last executing test programs: 9m3.151625908s ago: executing program 2 (id=3): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x5, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000005c0)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x7fffc, {0x0, 0x0, 0x0, r7, {0x0, 0xc}, {0x2, 0xb}, {0x9, 0xc}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x1, 0x6aa}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2000c0e9}, 0x4008080) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 9m1.731628673s ago: executing program 2 (id=9): mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x16, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x24000805}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r0, 0x4038ae7a, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x14) ioctl$KVM_PRE_FAULT_MEMORY(0xffffffffffffffff, 0xc040aed5, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3) 8m55.696824106s ago: executing program 2 (id=21): r0 = syz_open_dev$media(&(0x7f0000000040), 0x4, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(r0, 0x80047c05, &(0x7f0000000080)=0xffffffffffffffff) r2 = syz_open_dev$radio(&(0x7f0000000000), 0x3, 0x2) ioctl$VIDIOC_G_EXT_CTRLS(r2, 0xc0205648, &(0x7f0000000000)={0xf010000, 0x0, 0x0, r1, 0x0, 0x0}) 8m55.471839967s ago: executing program 2 (id=22): syz_init_net_socket$llc(0x1a, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x3, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0) 8m49.302525535s ago: executing program 2 (id=31): r0 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, r0) add_key(&(0x7f0000000000)='rxrpc\x00', 0x0, &(0x7f0000000240)="0000000000000002ff6900000000000100000018f200000000861f4104bfeacdd5a9007d16dcdc2850b536f0", 0x4000, r1) 8m49.045238816s ago: executing program 2 (id=33): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4}}}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_io_uring_setup(0x239, &(0x7f0000000480)={0x0, 0x8901, 0x400, 0x0, 0x2cf}, &(0x7f0000000040)=0x0, &(0x7f0000000600)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @empty}}, 0x5, 0x12, 0x0, 0x3}, 0x9c) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r6, &(0x7f00000001c0)=ANY=[@ANYBLOB='3'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r6, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd, 0x800, 0x0, 0x0, 0xd, 0x1, {0x2}}) io_uring_enter(r3, 0x47ba, 0x0, 0x0, 0x0, 0x0) 8m31.883987918s ago: executing program 32 (id=33): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4}}}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_io_uring_setup(0x239, &(0x7f0000000480)={0x0, 0x8901, 0x400, 0x0, 0x2cf}, &(0x7f0000000040)=0x0, &(0x7f0000000600)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @empty}}, 0x5, 0x12, 0x0, 0x3}, 0x9c) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r6, &(0x7f00000001c0)=ANY=[@ANYBLOB='3'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r6, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd, 0x800, 0x0, 0x0, 0xd, 0x1, {0x2}}) io_uring_enter(r3, 0x47ba, 0x0, 0x0, 0x0, 0x0) 7m41.187042549s ago: executing program 1 (id=207): mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0) r0 = openat$dir(0xffffff9c, &(0x7f0000000000)='./file0\x00', 0x800, 0x102) r1 = socket$inet6(0xa, 0xa, 0x7) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000280)=@security={'security\x00', 0xe, 0x4, 0x470, 0xffffffff, 0x19c, 0x28c, 0x19c, 0xffffffff, 0xffffffff, 0x3a8, 0x3a8, 0x3a8, 0xffffffff, 0x4, &(0x7f00000000c0), {[{{@uncond, 0x0, 0x178, 0x19c, 0x0, {}, [@common=@srh1={{0x8c}, {0x11, 0x6, 0x4, 0x3, 0x7, @mcast1, @mcast2, @private0, [0x0, 0xff, 0xb781dcbed0140fdb, 0xff], [0x0, 0xff000000, 0xff000000, 0xff000000], [0xffffffff, 0xff, 0xff000000, 0xffffffff], 0x2825, 0x21c}}, @common=@hbh={{0x48}, {0x0, 0x1, 0x0, [0x6, 0x5, 0x2, 0x9, 0x8, 0x6, 0x7, 0x1, 0x9, 0x20f, 0x7, 0x80, 0xff, 0x5, 0x2, 0x9], 0xa}}]}, @common=@unspec=@AUDIT={0x24, 'AUDIT\x00', 0x0, {0x1}}}, {{@ipv6={@mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [0xff000000, 0xff000000, 0x0, 0xff000000], 'ipvlan1\x00', 'wg1\x00', {}, {0xff}, 0x2, 0x5, 0x1, 0x4}, 0x0, 0xc8, 0xf0, 0x0, {}, [@common=@hl={{0x24}, {0x1, 0x8}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x2, 0x4}}}, {{@uncond, 0x0, 0xf4, 0x11c, 0x0, {}, [@common=@srh={{0x2c}, {0x3c, 0x2, 0x1, 0xff, 0x1, 0x1000, 0x2408}}, @common=@mh={{0x24}, {"05da"}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x3, 0x4, 0x4}, {0xffffffffffffffff, 0x5, 0x2}}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x4cc) r2 = openat(r0, &(0x7f0000000040)='./file0\x00', 0x20a42, 0x6) r3 = socket(0x23, 0x5, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x89f0, &(0x7f0000000800)={'bridge0\x00', &(0x7f0000000240)=@ethtool_pauseparam={0x12, 0x4, 0x3, 0xb}}) write$FUSE_STATFS(r2, &(0x7f0000000200)={0x60, 0x0, 0x0, {{0x9, 0x5, 0x5, 0x2, 0x400069a, 0xae, 0x2400000, 0x800}}}, 0xfffffec2) 7m40.681624699s ago: executing program 1 (id=210): r0 = inotify_init1(0x80000) inotify_add_watch(r0, &(0x7f0000000240)='.\x00', 0x60000726) lsetxattr$system_posix_acl(&(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='system.posix_acl_default\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="02000000010000000000f400040000000000000020"], 0x1c, 0x0) 7m40.516544046s ago: executing program 1 (id=211): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000140)=0x200000000) write$vhost_msg_v2(r0, &(0x7f0000000000)={0x2, 0x0, {&(0x7f0000000440)=""/117, 0x75, 0x0, 0x1, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f0000000cc0)={0x2, 0x0, {&(0x7f0000000bc0)=""/233, 0xe9, 0x0, 0x2, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f0000000340)={0x2, 0x0, {&(0x7f0000000a00)=""/265, 0x109, 0x0, 0x1, 0x2}}, 0x48) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_dev$radio(&(0x7f0000000080), 0x1, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000040)=ANY=[@ANYRES32=r1], &(0x7f0000000300)='GPL\x00', 0x2, 0xb3, &(0x7f0000000140)=""/179, 0x41100, 0x7b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x38}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x5, 0x0, &(0x7f00000002c0)="00154e0132", &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8c, 0x0) r5 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000000314010000000000000000000900020073797a3000000000080041007369770014003300766c616e310000000000000000000000ef3d7e329d469b9ed353bd273fa49865d805f159eb6145018bf1395e3f1db90a0b4988460df81f33f8c5123448e994e2cdccdbbf23fd75a88033db6ec088de46d3f9f2823b66d9f4b750b632e978d6a1416ca3578fc916d2722e47d8fae77075cad58bcb01de09edeb0b9b2dcfafe7475a7353f6f9ed259e7a80d7b0d9d12e8802530944176be201ccf6828dba7c39988b343505310748febf78a3a5baaeb6103ade214b52c297ad2b6e25800c62c20f9c4877af898e8870"], 0x38}, 0x1, 0x1000000, 0x0, 0x80c9}, 0x20000000) r6 = mq_open(&(0x7f0000000040)='!se\xf7ih,\x17i\xacP\xe6lNnuxselinux\x00', 0x6e93ebbbcc0884f2, 0x8, &(0x7f0000000000)={0x0, 0x1, 0x1000000}) mq_timedsend(r6, 0x0, 0x0, 0x0, 0x0) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) 7m39.473444821s ago: executing program 1 (id=215): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040), 0x6) ioctl$sock_bt_hci(r0, 0x400448e7, &(0x7f0000000080)) 7m39.070170724s ago: executing program 1 (id=216): ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(0xffffffffffffffff, 0x40146f2c, &(0x7f0000000000)={0xfffd, 0x0, 0x3, 0xa, 0x4}) ioctl$DVB_DEMUX_DMX_ADD_PID(0xffffffffffffffff, 0x40026f33, &(0x7f0000000040)=0x79) r0 = socket$packet(0x11, 0x2, 0x300) dup2(r0, 0xffffffffffffffff) 7m38.709417166s ago: executing program 1 (id=220): getsockname$unix(0xffffffffffffffff, 0x0, 0x0) syz_usb_connect(0x3, 0x3d, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000b80)=ANY=[], 0x0, 0xfc5f}, 0x28) 7m32.637087983s ago: executing program 5 (id=252): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x3, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_open_dev$loop(&(0x7f00000001c0), 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r2, 0x84, 0x4, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4c800}, 0x0) r3 = openat$cuse(0xffffff9c, &(0x7f0000000140), 0x2, 0x0) write$FUSE_INTERRUPT(r3, &(0x7f0000000180)={0x10}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r4 = openat(0xffffffffffffff9c, 0x0, 0x24c01, 0x0) lseek(r4, 0x1, 0x1) writev(r4, &(0x7f0000000240)=[{&(0x7f0000000180)}, {0x0}, {&(0x7f00000003c0)="543dbf774f46eb7c9d4c45610d4ed164ed0bb635311f952cef66d7a4d254107cdc2fbd669f340837d7efcc70d90b1bf34924b72399a046649e", 0x39}, {&(0x7f0000000500)}, {&(0x7f0000000580)="1d3015520d3a8a9ea1e4b23a11685917e8db4d2906d195beb905e03b284ad66c5ac3aaf24b6ec8ed4f1d06bd7976e93de58007302f2220454d3907db6523aed966c87c8777a634ba34ace14a68f80c93365e78ee781581ae892531de7ebefa62253a5c6c487f0b15cdc03024fec659cca89a777bf18e39546f88bd934fcb0b439fab98a93534e4e6d6424b10028850f93fb9460ccb5b54f027212de6aa8fcd1a2f299dcf867f56a9", 0xa8}], 0x5) ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(0xffffffffffffffff, 0x8904, &(0x7f0000000200)) mount$9p_virtio(&(0x7f00000002c0), &(0x7f0000000080)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"]) chdir(&(0x7f0000000100)='./file0\x00') r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000040), 0x208e24b) ftruncate(r5, 0x5) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8}, @NFTA_MATCH_INFO={0x4}, @NFTA_MATCH_NAME={0xa, 0x1, 'limit\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x84}, 0x1, 0x0, 0x0, 0x2000094}, 0x4000800) 7m29.975716294s ago: executing program 5 (id=254): r0 = socket$l2tp6(0xa, 0x2, 0x73) sendmmsg$inet6(r0, &(0x7f0000002500), 0x0, 0x4a080) 7m29.742894963s ago: executing program 5 (id=255): r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f00000001c0), 0x204701, 0x0) fchdir(r0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='cmdline\x00') read$qrtrtun(r1, &(0x7f0000019300)=""/122, 0x7a) 7m29.567503336s ago: executing program 5 (id=256): mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x180) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x88) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000003c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') mkdir(&(0x7f0000000100)='./bus\x00', 0xe8) mount$overlay(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000a80)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@nfs_export_on}]}) 7m29.281005244s ago: executing program 5 (id=258): prctl$PR_SET_MM_MAP_SIZE(0x23, 0xf, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040), 0x6) ioctl$sock_bt_hci(r0, 0x400448e7, &(0x7f0000000080)) 7m29.077501392s ago: executing program 5 (id=259): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000f000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0x7101}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) 7m23.334714275s ago: executing program 33 (id=220): getsockname$unix(0xffffffffffffffff, 0x0, 0x0) syz_usb_connect(0x3, 0x3d, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000b80)=ANY=[], 0x0, 0xfc5f}, 0x28) 7m13.541161394s ago: executing program 34 (id=259): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000f000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0x7101}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) 9.983485903s ago: executing program 0 (id=1178): connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$dri(0x0, 0x1, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000080)=0x7f) ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, &(0x7f0000000000)) r0 = socket$vsock_stream(0x28, 0x1, 0x0) dup(r0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_ep_write(0xffffffffffffffff, 0x81, 0x0, &(0x7f0000000040)) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000500)={0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="200529000000290a701fc5cf71cf87ba4fedd7c15df43c"], &(0x7f00000003c0)={0x0, 0x3, 0x40, @string={0x40, 0x3, "9ab106d355341c3a2857d9713bbcc744eaaca2c04ea7d4d98871931248ad9b1e87985a8e19372bac071755377b061006b9e438fed7f39d0010fd33291fe4"}}, &(0x7f0000000440)={0x0, 0x22, 0x2, {[@global=@item_012={0x1, 0x1, 0x1, '('}]}}, &(0x7f0000000480)={0x0, 0x21, 0x9, {0x9, 0x21, 0x6, 0x3f, 0x1, {0x22, 0xa18}}}}, &(0x7f0000000640)={0x2c, &(0x7f0000000540)={0x0, 0x17, 0x22, "ea00df8e3ede1802c0b758fe8d5f8c037eaa2c4f213efc363cb20989460a4691fcaf"}, &(0x7f0000000580)={0x0, 0xa, 0x1, 0x2}, &(0x7f00000005c0)={0x0, 0x8, 0x1, 0x20}, &(0x7f00000006c0), 0x0}) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f00000002c0)={0xe, 0x18, 0xfa00, @id_tos={&(0x7f0000000240)=0x8, r2, 0x0, 0x0, 0x1}}, 0x20) pselect6(0x0, 0x0, 0x0, &(0x7f0000000680)={0x7ff, 0x7, 0x5, 0x7, 0xffffffffffffff22, 0x2, 0x5, 0x40000008}, 0x0, 0x0) 9.093597739s ago: executing program 3 (id=1183): creat(&(0x7f0000000080)='./bus\x00', 0x0) socket$igmp6(0xa, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) request_key(0x0, 0x0, 0x0, 0x0) r2 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r2, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0x3}, 0x31) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c) sendto$inet6(r3, &(0x7f00000001c0)='O', 0x1, 0x4000c01, &(0x7f0000000280)={0xa, 0x400, 0xfffffffe, @private2={0xfc, 0x2, '\x00', 0x1}, 0x3}, 0x1c) shutdown(r3, 0x1) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7c, &(0x7f00000000c0), &(0x7f0000000180)=0x8) sendmmsg$inet6(r2, &(0x7f0000002940), 0x40000000000017d, 0x811) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r4, 0x4601, &(0x7f0000000380)={0x3c0, 0x78, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x8, 0x3, 0x1ff, 0x3d, 0x5, 0x3, 0x53, 0x202, 0x1, 0xc}) add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) socket$inet6_sctp(0xa, 0x1, 0x84) mount(&(0x7f0000000240)=@filename='./bus\x00', &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000100)='trans=rdma,') 7.054644043s ago: executing program 0 (id=1184): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4}}}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='3'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) 7.013949218s ago: executing program 3 (id=1186): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x35}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_SET(r3, 0x4b72, &(0x7f0000000000)={0x4, 0x0, 0x10, 0x1d, 