last executing test programs: 5m13.421097257s ago: executing program 4 (id=1411): getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) r0 = socket(0xa, 0x5, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000200)=[@in6={0xa, 0x4e24, 0x4, @loopback}], 0x1c) sendto$inet6(r0, &(0x7f0000000040)="00d8", 0x20a00, 0x44004, &(0x7f0000000100)={0xa, 0x4e24, 0xb, @loopback, 0xc5f}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x4) writev(r1, &(0x7f0000000080)=[{&(0x7f0000000340)="480000001400190d09034beafd0d36020a841a000000230f00000000a2bc5603ca00000f7f89004e00200000000101ff00c00e030002", 0x36}], 0x1) 5m9.687870251s ago: executing program 4 (id=1430): r0 = open(&(0x7f00000000c0)='.\x00', 0x10000, 0x0) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x4}, [], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x28}}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x4, 0x4, 0x4a8, 0xffffffff, 0x398, 0xe8, 0x0, 0xfeffffff, 0xffffffff, 0x468, 0x468, 0x468, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x29}, @private2, [0xffffffff, 0xff000000, 0xff, 0xffffff00], [0xffffff00, 0xff000000, 0xff000000, 0xffffffff], 'wg1\x00', 'sit0\x00', {}, {}, 0x87, 0x3, 0x4, 0x5}, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5, {0x7}}}}, {{@ipv6={@private1, @empty, [0xff], [0x0, 0x0, 0xff000000], 'sit0\x00', 'batadv_slave_1\x00', {}, {}, 0x0, 0x0, 0x6}, 0x0, 0x1e0, 0x220, 0x0, {}, [@common=@rt={{0x138}, {0x401, [0xfffffffe], 0x1, 0x2, 0x3, [@remote, @empty, @remote, @remote, @remote, @mcast1, @mcast2, @private0={0xfc, 0x0, '\x00', 0x1}, @empty, @mcast2, @private0={0xfc, 0x0, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, @remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast1, @private1={0xfc, 0x1, '\x00', 0x1}], 0x6}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x0, {0x2000010}}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x7, 0x8, 0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x508) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$tipc(0x1e, 0x5, 0x0) r5 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r5, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) bind$tipc(r5, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10) socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r4, 0x0, 0x0) r6 = socket$inet_icmp(0x2, 0x2, 0x1) setsockopt$EBT_SO_SET_ENTRIES(r6, 0x0, 0x80, &(0x7f0000000200)=@nat={'nat\x00', 0x19, 0x0, 0xc0, [0x200000000140, 0x0, 0x0, 0x200000000170, 0x2000000001a0], 0x0, 0x0, 0x0}, 0x138) 5m8.471325075s ago: executing program 4 (id=1438): socket$unix(0x1, 0x1, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) epoll_create(0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x40210, 0xffffffffffffffff, 0xf8238000) r1 = syz_open_procfs(0x0, &(0x7f0000000300)='io\x00') pread64(r1, &(0x7f0000001240)=""/102400, 0x200000, 0x0) r2 = shmget$private(0x0, 0x1000, 0x1000, &(0x7f00009b7000/0x1000)=nil) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYRES32=0x0, @ANYRES32, @ANYRESHEX=r0, @ANYRESOCT, @ANYRES32, @ANYBLOB="00000000b8750000223d4d89000000000000000000000000000000002c2a9af3eab13ff39cf116c9fac641a8ddf8"], 0x48) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x40240, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) ioctl$KDMKTONE(0xffffffffffffffff, 0x4b30, 0x200010) sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7) r3 = getpid() sched_setscheduler(r3, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setgroups(0x0, 0x0) shmat(0x0, &(0x7f0000ffc000/0x3000)=nil, 0x4000) shmctl$IPC_RMID(r2, 0x0) 5m6.463543637s ago: executing program 4 (id=1447): getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000180)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback, 0x6}}, 0x3, 0x81}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) r1 = socket$inet(0x2, 0x801, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200047bc, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a37f2", 0x8, 0x2c, 0x0, @remote, @local, {[], {{0x3a00, 0x5, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) splice(r1, 0x0, 0xffffffffffffffff, 0x0, 0xc0, 0x5) syz_io_uring_submit(0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x3516, 0xc2de, 0x8, 0x0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) r4 = dup3(r3, r2, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000fc0)=[@release={0x40046306, 0x5}], 0x0, 0x0, 0x0}) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000600)=ANY=[], 0x100}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) 5m1.726608636s ago: executing program 4 (id=1458): r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000140)={0x41, 0x1}, 0x10) bind$tipc(r0, 0x0, 0x0) 5m1.449013609s ago: executing program 4 (id=1459): bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0xa, 0x5, 0x7, 0x0, 0xffffffffffffffff, 0x20}, 0x50) r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000006b80)=[{{&(0x7f0000000040)={0xa, 0x4e24, 0x0, @mcast2}, 0x1c, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x2e8}}], 0x2, 0xc085) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000007feffff720a00fef8ffffff71a400fe0000000071101000000000001d300200000000004704000001ed030407000000c04100001d440000000000006b0a00fe0000000072030000000a0000e500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48) fcntl$setownex(r1, 0xf, 0x0) ioctl$VHOST_VDPA_SET_CONFIG(0xffffffffffffffff, 0x4008af74, &(0x7f0000000080)=ANY=[]) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) openat$uinput(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269bb, 0x8031, 0xffffffffffffffff, 0x0) 4m46.09106877s ago: executing program 32 (id=1459): bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0xa, 0x5, 0x7, 0x0, 0xffffffffffffffff, 0x20}, 0x50) r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000006b80)=[{{&(0x7f0000000040)={0xa, 0x4e24, 0x0, @mcast2}, 0x1c, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x2e8}}], 0x2, 0xc085) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000007feffff720a00fef8ffffff71a400fe0000000071101000000000001d300200000000004704000001ed030407000000c04100001d440000000000006b0a00fe0000000072030000000a0000e500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48) fcntl$setownex(r1, 0xf, 0x0) ioctl$VHOST_VDPA_SET_CONFIG(0xffffffffffffffff, 0x4008af74, &(0x7f0000000080)=ANY=[]) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) openat$uinput(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269bb, 0x8031, 0xffffffffffffffff, 0x0) 3m32.198291403s ago: executing program 5 (id=1726): r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) socket$inet6(0xa, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket(0x27, 0x6, 0x80000000) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) socket$inet_sctp(0x2, 0x1, 0x84) socket(0x2, 0x3, 0x67) r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000540)={0x2, @pix={0x3, 0x401, 0x3132564e, 0x1, 0x3, 0x3, 0xc, 0x7, 0x0, 0x0, 0x0, 0x3}}) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001740)={0xffffffffffffffff, 0x0, &(0x7f0000001700)=""/50}, 0x20) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x5, @private1={0xfc, 0x1, '\x00', 0x1}}]}, &(0x7f0000000140)=0x10) ioctl$XFS_IOC_PATH_TO_HANDLE(r0, 0xc0385869, &(0x7f0000000280)={r1, &(0x7f0000000080)='\x00', 0x2800, &(0x7f00000000c0)={@align=0x1, {0x7, 0x1, 0x4, 0x6}}, 0x2, &(0x7f0000000100), 0x0}) ioctl$vim2m_VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f00000002c0)={0x2, 0x978}) sendmmsg$inet_sctp(r0, &(0x7f0000000300)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=[@sndrcv={0x30, 0x84, 0x1, {0xb, 0xc2, 0x5, 0x5, 0x83, 0x0, 0x467b7286, 0x200}}], 0x30, 0x4001}], 0x1, 0x11) 3m30.732988655s ago: executing program 5 (id=1732): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0xd, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000640000000000000001000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f60008000000b70300008420000085000000720000009500000000000000"], &(0x7f0000000300)='GPL\x00', 0x6, 0x5, &(0x7f0000000340)=""/5}, 0x94) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) r1 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x800) ioctl$SG_GET_VERSION_NUM(r1, 0x2284, &(0x7f0000000080)) 3m29.656300431s ago: executing program 5 (id=1736): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0x19, 0x4, 0x8, 0xb}, 0x50) syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000020c0), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$sock_timeval(r2, 0x1, 0x15, 0x0, 0x0) connect$llc(r2, &(0x7f0000000000)={0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, @remote}, 0x10) r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x0, 0x0) ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800006, 0x7000001, 0x6e073, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000bc0000/0x400000)=nil, 0x600000, 0x9) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000440)={'ip6_vti0\x00', &(0x7f00000003c0)={'syztnl0\x00', 0x0, 0x0, 0xb5, 0x0, 0x200, 0x0, @remote, @private0, 0x20, 0x8000, 0x7}}) mount(&(0x7f00000000c0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000300)='./cgroup\x00', &(0x7f0000000040)='romfs\x00', 0x200440, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r4, &(0x7f0000000100)=ANY=[], 0x32600) r5 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCDARP(r5, 0x8953, &(0x7f0000000300)={{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x1, @remote}, 0x0, {0x2, 0x40, @private}, 'syz_tun\x00'}) 3m27.916979975s ago: executing program 5 (id=1742): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0x148, 0x65, 0x300, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0xd}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0xd8}]}}, @TCA_RATE={0x6, 0x5, {0xb, 0x40}}, @filter_kind_options=@f_basic={{0xa}, {0xfc, 0x2, [@TCA_BASIC_ACT={0xf8, 0x3, [@m_sample={0x90, 0x17, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0x5}, @TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0x1ff}]}, {0x51, 0x6, "64a8416e1a2ad4f08a507ade2030959fbaf47dae3d8c5509c5f67bbd00abca8965993d237d8db6ee7a95acb45665d419103d3630ef3c99f3729bf251659b35ee457bb1f0377974ae753b08d9ac"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_connmark={0x64, 0x5, 0x0, 0x0, {{0xd}, {0x4}, {0x31, 0x6, "6f3e464680b8dcb925d3c8416db18e2e0eecd7ba0f6003aaa71a565f40fa822f6bd63a4ca0ba27c7d18cbbdfbd"}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x148}, 0x1, 0x0, 0x0, 0x40008c5}, 0x20000080) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380), 0x0, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x2040000, &(0x7f0000003700)={0x77359400}) 3m27.14868691s ago: executing program 5 (id=1746): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) 3m23.841625012s ago: executing program 5 (id=1752): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@newlink={0x54, 0x10, 0xffffff1f, 0x70bd26, 0x80, {0x0, 0x0, 0x0, 0x0, 0x1605, 0x2f10}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x2}, @IFLA_GRE_REMOTE={0x8, 0x7, @multicast1}, @IFLA_GRE_ENCAP_SPORT={0x6, 0x10, 0x100}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x54}, 0x1, 0x0, 0x0, 0x1}, 0x4000) 3m19.920681582s ago: executing program 1 (id=1761): r0 = open(&(0x7f00000000c0)='.\x00', 0x10000, 0x0) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x4}, [], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x28}}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x4, 0x4, 0x4a8, 0xffffffff, 0x398, 0xe8, 0x0, 0xfeffffff, 0xffffffff, 0x468, 0x468, 0x468, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x29}, @private2, [0xffffffff, 0xff000000, 0xff, 0xffffff00], [0xffffff00, 0xff000000, 0xff000000, 0xffffffff], 'wg1\x00', 'sit0\x00', {}, {}, 0x87, 0x3, 0x4, 0x5}, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5, {0x7}}}}, {{@ipv6={@private1, @empty, [0xff], [0x0, 0x0, 0xff000000], 'sit0\x00', 'batadv_slave_1\x00', {}, {}, 0x0, 0x0, 0x6}, 0x0, 0x1e0, 0x220, 0x0, {}, [@common=@rt={{0x138}, {0x401, [0xfffffffe], 0x1, 0x2, 0x3, [@remote, @empty, @remote, @remote, @remote, @mcast1, @mcast2, @private0={0xfc, 0x0, '\x00', 0x1}, @empty, @mcast2, @private0={0xfc, 0x0, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, @remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast1, @private1={0xfc, 0x1, '\x00', 0x1}], 0x6}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x0, {0x2000010}}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x7, 0x8, 0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x508) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r4, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) bind$tipc(r4, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000140)={0x41, 0x1}, 0x10) bind$tipc(0xffffffffffffffff, 0x0, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 3m18.06713942s ago: executing program 1 (id=1762): mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000007, 0x12, 0xffffffffffffffff, 0xbc7ae000) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x1}, "02"}}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x21}, 0x94) ioctl$EVIOCGPROP(0xffffffffffffffff, 0x40047438, &(0x7f0000000180)=""/246) writev(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000000280)="c021", 0x1700}], 0x1) 3m17.698310114s ago: executing program 1 (id=1766): mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4048000) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@base={0x12, 0x3, 0x100, 0x2, 0x8028, 0xffffffffffffffff, 0xd45, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1}, 0x50) r1 = socket$kcm(0x10, 0x2, 0x4) capset(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff, 0x6}) sendmsg$kcm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="48000000140081fb7059ae08060c04000aff0f11000000040011018701546fabca1b4e7d06a6bd7c493872f750375ed08a562af5745e17b8c119418f0f000000d6e74703c48f93b8", 0x48}], 0x1}, 0x0) mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0) ioprio_set$pid(0x1, 0x0, 0x0) 3m15.575684028s ago: executing program 1 (id=1768): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa1000000000000070100"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x0, 0x42, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000faff0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYRESOCT], 0x0, 0x4a}, 0x28) io_uring_setup(0x2f00, &(0x7f0000000700)={0x0, 0xe8e2, 0x2, 0x20001, 0x2d6}) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x1e, 0x0, 0x0) r3 = socket$kcm(0x2, 0x200000000000001, 0x106) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_ro(r4, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) sendmsg$inet(r3, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x3000c041) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x6, 0xc, &(0x7f00000008c0)=ANY=[@ANYBLOB="180200000400000000000000000000008500000041000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000ffffff85850000007100"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x258, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08060cdc030ec0007f03e3f70000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0) 3m15.228098129s ago: executing program 1 (id=1770): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20000850) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), r0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000010000001c000180060001000200000008000300ac1414aa0800060006"], 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0xdf, @empty}, 0x1c) listen(r3, 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000000000000007000000140001800500020001"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x8) 3m14.727837266s ago: executing program 1 (id=1772): socket$inet_sctp(0x2, 0x5, 0x84) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000"], 0x0) connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xa, 0x4}, 0x20) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x4, 0x40, 0x7fff0000}]}) ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(0xffffffffffffffff, 0x40184150, &(0x7f0000000100)={0x0, &(0x7f0000000500)}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3m7.572841812s ago: executing program 33 (id=1752): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@newlink={0x54, 0x10, 0xffffff1f, 0x70bd26, 0x80, {0x0, 0x0, 0x0, 0x0, 0x1605, 0x2f10}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x2}, @IFLA_GRE_REMOTE={0x8, 0x7, @multicast1}, @IFLA_GRE_ENCAP_SPORT={0x6, 0x10, 0x100}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x54}, 0x1, 0x0, 0x0, 0x1}, 0x4000) 2m59.569347338s ago: executing program 34 (id=1772): socket$inet_sctp(0x2, 0x5, 0x84) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000"], 0x0) connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xa, 0x4}, 0x20) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x4, 0x40, 0x7fff0000}]}) ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(0xffffffffffffffff, 0x40184150, &(0x7f0000000100)={0x0, &(0x7f0000000500)}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12.071209679s ago: executing program 3 (id=2088): r0 = socket$inet_icmp(0x2, 0x2, 0x1) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='mounts\x00') sendfile(r0, r1, 0x0, 0x100000000) 9.020951755s ago: executing program 3 (id=2093): sched_setscheduler(0x0, 0x1, 0x0) socket$alg(0x26, 0x5, 0x0) r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x88a01, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000080)=0x74000000) write$dsp(r0, &(0x7f0000002000)='`', 0x88020) 8.02025659s ago: executing program 0 (id=2098): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, 0x0, 0x0) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1}, 0x18) sendmmsg(r0, &(0x7f0000003e40)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000001c0)="b875a1431a05b9319c", 0x9}], 0x1}}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000000040), 0x10, &(0x7f0000000480)=""/230}}], 0x2, 0x0, 0x0) 6.377142701s ago: executing program 0 (id=2101): r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYRESDEC], 0x0) syz_usb_disconnect(r0) 6.301261463s ago: executing program 2 (id=2102): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40186f40, 0x0) syz_open_procfs(0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000002c80)="d800000018007b18e00212ba0d8105040a0a1100fe0f040b067c55a1bc0009001e0006990300000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b01602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d93452a92307f00000e97031e9f05e9f16e9cb5", 0xd2}, {&(0x7f00000004c0)="f80ec2e2badd", 0x6}], 0x2, 0x0, 0x0, 0x2663}, 0x0) 5.890499588s ago: executing program 2 (id=2103): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x148) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) r1 = fanotify_init(0xf00, 0x1000) fanotify_mark(r1, 0x105, 0x5000003a, r0, 0x0) mknod$loop(&(0x7f0000001b80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x8008, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYRES8, @ANYRES64=0x0, @ANYRES64, @ANYRESHEX=r1, @ANYRESDEC=r1, @ANYRES32=0x0, @ANYRES16, @ANYRESHEX, @ANYRESDEC], 0x50) io_uring_enter(0xffffffffffffffff, 0x2219, 0x7721, 0x33, 0x0, 0x0) creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93) renameat2(0xffffffffffffff9c, &(0x7f0000000380)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000480)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2) 5.827548003s ago: executing program 3 (id=2104): mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000900)=ANY=[], 0x5cc}, 0x1, 0x0, 0x0, 0x4000084}, 0x4000) setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, 0x0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) setsockopt$bt_BT_FLUSHABLE(r1, 0x112, 0x8, 0x0, 0x0) 4.70132647s ago: executing program 2 (id=2105): openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000000) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) io_getevents(0x0, 0x3, 0x0, 0x0, 