last executing test programs: 7m29.030363968s ago: executing program 4 (id=1025): r0 = socket$inet6(0xa, 0x3, 0x2f) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) mount$bpf(0x200000000000, &(0x7f0000000440)='./file0\x00', 0x0, 0x98d046, 0x0) setsockopt$inet6_MCAST_LEAVE_GROUP(r0, 0x29, 0x2d, 0x0, 0x0) mount$bpf(0x200000000000, 0x0, 0x0, 0x10454ca, 0x0) syz_emit_ethernet(0x6e, &(0x7f0000000240)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x3, 0x6, '\x00', 0x38, 0x3a, 0xff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @dest_unreach={0x1, 0x6, 0x0, 0x81, '\x00', {0xc, 0x6, "e02efd", 0x281, 0x2f, 0x0, @mcast2, @private0={0xfc, 0x0, '\x00', 0x1}, [@dstopts={0x1}]}}}}}}}, 0x0) lchown(0x0, 0x0, 0x0) 7m28.919280786s ago: executing program 4 (id=1027): pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RGETLOCK(r1, &(0x7f0000000100)=ANY=[], 0x23) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'veth1_virt_wifi\x00', 0x0}) bind$packet(r2, &(0x7f0000000080)={0x11, 0xf8, r3}, 0x14) splice(r0, 0x0, r2, 0x0, 0x10500, 0x0) 7m28.580273775s ago: executing program 4 (id=1031): r0 = socket$pppoe(0x18, 0x1, 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x1, @local, 'ip6gre0\x00'}}, 0x1e) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000080)={0x18, 0x0, {0x1, @broadcast, 'ip_vti0\x00'}}, 0x1e) connect$pppoe(r0, &(0x7f0000000100)={0x18, 0x0, {0x4, @multicast, 'lo\x00'}}, 0x1e) close(r1) 7m28.387677611s ago: executing program 4 (id=1034): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f00000004c0)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x7) 7m28.328392223s ago: executing program 4 (id=1035): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e23, 0xc, @empty, 0x7}, 0x2f) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000580)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002cbd70000400000005000000080009000200000008000c00a80a0000060001000500000008000b"], 0x48}}, 0x20000084) 7m26.25558833s ago: executing program 4 (id=1051): munmap(&(0x7f0000031000/0x2000)=nil, 0x2000) r0 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(r0, 0x6) r1 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r1, &(0x7f0000000080), 0x10) sendmmsg(r1, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x24008094) 7m25.833010826s ago: executing program 32 (id=1051): munmap(&(0x7f0000031000/0x2000)=nil, 0x2000) r0 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(r0, 0x6) r1 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r1, &(0x7f0000000080), 0x10) sendmmsg(r1, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x24008094) 3m30.141273801s ago: executing program 2 (id=2512): socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, 0x0, 0x4080) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'streebog256-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmsg$nl_route(r2, 0x0, 0xc008006) r3 = getpgrp(0x0) syz_pidfd_open(r3, 0x0) openat$comedi(0xffffff9c, &(0x7f00000003c0)='/dev/comedi0\x00', 0x101100, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0x90d021bcec18e126, &(0x7f0000000380)={0x6, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000340)=ANY=[@ANYBLOB="14005cd40000010325bd18"], 0x14}, 0x1, 0x0, 0x0, 0x448d3}, 0x840) r5 = syz_open_procfs$namespace(0x0, &(0x7f0000001380)='ns/cgroup\x00') open_by_handle_at(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="10000000f1000000", @ANYRES8=r5], 0x0) 3m29.444033968s ago: executing program 2 (id=2514): socket$packet(0x11, 0x3, 0x300) syz_open_procfs$namespace(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2a, 0xa9}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x9) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r1 = syz_open_dev$dri(0x0, 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbefb, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000700)=@abs={0x0, 0x0, 0x10000}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setuid(0xee00) r4 = socket(0xa, 0x5, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, 0x0, 0x0) setsockopt$inet_sctp_SCTP_INITMSG(r4, 0x84, 0x2, &(0x7f0000000080)={0x7ff, 0x10, 0x8, 0x2}, 0x8) sendto$inet6(r4, &(0x7f0000000180)="a7", 0x1, 0x4c898, &(0x7f0000000040)={0xa, 0x4e24, 0xfcb, @loopback, 0xc5f}, 0x1c) 3m26.738156573s ago: executing program 2 (id=2520): r0 = openat$smackfs_syslog(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x46) linkat(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, 0x0, 0x0) getsockopt$sock_int(r3, 0x1, 0x20, 0x0, &(0x7f00000001c0)) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000480)='.\x00', 0x10000, 0x0) getdents64(r4, &(0x7f0000001940)=""/4096, 0x1000) r5 = fsmount(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xa}, 0x94) syz_clone3(&(0x7f0000000340)={0x201800000, 0x0, 0x0, 0x0, {0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, {r5}}, 0x58) writev(r0, &(0x7f0000000280)=[{&(0x7f0000000080)="319b", 0x2}, {0x0}, {&(0x7f0000000200)="2f26e56235db909e840152fbf8c84568cd44a85ed705a67cb6320b03a074576675dd77bc6a2eaacdc90c758bb1bdcb0f2baebe0d2d3c0b85aa138a3962ead8e78980547c427df4da0570e02e9edaf2babd0ecbea4c7e0b416f348e1ee4167eb6d31240260298c73709581c1b95e32296868b3606", 0x74}], 0x3) 3m25.539745366s ago: executing program 2 (id=2524): unshare(0x20000) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0/file1\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file1/file2\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0/file1/file2/file3\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file1/file2/file3/file4\x00', 0x1c0) mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file0/file1/file2/file3/file5\x00', 0x81c0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0/file6\x00', 0x1c0) mount$bind(&(0x7f0000000280)='./file0/file1/file2/file3\x00', &(0x7f00000002c0)='./file0/file1/file2/file3\x00', 0x0, 0x1000, 0x0) mount$bind(&(0x7f0000000300)='./file0/file1\x00', &(0x7f0000000340)='./file0/file6\x00', 0x0, 0x5000, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file6/file2\x00', 0x0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f00000003c0)='./file0/file1/file2\x00', 0xffffffffffffff9c, &(0x7f0000000400)='./file0/file2\x00', 0x0) r1 = landlock_create_ruleset(&(0x7f0000000440)={0x2004}, 0x18, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0/file2/file3/file4\x00', 0x0, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f00000004c0)={0x4, r2}, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) landlock_restrict_self(r1, 0x0) openat(r0, &(0x7f0000000500)='file3/file5\x00', 0x0, 0x0) renameat2(r0, &(0x7f0000000540)='file3/file5\x00', r0, &(0x7f0000000580)='file3/file4/file5\x00', 0x0) 3m24.443887975s ago: executing program 2 (id=2530): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) fsopen(&(0x7f0000000040)='cifs\x00', 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0xfc, "2af01c3d0040fbffffffffffffff00"}) syz_open_pts(r1, 0x0) syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x4000000, {0x2, 0x4e21, @loopback}, {0x2, 0x0, @local}, {0x2, 0x4e23, @local}, 0x1d7, 0x0, 0x0, 0x0, 0xfff8, 0x0, 0x4, 0x6}) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES8=r2], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x20018847) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$binfmt_misc(r3, &(0x7f0000000000), 0xd) 3m18.763854156s ago: executing program 2 (id=2542): socket$inet(0x2, 0x4000000000000001, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_icmp(0xa, 0x2, 0x3a) socket$can_bcm(0x1d, 0x2, 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) syz_clone(0x30209000, 0x0, 0x0, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') read(r3, &(0x7f0000001180)=""/4096, 0x1000) 3m17.216002843s ago: executing program 33 (id=2542): socket$inet(0x2, 0x4000000000000001, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_icmp(0xa, 0x2, 0x3a) socket$can_bcm(0x1d, 0x2, 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) syz_clone(0x30209000, 0x0, 0x0, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00') read(r3, &(0x7f0000001180)=""/4096, 0x1000) 12.093277488s ago: executing program 6 (id=3557): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCDEL6RD(r0, 0x89fa, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000040)={@private1, @multicast2, 0xf, 0x17}}) 11.902941409s ago: executing program 6 (id=3560): syz_open_dev$tty1(0xc, 0x4, 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000480)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x0, 0x21, 0x9, {0x9, 0x21, 0x6, 0xd, 0x1, {0x22, 0x669}}}}, &(0x7f0000000980)={0x2c, &(0x7f0000000580)={0x0, 0xc, 0x52, "ff06b79759e8eac970f17c6874af30b60f5dea268e5b74a7aa9d788ae091c71c80d09fd3b049176f33f4cdd96be18dea78e64590bd00e11a48a9295c8b51ec4b7257c9dd5b057ca347e53d659ad5a7f479b5"}, &(0x7f0000000680)={0x0, 0xa, 0x1, 0x2}, 0x0, &(0x7f0000000740), &(0x7f00000007c0)={0x20, 0x3, 0x1, 0x7}}) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) 10.168493111s ago: executing program 6 (id=3579): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000540)=@nat={'nat\x00', 0x670, 0x5, 0x358, 0x208, 0x208, 0xffffffff, 0x2b0, 0x168, 0x380, 0x380, 0xffffffff, 0x380, 0x380, 0x5, 0x0, {[{{@ip={@rand_addr=0x64010104, @initdev={0xac, 0x1e, 0x1, 0x0}, 0xff0000ff, 0xffffff00, 'veth1_to_bridge\x00', 'wg1\x00', {}, {0xff}, 0x16}, 0x0, 0x70, 0xa8, 0x48}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0xf, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @port=0x4e22, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0xa0}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{0xfffc, 0xd, 0x1}, {0x2, 0x4, 0x3}, 0x1000, 0x100}}}, {{@ip={@multicast2, @broadcast, 0xff, 0x0, 'virt_wifi0\x00', 'batadv_slave_1\x00', {}, {0xff}}, 0x0, 0x70, 0xa8}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x2, @loopback, @empty, @icmp_id=0x68, @port=0x4e22}}}}, {{@uncond, 0x0, 0x98, 0xd0, 0x0, {}, [@common=@icmp={{0x28}, {0x4, "1542", 0x1}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x10, @rand_addr, @dev={0xac, 0x14, 0x14, 0x2a}, @icmp_id, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3b8) syz_emit_ethernet(0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_open_dev$dvb_dvr(&(0x7f0000000240), 0x0, 0x100) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) 9.370314875s ago: executing program 0 (id=3589): syz_open_dev$tty1(0xc, 0x4, 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000480)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x0, 0x21, 0x9, {0x9, 0x21, 0x6, 0xd, 0x1, {0x22, 0x669}}}}, &(0x7f0000000980)={0x2c, &(0x7f0000000580)={0x0, 0xc, 0x52, "ff06b79759e8eac970f17c6874af30b60f5dea268e5b74a7aa9d788ae091c71c80d09fd3b049176f33f4cdd96be18dea78e64590bd00e11a48a9295c8b51ec4b7257c9dd5b057ca347e53d659ad5a7f479b5"}, &(0x7f0000000680)={0x0, 0xa, 0x1, 0x2}, 0x0, &(0x7f0000000740), &(0x7f00000007c0)={0x20, 0x3, 0x1, 0x7}}) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) 7.291809415s ago: executing program 0 (id=3603): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x439, 0x10000000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x69801}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gre={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @dev={0xac, 0x14, 0x14, 0x2}}, @IFLA_GRE_TTL={0x5, 0x8, 0x6}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x24040040}, 0x0) 6.063070016s ago: executing program 0 (id=3615): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f00000004c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1ff}, [@call={0x85, 0x0, 0x0, 0x28}, @printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xcd}, {0x85, 0x0, 0x0, 0x7b}}]}, &(0x7f0000000680)='syzkaller\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffb}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000340)="06000004de7a398a176886a29dad", 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x4c) 5.923938239s ago: executing program 6 (id=3617): syz_open_dev$tty1(0xc, 0x4, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000480)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x0, 0x21, 0x9, {0x9, 0x21, 0x6, 0xd, 0x1, {0x22, 0x669}}}}, &(0x7f0000000980)={0x2c, &(0x7f0000000580)={0x0, 0xc, 0x52, "ff06b79759e8eac970f17c6874af30b60f5dea268e5b74a7aa9d788ae091c71c80d09fd3b049176f33f4cdd96be18dea78e64590bd00e11a48a9295c8b51ec4b7257c9dd5b057ca347e53d659ad5a7f479b5"}, &(0x7f0000000680)={0x0, 0xa, 0x1, 0x2}, 0x0, &(0x7f0000000740), &(0x7f00000007c0)={0x20, 0x3, 0x1, 0x7}}) socket(0x2, 0x3, 0x5) 4.628241887s ago: executing program 0 (id=3622): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x437, 0x70bd27, 0xffffffff, {0x0, 0x0, 0x0, 0x0, 0x51b0b}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_PROTO={0x5, 0x9, 0x89}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc045}, 0x20004) 4.454034336s ago: executing program 0 (id=3627): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000540)=@nat={'nat\x00', 0x670, 0x5, 0x358, 0x208, 0x208, 0xffffffff, 0x2b0, 0x168, 0x380, 0x380, 0xffffffff, 0x380, 0x380, 0x5, 0x0, {[{{@ip={@rand_addr=0x64010104, @initdev={0xac, 0x1e, 0x1, 0x0}, 0xff0000ff, 0xffffff00, 'veth1_to_bridge\x00', 'wg1\x00', {}, {0xff}, 0x16}, 0x0, 0x70, 0xa8, 0x48}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0xf, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @port=0x4e22, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0xa0}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{0xfffc, 0xd, 0x1}, {0x2, 0x4, 0x3}, 0x1000, 0x100}}}, {{@ip={@multicast2, @broadcast, 0xff, 0x0, 'virt_wifi0\x00', 'batadv_slave_1\x00', {}, {0xff}}, 0x0, 0x70, 0xa8}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x2, @loopback, @empty, @icmp_id=0x68, @port=0x4e22}}}}, {{@uncond, 0x0, 0x98, 0xd0, 0x0, {}, [@common=@icmp={{0x28}, {0x4, "1542", 0x1}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x10, @rand_addr, @dev={0xac, 0x14, 0x14, 0x2a}, @icmp_id, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3b8) syz_emit_ethernet(0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_open_dev$dvb_dvr(&(0x7f0000000240), 0x0, 0x100) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) 4.25992769s ago: executing program 6 (id=3628): getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) read$FUSE(0xffffffffffffffff, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, 0x0, 0x0) listen(r2, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) connect$unix(r3, &(0x7f0000000640)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(r4, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) socket$kcm(0xa, 0x2, 0x0) r5 = socket(0x2, 0x80805, 0x0) setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f0000000040)={0x84, @local, 0x4e21, 0x3, 'sh\x00', 0x1d, 0x9d43, 0x75}, 0x2c) setsockopt$IP_VS_SO_SET_ADDDEST(r5, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e21, 0x3, 'lc\x00', 0x5, 0x8, 0x77}, {@remote, 0x4e20, 0x10000, 0xcd}}, 0x44) 4.135815539s ago: executing program 3 (id=3630): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = socket(0x28, 0x5, 0x0) r1 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r1, &(0x7f0000000040), 0x10) listen(r1, 0x4) socket$vsock_stream(0x28, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000fc0)={0xffffffffffffffff, 0xffffffffffffffff}) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) sendmsg$inet(r2, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000080)="3bfdd75fa5717852d59a9367444a2130e72cd4dabc8854532cca0c32a5b9f844a4610c7525650ce3d3b76b15026d93e6dee896115e9364066aa3d14e33ef732b4681335c576902153114bdb9c74b538a71115fb1d1a63d1b04129661b29aab89d0be999a6b7c9bea755adedbf305a79f70b71d3d4c98577b49db4963ce89b0def5e840f459659cb6f86d56b069a5de11d601d348ff88ca6e5e2cfe40176880b33e9e8dbc32ba2e6a99b1b50276dc4f06166000d7069a3cc76f", 0xb9}, {&(0x7f0000000180)="892950e2405ee8629d9384a91c16d1706a3e61f305119f95cac0f1927f4c205b971eb41147cb1f86883d6910e68ac3996551800b3ec64b77f8444b18345a2c8b178eeeba0cde7319a5a46bfe7f5770e019efd9d52069edcced33a758c4e657f3a792dc193a1911b4e82ea800ad7afe03c851a8", 0x73}, {&(0x7f0000000200)="a68cde0d56b170df7710b54f17d9a39c4f98f3547190", 0x16}, {&(0x7f0000000240)="45e04400f2b383517a08c397dd0a76e67ecfc8e74573c24dedd3a48fb62418c1412fdcd15e888cb0f5d02e77bfecefda6b064c0bb2b66a9a522e63873dde02330510255eec7dfa1af708cdab59fb71eca786a359a2c3b0cbad35144ec5b069c53f90e43339845dc7fd140c55b0149ab38eb27c140f374bcc2c95b0b121d1a9302f3a01b888243b3fc0d46f0de0", 