0x100, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f18dafae3530db6dd493f2a3cc88721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef494c89092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003c7e6f3c82fbd8de6e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1aed6e850ecb3421143c5c4ded0f06affc524dcf3208272619b6a952db5bc96141b26c54d13c7a5416287a3b6f7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa0284abe90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695efbd649f42f310859122c0d2c1e558dc6586958a283762386ecf369274e43003a0fdff59ea515eb44504901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc5092548feaef7204a12cece59181fcb5bad8c24bd9f8f78d17ab82831325501e80d899e9252f99d3a2666343392fda11504800f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd333b30d3ce2f50dddeea3447aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b68986af3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9000400002f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d01000100df6f40a80ace2bb8a2aad3b0c66915927db4233181943d88c0c76d5969e2043db5bd77fd60ba0f013139929ccfec965c0c769785a4d23332ba1f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fd81bc31152538db50f47dc38ba908a0d808687e478a609fe0daa02d4e9c618b99266e7f2e98597e2813e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d472dd0e1338688ba782b41bde141f99c4894ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e87dde71929f918b98c4cbfcb11a90139264a9ee8081973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d2195ff9c6320c85bddc42915e4f3a5db642447bc2195a3d64e04c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e0e32b75ce814731c542091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00"}) 6.961626117s ago: executing program 0 (id=1187): openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) fsopen(&(0x7f0000000080)='nfsd\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x6, 0x5c}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="380000002100df4c2abd70000000000002001000000000010000"], 0x38}, 0x1, 0x0, 0x0, 0x240000ef}, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) r3 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000000)={0x2042, 0xfffffffd}, 0x10) r4 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r5, 0xffffffffffffffff, 0x0) 5.136724477s ago: executing program 3 (id=1190): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_open_dev$usbmon(&(0x7f0000000240), 0x8, 0x0) ioctl$MON_IOCT_RING_SIZE(r0, 0x9204, 0xc397e) r1 = openat$comedi(0xffffff9c, &(0x7f0000000440)='/dev/comedi0\x00', 0x101001, 0x0) ioctl$COMEDI_CMDTEST(r1, 0x8040640a, 0x0) socket$packet(0x11, 0x3, 0x300) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r3 = getpid() prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x3, &(0x7f0000000280)) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_DEL_STATION(r2, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, 0x0}, 0x0) sendmsg$nl_route(r4, 0x0, 0x4000840) set_mempolicy(0x8006, 0x0, 0x5) r5 = syz_open_procfs(0xffffffffffffffff, 0x0) read$FUSE(r5, &(0x7f0000002080)={0x2020}, 0x2020) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14, 0x10, 0x1, 0x2}, [@NFT_MSG_NEWSET={0x110, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2c}, @NFTA_SET_DESC={0xd4, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_DESC_CONCAT={0xc8, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0x24, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xa}]}, {0x24, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xff}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}]}, {0x34, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x764f15e2}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_FIELD_LEN={0x8}]}, {0x1c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x28}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xcb}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}]}]}]}]}], {0x14, 0x10}}, 0x138}}, 0x0) bind$bt_sco(r5, &(0x7f0000000300)={0x1f, @none}, 0x8) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r7, 0x24, &(0x7f00000003c0)={0x1, 0x0, 0x9}) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x25) 4.889544856s ago: executing program 0 (id=1192): connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$dri(0x0, 0x1, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000080)=0x7f) ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, &(0x7f0000000000)) r0 = socket$vsock_stream(0x28, 0x1, 0x0) dup(r0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_ep_write(0xffffffffffffffff, 0x81, 0x0, &(0x7f0000000040)) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000500)={0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="200529000000290a701fc5cf71cf87ba4fedd7c15df43c"], &(0x7f00000003c0)={0x0, 0x3, 0x40, @string={0x40, 0x3, "9ab106d355341c3a2857d9713bbcc744eaaca2c04ea7d4d98871931248ad9b1e87985a8e19372bac071755377b061006b9e438fed7f39d0010fd33291fe4"}}, &(0x7f0000000440)={0x0, 0x22, 0x2, {[@global=@item_012={0x1, 0x1, 0x1, '('}]}}, &(0x7f0000000480)={0x0, 0x21, 0x9, {0x9, 0x21, 0x6, 0x3f, 0x1, {0x22, 0xa18}}}}, &(0x7f0000000640)={0x2c, &(0x7f0000000540)={0x0, 0x17, 0x22, "ea00df8e3ede1802c0b758fe8d5f8c037eaa2c4f213efc363cb20989460a4691fcaf"}, &(0x7f0000000580)={0x0, 0xa, 0x1, 0x2}, &(0x7f00000005c0)={0x0, 0x8, 0x1, 0x20}, &(0x7f00000006c0), 0x0}) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f00000002c0)={0xe, 0x18, 0xfa00, @id_tos={&(0x7f0000000240)=0x8, r2, 0x0, 0x0, 0x1}}, 0x20) pselect6(0x0, 0x0, 0x0, &(0x7f0000000680)={0x7ff, 0x7, 0x5, 0x7, 0xffffffffffffff22, 0x2, 0x5, 0x40000008}, 0x0, 0x0) 4.769040996s ago: executing program 3 (id=1193): socket(0x2, 0x80805, 0x0) r0 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_FILES_UPDATE={0x14, 0x2c, 0x0, 0x0, 0xa78, &(0x7f00000004c0)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x3, 0x0, 0x0, {0x0, r0}}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x3, 0x11e41e7a, 0x20000000, 0x0, 0x4}}]}, {0x4}, {0x33, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x200008d1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x15d74000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r4, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) 3.669855154s ago: executing program 3 (id=1195): creat(&(0x7f0000000080)='./bus\x00', 0x0) socket$igmp6(0xa, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) request_key(0x0, 0x0, 0x0, 0x0) r2 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r2, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0x3}, 0x31) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c) sendto$inet6(r3, &(0x7f00000001c0)='O', 0x1, 0x4000c01, &(0x7f0000000280)={0xa, 0x400, 0xfffffffe, @private2={0xfc, 0x2, '\x00', 0x1}, 0x3}, 0x1c) shutdown(r3, 0x1) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7c, &(0x7f00000000c0), &(0x7f0000000180)=0x8) sendmmsg$inet6(r2, &(0x7f0000002940), 0x40000000000017d, 0x811) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r4, 0x4601, &(0x7f0000000380)={0x3c0, 0x78, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x8, 0x3, 0x1ff, 0x3d, 0x5, 0x3, 0x53, 0x202, 0x1, 0xc}) add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) socket$inet6_sctp(0xa, 0x1, 0x84) mount(&(0x7f0000000240)=@filename='./bus\x00', &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000100)='trans=rdma,') 3.2052776s ago: executing program 4 (id=1196): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000640)={0x30, r1, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_DEVKEY={0x10, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000040}, 0x20000000) 2.889425163s ago: executing program 0 (id=1197): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x44004000) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a94000000060a010400000000000000000a00000154000480500001800b00010074617267657400004000028008000240000000012c0003007339f2f10455afb9fdd672bad09dfb78c7699c74f7ffa0c70000000000000000000000000000000008000100544545000900020073797a32000000000900010073797a3100000000140005800800014000008917080002400000000214000000110001"], 0xbc}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmsg$inet6(r1, &(0x7f0000000800)={&(0x7f0000000000)={0xa, 0x4e24, 0x8, @ipv4={'\x00', '\xff\xff', @local}, 0x2}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) 2.817965021s ago: executing program 4 (id=1198): r0 = memfd_create(0x0, 0x6) socket$alg(0x26, 0x5, 0x0) r1 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8010) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder1\x00', 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sendmsg$can_j1939(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4044000}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) sched_setaffinity(0x0, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r0, 0x8004e500, &(0x7f0000000080)) read$msr(r2, &(0x7f0000009b80)=""/102392, 0x18ff8) iopl(0x51) gettid() timer_create(0x6, 0x0, &(0x7f0000bbdffc)) syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0) io_submit(0x0, 0x0, &(0x7f0000000240)) futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040), 0x82}], 0x1, 0x0, 0x0, 0x1) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000240)=0x3) ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, 0x0) read$dsp(r3, &(0x7f00000001c0)=""/89, 0xfe4e) 2.389310615s ago: executing program 0 (id=1199): bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0x40}, 0x50) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl(r0, 0x8b2a, &(0x7f0000000040)) 1.934860012s ago: executing program 4 (id=1200): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x19}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00002ad000/0x1000)=nil, 0x1000}, 0x5}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) close(r1) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) recvmmsg(r0, &(0x7f0000000b40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=""/11, 0xb}}], 0x5df, 0x2, 0x0) 1.776546211s ago: executing program 3 (id=1201): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_open_dev$usbmon(&(0x7f0000000240), 0x8, 0x0) ioctl$MON_IOCT_RING_SIZE(r0, 0x9204, 0xc397e) r1 = openat$comedi(0xffffff9c, &(0x7f0000000440)='/dev/comedi0\x00', 0x101001, 0x0) ioctl$COMEDI_CMDTEST(r1, 0x8040640a, 0x0) socket$packet(0x11, 0x3, 0x300) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r4 = getpid() prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x3, &(0x7f0000000280)) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_DEL_STATION(r2, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, 0x0}, 0x0) sendmsg$nl_route(r5, 0x0, 0x4000840) set_mempolicy(0x8006, 0x0, 0x5) r6 = syz_open_procfs(0xffffffffffffffff, 0x0) read$FUSE(r6, &(0x7f0000002080)={0x2020}, 0x2020) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14, 0x10, 0x1, 0x2}, [@NFT_MSG_NEWSET={0x110, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2c}, @NFTA_SET_DESC={0xd4, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_DESC_CONCAT={0xc8, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0x24, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xa}]}, {0x24, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xff}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}]}, {0x34, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x764f15e2}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_FIELD_LEN={0x8}]}, {0x1c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x28}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xcb}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}]}]}]}]}], {0x14, 0x10}}, 0x138}}, 0x0) bind$bt_sco(r6, &(0x7f0000000300)={0x1f, @none}, 0x8) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r9, 0x24, &(0x7f00000003c0)={0x1, 0x0, 0x9}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r7, @ANYBLOB="1f003300d00000000802110000010802110000005050505050500000", @ANYRES8=r2], 0x3c}}, 0x10) 1.189896224s ago: executing program 4 (id=1202): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha384\x00'}, 0x58) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom1\x00', 0x800, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, 0x0, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @vbi={0x6, 0x2, 0xc7a, 0x38414762, [0x3, 0x7], [0x2, 0x6], 0x2}}) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r3 = socket(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r4, 0xfffffffc) writev(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f00000005c0)="580000001400192340834b80040d8c560a06ffffff7f000000010000000058000b480400945f64009400050038925a01000000800000008004000000ff0109000000fff5", 0x44}], 0x1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800e80010000d0428bd7000fcdbff2500008000", @ANYRES32=r3, @ANYBLOB="1000000000000000280012800b00010062726964676500001800028005001900840000000c001e"], 0x48}}, 0x4084) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmmsg(r3, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0xd5) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) 1.111932144s ago: executing program 4 (id=1203): socket(0x2, 0x80805, 0x0) r0 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_FILES_UPDATE={0x14, 0x2c, 0x0, 0x0, 0xa78, &(0x7f00000004c0)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x3, 0x0, 0x0, {0x0, r0}}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x3, 0x11e41e7a, 0x20000000, 0x0, 0x4}}]}, {0x4}, {0x33, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x200008d1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x15d74000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r4, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) 0s ago: executing program 4 (id=1204): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x132) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8c, 0x0) prctl$PR_SET_MM(0x23, 0x4, &(0x7f0000ffd000/0x2000)=nil) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x2, @empty, 0x7}], 0x1c) ioctl$vim2m_VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc044560f, &(0x7f0000000080)=@mmap={0x0, 0x2, 0x4, 0x0, 0x7, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "10110401"}}) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x2) io_setup(0x239f, &(0x7f0000000380)) ioctl$TIOCVHANGUP(r3, 0x5437, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@xino_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80) getdents64(r4, &(0x7f0000000400)=""/4096, 0x1000) kernel console output (not intermixed with test programs): 0 200000000040 returned -22 [ 220.678117][ T7169] overlayfs: regular lower layers cannot follow data lower layers [ 220.702355][ T7169] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6) [ 220.702381][ T7169] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 220.702438][ T7169] vhci_hcd vhci_hcd.0: Device attached [ 220.801238][ T7170] vhci_hcd: connection closed [ 220.805018][ T1484] vhci_hcd vhci_hcd.4: stop threads [ 220.805042][ T1484] vhci_hcd vhci_hcd.4: release socket [ 220.805086][ T1484] vhci_hcd vhci_hcd.4: disconnect device [ 220.963429][ T7173] fuse: Bad value for 'fd' [ 221.399227][ T4428] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 221.489291][ T4428] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 221.543360][ T4428] bond0 (unregistering): Released all slaves [ 221.629948][ T6835] team0: Port device team_slave_1 added [ 221.885379][ T7182] netlink: 60 bytes leftover after parsing attributes in process `syz.4.369'. [ 222.821092][ T7187] netlink: 12 bytes leftover after parsing attributes in process `syz.4.372'. [ 222.983984][ T7195] fuse: Bad value for 'fd' [ 223.095637][ T7199] 9p: Bad value for 'rfdno' [ 223.546547][ T6835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 223.546564][ T6835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 223.546588][ T6835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 223.577367][ T6835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 223.577384][ T6835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 223.577408][ T6835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 223.624523][ T7203] binder: 7185:7203 ioctl 0 200000000040 returned -22 [ 224.242424][ T7208] netlink: 60 bytes leftover after parsing attributes in process `syz.3.378'. [ 225.505022][ T6835] hsr_slave_0: entered promiscuous mode [ 225.506535][ T6835] hsr_slave_1: entered promiscuous mode [ 225.507517][ T6835] debugfs: 'hsr0' already exists in 'hsr' [ 225.507542][ T6835] Cannot create hsr debugfs directory [ 225.702244][ T7223] fuse: Bad value for 'fd' [ 225.908390][ T7230] 9p: Bad value for 'rfdno' [ 226.071949][ T7235] netlink: 12 bytes leftover after parsing attributes in process `syz.3.387'. [ 226.088110][ T4428] hsr_slave_0: left promiscuous mode [ 226.160337][ T4428] hsr_slave_1: left promiscuous mode [ 226.161288][ T4428] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 226.161312][ T4428] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 226.237120][ T4428] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 226.237148][ T4428] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 226.444792][ T4428] veth1_macvtap: left promiscuous mode [ 226.444887][ T4428] veth0_macvtap: left promiscuous mode [ 226.445127][ T4428] veth1_vlan: left promiscuous mode [ 226.445301][ T4428] veth0_vlan: left promiscuous mode [ 226.621859][ T7246] netlink: 60 bytes leftover after parsing attributes in process `syz.4.389'. [ 227.578305][ T7252] binder: 7234:7252 ioctl 0 200000000040 returned -22 [ 228.154854][ T7261] 9p: Bad value for 'rfdno' [ 228.218957][ T7263] fuse: Bad value for 'fd' [ 228.306715][ T7265] netlink: 12 bytes leftover after parsing attributes in process `syz.0.403'. [ 228.852594][ T7272] binder: 7264:7272 ioctl 0 200000000040 returned -22 [ 229.479292][ T7281] netlink: 60 bytes leftover after parsing attributes in process `syz.3.399'. [ 230.389008][ T7287] fuse: Bad value for 'fd' [ 230.399939][ T7289] 9p: Bad value for 'wfdno' [ 233.284530][ T7311] netlink: 60 bytes leftover after parsing attributes in process `syz.4.413'. [ 233.455777][ T7315] fuse: Bad value for 'fd' [ 234.882297][ T7322] 9p: Bad value for 'wfdno' [ 235.471499][ T4428] team0 (unregistering): Port device team_slave_1 removed [ 235.618419][ T4428] team0 (unregistering): Port device team_slave_0 removed [ 238.859771][ T7321] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 238.859797][ T7321] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 238.859807][ T7321] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 239.033600][ T7340] team0 (unregistering): Port device team_slave_0 removed [ 239.051468][ T7340] team0 (unregistering): Port device team_slave_1 removed [ 239.207923][ T5949] infiniband syz0: ib_query_port failed (-19) [ 239.221175][ T7317] gre1: entered promiscuous mode [ 239.294359][ T7343] fuse: Invalid rootmode [ 239.455896][ T7348] netlink: 60 bytes leftover after parsing attributes in process `syz.3.427'. [ 240.137629][ T7350] 9p: Bad value for 'wfdno' [ 240.543077][ T7354] overlayfs: regular lower layers cannot follow data lower layers [ 242.094690][ T6921] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 242.912048][ T7375] fuse: Invalid rootmode [ 243.032031][ T6921] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 243.163682][ T6921] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 243.273231][ T6921] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 243.345931][ T7384] netlink: 60 bytes leftover after parsing attributes in process `syz.3.437'. [ 245.131598][ T6835] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 245.177165][ T6835] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 247.318093][ T6835] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 247.449241][ T5800] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 247.469582][ T5800] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 247.470908][ T5800] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 247.471691][ T5800] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 247.472210][ T5800] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 247.596103][ T7431] fuse: Invalid rootmode [ 248.116558][ T7437] netlink: 60 bytes leftover after parsing attributes in process `syz.4.447'. [ 250.558676][ T5800] Bluetooth: hci2: command tx timeout [ 250.651424][ T4428] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.378027][ T7464] fuse: Bad value for 'rootmode' [ 252.568152][ T5800] Bluetooth: hci2: command tx timeout [ 252.691433][ T7470] overlayfs: regular lower layers cannot follow data lower layers [ 253.144198][ T7467] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 253.144226][ T7467] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 253.144326][ T7467] vhci_hcd vhci_hcd.0: Device attached [ 253.261262][ T7472] vhci_hcd: connection closed [ 253.264343][ T1919] vhci_hcd vhci_hcd.0: stop threads [ 253.264365][ T1919] vhci_hcd vhci_hcd.0: release socket [ 253.264406][ T1919] vhci_hcd vhci_hcd.0: disconnect device [ 253.303317][ T4428] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.318560][ T7476] 9pnet_virtio: no channels available for device syz [ 253.557625][ T4428] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.912326][ T4428] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.953604][ T6921] 8021q: adding VLAN 0 to HW filter on device bond0 [ 254.049272][ T7482] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 254.084683][ T6921] 8021q: adding VLAN 0 to HW filter on device team0 [ 254.157140][ T1484] bridge0: port 1(bridge_slave_0) entered blocking state [ 254.166443][ T1484] bridge0: port 1(bridge_slave_0) entered forwarding state [ 254.227164][ T6399] bridge0: port 2(bridge_slave_1) entered blocking state [ 254.227369][ T6399] bridge0: port 2(bridge_slave_1) entered forwarding state [ 254.391227][ T7428] chnl_net:caif_netlink_parms(): no params data found [ 254.648011][ T5800] Bluetooth: hci2: command tx timeout [ 254.808760][ T4428] bridge_slave_1: left allmulticast mode [ 254.808787][ T4428] bridge_slave_1: left promiscuous mode [ 254.809014][ T4428] bridge0: port 2(bridge_slave_1) entered disabled state [ 254.902900][ T4428] bridge_slave_0: left allmulticast mode [ 254.902929][ T4428] bridge_slave_0: left promiscuous mode [ 254.903174][ T4428] bridge0: port 1(bridge_slave_0) entered disabled state [ 255.456759][ T7515] fuse: Bad value for 'rootmode' [ 255.693636][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.693704][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.729288][ T5800] Bluetooth: hci2: command tx timeout [ 256.896189][ T61] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 256.908147][ T61] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 256.910081][ T61] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 256.911858][ T61] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 256.912625][ T61] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 258.840055][ T4428] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 258.878384][ T4428] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 258.910011][ T4428] bond0 (unregistering): Released all slaves [ 258.959699][ T7538] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 258.977985][ T5800] Bluetooth: hci0: command tx timeout [ 259.100914][ T7520] team0 (unregistering): Port device team_slave_0 removed [ 259.121385][ T7520] team0 (unregistering): Port device team_slave_1 removed [ 259.483439][ T7545] fuse: Bad value for 'rootmode' [ 259.550329][ T7546] 9pnet_virtio: no channels available for device syz [ 259.663041][ T7548] 9p: Bad value for 'wfdno' [ 260.000754][ T7428] bridge0: port 1(bridge_slave_0) entered blocking state [ 260.000947][ T7428] bridge0: port 1(bridge_slave_0) entered disabled state [ 260.001147][ T7428] bridge_slave_0: entered allmulticast mode [ 260.003709][ T7428] bridge_slave_0: entered promiscuous mode [ 260.143873][ T7428] bridge0: port 2(bridge_slave_1) entered blocking state [ 260.143997][ T7428] bridge0: port 2(bridge_slave_1) entered disabled state [ 260.144231][ T7428] bridge_slave_1: entered allmulticast mode [ 260.146899][ T7428] bridge_slave_1: entered promiscuous mode [ 261.048070][ T5800] Bluetooth: hci0: command tx timeout [ 262.078800][ T7571] fuse: Unknown parameter 'use00000000000000000000' [ 262.354518][ T7581] 9pnet_virtio: no channels available for device syz [ 262.567791][ T7428] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 262.671133][ T7588] 9p: Bad value for 'wfdno' [ 263.214309][ T5800] Bluetooth: hci0: command tx timeout [ 265.132454][ T7428] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 265.288868][ T5800] Bluetooth: hci0: command tx timeout [ 265.990857][ T7428] team0: Port device team_slave_0 added [ 266.200713][ T4428] hsr_slave_0: left promiscuous mode [ 266.257566][ T4428] hsr_slave_1: left promiscuous mode [ 266.258800][ T4428] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 266.258822][ T4428] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 266.301350][ T4428] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 266.301375][ T4428] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 266.544790][ T4428] veth1_macvtap: left promiscuous mode [ 266.544892][ T4428] veth0_macvtap: left promiscuous mode [ 266.545140][ T4428] veth1_vlan: left promiscuous mode [ 266.545314][ T4428] veth0_vlan: left promiscuous mode [ 268.038060][ T7642] comedi comedi2: reset error (fatal) [ 269.147766][ T7653] 9pnet_virtio: no channels available for device syz [ 269.165618][ T7653] serio: Serial port ptm0 [ 269.234052][ T7653] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 269.328274][ T7653] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 269.328393][ T7653] overlayfs: failed to look up (tracing) for ino (-66) [ 272.108295][ T7687] delete_channel: no stack [ 272.249182][ T7693] netlink: 12 bytes leftover after parsing attributes in process `syz.0.521'. [ 273.135881][ T7698] binder: 7691:7698 ioctl 0 200000000040 returned -22 [ 273.838263][ T7708] delete_channel: no stack [ 274.068756][ T7714] netlink: 60 bytes leftover after parsing attributes in process `syz.0.529'. [ 275.227429][ T7724] netlink: 12 bytes leftover after parsing attributes in process `syz.3.534'. [ 275.322193][ T4428] team0 (unregistering): Port device team_slave_1 removed [ 275.517097][ T7725] binder: 7723:7725 ioctl 0 200000000040 returned -22 [ 275.768319][ T4428] team0 (unregistering): Port device team_slave_0 removed [ 276.320216][ T7733] binder: 7732:7733 unknown command 0 [ 276.320236][ T7733] binder: 7732:7733 ioctl c0306201 200000000080 returned -22 [ 276.342437][ T7730] delete_channel: no stack [ 276.573844][ T7738] netlink: 60 bytes leftover after parsing attributes in process `syz.3.539'. [ 276.995648][ T7742] 9p: Bad value for 'rfdno' [ 277.578615][ T7748] binder: BINDER_SET_CONTEXT_MGR already set [ 277.578629][ T7748] binder: 7747:7748 ioctl 4018620d 200000000040 returned -16 [ 277.845809][ T5800] Bluetooth: hci1: unexpected event for opcode 0x1005 [ 278.447831][ T7757] binder: 7756:7757 unknown command 0 [ 278.447946][ T7757] binder: 7756:7757 ioctl c0306201 200000000080 returned -22 [ 278.778527][ T7760] delete_channel: no stack [ 278.973056][ T7765] 9p: Bad value for 'rfdno' [ 279.320753][ T7428] team0: Port device team_slave_1 added [ 279.732284][ T7771] netlink: 60 bytes leftover after parsing attributes in process `syz.4.552'. [ 280.493419][ T7774] binder: BINDER_SET_CONTEXT_MGR already set [ 280.493434][ T7774] binder: 7772:7774 ioctl 4018620d 200000000040 returned -16 [ 280.630088][ T7428] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 280.630104][ T7428] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 280.630128][ T7428] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 280.712681][ T7428] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 280.712697][ T7428] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 280.712721][ T7428] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 280.833295][ T807] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 280.894022][ T7428] hsr_slave_0: entered promiscuous mode [ 280.894944][ T7428] hsr_slave_1: entered promiscuous mode [ 280.895544][ T7428] debugfs: 'hsr0' already exists in 'hsr' [ 280.895565][ T7428] Cannot create hsr debugfs directory [ 280.988788][ T807] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 280.990200][ T807] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 280.990254][ T807] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 280.990278][ T807] usb 5-1: config 0 interface 0 has no altsetting 0 [ 280.991633][ T807] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 280.991681][ T807] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 280.991715][ T807] usb 5-1: config 0 interface 0 has no altsetting 0 [ 280.993066][ T807] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 280.993116][ T807] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 280.993142][ T807] usb 5-1: config 0 interface 0 has no altsetting 0 [ 280.994513][ T807] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 280.994564][ T807] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 280.994590][ T807] usb 5-1: config 0 interface 0 has no altsetting 0 [ 281.025478][ T807] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 281.025537][ T807] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 281.025562][ T807] usb 5-1: config 0 interface 0 has no altsetting 0 [ 281.047988][ T807] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 281.048045][ T807] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 281.048070][ T807] usb 5-1: config 0 interface 0 has no altsetting 0 [ 281.068652][ T807] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 281.068708][ T807] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 281.068734][ T807] usb 5-1: config 0 interface 0 has no altsetting 0 [ 281.069780][ T807] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 281.069829][ T807] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 281.069854][ T807] usb 5-1: config 0 interface 0 has no altsetting 0 [ 281.086825][ T807] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 281.086844][ T807] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 281.086854][ T807] usb 5-1: Product: syz [ 281.086862][ T807] usb 5-1: Manufacturer: syz [ 281.086869][ T807] usb 5-1: SerialNumber: syz [ 281.277387][ T807] usb 5-1: config 0 descriptor?? [ 281.294596][ T807] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 281.740589][ T7523] chnl_net:caif_netlink_parms(): no params data found [ 286.162343][ T5860] usb 5-1: USB disconnect, device number 3 [ 286.257805][ T5860] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 287.530211][ T7838] binder: BINDER_SET_CONTEXT_MGR