0x0) io_destroy(0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000000)=0x200000000) write$vhost_msg_v2(r1, &(0x7f0000002b00)={0x2, 0x0, {&(0x7f0000000600)=""/13, 0xd, 0x0, 0x3, 0x2}}, 0x48) write$vhost_msg_v2(r1, &(0x7f0000000180)={0x2, 0x0, {&(0x7f0000000280)=""/184, 0x2562bac182d8b35a, 0x0, 0x2, 0x3}}, 0x48) 4.136445575s ago: executing program 3 (id=2106): getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000180)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback, 0x6}}, 0x3, 0x81}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) r1 = socket$inet(0x2, 0x801, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200047bc, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a37f2", 0x8, 0x2c, 0x0, @remote, @local, {[], {{0x3a00, 0x5, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) splice(r1, 0x0, 0xffffffffffffffff, 0x0, 0xc0, 0x5) syz_io_uring_submit(0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x3516, 0xc2de, 0x8, 0x0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) r4 = dup3(r3, r2, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000fc0)=[@release={0x40046306, 0x5}], 0x0, 0x0, 0x0}) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000600)=ANY=[], 0x100}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, 0x0, 0x4000) 4.003853007s ago: executing program 2 (id=2107): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000280)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bpq0, 0xffff, 'syz0\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0xfffffdba, 0x1, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}) ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x6, 'syz1\x00', @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]}) ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f00000001c0)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x2, 'syz1\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x40005, 0x1, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @default]}) 3.131833315s ago: executing program 0 (id=2108): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x148) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) r1 = fanotify_init(0xf00, 0x1000) fanotify_mark(r1, 0x105, 0x5000003a, r0, 0x0) mknod$loop(&(0x7f0000001b80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x8008, &(0x7f0000000400)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYRES8, @ANYRES64=0x0, @ANYRES64, @ANYRESHEX=r1, @ANYRESDEC=r1, @ANYRES32=0x0, @ANYRES16, @ANYRESHEX, @ANYRESDEC], 0x50) io_uring_enter(0xffffffffffffffff, 0x2219, 0x7721, 0x33, 0x0, 0x0) creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93) renameat2(0xffffffffffffff9c, &(0x7f0000000380)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000480)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2) 3.011289561s ago: executing program 2 (id=2109): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, 0x0, 0x0) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1}, 0x18) sendmmsg(r0, &(0x7f0000003e40)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000001c0)="b875a1431a05b9319c", 0x9}], 0x1}}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000000040), 0x10, &(0x7f0000000480)=""/230}}], 0x2, 0x0, 0x0) 1.981986797s ago: executing program 0 (id=2110): r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) socket$inet6(0xa, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket(0x27, 0x6, 0x80000000) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) socket$inet_sctp(0x2, 0x1, 0x84) socket(0x2, 0x3, 0x67) r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000540)={0x2, @pix={0x3, 0x401, 0x3132564e, 0x1, 0x3, 0x3, 0xc, 0x7, 0x0, 0x0, 0x0, 0x3}}) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x5, @private1={0xfc, 0x1, '\x00', 0x1}}]}, &(0x7f0000000140)=0x10) ioctl$XFS_IOC_PATH_TO_HANDLE(r0, 0xc0385869, &(0x7f0000000280)={r1, &(0x7f0000000080)='\x00', 0x2800, &(0x7f00000000c0)={@align=0x1, {0x7, 0x1, 0x4, 0x6}}, 0x2, &(0x7f0000000100), 0x0}) ioctl$vim2m_VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f00000002c0)={0x2, 0x978}) sendmmsg$inet_sctp(r0, &(0x7f0000000300)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=[@sndrcv={0x30, 0x84, 0x1, {0xb, 0xc2, 0x5, 0x5, 0x83, 0x0, 0x467b7286, 0x200}}], 0x30, 0x4001}], 0x1, 0x11) 1.821821913s ago: executing program 3 (id=2111): getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000180)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback, 0x6}}, 0x3, 0x81}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) r1 = socket$inet(0x2, 0x801, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200047bc, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a37f2", 0x8, 0x2c, 0x0, @remote, @local, {[], {{0x3a00, 0x5, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) splice(r1, 0x0, 0xffffffffffffffff, 0x0, 0xc0, 0x5) syz_io_uring_submit(0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x3516, 0xc2de, 0x8, 0x0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) r4 = dup3(r3, r2, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000fc0)=[@release={0x40046306, 0x5}], 0x0, 0x0, 0x0}) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a14000000000a01030000000000000000010020052c000000030a01020000000000000000010000040900030073797a32000000000900010073797a300000000054000000060a010400000000000000000100000008000b40fffffffe0900010073797a30000000002c0004801400"], 0xbc}}, 0x4000) 1.393619097s ago: executing program 2 (id=2112): r0 = socket$inet6_udp(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$sock_SIOCGIFCONF(r0, 0x8912, &(0x7f00000000c0)=@req={0x28, &(0x7f0000000000)={'macvtap0\x00', @ifru_flags=0x2000}}) 1.11868544s ago: executing program 0 (id=2113): r0 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc) 126.741116ms ago: executing program 0 (id=2114): socket$unix(0x1, 0x1, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) epoll_create(0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x40210, 0xffffffffffffffff, 0xf8238000) r1 = syz_open_procfs(0x0, &(0x7f0000000300)='io\x00') pread64(r1, &(0x7f0000001240)=""/102400, 0x200000, 0x0) epoll_create1(0x0) r2 = shmget$private(0x0, 0x1000, 0x1000, &(0x7f00009b7000/0x1000)=nil) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYRES32=0x0, @ANYRESHEX=r0, @ANYRESOCT, @ANYRES32, @ANYBLOB="00000000b8750000223d4d89000000000000000000000000000000002c2a9af3eab13ff39cf116c9fac641a8ddf8"], 0x48) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x40240, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) ioctl$KDMKTONE(0xffffffffffffffff, 0x4b30, 0x200010) sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7) r3 = getpid() sched_setscheduler(r3, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setgroups(0x0, 0x0) shmat(0x0, &(0x7f0000ffc000/0x3000)=nil, 0x4000) shmctl$IPC_RMID(r2, 0x0) 0s ago: executing program 3 (id=2115): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x148) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) r1 = fanotify_init(0xf00, 0x1000) fanotify_mark(r1, 0x105, 0x5000003a, r0, 0x0) mknod$loop(&(0x7f0000001b80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x8008, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) io_uring_enter(0xffffffffffffffff, 0x2219, 0x7721, 0x33, 0x0, 0x0) creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93) renameat2(0xffffffffffffff9c, &(0x7f0000000380)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000480)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2) kernel console output (not intermixed with test programs): uesting version [ 183.144636][ T5798] cp2112 0003:10C4:EA90.0001: probe with driver cp2112 failed with error -5 [ 184.465245][ T5798] usb 1-1: USB disconnect, device number 9 [ 187.671471][ T809] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 187.875924][ T809] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 187.875944][ T809] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 187.876966][ T809] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 187.876983][ T809] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 187.876994][ T809] usb 4-1: SerialNumber: syz [ 188.104859][ T809] usb 4-1: 0:2 : does not exist [ 188.104913][ T809] usb 4-1: unit 3 not found! [ 188.223490][ T809] usb 4-1: USB disconnect, device number 10 [ 188.313390][ T5941] udevd[5941]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 189.281551][ T5870] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 189.301533][ T5798] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 190.139111][ T5870] usb 3-1: config 220 has an invalid interface number: 76 but max is 2 [ 190.139143][ T5870] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 190.139162][ T5870] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 190.139182][ T5870] usb 3-1: config 220 has no interface number 2 [ 190.139260][ T5870] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 190.139289][ T5870] usb 3-1: config 220 interface 0 has no altsetting 0 [ 190.139308][ T5870] usb 3-1: config 220 interface 76 has no altsetting 0 [ 190.139327][ T5870] usb 3-1: config 220 interface 1 has no altsetting 0 [ 190.235951][ T5870] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 190.235986][ T5870] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 190.236007][ T5870] usb 3-1: Product: syz [ 190.236080][ T5870] usb 3-1: Manufacturer: syz [ 190.236095][ T5870] usb 3-1: SerialNumber: syz [ 190.275197][ T5798] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 190.275233][ T5798] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 190.275274][ T5798] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 190.275298][ T5798] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.384357][ T5798] usb 1-1: config 0 descriptor?? [ 190.608144][ T5870] uvcvideo 3-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 190.608242][ T5870] uvcvideo 3-1:220.0: No valid video chain found. [ 190.935628][ T5870] usb 3-1: USB disconnect, device number 5 [ 191.015698][ T5907] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 191.032024][ T5798] cp2112 0003:10C4:EA90.0002: unknown main item tag 0x0 [ 191.040088][ T5798] cp2112 0003:10C4:EA90.0002: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.0-1/input0 [ 191.154225][ T5798] cp2112 0003:10C4:EA90.0002: Part Number: 0x82 Device Version: 0xFE [ 191.181461][ T5907] usb 4-1: config 220 has an invalid interface number: 76 but max is 2 [ 191.181492][ T5907] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 191.181511][ T5907] usb 4-1: config 220 has no interface number 2 [ 191.181604][ T5907] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 191.181633][ T5907] usb 4-1: config 220 interface 0 has no altsetting 0 [ 191.181651][ T5907] usb 4-1: config 220 interface 76 has no altsetting 0 [ 191.181669][ T5907] usb 4-1: config 220 interface 1 has no altsetting 0 [ 191.190966][ T5907] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 191.190998][ T5907] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 191.191019][ T5907] usb 4-1: Product: syz [ 191.191033][ T5907] usb 4-1: Manufacturer: syz [ 191.191047][ T5907] usb 4-1: SerialNumber: syz [ 191.553602][ T5907] usb 4-1: selecting invalid altsetting 0 [ 191.569496][ T5907] uvcvideo 4-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 191.569531][ T5907] uvcvideo 4-1:220.0: No valid video chain found. [ 191.648201][ T5907] usb 4-1: selecting invalid altsetting 0 [ 191.648238][ T5907] usbtest 4-1:220.1: probe with driver usbtest failed with error -22 [ 191.731435][ T5907] usb 4-1: USB disconnect, device number 11 [ 191.762287][ T5798] cp2112 0003:10C4:EA90.0002: error reading lock byte: -32 [ 191.934966][ T5798] usb 1-1: USB disconnect, device number 10 [ 195.231478][ T5798] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 195.250468][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 195.250548][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.381570][ T5798] usb 3-1: Using ep0 maxpacket: 16 [ 195.415463][ T5798] usb 3-1: config 0 interface 0 altsetting 2 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 195.415498][ T5798] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 195.415524][ T5798] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 195.415552][ T5798] usb 3-1: config 0 interface 0 has no altsetting 0 [ 195.415586][ T5798] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 195.415610][ T5798] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 195.519988][ T5798] usb 3-1: config 0 descriptor?? [ 195.521575][ T6619] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 196.011539][ T5798] usbhid 3-1:0.0: can't add hid device: -71 [ 196.011683][ T5798] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 196.040210][ T5798] usb 3-1: USB disconnect, device number 6 [ 198.092997][ T6647] netlink: 'syz.3.232': attribute type 4 has an invalid length. [ 198.531513][ T9] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 199.106369][ T9] usb 2-1: config 1 has an invalid descriptor of length 182, skipping remainder of the config [ 199.106400][ T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 199.108244][ T9] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 199.108276][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 199.108386][ T9] usb 2-1: SerialNumber: syz [ 199.436582][ T9] usb 2-1: 0:2 : does not exist [ 199.636464][ T9] usb 2-1: USB disconnect, device number 7 [ 199.849888][ T5941] udevd[5941]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 200.089515][ T6663] Bluetooth: hci0: invalid length 0, exp 2 for type 15 [ 201.186765][ T31] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 201.274172][ T5907] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 201.351513][ T31] usb 4-1: Using ep0 maxpacket: 16 [ 201.361001][ T31] usb 4-1: unable to get BOS descriptor or descriptor too short [ 201.397642][ T31] usb 4-1: config 1 has an invalid descriptor of length 130, skipping remainder of the config [ 201.397735][ T31] usb 4-1: Duplicate descriptor for config 1 interface 1 altsetting 1, skipping [ 201.450774][ T5907] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 201.450873][ T5907] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 201.450916][ T5907] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 201.450939][ T5907] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 201.526644][ T31] usb 4-1: New USB device found, idVendor=04b4, idProduct=931c, bcdDevice= 0.40 [ 201.526674][ T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 201.526686][ T31] usb 4-1: Product: syz [ 201.526694][ T31] usb 4-1: Manufacturer: syz [ 201.526702][ T31] usb 4-1: SerialNumber: syz [ 201.573454][ T5907] usb 1-1: config 0 descriptor?? [ 202.393827][ T5907] cp2112 0003:10C4:EA90.0003: unknown main item tag 0x0 [ 202.421818][ T5907] cp2112 0003:10C4:EA90.0003: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.0-1/input0 [ 202.530459][ T5907] cp2112 0003:10C4:EA90.0003: Part Number: 0x82 Device Version: 0xFE [ 203.690589][ T5907] cp2112 0003:10C4:EA90.0003: error requesting SMBus config [ 203.706068][ T5907] cp2112 0003:10C4:EA90.0003: probe with driver cp2112 failed with error -71 [ 203.774072][ T5907] usb 1-1: USB disconnect, device number 11 [ 204.149423][ T6705] Bluetooth: hci0: invalid length 0, exp 2 for type 15 [ 204.733551][ T6703] fido_id[6703]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 205.362859][ T31] usb 4-1: unit 2 not found! [ 205.582935][ T31] usb 4-1: can't set first interface for hiFace device. [ 205.582980][ T31] snd-usb-hiface 4-1:1.1: probe with driver snd-usb-hiface failed with error -5 [ 205.629721][ T31] usb 4-1: can't set first interface for hiFace device. [ 205.629764][ T31] snd-usb-hiface 4-1:1.2: probe with driver snd-usb-hiface failed with error -5 [ 205.672142][ T31] usb 4-1: USB disconnect, device number 12 [ 206.048795][ T5941] udevd[5941]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 206.341510][ T5879] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 206.537228][ T5879] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 206.537254][ T5879] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 206.537278][ T5879] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 206.537291][ T5879] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.541277][ T5879] usb 5-1: config 0 descriptor?? [ 206.857216][ T6736] kvm: requested 16761 ns i8254 timer period limited to 200000 ns [ 206.858017][ T6736] kvm: requested 165942 ns i8254 timer period limited to 200000 ns [ 206.858383][ T6736] kvm: requested 63695 ns i8254 timer period limited to 200000 ns [ 206.859068][ T6736] kvm: requested 65371 ns i8254 timer period limited to 200000 ns [ 206.859924][ T6736] kvm: requested 83809 ns i8254 timer period limited to 200000 ns [ 206.860415][ T6736] kvm: requested 8380 ns i8254 timer period limited to 200000 ns [ 206.884264][ T6736] kvm: requested 72076 ns i8254 timer period limited to 200000 ns [ 206.884906][ T6736] kvm: requested 130742 ns i8254 timer period limited to 200000 ns [ 206.885418][ T6736] kvm: requested 25142 ns i8254 timer period limited to 200000 ns [ 206.907265][ T6736] kvm: requested 129066 ns i8254 timer period limited to 200000 ns [ 207.040574][ T5879] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0 [ 207.085634][ T10] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 207.085663][ T5879] cp2112 0003:10C4:EA90.0004: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.4-1/input0 [ 207.214971][ T5879] cp2112 0003:10C4:EA90.0004: Part Number: 0x82 Device Version: 0xFE [ 207.231645][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 207.236362][ T10] usb 1-1: unable to get BOS descriptor or descriptor too short [ 207.244515][ T10] usb 1-1: config 1 has an invalid descriptor of length 130, skipping remainder of the config [ 207.244601][ T10] usb 1-1: Duplicate descriptor for config 1 interface 1 altsetting 1, skipping [ 207.247931][ T10] usb 1-1: New USB device found, idVendor=04b4, idProduct=931c, bcdDevice= 0.40 [ 207.247958][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.247976][ T10] usb 1-1: Product: syz [ 207.247990][ T10] usb 1-1: Manufacturer: syz [ 207.248005][ T10] usb 1-1: SerialNumber: syz [ 207.418644][ T5879] cp2112 0003:10C4:EA90.0004: error requesting SMBus config [ 207.430947][ T5879] cp2112 0003:10C4:EA90.0004: probe with driver cp2112 failed with error -71 [ 207.453335][ T5879] usb 5-1: USB disconnect, device number 4 [ 207.579781][ T6744] kAFS: unparsable volume name [ 208.348776][ T10] usb 1-1: unit 2 not found! [ 209.806311][ T10] usb 1-1: can't set first interface for hiFace device. [ 209.806353][ T10] snd-usb-hiface 1-1:1.1: probe with driver snd-usb-hiface failed with error -5 [ 209.812836][ T10] usb 1-1: can't set first interface for hiFace device. [ 209.812872][ T10] snd-usb-hiface 1-1:1.2: probe with driver snd-usb-hiface failed with error -5 [ 209.822366][ T10] usb 1-1: USB disconnect, device number 12 [ 210.147883][ T6775] netlink: 48 bytes leftover after parsing attributes in process `syz.4.272'. [ 210.209601][ T6778] netlink: 48 bytes leftover after parsing attributes in process `syz.4.272'. [ 210.319987][ T6775] bond1: Unable to set peer notification delay as MII monitoring is disabled [ 210.776197][ T37] audit: type=1326 audit(1773135688.111:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6780 comm="syz.1.273" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f79d8bcc799 code=0x0 [ 210.776262][ T37] audit: type=1326 audit(1773135688.121:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6780 comm="syz.1.273" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f79d8bcc799 code=0x0 [ 210.776307][ T37] audit: type=1326 audit(1773135688.121:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6780 comm="syz.1.273" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f79d8bcc799 code=0x0 [ 210.819865][ T6775] bond1 (unregistering): Released all slaves [ 211.422374][ T6791] capability: warning: `syz.0.277' uses 32-bit capabilities (legacy support in use) [ 211.482336][ T6791] program syz.0.277 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 211.535385][ T6778] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 212.779808][ T5803] Bluetooth: hci0: command 0x0406 tx timeout [ 213.992571][ T6804] netlink: 48 bytes leftover after parsing attributes in process `syz.0.281'. [ 214.140798][ T6804] bond1: Unable to set peer notification delay as MII monitoring is disabled [ 214.192773][ T6804] bond1 (unregistering): Released all slaves [ 214.498520][ T6813] netlink: 'syz.4.284': attribute type 4 has an invalid length. [ 216.711515][ T9] usb 4-1: new full-speed USB device number 13 using dummy_hcd [ 216.881534][ T5798] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 217.029154][ T9] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 217.029177][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 217.029189][ T9] usb 4-1: Product: syz [ 217.029198][ T9] usb 4-1: Manufacturer: syz [ 217.029206][ T9] usb 4-1: SerialNumber: syz [ 217.145788][ T6841] 9p: Bad value for 'wfdno' [ 217.295279][ T9] usb 4-1: config 0 descriptor?? [ 217.738481][ T5798] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 217.738780][ T5798] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 217.738807][ T5798] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.808597][ T5798] usb 3-1: config 0 descriptor?? [ 217.846685][ T5798] pwc: Askey VC010 type 2 USB webcam detected. [ 217.925368][ T5808] Bluetooth: hci1: command 0x0406 tx timeout [ 217.925414][ T5808] Bluetooth: hci4: command 0x0406 tx timeout [ 217.925450][ T5808] Bluetooth: hci3: command 0x0406 tx timeout [ 217.925476][ T5808] Bluetooth: hci2: command 0x0406 tx timeout [ 218.084745][ T9] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 218.233520][ T5798] pwc: recv_control_msg error -32 req 02 val 2b00 [ 218.235306][ T5798] pwc: recv_control_msg error -32 req 02 val 2700 [ 218.237091][ T5798] pwc: recv_control_msg error -32 req 02 val 2c00 [ 218.238428][ T5798] pwc: recv_control_msg error -32 req 04 val 1000 [ 218.240017][ T5798] pwc: recv_control_msg error -32 req 04 val 1300 [ 218.283656][ T5798] pwc: recv_control_msg error -32 req 04 val 1400 [ 218.285794][ T5798] pwc: recv_control_msg error -32 req 02 val 2000 [ 218.318755][ T5798] pwc: recv_control_msg error -32 req 02 val 2100 [ 218.328122][ T5798] pwc: recv_control_msg error -32 req 04 val 1500 [ 218.332652][ T5798] pwc: recv_control_msg error -32 req 02 val 2500 [ 218.341721][ T5798] pwc: recv_control_msg error -32 req 02 val 2400 [ 218.397389][ T37] audit: type=1326 audit(1773135695.741:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6844 comm="syz.1.293" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f79d8bcc799 code=0x0 [ 218.397445][ T37] audit: type=1326 audit(1773135695.751:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6844 comm="syz.1.293" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f79d8bcc799 code=0x0 [ 218.536936][ T9] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 218.544450][ T5798] pwc: recv_control_msg error -71 req 02 val 2900 [ 218.546001][ T5798] pwc: recv_control_msg error -71 req 02 val 2800 [ 218.571155][ T5798] pwc: recv_control_msg error -71 req 04 val 1100 [ 218.581587][ T5798] pwc: recv_control_msg error -71 req 04 val 1200 [ 218.615197][ T9] usb 4-1: USB disconnect, device number 13 [ 218.619266][ T5798] pwc: Registered as video103. [ 218.691023][ T5798] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input8 [ 218.727441][ T5798] usb 3-1: USB disconnect, device number 7 [ 223.352663][ T37] audit: type=1326 audit(1773135700.691:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6875 comm="syz.4.303" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3979f6c799 code=0x7ffc0000 [ 223.353129][ T37] audit: type=1326 audit(1773135700.691:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6875 comm="syz.4.303" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3979f6c799 code=0x7ffc0000 [ 225.562461][ T37] audit: type=1326 audit(1773135702.621:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6884 comm="syz.2.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493558c799 code=0x7ffc0000 [ 225.562532][ T37] audit: type=1326 audit(1773135702.621:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6884 comm="syz.2.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493558c799 code=0x7ffc0000 [ 225.562579][ T37] audit: type=1326 audit(1773135702.921:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6884 comm="syz.2.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f493558c799 code=0x7ffc0000 [ 225.562629][ T37] audit: type=1326 audit(1773135702.921:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6884 comm="syz.2.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493558c799 code=0x7ffc0000 [ 225.562673][ T37] audit: type=1326 audit(1773135702.921:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6884 comm="syz.2.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493558c799 code=0x7ffc0000 [ 225.570214][ T37] audit: type=1326 audit(1773135702.921:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6884 comm="syz.2.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f493554cfce code=0x7ffc0000 [ 226.562509][ T37] audit: type=1326 audit(1773135703.561:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6884 comm="syz.2.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f493558c799 code=0x7ffc0000 [ 226.865677][ T37] audit: type=1326 audit(1773135704.221:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6884 comm="syz.2.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493558c799 code=0x7ffc0000 [ 226.865861][ T37] audit: type=1326 audit(1773135704.221:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6884 comm="syz.2.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493558c799 code=0x7ffc0000 [ 226.866769][ T37] audit: type=1326 audit(1773135704.221:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6884 comm="syz.2.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493558c799 code=0x7ffc0000 [ 229.666000][ T6899] syz.3.308 (6899) used greatest stack depth: 18024 bytes left [ 230.612960][ T6920] netlink: 4 bytes leftover after parsing attributes in process `syz.2.316'. [ 231.585138][ T6931] netlink: 288 bytes leftover after parsing attributes in process `syz.2.318'. [ 239.250297][ T37] kauditd_printk_skb: 1 callbacks suppressed [ 239.250349][ T37] audit: type=1326 audit(1773135716.111:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6987 comm="syz.4.340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3979f6c799 code=0x7ffc0000 [ 239.250892][ T37] audit: type=1326 audit(1773135716.121:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6987 comm="syz.4.340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3979f6c799 code=0x7ffc0000 [ 239.251162][ T37] audit: type=1326 audit(1773135716.131:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6987 comm="syz.4.340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f3979f6c799 code=0x7ffc0000 [ 239.331396][ T37] audit: type=1326 audit(1773135716.141:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6987 comm="syz.4.340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3979f6c799 code=0x7ffc0000 [ 239.331640][ T37] audit: type=1326 audit(1773135716.141:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6987 comm="syz.4.340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3979f6c799 code=0x7ffc0000 [ 239.331850][ T37] audit: type=1326 audit(1773135716.171:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6987 comm="syz.4.340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f3979f2cfce code=0x7ffc0000 [ 239.332060][ T37] audit: type=1326 audit(1773135716.171:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6987 comm="syz.4.340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f3979f2cfce code=0x7ffc0000 [ 239.332312][ T37] audit: type=1326 audit(1773135716.181:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6987 comm="syz.4.340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f3979f2cfce code=0x7ffc0000 [ 239.332531][ T37] audit: type=1326 audit(1773135716.181:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6987 comm="syz.4.340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f3979f2cfce code=0x7ffc0000 [ 239.332948][ T37] audit: type=1326 audit(1773135716.191:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6987 comm="syz.4.340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f3979f2cfce code=0x7ffc0000 [ 249.029383][ T7063] netlink: 288 bytes leftover after parsing attributes in process `syz.3.370'. [ 249.346819][ T7078] binder: 7068:7078 ioctl c0306201 0 returned -14 [ 250.091600][ T9] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 251.257438][ T9] usb 5-1: device not accepting address 5, error -71 [ 253.583579][ T9] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 253.743921][ T9] usb 1-1: config 220 has an invalid interface number: 76 but max is 2 [ 253.743954][ T9] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 253.743973][ T9] usb 1-1: config 220 has no interface number 2 [ 253.744072][ T9] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 253.744101][ T9] usb 1-1: config 220 interface 0 has no altsetting 0 [ 253.744120][ T9] usb 1-1: config 220 interface 76 has no altsetting 0 [ 253.744138][ T9] usb 1-1: config 220 interface 1 has no altsetting 0 [ 253.747686][ T9] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 253.747719][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 253.747740][ T9] usb 1-1: Product: syz [ 253.747754][ T9] usb 1-1: Manufacturer: syz [ 253.747769][ T9] usb 1-1: SerialNumber: syz [ 254.138494][ T9] usb 1-1: selecting invalid altsetting 0 [ 254.138989][ T9] uvcvideo 1-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 254.139021][ T9] uvcvideo 1-1:220.0: No valid video chain found. [ 254.191036][ T9] usb 1-1: selecting invalid altsetting 0 [ 254.191079][ T9] usbtest 1-1:220.1: probe with driver usbtest failed with error -22 [ 254.232018][ T9] usb 1-1: USB disconnect, device number 13 [ 256.120003][ T7118] netlink: 8 bytes leftover after parsing attributes in process `syz.0.382'. [ 257.768556][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 257.768634][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 258.243735][ T7137] binder: 7130:7137 ioctl c0306201 0 returned -14 [ 260.472636][ T5879] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 262.455552][ T5879] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 262.455589][ T5879] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 262.455612][ T5879] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 262.455656][ T5879] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 262.455680][ T5879] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 262.529958][ T5879] usb 5-1: config 0 descriptor?? [ 262.756250][ T5879] usbhid 5-1:0.0: can't add hid device: -71 [ 262.756402][ T5879] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 262.760892][ T5879] usb 5-1: USB disconnect, device number 7 [ 281.454825][ T7302] netlink: 144 bytes leftover after parsing attributes in process `syz.0.442'. [ 302.456488][ T67] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 302.457567][ T67] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 302.457628][ T67] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 302.457664][ T67] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 308.255552][ T7540] netlink: 4 bytes leftover after parsing attributes in process `syz.4.518'. [ 308.693951][ T7540] team0: Port device team_slave_0 removed [ 308.730279][ T7547] netlink: 16 bytes leftover after parsing attributes in process `syz.2.520'. [ 319.741810][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 319.741893][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 321.870002][ T37] kauditd_printk_skb: 62 callbacks suppressed [ 321.870023][ T37] audit: type=1326 audit(1773135799.221:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7630 comm="syz.1.542" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f79d8bcc799 code=0x0 [ 331.061141][ T7706] gretap1: entered allmulticast mode [ 340.935164][ T7792] netlink: 4 bytes leftover after parsing attributes in process `syz.1.597'. [ 342.522288][ T7792] team0: Port device team_slave_0 removed [ 342.932839][ T7822] binder: 7814:7822 ioctl c0306201 0 returned -14 [ 343.591444][ T31] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 343.745201][ T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 343.745239][ T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 343.745263][ T31] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 343.745309][ T31] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 343.745334][ T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 343.814072][ T31] usb 5-1: config 0 descriptor?? [ 344.663808][ T31] usbhid 5-1:0.0: can't add hid device: -71 [ 344.663948][ T31] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 344.701953][ T31] usb 5-1: USB disconnect, device number 8 [ 348.186563][ T7863] netlink: 4 bytes leftover after parsing attributes in process `syz.2.624'. [ 348.423023][ T7869] binder: 7864:7869 ioctl c0306201 0 returned -14 [ 348.911503][ T5946] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 349.953294][ T7863] team0: Port device team_slave_0 removed [ 350.074533][ T5946] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 350.074593][ T5946] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 350.074640][ T5946] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 350.074719][ T5946] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 350.074745][ T5946] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 350.406222][ T5946] usb 4-1: config 0 descriptor?? [ 351.674128][ T5946] usbhid 4-1:0.0: can't add hid device: -71 [ 351.690945][ T5946] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 351.707797][ T5946] usb 4-1: USB disconnect, device number 14 [ 354.105376][ T7895] netlink: 28 bytes leftover after parsing attributes in process `syz.1.634'. [ 355.751063][ T7920] netlink: 4 bytes leftover after parsing attributes in process `syz.3.644'. [ 355.777920][ T7892] gretap1: entered allmulticast mode [ 356.002483][ T7920] team0: Port device team_slave_0 removed [ 357.577915][ T5800] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 357.612787][ T5800] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 357.614968][ T5800] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 357.616591][ T5800] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 357.617688][ T5800] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 359.029051][ T37] audit: type=1326 audit(1773135836.381:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7948 comm="syz.2.654" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f493558c799 code=0x0 [ 359.079010][ T37] audit: type=1326 audit(1773135836.431:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7948 comm="syz.2.654" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f493558c799 code=0x0 [ 359.915510][ T5800] Bluetooth: hci1: command tx timeout [ 360.728744][ T7959] netlink: 4 bytes leftover after parsing attributes in process `syz.3.659'. [ 361.532987][ T37] audit: type=1326 audit(1773135838.891:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7967 comm="syz.0.660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ca4f6c799 code=0x7ffc0000 [ 361.535362][ T37] audit: type=1326 audit(1773135838.891:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7967 comm="syz.0.660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ca4f6c799 code=0x7ffc0000 [ 361.536789][ T37] audit: type=1326 audit(1773135838.891:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7967 comm="syz.0.660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f4ca4f6c799 code=0x7ffc0000 [ 361.537326][ T37] audit: type=1326 audit(1773135838.891:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7967 comm="syz.0.660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ca4f6c799 code=0x7ffc0000 [ 361.537633][ T37] audit: type=1326 audit(1773135838.891:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7967 comm="syz.0.660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ca4f6c799 code=0x7ffc0000 [ 361.538550][ T37] audit: type=1326 audit(1773135838.891:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7967 comm="syz.0.660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4ca4f6c799 code=0x7ffc0000 [ 361.539105][ T37] audit: type=1326 audit(1773135838.891:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7967 comm="syz.0.660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ca4f6c799 code=0x7ffc0000 [ 361.539400][ T37] audit: type=1326 audit(1773135838.891:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7967 comm="syz.0.660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ca4f6c799 code=0x7ffc0000 [ 361.801112][ T7971] netlink: 36 bytes leftover after parsing attributes in process `syz.0.661'. [ 361.889368][ T1150] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 361.961583][ T5800] Bluetooth: hci1: command tx timeout [ 362.101479][ T7959] hsr_slave_0: left promiscuous mode [ 362.171522][ T7959] hsr_slave_1: left promiscuous mode [ 364.094988][ T5800] Bluetooth: hci1: command tx timeout [ 364.300365][ T1150] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 364.503219][ T5946] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 364.503267][ T5946] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 364.562851][ T8009] netlink: 72 bytes leftover after parsing attributes in process `syz.0.674'. [ 364.610192][ T8009] netlink: 72 bytes leftover after parsing attributes in process `syz.0.674'. [ 364.655384][ T5946] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz0] on syz1 [ 364.915665][ T1150] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 365.078506][ T8022] netlink: 8 bytes leftover after parsing attributes in process `syz.2.682'. [ 365.078643][ T8022] netlink: 8 bytes leftover after parsing attributes in process `syz.2.682'. [ 365.078691][ T8022] netlink: 8 bytes leftover after parsing attributes in process `syz.2.682'. [ 365.078739][ T8022] netlink: 8 bytes leftover after parsing attributes in process `syz.2.682'. [ 365.078792][ T8022] netlink: 8 bytes leftover after parsing attributes in process `syz.2.682'. [ 365.078841][ T8022] netlink: 8 bytes leftover after parsing attributes in process `syz.2.682'. [ 365.303223][ T5880] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 366.361682][ T5800] Bluetooth: hci1: command tx timeout [ 366.624894][ T5880] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 366.624923][ T5880] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 366.625686][ T1150] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 366.632269][ T5880] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 366.632302][ T5880] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 366.632322][ T5880] usb 4-1: Product: syz [ 366.632335][ T5880] usb 4-1: Manufacturer: syz [ 366.632346][ T5880] usb 4-1: SerialNumber: syz [ 366.688576][ T5880] usb 4-1: config 0 descriptor?? [ 367.193519][ T8052] netlink: 'syz.1.694': attribute type 1 has an invalid length. [ 367.479840][ T8055] gretap1: entered allmulticast mode [ 367.490536][ T8055] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 368.102785][ T5880] usb 4-1: USB disconnect, device number 15 [ 368.172820][ T7933] chnl_net:caif_netlink_parms(): no params data found [ 368.335300][ T1150] bridge_slave_1: left allmulticast mode [ 368.335491][ T1150] bridge_slave_1: left promiscuous mode [ 368.361500][ T1150] bridge0: port 2(bridge_slave_1) entered disabled state [ 368.494701][ T1150] bridge_slave_0: left allmulticast mode [ 368.494732][ T1150] bridge_slave_0: left promiscuous mode [ 368.494999][ T1150] bridge0: port 1(bridge_slave_0) entered disabled state [ 368.664318][ T9] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 368.664354][ T9] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 368.731478][ T9] hid-generic 0000:0000:0000.0006: hidraw0: HID v0.00 Device [syz0] on syz1 [ 369.055318][ T8089] fido_id[8089]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 373.940601][ T9] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 373.940638][ T9] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 373.962253][ T1150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 373.980732][ T9] hid-generic 0000:0000:0000.0007: hidraw0: HID v0.00 Device [syz0] on syz1 [ 374.043750][ T1150] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 374.099184][ T8168] fido_id[8168]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 374.104496][ T1150] bond0 (unregistering): Released all slaves [ 374.785817][ T7933] bridge0: port 1(bridge_slave_0) entered blocking state [ 374.790291][ T7933] bridge0: port 1(bridge_slave_0) entered disabled state [ 374.790533][ T7933] bridge_slave_0: entered allmulticast mode [ 374.825238][ T7933] bridge_slave_0: entered promiscuous mode [ 374.844344][ T7933] bridge0: port 2(bridge_slave_1) entered blocking state [ 374.845579][ T7933] bridge0: port 2(bridge_slave_1) entered disabled state [ 374.845818][ T7933] bridge_slave_1: entered allmulticast mode [ 374.867376][ T7933] bridge_slave_1: entered promiscuous mode [ 376.454601][ T8186] __nla_validate_parse: 46 callbacks suppressed [ 376.454651][ T8186] netlink: 36 bytes leftover after parsing attributes in process `syz.3.736'. [ 377.978464][ T7933] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 378.063393][ T7933] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 378.449523][ T7933] team0: Port device team_slave_0 added [ 378.476470][ T7933] team0: Port device team_slave_1 added [ 379.320093][ T8243] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 379.542454][ T7933] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 379.542473][ T7933] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 379.542502][ T7933] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 379.932341][ T7933] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 379.932359][ T7933] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 379.932386][ T7933] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 380.418760][ T1150] hsr_slave_0: left promiscuous mode [ 380.571454][ T1150] hsr_slave_1: left promiscuous mode [ 380.572986][ T1150] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 380.573082][ T1150] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 380.688340][ T1150] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 380.688372][ T1150] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 380.954528][ T1150] veth1_macvtap: left promiscuous mode [ 380.954820][ T1150] veth0_macvtap: left promiscuous mode [ 380.955155][ T1150] veth1_vlan: left promiscuous mode [ 380.957207][ T1150] veth0_vlan: left promiscuous mode [ 381.917062][ T8294] netlink: 12 bytes leftover after parsing attributes in process `syz.1.770'. [ 385.052473][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 385.052541][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 385.993050][ T1150] team0 (unregistering): Port device team_slave_1 removed [ 388.252525][ T7933] hsr_slave_0: entered promiscuous mode [ 388.260237][ T7933] hsr_slave_1: entered promiscuous mode [ 388.288568][ T7933] debugfs: 'hsr0' already exists in 'hsr' [ 388.288598][ T7933] Cannot create hsr debugfs directory [ 390.182622][ T8385] netlink: 4 bytes leftover after parsing attributes in process `syz.1.797'. [ 390.540213][ T8394] netlink: 'syz.2.800': attribute type 1 has an invalid length. [ 391.936761][ T8409] netlink: 'syz.3.807': attribute type 1 has an invalid length. [ 392.318275][ T8413] gretap1: entered allmulticast mode [ 392.347627][ T8413] bond1: (slave gretap1): making interface the new active one [ 392.349663][ T8413] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 395.026202][ T8450] netlink: 12 bytes leftover after parsing attributes in process `syz.3.816'. [ 395.362202][ T8457] netlink: 'syz.2.818': attribute type 1 has an invalid length. [ 395.556312][ T8462] netlink: 'syz.3.819': attribute type 1 has an invalid length. [ 396.010276][ T8470] netlink: 'syz.0.822': attribute type 1 has an invalid length. [ 396.114710][ T8470] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 398.867771][ T7933] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 398.957696][ T7933] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 399.010342][ T7933] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 399.076598][ T7933] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 402.727369][ T7933] 8021q: adding VLAN 0 to HW filter on device bond0 [ 402.757631][ T7933] 8021q: adding VLAN 0 to HW filter on device team0 [ 402.770755][ T191] bridge0: port 1(bridge_slave_0) entered blocking state [ 402.812172][ T191] bridge0: port 1(bridge_slave_0) entered forwarding state [ 402.840519][ T4169] bridge0: port 2(bridge_slave_1) entered blocking state [ 402.840752][ T4169] bridge0: port 2(bridge_slave_1) entered forwarding state [ 407.170724][ T8589] gretap1: entered allmulticast mode [ 407.334782][ T7933] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 410.439292][ T9] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 410.572720][ T9] usb 4-1: device descriptor read/64, error -71 [ 410.674961][ T7933] veth0_vlan: entered promiscuous mode [ 410.696250][ T7933] veth1_vlan: entered promiscuous mode [ 410.758544][ T7933] veth0_macvtap: entered promiscuous mode [ 410.783114][ T7933] veth1_macvtap: entered promiscuous mode [ 410.814873][ T9] usb 4-1: new full-speed USB device number 17 using dummy_hcd [ 410.830903][ T7933] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 410.846681][ T7933] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 410.869574][ T4169] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.869835][ T4169] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.869891][ T4169] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.869927][ T4169] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.907355][ T5798] usb 2-1: new full-speed USB device number 8 using dummy_hcd [ 410.961807][ T9] usb 4-1: device descriptor read/64, error -71 [ 411.088070][ T9] usb usb4-port1: attempt power cycle [ 411.117931][ T5798] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 411.117965][ T5798] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 411.117983][ T5798] usb 2-1: Product: syz [ 411.117996][ T5798] usb 2-1: Manufacturer: syz [ 411.118019][ T5798] usb 2-1: SerialNumber: syz [ 411.161139][ T5798] usb 2-1: config 0 descriptor?? [ 411.388845][ T5798] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 411.441434][ T9] usb 4-1: new full-speed USB device number 18 using dummy_hcd [ 411.456274][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 411.456302][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 411.492025][ T9] usb 4-1: device descriptor read/8, error -71 [ 411.666418][ T4169] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 411.666440][ T4169] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 411.751406][ T9] usb 4-1: new full-speed USB device number 19 using dummy_hcd [ 411.784325][ T9] usb 4-1: device descriptor read/8, error -71 [ 411.902725][ T9] usb usb4-port1: unable to enumerate USB device [ 412.011896][ T5798] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 412.033786][ T5798] usb 2-1: USB disconnect, device number 8 [ 417.056881][ T9] usb 4-1: new full-speed USB device number 20 using dummy_hcd [ 418.114171][ T9] usb 4-1: device descriptor read/64, error -71 [ 418.371542][ T9] usb 4-1: new full-speed USB device number 21 using dummy_hcd [ 418.501395][ T9] usb 4-1: device descriptor read/64, error -71 [ 418.611976][ T9] usb usb4-port1: attempt power cycle [ 420.216689][ T9] usb 4-1: new full-speed USB device number 22 using dummy_hcd [ 420.421326][ T9] usb 4-1: device not accepting address 22, error -71 [ 422.041550][ T5907] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 422.999814][ T5907] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 422.999848][ T5907] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 422.999867][ T5907] usb 5-1: Product: syz [ 422.999882][ T5907] usb 5-1: Manufacturer: syz [ 422.999896][ T5907] usb 5-1: SerialNumber: syz [ 423.076095][ T5907] usb 5-1: config 0 descriptor?? [ 423.294177][ T5907] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 424.018852][ T5907] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 424.060902][ T5907] usb 5-1: USB disconnect, device number 9 [ 424.169298][ T8817] netlink: 72 bytes leftover after parsing attributes in process `syz.3.912'. [ 424.171773][ T8817] netlink: 72 bytes leftover after parsing attributes in process `syz.3.912'. [ 424.172508][ T8817] netlink: 4 bytes leftover after parsing attributes in process `syz.3.912'. [ 426.254590][ T8851] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 430.380565][ T8888] netlink: 'syz.4.941': attribute type 1 has an invalid length. [ 430.380630][ T8888] netlink: 224 bytes leftover after parsing attributes in process `syz.4.941'. [ 430.815391][ T8890] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 432.250607][ T8909] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 434.530643][ T5879] IPVS: starting estimator thread 0... [ 434.632093][ T8947] IPVS: using max 7 ests per chain, 16800 per kthread [ 437.131622][ T8981] overlayfs: failed to resolve './bus': -2 [ 439.452025][ T8998] sg_write: data in/out 426460/128 bytes for SCSI command 0x0-- guessing data in; [ 439.452025][ T8998] program syz.0.980 not setting count and/or reply_len properly [ 441.536629][ T9022] sg_write: data in/out 426460/128 bytes for SCSI command 0x0-- guessing data in; [ 441.536629][ T9022] program syz.4.989 not setting count and/or reply_len properly [ 446.128196][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 448.472608][ T9097] netlink: 'syz.0.1017': attribute type 1 has an invalid length. [ 449.160421][ T9108] netlink: 'syz.4.1019': attribute type 1 has an invalid length. [ 449.160445][ T9108] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1019'. [ 451.699063][ T9134] netlink: 'syz.0.1031': attribute type 1 has an invalid length. [ 451.719355][ T9134] gretap1: entered allmulticast mode [ 452.001422][ T8665] usb 4-1: new full-speed USB device number 24 using dummy_hcd [ 453.153818][ T8665] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 453.153848][ T8665] usb 4-1: config 0 has no interfaces? [ 453.157068][ T8665] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 453.157101][ T8665] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 453.157121][ T8665] usb 4-1: Product: syz [ 453.157135][ T8665] usb 4-1: Manufacturer: syz [ 453.157150][ T8665] usb 4-1: SerialNumber: syz [ 453.182222][ T8665] usb 4-1: config 0 descriptor?? [ 455.306663][ T5865] usb 4-1: USB disconnect, device number 24 [ 460.500465][ T5865] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 460.723441][ T5865] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 460.723471][ T5865] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 460.726991][ T5865] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 460.727023][ T5865] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 460.727044][ T5865] usb 2-1: Product: syz [ 460.727058][ T5865] usb 2-1: Manufacturer: syz [ 460.727072][ T5865] usb 2-1: SerialNumber: syz [ 460.746550][ T5865] usb 2-1: config 0 descriptor?? [ 463.198005][ T5865] usb 2-1: USB disconnect, device number 9 [ 473.172059][ T9316] netlink: 144 bytes leftover after parsing attributes in process `syz.2.1090'. [ 475.633150][ T5879] IPVS: starting estimator thread 0... [ 475.821412][ T9351] IPVS: using max 13 ests per chain, 31200 per kthread [ 476.091970][ T9361] sg_write: data in/out 424412/120 bytes for SCSI command 0x0-- guessing data in; [ 476.091970][ T9361] program syz.0.1104 not setting count and/or reply_len properly [ 476.928669][ T9364] sg_write: data in/out 404444/42 bytes for SCSI command 0x0-- guessing data in; [ 476.928669][ T9364] program syz.4.1105 not setting count and/or reply_len properly [ 478.971851][ T9393] sg_write: data in/out 404444/42 bytes for SCSI command 0x0-- guessing data in; [ 478.971851][ T9393] program syz.3.1118 not setting count and/or reply_len properly [ 479.572484][ T9401] netlink: 'syz.3.1120': attribute type 1 has an invalid length. [ 480.550427][ T9427] sg_write: data in/out 404444/42 bytes for SCSI command 0x0-- guessing data in; [ 480.550427][ T9427] program syz.4.1130 not setting count and/or reply_len properly [ 480.862750][ T9430] netlink: 'syz.3.1132': attribute type 1 has an invalid length. [ 482.155457][ T9455] sg_write: data in/out 405724/47 bytes for SCSI command 0x0-- guessing data in; [ 482.155457][ T9455] program syz.1.1143 not setting count and/or reply_len properly [ 482.954128][ T9471] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 483.084176][ T37] kauditd_printk_skb: 3 callbacks suppressed [ 483.084199][ T37] audit: type=1326 audit(1773135960.441:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9473 comm="syz.0.1150" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4ca4f6c799 code=0x0 [ 484.153744][ T37] audit: type=1326 audit(1773135961.511:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9473 comm="syz.0.1150" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4ca4f6c799 code=0x0 [ 484.157092][ T5800] Bluetooth: hci1: command 0x0406 tx timeout [ 484.372819][ T9479] gretap1: entered allmulticast mode [ 484.631424][ T5798] usb 2-1: new full-speed USB device number 10 using dummy_hcd [ 485.007895][ T5798] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 485.010578][ T5798] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 485.010609][ T5798] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 485.010624][ T5798] usb 2-1: Product: syz [ 485.010632][ T5798] usb 2-1: Manufacturer: syz [ 485.010640][ T5798] usb 2-1: SerialNumber: syz [ 485.063587][ T5798] usb 2-1: config 0 descriptor?? [ 488.211515][ T5798] usb 2-1: USB disconnect, device number 10 [ 489.898441][ T37] audit: type=1326 audit(1773135967.251:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9565 comm="syz.2.1185" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f493558c799 code=0x0 [ 489.966465][ T37] audit: type=1326 audit(1773135967.311:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9565 comm="syz.2.1185" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f493558c799 code=0x0 [ 493.437558][ T9617] sg_write: data in/out 422364/112 bytes for SCSI command 0x0-- guessing data in; [ 493.437558][ T9617] program syz.4.1205 not setting count and/or reply_len properly [ 493.784370][ T5113] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 496.007354][ T37] audit: type=1326 audit(1773135973.361:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9640 comm="syz.4.1213" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc0426ec799 code=0x0 [ 496.056742][ T37] audit: type=1326 audit(1773135973.411:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9640 comm="syz.4.1213" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc0426ec799 code=0x0 [ 503.741818][ T37] audit: type=1326 audit(1773135980.871:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9712 comm="syz.3.1236" exe="/root/syz-executor" sig=31 arch=c000003e syscall=230 compat=0 ip=0x7f50e4d1cfce code=0x0 [ 503.741882][ T37] audit: type=1326 audit(1773135980.881:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9712 comm="syz.3.1236" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f50e4d5c799 code=0x0 [ 504.530945][ T9737] netlink: 'syz.1.1243': attribute type 1 has an invalid length. [ 506.361336][ T5865] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 506.792783][ T5865] usb 5-1: Using ep0 maxpacket: 32 [ 506.797804][ T5865] usb 5-1: unable to get BOS descriptor or descriptor too short [ 506.814835][ T5865] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 113, changing to 7 [ 506.820535][ T5865] usb 5-1: New USB device found, idVendor=041e, idProduct=3000, bcdDevice= 0.40 [ 506.820568][ T5865] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 506.820589][ T5865] usb 5-1: Product: syz [ 506.820603][ T5865] usb 5-1: Manufacturer: syz [ 506.820617][ T5865] usb 5-1: SerialNumber: syz [ 507.656103][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 508.198684][ T9769] netlink: 'syz.0.1255': attribute type 1 has an invalid length. [ 508.200110][ T5865] usb 5-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 508.691160][ T5865] usb 5-1: USB disconnect, device number 10 [ 510.333858][ T9787] sg_write: data in/out 426460/128 bytes for SCSI command 0x0-- guessing data in; [ 510.333858][ T9787] program syz.1.1262 not setting count and/or reply_len properly [ 510.535370][ T6732] udevd[6732]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 512.262180][ T9811] netlink: 'syz.2.1269': attribute type 1 has an invalid length. [ 512.618735][ T5113] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 513.080094][ T9825] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1276'. [ 514.299845][ C1] vxcan0: j1939_tp_rxtimer: 0xffff8880643b2000: rx timeout, send abort [ 514.303003][ C1] vxcan0: j1939_xtp_rx_abort_one: 0xffff8880643b2000: 0x0f000: (3) A timeout occurred and this is the connection abort to close the session. [ 515.700517][ T9841] netlink: 144 bytes leftover after parsing attributes in process `syz.3.1280'. [ 515.851084][ T9847] netlink: 'syz.0.1282': attribute type 1 has an invalid length. [ 516.164618][ T9858] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1287'. [ 516.312295][ T9862] sg_write: data in/out 420316/104 bytes for SCSI command 0x0-- guessing data in; [ 516.312295][ T9862] program syz.1.1289 not setting count and/or reply_len properly [ 517.786945][ T9875] netlink: 144 bytes leftover after parsing attributes in process `syz.0.1293'. [ 517.985427][ T9881] netlink: 'syz.2.1294': attribute type 1 has an invalid length. [ 518.878043][ T9905] sg_write: data in/out 420316/104 bytes for SCSI command 0x0-- guessing data in; [ 518.878043][ T9905] program syz.1.1303 not setting count and/or reply_len properly [ 519.756075][ T9914] netlink: 'syz.4.1308': attribute type 1 has an invalid length. [ 519.870932][ T9914] gretap1: entered allmulticast mode [ 520.691680][ T9923] netlink: 144 bytes leftover after parsing attributes in process `syz.3.1306'. [ 525.503968][ T9972] sg_write: data in/out 434652/160 bytes for SCSI command 0x0-- guessing data in; [ 525.503968][ T9972] program syz.3.1329 not setting count and/or reply_len properly [ 538.041049][T10068] ======================================================= [ 538.041049][T10068] WARNING: The mand mount option has been deprecated and [ 538.041049][T10068] and is ignored by this kernel. Remove the mand [ 538.041049][T10068] option from the mount to silence this warning. [ 538.041049][T10068] ======================================================= [ 538.042668][T10068] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 541.000207][ T5113] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 546.187829][T10150] sg_write: data in/out 434652/160 bytes for SCSI command 0x0-- guessing data in; [ 546.187829][T10150] program syz.4.1390 not setting count and/or reply_len properly [ 550.001640][T10188] sg_write: data in/out 426204/127 bytes for SCSI command 0x0-- guessing data in; [ 550.001640][T10188] program syz.0.1402 not setting count and/or reply_len properly [ 550.164868][T10191] sg_write: data in/out 432604/152 bytes for SCSI command 0x0-- guessing data in; [ 550.164868][T10191] program syz.4.1404 not setting count and/or reply_len properly [ 552.261509][T10225] sg_write: data in/out 432604/152 bytes for SCSI command 0x0-- guessing data in; [ 552.261509][T10225] program syz.1.1416 not setting count and/or reply_len properly [ 555.238611][T10255] sg_write: data in/out 426204/127 bytes for SCSI command 0x0-- guessing data in; [ 555.238611][T10255] program syz.0.1429 not setting count and/or reply_len properly [ 555.275944][T10254] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1428'. [ 555.521910][T10256] bridge1: entered promiscuous mode [ 555.522177][T10256] macsec1: entered promiscuous mode [ 560.903365][T10323] genirq: Flags mismatch irq 4. 