0x8d}, {&(0x7f0000000300)="87fb74cf4d67adbbd062637f514c1f5eb18d7b442e6457a356c6cb1f71a43dfae773c8489cce5145f92615d4bdb13ef54d6ae90ec7733180fcf5adf3e13fdb05b57b748bd14eda042a97fdd84498304a504a0a159b972e8200c2d0f536a3465ec498ed12b924bd134057df36129d3ebe3dd3ce9f0671e5278143e4afa3d43f444681de1b5f9725fca34fa357fe2154981666fb9dc202fc17a0199eb1c25bdd1005e590e84783ee9894c888998dc25a83c14aeee31d114acfa0bcd235d571cd765f4b9259ba43e6fc30291d8a642146c4771898030b736aeee6b247abb0784b154e104e7dcda401f9b1736fea30a41a4153fe6a9a525bd0a3487571f914f05b590e242341ade289d8f5b842c6be4a93c2755dfd47174def782a2f8f61c068b5a012f02c0801601e860def788121e8808c01fed4c920a3698d0d684920918c95b17f76bbcb4f265c931d8f79560ff8114b70f4dd6791e2ed70cfeb89905791b88be26efe1c5c66b7b50b3d2be0dbc066dfc31618f9507f6f340b85a2f76a6dcac9d6ccc289ace5e5fecd25afe22ffa451f5e365ab33cc985f2e9d7f7fb1be4794740a94215d7db14b0ffcec19e5e3c5ae0d8578ef3b65d2a7a77a11e390a6c3a6b391061c886b961e3c2f42d62047bfe1356a44b840d3d956105f4c0fa95db08c4933f00de77cdc057c28b41fecfc8398c442be1ad065954f6c9dfeb2fd7207e8548a00a1d50bdf522d2abfdafd71723616a34830fbfa8fc81e0c2639cc12f363a4919b7a00ac8189dad3e7e54122a2ef430f623658d5e281c9a19442995bb9b0e3f7d13e3016b6f9523be196bf23bbcc5ec802f43ef8b651d688d9d5a44f35c9847e4c32bce3e9ebed2326adadc76f06a195db32c80b3090d7cd65c9d8518ba4e528c5eb5c7a1c5695b21595fa8a8621734bfda8afddd65e1f37a1990220a00fa9bd2c22b0117ceb08ae6af3c944c2eca924abfddad065d1472d0c3f742a49b1e78c669471873706ad157d831d7482b773f07b0673a6ce1e227a7a4d13744bf459434c0ab1c323a38b1a84cbf1ce9741f2b8fdcc2e073e56171603d035aacd83e71d5132831f4f1e8bf517979f132a33fd03783272e9b8c96dfa4e1d320a58d82acfc8d3d53a5a52daafe4dc8be08f4ad53e11cc21374b6ff4ff5ea2ecc5d3f7c057f74f0098e57d990090475cdaffdef0da917653ed10fb70b94b72e5b4d95cbea0fc1dd2579635ad6ab545ba4d7b6d2f5442bdb78beb6c8ed62942a439117025b4566b48d9f3a17fdf4577e8606a4bc4c26557e58312fd2d1a541ebec3e5ae28eef8b2ab0597083716dd12889335570ee7839530eee879d9b137606cd4dd7103991671b4464bb68529eb19fb7a8845e3491bfbac688a87cf0744f429ea112014402915c4c1f6bae08d689d3cb7d641d7befe8fc74a2242310a9a367a39531b4c86da5b39df524e52f33ff9c40b48cb196ffc9ca855b6e698ade8a83e52b9ddc5031ff09e1907e4f8b0d07e64e1fb8e427f8819a7be907aa216bf8e2a4c7cc87ed53bf9490d4cc788b91f3b9f705e984a7e62c7a495e8421b97c39dc954b35468f17c6682334f4e16308448f457faeffff6d1f818522fa441d3a48168bdb12ffebace436a3915b63076cb6a655718647f87eaaf313b5bbd430421eed3a2215e439600a56eac8c65291eb103326a8034662bd337ab51577d9110ec7151be5cc9c54b2a30891acac5ad006ed537dbeb8f16eecbde7cf4e71373faf3c36b772f6d7ea9346875c8cf1049d49d4f8eb01b946c11e8c8e3ab2015f282167acddcc77fff03e1be9134252af0abfe538b4d25fc4ff874b52b9fb0996b5f32b4141dbd30578ff46e13ef6c63fc1620f62cb11a3dce401993976c272a5f62fde3f2a0e654d19e7a39dcdb622b9526d2a15cc18e6f817c916a00775353dd9c8954e66d0445b59bb0f5e6e3b46447232f52a0e398b057d123ef503afcbd48544db6434d2025bfc8dab72262a4fa5426a03061e7f8966e0086ff8ab5a91ab59f19b830394ee8bc76d6fb4816b8f4cde35b7eb9d3811228d51c54828f97fd1e648196c81bc73ed56249a59f318704e84656a6cedd2b8c1e1808d1cc648749abc643131e494c01336d4a14b8609656f2c972dc23c5c2e43fe40119fb88b5ec2aade35c03646e347354c493de8ab3672ccf94af0df333c6678299129d79be0eec281c5b3858ce3995566a390b674635b356692e3e9c53a089638ba0d69e772b7b410a5ae03de12e7de755ee559e1707b7b8003aabc8e2ce03c01e3183ff2d93262f6d5ceaafecdae66bc7cb3952c5a6571d864d502f281db5a228695badca5d022fdb6da56ab15dc377d1c1f8581ff56e28c2b2a84edb629547d28275c2ed571103b4ca7cdeb0776ba9f9dffcd78d21c3d4caa9289ed199672f4e7b912068c49c817114c37d37ea03954bae87d1ddae3da2ad85feb2fbb735b75a51f7bee5c8d88cc7bf64700d1a46ec6b631ae22ac7b06730a86a26bdcb992e1c7b50142de96b14a8468e4514068a30896fc677fddefaebb125c693a8d460469c7fe535f844781940f66d6abd091191c3122d584f5b0f5b0d443713d7d5186124d73de28aca30b719d4a55e09d259bddbf16995aeb1000880890afbd24d4066b0398985a40999de22ce176348e1c1f57eaf75b92a1e4f1482e89a00ac2cc36b20e36af9ec310599c19a5b1d6f8fadba104c58c801c6633315f82ebfa88faddd0b693e2f827f586c1cc5538e93bcf10f81af6dd7ee727df3b5018c0b4e31e40d040a47503b6ace4d29a1162ce487351825255f5584aff7cbd421f85c3d9fbb3784abd9848f16028b68f0d32ed8bb80106e8cc4acb939ff88bd39976d166b2addebf628b3fcd056da2f60e1b90f7a32702954921908ebccb683622a1f574ceba6951bef5e751c338c8279318dc28e36b9fc2bb17c3ad08aceb00fc388e6db112a738f86a4a1eb11526e1b9d73250b326285ed47c4398d93a3933d9a784249b65ad7d78a1f81d96ef36493ed693045a2150a8eb43cecc0c93e7d20b15b39a0646b081c2923b816365b7fbb41683a41732d942c5aa12faf876ec7f036becde8f3295af6dacff38d076d8e06260fee167703bb610745374a2758a6b88e465ca77d1f3105ae8b6b04a1eb509fb178d6249dbbc84d5d1d069278449a89d03e4a9a395d8170c329a296cfc329798cb9b9f1078d098cf3f989fd4ec53e013fbe917df35292d44fb1f3da4da4432a1847d4721514ade8cda5e5c0b51183580fc35266a970ebba74faeda56d4dcb56df51f96ad237452cedbd0cb2bee112713c3d450835811bf3da9745136d428e148fd0932dc77c8d8e61a16c625241fad8425b4ece394eedd5f165bd94923bfa1172be8edc8a4fcaae5f77ee8cc510192b27964da09c3e84efb4bc7154da1a24da8b7e544b42278d2574687ec", 0x987}], 0x5, &(0x7f0000001480)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @private, @multicast1}}}], 0x20}, 0x0) recvmsg$unix(r3, &(0x7f0000001140)={0x0, 0x0, &(0x7f0000001040)=[{&(0x7f00000015c0)=""/4096, 0x7ffff000}], 0x1, 0x0, 0x2}, 0x40000300) connect$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) sendmmsg(r0, &(0x7f0000000100)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 3.797542383s ago: executing program 5 (id=3634): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f0000000000)=0x1, 0x4) 3.536677269s ago: executing program 5 (id=3636): r0 = syz_open_dev$tty1(0xc, 0x4, 0x2) write(r0, &(0x7f0000000300)="1546b2000000dd0000008043f3526b13f78ada17aed1c0f19292ee0739b4f208001e8d54881b5d36a13d55", 0x2b) 3.291448583s ago: executing program 5 (id=3638): syz_open_dev$tty1(0xc, 0x4, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000480)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x0, 0x21, 0x9, {0x9, 0x21, 0x6, 0xd, 0x1, {0x22, 0x669}}}}, &(0x7f0000000980)={0x2c, &(0x7f0000000580)={0x0, 0xc, 0x52, "ff06b79759e8eac970f17c6874af30b60f5dea268e5b74a7aa9d788ae091c71c80d09fd3b049176f33f4cdd96be18dea78e64590bd00e11a48a9295c8b51ec4b7257c9dd5b057ca347e53d659ad5a7f479b5"}, &(0x7f0000000680)={0x0, 0xa, 0x1, 0x2}, 0x0, &(0x7f0000000740), &(0x7f00000007c0)={0x20, 0x3, 0x1, 0x7}}) socket(0x2, 0x3, 0x5) 1.968302392s ago: executing program 3 (id=3642): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="200000002e00090027bd700000000000040000000800180006ac0f0004001e"], 0x20}, 0x1, 0x0, 0x0, 0x42804}, 0x0) 1.613548187s ago: executing program 5 (id=3645): r0 = socket$l2tp6(0xa, 0x2, 0x73) sendmmsg$inet6(r0, &(0x7f0000004900)=[{{&(0x7f0000000180)={0xa, 0x4e23, 0x2, @mcast1, 0xa3d7}, 0x1c, 0x0, 0x0, &(0x7f0000000400)=[@hoplimit={{0x14}}], 0x18}}], 0x1, 0x24000840) 1.326508496s ago: executing program 5 (id=3647): semctl$IPC_RMID(0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f00000000c0)={'#! ', './file0'}, 0xb) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000340)=0xe) socket$vsock_stream(0x28, 0x1, 0x0) unshare(0x8040600) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0xc040) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x3, 0x3, &(0x7f00000001c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000240)='syzkaller\x00'}, 0x94) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x1a8) fanotify_init(0xf00, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) fanotify_init(0x8, 0x1) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000170000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000009b00000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x5e}, 0x94) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000000)=ANY=[], &(0x7f0000000080)='syzkaller\x00'}, 0x27) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.228788625s ago: executing program 1 (id=3648): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x3, 0xc, &(0x7f0000002380)=@framed={{0x18, 0x2, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0xd}, [@call={0x85, 0x0, 0x0, 0x22}, @printk={@li, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7fffffff}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf8000000}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x2f, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa5bc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 948.022859ms ago: executing program 1 (id=3649): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {0x6}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x11}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x58}}, 0x20004000) 783.69217ms ago: executing program 3 (id=3650): socket(0x10, 0x803, 0x0) socket$nl_route(0x10, 0x3, 0x0) landlock_create_ruleset(&(0x7f00000000c0)={0x100}, 0x18, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$kcm(0x2, 0x5, 0x84) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0xc0701, 0x0) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x4000000, {0x2, 0x4e22, @private=0xa010101}, {0x2, 0x0, @local}, {0x2, 0x4e21, @local}, 0x1d7, 0x0, 0x0, 0x0, 0xfff8, 0x0, 0x4, 0x6}) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x4048885) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="140000"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r1, &(0x7f0000000000), 0xd) 639.770579ms ago: executing program 1 (id=3651): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]}) landlock_create_ruleset(0x0, 0x0, 0x2) 452.567476ms ago: executing program 3 (id=3652): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021100011800c000100636f756e74657200180100000c0a010300000000000000000700fffe0900020073797a31000000000900010073797a3000000000ec000380e8000080d00001800c0002800800034000000002c00001000e80a01447354eade9fcdf54e99945b9a3f3c794c33b64481ae460b4f6a1f3f47fd758998e44e289e660caf11448beb9a1b0223267439fb295f7de371c718b20b37fb6f9b08ec9c3f8d9e1f88126c0c5187be18320bc17d5905212e23e70baafc77ed9ac47db01c34c9927fd4cb4bd9bb06c84fa5246e594ee48764c4f53dc42f0811a8b7bc8311bceacf982c449cb86b3ac46da849ef56d27cac1b59bf23320ff2d435e0a651ff2e842070000003d28a019f3d9b502c4cb050481dd140007800c000100636f756e746572"], 0x1ac}}, 0x0) 409.361371ms ago: executing program 1 (id=3653): r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000001380), 0x40, 0x0) fcntl$lock(r0, 0x24, &(0x7f0000002700)={0xad18d93ba3ef7cbf, 0x1, 0x7dc9}) 316.010335ms ago: executing program 6 (id=3654): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x169080, 0x0) ioctl$FBIOPUT_CON2FBMAP(r0, 0x4610, &(0x7f0000000080)={0x22, 0x1}) 298.717683ms ago: executing program 0 (id=3655): syz_open_dev$tty1(0xc, 0x4, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000480)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x0, 0x21, 0x9, {0x9, 0x21, 0x6, 0xd, 0x1, {0x22, 0x669}}}}, &(0x7f0000000980)={0x2c, &(0x7f0000000580)={0x0, 0xc, 0x52, "ff06b79759e8eac970f17c6874af30b60f5dea268e5b74a7aa9d788ae091c71c80d09fd3b049176f33f4cdd96be18dea78e64590bd00e11a48a9295c8b51ec4b7257c9dd5b057ca347e53d659ad5a7f479b5"}, &(0x7f0000000680)={0x0, 0xa, 0x1, 0x2}, 0x0, &(0x7f0000000740), &(0x7f00000007c0)={0x20, 0x3, 0x1, 0x7}}) socket(0x2, 0x3, 0x5) 275.033484ms ago: executing program 5 (id=3656): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014}, 0x48) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000900)={r0, 0x0, 0x0}, 0x20) 151.371669ms ago: executing program 1 (id=3657): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) set_tid_address(0x0) 150.37855ms ago: executing program 3 (id=3658): sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000140)="12", 0x1}], 0x1, 0x0, 0x0, 0x4810}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb010018000000000000003000000030000000020000000000000000000002020000000000000002000005000000000000000001"], &(0x7f0000001f40)=""/4089, 0x4a, 0xff9, 0xa}, 0x28) 3.560547ms ago: executing program 1 (id=3659): r0 = syz_open_dev$sndctrl(&(0x7f00000047c0), 0xab, 0x800) ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r0, 0xc1105511, &(0x7f0000004880)={{0x6, 0x4, 0xcdc, 0xb97, 'syz1\x00', 0x6}, 0x4, 0x20000000, 0xc1a, 0x0, 0x0, 0x5, 'syz0\x00', 0x0}) r1 = socket(0x2b, 0x80801, 0x1) r2 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='oom_score_adj\x00') r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x40) ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f0000000040)={{0x1, 0x2, 0x4}}) ioctl$SNDRV_TIMER_IOCTL_INFO(r5, 0x80e85411, 0x0) write$binfmt_format(r4, 0x0, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0xfff2, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=@newtfilter={0x3c, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xb, 0xf}, {0x0, 0x1}, {0xe, 0x300}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_TO={0x8, 0x2, 0x25}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20041090}, 0x0) setsockopt$WPAN_SECURITY(r1, 0x11e, 0x1, &(0x7f0000000000)=0x2, 0x4) listen(r1, 0x80000f5f) socket$netlink(0x10, 0x3, 0x0) 0s ago: executing program 3 (id=3660): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x14, 0x3, 0x2, 0x301, 0x0, 0x0, {0x1, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x9001}, 0x4044006) kernel console output (not intermixed with test programs): idProduct=a4a1, bcdDevice= 0.40 [ 123.429113][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 123.429131][ T9] usb 3-1: SerialNumber: syz [ 123.558670][ T5712] usb 2-1: config 1 interface 0 altsetting 127 bulk endpoint 0x81 has invalid maxpacket 64 [ 123.558762][ T5712] usb 2-1: config 1 interface 0 altsetting 127 bulk endpoint 0x2 has invalid maxpacket 32 [ 123.558787][ T5712] usb 2-1: config 1 interface 0 has no altsetting 0 [ 123.561876][ T5712] usb 2-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.40 [ 123.561903][ T5712] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.561975][ T5712] usb 2-1: Product: syz [ 123.562022][ T5712] usb 2-1: Manufacturer: syz [ 123.562035][ T5712] usb 2-1: SerialNumber: syz [ 123.669576][ T5719] dm9601 5-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID [ 123.772422][ T5719] usb 5-1: USB disconnect, device number 2 [ 123.897694][ T6286] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 123.897824][ T6286] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 124.384072][ T9] cdc_ether 3-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.2-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 124.579408][ T9] usb 3-1: USB disconnect, device number 2 [ 124.735483][ T9] cdc_ether 3-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.2-1, CDC Ethernet Device [ 124.930086][ T5726] usb 4-1: USB disconnect, device number 3 [ 124.957011][ T5712] (unnamed net_device) (uninitialized): Assigned a random MAC address: 8a:3e:a7:71:a7:de [ 125.556398][ T5712] rtl8150 2-1:1.0: eth1: rtl8150 is detected [ 125.617766][ T5712] usb 2-1: USB disconnect, device number 3 [ 126.571797][ T6347] capability: warning: `syz.4.223' uses 32-bit capabilities (legacy support in use) [ 126.965227][ T6348] A link change request failed with some changes committed already. Interface gre1 may have been left with an inconsistent configuration, please check. [ 127.506327][ T6378] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 127.702561][ T5726] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 127.868469][ T5726] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 127.868500][ T5726] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 127.868534][ T5726] usb 5-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.01 [ 127.868556][ T5726] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.925944][ T5726] usb 5-1: config 0 descriptor?? [ 128.395470][ T5726] arvo 0003:1E7D:30D4.0002: item fetching failed at offset 3/7 [ 128.396119][ T5726] arvo 0003:1E7D:30D4.0002: parse failed [ 128.396180][ T5726] arvo 0003:1E7D:30D4.0002: probe with driver arvo failed with error -22 [ 128.597032][ T31] usb 5-1: USB disconnect, device number 3 [ 129.256895][ T6418] netlink: 28 bytes leftover after parsing attributes in process `syz.4.253'. [ 129.531648][ T6424] loop7: detected capacity change from 0 to 16384 [ 129.946592][ C0] I/O error, dev loop7, sector 16376 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 129.949350][ C0] I/O error, dev loop7, sector 16376 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 129.949476][ C0] Buffer I/O error on dev loop7, logical block 2047, async page read [ 130.035853][ T6426] loop7: detected capacity change from 16384 to 0 [ 130.052172][ C0] I/O error, dev loop7, sector 256 op 0x0:(READ) flags 0x80700 phys_seg 31 prio class 2 [ 130.062467][ T31] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 130.242395][ T31] usb 2-1: Using ep0 maxpacket: 32 [ 130.245247][ T31] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 130.245284][ T31] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 130.249577][ T31] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 130.249605][ T31] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 130.249627][ T31] usb 2-1: Product: syz [ 130.249643][ T31] usb 2-1: Manufacturer: syz [ 130.344369][ T31] hub 2-1:4.0: USB hub found [ 130.446456][ T6431] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 130.552205][ T31] hub 2-1:4.0: 2 ports detected [ 130.610269][ T6431] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 130.663503][ T6431] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 130.770688][ T31] hub 2-1:4.0: hub_hub_status failed (err = -71) [ 130.770715][ T31] hub 2-1:4.0: config failed, can't get hub status (err -71) [ 130.852586][ T31] usb 2-1: USB disconnect, device number 4 [ 131.442487][ T31] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 131.650218][ T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 131.650250][ T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 131.651564][ T31] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 131.651588][ T31] usb 3-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 131.651606][ T31] usb 3-1: Manufacturer: syz [ 131.726637][ T31] usb 3-1: config 0 descriptor?? [ 132.755566][ T1335] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.755655][ T1335] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.759900][ T31] uclogic 0003:256C:006D.0003: failed retrieving string descriptor #100: -71 [ 132.759954][ T31] uclogic 0003:256C:006D.0003: failed retrieving pen parameters: -71 [ 132.760024][ T31] uclogic 0003:256C:006D.0003: failed probing pen v1 parameters: -71 [ 132.760090][ T31] uclogic 0003:256C:006D.0003: failed probing parameters: -71 [ 132.760186][ T31] uclogic 0003:256C:006D.0003: probe with driver uclogic failed with error -71 [ 132.839644][ T31] usb 3-1: USB disconnect, device number 3 [ 133.963601][ T6513] capability: warning: `syz.1.289' uses deprecated v2 capabilities in a way that may be insecure [ 134.096074][ T6513] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 134.377884][ T6527] netlink: 20 bytes leftover after parsing attributes in process `syz.4.294'. [ 134.424225][ T6527] netlink: 20 bytes leftover after parsing attributes in process `syz.4.294'. [ 135.408911][ T6569] overlayfs: failed to set uuid (53/file1, err=-1); falling back to uuid=null. [ 135.408969][ T6569] overlayfs: failed to verify upper root origin [ 135.844109][ T6584] warning: `syz.4.320' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 136.842465][ T1007] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 136.994701][ T1007] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 136.994727][ T1007] usb 2-1: config 0 has no interfaces? [ 137.023314][ T1007] usb 2-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c [ 137.023342][ T1007] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.023378][ T1007] usb 2-1: Product: syz [ 137.023392][ T1007] usb 2-1: Manufacturer: syz [ 137.023404][ T1007] usb 2-1: SerialNumber: syz [ 137.104462][ T1007] usb 2-1: config 0 descriptor?? [ 137.524477][ T6648] netlink: 68 bytes leftover after parsing attributes in process `syz.2.332'. [ 137.785790][ T5726] usb 2-1: USB disconnect, device number 5 [ 140.623361][ T6744] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 140.623838][ T6748] netlink: 212344 bytes leftover after parsing attributes in process `syz.1.371'. [ 141.508427][ T6774] netlink: 8 bytes leftover after parsing attributes in process `syz.3.383'. [ 141.508448][ T6774] netlink: 12 bytes leftover after parsing attributes in process `syz.3.383'. [ 141.508473][ T6774] netlink: 'syz.3.383': attribute type 6 has an invalid length. [ 141.641702][ T2849] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 141.643442][ T2849] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 141.644072][ T6774] netlink: 8 bytes leftover after parsing attributes in process `syz.3.383'. [ 141.644119][ T6774] netlink: 12 bytes leftover after parsing attributes in process `syz.3.383'. [ 141.644177][ T6774] netlink: 'syz.3.383': attribute type 6 has an invalid length. [ 