already set [ 287.530225][ T7838] binder: 7837:7838 ioctl 4018620d 200000000040 returned -16 [ 287.795646][ T7523] bridge0: port 1(bridge_slave_0) entered blocking state [ 287.795767][ T7523] bridge0: port 1(bridge_slave_0) entered disabled state [ 287.796001][ T7523] bridge_slave_0: entered allmulticast mode [ 287.824093][ T7523] bridge_slave_0: entered promiscuous mode [ 287.844136][ T7523] bridge0: port 2(bridge_slave_1) entered blocking state [ 287.844508][ T7523] bridge0: port 2(bridge_slave_1) entered disabled state [ 287.844719][ T7523] bridge_slave_1: entered allmulticast mode [ 287.846861][ T7523] bridge_slave_1: entered promiscuous mode [ 288.118144][ T932] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 288.312920][ T932] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 288.338687][ T932] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 288.339027][ T932] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 288.339207][ T932] usb 5-1: config 0 interface 0 has no altsetting 0 [ 288.343696][ T932] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 288.346230][ T932] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 288.346297][ T932] usb 5-1: config 0 interface 0 has no altsetting 0 [ 288.614900][ T932] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 288.615056][ T932] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 288.615114][ T932] usb 5-1: config 0 interface 0 has no altsetting 0 [ 288.781232][ T932] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 288.870758][ T932] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 288.871014][ T932] usb 5-1: config 0 interface 0 has no altsetting 0 [ 288.931184][ T932] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 288.931337][ T932] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 288.931394][ T932] usb 5-1: config 0 interface 0 has no altsetting 0 [ 288.988186][ T932] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 288.988238][ T932] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 288.988253][ T932] usb 5-1: config 0 interface 0 has no altsetting 0 [ 288.993302][ T932] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 288.993530][ T932] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 288.993914][ T932] usb 5-1: config 0 interface 0 has no altsetting 0 [ 288.997167][ T932] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 288.997218][ T932] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 288.997241][ T932] usb 5-1: config 0 interface 0 has no altsetting 0 [ 288.999475][ T932] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 288.999497][ T932] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 288.999507][ T932] usb 5-1: Product: syz [ 288.999514][ T932] usb 5-1: Manufacturer: syz [ 288.999521][ T932] usb 5-1: SerialNumber: syz [ 289.010115][ T932] usb 5-1: config 0 descriptor?? [ 289.143881][ T932] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 290.464049][ T7523] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 292.125485][ T7523] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 292.639783][ C0] usb 5-1: yurex_control_callback - control failed: -2 [ 292.711066][ T7869] binder: BINDER_SET_CONTEXT_MGR already set [ 292.711080][ T7869] binder: 7868:7869 ioctl 4018620d 200000000040 returned -16 [ 293.028677][ T5875] usb 5-1: USB disconnect, device number 4 [ 293.058532][ T5875] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 294.540856][ T7523] team0: Port device team_slave_0 added [ 296.350150][ T7523] team0: Port device team_slave_1 added [ 296.558403][ T932] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 296.619704][ T7921] binder: BINDER_SET_CONTEXT_MGR already set [ 296.619714][ T7921] binder: 7920:7921 ioctl 4018620d 2000000000c0 returned -16 [ 296.622243][ T7921] binder: BINDER_SET_CONTEXT_MGR already set [ 296.622251][ T7921] binder: 7920:7921 ioctl 4018620d 200000000040 returned -16 [ 299.374822][ T932] usb 1-1: device descriptor read/all, error -71 [ 300.723676][ T7523] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 300.723692][ T7523] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 300.723717][ T7523] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 301.857014][ T7952] binder: BINDER_SET_CONTEXT_MGR already set [ 301.857091][ T7952] binder: 7951:7952 ioctl 4018620d 2000000000c0 returned -16 [ 302.434523][ T7955] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 302.800375][ T7523] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 302.800391][ T7523] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 302.800416][ T7523] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 302.804791][ T7952] binder: BINDER_SET_CONTEXT_MGR already set [ 302.804804][ T7952] binder: 7951:7952 ioctl 4018620d 200000000040 returned -16 [ 304.888393][ T10] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 305.059926][ T10] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 305.062303][ T10] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 305.062354][ T10] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 305.062381][ T10] usb 4-1: config 0 interface 0 has no altsetting 0 [ 305.063565][ T10] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 305.074698][ T10] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 305.074731][ T10] usb 4-1: config 0 interface 0 has no altsetting 0 [ 305.079297][ T10] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 305.079350][ T10] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 305.079376][ T10] usb 4-1: config 0 interface 0 has no altsetting 0 [ 305.085226][ T10] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 305.085283][ T10] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 305.085309][ T10] usb 4-1: config 0 interface 0 has no altsetting 0 [ 305.128564][ T10] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 305.128628][ T10] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 305.128654][ T10] usb 4-1: config 0 interface 0 has no altsetting 0 [ 305.129697][ T10] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 305.129747][ T10] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 305.129772][ T10] usb 4-1: config 0 interface 0 has no altsetting 0 [ 305.130968][ T10] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 305.131016][ T10] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 305.131041][ T10] usb 4-1: config 0 interface 0 has no altsetting 0 [ 305.132208][ T10] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 305.132254][ T10] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 305.132278][ T10] usb 4-1: config 0 interface 0 has no altsetting 0 [ 305.134629][ T10] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 305.134653][ T10] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 305.134672][ T10] usb 4-1: Product: syz [ 305.134685][ T10] usb 4-1: Manufacturer: syz [ 305.134698][ T10] usb 4-1: SerialNumber: syz [ 305.165712][ T10] usb 4-1: config 0 descriptor?? [ 305.226790][ T10] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0 [ 310.750050][ T807] usb 4-1: USB disconnect, device number 3 [ 310.828390][ T807] yurex 4-1:0.0: USB YUREX #0 now disconnected [ 310.864903][ T61] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 310.893048][ T61] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 310.895891][ T61] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 310.913957][ T61] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 310.915428][ T61] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 311.068857][ T7523] hsr_slave_0: entered promiscuous mode [ 311.070172][ T7523] hsr_slave_1: entered promiscuous mode [ 311.071046][ T7523] debugfs: 'hsr0' already exists in 'hsr' [ 311.071068][ T7523] Cannot create hsr debugfs directory [ 311.206308][ T7989] binder: BINDER_SET_CONTEXT_MGR already set [ 311.206322][ T7989] binder: 7988:7989 ioctl 4018620d 2000000000c0 returned -16 [ 311.252944][ T7989] binder: BINDER_SET_CONTEXT_MGR already set [ 311.252959][ T7989] binder: 7988:7989 ioctl 4018620d 200000000040 returned -16 [ 313.136569][ T5800] Bluetooth: hci5: command tx timeout [ 315.219350][ T61] Bluetooth: hci5: command tx timeout [ 315.287664][ T8013] kvm: kvm [8011]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0xc2) = 0x8000 [ 317.306661][ T61] Bluetooth: hci5: command tx timeout [ 318.321172][ T8032] 9pnet_virtio: no channels available for device syz [ 318.347733][ T8032] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 318.445423][ T8032] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 318.445553][ T8032] overlayfs: failed to look up (tracing) for ino (-66) [ 318.715596][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 318.715665][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 319.038732][ T8037] netlink: 12 bytes leftover after parsing attributes in process `syz.0.617'. [ 319.101564][ T5800] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 319.133819][ T5800] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 319.135938][ T5800] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 319.139386][ T5800] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 319.140118][ T5800] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 319.369604][ T61] Bluetooth: hci5: command tx timeout [ 321.425097][ T61] Bluetooth: hci6: command tx timeout [ 321.670618][ T4428] bridge_slave_1: left allmulticast mode [ 321.670647][ T4428] bridge_slave_1: left promiscuous mode [ 321.670908][ T4428] bridge0: port 2(bridge_slave_1) entered disabled state [ 321.818081][ T8053] binder: 8036:8053 ioctl 0 200000000040 returned -22 [ 322.869330][ T4428] bridge_slave_0: left allmulticast mode [ 322.869360][ T4428] bridge_slave_0: left promiscuous mode [ 322.962632][ T4428] bridge0: port 1(bridge_slave_0) entered disabled state [ 323.463450][ T61] Bluetooth: hci6: command tx timeout [ 324.580473][ T4428] bridge_slave_1: left allmulticast mode [ 324.580500][ T4428] bridge_slave_1: left promiscuous mode [ 324.580744][ T4428] bridge0: port 2(bridge_slave_1) entered disabled state [ 325.605663][ T61] Bluetooth: hci6: command tx timeout [ 325.819465][ T4428] bridge_slave_0: left allmulticast mode [ 325.819493][ T4428] bridge_slave_0: left promiscuous mode [ 325.819731][ T4428] bridge0: port 1(bridge_slave_0) entered disabled state [ 329.898289][ T61] Bluetooth: hci6: command tx timeout [ 330.299501][ T8096] 9pnet_virtio: no channels available for device syz [ 330.319819][ T8096] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 330.408351][ T8098] fuse: Bad value for 'fd' [ 330.411824][ T8098] 9pnet_virtio: no channels available for device syz [ 330.455324][ T8096] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 330.455444][ T8096] overlayfs: failed to look up (tracing) for ino (-66) [ 332.125473][ T8106] fuse: Bad value for 'fd' [ 334.258662][ T4428] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 334.337636][ T8129] 9pnet_virtio: no channels available for device syz [ 334.356697][ T8129] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 334.482074][ T8129] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 334.482206][ T8129] overlayfs: failed to look up (tracing) for ino (-66) [ 334.949442][ T4428] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 334.976159][ T4428] bond0 (unregistering): Released all slaves [ 335.228620][ T4428] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 335.249112][ T61] Bluetooth: hci1: unexpected event for opcode 0x1005 [ 335.438716][ T4428] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 335.570289][ T4428] bond0 (unregistering): Released all slaves [ 337.747102][ T8144] fuse: Bad value for 'fd' [ 340.978269][ T7982] chnl_net:caif_netlink_parms(): no params data found [ 341.144089][ T8170] fuse: Bad value for 'fd' [ 341.328131][ T4428] hsr_slave_0: left promiscuous mode [ 341.390276][ T4428] hsr_slave_1: left promiscuous mode [ 341.390889][ T4428] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 341.597075][ T4428] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 341.814647][ T8191] binder: BINDER_SET_CONTEXT_MGR already set [ 341.814662][ T8191] binder: 8190:8191 ioctl 4018620d 200000000040 returned -16 [ 342.038244][ T4428] hsr_slave_0: left promiscuous mode [ 342.081514][ T4428] hsr_slave_1: left promiscuous mode [ 342.082724][ T4428] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 342.159276][ T4428] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 346.853069][ T4428] team0 (unregistering): Port device team_slave_1 removed [ 346.898711][ T8229] 9pnet_virtio: no channels available for device syz [ 347.131911][ T4428] team0 (unregistering): Port device team_slave_0 removed [ 347.730039][ T8248] binder: BINDER_SET_CONTEXT_MGR already set [ 347.730054][ T8248] binder: 8247:8248 ioctl 4018620d 200000000100 returned -16 [ 347.731872][ T8248] binder: BINDER_SET_CONTEXT_MGR already set [ 347.731882][ T8248] binder: 8247:8248 ioctl 4018620d 2000000002c0 returned -16 [ 351.216325][ T8253] delete_channel: no stack [ 351.314701][ T8257] 9pnet_virtio: no channels available for device syz [ 352.210932][ T4428] team0 (unregistering): Port device team_slave_1 removed [ 352.381037][ T4428] team0 (unregistering): Port device team_slave_0 removed [ 352.786630][ T61] Bluetooth: hci1: unexpected event for opcode 0x1005 [ 354.652796][ T7982] bridge0: port 1(bridge_slave_0) entered blocking state [ 354.654322][ T7982] bridge0: port 1(bridge_slave_0) entered disabled state [ 354.657614][ T7982] bridge_slave_0: entered allmulticast mode [ 357.446886][ T7982] bridge_slave_0: entered promiscuous mode [ 357.550653][ T7982] bridge0: port 2(bridge_slave_1) entered blocking state [ 357.550724][ T7982] bridge0: port 2(bridge_slave_1) entered disabled state [ 357.550910][ T7982] bridge_slave_1: entered allmulticast mode [ 357.552427][ T7982] bridge_slave_1: entered promiscuous mode [ 357.857707][ T7982] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 357.871979][ T7982] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 358.142245][ T7982] team0: Port device team_slave_0 added [ 358.191630][ T7982] team0: Port device team_slave_1 added [ 358.262858][ T8039] chnl_net:caif_netlink_parms(): no params data found [ 358.347989][ T5949] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 358.383738][ T7982] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 358.383755][ T7982] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 358.383779][ T7982] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 358.385997][ T7982] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 358.386011][ T7982] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 358.386035][ T7982] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 358.539713][ T5949] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 358.545048][ T5949] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 358.545106][ T5949] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 