes in process `syz.3.11677'. [ 624.964090][ T40] audit: type=1800 audit(1773733457.619:1611): pid=32422 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.11682" name="bus" dev="tmpfs" ino=2 res=0 errno=0 [ 625.103197][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 625.135310][T32436] ip6_vti0 speed is unknown, defaulting to 1000 [ 625.256912][T32442] ip6_vti0 speed is unknown, defaulting to 1000 [ 625.318069][T32458] loop3: detected capacity change from 0 to 4096 [ 625.442864][ T50] usb 10-1: new high-speed USB device number 32 using dummy_hcd [ 625.593805][ T50] usb 10-1: Using ep0 maxpacket: 8 [ 625.598147][ T50] usb 10-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 625.602598][ T50] usb 10-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 625.607510][ T50] usb 10-1: config 0 interface 0 has no altsetting 0 [ 625.610183][ T50] usb 10-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 625.614418][ T50] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 625.620911][ T50] usb 10-1: config 0 descriptor?? [ 625.760604][T32474] overlayfs: invalid origin (000000790066696c6530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) [ 626.032426][ T50] mcp2221 0003:04D8:00DD.001A: unknown main item tag 0x0 [ 626.034879][ T50] mcp2221 0003:04D8:00DD.001A: unknown main item tag 0x0 [ 626.037205][ T50] mcp2221 0003:04D8:00DD.001A: unknown main item tag 0x0 [ 626.039567][ T50] mcp2221 0003:04D8:00DD.001A: unknown main item tag 0x0 [ 626.041915][ T50] mcp2221 0003:04D8:00DD.001A: unknown main item tag 0x0 [ 626.044595][ T50] mcp2221 0003:04D8:00DD.001A: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.5-1/input0 [ 626.162841][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 626.237162][ T50] usb 10-1: USB disconnect, device number 32 [ 626.746249][T32500] bond2: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 626.773970][T32500] bond2 (unregistering): Released all slaves [ 627.202871][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 627.844023][T32570] netlink: 'syz.9.11745': attribute type 19 has an invalid length. [ 628.242880][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 628.297642][ T71] Bluetooth: hci2: Frame reassembly failed (-84) [ 628.303862][ T13] Bluetooth: hci2: received HCILL_GO_TO_SLEEP_ACK in state 0 [ 628.886482][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.003548][T32628] netlink: 212368 bytes leftover after parsing attributes in process `syz.8.11770'. [ 629.134850][T15611] usb 10-1: new high-speed USB device number 33 using dummy_hcd [ 629.282877][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 629.312843][T15611] usb 10-1: Using ep0 maxpacket: 32 [ 629.317231][T15611] usb 10-1: config index 0 descriptor too short (expected 156, got 27) [ 629.320498][T15611] usb 10-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 629.325654][T15611] usb 10-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 629.329351][T15611] usb 10-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 629.334566][T15611] usb 10-1: config 0 interface 0 has no altsetting 0 [ 629.338271][T15611] usb 10-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 629.341358][T15611] usb 10-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 629.344594][T15611] usb 10-1: Product: syz [ 629.346000][T15611] usb 10-1: Manufacturer: syz [ 629.347577][T15611] usb 10-1: SerialNumber: syz [ 629.350458][T15611] usb 10-1: config 0 descriptor?? [ 629.356445][T15611] ldusb 10-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 629.361355][T15611] ldusb 10-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 629.566102][T15611] usb 10-1: USB disconnect, device number 33 [ 629.568816][ C1] ldusb 10-1:0.0: usb_submit_urb failed (-19) [ 629.584151][T15611] ldusb 10-1:0.0: LD USB Device #0 now disconnected [ 630.322906][ T5299] Bluetooth: hci2: command 0x1003 tx timeout [ 630.325434][T30816] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 630.334865][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 630.675955][T32705] netlink: 4 bytes leftover after parsing attributes in process `syz.5.11804'. [ 630.803612][T32719] netlink: 428 bytes leftover after parsing attributes in process `syz.5.11812'. [ 630.807467][T32719] netlink: 32 bytes leftover after parsing attributes in process `syz.5.11812'. [ 631.011691][ T24] kernel read not supported for file /input/event0 (pid: 24 comm: kworker/2:0) [ 631.362889][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 631.414323][T32747] syzkaller1: entered promiscuous mode [ 631.416780][T32747] syzkaller1: entered allmulticast mode [ 631.949846][ T312] netlink: 36 bytes leftover after parsing attributes in process `syz.3.11839'. [ 631.960996][ T314] macvlan0: left promiscuous mode [ 631.963716][ T314] netlink: 'syz.8.11840': attribute type 1 has an invalid length. [ 631.966324][ T314] netlink: 'syz.8.11840': attribute type 2 has an invalid length. [ 632.001168][ T318] Bluetooth: hci0: load_link_keys: expected 3 bytes, got 7 bytes [ 632.312828][ T29] kernel read not supported for file /dsp1 (pid: 29 comm: kworker/1:0) [ 632.356698][ T338] syzkaller1: entered promiscuous mode [ 632.358997][ T338] syzkaller1: entered allmulticast mode [ 632.403010][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 632.690714][ T353] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 632.985796][ T358] netdevsim netdevsim8 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 632.989877][ T358] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 633.010510][ T5299] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 633.017646][ T5299] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 633.021771][ T5299] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 633.026008][ T5299] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 633.029664][ T5299] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 633.064111][ T366] ip6_vti0 speed is unknown, defaulting to 1000 [ 633.182809][ T24] usb 10-1: new high-speed USB device number 34 using dummy_hcd [ 633.284033][ T358] netdevsim netdevsim8 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 633.287357][ T358] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 633.332997][ T24] usb 10-1: Using ep0 maxpacket: 8 [ 633.335921][ T24] usb 10-1: config index 0 descriptor too short (expected 301, got 45) [ 633.338525][ T24] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 633.341685][ T24] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 633.345101][ T24] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 633.348226][ T24] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 633.352579][ T24] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 633.355924][ T24] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 633.442945][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 633.533874][ T358] netdevsim netdevsim8 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 633.538040][ T358] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 633.655667][ T1252] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 633.690287][ T366] chnl_net:caif_netlink_parms(): no params data found [ 634.046713][ T358] netdevsim netdevsim8 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 634.051378][ T358] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 634.116938][ T378] usbtmc 10-1:16.0: simple usb_control_msg returned 0 [ 634.123122][ T366] bridge0: port 1(bridge_slave_0) entered blocking state [ 634.126408][ T366] bridge0: port 1(bridge_slave_0) entered disabled state [ 634.129549][ T366] bridge_slave_0: entered allmulticast mode [ 634.133815][ T366] bridge_slave_0: entered promiscuous mode [ 634.137632][ T366] bridge0: port 2(bridge_slave_1) entered blocking state [ 634.140024][ T366] bridge0: port 2(bridge_slave_1) entered disabled state [ 634.142446][ T366] bridge_slave_1: entered allmulticast mode [ 634.145266][ T366] bridge_slave_1: entered promiscuous mode [ 634.166085][ T366] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 634.171340][ T366] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 634.186572][ T366] team0: Port device team_slave_0 added [ 634.188936][ T380] netlink: 264 bytes leftover after parsing attributes in process `syz.3.11869'. [ 634.189730][ T366] team0: Port device team_slave_1 added [ 634.193206][ T380] netlink: 16 bytes leftover after parsing attributes in process `syz.3.11869'. [ 634.198705][ T380] netlink: 264 bytes leftover after parsing attributes in process `syz.3.11869'. [ 634.206290][ T366] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 634.208688][ T366] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 634.218598][ T366] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 634.225636][ T366] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 634.228427][ T366] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 634.236958][ T366] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 634.264830][ T366] hsr_slave_0: entered promiscuous mode [ 634.268247][ T366] hsr_slave_1: entered promiscuous mode [ 634.271986][ T366] debugfs: 'hsr0' already exists in 'hsr' [ 634.274645][ T366] Cannot create hsr debugfs directory [ 634.318881][ T5943] usb 10-1: USB disconnect, device number 34 [ 634.482882][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 634.593590][ T1252] netdevsim netdevsim8 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 634.597164][ T1252] netdevsim netdevsim8 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 634.600687][ T1252] netdevsim netdevsim8 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 634.609607][ T1252] netdevsim netdevsim8 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 634.619282][ T71] netdevsim netdevsim8 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 634.622112][ T71] netdevsim netdevsim8 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 634.820789][ T12] netdevsim netdevsim8 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 634.824927][ T12] netdevsim netdevsim8 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 635.126954][T30816] Bluetooth: hci2: command tx timeout [ 635.522803][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 635.640336][ T441] syzkaller1: entered promiscuous mode [ 635.648843][ T441] syzkaller1: entered allmulticast mode [ 635.659865][ T457] tun0: tun_chr_ioctl cmd 1074025675 [ 635.661704][ T457] tun0: persist enabled [ 635.663995][ T457] tun0: tun_chr_ioctl cmd 1074025675 [ 635.665944][ T457] tun0: persist disabled [ 635.972872][ T5363] block nbd2: Possible stuck request ffff8880278e0000: control (read@0,4096B). Runtime 60 seconds [ 636.116284][ T366] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 636.151523][ T366] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 636.176934][ T485] can0: slcan on ttyS3. [ 636.177254][ T366] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 636.182085][ T492] Invalid argument reading