141.717799][ T2849] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 142.532970][ T5719] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 142.654475][ T43] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 142.682360][ T5719] usb 2-1: Using ep0 maxpacket: 32 [ 142.684129][ T5719] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 142.684162][ T5719] usb 2-1: config 0 has no interface number 0 [ 142.687703][ T5719] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 142.687728][ T5719] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.687747][ T5719] usb 2-1: Product: syz [ 142.687760][ T5719] usb 2-1: Manufacturer: syz [ 142.687773][ T5719] usb 2-1: SerialNumber: syz [ 142.757352][ T5719] usb 2-1: config 0 descriptor?? [ 142.772179][ T5719] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 143.359665][ T5719] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 143.373065][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 143.405387][ T5719] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 143.430730][ T5719] usb 2-1: USB disconnect, device number 6 [ 143.688457][ T5719] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 143.784413][ T5719] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 143.813016][ T5719] quatech2 2-1:0.51: device disconnected [ 144.170236][ T6838] 9pnet_fd: p9_fd_create_unix (6838): problem connecting socket: ./file0: -111 [ 144.547376][ T6856] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 145.584564][ T6887] netlink: 52 bytes leftover after parsing attributes in process `syz.3.420'. [ 147.315420][ T6925] exfat: Deprecated parameter 'debug' [ 147.357110][ T6922] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 147.357219][ T6922] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 147.431083][ T6925] exFAT-fs (loop4): unable to read boot sector [ 147.431100][ T6925] exFAT-fs (loop4): failed to read boot sector [ 147.431110][ T6925] exFAT-fs (loop4): failed to recognize exfat type [ 147.661324][ T6922] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 147.825609][ T6934] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 147.867664][ T6922] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 147.867788][ T6922] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 147.998167][ T6922] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 148.164621][ T6922] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 148.164723][ T6922] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 148.236562][ T6939] IPv4: Oversized IP packet from 127.202.26.0 [ 148.451386][ T6922] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 148.562489][ T6922] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 148.563553][ T6922] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 148.698946][ T6922] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 148.809201][ T6922] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 148.809292][ T6922] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 148.958031][ T6922] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 149.374323][ T4912] Bluetooth: hci0: command 0x0c1a tx timeout [ 149.936410][ T4912] Bluetooth: hci1: command 0x0c1a tx timeout [ 150.172840][ T4912] Bluetooth: hci2: command 0x0c1a tx timeout [ 150.283216][ T6963] netlink: 65047 bytes leftover after parsing attributes in process `syz.4.452'. [ 150.400172][ T6969] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.455'. [ 150.409647][ T6964] 9pnet: p9_errstr2errno: server reported unknown error Ðÿ [ 150.574761][ T4912] Bluetooth: hci3: command 0x0c1a tx timeout [ 150.812967][ T4912] Bluetooth: hci4: command 0x0405 tx timeout [ 151.016030][ T6943] kexec: Could not allocate control_code_buffer [ 151.456523][ T4912] Bluetooth: hci0: command 0x0c1a tx timeout [ 152.012642][ T4912] Bluetooth: hci1: command 0x0c1a tx timeout [ 152.256729][ T4912] Bluetooth: hci2: command 0x0c1a tx timeout [ 152.652521][ T4912] Bluetooth: hci3: command 0x0c1a tx timeout [ 152.892442][ T4912] Bluetooth: hci4: command 0x0405 tx timeout [ 153.200499][ T37] kauditd_printk_skb: 4 callbacks suppressed [ 153.200516][ T37] audit: type=1326 audit(1777417130.948:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7046 comm="syz.2.484" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3157c6cdd9 code=0x0 [ 153.532414][ T4912] Bluetooth: hci0: command 0x0c1a tx timeout [ 153.706095][ T7058] netlink: 12 bytes leftover after parsing attributes in process `syz.3.488'. [ 154.093076][ T4912] Bluetooth: hci1: command 0x0c1a tx timeout [ 154.333681][ T4912] Bluetooth: hci2: command 0x0c1a tx timeout [ 154.485497][ T7079] netlink: 4 bytes leftover after parsing attributes in process `syz.0.497'. [ 154.732542][ T4912] Bluetooth: hci3: command 0x0c1a tx timeout [ 154.972459][ T4912] Bluetooth: hci4: command 0x0405 tx timeout [ 162.595128][ T7145] netlink: 4 bytes leftover after parsing attributes in process `syz.1.521'. [ 163.200036][ T37] audit: type=1326 audit(1777417140.948:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7156 comm="syz.2.526" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3157c6cdd9 code=0x0 [ 164.309377][ T7188] loop5: detected capacity change from 0 to 7 [ 164.348407][ T7188] Dev loop5: unable to read RDB block 7 [ 164.348453][ T7188] loop5: unable to read partition table [ 164.348756][ T7188] loop5: partition table beyond EOD, truncated [ 164.348788][ T7188] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 165.872386][ T7214] ceph: No mds server is up or the cluster is laggy [ 166.004861][ T36] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 166.188249][ T36] usb 5-1: too many configurations: 164, using maximum allowed: 8 [ 166.241954][ T36] usb 5-1: New USB device found, idVendor=7de0, idProduct=676e, bcdDevice=77.db [ 166.241984][ T36] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.316341][ T36] usb 5-1: config 0 descriptor?? [ 166.617357][ T5712] usb 5-1: USB disconnect, device number 4 [ 167.604751][ T7260] netlink: 8 bytes leftover after parsing attributes in process `syz.2.567'. [ 167.604785][ T7260] bond0: Unable to set down delay as MII monitoring is disabled [ 167.742754][ T1007] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 167.882338][ T5712] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 167.909376][ T1007] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 167.909403][ T1007] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 167.909440][ T1007] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 167.909462][ T1007] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.090281][ T5712] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 168.090309][ T5712] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.201416][ T1007] usb 1-1: usb_control_msg returned -32 [ 168.201467][ T1007] usbtmc 1-1:16.0: can't read capabilities [ 168.219958][ T5712] usb 4-1: config 0 descriptor?? [ 168.490524][ T7274] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 168.490524][ T7274] The task syz.2.572 (7274) triggered the difference, watch for misbehavior. [ 168.879519][ T31] usb 1-1: USB disconnect, device number 2 [ 169.503951][ T5712] usb 4-1: Cannot set autoneg [ 169.504195][ T5712] MOSCHIP usb-ethernet driver 4-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 169.589973][ T5712] usb 4-1: USB disconnect, device number 4 [ 170.809143][ T7310] netlink: 212360 bytes leftover after parsing attributes in process `syz.4.587'. [ 171.088311][ T7316] syz.1.588 uses obsolete (PF_INET,SOCK_PACKET) [ 171.140027][ T7316] syzkaller1: entered promiscuous mode [ 171.140050][ T7316] syzkaller1: entered allmulticast mode [ 171.169003][ T7318] netlink: 16178 bytes leftover after parsing attributes in process `syz.4.589'. [ 171.192429][ T36] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 171.354481][ T36] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 171.354508][ T36] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 171.354585][ T36] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 171.359626][ T36] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 171.359652][ T36] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 171.359671][ T36] usb 1-1: Product: syz [ 171.359684][ T36] usb 1-1: Manufacturer: syz [ 171.359697][ T36] usb 1-1: SerialNumber: syz [ 171.822178][ T36] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 3 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 172.024492][ T7340] sock: sock_timestamping_bind_phc: sock not bind to device [ 172.511578][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805e81a400: rx timeout, send abort [ 172.547987][ T36] usb 1-1: USB disconnect, device number 3 [ 172.579243][ T36] usblp0: removed [ 173.011468][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805e81a000: rx timeout, send abort [ 173.012457][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805e81a400: abort rx timeout. Force session deactivation [ 173.190208][ T7365] netlink: 44 bytes leftover after parsing attributes in process `syz.3.610'. [ 173.233212][ T7365] netlink: 44 bytes leftover after parsing attributes in process `syz.3.610'. [ 173.513272][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805e81a000: abort rx timeout. Force session deactivation [ 173.665438][ T7384] netlink: 32 bytes leftover after parsing attributes in process `syz.1.618'. [ 177.460531][ T7461] netlink: 'syz.2.649': attribute type 2 has an invalid length. [ 177.672761][ T7469] netlink: 32 bytes leftover after parsing attributes in process `syz.3.651'. [ 177.843653][ T7473] netlink: 'syz.2.653': attribute type 8 has an invalid length. [ 177.843672][ T7473] netlink: 4 bytes leftover after parsing attributes in process `syz.2.653'. [ 177.972611][ T7473] veth1_to_team: entered promiscuous mode [ 177.982157][ T7473] gretap0: entered promiscuous mode [ 178.036153][ T7473] veth1_to_team: left promiscuous mode [ 178.079113][ T7473] gretap0: left promiscuous mode [ 178.146246][ T7483] netlink: 'syz.3.659': attribute type 25 has an invalid length. [ 178.146267][ T7483] netlink: 4 bytes leftover after parsing attributes in process `syz.3.659'. [ 178.683824][ T7494] input: syz0 as /devices/virtual/input/input6 [ 178.685359][ T7497] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_bridge, syncid = 32, id = 0 [ 178.733734][ T7483] netlink: 'syz.3.659': attribute type 25 has an invalid length. [ 178.733755][ T7483] netlink: 4 bytes leftover after parsing attributes in process `syz.3.659'. [ 179.110337][ T7507] netlink: 'syz.4.667': attribute type 29 has an invalid length. [ 179.132795][ T7507] netlink: 'syz.4.667': attribute type 29 has an invalid length. [ 179.198399][ T7507] netlink: 'syz.4.667': attribute type 29 has an invalid length. [ 181.504969][ T7570] use of bytesused == 0 is deprecated and will be removed in the future, [ 181.504982][ T7570] use the actual size instead. [ 182.017223][ T37] audit: type=1326 audit(1777417159.778:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7581 comm="syz.1.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a9b7fcdd9 code=0x7ffc0000 [ 182.024619][ T37] audit: type=1326 audit(1777417159.778:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7581 comm="syz.1.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7f2a9b7fcdd9 code=0x7ffc0000 [ 182.027744][ T37] audit: type=1326 audit(1777417159.778:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7581 comm="syz.1.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a9b7fcdd9 code=0x7ffc0000 [ 182.032406][ T37] audit: type=1326 audit(1777417159.778:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7581 comm="syz.1.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a9b7fcdd9 code=0x7ffc0000 [ 182.095596][ T37] audit: type=1326 audit(1777417159.838:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7581 comm="syz.1.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f2a9b7bd60e code=0x7ffc0000 [ 182.125737][ T37] audit: type=1326 audit(1777417159.858:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7581 comm="syz.1.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f2a9b7bd60e code=0x7ffc0000 [ 182.132368][ T37] audit: type=1326 audit(1777417159.878:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7581 comm="syz.1.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f2a9b7bd60e code=0x7ffc0000 [ 182.141731][ T37] audit: type=1326 audit(1777417159.888:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7581 comm="syz.1.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f2a9b7bd60e code=0x7ffc0000 [ 182.172837][ T37] audit: type=1326 audit(1777417159.898:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7581 comm="syz.1.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f2a9b7bd60e code=0x7ffc0000 [ 182.239446][ T37] audit: type=1326 audit(1777417159.928:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7581 comm="syz.1.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f2a9b7bd60e code=0x7ffc0000 [ 185.708117][ T7672] netlink: 'syz.4.737': attribute type 3 has an invalid length. [ 185.785229][ T7674] input: syz0 as /devices/virtual/input/input7 [ 186.396085][ T1113] Bluetooth: hci5: Frame reassembly failed (-84) [ 186.479413][ T7692] sctp: [Deprecated]: syz.0.745 (pid 7692) Use of struct sctp_assoc_value in delayed_ack socket option. [ 186.479413][ T7692] Use struct sctp_sack_info instead [ 186.712381][ T7698] binder: 7695:7698 ioctl c0306201 200000000640 returned -22 [ 187.512401][ T820] IPVS: starting estimator thread 0... [ 187.602548][ T7729] IPVS: using max 9 ests per chain, 21600 per kthread [ 187.756887][ T7736] netlink: 28 bytes leftover after parsing attributes in process `syz.4.764'. [ 188.015027][ T7741] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 188.412404][ T4912] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 188.496473][ T7751] bond3: entered allmulticast mode [ 189.512376][ T1007] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 189.662433][ T1007] usb 1-1: Using ep0 maxpacket: 8 [ 189.676649][ T1007] usb 1-1: unable to get BOS descriptor or descriptor too short [ 189.686370][ T1007] usb 1-1: config 96 has an invalid interface number: 80 but max is 1 [ 189.686396][ T1007] usb 1-1: config 96 has an invalid interface number: 72 but max is 1 [ 189.686416][ T1007] usb 1-1: config 96 has no interface number 0 [ 189.686433][ T1007] usb 1-1: config 96 has no interface number 1 [ 189.686490][ T1007] usb 1-1: config 96 interface 80 altsetting 192 endpoint 0x6 has invalid maxpacket 1024, setting to 64 [ 189.686519][ T1007] usb 1-1: config 96 interface 80 altsetting 192 bulk endpoint 0x3 has invalid maxpacket 1023 [ 189.686559][ T1007] usb 1-1: config 96 interface 72 altsetting 3 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 189.686587][ T1007] usb 1-1: config 96 interface 72 altsetting 3 has a duplicate endpoint with address 0x6, skipping [ 189.686610][ T1007] usb 1-1: config 96 interface 80 has no altsetting 0 [ 189.686629][ T1007] usb 1-1: config 96 interface 72 has no altsetting 0 [ 189.694792][ T1007] usb 1-1: language id specifier not provided by device, defaulting to English [ 189.767081][ T1007] usb 1-1: New USB device found, idVendor=0d8e, idProduct=7802, bcdDevice=a2.04 [ 189.767113][ T1007] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.767134][ T1007] usb 1-1: Product: syz [ 189.767150][ T1007] usb 1-1: Manufacturer: 鯩魎롉ff烠듹Ú안墢çƒäƒˆã•œá¬®è¹‚䡖킀㸰挌㵌æªéƒ—覮쟥힇앸䙥륂풠é¢ãŒ”ા鬀㲀厵㕵ມ餵ï‰è—«êµŸê£ é°âŠ„仑㿛诱à§î–®à­£äŸœè§æž¸â›«ã‰ˆæ»ºî°•ä®í“‚㷀筙åºî´ ï†—èŠá³‘헇ᦽåŸë©„꤄ì à¦¬é¶Œèª®ãŽŠâµ‚潤潲愄耬얣 [ 189.767180][ T1007] usb 1-1: SerialNumber: syz [ 189.864280][ T7783] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 190.054817][ T7797] overlayfs: workdir and upperdir must reside under the same mount [ 190.151728][ T1007] usb 1-1: Could not find all expected endpoints [ 190.179519][ T1007] usb 1-1: Could not find all expected endpoints [ 190.233218][ T1007] usb 1-1: USB disconnect, device number 4 [ 190.764659][ T7813] binder: 7812:7813 ioctl c0306201 200000000480 returned -14 [ 191.948429][ T7857] netlink: 'syz.4.815': attribute type 1 has an invalid length. [ 192.266100][ T7857] 8021q: adding VLAN 0 to HW filter on device bond4 [ 192.478725][ T7861] bond4: (slave veth3): Enslaving as an active interface with a down link [ 192.595432][ T7869] batman_adv: batadv0: Adding interface: ipvlan2 [ 192.595448][ T7869] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 192.595474][ T7869] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 192.595489][ T7869] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 192.595499][ T7869] batman_adv: batadv0: Not using interface ipvlan2 (retrying later): interface not active [ 192.946097][ T7883] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 193.872363][ T1007] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 194.046531][ T1007] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 194.046561][ T1007] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 194.046595][ T1007] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 194.046615][ T1007] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.099904][ T1007] usb 4-1: config 0 descriptor?? [ 194.158417][ T7916] ptrace attach of "./syz-executor exec"[5594] was attempted by " [ 194.175621][ T1335] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.175684][ T1335] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.556335][ T1007] hid_parser_main: 27 callbacks suppressed [ 194.556355][ T1007] pyra 0003:1E7D:2CF6.0004: unknown main item tag 0x0 [ 194.556380][ T1007] pyra 0003:1E7D:2CF6.0004: unknown main item tag 0x0 [ 194.556400][ T1007] pyra 0003:1E7D:2CF6.0004: unknown main item tag 0x0 [ 194.556421][ T1007] pyra 0003:1E7D:2CF6.0004: unknown main item tag 0x0 [ 194.556442][ T1007] pyra 0003:1E7D:2CF6.0004: unknown main item tag 0x0 [ 194.556462][ T1007] pyra 0003:1E7D:2CF6.0004: unknown main item tag 0x0 [ 194.556484][ T1007] pyra 0003:1E7D:2CF6.0004: unknown main item tag 0x0 [ 194.712424][ T1007] pyra 0003:1E7D:2CF6.0004: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.3-1/input0 [ 195.669833][ T1007] pyra 0003:1E7D:2CF6.0004: couldn't init struct pyra_device [ 195.669892][ T1007] pyra 0003:1E7D:2CF6.0004: couldn't install mouse [ 195.727796][ T7939] netlink: 64 bytes leftover after parsing attributes in process `syz.4.849'. [ 195.780088][ T1007] pyra 0003:1E7D:2CF6.0004: probe with driver pyra failed with error -71 [ 195.823846][ T1007] usb 4-1: USB disconnect, device number 5 [ 196.741909][ T7966] vlan2: entered allmulticast mode [ 196.742180][ T7966] bridge0: port 3(vlan2) entered blocking state [ 196.758430][ T7966] bridge0: port 3(vlan2) entered disabled state [ 196.777814][ T7966] vlan2: entered promiscuous mode [ 197.292770][ T5581] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 197.442404][ T5581] usb 5-1: Using ep0 maxpacket: 8 [ 197.444718][ T5581] usb 5-1: config index 0 descriptor too short (expected 74, got 45) [ 197.444780][ T5581] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 197.444805][ T5581] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 197.444835][ T5581] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 197.444855][ T5581] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 197.444876][ T5581] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 197.444914][ T5581] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 197.444935][ T5581] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 197.544625][ T5581] usbtmc 5-1:16.0: probe with driver usbtmc failed with error -22 [ 197.588288][ T7990] loop2: detected capacity change from 0 to 7 [ 197.771316][ T7990] loop2: [POWERTEC] [ 198.082342][ T36] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 198.252506][ T36] usb 1-1: Using ep0 maxpacket: 32 [ 198.261655][ T36] usb 1-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 198.261745][ T36] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 198.261767][ T36] usb 1-1: Product: syz [ 198.261781][ T36] usb 1-1: Manufacturer: syz [ 198.261794][ T36] usb 1-1: SerialNumber: syz [ 198.322434][ T36] usb 1-1: config 0 descriptor?? [ 198.349599][ T36] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 198.613793][ T8014] trusted_key: syz.1.878 sent an empty control message without MSG_MORE. [ 198.731516][ T8016] netlink: 212344 bytes leftover after parsing attributes in process `syz.2.879'. [ 199.765635][ T36] gspca_ov534_9: reg_r err -71 [ 200.062339][ T36] gspca_ov534_9: Unknown sensor 0000 [ 200.062456][ T36] ov534_9 1-1:0.0: probe with driver ov534_9 failed with error -22 [ 200.133267][ T5719] usb 5-1: USB disconnect, device number 5 [ 200.169848][ T36] usb 1-1: USB disconnect, device number 5 [ 201.890540][ T8072] dummy0: entered promiscuous mode [ 201.980826][ T8072] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 202.170894][ T8072] hsr1: entered allmulticast mode [ 202.171365][ T8072] dummy0: entered allmulticast mode [ 202.171472][ T8072] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 203.814801][ T5581] usb 5-1: new low-speed USB device number 6 using dummy_hcd [ 203.886965][ T4912] Bluetooth: hci4: unexpected event for opcode 0x2039 [ 203.964214][ T5581] usb 5-1: config 1 has an invalid interface number: 187 but max is 0 [ 203.964239][ T5581] usb 5-1: config 1 has no interface number 0 [ 203.964274][ T5581] usb 5-1: config 1 interface 187 has no altsetting 0 [ 203.967870][ T5581] usb 5-1: string descriptor 0 read error: -22 [ 203.968005][ T5581] usb 5-1: New USB device found, idVendor=0424, idProduct=9e01, bcdDevice=51.fc [ 203.968027][ T5581] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 204.038898][ T5581] smsc95xx 5-1:1.187 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 204.039141][ T5581] smsc95xx 5-1:1.187: probe with driver smsc95xx failed with error -22 [ 204.274774][ T8125] netlink: 'syz.4.918': attribute type 6 has an invalid length. [ 204.274793][ T8125] netlink: 8 bytes leftover after parsing attributes in process `syz.4.918'. [ 204.301247][ T5581] usb 5-1: USB disconnect, device number 6 [ 204.307224][ T8142] block nbd1: NBD_DISCONNECT [ 204.558499][ T8145] block nbd1: Disconnected due to user request. [ 204.558519][ T8145] block nbd1: shutting down sockets [ 205.028037][ T8158] netlink: 164 bytes leftover after parsing attributes in process `syz.4.933'. [ 206.313166][ T8184] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 206.691105][ T8180] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 206.756955][ T37] kauditd_printk_skb: 127 callbacks suppressed [ 206.756971][ T37] audit: type=1804 audit(1777417184.468:185): pid=8198 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.948" name="bus" dev="ramfs" ino=17099 res=1 errno=0 [ 206.831657][ T37] audit: type=1804 audit(1777417184.578:186): pid=8203 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.4.948" name="bus" dev="ramfs" ino=17099 res=1 errno=0 [ 207.203203][ T31] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 207.362595][ T31] usb 1-1: Using ep0 maxpacket: 8 [ 207.364808][ T31] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 207.364854][ T31] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 207.369576][ T31] usb 1-1: New USB device found, idVendor=056a, idProduct=0343, bcdDevice= 0.40 [ 207.369614][ T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.369633][ T31] usb 1-1: Product: syz [ 207.369646][ T31] usb 1-1: Manufacturer: syz [ 207.369659][ T31] usb 1-1: SerialNumber: syz [ 207.727741][ T31] usbhid 1-1:1.0: couldn't find an input interrupt endpoint [ 207.777790][ T31] usb 1-1: USB disconnect, device number 6 [ 207.934650][ T4912] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 207.934834][ T4912] Bluetooth: hci4: Injecting HCI hardware error event [ 207.937119][ T59] Bluetooth: hci4: hardware error 0x00 [ 208.191446][ C1] vcan0: j1939_tp_rxtimer: 0xffff88802db78c00: rx timeout, send abort [ 208.192125][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88802db78c00: 0x20000: (3) A timeout occurred and this is the connection abort to close the session. [ 208.702375][ T37] audit: type=1804 audit(1777417186.418:187): pid=8256 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.974" name="/newroot/204/file0" dev="tmpfs" ino=1106 res=1 errno=0 [ 208.712394][ T31] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 208.903783][ T31] usb 5-1: Using ep0 maxpacket: 32 [ 208.905821][ T31] usb 5-1: config 2 has an invalid interface number: 88 but max is 0 [ 208.905844][ T31] usb 5-1: config 2 has no interface number 0 [ 208.905884][ T31] usb 5-1: config 2 interface 88 altsetting 7 bulk endpoint 0x6 has invalid maxpacket 256 [ 208.905908][ T31] usb 5-1: config 2 interface 88 has no altsetting 0 [ 208.909038][ T31] usb 5-1: New USB device found, idVendor=0557, idProduct=2009, bcdDevice=c7.1e [ 208.909067][ T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 208.909089][ T31] usb 5-1: Product: syz [ 208.909105][ T31] usb 5-1: Manufacturer: syz [ 208.909121][ T31] usb 5-1: SerialNumber: syz [ 209.010282][ T8249] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 209.244125][ T8249] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 209.282912][ C0] vcan0: j1939_tp_rxtimer: 0xffff88803bf77800: rx timeout, send abort [ 209.283116][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88803bf77800: 0x20000: (3) A timeout occurred and this is the connection abort to close the session. [ 209.859231][ T8270] netlink: 'syz.1.981': attribute type 4 has an invalid length. [ 209.860439][ T8270] netlink: 'syz.1.981': attribute type 4 has an invalid length. [ 210.023287][ T59] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 210.091792][ T31] asix 5-1:2.88 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 210.091817][ T31] asix 5-1:2.88 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0080: ffffffb9 [ 210.092088][ T31] asix 5-1:2.88: probe with driver asix failed with error -71 [ 210.151833][ T8274] netlink: 8 bytes leftover after parsing attributes in process `syz.0.982'. [ 210.167799][ T31] usb 5-1: USB disconnect, device number 7 [ 210.340252][ T8284] netlink: 'syz.0.987': attribute type 1 has an invalid length. [ 212.702387][ T5712] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 212.852414][ T5712] usb 3-1: Using ep0 maxpacket: 32 [ 212.880367][ T5712] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 212.880391][ T5712] usb 3-1: config 0 has no interface number 0 [ 212.880432][ T5712] usb 3-1: config 0 interface 184 has no altsetting 0 [ 212.909833][ T5712] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 212.909858][ T5712] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 212.909876][ T5712] usb 3-1: Product: syz [ 212.909889][ T5712] usb 3-1: Manufacturer: syz [ 212.909902][ T5712] usb 3-1: SerialNumber: syz [ 212.988766][ T5712] usb 3-1: config 0 descriptor?? [ 213.360670][ T37] audit: type=1804 audit(1777417191.108:188): pid=8361 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.1014" name="/newroot/199/file0" dev="tmpfs" ino=1048 res=1 errno=0 [ 213.395951][ T8363] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1015'. [ 213.817936][ T5712] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000040: -71 [ 213.817957][ T5712] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error writing E2P_CMD [ 213.818387][ T5712] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 213.818404][ T5712] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 213.818416][ T5712] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 213.818427][ T5712] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 213.818607][ T5712] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -71 [ 213.919213][ T5712] usb 3-1: USB disconnect, device number 4 [ 213.945730][ T8372] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1018'. [ 214.060881][ T8365] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 214.071429][ T12] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0 [ 214.078482][ T3373] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0 [ 214.144334][ T1193] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0 [ 214.144378][ T1193] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0 [ 214.622429][ T36] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 214.775519][ T36] usb 4-1: Using ep0 maxpacket: 32 [ 214.777697][ T36] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 214.777721][ T36] usb 4-1: config 0 has no interface number 0 [ 214.777763][ T36] usb 4-1: config 0 interface 184 has no altsetting 0 [ 214.781813][ T36] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 214.781839][ T36] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 214.781858][ T36] usb 4-1: Product: syz [ 214.781871][ T36] usb 4-1: Manufacturer: syz [ 214.781884][ T36] usb 4-1: SerialNumber: syz [ 214.843438][ T36] usb 4-1: config 0 descriptor?? [ 215.427399][ T8411] team0: Port device syz_tun added [ 215.497151][ T36] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 215.497181][ T36] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 216.090805][ T8426] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1041'. [ 216.120889][ T36] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71 [ 216.120911][ T36] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71 [ 216.120929][ T36] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 216.121162][ T36] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -71 [ 216.191173][ T36] usb 4-1: USB disconnect, device number 6 [ 216.650693][ T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.440945][ T8446] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.479319][ T8446] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.479919][ T8446] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.480048][ T8446] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.810722][ T37] audit: type=1326 audit(1777417195.558:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8453 comm="syz.3.1054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae2f14cdd9 code=0x7ffc0000 [ 217.810770][ T37] audit: type=1326 audit(1777417195.558:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8453 comm="syz.3.1054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae2f14cdd9 code=0x7ffc0000 [ 217.861352][ T37] audit: type=1326 audit(1777417195.608:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8453 comm="syz.3.1054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae2f14cdd9 code=0x7ffc0000 [ 217.861396][ T37] audit: type=1326 audit(1777417195.608:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8453 comm="syz.3.1054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae2f14cdd9 code=0x7ffc0000 [ 217.883503][ T37] audit: type=1326 audit(1777417195.638:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8453 comm="syz.3.1054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fae2f14cdd9 code=0x7ffc0000 [ 217.883616][ T37] audit: type=1326 audit(1777417195.638:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8453 comm="syz.3.1054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae2f14cdd9 code=0x7ffc0000 [ 217.890365][ T37] audit: type=1326 audit(1777417195.638:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8453 comm="syz.3.1054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7fae2f14cdd9 code=0x7ffc0000 [ 218.036393][ T37] audit: type=1326 audit(1777417195.788:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8453 comm="syz.3.1054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae2f14cdd9 code=0x7ffc0000 [ 218.036493][ T37] audit: type=1326 audit(1777417195.788:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8453 comm="syz.3.1054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae2f14cdd9 code=0x7ffc0000 [ 218.132141][ T4912] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 218.175025][ T4912] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 218.178030][ T4912] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 218.199341][ T4912] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 218.200017][ T4912] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 218.890094][ T8446] bridge0: port 3(vlan2) entered blocking state [ 218.890226][ T8446] bridge0: port 3(vlan2) entered forwarding state [ 219.134609][ T8479] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1062'. [ 219.308579][ T37] audit: type=1326 audit(1777417197.058:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8486 comm="syz.0.1066" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f42dec3cdd9 code=0x0 [ 219.464189][ T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 219.958364][ T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.252895][ T4912] Bluetooth: hci3: command tx timeout [ 220.599295][ T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.749131][ T8531] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1081'. [ 220.749165][ T8531] netlink: 'syz.0.1081': attribute type 7 has an invalid length. [ 220.749177][ T8531] netlink: 'syz.0.1081': attribute type 8 has an invalid length. [ 220.749188][ T8531] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1081'. [ 221.180030][ T8545] tipc: Failed to remove unknown binding: 66,1,1/0:508402441/508402443 [ 221.180065][ T8545] tipc: Failed to remove unknown binding: 66,1,1/0:508402441/508402443 [ 222.332618][ T4912] Bluetooth: hci3: command tx timeout [ 222.430960][ T8570] loop2: detected capacity change from 0 to 7 [ 222.479584][ T8570] Dev loop2: unable to read RDB block 7 [ 222.480499][ T8570] loop2: unable to read partition table [ 222.487971][ T8570] loop2: partition table beyond EOD, truncated [ 222.489034][ T8570] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 222.798726][ T8583] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1102'. [ 223.115038][ T12] bridge_slave_1: left allmulticast mode [ 223.140835][ T12] bridge_slave_1: left promiscuous mode [ 223.199085][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.331851][ T12] bridge_slave_0: left allmulticast mode [ 223.331883][ T12] bridge_slave_0: left promiscuous mode [ 223.361894][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.414322][ T4912] Bluetooth: hci3: command tx timeout [ 224.923036][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 224.983041][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 225.033223][ T12] bond0 (unregistering): Released all slaves [ 225.058758][ T12] bond1 (unregistering): Released all slaves [ 225.086023][ T12] bond2 (unregistering): Released all slaves [ 225.115035][ T12] bond3 (unregistering): Released all slaves [ 225.476309][ T12] bond4 (unregistering): (slave veth3): Releasing active interface [ 225.607106][ T8639] netlink: 'syz.1.1123': attribute type 1 has an invalid length. [ 225.636352][ T12] bond4 (unregistering): Released all slaves [ 226.095313][ T8590] bond0: (slave bond_slave_1): Releasing backup interface [ 226.214332][ T5257] 8021q: adding VLAN 0 to HW filter on device eth1 [ 226.265184][ T8639] 8021q: adding VLAN 0 to HW filter on device bond1 [ 226.337454][ T8640] bond1: (slave gretap1): making interface the new active one [ 226.374699][ T8640] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 226.492435][ T4912] Bluetooth: hci3: command tx timeout [ 227.587841][ T8690] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1141'. [ 228.854868][ T8736] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1154'. [ 229.106977][ T8738] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1154'. [ 229.254092][ T8458] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.254180][ T8458] bridge0: port 1(bridge_slave_0) entered disabled state [ 229.254354][ T8458] bridge_slave_0: entered allmulticast mode [ 229.259188][ T8458] bridge_slave_0: entered promiscuous mode [ 229.394757][ T5257] 8021q: adding VLAN 0 to HW filter on device eth2 [ 229.395422][ T8458] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.395527][ T8458] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.395696][ T8458] bridge_slave_1: entered allmulticast mode [ 229.398063][ T8458] bridge_slave_1: entered promiscuous mode [ 229.784801][ T12] hsr_slave_0: left promiscuous mode [ 229.839411][ T12] hsr_slave_1: left promiscuous mode [ 229.840558][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 229.840641][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 229.949199][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 229.949225][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 230.295259][ T12] veth1_macvtap: left promiscuous mode [ 230.308805][ T12] veth0_macvtap: left promiscuous mode [ 230.309528][ T12] veth1_vlan: left promiscuous mode [ 230.310419][ T12] veth0_vlan: left promiscuous mode [ 230.701642][ T8780] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1171'. [ 232.224790][ T12] team0 (unregistering): Port device team_slave_1 removed [ 232.273647][ T12] team0 (unregistering): Port device team_slave_0 removed [ 234.125809][ T8783] bridge1: entered allmulticast mode [ 234.164123][ T8458] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 234.503995][ T8458] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 234.625988][ T8458] team0: Port device team_slave_0 added [ 234.641216][ T8458] team0: Port device team_slave_1 added [ 234.916196][ T8458] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 234.916212][ T8458] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 234.916237][ T8458] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 234.927033][ T8458] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 234.927073][ T8458] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 234.928426][ T8458] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 235.262673][ T1113] Bluetooth: hci5: Frame reassembly failed (-84) [ 235.517624][ T8458] hsr_slave_0: entered promiscuous mode [ 235.520333][ T8458] hsr_slave_1: entered promiscuous mode [ 235.522724][ T8458] debugfs: 'hsr0' already exists in 'hsr' [ 235.522748][ T8458] Cannot create hsr debugfs directory [ 235.552629][ T12] IPVS: stop unused estimator thread 0... [ 235.904630][ T5257] 8021q: adding VLAN 0 to HW filter on device eth3 [ 236.250420][ T8846] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 237.302380][ T4912] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 237.304855][ T59] Bluetooth: hci5: command 0x1003 tx timeout [ 238.077931][ T8458] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 238.197370][ T8458] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 238.210556][ T8458] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 238.336542][ T8458] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 238.341811][ T8458] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 238.443997][ T8458] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 238.445373][ T8458] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 238.646418][ T8458] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 238.941974][ T5257] 8021q: adding VLAN 0 to HW filter on device eth4 [ 239.195265][ T8458] 8021q: adding VLAN 0 to HW filter on device bond0 [ 239.428696][ T8458] 8021q: adding VLAN 0 to HW filter on device team0 [ 239.461458][ T1193] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.475573][ T1193] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.514272][ T1193] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.514410][ T1193] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.524249][ T37] audit: type=1326 audit(1777417217.268:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8956 comm="syz.0.