358.545132][ T5949] usb 5-1: config 0 interface 0 has no altsetting 0 [ 358.555680][ T5949] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 358.555738][ T5949] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 358.555766][ T5949] usb 5-1: config 0 interface 0 has no altsetting 0 [ 358.594003][ T5949] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 358.594071][ T5949] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 358.594098][ T5949] usb 5-1: config 0 interface 0 has no altsetting 0 [ 358.607890][ T5949] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 358.607949][ T5949] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 358.607974][ T5949] usb 5-1: config 0 interface 0 has no altsetting 0 [ 358.654589][ T5949] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 358.654652][ T5949] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 358.654679][ T5949] usb 5-1: config 0 interface 0 has no altsetting 0 [ 358.695233][ T5949] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 358.695292][ T5949] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 358.695318][ T5949] usb 5-1: config 0 interface 0 has no altsetting 0 [ 358.736444][ T5949] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 358.736506][ T5949] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 358.736533][ T5949] usb 5-1: config 0 interface 0 has no altsetting 0 [ 358.770212][ T5949] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 358.770271][ T5949] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 358.770297][ T5949] usb 5-1: config 0 interface 0 has no altsetting 0 [ 358.865888][ T5949] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 358.865918][ T5949] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 358.865937][ T5949] usb 5-1: Product: syz [ 358.865949][ T5949] usb 5-1: Manufacturer: syz [ 358.865962][ T5949] usb 5-1: SerialNumber: syz [ 358.963775][ T5949] usb 5-1: config 0 descriptor?? [ 358.992219][ T5949] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 362.754947][ T8319] delete_channel: no stack [ 362.816344][ T7982] hsr_slave_0: entered promiscuous mode [ 362.817569][ T7982] hsr_slave_1: entered promiscuous mode [ 362.833506][ T7982] debugfs: 'hsr0' already exists in 'hsr' [ 362.833526][ T7982] Cannot create hsr debugfs directory [ 362.879259][ T5875] usb 5-1: USB disconnect, device number 5 [ 362.894848][ T5875] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 363.140046][ T8039] bridge0: port 1(bridge_slave_0) entered blocking state [ 363.140170][ T8039] bridge0: port 1(bridge_slave_0) entered disabled state [ 363.140376][ T8039] bridge_slave_0: entered allmulticast mode [ 363.148900][ T8039] bridge_slave_0: entered promiscuous mode [ 363.311791][ T8334] netlink: 28 bytes leftover after parsing attributes in process `syz.0.705'. [ 363.340502][ T8039] bridge0: port 2(bridge_slave_1) entered blocking state [ 363.340625][ T8039] bridge0: port 2(bridge_slave_1) entered disabled state [ 363.340848][ T8039] bridge_slave_1: entered allmulticast mode [ 363.372579][ T8039] bridge_slave_1: entered promiscuous mode [ 363.821470][ T8039] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 364.066871][ T8039] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 366.692551][ T8356] delete_channel: no stack [ 366.804845][ T8039] team0: Port device team_slave_0 added [ 367.681577][ T8039] team0: Port device team_slave_1 added [ 367.840462][ T8368] netlink: 28 bytes leftover after parsing attributes in process `syz.0.715'. [ 367.991900][ T8039] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 367.991911][ T8039] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 367.991925][ T8039] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 368.020810][ T8039] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 368.020828][ T8039] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 368.020853][ T8039] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 370.644921][ T8039] hsr_slave_0: entered promiscuous mode [ 370.646258][ T8039] hsr_slave_1: entered promiscuous mode [ 370.647167][ T8039] debugfs: 'hsr0' already exists in 'hsr' [ 370.647190][ T8039] Cannot create hsr debugfs directory [ 370.731744][ T5800] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 370.883934][ T5800] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 370.888711][ T5800] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 370.890476][ T5800] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 370.891211][ T5800] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 370.988629][ T8406] delete_channel: no stack [ 371.090526][ T8414] netlink: 28 bytes leftover after parsing attributes in process `syz.4.725'. [ 371.390727][ T8417] overlayfs: regular lower layers cannot follow data lower layers [ 371.483614][ T8418] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6) [ 371.483632][ T8418] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 371.483690][ T8418] vhci_hcd vhci_hcd.0: Device attached [ 371.898329][ T5949] usb 42-1: SetAddress Request (6) to port 0 [ 371.898972][ T5949] usb 42-1: new SuperSpeed USB device number 6 using vhci_hcd [ 372.201629][ T8419] vhci_hcd: connection reset by peer [ 372.206364][ T1107] vhci_hcd vhci_hcd.4: stop threads [ 372.206388][ T1107] vhci_hcd vhci_hcd.4: release socket [ 372.210848][ T1107] vhci_hcd vhci_hcd.4: disconnect device [ 372.968072][ T5800] Bluetooth: hci0: command tx timeout [ 375.297112][ T5800] Bluetooth: hci0: command tx timeout [ 377.016108][ T5949] usb 42-1: device descriptor read/8, error -110 [ 377.368003][ T5800] Bluetooth: hci0: command tx timeout [ 377.441284][ T5949] usb usb42-port1: attempt power cycle [ 377.782377][ T8446] 9pnet_virtio: no channels available for device syz [ 377.900212][ T8446] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 378.085460][ T5949] usb usb42-port1: unable to enumerate USB device [ 378.779754][ T8450] fuse: Bad value for 'fd' [ 379.376971][ T8462] netlink: 28 bytes leftover after parsing attributes in process `syz.3.735'. [ 379.432691][ T61] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 379.452126][ T61] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 379.453462][ T61] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 379.456057][ T61] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 379.458330][ T5808] Bluetooth: hci0: command tx timeout [ 379.468363][ T61] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 379.620112][ T8469] binder: BINDER_SET_CONTEXT_MGR already set [ 379.620125][ T8469] binder: 8468:8469 ioctl 4018620d 200000000040 returned -16 [ 380.416790][ T8482] netlink: 12 bytes leftover after parsing attributes in process `syz.4.739'. [ 380.525985][ T8487] binder: 8480:8487 ioctl 0 200000000040 returned -22 [ 381.616443][ T5800] Bluetooth: hci2: command tx timeout [ 381.723001][ T8496] 9pnet_virtio: no channels available for device syz [ 381.762337][ T8496] serio: Serial port ptm0 [ 381.821259][ T8496] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 381.894487][ T8501] netlink: 12 bytes leftover after parsing attributes in process `syz.3.744'. [ 382.006038][ T8496] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 382.006165][ T8496] overlayfs: failed to look up (tracing) for ino (-66) [ 382.079828][ T4428] bridge_slave_1: left allmulticast mode [ 382.079856][ T4428] bridge_slave_1: left promiscuous mode [ 382.080094][ T4428] bridge0: port 2(bridge_slave_1) entered disabled state [ 382.182924][ T4428] bridge_slave_0: left allmulticast mode [ 382.182953][ T4428] bridge_slave_0: left promiscuous mode [ 382.183214][ T4428] bridge0: port 1(bridge_slave_0) entered disabled state [ 382.309195][ T4428] bridge_slave_1: left allmulticast mode [ 382.309243][ T4428] bridge_slave_1: left promiscuous mode [ 382.309526][ T4428] bridge0: port 2(bridge_slave_1) entered disabled state [ 382.469012][ T8505] binder: 8500:8505 ioctl 0 200000000040 returned -22 [ 383.279760][ T4428] bridge_slave_0: left allmulticast mode [ 383.279788][ T4428] bridge_slave_0: left promiscuous mode [ 383.280051][ T4428] bridge0: port 1(bridge_slave_0) entered disabled state [ 383.697311][ T5800] Bluetooth: hci2: command tx timeout [ 383.698939][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.698995][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 385.473647][ T8517] fuse: Bad value for 'fd' [ 385.768104][ T5800] Bluetooth: hci2: command tx timeout [ 387.858232][ T5800] Bluetooth: hci2: command tx timeout [ 388.389892][ T8537] binder: 8535:8537 ioctl 0 200000000040 returned -22 [ 388.689913][ T8539] 9pnet_virtio: no channels available for device syz [ 388.727460][ T8539] serio: Serial port ptm0 [ 388.775341][ T8539] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 388.776578][ T4428] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 389.095601][ T4428] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 389.177399][ T4428] bond0 (unregistering): Released all slaves [ 390.142315][ T8554] fuse: Bad value for 'fd' [ 390.959772][ T4428] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 391.065764][ T4428] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 391.156529][ T4428] bond0 (unregistering): Released all slaves [ 391.456428][ T8402] chnl_net:caif_netlink_parms(): no params data found [ 391.457956][ T5945] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 391.628949][ T5945] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 391.630288][ T5945] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 391.630343][ T5945] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 391.630370][ T5945] usb 4-1: config 0 interface 0 has no altsetting 0 [ 391.631560][ T5945] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 391.631611][ T5945] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 391.631645][ T5945] usb 4-1: config 0 interface 0 has no altsetting 0 [ 391.634388][ T5945] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 391.634441][ T5945] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 391.634467][ T5945] usb 4-1: config 0 interface 0 has no altsetting 0 [ 391.635892][ T5945] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 391.635942][ T5945] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 391.635968][ T5945] usb 4-1: config 0 interface 0 has no altsetting 0 [ 391.689109][ T5945] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 391.689167][ T5945] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 391.689194][ T5945] usb 4-1: config 0 interface 0 has no altsetting 0 [ 391.690250][ T5945] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 391.690300][ T5945] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 391.690325][ T5945] usb 4-1: config 0 interface 0 has no altsetting 0 [ 391.710707][ T5945] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 391.710762][ T5945] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 391.710785][ T5945] usb 4-1: config 0 interface 0 has no altsetting 0 [ 391.714863][ T5945] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 391.714916][ T5945] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 391.714942][ T5945] usb 4-1: config 0 interface 0 has no altsetting 0 [ 394.759514][ T5945] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 394.759546][ T5945] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 394.764956][ T5945] usb 4-1: config 0 descriptor?? [ 394.771024][ T5945] usb 4-1: can't set config #0, error -71 [ 394.776750][ T5945] usb 4-1: USB disconnect, device number 4 [ 394.818061][ T8402] bridge0: port 1(bridge_slave_0) entered blocking state [ 394.818174][ T8402] bridge0: port 1(bridge_slave_0) entered disabled state [ 394.818406][ T8402] bridge_slave_0: entered allmulticast mode [ 394.820905][ T8402] bridge_slave_0: entered promiscuous mode [ 395.032920][ T8402] bridge0: port 2(bridge_slave_1) entered blocking state [ 395.033084][ T8402] bridge0: port 2(bridge_slave_1) entered disabled state [ 395.033334][ T8402] bridge_slave_1: entered allmulticast mode [ 395.091663][ T8402] bridge_slave_1: entered promiscuous mode [ 395.162177][ T8592] binder: 8589:8592 ioctl 0 200000000040 returned -22 [ 396.883068][ T8402] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 396.945742][ T8402] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 397.138086][ T4428] hsr_slave_0: left promiscuous mode [ 397.321197][ T4428] hsr_slave_1: left promiscuous mode [ 397.322018][ T4428] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 397.359460][ T4428] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 397.523417][ T5860] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 401.088002][ T4428] hsr_slave_0: left promiscuous mode [ 401.217901][ T4428] hsr_slave_1: left promiscuous mode [ 401.219370][ T4428] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 401.261191][ T5860] usb 1-1: device descriptor read/all, error -71 [ 401.275944][ T4428] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 403.358439][ T8636] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 408.618832][ T4428] team0 (unregistering): Port device team_slave_1 removed [ 409.239832][ T4428] team0 (unregistering): Port device team_slave_0 removed [ 415.729885][ T4428] team0 (unregistering): Port device team_slave_1 removed [ 416.109436][ T4428] team0 (unregistering): Port device team_slave_0 removed [ 428.267598][ T8460] chnl_net:caif_netlink_parms(): no params data found [ 428.776070][ T8460] bridge0: port 1(bridge_slave_0) entered blocking state [ 428.818019][ T8460] bridge0: port 1(bridge_slave_0) entered disabled state [ 428.818282][ T8460] bridge_slave_0: entered allmulticast mode [ 428.820999][ T8460] bridge_slave_0: entered promiscuous mode [ 428.826615][ T8460] bridge0: port 2(bridge_slave_1) entered blocking state [ 428.849535][ T8460] bridge0: port 2(bridge_slave_1) entered disabled state [ 428.849780][ T8460] bridge_slave_1: entered allmulticast mode [ 428.868634][ T8460] bridge_slave_1: entered promiscuous mode [ 429.071290][ T61] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 429.090056][ T61] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 429.114601][ T61] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 429.160155][ T61] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 429.165139][ T61] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 429.166216][ T8460] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 429.207312][ T8460] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 429.595916][ T8460] team0: Port device team_slave_0 added [ 429.946861][ T8772] overlayfs: failed to resolve './bus': -2 [ 432.008177][ T61] Bluetooth: hci5: command tx timeout [ 433.593542][ T8460] team0: Port device team_slave_1 added [ 433.703940][ T8460] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 433.703955][ T8460] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 433.703977][ T8460] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 433.706368][ T8460] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 433.706382][ T8460] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 433.706406][ T8460] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 434.092895][ T5800] Bluetooth: hci5: command tx timeout [ 434.212962][ T8460] hsr_slave_0: entered promiscuous mode [ 434.213801][ T8460] hsr_slave_1: entered promiscuous mode [ 434.214367][ T8460] debugfs: 'hsr0' already exists in 'hsr' [ 434.214382][ T8460] Cannot create hsr debugfs directory [ 435.837952][ T5875] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 436.004172][ T5875] usb 1-1: too many configurations: 9, using maximum allowed: 8 [ 436.018888][ T5875] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 436.018950][ T5875] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 436.018977][ T5875] usb 1-1: config 0 interface 0 has no altsetting 0 [ 436.031121][ T5875] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 436.031240][ T5875] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 436.031267][ T5875] usb 1-1: config 0 interface 0 has no altsetting 0 [ 436.032764][ T5875] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 436.032821][ T5875] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 436.032847][ T5875] usb 1-1: config 0 interface 0 has no altsetting 0 [ 436.034225][ T5875] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 436.034300][ T5875] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 436.034325][ T5875] usb 1-1: config 0 interface 0 has no altsetting 0 [ 436.036581][ T5875] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 436.036633][ T5875] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 436.036657][ T5875] usb 1-1: config 0 interface 0 has no altsetting 0 [ 436.037752][ T5875] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 436.038027][ T5875] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 436.038053][ T5875] usb 1-1: config 0 interface 0 has no altsetting 0 [ 436.039672][ T5875] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 436.039731][ T5875] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 436.039757][ T5875] usb 1-1: config 0 interface 0 has no altsetting 0 [ 436.046983][ T5875] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 436.047038][ T5875] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 436.047064][ T5875] usb 1-1: config 0 interface 0 has no altsetting 0 [ 436.062372][ T5875] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 436.062400][ T5875] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 436.062419][ T5875] usb 1-1: Product: syz [ 436.062432][ T5875] usb 1-1: Manufacturer: syz [ 436.062445][ T5875] usb 1-1: SerialNumber: syz [ 436.314092][ T5800] Bluetooth: hci5: command tx timeout [ 436.352993][ T5875] usb 1-1: config 0 descriptor?? [ 437.086980][ T5875] yurex 1-1:0.0: USB YUREX device now attached to Yurex #0 [ 439.373539][ T5800] Bluetooth: hci5: command tx timeout [ 439.919894][ T61] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 439.951040][ T61] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 439.953742][ T61] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 439.985329][ T61] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 439.986627][ T61] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 440.514878][ C1] usb 1-1: yurex_control_callback - control failed: -2 [ 440.629075][ T5875] usb 1-1: USB disconnect, device number 7 [ 440.703444][ T5875] yurex 1-1:0.0: USB YUREX #0 now disconnected [ 440.729809][ C1] dummy_hcd dummy_hcd.0: timer fired with no URBs pending? [ 441.358758][ T8758] chnl_net:caif_netlink_parms(): no params data found [ 441.720509][ T4428] bridge_slave_1: left allmulticast mode [ 441.720538][ T4428] bridge_slave_1: left promiscuous mode [ 441.726377][ T4428] bridge0: port 2(bridge_slave_1) entered disabled state [ 441.799955][ T4428] bridge_slave_0: left allmulticast mode [ 441.799976][ T4428] bridge_slave_0: left promiscuous mode [ 441.800198][ T4428] bridge0: port 1(bridge_slave_0) entered disabled state [ 441.873947][ T4428] bridge_slave_1: left allmulticast mode [ 441.873977][ T4428] bridge_slave_1: left promiscuous mode [ 441.874201][ T4428] bridge0: port 2(bridge_slave_1) entered disabled state [ 441.960472][ T4428] bridge_slave_0: left allmulticast mode [ 441.960503][ T4428] bridge_slave_0: left promiscuous mode [ 441.960785][ T4428] bridge0: port 1(bridge_slave_0) entered disabled state [ 442.063516][ T4428] bridge_slave_1: left allmulticast mode [ 442.063546][ T4428] bridge_slave_1: left promiscuous mode [ 442.063778][ T4428] bridge0: port 2(bridge_slave_1) entered disabled state [ 442.098706][ T61] Bluetooth: hci0: command tx timeout [ 442.189584][ T4428] bridge_slave_0: left allmulticast mode [ 442.189613][ T4428] bridge_slave_0: left promiscuous mode [ 442.189855][ T4428] bridge0: port 1(bridge_slave_0) entered disabled state [ 442.638738][ T4428] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 442.741143][ T4428] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 443.055020][ T4428] bond0 (unregistering): Released all slaves [ 443.990159][ T37] audit: type=1326 audit(1770583871.180:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8878 comm="syz.4.835" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdb1169aeb9 code=0x0 [ 444.177828][ T61] Bluetooth: hci0: command tx timeout [ 445.491086][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.491153][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 446.082455][ T4428] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 446.211491][ T4428] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 446.238114][ T5806] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 446.247922][ T61] Bluetooth: hci0: command tx timeout [ 446.301335][ T4428] bond0 (unregistering): Released all slaves [ 446.422811][ T5806] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 446.683142][ T5806] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 446.705736][ T5806] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 446.705844][ T5806] usb 5-1: config 0 interface 0 has no altsetting 0 [ 446.855044][ T5806] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 446.855104][ T5806] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 446.855131][ T5806] usb 5-1: config 0 interface 0 has no altsetting 0 [ 446.891957][ T5806] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 446.892016][ T5806] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 446.892042][ T5806] usb 5-1: config 0 interface 0 has no altsetting 0 [ 446.893250][ T5806] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 446.893302][ T5806] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 446.893317][ T5806] usb 5-1: config 0 interface 0 has no altsetting 0 [ 446.894326][ T5806] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 446.894381][ T5806] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 446.894407][ T5806] usb 5-1: config 0 interface 0 has no altsetting 0 [ 446.895362][ T5806] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 446.895412][ T5806] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 446.895437][ T5806] usb 5-1: config 0 interface 0 has no altsetting 0 [ 446.896430][ T5806] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 446.896491][ T5806] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 446.896513][ T5806] usb 5-1: config 0 interface 0 has no altsetting 0 [ 446.897671][ T5806] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 446.897730][ T5806] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 446.897745][ T5806] usb 5-1: config 0 interface 0 has no altsetting 0 [ 447.060561][ T5806] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 447.060580][ T5806] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 447.060590][ T5806] usb 5-1: Product: syz [ 447.060598][ T5806] usb 5-1: Manufacturer: syz [ 447.060605][ T5806] usb 5-1: SerialNumber: syz [ 447.064278][ T5806] usb 5-1: config 0 descriptor?? [ 447.116812][ T5806] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 448.332411][ T61] Bluetooth: hci0: command tx timeout [ 448.525048][ T8897] overlayfs: failed to resolve './file1': -2 [ 448.529924][ T4428] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 448.638896][ T4428] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 448.703873][ T4428] bond0 (unregistering): Released all slaves [ 450.057881][ C1] usb 5-1: yurex_control_callback - control failed: -2 [ 450.708700][ T5806] usb 5-1: USB disconnect, device number 6 [ 450.771159][ T5806] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 452.381062][ T37] audit: type=1326 audit(1770583880.000:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8914 comm="syz.4.845" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdb1169aeb9 code=0x0 [ 454.547879][ T4428] hsr_slave_0: left promiscuous mode [ 454.598241][ T4428] hsr_slave_1: left promiscuous mode [ 454.599237][ T4428] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 454.650902][ T4428] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 454.852791][ T4428] hsr_slave_0: left promiscuous mode [ 454.888450][ T4428] hsr_slave_1: left promiscuous mode [ 454.889357][ T4428] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 454.983512][ T4428] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 455.740699][ T37] audit: type=1326 audit(1770583883.380:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8950 comm="syz.3.856" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f87080baeb9 code=0x0 [ 457.031709][ T8957] binder: BINDER_SET_CONTEXT_MGR already set [ 457.031725][ T8957] binder: 8956:8957 ioctl 4018620d 200000000100 returned -16 [ 457.034682][ T8957] binder: BINDER_SET_CONTEXT_MGR already set [ 457.034703][ T8957] binder: 8956:8957 ioctl 4018620d 2000000002c0 returned -16 [ 459.540125][ T8977] Zero length message leads to an empty skb [ 459.750816][ T8979] binder: BINDER_SET_CONTEXT_MGR already set [ 459.750832][ T8979] binder: 8978:8979 ioctl 4018620d 2000000002c0 returned -16 [ 460.042221][ T37] audit: type=1326 audit(1770583887.670:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8980 comm="syz.3.868" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f87080baeb9 code=0x0 [ 462.277897][ T5945] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 462.452247][ T5945] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 462.452267][ T5945] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 462.452280][ T5945] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 462.452291][ T5945] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 462.452315][ T5945] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 462.452326][ T5945] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 462.456542][ T5945] usb 4-1: config 0 descriptor?? [ 462.562940][ T4428] team0 (unregistering): Port device team_slave_1 removed [ 462.759383][ T4428] team0 (unregistering): Port device team_slave_0 removed [ 466.403647][ T37] audit: type=1326 audit(1770583894.040:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9013 comm="syz.4.878" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdb1169aeb9 code=0x0 [ 468.009020][ T5945] usbhid 4-1:0.0: can't add hid device: -32 [ 468.009149][ T5945] usbhid 4-1:0.0: probe with driver usbhid failed with error -32 [ 468.548651][ T4428] team0 (unregistering): Port device team_slave_1 removed [ 468.678485][ T4428] team0 (unregistering): Port device team_slave_0 removed [ 469.678113][ T8758] bridge0: port 1(bridge_slave_0) entered blocking state [ 469.678228][ T8758] bridge0: port 1(bridge_slave_0) entered disabled state [ 469.678467][ T8758] bridge_slave_0: entered allmulticast mode [ 469.680929][ T8758] bridge_slave_0: entered promiscuous mode [ 469.711003][ T5875] usb 4-1: USB disconnect, device number 5 [ 469.777149][ T8758] bridge0: port 2(bridge_slave_1) entered blocking state [ 469.777352][ T8758] bridge0: port 2(bridge_slave_1) entered disabled state [ 469.777672][ T8758] bridge_slave_1: entered allmulticast mode [ 469.836742][ T8758] bridge_slave_1: entered promiscuous mode [ 472.147057][ T8758] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 472.527564][ T37] audit: type=1326 audit(1770583899.930:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9043 comm="syz.3.887" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f87080baeb9 code=0x0 [ 473.201241][ T8758] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 473.290226][ T8758] team0: Port device team_slave_0 added [ 473.293673][ T8758] team0: Port device team_slave_1 added [ 473.386464][ T8758] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 473.386481][ T8758] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 473.386505][ T8758] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 473.440326][ T8758] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 473.440343][ T8758] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 473.440370][ T8758] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 473.567725][ T8758] hsr_slave_0: entered promiscuous mode [ 473.575088][ T8758] hsr_slave_1: entered promiscuous mode [ 473.576034][ T8758] debugfs: 'hsr0' already exists in 'hsr' [ 473.576058][ T8758] Cannot create hsr debugfs directory [ 475.309395][ T9072] fuse: Bad value for 'group_id' [ 475.309414][ T9072] fuse: Bad value for 'group_id' [ 475.847968][ T5806] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 476.009015][ T5806] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 476.009049][ T5806] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 476.009074][ T5806] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 476.009096][ T5806] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 476.009139][ T5806] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 476.009162][ T5806] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 476.083361][ T5806] usb 4-1: config 0 descriptor?? [ 476.461304][ T8847] chnl_net:caif_netlink_parms(): no params data found [ 476.563857][ T9096] netlink: 8 bytes leftover after parsing attributes in process `syz.0.897'. [ 476.566358][ T5806] usbhid 4-1:0.0: can't add hid device: -71 [ 476.566483][ T5806] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 476.597232][ T5806] usb 4-1: USB disconnect, device number 6 [ 477.734945][ T9112] 9pnet_virtio: no channels available for device syz [ 479.425230][ T8847] bridge0: port 1(bridge_slave_0) entered blocking state [ 479.425350][ T8847] bridge0: port 1(bridge_slave_0) entered disabled state [ 479.425730][ T8847] bridge_slave_0: entered allmulticast mode [ 479.477714][ T8847] bridge_slave_0: entered promiscuous mode [ 479.492105][ T9118] netlink: 8 bytes leftover after parsing attributes in process `syz.3.906'. [ 479.492445][ T8847] bridge0: port 2(bridge_slave_1) entered blocking state [ 479.492540][ T8847] bridge0: port 2(bridge_slave_1) entered