file caps for ./file0 [ 636.216908][ T366] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 636.378731][ T485] can0 (unregistered): slcan off ttyS3. [ 636.396001][ T366] 8021q: adding VLAN 0 to HW filter on device bond0 [ 636.426451][T14463] hid-generic 0005:15C2:5508.001B: item fetching failed at offset 0/9 [ 636.428471][ T366] 8021q: adding VLAN 0 to HW filter on device team0 [ 636.429427][T14463] hid-generic 0005:15C2:5508.001B: probe with driver hid-generic failed with error -22 [ 636.442055][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 636.444558][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 636.458599][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 636.460950][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 636.562900][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 636.563377][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 636.566907][ T366] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 637.212937][T30816] Bluetooth: hci2: command tx timeout [ 637.339974][ T366] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 637.361425][ T366] veth0_vlan: entered promiscuous mode [ 637.383681][ T570] Bluetooth: MGMT ver 1.23 [ 637.523050][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 637.612862][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 637.935483][ T366] veth1_vlan: entered promiscuous mode [ 637.963171][ T366] veth0_macvtap: entered promiscuous mode [ 637.967332][ T366] veth1_macvtap: entered promiscuous mode [ 637.976119][ T366] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 637.982998][ T366] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 637.988741][ T46] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 637.992277][ T46] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 638.003942][ T46] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 638.007104][ T46] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 638.376155][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 638.378742][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 638.394657][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 638.397389][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 638.483630][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 638.546803][ T600] netlink: 'syz.1.11864': attribute type 4 has an invalid length. [ 638.562873][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 638.643280][T14463] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 638.652865][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 639.178267][ T5943] kernel read not supported for file /dsp (pid: 5943 comm: kworker/0:3) [ 639.243950][ T613] netlink: 4 bytes leftover after parsing attributes in process `syz.8.11930'. [ 639.249649][ T613] netlink: 24 bytes leftover after parsing attributes in process `syz.8.11930'. [ 639.293131][T30816] Bluetooth: hci2: command tx timeout [ 639.465260][ T620] can0: slcan on ttyS3. [ 639.602846][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 639.606459][ T620] can0 (unregistered): slcan off ttyS3. [ 639.833276][ T1021] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 640.642912][ C1] net_ratelimit: 5 callbacks suppressed [ 640.642970][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 640.722985][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 640.726414][T14463] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 641.043325][ T103] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 641.047795][T14849] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 641.054230][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 641.363102][T30816] Bluetooth: hci2: command tx timeout [ 641.442920][ T618] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 641.443404][T30816] Bluetooth: hci3: command 0x0c1a tx timeout [ 641.682996][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 641.762831][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 641.763216][T15611] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 642.323305][ T209] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 642.347777][ T618] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 642.405615][ T618] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 642.407694][ T618] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 642.495892][ T618] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 643.146093][ T719] netlink: 212336 bytes leftover after parsing attributes in process `syz.5.11963'. [ 643.522792][T30816] Bluetooth: hci1: command 0x0c1a tx timeout [ 644.009744][ T768] tap1: tun_chr_ioctl cmd 1074025681 [ 644.012208][ T768] tap1: tun_chr_ioctl cmd 1074025681 [ 644.485604][T30816] Bluetooth: hci2: command 0x0c1a tx timeout [ 644.743090][ T780] netlink: 8 bytes leftover after parsing attributes in process `syz.5.11990'. [ 644.751635][ T780] netlink: 8 bytes leftover after parsing attributes in process `syz.5.11990'. [ 645.045218][ T828] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 645.220405][ T808] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.12000'. [ 645.224405][ T828] usb 6-1: Using ep0 maxpacket: 8 [ 645.229161][ T828] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 645.231873][ T828] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 645.236114][ T828] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 645.249520][ T828] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 645.252823][ T828] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 645.257851][ T828] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 645.261048][ T828] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 645.474040][ T828] usb 6-1: GET_CAPABILITIES returned 0 [ 645.475871][ T828] usbtmc 6-1:16.0: can't read capabilities [ 645.673787][ T825] netlink: 4 bytes leftover after parsing attributes in process `syz.3.12007'. [ 645.728750][ T788] usbtmc 6-1:16.0: INITIATE_ABORT_BULK_IN returned 0 [ 645.852883][ C1] net_ratelimit: 12 callbacks suppressed [ 645.852896][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 645.873343][ T825] team0: Port device team_slave_0 removed [ 645.922850][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 645.932302][T14863] usb 6-1: USB disconnect, device number 5 [ 645.935196][T14463] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 646.473148][ T850] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12015'. [ 646.562841][T30816] Bluetooth: hci2: command 0x0c1a tx timeout [ 646.592891][ T850] hsr_slave_0: left promiscuous mode [ 646.608857][ T852] netlink: 44 bytes leftover after parsing attributes in process `syz.3.12016'. [ 646.632867][ T850] hsr_slave_1: left promiscuous mode [ 646.661916][ T853] netlink: 44 bytes leftover after parsing attributes in process `syz.3.12016'. [ 646.804209][ T103] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 646.808258][ T103] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 646.812141][T14463] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 646.815976][T14863] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 646.882918][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 646.963013][T14463] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 646.963115][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 646.974662][ T852] bridge0: port 2(bridge_slave_1) entered disabled state [ 646.977924][ T852] bridge0: port 1(bridge_slave_0) entered disabled state [ 647.336403][ T867] hugetlbfs: syz.3.12021 (867): Using mlock ulimits for SHM_HUGETLB is obsolete [ 648.465653][ T24] usb 13-1: new high-speed USB device number 24 using dummy_hcd [ 648.622778][ T24] usb 13-1: Using ep0 maxpacket: 8 [ 648.642793][T30816] Bluetooth: hci2: command 0x0c1a tx timeout [ 648.643285][ T24] usb 13-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 648.647735][ T24] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 648.650369][ T24] usb 13-1: Product: syz [ 648.651760][ T24] usb 13-1: Manufacturer: syz [ 648.653970][ T24] usb 13-1: SerialNumber: syz [ 648.663993][ T24] usb 13-1: config 0 descriptor?? [ 648.874522][ T24] usb 13-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 648.882351][ T24] dvb_usb_rtl28xxu 13-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 648.890191][ T24] usb 13-1: USB disconnect, device number 24 [ 649.564647][ T976] dvmrp0: entered allmulticast mode [ 649.646241][ T987] netlink: 212368 bytes leftover after parsing attributes in process `syz.8.12064'. [ 650.693700][ T828] usb 13-1: new full-speed USB device number 25 using dummy_hcd [ 650.864554][ T828] usb 13-1: config 0 has no interfaces? [ 650.874155][ T828] usb 13-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 650.877885][ T828] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 650.881056][ T828] usb 13-1: Product: syz [ 650.883001][ T828] usb 13-1: Manufacturer: syz [ 650.884994][ T828] usb 13-1: SerialNumber: syz [ 650.893772][ T828] usb 13-1: config 0 descriptor?? [ 651.042888][ C1] net_ratelimit: 14 callbacks suppressed [ 651.042901][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 651.112771][T31036] usb 13-1: USB disconnect, device number 25 [ 651.122971][T14463] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 651.123117][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 651.733878][ T828] usb 10-1: new high-speed USB device number 35 using dummy_hcd [ 651.844932][ T1067] netlink: 4 bytes leftover after parsing attributes in process `syz.8.12098'. [ 651.892990][ T828] usb 10-1: Using ep0 maxpacket: 8 [ 651.899128][ T828] usb 10-1: config index 0 descriptor too short (expected 74, got 45) [ 651.903277][ T828] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 651.907924][ T828] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 651.912096][ T828] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024 [ 651.917570][ T828] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 651.922088][ T828] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 651.928777][ T828] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 651.933008][ T828] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 652.041984][ T1076] ipvlan2: entered promiscuous mode [ 652.043826][ T1076] ipvlan2: entered allmulticast mode [ 652.045708][ T1076] macvlan0: entered allmulticast mode [ 652.047457][ T1076] veth1_vlan: entered allmulticast mode [ 652.061234][ T1076] ipvlan3: entered promiscuous mode [ 652.063354][ T1076] ipvlan3: entered allmulticast mode [ 652.082906][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 652.149450][ T828] usb 10-1: usb_control_msg returned -32 [ 652.151337][ T828] usbtmc 10-1:16.0: can't read capabilities [ 652.163066][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 652.167788][T14463] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 652.500759][ T1134] usbtmc 10-1:16.0: stb usb_control_msg returned -32 [ 652.505056][T14463] usb 10-1: USB disconnect, device number 35 [ 652.563301][ T59] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 652.566817][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 652.569876][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 652.572589][T31036] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 652.698608][ T1152] netlink: 92 bytes leftover after parsing attributes in process `syz.3.12111'. [ 652.762307][ T1157] overlayfs: workdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 652.891603][ T1174] netlink: 20 bytes leftover after parsing attributes in process `syz.8.12115'. [ 653.286520][ T1209] netlink: 12 bytes leftover after parsing attributes in process `syz.5.12127'. [ 653.953137][ T1247] netlink: 212916 bytes leftover after parsing attributes in process `syz.8.12143'. [ 654.395267][ T29] usb 13-1: new high-speed USB device number 26 using dummy_hcd [ 654.564919][ T29] usb 13-1: too many configurations: 9, using maximum allowed: 8 [ 654.572835][ T29] usb 13-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 654.576084][ T29] usb 13-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 654.579703][ T29] usb 13-1: config 0 interface 0 has no altsetting 0 [ 654.583256][ T29] usb 13-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 654.586430][ T29] usb 13-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 654.591015][ T29] usb 13-1: config 0 interface 0 has no altsetting 0 [ 654.597318][ T29] usb 13-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 654.601123][ T29] usb 13-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 654.605795][ T29] usb 13-1: config 0 interface 0 has no altsetting 0 [ 654.610143][ T29] usb 13-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 654.614670][ T29] usb 13-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 654.618561][ T29] usb 13-1: config 0 interface 0 has no altsetting 0 [ 654.623472][ T29] usb 13-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 654.627051][ T29] usb 13-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 654.631772][ T29] usb 13-1: config 0 interface 0 has no altsetting 0 [ 654.635736][ T29] usb 13-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 654.639312][ T29] usb 13-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 654.643843][ T29] usb 13-1: config 0 interface 0 has no altsetting 0 [ 654.647419][ T29] usb 13-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 654.651359][ T29] usb 13-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 654.656738][ T29] usb 13-1: config 0 interface 0 has no altsetting 0 [ 654.660413][ T29] usb 13-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 654.664615][ T29] usb 13-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 654.669363][ T29] usb 13-1: config 0 interface 0 has no altsetting 0 [ 654.674564][ T29] usb 13-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 654.678326][ T29] usb 13-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 654.681533][ T29] usb 13-1: Product: syz [ 654.683146][ T29] usb 13-1: Manufacturer: syz [ 654.684732][ T29] usb 13-1: SerialNumber: syz [ 654.687838][ T29] usb 13-1: config 0 descriptor?? [ 654.696489][ T29] yurex 13-1:0.0: USB YUREX device now attached to Yurex #0 [ 654.872157][ T1305] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 40 [ 655.008989][ C1] usb 13-1: yurex_control_callback - control failed: -71 [ 655.014371][ T29] usb 13-1: USB disconnect, device number 26 [ 655.017990][ T29] yurex 13-1:0.0: USB YUREX #0 now disconnected [ 655.421075][ T1326] netlink: 'syz.1.12176': attribute type 4 has an invalid length. [ 655.423807][ T1326] netlink: 240 bytes leftover after parsing attributes in process `syz.1.12176'. [ 656.196820][ T1342] netlink: 20 bytes leftover after parsing attributes in process `syz.8.12185'. [ 656.242890][ C1] net_ratelimit: 13 callbacks suppressed [ 656.242908][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 656.243570][T10999] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 656.306764][ T1353] netlink: 92 bytes leftover after parsing attributes in process `syz.1.12188'. [ 656.322868][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 656.323651][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 656.836223][ T1371] netlink: 'syz.5.12194': attribute type 1 has an invalid length. [ 656.848271][ T1371] bond1: entered promiscuous mode [ 656.850419][ T1371] 8021q: adding VLAN 0 to HW filter on device bond1 [ 656.953651][ T1371] 8021q: adding VLAN 0 to HW filter on device bond1 [ 656.956320][ T1371] bond1: (slave gre1): The slave device specified does not support setting the MAC address [ 656.959928][ T1371] bond1: (slave gre1): Setting fail_over_mac to active for active-backup mode [ 656.966327][ T1371] bond1: (slave gre1): making interface the new active one [ 656.968765][ T1371] gre1: entered promiscuous mode [ 656.971145][ T1371] bond1: (slave gre1): Enslaving as an active interface with an up link [ 657.054134][ T59] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 657.292853][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 657.301733][ T1399] netlink: 'syz.5.12208': attribute type 13 has an invalid length. [ 657.362915][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 657.362945][T14463] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 657.693419][ T209] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 657.697301][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 657.851160][ T40] audit: type=1326 audit(1773733490.499:1612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1376 comm="syz.1.12206" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703ef6c code=0x7fc00000 [ 658.141575][ T1421] netlink: 12 bytes leftover after parsing attributes in process `syz.5.12215'. [ 658.145433][ T1421] netlink: 12 bytes leftover after parsing attributes in process `syz.5.12215'. [ 658.186584][ T1425] netlink: 68 bytes leftover after parsing attributes in process `syz.5.12218'. [ 658.902837][T10999] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 659.064176][T10999] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 659.067794][T10999] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 659.071215][T10999] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 659.074830][T10999] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 659.078805][T10999] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 659.081609][T10999] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 659.090574][T10999] usb 6-1: config 0 descriptor?? [ 659.314287][ T1452] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.12229'. [ 659.509632][T10999] plantronics 0003:047F:FFFF.001C: ignoring exceeding usage max [ 659.522355][T10999] plantronics 0003:047F:FFFF.001C: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 660.482917][ T5953] Bluetooth: hci4: command 0x1003 tx timeout [ 660.482949][T30816] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 660.554828][ T40] audit: type=1804 audit(1773733493.199:1613): pid=1471 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.12237" name="/newroot/504/file0/file0" dev="9p" ino=71827811 res=1 errno=0 [ 660.642904][ T1473] geneve2: entered promiscuous mode [ 661.174795][ T1488] netlink: 'syz.8.12246': attribute type 3 has an invalid length. [ 661.442966][ C1] net_ratelimit: 1041 callbacks suppressed [ 661.442984][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 661.522885][T30816] Bluetooth: hci5: command 0x1003 tx timeout [ 661.522911][ T5299] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 661.523501][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 661.526231][T14463] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 661.531250][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 661.541229][ T1147] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 661.594942][ T828] usb 6-1: USB disconnect, device number 6 [ 661.930013][ T1512] geneve2: entered promiscuous mode [ 661.931885][ T1512] geneve2: entered allmulticast mode [ 662.123699][ T1514] netlink: 'syz.3.12256': attribute type 13 has an invalid length. [ 662.482835][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 662.514620][T14463] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 662.562819][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 662.563306][T14463] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 662.645524][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 663.130631][ T1552] netlink: 'syz.5.12271': attribute type 2 has an invalid length. [ 663.731138][ T59] netdevsim netdevsim8 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 663.738322][ T59] netdevsim netdevsim8 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 663.806850][ T1573] syzkaller1: entered promiscuous mode [ 663.809851][ T1573] syzkaller1: entered allmulticast mode [ 663.867929][T30816] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 663.874954][T30816] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 663.879282][T30816] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 663.885006][T30816] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 663.890029][T30816] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 664.346586][ T59] netdevsim netdevsim8 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 664.351037][ T59] netdevsim netdevsim8 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 664.625489][ T59] netdevsim netdevsim8 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 664.629887][ T59] netdevsim netdevsim8 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 664.679188][ T1585] ip6_vti0 speed is unknown, defaulting to 1000 [ 664.682920][ T1252] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 664.683911][ T1597] netlink: 'syz.1.12290': attribute type 11 has an invalid length. [ 664.690495][ T1597] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12290'. [ 664.745610][ T59] netdevsim netdevsim8 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 664.749958][ T59] netdevsim netdevsim8 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 664.923263][ T1585] chnl_net:caif_netlink_parms(): no params data found [ 664.983286][ T1585] bridge0: port 1(bridge_slave_0) entered blocking state [ 664.985641][ T1585] bridge0: port 1(bridge_slave_0) entered disabled state [ 664.988051][ T1585] bridge_slave_0: entered allmulticast mode [ 664.992338][ T1585] bridge_slave_0: entered promiscuous mode [ 665.000387][ T1585] bridge0: port 2(bridge_slave_1) entered blocking state [ 665.002814][ T1585] bridge0: port 2(bridge_slave_1) entered disabled state [ 665.005398][ T1585] bridge_slave_1: entered allmulticast mode [ 665.009281][ T1585] bridge_slave_1: entered promiscuous mode [ 665.147263][ T1585] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 665.166991][ T1585] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 665.195560][ T1585] team0: Port device team_slave_0 added [ 665.200704][ T1585] team0: Port device