00202000 (aio_iiro_16) vs. 00202080 (ttyS0) [ 562.141455][ T9] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 563.369150][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 563.377737][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 563.377772][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 563.377815][ T9] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 563.377839][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 563.432522][ T9] usb 4-1: config 0 descriptor?? [ 563.450575][ T9] hub 4-1:0.0: USB hub found [ 564.738739][T10348] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 564.759399][ T9] hub 4-1:0.0: 1 port detected [ 566.169572][ T9] hub 4-1:0.0: hub_hub_status failed (err = -32) [ 566.169668][ T9] hub 4-1:0.0: config failed, can't get hub status (err -32) [ 566.201335][ T9] usbhid 4-1:0.0: can't add hid device: -32 [ 566.201473][ T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -32 [ 566.254618][ T9] usb 4-1: USB disconnect, device number 25 [ 569.420164][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 569.663315][T10397] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 572.836263][T10433] sg_write: data in/out 422364/112 bytes for SCSI command 0x0-- guessing data in; [ 572.836263][T10433] program syz.3.1488 not setting count and/or reply_len properly [ 574.671877][T10449] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 576.784830][T10460] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1496'. [ 577.049930][T10468] sg_write: data in/out 430556/144 bytes for SCSI command 0x0-- guessing data in; [ 577.049930][T10468] program syz.3.1501 not setting count and/or reply_len properly [ 581.050629][T10498] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1511'. [ 581.402016][T10505] sg_write: data in/out 430556/144 bytes for SCSI command 0x0-- guessing data in; [ 581.402016][T10505] program syz.1.1514 not setting count and/or reply_len properly [ 582.544354][T10512] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 582.561531][T10512] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 582.564064][T10512] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 582.569335][T10512] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 582.570182][T10512] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 584.712633][ T5113] Bluetooth: hci5: command tx timeout [ 586.478824][T10539] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1523'. [ 586.711067][T10550] sg_write: data in/out 430556/144 bytes for SCSI command 0x0-- guessing data in; [ 586.711067][T10550] program syz.0.1526 not setting count and/or reply_len properly [ 586.854718][ T5113] Bluetooth: hci5: command tx timeout [ 587.747585][T10551] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1527'. [ 587.763864][T10554] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1528'. [ 588.933115][ T5113] Bluetooth: hci5: command tx timeout [ 589.330131][T10577] sg_write: data in/out 430556/144 bytes for SCSI command 0x0-- guessing data in; [ 589.330131][T10577] program syz.1.1538 not setting count and/or reply_len properly [ 590.770387][T10590] sg_write: data in/out 418268/96 bytes for SCSI command 0x0-- guessing data in; [ 590.770387][T10590] program syz.1.1542 not setting count and/or reply_len properly [ 590.917617][ T43] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 591.002408][ T5113] Bluetooth: hci5: command tx timeout [ 591.982819][ T43] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 592.053277][T10506] chnl_net:caif_netlink_parms(): no params data found [ 594.153723][ T43] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 595.625437][T10626] sg_write: data in/out 418268/96 bytes for SCSI command 0x0-- guessing data in; [ 595.625437][T10626] program syz.1.1553 not setting count and/or reply_len properly [ 597.598848][ T43] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 597.821369][ T5798] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 598.540472][ T5798] usb 1-1: Using ep0 maxpacket: 32 [ 598.585254][ T5798] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 598.585292][ T5798] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 598.585335][ T5798] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 598.585359][ T5798] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 598.671592][ T5798] usb 1-1: config 0 descriptor?? [ 598.676697][ T5798] hub 1-1:0.0: USB hub found [ 598.951285][ T5798] hub 1-1:0.0: 1 port detected [ 598.988821][T10506] bridge0: port 1(bridge_slave_0) entered blocking state [ 598.988947][T10506] bridge0: port 1(bridge_slave_0) entered disabled state [ 598.989167][T10506] bridge_slave_0: entered allmulticast mode [ 598.999015][T10506] bridge_slave_0: entered promiscuous mode [ 599.009342][T10506] bridge0: port 2(bridge_slave_1) entered blocking state [ 599.013323][T10506] bridge0: port 2(bridge_slave_1) entered disabled state [ 599.013587][T10506] bridge_slave_1: entered allmulticast mode [ 599.018909][T10506] bridge_slave_1: entered promiscuous mode [ 599.041438][T10653] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1561'. [ 599.161905][T10653] bridge1: entered promiscuous mode [ 599.162019][T10653] macsec1: entered promiscuous mode [ 599.183790][T10506] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 599.196922][T10506] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 600.389840][ T8665] hub 1-1:0.0: activate --> -90 [ 600.941502][ T9] usb 1-1: USB disconnect, device number 14 [ 601.031542][ T8665] usb 1-1-port1: config error [ 602.328419][T10506] team0: Port device team_slave_0 added [ 602.443914][T10506] team0: Port device team_slave_1 added [ 602.845915][T10506] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 602.845934][T10506] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 602.845970][T10506] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 603.002612][T10506] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 603.002632][T10506] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 603.002659][T10506] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 603.181595][ T43] bridge_slave_1: left allmulticast mode [ 603.181625][ T43] bridge_slave_1: left promiscuous mode [ 603.181895][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 603.703281][T10694] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1576'. [ 604.047155][ T43] bridge_slave_0: left allmulticast mode [ 604.047185][ T43] bridge_slave_0: left promiscuous mode [ 604.048034][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 604.367779][ T5907] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 604.881453][ T5907] usb 4-1: Using ep0 maxpacket: 32 [ 604.888949][ T5907] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 604.888983][ T5907] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 604.889037][ T5907] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 604.889060][ T5907] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 604.945223][ T5907] usb 4-1: config 0 descriptor?? [ 604.959775][ T5907] hub 4-1:0.0: USB hub found [ 605.173145][ T5907] hub 4-1:0.0: 1 port detected [ 605.785765][ T5907] hub 4-1:0.0: activate --> -90 [ 605.993064][ C1] raw-gadget.0 gadget.3: ignoring, device is not running [ 605.996042][ T8665] usb 4-1: USB disconnect, device number 26 [ 606.016238][ T5907] hub 4-1:0.0: hub_ext_port_status failed (err = -71) [ 607.341857][ T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 607.412255][ T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 607.445774][ T43] bond0 (unregistering): Released all slaves [ 607.488332][T10506] hsr_slave_0: entered promiscuous mode [ 607.489336][T10506] hsr_slave_1: entered promiscuous mode [ 607.490058][T10506] debugfs: 'hsr0' already exists in 'hsr' [ 607.490076][T10506] Cannot create hsr debugfs directory [ 613.476229][ T5865] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 613.641901][ T5865] usb 4-1: Using ep0 maxpacket: 32 [ 613.644320][ T5865] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 613.644353][ T5865] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 613.644395][ T5865] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 613.644417][ T5865] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 613.654150][ T5865] usb 4-1: config 0 descriptor?? [ 613.664870][ T5865] hub 4-1:0.0: USB hub found [ 613.734909][ T37] audit: type=1326 audit(1773136091.091:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10767 comm="syz.2.1597" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f493558c799 code=0x0 [ 613.784478][ T37] audit: type=1326 audit(1773136091.141:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10767 comm="syz.2.1597" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f493558c799 code=0x0 [ 613.872634][ T5865] hub 4-1:0.0: 1 port detected [ 614.393665][ T43] hsr_slave_0: left promiscuous mode [ 614.431382][ T43] hsr_slave_1: left promiscuous mode [ 614.432581][ T43] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 614.432609][ T43] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 614.472602][ T43] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 614.472634][ T43] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 614.514086][ T5865] hub 4-1:0.0: activate --> -90 [ 614.563370][ T43] veth1_macvtap: left promiscuous mode [ 614.563489][ T43] veth0_macvtap: left promiscuous mode [ 614.563792][ T43] veth1_vlan: left promiscuous mode [ 614.563985][ T43] veth0_vlan: left promiscuous mode [ 615.118768][ T5879] usb 4-1: USB disconnect, device number 27 [ 615.221424][ T5865] usb 4-1-port1: config error [ 615.453800][ T43] team0 (unregistering): Port device team_slave_1 removed [ 615.501651][ T43] team0 (unregistering): Port device team_slave_0 removed [ 615.783271][T10775] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 616.312157][T10506] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 616.576953][T10506] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 617.392171][T10506] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 617.682680][T10506] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 617.831895][ T5113] Bluetooth: hci2: Malformed MSFT vendor event: 0x02 [ 618.615988][T10506] 8021q: adding VLAN 0 to HW filter on device bond0 [ 618.791531][ T37] audit: type=1326 audit(1773136096.101:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10827 comm="syz.3.1611" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f50e4d5c799 code=0x0 [ 618.791594][ T37] audit: type=1326 audit(1773136096.131:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10827 comm="syz.3.1611" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f50e4d5c799 code=0x0 [ 618.862075][ T37] audit: type=1326 audit(1773136096.221:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10827 comm="syz.3.1611" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f50e4d5c799 code=0x0 [ 618.979601][T10506] 8021q: adding VLAN 0 to HW filter on device team0 [ 619.086879][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 619.086967][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 619.166778][ T68] bridge0: port 2(bridge_slave_1) entered blocking state [ 619.166875][ T68] bridge0: port 2(bridge_slave_1) entered forwarding state [ 621.964932][T10506] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 622.578175][ T37] audit: type=1326 audit(1773136099.931:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10875 comm="syz.2.1622" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f493558c799 code=0x0 [ 622.579147][ T37] audit: type=1326 audit(1773136099.931:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10875 comm="syz.2.1622" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f493558c799 code=0x0 [ 623.817784][T10506] veth0_vlan: entered promiscuous mode [ 623.863691][T10506] veth1_vlan: entered promiscuous mode [ 623.879989][T10893] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1626'. [ 624.023340][T10506] veth0_macvtap: entered promiscuous mode [ 624.041100][T10506] veth1_macvtap: entered promiscuous mode [ 624.162475][T10506] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 624.170789][T10506] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 624.243643][ T160] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 624.244182][ T160] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 624.246726][ T160] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 624.246775][ T160] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 624.786630][ T1009] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 624.786654][ T1009] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 624.966359][ T1009] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 624.966382][ T1009] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 626.211358][ T8665] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 626.308443][ T37] audit: type=1326 audit(1773136103.661:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10936 comm="syz.5.1508" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f836758c799 code=0x0 [ 626.357663][ T37] audit: type=1326 audit(1773136103.711:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10936 comm="syz.5.1508" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f836758c799 code=0x0 [ 626.368781][ T8665] usb 2-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 626.368814][ T8665] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 626.393333][ T8665] usb 2-1: config 0 descriptor?? [ 626.444036][ T8665] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 627.491979][ T9] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 627.641289][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 627.645665][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 627.645702][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 627.645828][ T9] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 627.645854][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 627.673528][ T9] usb 1-1: config 0 descriptor?? [ 627.706783][ T9] hub 1-1:0.0: USB hub found [ 627.884663][ T9] hub 1-1:0.0: 1 port detected [ 628.061247][ T37] audit: type=1326 audit(1773136105.411:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10973 comm="syz.2.1649" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f493558c799 code=0x0 [ 628.061304][ T37] audit: type=1326 audit(1773136105.411:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10973 comm="syz.2.1649" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f493558c799 code=0x0 [ 628.371651][ T8665] usb 2-1: USB disconnect, device number 11 [ 628.990687][ T9] hub 1-1:0.0: activate --> -90 [ 629.202051][ C0] raw-gadget.1 gadget.0: ignoring, device is not running [ 629.202562][ T9] hub 1-1:0.0: hub_ext_port_status failed (err = -71) [ 629.317345][ T67] usb 1-1: Failed to suspend device, error -71 [ 629.612045][ T5943] usb 1-1: USB disconnect, device number 15 [ 630.529862][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 635.179123][ T37] audit: type=1326 audit(1773136112.531:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11034 comm="syz.2.1665" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f493558c799 code=0x0 [ 635.179656][ T37] audit: type=1326 audit(1773136112.531:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11034 comm="syz.2.1665" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f493558c799 code=0x0 [ 640.881299][ T9] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 640.908888][ T37] audit: type=1326 audit(1773136118.251:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11080 comm="syz.0.1676" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4ca4f6c799 code=0x0 [ 640.961260][ T37] audit: type=1326 audit(1773136118.301:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11080 comm="syz.0.1676" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4ca4f6c799 code=0x0 [ 641.037061][ T9] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 641.037094][ T9] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 641.037115][ T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 641.037169][ T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 641.037195][ T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 641.052305][ T9] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 641.052344][ T9] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 641.052363][ T9] usb 2-1: Product: syz [ 641.052376][ T9] usb 2-1: Manufacturer: syz [ 641.096913][ T9] cdc_wdm 2-1:1.0: skipping garbage [ 641.096933][ T9] cdc_wdm 2-1:1.0: skipping garbage [ 641.157068][ T9] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 641.157145][ T9] cdc_wdm 2-1:1.0: Unknown control protocol [ 641.564695][ C1] cdc_wdm 2-1:1.0: Unexpected error -71 [ 641.565157][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 641.565321][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 641.565340][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 641.565345][ T8665] usb 2-1: USB disconnect, device number 12 [ 641.701292][ T5865] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 641.880323][ T5865] usb 1-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 641.880368][ T5865] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 641.942922][ T5865] usb 1-1: config 0 descriptor?? [ 641.967274][ T5865] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 643.512447][ T37] audit: type=1326 audit(1773136120.781:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11131 comm="syz.2.1691" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f493558c799 code=0x0 [ 643.513024][ T37] audit: type=1326 audit(1773136120.831:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11131 comm="syz.2.1691" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f493558c799 code=0x0 [ 643.551276][ T37] audit: type=1326 audit(1773136120.901:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11131 comm="syz.2.1691" exe="/root/syz-executor" sig=31 arch=c000003e syscall=16 compat=0 ip=0x7f493558c42b code=0x0 [ 644.141526][ T5865] usb 1-1: USB disconnect, device number 16 [ 650.091408][ T5865] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 650.139723][ T5113] Bluetooth: hci2: Malformed MSFT vendor event: 0x02 [ 650.477610][ T5865] usb 4-1: Using ep0 maxpacket: 32 [ 650.514808][ T5865] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 650.514850][ T5865] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 650.514898][ T5865] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 650.514923][ T5865] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 650.637641][ T5865] usb 4-1: config 0 descriptor?? [ 650.658903][ T5865] hub 4-1:0.0: USB hub found [ 650.871443][ T5865] hub 4-1:0.0: 1 port detected [ 652.475490][ T10] hub 4-1:0.0: activate --> -90 [ 652.754296][ T10] hub 4-1:0.0: hub_ext_port_status failed (err = -71) [ 652.832714][ T5943] usb 4-1: USB disconnect, device number 28 [ 652.834015][ T160] usb 4-1: Failed to suspend device, error -71 [ 653.328703][T11255] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 654.330195][ T5113] Bluetooth: hci2: Malformed MSFT vendor event: 0x02 [ 655.830162][T11291] MTD: Attempt to mount non-MTD device "/dev/loop5" [ 657.471829][ T5946] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 657.498886][ T5113] Bluetooth: hci2: Malformed MSFT vendor event: 0x02 [ 657.638877][ T5946] usb 4-1: Using ep0 maxpacket: 32 [ 657.642644][ T5946] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 657.642680][ T5946] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 657.642725][ T5946] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 657.642749][ T5946] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 657.702377][ T5946] usb 4-1: config 0 descriptor?? [ 657.746262][ T5946] hub 4-1:0.0: USB hub found [ 657.978470][ T5946] hub 4-1:0.0: 1 port detected [ 658.802194][ T5946] hub 4-1:0.0: activate --> -90 [ 658.807007][ T5907] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 659.005165][ T5943] hub 4-1:0.0: hub_ext_port_status failed (err = -71) [ 659.016136][ T9038] usb 4-1: Failed to suspend device, error -71 [ 659.031534][ T5907] usb 6-1: Using ep0 maxpacket: 32 [ 659.040837][ T5907] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 659.040872][ T5907] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 659.040914][ T5907] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 659.040939][ T5907] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 659.097143][ T5907] usb 6-1: config 0 descriptor?? [ 659.111998][ T5943] usb 4-1: USB disconnect, device number 29 [ 659.138583][ T5907] hub 6-1:0.0: USB hub found [ 659.325293][ T5907] hub 6-1:0.0: 1 port detected [ 660.535980][ T5865] usb 6-1: USB disconnect, device number 2 [ 660.551258][ T5943] hub 6-1:0.0: hub_ext_port_status failed (err = -71) [ 660.581360][ T10] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 660.761346][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 660.763169][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 660.763203][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 660.763237][ T10] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 660.763250][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 660.766230][ T10] usb 1-1: config 0 descriptor?? [ 660.881952][ T10] hub 1-1:0.0: USB hub found [ 661.108400][ T10] hub 1-1:0.0: 1 port detected [ 661.742898][T11347] gretap1: entered allmulticast mode [ 661.953677][ T10] hub 1-1:0.0: activate --> -90 [ 662.384698][ T10] hub 1-1:0.0: hub_ext_port_status failed (err = -71) [ 662.390762][T11064] usb 1-1: USB disconnect, device number 17 [ 664.749954][T11357] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1755'. [ 667.211816][ T5113] Bluetooth: hci0: Malformed MSFT vendor event: 0x02 [ 667.501376][ T5907] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 667.611390][ T5946] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 668.140289][ T5907] usb 4-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 668.140335][ T5907] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 668.201474][ T5907] usb 4-1: config 0 descriptor?? [ 668.205240][ T5907] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 668.223290][ T5946] usb 1-1: Using ep0 maxpacket: 32 [ 668.226239][ T5946] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 668.226328][ T5946] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 668.226355][ T5946] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 668.226370][ T5946] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 668.427836][ T5946] usb 1-1: config 0 descriptor?? [ 668.521319][ T5946] hub 1-1:0.0: USB hub found [ 668.650022][ T5946] hub 1-1:0.0: 1 port detected [ 669.293108][ T5946] hub 1-1:0.0: hub_ext_port_status failed (err = -71) [ 669.342796][T11064] usb 1-1: USB disconnect, device number 18 [ 669.345805][ T7626] usb 1-1: Failed to suspend device, error -19 [ 669.877165][ T5907] gspca_stv06xx: I2C: Read error writing address: -71 [ 669.903994][ T5907] usb 4-1: USB disconnect, device number 30 [ 669.964813][T11390] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1769'. [ 670.107033][T11392] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1770'. [ 670.107063][T11392] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1770'. [ 672.320405][ T5113] Bluetooth: hci3: Malformed MSFT vendor event: 0x02 [ 673.637867][T11423] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1781'. [ 677.658169][ T5907] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 678.275644][ T5907] usb 1-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 678.275679][ T5907] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 678.303343][ T5907] usb 1-1: config 0 descriptor?? [ 678.322072][ T5907] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 678.570405][T10512] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 678.794732][T10512] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 678.808492][T10512] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 678.831525][T10512] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 678.838908][T10512] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 680.093613][ T5907] gspca_stv06xx: I2C: Read error writing address: -71 [ 680.175291][ T5907] usb 1-1: USB disconnect, device number 19 [ 680.990758][T10512] Bluetooth: hci1: command tx timeout [ 685.004205][T10512] Bluetooth: hci1: command tx timeout [ 685.678497][T11455] chnl_net:caif_netlink_parms(): no params data found [ 686.498447][ T5113] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 686.530465][ T5113] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 686.553546][ T5113] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 686.583866][ T5113] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 686.584843][ T5113] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 686.617406][ T5946] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 686.621421][T11064] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 686.690006][T11455] bridge0: port 1(bridge_slave_0) entered blocking state [ 686.690166][T11455] bridge0: port 1(bridge_slave_0) entered disabled state [ 686.690436][T11455] bridge_slave_0: entered allmulticast mode [ 686.698662][T11455] bridge_slave_0: entered promiscuous mode [ 686.726192][T11455] bridge0: port 2(bridge_slave_1) entered blocking state [ 686.726333][T11455] bridge0: port 2(bridge_slave_1) entered disabled state [ 686.726542][T11455] bridge_slave_1: entered allmulticast mode [ 686.729300][T11455] bridge_slave_1: entered promiscuous mode [ 686.799684][ T5946] usb 1-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 686.799721][ T5946] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 686.806804][T11064] usb 4-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 686.806832][T11064] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 686.815987][ T5946] usb 1-1: config 0 descriptor?? [ 686.825962][T11064] usb 4-1: config 0 descriptor?? [ 686.881939][ T5946] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 686.936011][T11064] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 687.081660][T10512] Bluetooth: hci1: command tx timeout [ 687.306211][T11455] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 687.352364][T11455] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 688.335362][T11455] team0: Port device team_slave_0 added [ 688.502481][T11064] gspca_stv06xx: I2C: Read error writing address: -71 [ 688.552839][T11064] usb 4-1: USB disconnect, device number 31 [ 688.681522][T10512] Bluetooth: hci6: command tx timeout [ 688.916998][T11455] team0: Port device team_slave_1 added [ 688.982682][ T5946] usb 1-1: USB disconnect, device number 20 [ 689.161240][T10512] Bluetooth: hci1: command tx timeout [ 689.249429][T11455] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 689.249461][T11455] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 689.249490][T11455] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 689.883104][T11455] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 689.883132][T11455] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 689.883163][T11455] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 690.113033][T11455] hsr_slave_0: entered promiscuous mode [ 690.114521][T11455] hsr_slave_1: entered promiscuous mode [ 690.115649][T11455] debugfs: 'hsr0' already exists in 'hsr' [ 690.115677][T11455] Cannot create hsr debugfs directory [ 690.761238][T10512] Bluetooth: hci6: command tx timeout [ 691.996462][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 692.478357][T11506] chnl_net:caif_netlink_parms(): no params data found [ 692.841556][T10512] Bluetooth: hci6: command tx timeout [ 694.176089][T11555] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1824'. [ 694.293953][T11506] bridge0: port 1(bridge_slave_0) entered blocking state [ 694.309249][T11506] bridge0: port 1(bridge_slave_0) entered disabled state [ 694.309523][T11506] bridge_slave_0: entered allmulticast mode [ 694.555679][T11506] bridge_slave_0: entered promiscuous mode [ 694.682938][T11506] bridge0: port 2(bridge_slave_1) entered blocking state [ 694.683047][T11506] bridge0: port 2(bridge_slave_1) entered disabled state [ 694.683277][T11506] bridge_slave_1: entered allmulticast mode [ 694.686266][T11506] bridge_slave_1: entered promiscuous mode [ 694.931324][T10512] Bluetooth: hci6: command tx timeout [ 695.439081][T11455] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 695.731276][ T8665] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 695.773657][T11506] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 695.777147][T11455] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 695.967586][T11506] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 695.967932][T11455] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 695.974094][ T8665] usb 1-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 695.974124][ T8665] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 696.015489][ T8665] usb 1-1: config 0 descriptor?? [ 696.019131][ T8665] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 697.758424][T11455] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 699.679639][ T8665] usb 1-1: USB disconnect, device number 21 [ 699.771032][T11506] team0: Port device team_slave_0 added [ 699.825170][T11506] team0: Port device team_slave_1 added [ 700.280520][T11506] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 700.280540][T11506] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 700.280569][T11506] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 700.486714][ T5946] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 700.872017][ T5946] usb 1-1: Using ep0 maxpacket: 32 [ 701.253545][ T5946] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 701.253583][ T5946] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 701.253627][ T5946] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 701.253652][ T5946] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 701.304165][T11506] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 701.304188][T11506] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 701.304219][T11506] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 701.375306][ T5946] usb 1-1: config 0 descriptor?? [ 701.691024][ T5946] hub 1-1:0.0: USB hub found [ 701.716855][ T5946] hub 1-1:0.0: config failed, can't read hub descriptor (err -22) [ 701.940609][ T5946] usbhid 1-1:0.0: can't add hid device: -71 [ 701.940751][ T5946] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 702.941503][ T5946] usb 1-1: USB disconnect, device number 22 [ 710.320471][T11630] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1849'. [ 710.384011][T11506] hsr_slave_0: entered promiscuous mode [ 710.385847][T11506] hsr_slave_1: entered promiscuous mode [ 710.387079][T11506] debugfs: 'hsr0' already exists in 'hsr' [ 710.387108][T11506] Cannot create hsr debugfs directory [ 712.245024][T11631] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 712.339902][T10512] Bluetooth: hci2: Malformed MSFT vendor event: 0x02 [ 712.629494][T11646] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1854'. [ 714.915556][T11455] 8021q: adding VLAN 0 to HW filter on device bond0 [ 716.504169][T11673] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1865'. [ 716.626873][T11455] 8021q: adding VLAN 0 to HW filter on device team0 [ 717.639145][ T9038] bridge0: port 1(bridge_slave_0) entered blocking state [ 717.639365][ T9038] bridge0: port 1(bridge_slave_0) entered forwarding state [ 717.788419][T11506] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 717.852005][ T5946] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 717.920817][ T160] bridge0: port 2(bridge_slave_1) entered blocking state [ 717.920974][ T160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 717.947574][T11506] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 718.221399][ T5946] usb 1-1: Using ep0 maxpacket: 32 [ 718.403769][ T5946] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 718.403808][ T5946] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 718.403852][ T5946] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 718.403878][ T5946] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 718.409749][T11506] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 718.556336][T11688] overlayfs: missing 'lowerdir' [ 719.112598][ T5946] usb 1-1: config 0 descriptor?? [ 719.127234][ T5946] hub 1-1:0.0: USB hub found [ 719.326755][T11506] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 719.489526][ T5946] hub 1-1:0.0: 1 port detected [ 721.008293][ T5946] hub 1-1:0.0: hub_ext_port_status failed (err = -32) [ 721.427489][T11704] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 722.912734][T11508] usb 1-1: USB disconnect, device number 23 [ 723.235901][T11709] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1874'. [ 724.934023][T11712] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1875'. [ 725.341321][ T5907] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 725.370427][T11506] 8021q: adding VLAN 0 to HW filter on device bond0 [ 725.486819][T11506] 8021q: adding VLAN 0 to HW filter on device team0 [ 725.526559][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 725.526655][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 725.528091][ T67] bridge0: port 2(bridge_slave_1) entered blocking state [ 725.528168][ T67] bridge0: port 2(bridge_slave_1) entered forwarding state [ 725.537823][ T5907] usb 1-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 725.537844][ T5907] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 725.541212][ T5907] usb 1-1: config 0 descriptor?? [ 725.759668][ T5907] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 726.471329][T11735] netlink: 136 bytes leftover after parsing attributes in process `syz.3.1879'. [ 727.508328][ T5907] usb 1-1: USB disconnect, device number 24 [ 727.574245][T11455] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 730.948341][T11506] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 732.068193][T11455] veth0_vlan: entered promiscuous mode [ 732.121742][T11455] veth1_vlan: entered promiscuous mode [ 733.241298][T11064] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 733.398601][T11064] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 733.398634][T11064] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 733.398654][T11064] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 733.398719][T11064] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 733.398747][T11064] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 733.601931][T11064] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 733.601968][T11064] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 733.601990][T11064] usb 4-1: Product: syz [ 733.602005][T11064] usb 4-1: Manufacturer: syz [ 733.654224][T11064] cdc_wdm 4-1:1.0: skipping garbage [ 733.654247][T11064] cdc_wdm 4-1:1.0: skipping garbage [ 733.659480][T11064] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 733.659504][T11064] cdc_wdm 4-1:1.0: Unknown control protocol [ 733.692842][T11455] veth0_macvtap: entered promiscuous mode [ 734.009971][T11455] veth1_macvtap: entered promiscuous mode [ 734.319495][T11064] usb 4-1: USB disconnect, device number 32 [ 734.385627][T11455] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 734.493427][T11455] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 734.961677][ T1150] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 735.078353][ T1150] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 735.080005][ T1150] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 735.080542][ T1150] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 738.962808][T11803] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1896'. [ 738.983748][T11506] veth0_vlan: entered promiscuous mode [ 739.137414][T11506] veth1_vlan: entered promiscuous mode [ 739.442680][T11506] veth0_macvtap: entered promiscuous mode [ 739.566594][T11506] veth1_macvtap: entered promiscuous mode [ 739.669583][ T5113] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 739.703066][ T5113] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 739.705757][ T5113] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 739.712770][ T5113] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 739.741276][ T5113] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 741.304124][T11506] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 741.434094][T11506] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 741.552285][ T3864] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 741.558119][ T3864] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 741.592369][ T3864] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 741.633687][ T57] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 741.813583][T10512] Bluetooth: hci0: command tx timeout [ 743.890926][T10512] Bluetooth: hci0: command tx timeout [ 744.426793][T11839] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1908'. [ 745.961791][T10512] Bluetooth: hci0: command tx timeout [ 747.216753][ T5113] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 747.246475][ T5113] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 747.250045][ T5113] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 747.269392][ T5113] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 747.280439][ T5113] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 748.049323][T10512] Bluetooth: hci0: command tx timeout [ 748.919820][T11804] chnl_net:caif_netlink_parms(): no params data found [ 749.401447][T10512] Bluetooth: hci1: command tx timeout [ 751.481226][T10512] Bluetooth: hci1: command tx timeout [ 751.502665][T11804] bridge0: port 1(bridge_slave_0) entered blocking state [ 751.502821][T11804] bridge0: port 1(bridge_slave_0) entered disabled state [ 751.503487][T11804] bridge_slave_0: entered allmulticast mode [ 751.541647][T11804] bridge_slave_0: entered promiscuous mode [ 751.587768][T11804] bridge0: port 2(bridge_slave_1) entered blocking state [ 751.587916][T11804] bridge0: port 2(bridge_slave_1) entered disabled state [ 751.588718][T11804] bridge_slave_1: entered allmulticast mode [ 751.639291][T11804] bridge_slave_1: entered promiscuous mode [ 751.935114][T11804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 752.323537][T11804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 753.373448][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 753.561228][T10512] Bluetooth: hci1: command tx timeout [ 755.988458][T10512] Bluetooth: hci1: command tx timeout [ 756.303516][T11907] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 756.386210][ T5879] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 756.551875][ T5879] usb 4-1: Using ep0 maxpacket: 32 [ 756.554713][ T5879] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 756.554751][ T5879] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 