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42dec3cdd9 code=0x7ffc0000 [ 239.524365][ T37] audit: type=1326 audit(1777417217.278:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8956 comm="syz.0.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42dec3cdd9 code=0x7ffc0000 [ 239.531802][ T37] audit: type=1326 audit(1777417217.278:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8956 comm="syz.0.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42dec3cdd9 code=0x7ffc0000 [ 239.537269][ T37] audit: type=1326 audit(1777417217.288:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8956 comm="syz.0.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f42dec3cdd9 code=0x7ffc0000 [ 239.537378][ T37] audit: type=1326 audit(1777417217.278:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8956 comm="syz.0.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42dec3cdd9 code=0x7ffc0000 [ 239.578317][ T37] audit: type=1326 audit(1777417217.288:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8956 comm="syz.0.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42dec3cdd9 code=0x7ffc0000 [ 239.578436][ T37] audit: type=1326 audit(1777417217.318:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8956 comm="syz.0.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42dec3cdd9 code=0x7ffc0000 [ 239.578537][ T37] audit: type=1326 audit(1777417217.318:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8956 comm="syz.0.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f42dec3cdd9 code=0x7ffc0000 [ 239.578638][ T37] audit: type=1326 audit(1777417217.318:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8956 comm="syz.0.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42dec3cdd9 code=0x7ffc0000 [ 239.578736][ T37] audit: type=1326 audit(1777417217.318:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8956 comm="syz.0.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42dec3cdd9 code=0x7ffc0000 [ 241.730338][ T8458] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 242.574370][ T8458] veth0_vlan: entered promiscuous mode [ 242.610582][ T8458] veth1_vlan: entered promiscuous mode [ 242.673093][ T8458] veth0_macvtap: entered promiscuous mode [ 242.725644][ T8458] veth1_macvtap: entered promiscuous mode [ 242.835182][ T8458] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 242.861290][ T8458] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 242.912115][ T1193] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.912764][ T1193] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.912802][ T1193] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.912835][ T1193] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 244.797440][ T9029] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1234'. [ 245.261928][ T1193] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 245.261947][ T1193] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 245.448964][ T1494] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 245.448987][ T1494] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 246.202376][ T820] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 246.332619][ T9065] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1245'. [ 246.355377][ T820] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 246.355395][ T820] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 246.355407][ T820] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 246.355438][ T820] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 246.358531][ T820] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 246.358556][ T820] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 246.358574][ T820] usb 1-1: Product: syz [ 246.358587][ T820] usb 1-1: Manufacturer: syz [ 246.531810][ T820] cdc_wdm 1-1:1.0: skipping garbage [ 246.531831][ T820] cdc_wdm 1-1:1.0: skipping garbage [ 246.597439][ T9067] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1246'. [ 246.597467][ T9067] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1246'. [ 246.659318][ T9065] team1: entered promiscuous mode [ 246.659336][ T9065] team1: entered allmulticast mode [ 246.744548][ T820] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 246.744578][ T820] cdc_wdm 1-1:1.0: Unknown control protocol [ 246.832445][ T820] usb 1-1: USB disconnect, device number 7 [ 246.928089][ T37] kauditd_printk_skb: 23 callbacks suppressed [ 246.928109][ T37] audit: type=1326 audit(1777417224.678:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9075 comm="syz.5.1251" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd9dfddcdd9 code=0x0 [ 247.464570][ T820] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 247.615186][ T820] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 247.615213][ T820] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 247.615231][ T820] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 247.615274][ T820] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 247.618513][ T820] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 247.618540][ T820] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 247.618559][ T820] usb 1-1: Product: syz [ 247.618573][ T820] usb 1-1: Manufacturer: syz [ 247.894154][ T820] cdc_wdm 1-1:1.0: skipping garbage [ 247.894175][ T820] cdc_wdm 1-1:1.0: skipping garbage [ 247.920682][ T820] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 247.920702][ T820] cdc_wdm 1-1:1.0: Unknown control protocol [ 248.815776][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 248.815974][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 248.816327][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 248.816345][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 248.816561][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 248.816580][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 248.816856][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 248.816875][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 248.817102][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 248.817122][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 248.817340][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 248.817358][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 248.817600][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 248.817618][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 248.817767][ T820] usb 1-1: USB disconnect, device number 8 [ 248.817837][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 248.817855][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 248.817871][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 249.590068][ T9131] netlink: 'syz.0.1267': attribute type 8 has an invalid length. [ 250.951297][ T37] audit: type=1326 audit(1777417228.698:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9168 comm="syz.5.1276" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd9dfddcdd9 code=0x0 [ 251.232343][ T820] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 251.382365][ T820] usb 3-1: Using ep0 maxpacket: 8 [ 251.387912][ T820] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 251.387947][ T820] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 251.387985][ T820] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1b34, bcdDevice= 0.00 [ 251.388007][ T820] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 251.455339][ T820] usb 3-1: config 0 descriptor?? [ 251.477293][ T820] usbhid 3-1:0.0: fixing wrong optional hid class descriptors count [ 251.477313][ T820] usbhid 3-1:0.0: can't add hid device: -22 [ 251.477418][ T820] usbhid 3-1:0.0: probe with driver usbhid failed with error -22 [ 251.670480][ T5712] usb 3-1: USB disconnect, device number 5 [ 252.152371][ T5698] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 252.190661][ T9195] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 252.190684][ T9195] overlayfs: maximum fs stacking depth exceeded [ 252.366291][ T5698] usb 1-1: Using ep0 maxpacket: 16 [ 252.372952][ T5698] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 252.373185][ T5698] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 252.373259][ T5698] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 252.373309][ T5698] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 252.373368][ T5698] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 252.457090][ T5698] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 252.457117][ T5698] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 252.457135][ T5698] usb 1-1: Manufacturer: syz [ 252.498108][ T5698] usb 1-1: config 0 descriptor?? [ 252.542381][ T5581] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 252.693360][ T5581] usb 3-1: Using ep0 maxpacket: 32 [ 252.695638][ T5581] usb 3-1: unable to get BOS descriptor or descriptor too short [ 252.713597][ T31] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 252.737616][ T5581] usb 3-1: config 3 has an invalid interface number: 2 but max is 1 [ 252.737640][ T5581] usb 3-1: config 3 has an invalid interface number: 19 but max is 1 [ 252.737658][ T5581] usb 3-1: config 3 has no interface number 0 [ 252.737672][ T5581] usb 3-1: config 3 has no interface number 1 [ 252.737708][ T5581] usb 3-1: config 3 interface 19 has no altsetting 0 [ 252.740864][ T5581] usb 3-1: New USB device found, idVendor=0bda, idProduct=0140, bcdDevice=20.c1 [ 252.740890][ T5581] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 252.740910][ T5581] usb 3-1: Product: syz [ 252.740923][ T5581] usb 3-1: Manufacturer: syz [ 252.740935][ T5581] usb 3-1: SerialNumber: syz [ 252.996524][ T31] usb 4-1: config 0 has an invalid interface number: 107 but max is 0 [ 252.996551][ T31] usb 4-1: config 0 has no interface number 0 [ 252.996591][ T31] usb 4-1: config 0 interface 107 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 252.999304][ T31] usb 4-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60 [ 252.999330][ T31] usb 4-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3 [ 252.999348][ T31] usb 4-1: Product: syz [ 252.999361][ T31] usb 4-1: Manufacturer: syz [ 252.999374][ T31] usb 4-1: SerialNumber: syz [ 253.083099][ T31] usb 4-1: config 0 descriptor?? [ 253.120955][ T9199] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 253.131963][ T9199] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 253.134176][ T31] keyspan 4-1:0.107: Keyspan 4 port adapter converter detected [ 253.134711][ T31] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 81 [ 253.134828][ T31] keyspan 4-1:0.107: unsupported endpoint type 0 [ 253.152363][ T5698] rc_core: IR keymap rc-hauppauge not found [ 253.152378][ T5698] Registered IR keymap rc-empty [ 253.167790][ T9199] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 253.206328][ T5698] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 253.216027][ T9199] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 253.232431][ T5698] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 253.237443][ T31] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 1 [ 253.264675][ T31] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB0 [ 253.288151][ T31] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 2 [ 253.341163][ T31] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB1 [ 253.379709][ T5698] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 253.387921][ T31] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 4 [ 253.408457][ T5698] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input8 [ 253.476138][ T5581] rtsx_usb 3-1:3.2: probe with driver rtsx_usb failed with error -22 [ 253.508361][ T5581] rtsx_usb 3-1:3.19: probe with driver rtsx_usb failed with error -22 [ 253.529048][ T31] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB2 [ 253.587889][ T5581] usb 3-1: USB disconnect, device number 6 [ 253.590318][ T5698] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 253.606140][ T5698] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 253.628125][ T5698] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 253.643311][ T31] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 6 [ 253.655886][ T5698] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 253.683836][ T5698] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 253.714351][ T5698] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 253.732539][ T5698] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 253.753934][ T5698] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 253.772449][ T5698] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 253.779040][ T31] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB3 [ 253.793002][ T5698] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 253.851020][ T5698] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 253.851042][ T5698] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 253.888138][ T5698] usb 1-1: USB disconnect, device number 9 [ 253.962397][ T820] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 253.964081][ T31] usb 4-1: USB disconnect, device number 7 [ 254.593199][ T31] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0 [ 254.733679][ T820] usb 2-1: unable to get BOS descriptor or descriptor too short [ 254.763418][ T820] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 254.763452][ T820] usb 2-1: can't read configurations, error -71 [ 254.803755][ T31] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1 [ 254.934108][ T31] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2 [ 255.139571][ T31] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3 [ 255.140435][ T31] keyspan 4-1:0.107: device disconnected [ 255.629076][ T1335] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.629139][ T1335] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.882289][ T9331] netlink: 212408 bytes leftover after parsing attributes in process `syz.5.1319'. [ 259.439501][ T9358] netlink: 'syz.5.1325': attribute type 1 has an invalid length. [ 260.239883][ T9372] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1329'. [ 260.552438][ T5699] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 260.712356][ T5699] usb 6-1: Using ep0 maxpacket: 8 [ 260.714618][ T5699] usb 6-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 260.714644][ T5699] usb 6-1: config 16 has 0 interfaces, different from the descriptor's value: 1 [ 260.714682][ T5699] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 260.714707][ T5699] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.770858][ T5712] usb 6-1: USB disconnect, device number 2 [ 263.060870][ T9420] netlink: 'syz.3.1349': attribute type 1 has an invalid length. [ 263.507948][ T9429] bridge0: port 3(vlan2) entered blocking state [ 263.508048][ T9429] bridge0: port 3(vlan2) entered disabled state [ 263.508177][ T9429] vlan2: entered allmulticast mode [ 263.508189][ T9429] geneve0: entered allmulticast mode [ 263.558321][ T9429] vlan2: entered promiscuous mode [ 263.558340][ T9429] geneve0: entered promiscuous mode [ 264.492574][ T5698] usb 4-1: new full-speed USB device number 8 using dummy_hcd [ 264.662296][ T5698] usb 4-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 264.662322][ T5698] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 264.662340][ T5698] usb 4-1: Product: syz [ 264.662353][ T5698] usb 4-1: Manufacturer: syz [ 264.662366][ T5698] usb 4-1: SerialNumber: syz [ 264.718919][ T5698] usb 4-1: config 0 descriptor?? [ 264.732845][ T5698] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 265.155405][ T4912] Bluetooth: hci0: unexpected event for opcode 0x2005 [ 265.172585][ T5698] gspca_stk1135: reg_w 0x0 err -71 [ 265.173647][ T5698] gspca_stk1135: serial bus timeout: status=0x00 [ 265.173659][ T5698] gspca_stk1135: Sensor write failed [ 265.173696][ T5698] gspca_stk1135: serial bus timeout: status=0x00 [ 265.173705][ T5698] gspca_stk1135: Sensor write failed [ 265.173736][ T5698] gspca_stk1135: serial bus timeout: status=0x00 [ 265.173745][ T5698] gspca_stk1135: Sensor read failed [ 265.173775][ T5698] gspca_stk1135: serial bus timeout: status=0x00 [ 265.173784][ T5698] gspca_stk1135: Sensor read failed [ 265.173790][ T5698] gspca_stk1135: Detected sensor type unknown (0x0) [ 265.173823][ T5698] gspca_stk1135: serial bus timeout: status=0x00 [ 265.173832][ T5698] gspca_stk1135: Sensor read failed [ 265.173862][ T5698] gspca_stk1135: serial bus timeout: status=0x00 [ 265.173871][ T5698] gspca_stk1135: Sensor read failed [ 265.173900][ T5698] gspca_stk1135: serial bus timeout: status=0x00 [ 265.173909][ T5698] gspca_stk1135: Sensor write failed [ 265.173940][ T5698] gspca_stk1135: serial bus timeout: status=0x00 [ 265.173949][ T5698] gspca_stk1135: Sensor write failed [ 265.174040][ T5698] stk1135 4-1:0.0: probe with driver stk1135 failed with error -71 [ 265.203301][ T5698] usb 4-1: USB disconnect, device number 8 [ 265.333576][ T9234] udevd[9234]: setting mode of /dev/bus/usb/004/008 to 020664 failed: No such file or directory [ 265.333737][ T9234] udevd[9234]: setting owner of /dev/bus/usb/004/008 to uid=0, gid=0 failed: No such file or directory [ 266.345158][ T9503] netlink: 71 bytes leftover after parsing attributes in process `syz.5.1381'. [ 267.278905][ T9537] binder_alloc: 9536: binder_alloc_buf, no vma [ 269.002374][ T820] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 269.205368][ T820] usb 4-1: Using ep0 maxpacket: 32 [ 269.207725][ T820] usb 4-1: config 0 has an invalid interface number: 12 but max is 0 [ 269.207748][ T820] usb 4-1: config 0 has no interface number 0 [ 269.207802][ T820] usb 4-1: config 0 interface 12 has no altsetting 0 [ 269.247943][ T820] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 269.247970][ T820] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 269.247989][ T820] usb 4-1: Product: syz [ 269.248002][ T820] usb 4-1: Manufacturer: syz [ 269.248016][ T820] usb 4-1: SerialNumber: syz [ 269.398882][ T820] usb 4-1: config 0 descriptor?? [ 271.522302][ T5719] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 271.533030][ T820] f81534 4-1:0.12: f81534_set_register: reg: 1003 data: 0 failed: -71 [ 271.533081][ T820] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71 [ 271.533096][ T820] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 271.533179][ T820] f81534 4-1:0.12: probe with driver f81534 failed with error -71 [ 271.624531][ T820] usb 4-1: USB disconnect, device number 9 [ 271.698103][ T5719] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 271.698132][ T5719] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 271.698150][ T5719] usb 1-1: Product: syz [ 271.698163][ T5719] usb 1-1: Manufacturer: syz [ 271.698176][ T5719] usb 1-1: SerialNumber: syz [ 271.992697][ T9621] syz.0.1433 (9621): /proc/9619/oom_adj is deprecated, please use /proc/9619/oom_score_adj instead. [ 272.665852][ T5719] cdc_ncm 1-1:1.0: SET_CRC_MODE failed [ 272.668581][ T5719] cdc_ncm 1-1:1.0: SET_NTB_FORMAT failed [ 272.705806][ T5719] cdc_ncm 1-1:1.0: bind() failure [ 272.754277][ T5719] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 272.754324][ T5719] cdc_ncm 1-1:1.1: bind() failure [ 272.835149][ T5719] usb 1-1: USB disconnect, device number 10 [ 275.963375][ T9724] bridge0: port 2(bridge_slave_1) entered blocking state [ 275.963581][ T9724] bridge0: port 2(bridge_slave_1) entered listening state [ 275.978158][ T9724] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.978460][ T9724] bridge0: port 1(bridge_slave_0) entered listening state [ 278.224720][ T9798] netlink: zone id is out of range [ 278.224740][ T9798] netlink: zone id is out of range [ 278.224751][ T9798] netlink: zone id is out of range [ 278.224765][ T9798] netlink: zone id is out of range [ 278.224775][ T9798] netlink: zone id is out of range [ 278.224784][ T9798] netlink: zone id is out of range [ 278.224793][ T9798] netlink: zone id is out of range [ 278.224802][ T9798] netlink: zone id is out of range [ 278.224811][ T9798] netlink: zone id is out of range [ 278.224959][ T9798] netlink: zone id is out of range [ 281.644278][ T9891] netlink: 'syz.2.1548': attribute type 1 has an invalid length. [ 281.960147][ T9897] bond1: (slave bridge1): making interface the new active one [ 281.967216][ T9897] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 282.923385][ T9922] ref_ctr_offset mismatch. inode: 0x10d offset: 0x0 ref_ctr_offset(old): 0x72 ref_ctr_offset(new): 0x0 [ 283.435867][ T9939] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1568'. [ 283.435890][ T9939] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1568'. [ 283.505381][ T9942] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1568'. [ 283.505406][ T9942] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1568'. [ 284.197087][ T9968] netlink: 'syz.2.1580': attribute type 83 has an invalid length. [ 288.077402][ T5825] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 288.094972][ T59] Bluetooth: hci0: command 0x0c1a tx timeout [ 288.254626][ T5825] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 288.254651][ T5825] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 288.254669][ T5825] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 288.254713][ T5825] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 288.262897][ T5825] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 288.262922][ T5825] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 288.262958][ T5825] usb 6-1: Product: syz [ 288.262971][ T5825] usb 6-1: Manufacturer: syz [ 288.400142][ T5825] cdc_wdm 6-1:1.0: skipping garbage [ 288.400160][ T5825] cdc_wdm 6-1:1.0: skipping garbage [ 288.490814][ T5825] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 288.490828][ T5825] cdc_wdm 6-1:1.0: Unknown control protocol [ 288.512688][ T5581] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 288.608338][ T5825] usb 6-1: USB disconnect, device number 3 [ 288.666475][ T5581] usb 4-1: config 0 has no interfaces? [ 288.666497][ T5581] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 288.666511][ T5581] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 288.721011][ T5581] usb 4-1: config 0 descriptor?? [ 288.986933][ T1007] usb 4-1: USB disconnect, device number 10 [ 289.162990][ T5825] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 289.316420][ T5825] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 289.316439][ T5825] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 289.316451][ T5825] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 289.316480][ T5825] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 289.319336][ T5825] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 289.319362][ T5825] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 289.319380][ T5825] usb 6-1: Product: syz [ 289.319394][ T5825] usb 6-1: Manufacturer: syz [ 289.684028][ T5825] cdc_wdm 6-1:1.0: skipping garbage [ 289.684042][ T5825] cdc_wdm 6-1:1.0: skipping garbage [ 289.686222][ T5825] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 289.686240][ T5825] cdc_wdm 6-1:1.0: Unknown control protocol [ 289.811826][ T5825] IPVS: starting estimator thread 0... [ 289.912398][T10105] IPVS: using max 9 ests per chain, 21600 per kthread [ 290.404411][ C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 290.404440][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 290.404669][ C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 290.404688][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 290.406202][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 290.418643][ T5698] usb 6-1: USB disconnect, device number 4 [ 291.010841][T10124] netlink: 'syz.3.1644': attribute type 7 has an invalid length. [ 291.010855][T10124] netlink: 'syz.3.1644': attribute type 8 has an invalid length. [ 291.010863][T10124] netlink: 'syz.3.1644': attribute type 15 has an invalid length. [ 291.461233][T10133] ipip1: entered promiscuous mode [ 291.464979][ C1] bridge0: port 1(bridge_slave_0) entered learning state [ 291.466053][ C1] bridge0: port 2(bridge_slave_1) entered learning state [ 291.664427][T10137] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ipip1 [ 291.665519][T10137] gretap1: entered promiscuous mode [ 291.665541][T10137] gretap1: entered allmulticast mode [ 292.460664][T10166] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1661'. [ 296.254063][T10278] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 297.080177][T10313] Bluetooth: hci0: invalid length 0, exp 2 for type 6 [ 297.668521][T10333] tipc: Failed to remove unknown binding: 66,0,0/0:3516475151/3516475152 [ 297.711642][T10333] tipc: Failed to remove unknown binding: 66,0,0/0:3516475151/3516475152 [ 297.969800][T10342] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 297.991011][T10342] gretap1: entered promiscuous mode [ 297.991034][T10342] gretap1: entered allmulticast mode [ 298.079878][T10350] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 298.154637][T10350] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 298.249160][T10355] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 298.997567][T10377] faux_driver vkms: [drm] Unknown color mode 2047; guessing buffer size. [ 301.635235][T10422] syz.2.1772 (10422) used greatest stack depth: 16264 bytes left [ 301.756578][T10446] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1782'. [ 301.756598][T10446] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1782'. [ 304.600638][T10497] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1803'. [ 305.969336][T10538] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1821'. [ 306.279313][T10538] ip6gre1: entered promiscuous mode [ 306.279336][T10538] ip6gre1: entered allmulticast mode [ 306.812391][ C1] bridge0: port 2(bridge_slave_1) entered forwarding state [ 306.812413][ C1] bridge0: topology change detected, propagating [ 306.816573][ C1] bridge0: port 1(bridge_slave_0) entered forwarding state [ 306.816595][ C1] bridge0: topology change detected, propagating [ 307.105636][T10548] netlink: 'syz.3.1821': attribute type 6 has an invalid length. [ 307.105651][T10548] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1821'. [ 315.897001][T10720] serio: Serial port ttyprintk [ 317.607227][ T1335] ieee802154 phy0 wpan0: encryption failed: -22 [ 318.129114][T10758] ip6erspan0: entered allmulticast mode [ 319.507106][T10775] fuse: fd is not a fuse device [ 319.577364][ T37] audit: type=1326 audit(1777417297.328:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10770 comm="syz.5.1913" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd9dfddcdd9 code=0x0 [ 321.051833][T10795] syz_tun: entered allmulticast mode [ 321.219022][T10793] syz_tun: left allmulticast mode [ 325.757806][T10877] netlink: 'syz.3.1953': attribute type 1 has an invalid length. [ 326.151733][T10877] 8021q: adding VLAN 0 to HW filter on device bond2 [ 327.013081][T10891] cgroup: noprefix used incorrectly [ 327.083877][T10878] bond2: (slave syz_tun): Enslaving as a backup interface with an up link [ 327.150642][ T1193] net_ratelimit: 3 callbacks suppressed [ 327.150661][ T1193] bond2: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 327.312846][ T1193] bond2: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 329.173678][T10936] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1973'. [ 331.321001][T10971] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1986'. [ 331.422300][ T5698] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 331.651044][ T5698] usb 6-1: Using ep0 maxpacket: 16 [ 331.664335][ T5698] usb 6-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 331.664369][ T5698] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.734032][ T5698] usb 6-1: config 0 descriptor?? [ 331.755107][ T5698] ftdi_sio 6-1:0.0: FTDI USB Serial Device converter detected [ 331.948820][T10964] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 331.950334][T10964] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 332.073604][ T5698] usb 6-1: Detected FT232A [ 332.081697][ T5698] usb 6-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 332.887034][T11007] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 333.185311][ T5825] usb 6-1: USB disconnect, device number 5 [ 333.274303][ T5825] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 333.277010][ T5825] ftdi_sio 6-1:0.0: device disconnected [ 337.072366][ T5726] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 337.233171][ T5726] usb 3-1: Using ep0 maxpacket: 16 [ 337.236217][ T5726] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 337.236285][ T5726] usb 3-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 337.236311][ T5726] usb 3-1: config 0 interface 0 has no altsetting 0 [ 337.236343][ T5726] usb 3-1: New USB device found, idVendor=046d, idProduct=c22e, bcdDevice= 0.00 [ 337.236366][ T5726] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 337.313570][ T5726] usb 3-1: config 0 descriptor?? [ 337.963981][ T5726] usbhid 3-1:0.0: can't add hid device: -71 [ 337.964095][ T5726] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 338.008750][ T5726] usb 3-1: USB disconnect, device number 7 [ 340.967414][T11143] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2055'. [ 340.967442][T11143] bond0: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 345.069719][ T4912] Bluetooth: hci3: command 0x0406 tx timeout [ 348.489585][T11284] bond0: (slave batadv_slave_0): Error: Device can not be enslaved while up [ 350.042229][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 350.052225][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 350.062218][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 350.072219][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 350.704790][T11358] syz_tun: entered allmulticast mode [ 350.806965][T11358] syz_tun: left allmulticast mode [ 353.259040][T11392] netlink: 'syz.2.2141': attribute type 10 has an invalid length. [ 354.133617][T11392] macvlan1: entered allmulticast mode [ 354.137732][T11392] veth1_vlan: entered allmulticast mode [ 354.159815][T11392] team0: Port device macvlan1 added [ 354.754980][ T5699] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 357.710380][T11398] syz.3.2144 (11398): drop_caches: 2 [ 357.807601][ T5699] usb 3-1: Using ep0 maxpacket: 8 [ 357.808573][ T5699] usb 3-1: device descriptor read/all, error -71 [ 358.151547][T11438] binder: 11436:11438 ioctl 4018620d 0 returned -22 [ 364.252135][T11502] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 370.010199][T11553] syzkaller0: entered promiscuous mode [ 370.010220][T11553] syzkaller0: entered allmulticast mode [ 370.350077][T11574] netlink: 'syz.5.2206': attribute type 1 has an invalid length. [ 370.608334][T11577] bond1: (slave bridge1): making interface the new active one [ 370.609305][T11577] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 370.684156][T11580] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 374.217008][ T5719] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 374.406437][ T5719] usb 3-1: unable to get BOS descriptor or descriptor too short [ 374.407822][ T5719] usb 3-1: not running at top speed; connect to a high speed hub [ 374.436976][ T5719] usb 3-1: config 0 has an invalid interface number: 17 but max is 1 [ 374.437001][ T5719] usb 3-1: config 0 has an invalid interface number: 10 but max is 1 [ 374.437019][ T5719] usb 3-1: config 0 has no interface number 0 [ 374.437034][ T5719] usb 3-1: config 0 has no interface number 1 [ 374.437073][ T5719] usb 3-1: config 0 interface 17 has no altsetting 0 [ 374.437089][ T5719] usb 3-1: config 0 interface 10 has no altsetting 0 [ 374.441574][ T5719] usb 3-1: New USB device found, idVendor=8020, idProduct=ef04, bcdDevice=33.cb [ 374.441600][ T5719] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 374.441620][ T5719] usb 3-1: Product: syz [ 374.441634][ T5719] usb 3-1: Manufacturer: syz [ 374.441648][ T5719] usb 3-1: SerialNumber: syz [ 374.539875][ T5719] usb 3-1: config 0 descriptor?? [ 374.594013][T11628] tipc: Started in network mode [ 374.594100][T11628] tipc: Node identity 0e3cfb148b5e, cluster identity 4711 [ 374.617926][T11628] tipc: Enabled bearer , priority 0 [ 374.620296][T11628] syzkaller0: entered promiscuous mode [ 374.620318][T11628] syzkaller0: entered allmulticast mode [ 374.815539][ T5719] usb 3-1: USB disconnect, device number 10 [ 374.859224][T11635] tipc: Resetting bearer [ 375.192657][T11626] tipc: Resetting bearer [ 376.042036][T11626] tipc: Disabling bearer [ 376.212213][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 377.385846][ T5719] tipc: Node number set to 2237856532 [ 378.793969][ T1335] ieee802154 phy0 wpan0: encryption failed: -22 [ 380.942205][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 380.962202][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 380.972194][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 380.982199][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 380.992190][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 384.723065][T11738] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2263'. [ 387.375450][ T37] audit: type=1326 audit(1777417365.128:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11754 comm="syz.0.2270" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f42dec3cdd9 code=0x0 [ 389.132316][ T1007] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 389.304575][ T1007] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 389.304615][ T1007] usb 4-1: too many endpoints for config 0 interface 0 altsetting 255: 255, using maximum allowed: 30 [ 389.304652][ T1007] usb 4-1: config 0 interface 0 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 389.304679][ T1007] usb 4-1: config 0 interface 0 has no altsetting 0 [ 389.308502][ T1007] usb 4-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49 [ 389.308528][ T1007] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 389.308548][ T1007] usb 4-1: Product: syz [ 389.308561][ T1007] usb 4-1: Manufacturer: syz [ 389.308574][ T1007] usb 4-1: SerialNumber: syz [ 389.404307][ T1007] usb 4-1: config 0 descriptor?? [ 390.798712][ T1007] usb 4-1: USB disconnect, device number 11 [ 398.172381][T11853] netlink: 'syz.0.2303': attribute type 10 has an invalid length. [ 398.195689][T11853] team0: Port device vlan0 added [ 432.441819][T12197] dns_resolver: Unsupported server list version (6) [ 433.851915][T12216] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2425'. [ 438.241658][T12277] netlink: 'syz.0.2446': attribute type 7 has an invalid length. [ 438.241672][T12277] netlink: 'syz.0.2446': attribute type 8 has an invalid length. [ 440.699753][ T1335] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.824159][T12313] futex_wake_op: syz.5.2461 tries to shift op by 144; fix this program [ 443.643582][T12334] overlayfs: failed to clone lowerpath [ 