team_slave_1 added [ 665.642846][ T24] usb 10-1: new high-speed USB device number 36 using dummy_hcd [ 665.711709][ T209] smc: removing ib device syz2 [ 665.805483][ T24] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 665.810408][ T24] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 665.821599][ T24] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 665.826072][ T24] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 665.829028][ T24] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 665.837721][ T24] usb 10-1: config 0 descriptor?? [ 665.922899][ T5299] Bluetooth: hci3: command tx timeout [ 666.032625][ T59] dvmrp0 (unregistering): left allmulticast mode [ 666.043154][ T5363] block nbd2: Possible stuck request ffff8880278e0000: control (read@0,4096B). Runtime 90 seconds [ 666.219311][ T59] bond0 (unregistering): Released all slaves [ 666.229621][ T59] bond1 (unregistering): Released all slaves [ 666.257560][ T24] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0 [ 666.259977][ T24] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0 [ 666.264662][ T24] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0 [ 666.267228][ T24] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0 [ 666.269649][ T24] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0 [ 666.273025][ T24] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0 [ 666.275803][ T24] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0 [ 666.278944][ T24] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0 [ 666.282250][ T24] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0 [ 666.286260][ T24] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0 [ 666.294990][ T1585] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 666.298472][ T24] plantronics 0003:047F:FFFF.001D: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 666.299281][ T1585] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 666.315183][ T1585] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 666.526279][T14849] usb 10-1: USB disconnect, device number 36 [ 666.587779][ T1632] geneve2: entered promiscuous mode [ 666.589604][ T1632] geneve2: entered allmulticast mode [ 666.643632][ C1] net_ratelimit: 13 callbacks suppressed [ 666.643652][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 666.654905][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 666.722815][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 666.725524][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 666.908481][ T1585] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 666.911443][ T1585] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 666.920176][ T1585] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 667.107432][ T1585] hsr_slave_0: entered promiscuous mode [ 667.110260][ T1585] hsr_slave_1: entered promiscuous mode [ 667.112552][ T1585] debugfs: 'hsr0' already exists in 'hsr' [ 667.114808][ T1585] Cannot create hsr debugfs directory [ 667.283828][ T1147] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 667.459398][ T1669] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 667.682894][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 667.763030][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 667.763189][T14463] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 667.924271][ T103] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 668.013110][ T5299] Bluetooth: hci3: command tx timeout [ 668.016811][ T1679] netlink: 40 bytes leftover after parsing attributes in process `syz.3.12320'. [ 668.742959][ T59] hsr_slave_0: left promiscuous mode [ 668.743786][ T1706] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12330'. [ 668.782981][ T59] hsr_slave_1: left promiscuous mode [ 668.823081][ T59] veth1_macvtap: left promiscuous mode [ 668.824972][ T59] veth0_macvtap: left promiscuous mode [ 668.826817][ T59] veth1_vlan: left promiscuous mode [ 668.828512][ T59] veth0_vlan: left promiscuous mode [ 670.094463][ T5299] Bluetooth: hci3: command tx timeout [ 670.144383][ T1585] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 670.205414][ T1585] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 670.239580][ T1585] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 670.275244][ T1585] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 670.502754][ T1585] 8021q: adding VLAN 0 to HW filter on device bond0 [ 670.510245][ T1585] 8021q: adding VLAN 0 to HW filter on device team0 [ 670.546890][ T1252] bridge0: port 1(bridge_slave_0) entered blocking state [ 670.550012][ T1252] bridge0: port 1(bridge_slave_0) entered forwarding state [ 670.561363][ T1252] bridge0: port 2(bridge_slave_1) entered blocking state [ 670.563786][ T1252] bridge0: port 2(bridge_slave_1) entered forwarding state [ 670.687111][ T1585] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 670.715955][ T1585] veth0_vlan: entered promiscuous mode [ 670.721468][ T1585] veth1_vlan: entered promiscuous mode [ 670.748463][ T1585] veth0_macvtap: entered promiscuous mode [ 670.752584][ T1585] veth1_macvtap: entered promiscuous mode [ 670.764414][ T1585] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 670.771753][ T1585] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 670.783608][ T1252] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 670.787221][ T1252] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 670.790160][ T1252] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 670.844456][ T1252] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 670.959654][ T1252] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 670.968755][ T1252] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 670.987931][ T1252] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 670.990744][ T1252] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 671.661095][ T1860] ceph: No mds server is up or the cluster is laggy [ 671.738597][ T40] audit: type=1326 audit(1773733504.389:1614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1879 comm="syz.0.12375" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf703ef6c code=0x0 [ 671.755829][ T1885] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.12377'. [ 671.843356][ C1] net_ratelimit: 13 callbacks suppressed [ 671.843375][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 671.927386][T14463] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 671.937803][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 671.942538][ T1904] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.12384'. [ 672.172852][ T5299] Bluetooth: hci3: command tx timeout [ 672.403569][ T209] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 672.882890][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 672.888133][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 672.963214][T14463] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 672.972789][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 673.050668][ T209] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 673.053591][ T1252] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 673.799261][ T40] audit: type=1326 audit(1773733506.449:1615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2007 comm="syz.3.12420" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 673.807939][ T40] audit: type=1326 audit(1773733506.449:1616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2007 comm="syz.3.12420" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 673.817411][ T40] audit: type=1326 audit(1773733506.449:1617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2007 comm="syz.3.12420" exe="/syz-executor" sig=0 arch=40000003 syscall=374 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 673.834905][ T40] audit: type=1326 audit(1773733506.449:1618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2007 comm="syz.3.12420" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 673.855578][ T40] audit: type=1326 audit(1773733506.449:1619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2007 comm="syz.3.12420" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 673.865026][ T40] audit: type=1326 audit(1773733506.449:1620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2007 comm="syz.3.12420" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 673.882187][ T40] audit: type=1326 audit(1773733506.449:1621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2007 comm="syz.3.12420" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 673.892942][ T40] audit: type=1326 audit(1773733506.449:1622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2007 comm="syz.3.12420" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 673.901408][ T40] audit: type=1326 audit(1773733506.449:1623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2007 comm="syz.3.12420" exe="/syz-executor" sig=0 arch=40000003 syscall=125 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 674.129097][ T2029] loop2: detected capacity change from 0 to 7 [ 674.132140][ T2029] Dev loop2: unable to read RDB block 7 [ 674.134420][ T2029] loop2: AHDI p1 p2 [ 674.135720][ T2029] loop2: partition table partially beyond EOD, truncated [ 674.138562][ T2029] loop2: p1 start 1818582900 is beyond EOD, truncated [ 674.185630][T22087] udevd[22087]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 674.743914][ T2076] netlink: 36 bytes leftover after parsing attributes in process `syz.1.12447'. [ 674.760701][ T2078] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input73 [ 674.880312][ T2083] 9p: Unknown uid 00000000004294967295 [ 675.391330][ T2105] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 675.394580][ T2105] IPv6: NLM_F_CREATE should be set when creating new route [ 675.463646][ T2101] all (unregistering): Released all slaves [ 675.581826][T30816] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 675.593713][T30816] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 675.598052][T30816] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 675.602273][T30816] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 675.613348][T30816] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 675.865536][ T2116] chnl_net:caif_netlink_parms(): no params data found [ 675.891267][ T2149] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 675.893745][ T2149] IPv6: NLM_F_CREATE should be set when creating new route [ 676.033202][ T39] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 676.035692][ T2161] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input74 [ 676.183466][ T39] usb 6-1: Using ep0 maxpacket: 16 [ 676.225701][ T39] usb 6-1: unable to get BOS descriptor or descriptor too short [ 676.228904][ T39] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 676.233482][ T39] usb 6-1: can't read configurations, error -71 [ 676.412196][ T1147] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 676.464259][ T2116] bridge0: port 1(bridge_slave_0) entered blocking state [ 