756.554797][ T5879] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 756.554823][ T5879] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 756.660148][ T5879] usb 4-1: config 0 descriptor?? [ 756.709411][ T5879] hub 4-1:0.0: USB hub found [ 756.980269][ T5879] hub 4-1:0.0: config failed, can't read hub descriptor (err -22) [ 757.211869][ C1] raw-gadget.0 gadget.3: ignoring, device is not running [ 757.229840][ T5879] usbhid 4-1:0.0: can't add hid device: -71 [ 757.229987][ T5879] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 757.292289][ T5879] usb 4-1: USB disconnect, device number 33 [ 757.343665][T11804] team0: Port device team_slave_0 added [ 757.382613][T11804] team0: Port device team_slave_1 added [ 757.551689][T11804] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 757.551710][T11804] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 757.551740][T11804] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 757.554415][T11804] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 757.554431][T11804] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 757.555872][T11804] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 758.089025][T11804] hsr_slave_0: entered promiscuous mode [ 758.090034][T11804] hsr_slave_1: entered promiscuous mode [ 758.090615][T11804] debugfs: 'hsr0' already exists in 'hsr' [ 758.090631][T11804] Cannot create hsr debugfs directory [ 758.118494][T11857] chnl_net:caif_netlink_parms(): no params data found [ 759.156046][T11917] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1934'. [ 759.776875][T11920] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1935'. [ 763.124965][T11928] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 763.482082][ T5879] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 763.655989][ T5879] usb 1-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 763.656023][ T5879] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 763.711958][ T5879] usb 1-1: config 0 descriptor?? [ 763.743157][ T5879] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 764.414190][T11857] bridge0: port 1(bridge_slave_0) entered blocking state [ 764.414498][T11857] bridge0: port 1(bridge_slave_0) entered disabled state [ 764.414986][T11857] bridge_slave_0: entered allmulticast mode [ 764.475711][T11857] bridge_slave_0: entered promiscuous mode [ 766.411442][ T5879] usb 1-1: USB disconnect, device number 25 [ 767.992033][T11953] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 768.827548][T11849] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 768.920570][T11857] bridge0: port 2(bridge_slave_1) entered blocking state [ 768.935405][T11857] bridge0: port 2(bridge_slave_1) entered disabled state [ 768.935696][T11857] bridge_slave_1: entered allmulticast mode [ 768.954000][T11857] bridge_slave_1: entered promiscuous mode [ 769.688363][T11857] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 769.716403][T11857] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 769.920235][T11857] team0: Port device team_slave_0 added [ 769.964049][T11857] team0: Port device team_slave_1 added [ 771.293066][T11973] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 776.897325][T11804] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 777.491586][T11857] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 777.491607][T11857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 777.491637][T11857] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 777.776436][T11857] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 777.776451][T11857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 777.776470][T11857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 778.453532][T11993] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 779.223223][T11857] hsr_slave_0: entered promiscuous mode [ 779.224760][T11857] hsr_slave_1: entered promiscuous mode [ 779.225811][T11857] debugfs: 'hsr0' already exists in 'hsr' [ 779.225836][T11857] Cannot create hsr debugfs directory [ 783.062766][ T5946] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 783.221424][ T5946] usb 1-1: Using ep0 maxpacket: 32 [ 783.284535][ T5946] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 783.284573][ T5946] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 783.284618][ T5946] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 783.284643][ T5946] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 784.258690][ T5946] usb 1-1: config 0 descriptor?? [ 784.346388][ T5946] hub 1-1:0.0: USB hub found [ 784.536661][ T5946] hub 1-1:0.0: config failed, can't read hub descriptor (err -22) [ 784.559749][T12014] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 784.596187][ T5946] usbhid 1-1:0.0: can't add hid device: -71 [ 784.596342][ T5946] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 784.652794][ T5946] usb 1-1: USB disconnect, device number 26 [ 786.829794][T12041] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 787.762554][T11508] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 787.944309][T11508] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 787.944342][T11508] usb 1-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config [ 787.944363][T11508] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 787.944484][T11508] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 7 [ 787.944524][T11508] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9272, setting to 1024 [ 788.072224][T11508] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 788.072259][T11508] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 788.072324][T11508] usb 1-1: Product: syz [ 788.072383][T11508] usb 1-1: Manufacturer: syz [ 788.118658][T12052] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 788.630348][T11508] cdc_wdm 1-1:1.0: skipping garbage [ 788.630371][T11508] cdc_wdm 1-1:1.0: skipping garbage [ 788.631053][T11508] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22 [ 789.001637][T11508] usb 1-1: USB disconnect, device number 27 [ 789.691353][T11508] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 789.931375][T11508] usb 4-1: device descriptor read/64, error -71 [ 790.571416][T11508] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 790.703040][T11508] usb 4-1: device descriptor read/64, error -71 [ 790.815189][T11508] usb usb4-port1: attempt power cycle [ 791.171263][T11508] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 791.198561][T11508] usb 4-1: device descriptor read/8, error -71 [ 791.512391][T11508] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 791.844395][T11508] usb 4-1: device descriptor read/8, error -71 [ 792.051674][T11508] usb usb4-port1: unable to enumerate USB device [ 796.142982][T11508] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 796.701546][T11508] usb 4-1: Using ep0 maxpacket: 32 [ 796.704013][T11508] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 796.704059][T11508] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 796.704102][T11508] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 796.704126][T11508] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 796.727975][T11508] usb 4-1: config 0 descriptor?? [ 796.744555][T11508] hub 4-1:0.0: USB hub found [ 797.531836][T11508] hub 4-1:0.0: config failed, can't read hub descriptor (err -22) [ 797.603645][T11508] usbhid 4-1:0.0: can't add hid device: -71 [ 797.603795][T11508] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 797.682826][T11508] usb 4-1: USB disconnect, device number 38 [ 798.682734][ T5800] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 798.692750][ T5800] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 798.869852][ T5800] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 798.904354][ T5800] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 798.907408][ T5800] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 799.507035][T12111] chnl_net:caif_netlink_parms(): no params data found [ 799.778592][T12111] bridge0: port 1(bridge_slave_0) entered blocking state [ 799.778915][T12111] bridge0: port 1(bridge_slave_0) entered disabled state [ 799.779158][T12111] bridge_slave_0: entered allmulticast mode [ 799.810265][T12111] bridge_slave_0: entered promiscuous mode [ 799.850197][T12111] bridge0: port 2(bridge_slave_1) entered blocking state [ 799.909656][T11508] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 799.924299][T12111] bridge0: port 2(bridge_slave_1) entered disabled state [ 799.924606][T12111] bridge_slave_1: entered allmulticast mode [ 799.958772][T12111] bridge_slave_1: entered promiscuous mode [ 800.081331][T11508] usb 1-1: Using ep0 maxpacket: 32 [ 800.083970][T11508] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 800.084003][T11508] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 800.084045][T11508] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 800.084080][T11508] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 800.147400][T11508] usb 1-1: config 0 descriptor?? [ 800.320757][T11508] hub 1-1:0.0: USB hub found [ 800.532408][ C1] raw-gadget.0 gadget.0: ignoring, device is not running [ 800.532590][T11508] hub 1-1:0.0: config failed, can't read hub descriptor (err -22) [ 800.539741][ C1] raw-gadget.0 gadget.0: ignoring, device is not running [ 800.583061][T11508] usbhid 1-1:0.0: can't add hid device: -71 [ 800.583209][T11508] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 800.632614][T11508] usb 1-1: USB disconnect, device number 28 [ 800.647384][T12111] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 800.719273][T12111] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 800.953470][T12111] team0: Port device team_slave_0 added [ 801.002015][ T5800] Bluetooth: hci5: command tx timeout [ 801.008224][T12111] team0: Port device team_slave_1 added [ 801.163735][T12111] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 801.163760][T12111] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 801.163791][T12111] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 801.167901][T12111] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 801.167924][T12111] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 801.167956][T12111] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 802.887605][T12111] hsr_slave_0: entered promiscuous mode [ 802.889186][T12111] hsr_slave_1: entered promiscuous mode [ 802.890247][T12111] debugfs: 'hsr0' already exists in 'hsr' [ 802.890274][T12111] Cannot create hsr debugfs directory [ 803.081918][ T5800] Bluetooth: hci5: command tx timeout [ 803.771272][ T31] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 803.921306][ T31] usb 1-1: Using ep0 maxpacket: 32 [ 803.923986][ T31] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 803.924031][ T31] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 803.924075][ T31] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 803.924100][ T31] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 804.024702][ T31] usb 1-1: config 0 descriptor?? [ 804.039725][ T31] hub 1-1:0.0: USB hub found [ 804.264402][ T31] hub 1-1:0.0: config failed, can't read hub descriptor (err -22) [ 804.292372][ T31] usbhid 1-1:0.0: can't add hid device: -71 [ 804.292516][ T31] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 804.316626][ T31] usb 1-1: USB disconnect, device number 29 [ 805.171253][ T5800] Bluetooth: hci5: command tx timeout [ 807.242157][ T5800] Bluetooth: hci5: command tx timeout [ 807.461456][ T5907] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 807.569782][T10512] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 807.596227][T10512] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 807.599217][T10512] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 807.619757][ T5907] usb 4-1: Using ep0 maxpacket: 32 [ 807.623296][ T5907] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 807.623331][ T5907] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 807.623374][ T5907] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 807.623398][ T5907] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 807.689503][T10512] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 807.707386][ T5907] usb 4-1: config 0 descriptor?? [ 807.755846][T10512] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 807.844985][ T5907] hub 4-1:0.0: USB hub found [ 808.008984][ T5907] hub 4-1:0.0: 1 port detected [ 808.213406][ T5907] hub 4-1:0.0: hub_hub_status failed (err = -71) [ 808.213439][ T5907] hub 4-1:0.0: config failed, can't get hub status (err -71) [ 808.313433][ T5907] usbhid 4-1:0.0: can't add hid device: -71 [ 808.313578][ T5907] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 808.497011][ T5907] usb 4-1: USB disconnect, device number 39 [ 809.339076][T10512] Bluetooth: hci2: Malformed MSFT vendor event: 0x02 [ 809.460894][T12176] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2009'. [ 809.881418][T10512] Bluetooth: hci6: command tx timeout [ 810.304998][T12183] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2010'. [ 810.634030][T12161] chnl_net:caif_netlink_parms(): no params data found [ 810.981386][ T31] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 811.135215][ T31] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 811.135250][ T31] usb 1-1: config 1 has an invalid descriptor of length 247, skipping remainder of the config [ 811.135271][ T31] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 811.135324][ T31] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 811.138646][ T31] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 811.138675][ T31] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 811.138696][ T31] usb 1-1: Product: syz [ 811.138711][ T31] usb 1-1: Manufacturer: syz [ 811.273746][ T31] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22 [ 811.414528][T12161] bridge0: port 1(bridge_slave_0) entered blocking state [ 811.430728][T12161] bridge0: port 1(bridge_slave_0) entered disabled state [ 811.431032][T12161] bridge_slave_0: entered allmulticast mode [ 811.496144][T12161] bridge_slave_0: entered promiscuous mode [ 811.538930][T12161] bridge0: port 2(bridge_slave_1) entered blocking state [ 811.539782][T12161] bridge0: port 2(bridge_slave_1) entered disabled state [ 811.540082][T12161] bridge_slave_1: entered allmulticast mode [ 811.577286][T12161] bridge_slave_1: entered promiscuous mode [ 811.628425][ T31] usb 1-1: USB disconnect, device number 30 [ 811.982273][T10512] Bluetooth: hci6: command tx timeout [ 812.149188][T12161] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 812.180973][T12161] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 814.083386][T10512] Bluetooth: hci6: command tx timeout [ 814.886507][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 814.919132][T12161] team0: Port device team_slave_0 added [ 814.936253][T12161] team0: Port device team_slave_1 added [ 815.195145][T12161] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 815.195167][T12161] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 815.195199][T12161] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 815.221461][T12161] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 815.221486][T12161] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 815.221513][T12161] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 816.121335][T10512] Bluetooth: hci6: command tx timeout [ 816.825082][T12161] hsr_slave_0: entered promiscuous mode [ 816.826635][T12161] hsr_slave_1: entered promiscuous mode [ 816.827760][T12161] debugfs: 'hsr0' already exists in 'hsr' [ 816.827788][T12161] Cannot create hsr debugfs directory [ 818.391306][T11508] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 818.612826][T11508] usb 1-1: Using ep0 maxpacket: 32 [ 819.715225][T11508] usb 1-1: device descriptor read/all, error -71 [ 828.305960][T12297] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2046'. [ 828.842161][ T5943] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 829.031284][ T5943] usb 1-1: Using ep0 maxpacket: 32 [ 829.033841][ T5943] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 829.033877][ T5943] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 829.033919][ T5943] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 829.033945][ T5943] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 829.051348][ T5943] usb 1-1: config 0 descriptor?? [ 829.062075][ T5943] hub 1-1:0.0: USB hub found [ 829.560390][ T5943] hub 1-1:0.0: config failed, can't read hub descriptor (err -22) [ 829.958101][ T5943] usbhid 1-1:0.0: can't add hid device: -71 [ 829.958248][ T5943] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 830.051360][ T5943] usb 1-1: USB disconnect, device number 33 [ 843.011546][ T5943] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 843.165096][ T5943] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 843.165131][ T5943] usb 4-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config [ 843.165152][ T5943] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 843.165205][ T5943] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 843.167366][ T5943] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 843.167387][ T5943] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 843.167398][ T5943] usb 4-1: Product: syz [ 843.167406][ T5943] usb 4-1: Manufacturer: syz [ 843.250351][ T5943] cdc_wdm 4-1:1.0: skipping garbage [ 843.250366][ T5943] cdc_wdm 4-1:1.0: skipping garbage [ 843.250373][ T5943] cdc_wdm 4-1:1.0: skipping garbage [ 843.250394][ T5943] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22 [ 843.480396][ T5943] usb 4-1: USB disconnect, device number 40 [ 844.465468][T12385] netlink: 136 bytes leftover after parsing attributes in process `syz.3.2077'. [ 850.641804][T10512] Bluetooth: hci4: Malformed MSFT vendor event: 0x02 [ 856.499290][T10512] Bluetooth: hci4: Malformed MSFT vendor event: 0x02 [ 857.357479][T12447] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2100'. [ 859.232825][T11064] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 859.390512][ T5800] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 859.644657][ T5800] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 859.662807][ T5800] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 859.676970][ T5800] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 859.686162][ T5800] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 859.833763][T11064] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 859.833799][T11064] usb 1-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config [ 859.833819][T11064] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 859.833873][T11064] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 7 [ 859.833900][T11064] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9272, setting to 1024 [ 859.987887][T11064] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 859.987922][T11064] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 859.987943][T11064] usb 1-1: Product: syz [ 859.987959][T11064] usb 1-1: Manufacturer: syz [ 860.062702][T11064] cdc_wdm 1-1:1.0: skipping garbage [ 860.062726][T11064] cdc_wdm 1-1:1.0: skipping garbage [ 860.062839][T11064] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22 [ 860.282654][T11064] usb 1-1: USB disconnect, device number 34 [ 861.806316][T10512] Bluetooth: hci7: command tx timeout [ 862.818375][T12457] chnl_net:caif_netlink_parms(): no params data found [ 862.921422][T10512] Bluetooth: hci0: command 0x0406 tx timeout [ 863.289988][T12457] bridge0: port 1(bridge_slave_0) entered blocking state [ 863.295018][T12457] bridge0: port 1(bridge_slave_0) entered disabled state [ 863.295335][T12457] bridge_slave_0: entered allmulticast mode [ 863.313953][T12457] bridge_slave_0: entered promiscuous mode [ 863.332810][T12457] bridge0: port 2(bridge_slave_1) entered