447.636783][T12398] hugetlbfs: syz.3.2488 (12398): Using mlock ulimits for SHM_HUGETLB is obsolete [ 454.370107][T12434] kexec: Could not allocate control_code_buffer [ 466.625948][ T43] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 466.877190][ T4912] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 467.301222][ T4912] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 467.391570][ T4912] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 467.521471][ T4912] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 467.530056][ T4912] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 470.069438][ T4912] Bluetooth: hci4: command tx timeout [ 470.084324][T12602] IPv6: addrconf: prefix option has invalid lifetime [ 470.747147][T12624] netlink: 'syz.3.2564': attribute type 10 has an invalid length. [ 471.686523][ T43] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 471.756168][T12624] team0: Port device vlan0 added [ 472.092217][ T59] Bluetooth: hci4: command tx timeout [ 474.215958][ T59] Bluetooth: hci4: command tx timeout [ 474.637848][ T43] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 476.529646][ T59] Bluetooth: hci4: command tx timeout [ 478.428976][ T43] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 482.168027][T12740] IPv6: addrconf: prefix option has invalid lifetime [ 488.027553][T12792] binder: 12780:12792 ioctl c0306201 0 returned -14 [ 489.431691][ T43] bridge_slave_1: left allmulticast mode [ 489.431729][ T43] bridge_slave_1: left promiscuous mode [ 489.431987][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 489.541085][ T43] bridge_slave_0: left allmulticast mode [ 489.541146][ T43] bridge_slave_0: left promiscuous mode [ 489.541360][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 490.582984][ T43] bond1 (unregistering): (slave bridge1): Releasing active interface [ 490.843062][ T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 490.933059][ T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 490.977000][ T43] bond0 (unregistering): Released all slaves [ 490.986706][ T43] bond1 (unregistering): Released all slaves [ 491.979184][ T5257] 8021q: adding VLAN 0 to HW filter on device eth5 [ 492.892470][ T5581] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 493.762046][T12574] bridge0: port 1(bridge_slave_0) entered blocking state [ 493.762474][T12574] bridge0: port 1(bridge_slave_0) entered disabled state [ 493.762628][T12574] bridge_slave_0: entered allmulticast mode [ 493.769212][T12574] bridge_slave_0: entered promiscuous mode [ 493.791009][T12574] bridge0: port 2(bridge_slave_1) entered blocking state [ 493.794554][T12574] bridge0: port 2(bridge_slave_1) entered disabled state [ 493.794717][T12574] bridge_slave_1: entered allmulticast mode [ 493.797891][T12574] bridge_slave_1: entered promiscuous mode [ 494.053365][T12574] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 494.075366][T12574] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 494.122250][ T5581] usb 6-1: Using ep0 maxpacket: 8 [ 494.124104][ T5581] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xAD, changing to 0x8D [ 494.124133][ T5581] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0 [ 494.124153][ T5581] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 0 [ 494.124176][ T5581] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 128 [ 494.126373][ T5581] usb 6-1: New USB device found, idVendor=0bfd, idProduct=0124, bcdDevice=3a.9f [ 494.126398][ T5581] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 494.126417][ T5581] usb 6-1: Product: syz [ 494.126430][ T5581] usb 6-1: Manufacturer: syz [ 494.126444][ T5581] usb 6-1: SerialNumber: syz [ 494.211968][ T5581] usb 6-1: config 0 descriptor?? [ 494.264056][T12870] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 494.311139][ T5581] kvaser_usb 6-1:0.0: error -EPROTO: Cannot get software info [ 494.311409][ T5581] kvaser_usb 6-1:0.0: probe with driver kvaser_usb failed with error -71 [ 494.474863][ T5581] usb 6-1: USB disconnect, device number 6 [ 498.564721][T12929] Bluetooth: hci0: invalid length 0, exp 2 for type 12 [ 501.514412][ T1335] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.668342][T12574] team0: Port device team_slave_0 added [ 502.926008][ T5699] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 503.766149][ T5699] usb 4-1: Using ep0 maxpacket: 8 [ 503.804656][ T5699] usb 4-1: device descriptor read/all, error -71 [ 503.827337][ T5257] 8021q: adding VLAN 0 to HW filter on device eth6 [ 503.860341][T12574] team0: Port device team_slave_1 added [ 504.349038][T12574] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 504.349055][T12574] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 504.349078][T12574] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 505.105945][T12574] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 505.105962][T12574] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 505.105989][T12574] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 505.951969][T12574] hsr_slave_0: entered promiscuous mode [ 505.982254][T12574] hsr_slave_1: entered promiscuous mode [ 505.983130][T12574] debugfs: 'hsr0' already exists in 'hsr' [ 505.983153][T12574] Cannot create hsr debugfs directory [ 506.905969][T13025] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2699'. [ 506.908547][ T59] Bluetooth: Frame is too long (len 16, expected len 4) [ 508.642790][ T43] hsr_slave_0: left promiscuous mode [ 508.843467][ T43] hsr_slave_1: left promiscuous mode [ 509.784575][ T43] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 509.784596][ T43] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 509.834593][ T43] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 509.834620][ T43] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 511.445755][ T43] veth1_macvtap: left promiscuous mode [ 511.445848][ T43] veth0_macvtap: left promiscuous mode [ 511.445998][ T43] veth1_vlan: left allmulticast mode [ 511.446107][ T43] veth1_vlan: left promiscuous mode [ 511.446257][ T43] veth0_vlan: left promiscuous mode [ 514.953260][ T43] team0 (unregistering): Port device macvlan1 removed [ 516.923376][ T43] team0 (unregistering): Port device team_slave_1 removed [ 516.964818][ T43] team0 (unregistering): Port device team_slave_0 removed [ 517.401870][ T5257] 8021q: adding VLAN 0 to HW filter on device eth7 [ 520.272272][ T9] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 520.385622][T12574] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 520.446158][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 520.446210][ T9] usb 4-1: New USB device found, idVendor=050d, idProduct=011b, bcdDevice=6f.a4 [ 520.446233][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 520.545917][ T9] usb 4-1: config 0 descriptor?? [ 520.571523][ T9] rndis_host 4-1:0.0: probe with driver rndis_host failed with error -22 [ 520.634429][T12574] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 520.635426][T12574] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 522.016001][T12574] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 522.057991][T12574] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 522.388345][ T43] IPVS: stop unused estimator thread 0... [ 523.276058][T12574] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 523.299197][T12574] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 523.402933][ T31] usb 4-1: USB disconnect, device number 14 [ 523.526493][T12574] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 525.907825][T12574] 8021q: adding VLAN 0 to HW filter on device bond0 [ 525.935725][ T5257] 8021q: adding VLAN 0 to HW filter on device eth8 [ 526.079370][T12574] 8021q: adding VLAN 0 to HW filter on device team0 [ 526.106790][ T1113] bridge0: port 1(bridge_slave_0) entered blocking state [ 526.124222][ T1113] bridge0: port 1(bridge_slave_0) entered forwarding state [ 526.455423][ T6641] bridge0: port 2(bridge_slave_1) entered blocking state [ 526.455502][ T6641] bridge0: port 2(bridge_slave_1) entered forwarding state [ 527.424440][ T5726] IPVS: starting estimator thread 0... [ 527.472289][ T36] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 527.532492][T13251] IPVS: using max 10 ests per chain, 24000 per kthread [ 527.622389][ T36] usb 4-1: device descriptor read/64, error -71 [ 527.922511][ T36] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 529.123678][ T36] usb 4-1: device descriptor read/64, error -71 [ 529.242643][ T36] usb usb4-port1: attempt power cycle [ 529.385170][ T4912] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 529.454622][ T4912] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 529.457264][ T4912] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 529.498719][ T4912] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 529.515023][ T4912] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 531.043793][T13300] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.2779'. [ 531.786285][ T59] Bluetooth: hci5: command tx timeout [ 533.872342][ T59] Bluetooth: hci5: command tx timeout [ 534.669689][T13362] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 535.053288][T13371] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2803'. [ 535.053368][T13371] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2803'. [ 535.932568][ T59] Bluetooth: hci5: command tx timeout [ 538.025007][ T59] Bluetooth: hci5: command tx timeout [ 541.914125][T13448] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2828'. [ 543.932210][ T59] Bluetooth: hci2: command 0x0c1a tx timeout [ 545.615355][T13495] vivid-006: kernel_thread() failed [ 546.019407][ T59] Bluetooth: hci2: command 0x0c1a tx timeout [ 546.632441][T13271] bridge0: port 1(bridge_slave_0) entered blocking state [ 546.632553][T13271] bridge0: port 1(bridge_slave_0) entered disabled state [ 546.632981][T13271] bridge_slave_0: entered allmulticast mode [ 546.635438][T13271] bridge_slave_0: entered promiscuous mode [ 546.657087][T13271] bridge0: port 2(bridge_slave_1) entered blocking state [ 546.657183][T13271] bridge0: port 2(bridge_slave_1) entered disabled state [ 546.657344][T13271] bridge_slave_1: entered allmulticast mode [ 546.661607][T13271] bridge_slave_1: entered promiscuous mode [ 547.175154][T13271] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 547.298952][T13271] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 547.360646][T13448] nbd: socks must be embedded in a SOCK_ITEM attr [ 547.726139][ T6638] bridge_slave_1: left allmulticast mode [ 547.726172][ T6638] bridge_slave_1: left promiscuous mode [ 547.726696][ T6638] bridge0: port 2(bridge_slave_1) entered disabled state [ 548.853955][ T6638] bridge_slave_0: left allmulticast mode [ 548.853988][ T6638] bridge_slave_0: left promiscuous mode [ 548.854203][ T6638] bridge0: port 1(bridge_slave_0) entered disabled state [ 550.090199][T13548] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(9) [ 550.095408][T13548] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 550.140789][T13548] vhci_hcd vhci_hcd.0: Device attached [ 550.391510][T13553] vhci_hcd: connection closed [ 550.703502][ T6641] vhci_hcd vhci_hcd.5: stop threads [ 550.704813][ T6641] vhci_hcd vhci_hcd.5: release socket [ 550.861903][ T6641] vhci_hcd vhci_hcd.5: disconnect device [ 551.257387][ T6638] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 551.478526][ T6638] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 551.592994][T13567] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2862'. [ 551.593044][T13567] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2862'. [ 552.425746][ T6638] bond0 (unregistering): Released all slaves [ 552.445672][T13529] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2849'. [ 552.709623][T13271] team0: Port device team_slave_0 added [ 553.758538][T13271] team0: Port device team_slave_1 added [ 554.001988][T13271] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 554.002002][T13271] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 554.002020][T13271] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 554.054904][T13271] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 554.054916][T13271] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 554.054934][T13271] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 554.432698][ T6638] hsr_slave_0: left promiscuous mode [ 554.475434][ T6638] hsr_slave_1: left promiscuous mode [ 554.705217][ T6638] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 554.755572][ T6638] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 557.791251][T13662] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2891'. [ 557.791318][T13662] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2891'. [ 559.995256][ T6638] team0 (unregistering): Port device team_slave_1 removed [ 560.103915][ T6638] team0 (unregistering): Port device team_slave_0 removed [ 560.285577][T13697] overlay: ./file1 is not a directory [ 560.700839][T13707] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2911'. [ 560.735795][T13707] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2911'. [ 561.529066][T13615] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2883'. [ 562.797055][T13271] hsr_slave_0: entered promiscuous mode [ 562.798066][T13271] hsr_slave_1: entered promiscuous mode [ 562.798704][T13271] debugfs: 'hsr0' already exists in 'hsr' [ 562.798723][T13271] Cannot create hsr debugfs directory [ 562.976591][ T1335] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.223700][T13740] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2925'. [ 563.263231][T13740] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 569.393312][T13815] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 569.659429][T13817] netlink: 'syz.3.2944': attribute type 1 has an invalid length. [ 569.659487][T13817] netlink: 'syz.3.2944': attribute type 4 has an invalid length. [ 569.659538][T13817] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.2944'. [ 573.552601][T13868] program syz.5.2961 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 574.662806][T13271] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 575.669077][T13271] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 575.672224][T13271] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 576.349248][T13271] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 576.390305][T13271] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 576.434815][T13271] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 576.437515][T13271] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 576.486023][T13271] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 578.889883][T13271] 8021q: adding VLAN 0 to HW filter on device bond0 [ 578.968589][T13271] 8021q: adding VLAN 0 to HW filter on device team0 [ 578.993023][T12012] bridge0: port 1(bridge_slave_0) entered blocking state [ 578.993249][T12012] bridge0: port 1(bridge_slave_0) entered forwarding state [ 579.040135][ T6638] bridge0: port 2(bridge_slave_1) entered blocking state [ 579.040252][ T6638] bridge0: port 2(bridge_slave_1) entered forwarding state [ 582.414178][T13271] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 583.443898][T13271] veth0_vlan: entered promiscuous mode [ 583.598616][T13271] veth1_vlan: entered promiscuous mode [ 584.718118][T13271] veth0_macvtap: entered promiscuous mode [ 584.754160][T13271] veth1_macvtap: entered promiscuous mode [ 584.926470][T13271] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 584.951873][T13271] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 584.990003][ T2849] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 584.990267][ T2849] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 584.990311][ T2849] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 584.990350][ T2849] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 586.029877][T12012] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 586.029897][T12012] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 587.223641][ T36] IPVS: starting estimator thread 0... [ 587.272855][ T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 587.272874][ T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 587.312275][T14081] IPVS: using max 11 ests per chain, 26400 per kthread [ 587.314362][ T59] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 588.019845][ T59] Bluetooth: hci3: command 0x0406 tx timeout [ 589.285594][ T59] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 589.289223][ T59] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 589.290738][ T59] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 589.318457][ T59] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 589.320681][ T59] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 591.453040][ T4912] Bluetooth: hci4: command tx timeout [ 592.623747][T14164] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3064'. [ 592.623794][T14164] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3064'. [ 593.535752][ T4912] Bluetooth: hci4: command tx timeout [ 595.566512][T14213] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3077'. [ 595.566588][T14213] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3077'. [ 596.094837][ T4912] Bluetooth: hci4: command tx timeout [ 596.758545][ T13] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 598.122479][ T820] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 598.186308][ T4912] Bluetooth: hci4: command tx timeout [ 598.234443][ T4912] Bluetooth: hci3: SCO packet for unknown connection handle 201 [ 598.278061][ T820] usb 4-1: unable to get BOS descriptor or descriptor too short [ 598.279130][ T820] usb 4-1: config 0 has an invalid interface number: 214 but max is 0 [ 598.279151][ T820] usb 4-1: config 0 has no interface number 0 [ 598.279177][ T820] usb 4-1: config 0 interface 214 has no altsetting 0 [ 598.281184][ T820] usb 4-1: New USB device found, idVendor=2c7c, idProduct=0512, bcdDevice=f8.15 [ 598.281208][ T820] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 598.281225][ T820] usb 4-1: Product: syz [ 598.281238][ T820] usb 4-1: Manufacturer: syz [ 598.281251][ T820] usb 4-1: SerialNumber: syz [ 598.364823][ T820] usb 4-1: config 0 descriptor?? [ 598.438664][ T13] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 598.850305][T14280] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3109'. [ 598.850373][T14280] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3109'. [ 599.331864][ T820] qmi_wwan 4-1:0.214: bogus CDC Union: master=5, slave=4 [ 599.340759][ T820] qmi_wwan 4-1:0.214: probe with driver