676.467496][ T2116] bridge0: port 1(bridge_slave_0) entered disabled state [ 676.470744][ T2116] bridge_slave_0: entered allmulticast mode [ 676.473715][ T2116] bridge_slave_0: entered promiscuous mode [ 676.477300][ T2116] bridge0: port 2(bridge_slave_1) entered blocking state [ 676.479714][ T2116] bridge0: port 2(bridge_slave_1) entered disabled state [ 676.482213][ T2116] bridge_slave_1: entered allmulticast mode [ 676.485232][ T2116] bridge_slave_1: entered promiscuous mode [ 676.928768][ T1147] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 676.973428][ T2175] netlink: 'syz.1.12491': attribute type 12 has an invalid length. [ 676.976985][ T2175] netlink: 'syz.1.12491': attribute type 10 has an invalid length. [ 676.980451][ T2175] netlink: 148 bytes leftover after parsing attributes in process `syz.1.12491'. [ 677.001832][ T2116] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 677.009019][ T2116] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 677.042945][ C1] net_ratelimit: 13 callbacks suppressed [ 677.042958][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 677.057038][ T2116] team0: Port device team_slave_0 added [ 677.089411][ T40] kauditd_printk_skb: 4 callbacks suppressed [ 677.089427][ T40] audit: type=1326 audit(1773733509.739:1628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2191 comm="syz.0.12497" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf703ef6c code=0x0 [ 677.118877][ T2190] serio: Serial port ptm0 [ 677.122861][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 677.186005][ T1147] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 677.224087][ T2116] team0: Port device team_slave_1 added [ 677.238982][ T2116] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 677.241364][ T2116] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 677.250298][ T2116] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 677.255350][ T2116] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 677.257603][ T2116] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 677.266199][ T2116] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 677.424716][ T1147] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 677.433087][T14849] usb 6-1: new full-speed USB device number 9 using dummy_hcd [ 677.487139][ T2116] hsr_slave_0: entered promiscuous mode [ 677.490009][ T2116] hsr_slave_1: entered promiscuous mode [ 677.599937][T14849] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 677.603689][T14849] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 677.608688][T14849] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 677.612549][T14849] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 677.682863][T30816] Bluetooth: hci1: command tx timeout [ 677.826002][T14849] usb 6-1: usb_control_msg returned -32 [ 677.827856][T14849] usbtmc 6-1:16.0: can't read capabilities [ 678.082861][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 678.119489][ T2238] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.12514'. [ 678.153583][ T2240] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.12515'. [ 678.162910][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 678.173623][ T103] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 678.263246][ T2227] syzkaller1: entered promiscuous mode [ 678.265296][ T2227] syzkaller1: entered allmulticast mode [ 678.391440][T27547] usb 6-1: USB disconnect, device number 9 [ 678.513146][ T1147] bridge_slave_1: left allmulticast mode [ 678.515596][ T1147] bridge_slave_1: left promiscuous mode [ 678.518195][ T1147] bridge0: port 2(bridge_slave_1) entered disabled state [ 678.553415][ T2264] netlink: 'syz.5.12521': attribute type 11 has an invalid length. [ 678.603422][ T1147] bridge_slave_0: left allmulticast mode [ 678.605341][ T1147] bridge_slave_0: left promiscuous mode [ 678.607514][ T1147] bridge0: port 1(bridge_slave_0) entered disabled state [ 678.803701][ T103] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 678.806511][ T209] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 679.132886][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 679.205283][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 679.450513][ T2290] netlink: 'syz.0.12530': attribute type 83 has an invalid length. [ 679.472922][ T1147] bond0 (unregistering): left promiscuous mode [ 679.475297][ T1147] bond_slave_0: left promiscuous mode [ 679.477353][ T1147] bond_slave_1: left promiscuous mode [ 679.533447][ T1147] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 679.573228][ T1147] bond_slave_0: left allmulticast mode [ 679.613892][ T1147] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 679.653483][ T1147] bond_slave_1: left allmulticast mode [ 679.656005][ T1147] bond0 (unregistering): Released all slaves [ 679.661097][ T1147] bond1 (unregistering): Released all slaves [ 679.701520][ T2284] sit0: entered promiscuous mode [ 679.709462][ T2284] netlink: 'syz.1.12527': attribute type 1 has an invalid length. [ 679.714636][ T2284] netlink: 1 bytes leftover after parsing attributes in process `syz.1.12527'. [ 679.734522][ T2300] Bluetooth: hci0: load_link_keys: too big key_count value 53767 [ 679.766019][T30816] Bluetooth: hci1: command tx timeout [ 680.162920][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 680.994259][ T1147] dummy0: left promiscuous mode [ 681.160712][ T1147] hsr_slave_0: left promiscuous mode [ 681.197227][ T1147] hsr_slave_1: left promiscuous mode [ 681.199556][ T1147] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 681.204687][ T1147] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 681.233932][ T1147] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 681.237019][ T1147] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 681.333338][ T1147] veth1_macvtap: left promiscuous mode [ 681.335699][ T1147] veth0_macvtap: left promiscuous mode [ 681.338180][ T1147] veth1_vlan: left promiscuous mode [ 681.340716][ T1147] veth0_vlan: left promiscuous mode [ 681.843726][T30816] Bluetooth: hci1: command tx timeout [ 682.063362][ T1147] team0 (unregistering): Port device team_slave_1 removed [ 682.242931][ C1] net_ratelimit: 3 callbacks suppressed [ 682.242977][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 682.333034][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 682.862923][ T5299] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 682.866928][ T5299] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 682.870115][ T5299] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 682.870188][ T2387] netlink: 212348 bytes leftover after parsing attributes in process `syz.5.12560'. [ 682.875377][ T5299] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 682.880272][ T5299] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 682.983624][ T2390] netlink: 'syz.5.12561': attribute type 10 has an invalid length. [ 683.035132][ T2116] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 683.087469][ T2116] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 683.147032][ T2116] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 683.190496][ T2116] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 683.218304][ T2406] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 683.283505][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 683.363074][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 683.367959][ T2116] 8021q: adding VLAN 0 to HW filter on device bond0 [ 683.381051][ T2384] chnl_net:caif_netlink_parms(): no params data found [ 683.390328][ T2116] 8021q: adding VLAN 0 to HW filter on device team0 [ 683.419860][ T103] bridge0: port 1(bridge_slave_0) entered blocking state [ 683.422940][ T103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 683.437296][ T103] bridge0: port 2(bridge_slave_1) entered blocking state [ 683.440279][ T103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 683.550967][ T2384] bridge0: port 1(bridge_slave_0) entered blocking state [ 683.554771][ T2384] bridge0: port 1(bridge_slave_0) entered disabled state [ 683.558093][ T2384] bridge_slave_0: entered allmulticast mode [ 683.562180][ T2384] bridge_slave_0: entered promiscuous mode [ 683.566704][ T2384] bridge0: port 2(bridge_slave_1) entered blocking state [ 683.567682][ T2436] loop7: detected capacity change from 0 to 7 [ 683.569921][ T2384] bridge0: port 2(bridge_slave_1) entered disabled state [ 683.575325][ T2384] bridge_slave_1: entered allmulticast mode [ 683.576480][ C2] blk_print_req_error: 25 callbacks suppressed [ 683.576494][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 683.580353][ T2384] bridge_slave_1: entered promiscuous mode [ 683.583457][ C2] buffer_io_error: 25 callbacks suppressed [ 683.583466][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 683.593179][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 683.596552][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 683.600045][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 683.603333][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 683.606341][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 683.609633][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 683.612361][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 683.616428][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 683.620465][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 683.624793][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 683.633649][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 683.634065][ T2384] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 683.636915][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 683.645842][ T2384] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 683.646947][ T2436] ldm_validate_partition_table(): Disk read failed. [ 683.652433][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 683.655406][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 683.664250][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 683.669993][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 683.673273][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 683.673616][ T2384] team0: Port device team_slave_0 added [ 683.681133][ T2384] team0: Port device team_slave_1 added [ 683.681535][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 683.688702][ T2436] Dev loop7: unable to read RDB block 0 [ 683.701711][ T2436] loop7: unable to read partition table [ 683.704677][ T2436] loop7: partition table beyond EOD, truncated [ 683.710126][ T2436] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 683.718244][ T2384] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 683.720558][ T2384] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 683.730188][ T2384] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 683.734799][ T2384] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 683.737823][ T2384] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 