blocking state [ 863.342093][T12457] bridge0: port 2(bridge_slave_1) entered disabled state [ 863.342392][T12457] bridge_slave_1: entered allmulticast mode [ 863.642475][T12457] bridge_slave_1: entered promiscuous mode [ 863.902286][ T5800] Bluetooth: hci7: command tx timeout [ 864.164716][T12489] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2111'. [ 865.021500][T12457] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 865.297312][T12457] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 866.017010][ T38] INFO: task kworker/u8:1:13 blocked for more than 143 seconds. [ 866.017038][ T38] Not tainted syzkaller #0 [ 866.017050][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 866.017061][ T38] task:kworker/u8:1 state:D stack:20136 pid:13 tgid:13 ppid:2 task_flags:0x4208160 flags:0x00080000 [ 866.017125][ T38] Workqueue: events_unbound bpf_map_free_deferred [ 866.017263][ T38] Call Trace: [ 866.017271][ T38] [ 866.017286][ T38] __schedule+0x1553/0x5240 [ 866.017485][ T38] ? __lock_acquire+0x6b5/0x2cf0 [ 866.017570][ T38] ? __lock_acquire+0x6b5/0x2cf0 [ 866.017594][ T38] ? __pfx___schedule+0x10/0x10 [ 866.017640][ T38] rt_mutex_schedule+0x76/0xf0 [ 866.017681][ T38] rt_mutex_slowlock_block+0x508/0x680 [ 866.017726][ T38] rt_mutex_slowlock+0x2dc/0x7b0 [ 866.017753][ T38] ? rt_mutex_slowlock+0x1fd/0x7b0 [ 866.017777][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 866.017822][ T38] ? rcu_barrier+0x4c/0x580 [ 866.017864][ T38] ? rcu_barrier+0x4c/0x580 [ 866.017887][ T38] mutex_lock_nested+0x168/0x1d0 [ 866.017925][ T38] rcu_barrier+0x4c/0x580 [ 866.017963][ T38] dev_map_free+0x11f/0x6a0 [ 866.018031][ T38] ? kfree+0x4d/0x6c0 [ 866.018145][ T38] bpf_map_free_deferred+0x217/0x460 [ 866.018172][ T38] ? process_scheduled_works+0xa25/0x1830 [ 866.018204][ T38] process_scheduled_works+0xb02/0x1830 [ 866.018265][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 866.018304][ T38] ? assign_work+0x3d5/0x5e0 [ 866.018338][ T38] worker_thread+0xa50/0xfc0 [ 866.018395][ T38] kthread+0x388/0x470 [ 866.018418][ T38] ? __pfx_worker_thread+0x10/0x10 [ 866.018445][ T38] ? __pfx_kthread+0x10/0x10 [ 866.018470][ T38] ret_from_fork+0x51e/0xb90 [ 866.018525][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 866.018553][ T38] ? __switch_to+0xc7d/0x1450 [ 866.018611][ T38] ? __pfx_kthread+0x10/0x10 [ 866.018636][ T38] ret_from_fork_asm+0x1a/0x30 [ 866.018697][ T38] [ 866.018934][ T38] [ 866.018934][ T38] Showing all locks held in the system: [ 866.018946][ T38] 3 locks held by kworker/u8:0/12: [ 866.018985][ T38] #0: ffff888019c44138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 866.019056][ T38] #1: ffffc90000117c40 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 866.019114][ T38] #2: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 866.019168][ T38] 3 locks held by kworker/u8:1/13: [ 866.019180][ T38] #0: ffff888019c44138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 866.019237][ T38] #1: ffffc90000127c40 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 866.019293][ T38] #2: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 866.019347][ T38] 5 locks held by ksoftirqd/0/15: [ 866.019359][ T38] 3 locks held by rcuc/0/20: [ 866.019372][ T38] 1 lock held by khungtaskd/38: [ 866.019383][ T38] #0: ffffffff8ddcb840 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 866.019443][ T38] 3 locks held by kworker/u8:2/43: [ 866.019454][ T38] #0: ffff888019c44138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 866.019512][ T38] #1: ffffc90000b47c40 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 866.019568][ T38] #2: ffffffff8f159ff8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 866.019698][ T38] 3 locks held by kworker/u8:3/57: [ 866.019710][ T38] #0: ffff888019c44138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 866.019766][ T38] #1: ffffc9000123fc40 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 866.019822][ T38] #2: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 866.019875][ T38] 3 locks held by kworker/u8:4/67: [ 866.019886][ T38] #0: ffff888019c44138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 866.019953][ T38] #1: ffffc9000152fc40 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 866.020008][ T38] #2: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 866.020061][ T38] 3 locks held by kworker/u8:5/68: [ 866.020074][ T38] #0: ffff888019c44138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 866.020130][ T38] #1: ffffc9000153fc40 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 866.020186][ T38] #2: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 866.020242][ T38] 4 locks held by kworker/u8:6/160: [ 866.020255][ T38] 3 locks held by kworker/u8:7/191: [ 866.020267][ T38] #0: ffff888019c44138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 866.020322][ T38] #1: ffffc90003c47c40 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 866.020381][ T38] #2: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 866.020435][ T38] 3 locks held by kworker/u8:8/1009: [ 866.020446][ T38] #0: ffff888019c44138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 866.020503][ T38] #1: ffffc90005827c40 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 866.020559][ T38] #2: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 866.020613][ T38] 5 locks held by kworker/u8:9/1150: [ 866.020626][ T38] 3 locks held by kworker/u8:10/1365: [ 866.020638][ T38] #0: ffff888019c44138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 866.020701][ T38] #1: ffffc900065dfc40 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 866.020758][ T38] #2: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 866.020811][ T38] 2 locks held by kworker/u8:11/1402: [ 866.020823][ T38] #0: ffff88801db35138 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 866.020878][ T38] #1: ffffc9000672fc40 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 866.020955][ T38] 3 locks held by kworker/u8:12/3864: [ 866.020967][ T38] #0: ffff888019c44138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 866.021024][ T38] #1: ffffc9000f4efc40 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 866.021282][ T38] #2: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 866.021334][ T38] 3 locks held by kworker/u8:13/4169: [ 866.021346][ T38] #0: ffff888019c44138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 866.021397][ T38] #1: ffffc9000fbbfc40 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 866.021448][ T38] #2: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 866.021499][ T38] 2 locks held by getty/5549: [ 866.021510][ T38] #0: ffff8880287960a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 866.021647][ T38] #1: ffffc90003e8b2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x462/0x13c0 [ 866.021738][ T38] 3 locks held by kworker/1:4/5879: [ 866.021750][ T38] #0: ffff888019c03938 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 866.021808][ T38] #1: ffffc900059ffc40 (ser_release_work){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 866.021864][ T38] #2: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 866.021928][ T38] 3 locks held by kworker/u8:14/6174: [ 866.021940][ T38] #0: ffff888019c44138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 866.021999][ T38] #1: ffffc9000643fc40 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 866.022056][ T38] #2: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 866.022111][ T38] 5 locks held by kworker/u8:15/7589: [ 866.022123][ T38] 3 locks held by kworker/u8:16/7626: [ 866.022137][ T38] 6 locks held by kworker/u8:17/9038: [ 866.022154][ T38] 1 lock held by syz.5.1752/11347: [ 866.022166][ T38] #0: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 866.022221][ T38] 1 lock held by syz-executor/11455: [ 866.022233][ T38] #0: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 866.022288][ T38] 1 lock held by syz-executor/11506: [ 866.022300][ T38] #0: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 866.022352][ T38] 3 locks held by kworker/u8:18/11521: [ 866.022363][ T38] #0: ffff888019c44138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 866.022417][ T38] #1: ffffc90004987c40 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 866.022474][ T38] #2: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 866.022529][ T38] 5 locks held by kworker/u8:19/11614: [ 866.022542][ T38] 2 locks held by kworker/u8:20/11689: [ 866.022554][ T38] #0: ffff88801db35138 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 866.022612][ T38] #1: ffffc900065afc40 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 866.022671][ T38] 7 locks held by syz-executor/11804: [ 866.022683][ T38] #0: ffff88803138a480 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x22d/0xba0 [ 866.022824][ T38] #1: ffff88808769e078 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1df/0x540 [ 866.022959][ T38] #2: ffff888028c52878 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x232/0x540 [ 866.023024][ T38] #3: ffffffff8e9c78b8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd7/0x370 [ 866.023159][ T38] #4: ffff88803bcc60d8 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x870 [ 866.023265][ T38] #5: ffff88803b79a300 (&devlink->lock_key#8){+.+.}-{4:4}, at: nsim_drv_remove+0x50/0x160 [ 866.023361][ T38] #6: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 866.023414][ T38] 6 locks held by kworker/u8:21/11849: [ 866.023426][ T38] #0: ffff88801aee1138 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 866.023482][ T38] #1: ffffc90005047c40 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 866.023539][ T38] #2: ffffffff8f14b840 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf4/0x800 [ 866.023652][ T38] #3: ffff888011dee0d8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x117/0x3f0 [ 866.023752][ T38] #4: ffff88805f63e300 (&devlink->lock_key){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x129/0x3f0 [ 866.023803][ T38] #5: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 866.023856][ T38] 4 locks held by syz-executor/11857: [ 866.023868][ T38] #0: ffff88803138a480 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x22d/0xba0 [ 866.023938][ T38] #1: ffff8880213fb078 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1df/0x540 [ 866.023997][ T38] #2: ffff888028c52878 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x232/0x540 [ 866.024059][ T38] #3: ffffffff8e9c78b8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd7/0x370 [ 866.024116][ T38] 3 locks held by kworker/u8:22/11944: [ 866.024128][ T38] #0: ffff888019c44138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 866.024184][ T38] #1: ffffc900049a7c40 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 866.024239][ T38] #2: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 866.024293][ T38] 3 locks held by kworker/u8:23/11946: [ 866.024304][ T38] #0: ffff888019c44138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 866.024361][ T38] #1: ffffc900042f7c40 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 866.024415][ T38] #2: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 866.024468][ T38] 3 locks held by kworker/u8:24/12008: [ 866.024480][ T38] #0: ffff888019c44138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 866.024537][ T38] #1: ffffc900040b7c40 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 866.024594][ T38] #2: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 866.024648][ T38] 3 locks held by kworker/u8:25/12089: [ 866.024660][ T38] 3 locks held by kworker/u8:26/12098: [ 866.024673][ T38] 4 locks held by syz-executor/12111: [ 866.024685][ T38] #0: ffff88803138a480 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x22d/0xba0 [ 866.024746][ T38] #1: ffff8880376c4078 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1df/0x540 [ 866.024803][ T38] #2: ffff888028c52878 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x232/0x540 [ 866.024876][ T38] #3: ffffffff8e9c78b8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd7/0x370 [ 866.024942][ T38] 3 locks held by kworker/u8:27/12146: [ 866.024956][ T38] 4 locks held by syz-executor/12161: [ 866.024967][ T38] #0: ffff88803138a480 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x22d/0xba0 [ 866.025030][ T38] #1: ffff888040023c78 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1df/0x540 [ 866.025088][ T38] #2: ffff888028c52878 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x232/0x540 [ 866.025152][ T38] #3: ffffffff8e9c78b8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd7/0x370 [ 866.025210][ T38] 7 locks held by kworker/u8:28/12177: [ 866.025223][ T38] 5 locks held by kworker/u8:29/12194: [ 866.025235][ T38] 3 locks held by kworker/u8:30/12217: [ 866.025247][ T38] #0: ffff888019c44138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 866.025306][ T38] #1: ffffc900046a7c40 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 866.025363][ T38] #2: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 866.025416][ T38] 4 locks held by kworker/u8:31/12234: [ 866.025428][ T38] 3 locks held by kworker/u8:32/12235: [ 866.025441][ T38] 3 locks held by kworker/u8:33/12236: [ 866.025453][ T38] #0: ffff888019c44138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 866.025511][ T38] #1: ffffc90004457c40 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 866.025578][ T38] #2: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 866.025633][ T38] 2 locks held by kworker/u8:34/12237: [ 866.025645][ T38] 5 locks held by kworker/u8:35/12267: [ 866.025658][ T38] 4 locks held by kworker/u8:36/12314: [ 866.025672][ T38] 3 locks held by syz-executor/12457: [ 866.025685][ T38] 1 lock held by syz.2.2112/12492: [ 866.025697][ T38] #0: ffff8880343f7670 (&mm->mmap_lock){++++}-{4:4}, at: vm_mmap_pgoff+0x237/0x4f0 [ 866.025819][ T38] 1 lock held by syz.2.2112/12493: [ 866.025832][ T38] 1 lock held by syz.0.2114/12496: [ 866.025844][ T38] #0: ffff8880226f0278 (&sb->s_type->i_mutex_key#12){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 866.025934][ T38] 3 locks held by syz.3.2115/12497: [ 866.025950][ T38] [ 866.025956][ T38] ============================================= [ 866.025956][ T38] [ 866.025966][ T38] NMI backtrace for cpu 1 [ 866.025982][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 866.026006][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 866.026018][ T38] Call Trace: [ 866.026027][ T38] [ 866.026036][ T38] dump_stack_lvl+0xe8/0x150 [ 866.026069][ T38] nmi_cpu_backtrace+0x274/0x2d0 [ 866.026134][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 866.026167][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 866.026194][ T38] sys_info+0x135/0x170 [ 866.026248][ T38] watchdog+0xfd9/0x1030 [ 866.026294][ T38] ? watchdog+0x21a/0x1030 [ 866.026327][ T38] kthread+0x388/0x470 [ 866.026351][ T38] ? __pfx_watchdog+0x10/0x10 [ 866.026374][ T38] ? __pfx_kthread+0x10/0x10 [ 866.026398][ T38] ret_from_fork+0x51e/0xb90 [ 866.026429][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 866.026457][ T38] ? __switch_to+0xc7d/0x1450 [ 866.026488][ T38] ? __pfx_kthread+0x10/0x10 [ 866.026511][ T38] ret_from_fork_asm+0x1a/0x30 [ 866.026549][ T38] [ 866.026557][ T38] Sending NMI from CPU 1 to CPUs 0: [ 866.026588][ C0] NMI backtrace for cpu 0 [ 866.026604][ C0] CPU: 0 UID: 0 PID: 12493 Comm: syz.2.2112 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 866.026625][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 866.026634][ C0] RIP: 0010:rcu_is_watching+0x10/0xb0 [ 866.026656][ C0] Code: 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 41 57 41 56 53 65 ff 05 d0 b9 a4 10 4b 26 79 09 89 c3 83 f8 08 73 65 49 bf 00 00 00 00 00 fc ff df [ 866.026671][ C0] RSP: 0018:ffffc90004197710 EFLAGS: 00000282 [ 866.026720][ C0] RAX: ffffffff8211d4a2 RBX: 0000000000000000 RCX: ffff888038e3bd00 [ 866.026733][ C0] RDX: 0000000000000002 RSI: 0000000000000001 RDI: 0000000000000000 [ 866.026743][ C0] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 866.026754][ C0] R10: dffffc0000000000 R11: fffffbfff1ed4617 R12: dffffc0000000000 [ 866.026766][ C0] R13: ffffc90004197a40 R14: ffff8880343f72c0 R15: ffffea0001a0ecc0 [ 866.026779][ C0] FS: 00007f49337de6c0(0000) GS:ffff88812633f000(0000) knlGS:0000000000000000 [ 866.026795][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 866.026807][ C0] CR2: 0000001b2ef16ff8 CR3: 0000000087c48000 CR4: 00000000003526f0 [ 866.026824][ C0] Call Trace: [ 866.026831][ C0] [ 866.026839][ C0] finish_fault+0xfcb/0x1150 [ 866.026971][ C0] ? do_pte_missing+0x1332/0x2d30 [ 866.026989][ C0] do_pte_missing+0x1825/0x2d30 [ 866.027010][ C0] ? handle_mm_fault+0xe7/0x13c0 [ 866.027035][ C0] handle_mm_fault+0xd0a/0x13c0 [ 866.027061][ C0] ? handle_mm_fault+0xe7/0x13c0 [ 866.027085][ C0] ? __pfx_handle_mm_fault+0x10/0x10 [ 866.027108][ C0] ? follow_page_pte+0xc47/0x1380 [ 866.027154][ C0] ? __pfx_follow_page_pte+0x10/0x10 [ 866.027182][ C0] __get_user_pages+0x1679/0x2800 [ 866.027219][ C0] populate_vma_page_range+0x2be/0x3c0 [ 866.027242][ C0] ? __pfx_populate_vma_page_range+0x10/0x10 [ 866.027263][ C0] ? userfaultfd_unmap_complete+0x29e/0x320 [ 866.027310][ C0] ? lockdep_hardirqs_on+0x7a/0x110 [ 866.027351][ C0] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 866.027377][ C0] __mm_populate+0x25f/0x390 [ 866.027400][ C0] ? __pfx___mm_populate+0x10/0x10 [ 866.027428][ C0] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 866.027476][ C0] ? lockdep_hardirqs_on+0x7a/0x110 [ 866.027497][ C0] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 866.027520][ C0] vm_mmap_pgoff+0x3ad/0x4f0 [ 866.027541][ C0] ? __se_sys_futex+0x3a8/0x450 [ 866.027571][ C0] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 866.027594][ C0] ? rcu_is_watching+0x15/0xb0 [ 866.027615][ C0] ? __x64_sys_mmap+0x7f/0x140 [ 866.027640][ C0] do_syscall_64+0x14d/0xf80 [ 866.027661][ C0] ? trace_irq_disable+0x3b/0x150 [ 866.027680][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 866.027714][ C0] ? clear_bhb_loop+0x40/0x90 [ 866.027734][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 866.027750][ C0] RIP: 0033:0x7f493558c799 [ 866.027766][ C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 866.027780][ C0] RSP: 002b:00007f49337de028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 866.027797][ C0] RAX: ffffffffffffffda RBX: 00007f4935805fa0 RCX: 00007f493558c799 [ 866.027810][ C0] RDX: b635773f06ebbeee RSI: 0000000000b36000 RDI: 0000200000000000 [ 866.027822][ C0] RBP: 00007f4935622bd9 R08: ffffffffffffffff R09: 0000000000000000 [ 866.027833][ C0] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000 [ 866.027844][ C0] R13: 00007f4935806038 R14: 00007f4935805fa0 R15: 00007ffd785a34b8 [ 866.027865][ C0] [ 866.028585][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 866.028602][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 866.028625][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 866.028637][ T38] Call Trace: [ 866.028646][ T38] [ 866.028654][ T38] vpanic+0x56c/0xa60 [ 866.028690][ T38] ? __pfx_vpanic+0x10/0x10 [ 866.028732][ T38] panic+0xc5/0xd0 [ 866.028762][ T38] ? __pfx_panic+0x10/0x10 [ 866.028790][ T38] ? printk_trigger_flush+0x117/0x180 [ 866.028820][ T38] ? lockdep_hardirqs_on+0x7a/0x110 [ 866.028856][ T38] ? nmi_trigger_cpumask_backtrace+0x234/0x300 [ 866.028884][ T38] watchdog+0x1023/0x1030 [ 866.028924][ T38] ? watchdog+0x21a/0x1030 [ 866.028959][ T38] kthread+0x388/0x470 [ 866.028981][ T38] ? __pfx_watchdog+0x10/0x10 [ 866.029005][ T38] ? __pfx_kthread+0x10/0x10 [ 866.029028][ T38] ret_from_fork+0x51e/0xb90 [ 866.029061][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 866.029087][ T38] ? __switch_to+0xc7d/0x1450 [ 866.029118][ T38] ? __pfx_kthread+0x10/0x10 [ 866.029142][ T38] ret_from_fork_asm+0x1a/0x30 [ 866.029180][ T38] [ 866.029465][ T38] Kernel Offset: disabled