qmi_wwan failed with error -22 [ 599.388351][ T820] usb 4-1: USB disconnect, device number 18 [ 600.626399][ T13] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 601.066475][ T13] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 601.152718][ T4912] Bluetooth: hci3: unexpected event for opcode 0x0c6d [ 601.740573][ T4912] Bluetooth: hci2: unexpected event for opcode 0x0c47 [ 602.446583][T14112] bridge0: port 1(bridge_slave_0) entered blocking state [ 602.450127][T14112] bridge0: port 1(bridge_slave_0) entered disabled state [ 602.469928][T14112] bridge_slave_0: entered allmulticast mode [ 602.503417][T14112] bridge_slave_0: entered promiscuous mode [ 602.582971][T14112] bridge0: port 2(bridge_slave_1) entered blocking state [ 602.583167][T14112] bridge0: port 2(bridge_slave_1) entered disabled state [ 602.583378][T14112] bridge_slave_1: entered allmulticast mode [ 602.601704][T14112] bridge_slave_1: entered promiscuous mode [ 602.813308][T14375] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3150'. [ 602.916654][T14112] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 603.072566][T14112] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 603.660435][T14112] team0: Port device team_slave_0 added [ 603.690718][T14112] team0: Port device team_slave_1 added [ 605.508335][ T13] bridge_slave_1: left allmulticast mode [ 605.508367][ T13] bridge_slave_1: left promiscuous mode [ 605.508594][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 605.608404][ T13] bridge_slave_0: left allmulticast mode [ 605.608436][ T13] bridge_slave_0: left promiscuous mode [ 605.608643][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 606.704215][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 606.764273][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 606.784854][ T13] bond0 (unregistering): Released all slaves [ 606.845252][T14112] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 606.845269][T14112] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 606.845296][T14112] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 607.025838][ T5257] 8021q: adding VLAN 0 to HW filter on device eth9 [ 607.050446][T14112] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 607.050460][T14112] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 607.050488][T14112] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 607.588068][T14112] hsr_slave_0: entered promiscuous mode [ 607.589370][T14112] hsr_slave_1: entered promiscuous mode [ 607.590158][T14112] debugfs: 'hsr0' already exists in 'hsr' [ 607.590179][T14112] Cannot create hsr debugfs directory [ 608.364357][T14518] program syz.5.3201 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 608.848682][T14537] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3207'. [ 609.897647][T14565] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3219'. [ 610.127817][ T5257] 8021q: adding VLAN 0 to HW filter on device eth10 [ 610.536069][T14586] program syz.5.3228 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 610.562574][ T13] hsr_slave_0: left promiscuous mode [ 610.602869][ T13] hsr_slave_1: left promiscuous mode [ 610.606757][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 610.606783][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 610.655103][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 610.655129][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 610.734703][ T13] veth1_macvtap: left promiscuous mode [ 610.734768][ T13] veth0_macvtap: left promiscuous mode [ 610.734917][ T13] veth1_vlan: left promiscuous mode [ 610.735038][ T13] veth0_vlan: left promiscuous mode [ 611.538093][ T13] team0 (unregistering): Port device team_slave_1 removed [ 611.613237][ T13] team0 (unregistering): Port device team_slave_0 removed [ 612.331038][T14632] IPv6: NLM_F_REPLACE set, but no existing node found! [ 612.389432][T14590] netdevsim netdevsim0: Direct firmware load for . failed with error -2 [ 612.389468][T14590] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 613.382600][T14655] openvswitch: netlink: ufid size 20 bytes exceeds the range (1, 16) [ 613.382620][T14655] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 614.332920][T14681] netlink: 'syz.0.3262': attribute type 1 has an invalid length. [ 614.332941][T14681] netlink: 'syz.0.3262': attribute type 4 has an invalid length. [ 614.332954][T14681] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.3262'. [ 615.396691][T14716] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3274'. [ 615.396714][T14716] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3274'. [ 618.340766][T14761] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3291'. [ 618.426414][T14765] netlink: 'syz.3.3293': attribute type 2 has an invalid length. [ 619.332528][T14112] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 619.482824][T14112] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 619.493488][T14112] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 619.650224][T14112] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 619.661469][T14112] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 619.774630][T14112] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 619.779643][T14112] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 620.128376][ T36] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 620.163685][T14112] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 620.854426][ T36] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 620.854462][ T36] usb 4-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 620.854495][ T36] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 620.854517][ T36] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 621.161829][ T36] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 621.181853][ T36] usb 4-1: invalid MIDI out EP 0 [ 621.266294][T14831] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3313'. [ 621.608287][T14112] 8021q: adding VLAN 0 to HW filter on device bond0 [ 621.718030][T14112] 8021q: adding VLAN 0 to HW filter on device team0 [ 621.783788][T12945] bridge0: port 1(bridge_slave_0) entered blocking state [ 621.783905][T12945] bridge0: port 1(bridge_slave_0) entered forwarding state [ 621.926670][ T68] bridge0: port 2(bridge_slave_1) entered blocking state [ 621.943976][ T68] bridge0: port 2(bridge_slave_1) entered forwarding state [ 623.860864][T14876] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3328'. [ 624.447190][ T1335] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.470081][ T36] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 624.486500][ T36] usb 4-1: USB disconnect, device number 19 [ 625.531085][T14896] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3332'. [ 627.519894][T14921] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3339'. [ 627.519918][T14921] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3339'. [ 628.249875][T14934] openvswitch: netlink: IPv4 tunnel dst address is zero [ 628.756792][T14112] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 628.795676][T14948] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.3347'. [ 629.599115][T14112] veth0_vlan: entered promiscuous mode [ 629.626992][T14112] veth1_vlan: entered promiscuous mode [ 629.701526][T14112] veth0_macvtap: entered promiscuous mode [ 629.751770][T14112] veth1_macvtap: entered promiscuous mode [ 629.917601][T14112] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 630.138621][T14112] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 630.243844][T12012] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 630.244788][T12012] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 630.249634][T12012] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 630.715878][T12012] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 632.567154][ T6638] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 632.567174][ T6638] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 632.781160][T12012] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 632.781189][T12012] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 634.550269][T15038] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3383'. [ 635.195706][T15056] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3390'. [ 635.195730][T15056] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3390'. [ 635.990721][T15078] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.3400'. [ 636.117922][ T37] audit: type=1326 audit(1777417612.876:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15083 comm="syz.3.3403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae2f14cdd9 code=0x7ffc0000 [ 636.128163][ T37] audit: type=1326 audit(1777417612.876:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15083 comm="syz.3.3403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae2f14cdd9 code=0x7ffc0000 [ 636.136982][ T37] audit: type=1326 audit(1777417612.886:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15083 comm="syz.3.3403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae2f14cdd9 code=0x7ffc0000 [ 636.145634][ T37] audit: type=1326 audit(1777417612.906:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15083 comm="syz.3.3403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae2f14cdd9 code=0x7ffc0000 [ 636.223039][ T37] audit: type=1326 audit(1777417612.906:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15083 comm="syz.3.3403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7fae2f14cdd9 code=0x7ffc0000 [ 636.223075][ T37] audit: type=1326 audit(1777417612.986:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15083 comm="syz.3.3403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fae2f10d60e code=0x7ffc0000 [ 636.223954][ T37] audit: type=1326 audit(1777417612.986:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15083 comm="syz.3.3403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fae2f10d60e code=0x7ffc0000 [ 636.224008][ T37] audit: type=1326 audit(1777417612.986:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15083 comm="syz.3.3403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae2f14cdd9 code=0x7ffc0000 [ 636.224049][ T37] audit: type=1326 audit(1777417612.986:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15083 comm="syz.3.3403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae2f14cdd9 code=0x7ffc0000 [ 636.229325][ T37] audit: type=1326 audit(1777417612.986:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15083 comm="syz.3.3403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fae2f14cdd9 code=0x7ffc0000 [ 636.250009][ T5699] IPVS: starting estimator thread 0... [ 636.343819][T15089] IPVS: using max 9 ests per chain, 21600 per kthread [ 639.527370][T15155] netlink: 'syz.0.3432': attribute type 1 has an invalid length. [ 639.527393][T15155] netlink: 16142 bytes leftover after parsing attributes in process `syz.0.3432'. [ 641.642458][T15194] netlink: 'syz.3.3448': attribute type 1 has an invalid length. [ 641.642480][T15194] netlink: 16142 bytes leftover after parsing attributes in process `syz.3.3448'. [ 643.421939][T15232] netlink: 'syz.0.3467': attribute type 3 has an invalid length. [ 643.421960][T15232] netlink: 766 bytes leftover after parsing attributes in process `syz.0.3467'. [ 643.873417][T15236] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 643.924462][T15241] netlink: 'syz.0.3471': attribute type 1 has an invalid length. [ 643.924483][T15241] netlink: 16142 bytes leftover after parsing attributes in process `syz.0.3471'. [ 645.171110][T15276] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3489'. [ 645.171138][T15276] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3489'. [ 645.171166][T15276] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3489'. [ 645.860037][T15299] ip6erspan1: entered allmulticast mode [ 646.712001][T15329] netlink: 'syz.6.3510': attribute type 1 has an invalid length. [ 649.019451][T15383] netlink: 'syz.0.3531': attribute type 1 has an invalid length. [ 649.019471][T15383] netlink: 'syz.0.3531': attribute type 4 has an invalid length. [ 649.019484][T15383] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.3531'. [ 652.512958][ T5699] libceph: connect (1)[c::]:6789 error -101 [ 652.569582][ T5699] libceph: mon0 (1)[c::]:6789 connect error [ 652.846645][ T36] libceph: connect (1)[c::]:6789 error -101 [ 652.846810][ T36] libceph: mon0 (1)[c::]:6789 connect error [ 653.087674][T15446] ceph: No mds server is up or the cluster is laggy [ 655.834859][T15518] ceph: No mds server is up or the cluster is laggy [ 656.851037][T15562] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 657.164085][T15572] program syz.5.3612 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 657.384904][T15579] netlink: 312 bytes leftover after parsing attributes in process `syz.3.3614'. [ 657.440685][T15579] netlink: 1 bytes leftover after parsing attributes in process `syz.3.3614'. [ 663.156081][T15669] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3652'. [ 664.351055][ T44] ------------[ cut here ]------------ [ 664.351069][ T44] time_after(jiffies, timeout) [ 664.351084][ T44] WARNING: io_uring/io_uring.c:2352 at io_ring_exit_work+0x4b9/0x970, CPU#1: kworker/u8:3/44 [ 664.351202][ T44] Modules linked in: [ 664.351226][ T44] CPU: 1 UID: 0 PID: 44 Comm: kworker/u8:3 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 664.351300][ T44] Tainted: [L]=SOFTLOCKUP [ 664.351307][ T44] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 664.351319][ T44] Workqueue: iou_exit io_ring_exit_work [ 664.351352][ T44] RIP: 0010:io_ring_exit_work+0x4b9/0x970 [ 664.351417][ T44] Code: c6 05 31 31 48 0e 01 48 c7 c7 e0 f9 a5 8b be 25 00 00 00 48 c7 c2 00 f5 a5 8b e8 72 e2 75 00 e9 7e fe ff ff e8 a8 cb 99 00 90 <0f> 0b 90 b8 70 17 00 00 48 89 44 24 10 eb 9a c7 84 24 b0 00 00 00 [ 664.351460][ T44] RSP: 0000:ffffc90000b67940 EFLAGS: 00010293 [ 664.351501][ T44] RAX: ffffffff812aa598 RBX: 0000000100008da9 RCX: ffff88801d6f9ec0 [ 664.351516][ T44] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 664.351528][ T44] RBP: ffffc90000b67ad0 R08: 0000000000000000 R09: 0000000000000000 [ 664.351539][ T44] R10: dffffc0000000000 R11: fffffbfff1f11a5f R12: dffffc0000000000 [ 664.351565][ T44] R13: 0000000100008da5 R14: 0000000000002000 R15: ffff88803cd6e000 [ 664.351597][ T44] FS: 0000000000000000(0000) GS:ffff88812627c000(0000) knlGS:0000000000000000 [ 664.351613][ T44] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 664.351627][ T44] CR2: 00007fae2f3bfae8 CR3: 000000005c8e8000 CR4: 00000000003526f0 [ 664.351644][ T44] Call Trace: [ 664.351679][ T44] [ 664.351737][ T44] ? trace_hrtimer_start+0x82/0x200 [ 664.351858][ T44] ? __pfx_io_ring_exit_work+0x10/0x10 [ 664.351903][ T44] ? process_scheduled_works+0xa70/0x1860 [ 664.351940][ T44] ? process_scheduled_works+0xa70/0x1860 [ 664.351965][ T44] process_scheduled_works+0xb5d/0x1860 [ 664.352077][ T44] ? __pfx_process_scheduled_works+0x10/0x10 [ 664.352107][ T44] ? assign_work+0x3d5/0x5e0 [ 664.352134][ T44] worker_thread+0xa53/0xfc0 [ 664.352182][ T44] kthread+0x388/0x470 [ 664.352208][ T44] ? __pfx_worker_thread+0x10/0x10 [ 664.352228][ T44] ? __pfx_kthread+0x10/0x10 [ 664.352255][ T44] ret_from_fork+0x514/0xb70 [ 664.352295][ T44] ? __pfx_ret_from_fork+0x10/0x10 [ 664.352317][ T44] ? __switch_to+0xc79/0x1410 [ 664.352349][ T44] ? __pfx_kthread+0x10/0x10 [ 664.352376][ T44] ret_from_fork_asm+0x1a/0x30 [ 664.352421][ T44] [ 664.352431][ T44] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 664.352453][ T44] CPU: 1 UID: 0 PID: 44 Comm: kworker/u8:3 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 664.352478][ T44] Tainted: [L]=SOFTLOCKUP [ 664.352485][ T44] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 664.352497][ T44] Workqueue: iou_exit io_ring_exit_work [ 664.352521][ T44] Call Trace: [ 664.352528][ T44] [ 664.352535][ T44] vpanic+0x56c/0xa60 [ 664.352566][ T44] ? __pfx__printk+0x10/0x10 [ 664.352613][ T44] ? __pfx_vpanic+0x10/0x10 [ 664.352635][ T44] ? is_bpf_text_address+0x292/0x2b0 [ 664.352714][ T44] ? is_bpf_text_address+0x26/0x2b0 [ 664.352747][ T44] panic+0xc5/0xd0 [ 664.352770][ T44] ? __pfx_panic+0x10/0x10 [ 664.352801][ T44] ? ret_from_fork_asm+0x1a/0x30 [ 664.352832][ T44] __warn+0x315/0x4c0 [ 664.352854][ T44] ? io_ring_exit_work+0x4b9/0x970 [ 664.352879][ T44] ? io_ring_exit_work+0x4b9/0x970 [ 664.352905][ T44] __report_bug+0x29a/0x540 [ 664.353010][ T44] ? io_ring_exit_work+0x4b9/0x970 [ 664.353035][ T44] ? __pfx___report_bug+0x10/0x10 [ 664.353071][ T44] ? do_raw_spin_lock+0x12b/0x2f0 [ 664.353132][ T44] ? io_ring_exit_work+0x4b9/0x970 [ 664.353156][ T44] report_bug+0x16a/0x220 [ 664.353186][ T44] ? io_ring_exit_work+0x4b9/0x970 [ 664.353209][ T44] ? io_ring_exit_work+0x4bb/0x970 [ 664.353233][ T44] handle_bug+0x9c/0x200 [ 664.353281][ T44] exc_invalid_op+0x1a/0x50 [ 664.353303][ T44] asm_exc_invalid_op+0x1a/0x20 [ 664.353339][ T44] RIP: 0010:io_ring_exit_work+0x4b9/0x970 [ 664.353364][ T44] Code: c6 05 31 31 48 0e 01 48 c7 c7 e0 f9 a5 8b be 25 00 00 00 48 c7 c2 00 f5 a5 8b e8 72 e2 75 00 e9 7e fe ff ff e8 a8 cb 99 00 90 <0f> 0b 90 b8 70 17 00 00 48 89 44 24 10 eb 9a c7 84 24 b0 00 00 00 [ 664.353381][ T44] RSP: 0000:ffffc90000b67940 EFLAGS: 00010293 [ 664.353397][ T44] RAX: ffffffff812aa598 RBX: 0000000100008da9 RCX: ffff88801d6f9ec0 [ 664.353411][ T44] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 664.353422][ T44] RBP: ffffc90000b67ad0 R08: 0000000000000000 R09: 0000000000000000 [ 664.353435][ T44] R10: dffffc0000000000 R11: fffffbfff1f11a5f R12: dffffc0000000000 [ 664.353449][ T44] R13: 0000000100008da5 R14: 0000000000002000 R15: ffff88803cd6e000 [ 664.353470][ T44] ? io_ring_exit_work+0x4b8/0x970 [ 664.353500][ T44] ? trace_hrtimer_start+0x82/0x200 [ 664.353532][ T44] ? __pfx_io_ring_exit_work+0x10/0x10 [ 664.353579][ T44] ? process_scheduled_works+0xa70/0x1860 [ 664.353600][ T44] ? process_scheduled_works+0xa70/0x1860 [ 664.353623][ T44] process_scheduled_works+0xb5d/0x1860 [ 664.353675][ T44] ? __pfx_process_scheduled_works+0x10/0x10 [ 664.353702][ T44] ? assign_work+0x3d5/0x5e0 [ 664.353729][ T44] worker_thread+0xa53/0xfc0 [ 664.353776][ T44] kthread+0x388/0x470 [ 664.353802][ T44] ? __pfx_worker_thread+0x10/0x10 [ 664.353822][ T44] ? __pfx_kthread+0x10/0x10 [ 664.353850][ T44] ret_from_fork+0x514/0xb70 [ 664.353874][ T44] ? __pfx_ret_from_fork+0x10/0x10 [ 664.353896][ T44] ? __switch_to+0xc79/0x1410 [ 664.353928][ T44] ? __pfx_kthread+0x10/0x10 [ 664.353955][ T44] ret_from_fork_asm+0x1a/0x30 [ 664.353996][ T44] [ 664.354140][ T44] Kernel Offset: disabled