683.749108][ T2384] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 683.811480][ T2448] input: syz0 as /devices/virtual/input/input75 [ 683.843229][ T1252] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 683.868977][ T2116] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 683.878347][ T2384] hsr_slave_0: entered promiscuous mode [ 683.881293][ T2384] hsr_slave_1: entered promiscuous mode [ 683.884442][ T2384] debugfs: 'hsr0' already exists in 'hsr' [ 683.886779][ T2384] Cannot create hsr debugfs directory [ 683.926475][T30816] Bluetooth: hci1: command tx timeout [ 683.933206][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 684.322828][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 684.403756][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 684.538025][ T1147] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 684.565483][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 684.749471][ T2384] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 684.831470][ T2116] veth0_vlan: entered promiscuous mode [ 684.962959][T30816] Bluetooth: hci3: command tx timeout [ 684.970356][ T1147] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 685.166716][ T2384] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 685.217586][ T2116] veth1_vlan: entered promiscuous mode [ 685.368422][ T1147] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 685.564397][ T2384] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 685.789032][ T1147] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 686.017379][ T2384] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 686.073342][ T2116] veth0_macvtap: entered promiscuous mode [ 686.079245][ T2116] veth1_macvtap: entered promiscuous mode [ 686.093539][ T2116] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 686.105424][ T2116] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 686.114600][ T209] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 686.118454][ T209] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 686.122173][ T209] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 686.126172][ T209] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 686.351846][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 686.355640][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 686.391624][ T2384] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 686.424737][ T2384] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 686.454938][ T2384] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 686.498364][ T1147] bridge_slave_1: left allmulticast mode [ 686.500887][ T1147] bridge_slave_1: left promiscuous mode [ 686.503353][ T1147] bridge0: port 2(bridge_slave_1) entered disabled state [ 686.573422][ T1147] bridge_slave_0: left allmulticast mode [ 686.575444][ T1147] bridge_slave_0: left promiscuous mode [ 686.577451][ T1147] bridge0: port 1(bridge_slave_0) entered disabled state [ 687.042868][T30816] Bluetooth: hci3: command tx timeout [ 687.293510][ T1147] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 687.383462][ T1147] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 687.434575][ T1147] bond0 (unregistering): Released all slaves [ 687.442848][ C1] net_ratelimit: 7 callbacks suppressed [ 687.442860][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 687.489946][ T2384] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 687.490001][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 687.496447][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 687.523049][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 687.618322][ T2384] 8021q: adding VLAN 0 to HW filter on device bond0 [ 687.635132][ T2384] 8021q: adding VLAN 0 to HW filter on device team0 [ 687.642584][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 687.645728][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 687.680037][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 687.683250][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 688.210022][ T2624] loop8: detected capacity change from 0 to 8 [ 688.214488][ T2624] Dev loop8: unable to read RDB block 8 [ 688.218756][ T2624] loop8: unable to read partition table [ 688.220873][ T2624] loop8: partition table beyond EOD, truncated [ 688.223696][ T2624] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 688.428776][ T2384] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 688.482899][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 688.563001][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 688.883017][ T1147] hsr_slave_0: left promiscuous mode [ 688.915331][ T2673] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 688.932987][ T1147] hsr_slave_1: left promiscuous mode [ 688.935353][ T1147] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 688.938393][ T1147] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 688.979219][ T1147] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 688.983060][ T1147] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 689.054850][ T103] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 689.063981][ T1147] veth1_macvtap: left promiscuous mode [ 689.066244][ T1147] veth0_macvtap: left promiscuous mode [ 689.068705][ T1147] veth1_vlan: left promiscuous mode [ 689.070596][ T1147] veth0_vlan: left promiscuous mode [ 689.122811][T30816] Bluetooth: hci3: command tx timeout [ 689.522954][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 689.603007][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 689.683423][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 689.793212][ T1147] team0 (unregistering): Port device team_slave_1 removed [ 689.813822][ T1147] team0 (unregistering): Port device team_slave_0 removed [ 690.326659][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 690.326835][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 690.447140][ T2705] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12624'. [ 690.478397][ T2384] veth0_vlan: entered promiscuous mode [ 690.484077][ T2384] veth1_vlan: entered promiscuous mode [ 690.513673][ T2384] veth0_macvtap: entered promiscuous mode [ 690.519944][ T2384] veth1_macvtap: entered promiscuous mode [ 690.547962][ T2384] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 690.553297][ T2384] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 690.588220][ T46] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 690.591802][ T46] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 690.598922][ T46] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 690.602396][ T46] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 690.827534][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 690.839836][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 690.871530][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 690.878546][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 691.202867][T30816] Bluetooth: hci3: command tx timeout [ 691.387126][ T2785] netlink: 24 bytes leftover after parsing attributes in process `syz.4.12643'. [ 691.502524][ T2794] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 692.177960][ T2835] macvtap0: entered promiscuous mode [ 692.180619][ T2835] netlink: 4 bytes leftover after parsing attributes in process `syz.5.12660'. [ 692.254315][ T2835] veth0_macvtap: left promiscuous mode [ 692.418837][ T2835] macvtap0 (unregistering): left promiscuous mode [ 692.533795][ T2839] batadv_slave_0: entered promiscuous mode [ 692.543694][ T2838] batadv_slave_0: left promiscuous mode [ 692.642954][ C1] net_ratelimit: 374 callbacks suppressed [ 692.642972][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 692.722987][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 692.789781][ T9] hid_parser_main: 5 callbacks suppressed [ 692.789799][ T9] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0 [ 692.843478][ T9] hid-generic 0000:0000:0000.001E: hidraw1: HID v0.00 Device [syz1] on syz0 [ 692.919649][ T2870] fido_id[2870]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 693.692912][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 693.762892][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 694.732878][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 694.813045][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 694.816084][ T531] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 695.254273][ T2944] netlink: 'syz.5.12697': attribute type 1 has an invalid length. [ 695.385590][ T2939] syzkaller1: entered promiscuous mode [ 695.391607][ T2939] syzkaller1: entered allmulticast mode [ 695.443247][ T209] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 695.710028][ T1147] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 695.762976][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 695.852866][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 696.132905][ T5363] block nbd2: Possible stuck request ffff8880278e0000: control (read@0,4096B). Runtime 120 seconds [ 696.392848][ T6026] usb 6-1: new low-speed USB device number 10 using dummy_hcd [ 696.555343][ T6026] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 696.558483][ T6026] usb 6-1: config 0 has no interface number 0 [ 696.560977][ T6026] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 696.571544][ T6026] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 696.576122][ T6026] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 696.580066][ T6026] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 696.594718][ T6026] usb 6-1: config 0 descriptor?? [ 696.597767][ T3034] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 696.601740][ T3054] syzkaller1: entered promiscuous mode [ 696.609644][ T6026] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 696.614213][ T3054] syzkaller1: entered allmulticast mode [ 696.683826][ T1112] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1 [ 696.686310][ T1112] ata1: failed to read log page 10h (errno=-5) [ 696.688398][ T1112] ata1.00: exception Emask 0x1 SAct 0x8000000 SErr 0x0 action 0x0 [ 696.690942][ T1112] ata1.00: irq_stat 0x40000000 [ 696.692634][ T1112] ata1.00: failed command: READ FPDMA QUEUED [ 696.695272][ T1112] ata1.00: cmd 60/70:d8:fe:2b:01/05:00:00:00:00/40 tag 27 ncq dma 712704 in [ 696.695272][ T1112] res 50/04:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error) [ 696.700970][ T1112] ata1.00: status: { DRDY } [ 696.702500][ T1112] ata1.00: error: { ABRT } [ 696.705415][ T1112] ata1.00: configured for UDMA/100 [ 696.707420][ T1112] sd 0:0:0:0: [sda] tag#27 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 696.710719][ T1112] sd 0:0:0:0: [sda] tag#27 Sense Key : Aborted Command [current] [ 696.713775][ T1112] sd 0:0:0:0: [sda] tag#27 Add. Sense: No additional sense information [ 696.716672][ T1112] sd 0:0:0:0: [sda] tag#27 CDB: Read(10) 28 00 00 01 2b fe 00 05 70 00 [ 696.719244][ T1112] blk_print_req_error: 11 callbacks suppressed [ 696.719252][ T1112] I/O error, dev sda, sector 76798 op 0x0:(READ) flags 0x80700 phys_seg 13 prio class 2 [ 696.726965][ T1112] ata1: EH complete [ 696.761928][ T3064] netlink: 8 bytes leftover after parsing attributes in process `syz.5.12736'. [ 696.765011][ T3064] netlink: 12 bytes leftover after parsing attributes in process `syz.5.12736'. [ 696.818857][ T6026] usb 6-1: USB disconnect, device number 10 [ 697.667166][ T3086] trusted_key: syz.1.12745 sent an empty control message without MSG_MORE. [ 697.842893][ C1] net_ratelimit: 3 callbacks suppressed [ 697.842910][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 697.933019][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 697.954971][ T3099] kvm: user requested TSC rate below hardware speed [ 698.423117][T27547] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 698.572846][T27547] usb 6-1: Using ep0 maxpacket: 16 [ 698.576260][T27547] usb 6-1: config 0 has no interfaces? [ 698.578728][T27547] usb 6-1: New USB device found, idVendor=04d8, idProduct=00df, bcdDevice= 0.00 [ 698.582418][T27547] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 698.587147][T27547] usb 6-1: config 0 descriptor?? [ 698.801527][ T50] usb 6-1: USB disconnect, device number 11 [ 698.882864][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 698.973045][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 699.534887][ T3139] netlink: 7 bytes leftover after parsing attributes in process `syz.1.12763'. [ 699.773228][ T6026] usb 10-1: new high-speed USB device number 37 using dummy_hcd [ 699.933413][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 699.952905][ T6026] usb 10-1: Using ep0 maxpacket: 8 [ 699.958664][ T6026] usb 10-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 699.962621][ T6026] usb 10-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 699.967458][ T6026] usb 10-1: config 0 interface 0 has no altsetting 0 [ 699.970361][ T6026] usb 10-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 699.974647][ T6026] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 699.981859][ T6026] usb 10-1: config 0 descriptor?? [ 700.002846][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 700.416336][ T6026] mcp2221 0003:04D8:00DD.001F: unknown main item tag 0x0 [ 700.419661][ T6026] mcp2221 0003:04D8:00DD.001F: unknown main item tag 0x0 [ 700.423003][ T6026] mcp2221 0003:04D8:00DD.001F: unknown main item tag 0x0 [ 700.426018][ T6026] mcp2221 0003:04D8:00DD.001F: unknown main item tag 0x0 [ 700.429246][ T6026] mcp2221 0003:04D8:00DD.001F: unknown main item tag 0x0 [ 700.434639][ T6026] mcp2221 0003:04D8:00DD.001F: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.5-1/input0 [ 700.513887][ T3181] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 700.523311][ T3181] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 700.594455][ T3183] netlink: 'syz.2.12780': attribute type 12 has an invalid length. [ 700.598169][ T3183] netlink: 'syz.2.12780': attribute type 9 has an invalid length. [ 700.601625][ T3183] netlink: 148 bytes leftover after parsing attributes in process `syz.2.12780'. [ 700.615385][ T3137] i2c i2c-2: unsupported multi-msg i2c transaction [ 700.620410][ T6026] usb 10-1: USB disconnect, device number 37 [ 700.972889][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 701.043076][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 701.203456][ T103] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 701.207034][ T3209] syzkaller1: entered promiscuous mode [ 701.207127][ T59] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 701.208894][ T3209] syzkaller1: entered allmulticast mode [ 701.222860][ T50] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 701.279516][ T3213] input: syz0 as /devices/virtual/input/input76 [ 701.376560][ T50] usb 6-1: config index 0 descriptor too short (expected 45, got 36) [ 701.379239][ T50] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 701.383591][ T50] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 701.387211][ T50] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 701.390687][ T50] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 701.396189][ T50] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 701.399146][ T50] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 701.406559][ T50] usb 6-1: config 0 descriptor?? [ 701.622128][ T3219] netlink: 'syz.5.12796': attribute type 10 has an invalid length. [ 701.663019][ T3219] syz_tun: entered promiscuous mode [ 701.827084][ T50] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0 [ 701.830671][ T50] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0 [ 701.834426][ T50] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0 [ 701.837071][ T50] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0 [ 701.839539][ T50] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0 [ 701.859090][ T50] plantronics 0003:047F:FFFF.0020: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 701.905890][ T3221] ieee802154 phy0 wpan0: encryption failed: -126 [ 701.971736][ T3231] input: syz1 as /devices/virtual/input/input77 [ 702.095857][ T2600] usb 6-1: USB disconnect, device number 12 [ 702.634318][ T3250] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12804'. [ 702.637683][ T3252] netlink: 256 bytes leftover after parsing attributes in process `syz.2.12803'. [ 702.640708][ T3252] netlink: 256 bytes leftover after parsing attributes in process `syz.2.12803'. [ 703.042903][ C1] net_ratelimit: 3 callbacks suppressed [ 703.042916][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 703.122950][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 703.938377][ T3298] vivid-004: disconnect [ 703.983619][ T3297] vivid-004: reconnect [ 704.016266][ T3302] bridge1: entered promiscuous mode [ 704.018494][ T3302] bridge1: entered allmulticast mode [ 704.021691][ T3302] team0: Port device bridge1 added [ 704.080024][ T3302] bridge0: port 3(team0) entered blocking state [ 704.083068][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 704.087549][ T3302] bridge0: port 3(team0) entered disabled state [ 704.089958][ T3302] team0: entered allmulticast mode [ 704.091855][ T3302] team_slave_0: entered allmulticast mode [ 704.095523][ T3302] team_slave_1: entered allmulticast mode [ 704.101551][ T3302] team0: entered promiscuous mode [ 704.105992][ T3302] team_slave_0: entered promiscuous mode [ 704.109157][ T3302] team_slave_1: entered promiscuous mode [ 704.112559][ T3302] bridge0: port 3(team0) entered blocking state [ 704.115421][ T3302] bridge0: port 3(team0) entered forwarding state [ 704.162893][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 704.323739][T22087] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 704.797970][ T3340] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 705.122866][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 705.203098][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 705.228658][ T3352] netlink: 56 bytes leftover after parsing attributes in process `syz.1.12841'. [ 705.785836][ T3374] can0: slcan on ptm0. [ 706.032308][ T3378] vivid-000: disconnect [ 706.035440][ T3377] vivid-000: reconnect [ 706.142898][ T3363] nbd3: detected capacity change from 0 to 63 [ 706.158086][ T5946] block nbd3: Receive control failed (result -32) [ 706.159139][ T3381] block nbd3: Receive control failed (result -104) [ 706.159157][T30816] block nbd3: Receive control failed (result -32) [ 706.161422][ T5953] block nbd3: Receive control failed (result -32) [ 706.162411][ T5299] block nbd3: Receive control failed (result -32) [ 706.162882][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 706.242827][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 706.323423][ T1147] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 706.344668][ T3371] can0 (unregistered): slcan off ptm0. [ 706.811338][ T3417] syzkaller1: entered promiscuous mode [ 706.813620][ T3417] syzkaller1: entered allmulticast mode [ 707.298074][ T3429] overlayfs: statfs failed on './file0' [ 707.831465][ T3449] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 708.252910][ C1] net_ratelimit: 4 callbacks suppressed [ 708.252927][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 708.322818][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 708.621542][ T40] audit: type=1326 audit(1773733541.269:1629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3479 comm="syz.1.12891" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf703ef6c code=0x0 [ 709.292868][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 709.362950][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 709.602891][ T5299] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 709.604907][ T5946] Bluetooth: hci4: command 0x1003 tx timeout [ 710.262797][ T2600] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 710.332868][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 710.402946][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 710.422822][ T2600] usb 6-1: Using ep0 maxpacket: 32 [ 710.426401][ T2600] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 710.429443][ T2600] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 710.433237][ T2600] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 710.437300][ T2600] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 710.442317][ T2600] usb 6-1: config 0 interface 0 has no altsetting 0 [ 710.446247][ T2600] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 710.449344][ T2600] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 710.452125][ T2600] usb 6-1: Product: syz [ 710.453794][ T2600] usb 6-1: Manufacturer: syz [ 710.455641][ T2600] usb 6-1: SerialNumber: syz [ 710.458529][ T2600] usb 6-1: config 0 descriptor?? [ 710.465420][ T2600] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 710.471728][ T2600] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 710.508203][ T3568] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 710.675413][ T5988] usb 6-1: USB disconnect, device number 13 [ 710.678184][ C3] ldusb 6-1:0.0: usb_submit_urb failed (-19) [ 710.682379][ T5988] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 710.979431][ T3586] netlink: 4 bytes leftover after parsing attributes in process `syz.2.12933'. [ 711.243081][ T2600] usb 10-1: new low-speed USB device number 38 using dummy_hcd [ 711.362875][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 711.394614][ T2600] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 711.399064][ T2600] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 711.403214][ T2600] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 30062, setting to 8 [ 711.408606][ T2600] usb 10-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 711.414399][ T2600] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 711.427164][ T3590] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 711.431935][ T2600] hub 10-1:1.0: bad descriptor, ignoring hub [ 711.434693][ T2600] hub 10-1:1.0: probe with driver hub failed with error -5 [ 711.437344][ T2600] cdc_wdm 10-1:1.0: skipping garbage [ 711.439077][ T2600] cdc_wdm 10-1:1.0: skipping garbage [ 711.443104][ C2] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 711.448501][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 711.449524][ T2600] cdc_wdm 10-1:1.0: cdc-wdm0: USB WDM device [ 711.453971][ T2600] cdc_wdm 10-1:1.0: Unknown control protocol [ 712.084808][ T209] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 712.209549][ T3590] usb 10-1: reset low-speed USB device number 38 using dummy_hcd [ 712.368908][ T3627] ------------[ cut here ]------------ [ 712.372361][ T3627] !chanctx_conf [ 712.372376][ T3627] WARNING: net/mac80211/rate.c:53 at rate_control_rate_init+0x5c5/0x730, CPU#1: syz.1.12950/3627 [ 712.378407][ T3627] Modules linked in: [ 712.381216][ T3627] CPU: 1 UID: 0 PID: 3627 Comm: syz.1.12950 Tainted: G L syzkaller #0 PREEMPT(full) [ 712.385924][ T3627] Tainted: [L]=SOFTLOCKUP [ 712.387788][ T3627] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 712.392041][ T3627] RIP: 0010:rate_control_rate_init+0x5c5/0x730 [ 712.396180][ T3627] Code: 48 8d 35 00 00 00 00 e8 09 d0 e0 f6 e8 74 1f ea f6 e9 20 fe ff ff e8 9a 85 04 f7 90 0f 0b 90 e9 12 fe ff ff e8 8c 85 04 f7 90 <0f> 0b 90 eb b1 e8 81 85 04 f7 e8 ac 27 e9 f6 31 ff 89 c3 89 c6 e8 [ 712.405960][ T3627] RSP: 0018:ffffc900038771d0 EFLAGS: 00010283 [ 712.408779][ T3627] RAX: 00000000000006b9 RBX: ffff888021c68000 RCX: ffffc90026ec9000 [ 712.412433][ T3627] RDX: 0000000000080000 RSI: ffffffff8b0392d4 RDI: ffff88802301a4c0 [ 712.415885][ T3627] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000 [ 712.418561][ T3627] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88801294b400 [ 712.421276][ T3627] R13: ffff8880686b0e80 R14: ffff888012894000 R15: 0000000000000000 [ 712.424344][ T3627] FS: 0000000000000000(0000) GS:ffff88809724a000(0063) knlGS:00000000f542db40 [ 712.427738][ T3627] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 712.430568][ T3627] CR2: 00000000800003c0 CR3: 0000000028b10000 CR4: 0000000000352ef0 [ 712.436053][ T3627] Call Trace: [ 712.437670][ T3627] [ 712.439079][ T3627] rate_control_rate_init_all_links+0x76/0x1f0 [ 712.441361][ T3627] sta_apply_auth_flags.isra.0+0x4aa/0x500 [ 712.443933][ T3627] sta_apply_parameters+0xd2f/0x19e0 [ 712.445810][ T3627] ieee80211_add_station+0x3fe/0x6d0 [ 712.447656][ T3627] nl80211_new_station+0x145b/0x1dd0 [ 712.449489][ T3627] ? __pfx_nl80211_new_station+0x10/0x10 [ 712.451403][ T3627] ? nl80211_pre_doit+0x19a/0xae0 [ 712.454085][ T3627] genl_family_rcv_msg_doit+0x214/0x300 [ 712.456550][ T3627] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 712.459073][ T3627] ? genl_get_cmd+0x3ef/0x720 [ 712.460914][ T3627] ? bpf_lsm_capable+0x9/0x10 [ 712.462676][ T3627] ? security_capable+0x80/0x260 [ 712.464578][ T3627] ? ns_capable+0xd2/0xf0 [ 712.466257][ T3627] genl_rcv_msg+0x560/0x800 [ 712.467958][ T3627] ? __pfx_genl_rcv_msg+0x10/0x10 [ 712.469927][ T3627] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 712.471762][ T3627] ? __pfx_nl80211_new_station+0x10/0x10 [ 712.473821][ T3627] ? __pfx_nl80211_post_doit+0x10/0x10 [ 712.476259][ T3627] netlink_rcv_skb+0x159/0x420 [ 712.478443][ T3627] ? __pfx_genl_rcv_msg+0x10/0x10 [ 712.480707][ T3627] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 712.483226][ T3627] ? netlink_deliver_tap+0x1ae/0xcc0 [ 712.485685][ T3627] genl_rcv+0x28/0x40 [ 712.487538][ T3627] netlink_unicast+0x5aa/0x870 [ 712.489752][ T3627] ? __pfx_netlink_unicast+0x10/0x10 [ 712.492118][ T3627] netlink_sendmsg+0x8b0/0xda0 [ 712.494393][ T3627] ? __pfx_netlink_sendmsg+0x10/0x10 [ 712.496514][ T3627] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 712.499023][ T3627] ____sys_sendmsg+0x9e1/0xb70 [ 712.501230][ T3627] ? __pfx_netlink_sendmsg+0x10/0x10 [ 712.503864][ T3627] ? __pfx_____sys_sendmsg+0x10/0x10 [ 712.506266][ T3627] ? __pfx_futex_wake_mark+0x10/0x10 [ 712.508693][ T3627] ___sys_sendmsg+0x190/0x1e0 [ 712.510731][ T3627] ? __pfx____sys_sendmsg+0x10/0x10 [ 712.513293][ T3627] __sys_sendmsg+0x170/0x220 [ 712.515397][ T3627] ? __pfx___sys_sendmsg+0x10/0x10 [ 712.517700][ T3627] ? __ia32_sys_futex_time32+0x2f4/0x470 [ 712.520154][ T3603] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 712.520185][ T3627] __do_fast_syscall_32+0xe3/0x8c0 [ 712.524930][ T3627] do_fast_syscall_32+0x32/0x70 [ 712.527132][ T3627] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 712.529951][ T3627] RIP: 0023:0xf703ef6c [ 712.531447][ C3] cdc_wdm 10-1:1.0: nonzero urb status received: -71 [ 712.531785][ T3627] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 712.534004][ C3] cdc_wdm 10-1:1.0: wdm_int_callback - 0 bytes [ 712.534051][ C3] cdc_wdm 10-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 712.548684][ T3627] RSP: 002b:00000000f542d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 712.552309][ T3627] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080001080 [ 712.555943][ T3627] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 712.559464][ T3627] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 712.563086][ T3627] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 712.566275][ T3627] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 712.569079][ T3627] [ 712.570287][ T3627] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 712.573387][ T3627] CPU: 1 UID: 0 PID: 3627 Comm: syz.1.12950 Tainted: G L syzkaller #0 PREEMPT(full) [ 712.577805][ T3627] Tainted: [L]=SOFTLOCKUP [ 712.579225][ T3627] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 712.582550][ T3627] Call Trace: [ 712.583655][ T3627] [ 712.584626][ T3627] dump_stack_lvl+0x100/0x190 [ 712.586518][ T3627] vpanic+0x552/0x970 [ 712.588273][ T3627] ? __pfx_vpanic+0x10/0x10 [ 712.590232][ T3627] panic+0xd1/0xe0 [ 712.591488][ T3627] ? __pfx_panic+0x10/0x10 [ 712.593010][ T3627] check_panic_on_warn.cold+0x19/0x34 [ 712.594823][ T3627] ? rate_control_rate_init+0x5c5/0x730 [ 712.597290][ T3627] __warn.cold+0x191/0x348 [ 712.599364][ T3627] __report_bug+0x296/0x3d0 [ 712.601422][ T3627] ? rate_control_rate_init+0x5c5/0x730 [ 712.603903][ T3627] ? __pfx___report_bug+0x10/0x10 [ 712.606183][ T3627] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 712.609015][ T3627] ? ieee80211_add_station+0x56b/0x6d0 [ 712.611421][ T3627] ? nl80211_new_station+0x145b/0x1dd0 [ 712.613820][ T3627] ? genl_family_rcv_msg_doit+0x214/0x300 [ 712.616307][ T3627] ? netlink_rcv_skb+0x159/0x420 [ 712.618520][ T3627] ? netlink_unicast+0x5aa/0x870 [ 712.620763][ T3627] ? netlink_sendmsg+0x8b0/0xda0 [ 712.622996][ T3627] ? ____sys_sendmsg+0x9e1/0xb70 [ 712.625218][ T3627] ? ___sys_sendmsg+0x190/0x1e0 [ 712.627375][ T3627] ? __sys_sendmsg+0x170/0x220 [ 712.629515][ T3627] ? rate_control_rate_init+0x5c5/0x730 [ 712.631945][ T3627] report_bug+0xb2/0x220 [ 712.633606][ T3627] ? rate_control_rate_init+0x5c5/0x730 [ 712.635447][ T3627] handle_bug+0x16a/0x2a0 [ 712.637235][ T3627] exc_invalid_op+0x17/0x50 [ 712.639248][ T3627] asm_exc_invalid_op+0x1a/0x20 [ 712.641381][ T3627] RIP: 0010:rate_control_rate_init+0x5c5/0x730 [ 712.644122][ T3627] Code: 48 8d 35 00 00 00 00 e8 09 d0 e0 f6 e8 74 1f ea f6 e9 20 fe ff ff e8 9a 85 04 f7 90 0f 0b 90 e9 12 fe ff ff e8 8c 85 04 f7 90 <0f> 0b 90 eb b1 e8 81 85 04 f7 e8 ac 27 e9 f6 31 ff 89 c3 89 c6 e8 [ 712.652402][ T3627] RSP: 0018:ffffc900038771d0 EFLAGS: 00010283 [ 712.654973][ T3627] RAX: 00000000000006b9 RBX: ffff888021c68000 RCX: ffffc90026ec9000 [ 712.658414][ T3627] RDX: 0000000000080000 RSI: ffffffff8b0392d4 RDI: ffff88802301a4c0 [ 712.661841][ T3627] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000 [ 712.665175][ T3627] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88801294b400 [ 712.668237][ T3627] R13: ffff8880686b0e80 R14: ffff888012894000 R15: 0000000000000000 [ 712.670817][ T3627] ? rate_control_rate_init+0x5c4/0x730 [ 712.672855][ T3627] rate_control_rate_init_all_links+0x76/0x1f0 [ 712.675606][ T3627] sta_apply_auth_flags.isra.0+0x4aa/0x500 [ 712.678152][ T3627] sta_apply_parameters+0xd2f/0x19e0 [ 712.680449][ T3627] ieee80211_add_station+0x3fe/0x6d0 [ 712.682849][ T3627] nl80211_new_station+0x145b/0x1dd0 [ 712.685176][ T3627] ? __pfx_nl80211_new_station+0x10/0x10 [ 712.687674][ T3627] ? nl80211_pre_doit+0x19a/0xae0 [ 712.689945][ T3627] genl_family_rcv_msg_doit+0x214/0x300 [ 712.692373][ T3627] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 712.695074][ T3627] ? genl_get_cmd+0x3ef/0x720 [ 712.697194][ T3627] ? bpf_lsm_capable+0x9/0x10 [ 712.698879][ T3627] ? security_capable+0x80/0x260 [ 712.700735][ T3627] ? ns_capable+0xd2/0xf0 [ 712.702167][ T3627] genl_rcv_msg+0x560/0x800 [ 712.703674][ T3627] ? __pfx_genl_rcv_msg+0x10/0x10 [ 712.705370][ T3627] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 712.707153][ T3627] ? __pfx_nl80211_new_station+0x10/0x10 [ 712.708981][ T3627] ? __pfx_nl80211_post_doit+0x10/0x10 [ 712.710749][ T3627] netlink_rcv_skb+0x159/0x420 [ 712.712322][ T3627] ? __pfx_genl_rcv_msg+0x10/0x10 [ 712.714028][ T3627] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 712.716015][ T3627] ? netlink_deliver_tap+0x1ae/0xcc0 [ 712.717809][ T3627] genl_rcv+0x28/0x40 [ 712.719118][ T3627] netlink_unicast+0x5aa/0x870 [ 712.720721][ T3627] ? __pfx_netlink_unicast+0x10/0x10 [ 712.722480][ T3627] netlink_sendmsg+0x8b0/0xda0 [ 712.724066][ T3627] ? __pfx_netlink_sendmsg+0x10/0x10 [ 712.725858][ T3627] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 712.727719][ T3627] ____sys_sendmsg+0x9e1/0xb70 [ 712.729290][ T3627] ? __pfx_netlink_sendmsg+0x10/0x10 [ 712.731010][ T3627] ? __pfx_____sys_sendmsg+0x10/0x10 [ 712.732770][ T3627] ? __pfx_futex_wake_mark+0x10/0x10 [ 712.734539][ T3627] ___sys_sendmsg+0x190/0x1e0 [ 712.736168][ T3627] ? __pfx____sys_sendmsg+0x10/0x10 [ 712.737982][ T3627] __sys_sendmsg+0x170/0x220 [ 712.739524][ T3627] ? __pfx___sys_sendmsg+0x10/0x10 [ 712.741289][ T3627] ? __ia32_sys_futex_time32+0x2f4/0x470 [ 712.743175][ T3627] __do_fast_syscall_32+0xe3/0x8c0 [ 712.744905][ T3627] do_fast_syscall_32+0x32/0x70 [ 712.746566][ T3627] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 712.748624][ T3627] RIP: 0023:0xf703ef6c [ 712.749990][ T3627] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 712.756410][ T3627] RSP: 002b:00000000f542d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 712.759062][ T3627] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080001080 [ 712.761705][ T3627] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 712.764344][ T3627] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 712.767549][ T3627] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 712.771258][ T3627] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 712.774791][ T3627] [ 712.776755][ T3627] Kernel Offset: disabled [ 712.778180][ T3627] Rebooting in 86400 seconds..