disabled state [ 479.492740][ T8847] bridge_slave_1: entered allmulticast mode [ 479.496408][ T8847] bridge_slave_1: entered promiscuous mode [ 479.595837][ T9121] fuse: Bad value for 'group_id' [ 479.595858][ T9121] fuse: Bad value for 'group_id' [ 479.787208][ T8847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 479.787303][ T8758] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 479.836946][ T8847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 479.837208][ T8758] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 480.003249][ T8758] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 480.238381][ T8758] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 480.301984][ T8847] team0: Port device team_slave_0 added [ 480.916081][ T8847] team0: Port device team_slave_1 added [ 481.130433][ T9159] binder: 9157:9159 ioctl 0 200000000040 returned -22 [ 481.320037][ T9165] fuse: Bad value for 'group_id' [ 481.320057][ T9165] fuse: Bad value for 'group_id' [ 481.570452][ T8847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 481.570470][ T8847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 481.570494][ T8847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 481.577050][ T8847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 481.577066][ T8847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 481.577092][ T8847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 482.215397][ T8847] hsr_slave_0: entered promiscuous mode [ 482.216162][ T8847] hsr_slave_1: entered promiscuous mode [ 482.216705][ T8847] debugfs: 'hsr0' already exists in 'hsr' [ 482.216719][ T8847] Cannot create hsr debugfs directory [ 482.872290][ T9188] binder: BINDER_SET_CONTEXT_MGR already set [ 482.872305][ T9188] binder: 9187:9188 ioctl 4018620d 200000000100 returned -16 [ 482.873954][ T9188] binder: BINDER_SET_CONTEXT_MGR already set [ 482.873967][ T9188] binder: 9187:9188 ioctl 4018620d 2000000002c0 returned -16 [ 483.556458][ T4428] bridge_slave_1: left allmulticast mode [ 483.556480][ T4428] bridge_slave_1: left promiscuous mode [ 483.556651][ T4428] bridge0: port 2(bridge_slave_1) entered disabled state [ 483.821916][ T4428] bridge_slave_0: left allmulticast mode [ 483.821939][ T4428] bridge_slave_0: left promiscuous mode [ 483.822117][ T4428] bridge0: port 1(bridge_slave_0) entered disabled state [ 485.038722][ T4428] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 485.168573][ T4428] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 485.271057][ T4428] bond0 (unregistering): Released all slaves [ 485.431912][ T9215] binder: BINDER_SET_CONTEXT_MGR already set [ 485.431928][ T9215] binder: 9214:9215 ioctl 4018620d 200000000100 returned -16 [ 485.433738][ T9215] binder: BINDER_SET_CONTEXT_MGR already set [ 485.433751][ T9215] binder: 9214:9215 ioctl 4018620d 200000004a80 returned -16 [ 485.574829][ T9219] binder: 9217:9219 ioctl 0 200000000040 returned -22 [ 485.818889][ T9224] netlink: 12 bytes leftover after parsing attributes in process `syz.3.927'. [ 485.907659][ T9227] binder: BINDER_SET_CONTEXT_MGR already set [ 485.907675][ T9227] binder: 9225:9227 ioctl 4018620d 200000000100 returned -16 [ 485.923609][ T9227] binder: BINDER_SET_CONTEXT_MGR already set [ 485.923624][ T9227] binder: 9225:9227 ioctl 4018620d 2000000002c0 returned -16 [ 486.022808][ T4428] hsr_slave_0: left promiscuous mode [ 486.058515][ T4428] hsr_slave_1: left promiscuous mode [ 486.063734][ T4428] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 486.118161][ T4428] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 486.430199][ T9226] binder: 9222:9226 ioctl 0 200000000040 returned -22 [ 488.866919][ T9253] 9pnet_virtio: no channels available for device syz [ 490.833043][ T5800] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 490.850479][ T5800] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 490.851994][ T5800] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 490.853459][ T5800] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 490.854182][ T5800] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 491.579056][ T4428] team0 (unregistering): Port device team_slave_1 removed [ 491.745149][ T9285] binder: 9284:9285 ioctl 0 200000000040 returned -22 [ 491.804950][ T4428] team0 (unregistering): Port device team_slave_0 removed [ 492.832949][ T9306] binder: BINDER_SET_CONTEXT_MGR already set [ 492.832959][ T9306] binder: 9305:9306 ioctl 4018620d 200000000100 returned -16 [ 492.834618][ T9306] binder: BINDER_SET_CONTEXT_MGR already set [ 492.834626][ T9306] binder: 9305:9306 ioctl 4018620d 200000004a80 returned -16 [ 492.888189][ T61] Bluetooth: hci2: command tx timeout [ 493.424601][ T9315] 9pnet_virtio: no channels available for device syz [ 493.443741][ T9315] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 493.499763][ T8847] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 493.609436][ T8847] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 493.757875][ T8847] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 493.870816][ T9315] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 493.870893][ T9315] overlayfs: failed to look up (tracing) for ino (-66) [ 494.568527][ T8847] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 495.257876][ T61] Bluetooth: hci2: command tx timeout [ 497.318651][ T61] Bluetooth: hci2: command tx timeout [ 498.146041][ T9263] chnl_net:caif_netlink_parms(): no params data found [ 498.285929][ T9376] binder: BINDER_SET_CONTEXT_MGR already set [ 498.285944][ T9376] binder: 9375:9376 ioctl 4018620d 200000000100 returned -16 [ 498.287647][ T9376] binder: BINDER_SET_CONTEXT_MGR already set [ 498.287659][ T9376] binder: 9375:9376 ioctl 4018620d 200000004a80 returned -16 [ 499.195259][ T9263] bridge0: port 1(bridge_slave_0) entered blocking state [ 499.200444][ T9263] bridge0: port 1(bridge_slave_0) entered disabled state [ 499.200690][ T9263] bridge_slave_0: entered allmulticast mode [ 499.225156][ T9263] bridge_slave_0: entered promiscuous mode [ 499.248112][ T8847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 499.261898][ T9263] bridge0: port 2(bridge_slave_1) entered blocking state [ 499.262699][ T9263] bridge0: port 2(bridge_slave_1) entered disabled state [ 499.262940][ T9263] bridge_slave_1: entered allmulticast mode [ 499.266619][ T9263] bridge_slave_1: entered promiscuous mode [ 499.367966][ T61] Bluetooth: hci2: command tx timeout [ 499.514914][ T9391] netlink: 12 bytes leftover after parsing attributes in process `syz.3.951'. [ 499.536533][ T9263] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 499.559938][ T9263] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 499.645394][ T9263] team0: Port device team_slave_0 added [ 499.654782][ T9263] team0: Port device team_slave_1 added [ 499.722942][ T9263] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 499.722959][ T9263] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 499.722974][ T9263] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 499.724365][ T9263] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 499.724377][ T9263] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 499.724393][ T9263] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 499.982027][ T9263] hsr_slave_0: entered promiscuous mode [ 499.991464][ T9263] hsr_slave_1: entered promiscuous mode [ 499.992418][ T9263] debugfs: 'hsr0' already exists in 'hsr' [ 499.992440][ T9263] Cannot create hsr debugfs directory [ 500.569597][ T5800] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 500.576687][ T5800] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 500.585620][ T5800] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 500.613588][ T5800] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 500.634547][ T5800] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 501.651011][ T4428] bridge_slave_1: left allmulticast mode [ 501.651040][ T4428] bridge_slave_1: left promiscuous mode [ 501.651279][ T4428] bridge0: port 2(bridge_slave_1) entered disabled state [ 501.747677][ T4428] bridge_slave_0: left allmulticast mode [ 501.747698][ T4428] bridge_slave_0: left promiscuous mode [ 501.750585][ T4428] bridge0: port 1(bridge_slave_0) entered disabled state [ 502.733310][ T61] Bluetooth: hci0: command tx timeout [ 503.461652][ T4428] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 503.576848][ T4428] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 503.837597][ T4428] bond0 (unregistering): Released all slaves [ 504.410607][ T4428] hsr_slave_0: left promiscuous mode [ 504.462474][ T4428] hsr_slave_1: left promiscuous mode [ 504.463671][ T4428] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 504.514951][ T4428] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 504.693623][ T9428] binder: BINDER_SET_CONTEXT_MGR already set [ 504.693639][ T9428] binder: 9427:9428 ioctl 4018620d 200000000100 returned -16 [ 504.811454][ T61] Bluetooth: hci0: command tx timeout [ 506.576201][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.576271][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 507.146995][ T61] Bluetooth: hci0: command tx timeout [ 507.198521][ T4428] team0 (unregistering): Port device team_slave_1 removed [ 507.424691][ T4428] team0 (unregistering): Port device team_slave_0 removed [ 509.208364][ T61] Bluetooth: hci0: command tx timeout [ 509.325634][ T9455] netlink: 8 bytes leftover after parsing attributes in process `syz.0.968'. [ 509.734779][ T9458] netlink: 12 bytes leftover after parsing attributes in process `syz.0.969'. [ 511.357865][ T10] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 511.533051][ T10] usb 1-1: too many configurations: 9, using maximum allowed: 8 [ 511.534428][ T10] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 511.534483][ T10] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 511.534511][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 511.535704][ T10] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 511.535755][ T10] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 511.535782][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 511.537140][ T10] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 511.537191][ T10] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 511.537219][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 511.538809][ T10] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 511.538864][ T10] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 511.538891][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 511.540200][ T10] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 511.540254][ T10] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 511.540281][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 511.581575][ T10] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 511.581638][ T10] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 511.581667][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 511.692228][ T10] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 511.692293][ T10] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 511.692321][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 511.748308][ T10] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 511.748367][ T10] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 511.748395][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 511.756038][ T10] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 511.756068][ T10] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 511.756089][ T10] usb 1-1: Product: syz [ 511.756103][ T10] usb 1-1: Manufacturer: syz [ 511.756118][ T10] usb 1-1: SerialNumber: syz [ 511.822499][ T10] usb 1-1: config 0 descriptor?? [ 511.847514][ T10] yurex 1-1:0.0: USB YUREX device now attached to Yurex #0 [ 515.211956][ T9494] 9pnet_virtio: no channels available for device syz [ 515.477956][ T9494] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 515.807995][ T9] usb 1-1: USB disconnect, device number 8 [ 515.810864][ T9407] chnl_net:caif_netlink_parms(): no params data found [ 515.848991][ T9] yurex 1-1:0.0: USB YUREX #0 now disconnected [ 517.390859][ T9407] bridge0: port 1(bridge_slave_0) entered blocking state [ 517.390987][ T9407] bridge0: port 1(bridge_slave_0) entered disabled state [ 517.391312][ T9407] bridge_slave_0: entered allmulticast mode [ 517.393887][ T9407] bridge_slave_0: entered promiscuous mode [ 517.414672][ T9520] netlink: 8 bytes leftover after parsing attributes in process `syz.0.977'. [ 517.571228][ T9407] bridge0: port 2(bridge_slave_1) entered blocking state [ 517.571366][ T9407] bridge0: port 2(bridge_slave_1) entered disabled state [ 517.571610][ T9407] bridge_slave_1: entered allmulticast mode [ 517.574443][ T9407] bridge_slave_1: entered promiscuous mode [ 518.551718][ T9407] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 518.555855][ T9407] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 518.713557][ T9407] team0: Port device team_slave_0 added [ 518.751972][ T9407] team0: Port device team_slave_1 added [ 518.989000][ T9407] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 518.989018][ T9407] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 518.989044][ T9407] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 519.162531][ T9530] delete_channel: no stack [ 519.299177][ T9407] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 519.299194][ T9407] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 519.299215][ T9407] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 519.460526][ T9535] overlayfs: regular lower layers cannot follow data lower layers [ 519.524314][ T9535] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 519.524333][ T9535] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 519.534287][ T9535] vhci_hcd vhci_hcd.0: Device attached [ 519.801548][ T5875] usb 34-1: SetAddress Request (6) to port 0 [ 519.801813][ T5875] usb 34-1: new SuperSpeed USB device number 6 using vhci_hcd [ 519.872726][ T9538] vhci_hcd: connection reset by peer [ 519.873066][ T6021] vhci_hcd vhci_hcd.0: stop threads [ 519.873085][ T6021] vhci_hcd vhci_hcd.0: release socket [ 519.874914][ T6021] vhci_hcd vhci_hcd.0: disconnect device [ 521.599635][ T9547] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 521.741819][ T9263] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 521.763464][ T9547] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 521.763546][ T9547] overlayfs: failed to look up (tracing) for ino (-66) [ 521.828017][ T9263] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 521.902258][ T9263] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 522.447186][ T9559] 9pnet_virtio: no channels available for device syz [ 522.699542][ T9559] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 524.509381][ T9407] hsr_slave_0: entered promiscuous mode [ 524.510672][ T9407] hsr_slave_1: entered promiscuous mode [ 524.511534][ T9407] debugfs: 'hsr0' already exists in 'hsr' [ 524.511556][ T9407] Cannot create hsr debugfs directory [ 524.513363][ T9263] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 525.337037][ T5875] usb 34-1: device descriptor read/8, error -110 [ 525.922287][ T5875] usb usb34-port1: attempt power cycle [ 527.540521][ T5875] usb usb34-port1: unable to enumerate USB device [ 527.582427][ T9600] delete_channel: no stack [ 527.757087][ T9607] overlayfs: regular lower layers cannot follow data lower layers [ 527.817264][ T9607] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 527.821288][ T9607] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 527.821418][ T9607] vhci_hcd vhci_hcd.0: Device attached [ 528.067814][ T9612] vhci_hcd: connection closed [ 528.082164][ T69] vhci_hcd vhci_hcd.0: stop threads [ 528.082191][ T69] vhci_hcd vhci_hcd.0: release socket [ 528.082248][ T69] vhci_hcd vhci_hcd.0: disconnect device [ 528.126371][ T10] usb 34-1: enqueue for inactive port 0 [ 528.782933][ T10] usb usb34-port1: attempt power cycle [ 529.289726][ T9635] 9pnet_virtio: no channels available for device syz [ 529.504404][ T9635] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 529.937220][ T10] usb usb34-port1: unable to enumerate USB device [ 532.360131][ T4428] bridge_slave_1: left allmulticast mode [ 532.360187][ T4428] bridge_slave_1: left promiscuous mode [ 532.367567][ T4428] bridge0: port 2(bridge_slave_1) entered disabled state [ 532.374654][ T9651] 9pnet_virtio: no channels available for device syz [ 532.839611][ T4428] bridge_slave_0: left allmulticast mode [ 532.840018][ T4428] bridge_slave_0: left promiscuous mode [ 532.840349][ T4428] bridge0: port 1(bridge_slave_0) entered disabled state [ 533.032990][ T9658] delete_channel: no stack [ 534.365507][ T9680] 9pnet_virtio: no channels available for device syz [ 534.884266][ T9680] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 537.911148][ T9686] 9pnet_virtio: no channels available for device syz [ 539.551837][ T9693] 9pnet_virtio: no channels available for device syz [ 541.018147][ T9696] delete_channel: no stack [ 542.100503][ T4428] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 542.318380][ T4428] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 542.416116][ T9716] 9pnet_virtio: no channels available for device syz [ 542.632636][ T9716] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 543.867553][ T4428] bond0 (unregistering): Released all slaves [ 545.358032][ T4428] hsr_slave_0: left promiscuous mode [ 545.400297][ T4428] hsr_slave_1: left promiscuous mode [ 545.401246][ T4428] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 545.454257][ T4428] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 545.717700][ T9732] 9pnet_virtio: no channels available for device syz [ 545.910272][ T9732] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 548.611899][ T9746] 9pnet_virtio: no channels available for device syz [ 551.558678][ T4428] team0 (unregistering): Port device team_slave_1 removed [ 552.388656][ T4428] team0 (unregistering): Port device team_slave_0 removed [ 552.984642][ T9764] delete_channel: no stack [ 553.157318][ T5800] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 553.187532][ T5800] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 553.197656][ T5800] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 553.211033][ T5800] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 553.247490][ T5800] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 553.571236][ T9768] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1036'. [ 555.116816][ T9798] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 555.389787][ T5800] Bluetooth: hci5: command tx timeout [ 557.418915][ T9812] delete_channel: no stack [ 558.248313][ T5800] Bluetooth: hci5: command tx timeout [ 558.293649][ T9407] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 558.517485][ T9407] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 558.568066][ T9407] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 558.675792][ T9407] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 558.770034][ T9771] chnl_net:caif_netlink_parms(): no params data found [ 560.115935][ T9863] binder: BINDER_SET_CONTEXT_MGR already set [ 560.115950][ T9863] binder: 9862:9863 ioctl 4018620d 200000000100 returned -16 [ 560.153722][ T9863] binder: BINDER_SET_CONTEXT_MGR already set [ 560.153738][ T9863] binder: 9862:9863 ioctl 4018620d 200000004a80 returned -16 [ 560.341069][ T5800] Bluetooth: hci5: command tx timeout [ 560.938082][ T9771] bridge0: port 1(bridge_slave_0) entered blocking state [ 560.938207][ T9771] bridge0: port 1(bridge_slave_0) entered disabled state [ 560.938445][ T9771] bridge_slave_0: entered allmulticast mode [ 560.940981][ T9771] bridge_slave_0: entered promiscuous mode [ 560.999994][ T9771] bridge0: port 2(bridge_slave_1) entered blocking state [ 561.000113][ T9771] bridge0: port 2(bridge_slave_1) entered disabled state [ 561.000350][ T9771] bridge_slave_1: entered allmulticast mode [ 561.037964][ T9771] bridge_slave_1: entered promiscuous mode [ 561.137146][ T9771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 561.151418][ T9771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 561.216799][ T9771] team0: Port device team_slave_0 added [ 561.233169][ T9771] team0: Port device team_slave_1 added [ 561.374866][ T9880] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 561.495548][ T9873] delete_channel: no stack [ 561.864745][ T9880] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 561.864823][ T9880] overlayfs: failed to look up (tracing) for ino (-66) [ 562.300821][ T61] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 562.306750][ T61] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 562.332986][ T61] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 562.339713][ T61] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 562.340428][ T61] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 562.417866][ T61] Bluetooth: hci5: command tx timeout [ 562.488697][ T9902] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1061'. [ 562.805728][ T9905] 9pnet_virtio: no channels available for device syz [ 562.999528][ T9905] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 564.407935][ T61] Bluetooth: hci0: command tx timeout [ 564.419433][ T9904] binder: 9901:9904 ioctl 0 200000000040 returned -22 [ 566.497943][ T61] Bluetooth: hci0: command tx timeout [ 567.232800][ T9771] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 567.232812][ T9771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 567.232827][ T9771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 567.236623][ T9771] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 567.236634][ T9771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 567.236648][ T9771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 567.440086][ T9771] hsr_slave_0: entered promiscuous mode [ 567.443383][ T9771] hsr_slave_1: entered promiscuous mode [ 567.470179][ T9771] debugfs: 'hsr0' already exists in 'hsr' [ 567.470197][ T9771] Cannot create hsr debugfs directory [ 567.884943][ T9929] binder: BINDER_SET_CONTEXT_MGR already set [ 567.884953][ T9929] binder: 9926:9929 ioctl 4018620d 200000000100 returned -16 [ 567.886368][ T9929] binder: BINDER_SET_CONTEXT_MGR already set [ 567.886376][ T9929] binder: 9926:9929 ioctl 4018620d 200000004a80 returned -16 [ 567.970812][ T9924] delete_channel: no stack [ 568.014675][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.014744][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 568.596523][ T61] Bluetooth: hci0: command tx timeout [ 569.098908][ T9948] overlayfs: unescaped trailing colons in lowerdir mount option. [ 569.163115][ T9951] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 569.163143][ T9951] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 569.193014][ T9951] vhci_hcd vhci_hcd.0: Device attached [ 569.497995][ T9] usb 40-1: SetAddress Request (2) to port 0 [ 569.498075][ T9] usb 40-1: new SuperSpeed USB device number 2 using vhci_hcd [ 569.560529][ T9952] vhci_hcd: connection reset by peer [ 569.561074][ T1015] vhci_hcd vhci_hcd.3: stop threads [ 569.561096][ T1015] vhci_hcd vhci_hcd.3: release socket [ 569.561169][ T1015] vhci_hcd vhci_hcd.3: disconnect device [ 569.568269][ T932] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 569.730856][ T932] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 569.730892][ T932] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 569.730918][ T932] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 569.730940][ T932] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 569.730983][ T932] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 569.731006][ T932] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 569.827415][ T932] usb 5-1: config 0 descriptor?? [ 569.878163][ T4428] bridge_slave_1: left allmulticast mode [ 569.878192][ T4428] bridge_slave_1: left promiscuous mode [ 569.878557][ T4428] bridge0: port 2(bridge_slave_1) entered disabled state [ 569.959474][ T4428] bridge_slave_0: left allmulticast mode [ 569.959505][ T4428] bridge_slave_0: left promiscuous mode [ 569.959945][ T4428] bridge0: port 1(bridge_slave_0) entered disabled state [ 570.289326][ T932] usbhid 5-1:0.0: can't add hid device: -71 [ 570.289445][ T932] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 570.309464][ T932] usb 5-1: USB disconnect, device number 7 [ 570.727865][ T61] Bluetooth: hci0: command tx timeout [ 572.748688][ T4428] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 572.868760][ T4428] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 572.935295][ T4428] bond0 (unregistering): Released all slaves [ 573.715345][ T4428] hsr_slave_0: left promiscuous mode [ 573.759295][ T4428] hsr_slave_1: left promiscuous mode [ 573.764369][ T4428] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 573.786077][ T4428] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 574.575411][ T9] usb 40-1: device descriptor read/8, error -110 [ 574.966466][ T9] usb usb40-port1: attempt power cycle [ 575.097910][ T5875] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 575.152938][ T4428] team0 (unregistering): Port device team_slave_1 removed [ 575.527030][ T9] usb usb40-port1: unable to enumerate USB device [ 575.546165][ T5875] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 575.546202][ T5875] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 575.546240][ T5875] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 575.546263][ T5875] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 575.585852][T10018] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 575.760217][ T5875] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 575.772356][ T4428] team0 (unregistering): Port device team_slave_0 removed [ 576.106896][ T5875] usb 1-1: USB disconnect, device number 9 [ 577.147842][ T5875] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 577.327290][ T5875] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 577.327323][ T5875] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 577.327349][ T5875] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 577.327370][ T5875] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 577.327411][ T5875] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 577.327433][ T5875] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 577.399972][ T5875] usb 5-1: config 0 descriptor?? [ 577.539076][ T9894] chnl_net:caif_netlink_parms(): no params data found [ 577.863059][ T5875] usbhid 5-1:0.0: can't add hid device: -71 [ 577.863189][ T5875] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 577.895050][ T5875] usb 5-1: USB disconnect, device number 8 [ 578.185096][ T9894] bridge0: port 1(bridge_slave_0) entered blocking state [ 578.185264][ T9894] bridge0: port 1(bridge_slave_0) entered disabled state [ 578.185443][ T9894] bridge_slave_0: entered allmulticast mode [ 578.209183][ T9894] bridge_slave_0: entered promiscuous mode [ 578.213016][ T9894] bridge0: port 2(bridge_slave_1) entered blocking state [ 578.213205][ T9894] bridge0: port 2(bridge_slave_1) entered disabled state [ 578.213389][ T9894] bridge_slave_1: entered allmulticast mode [ 578.216200][ T9894] bridge_slave_1: entered promiscuous mode [ 578.392203][ T9894] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 578.397349][ T9894] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 578.479223][ T9894] team0: Port device team_slave_0 added [ 578.484406][ T9894] team0: Port device team_slave_1 added [ 578.622779][ T9894] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 578.622795][ T9894] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 578.622816][ T9894] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 578.637041][ T9894] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 578.637057][ T9894] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 578.637083][ T9894] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 579.128388][ T932] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 579.280535][ T932] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 579.282037][ T932] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 579.282093][ T932] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 579.282121][ T932] usb 5-1: config 0 interface 0 has no altsetting 0 [ 579.285120][ T932] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 579.285240][ T932] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 579.285301][ T932] usb 5-1: config 0 interface 0 has no altsetting 0 [ 579.336772][ T9894] hsr_slave_0: entered promiscuous mode [ 579.338607][ T9894] hsr_slave_1: entered promiscuous mode [ 579.339544][ T9894] debugfs: 'hsr0' already exists in 'hsr' [ 579.339569][ T9894] Cannot create hsr debugfs directory [ 579.388408][ T932] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 579.388470][ T932] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 579.388495][ T932] usb 5-1: config 0 interface 0 has no altsetting 0 [ 579.390054][ T932] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 579.390108][ T932] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 579.390134][ T932] usb 5-1: config 0 interface 0 has no altsetting 0 [ 579.391645][ T932] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 579.391675][ T932] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 579.391689][ T932] usb 5-1: config 0 interface 0 has no altsetting 0 [ 579.392840][ T932] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 579.392891][ T932] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 579.392907][ T932] usb 5-1: config 0 interface 0 has no altsetting 0 [ 579.397475][ T932] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 579.397529][ T932] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 579.397544][ T932] usb 5-1: config 0 interface 0 has no altsetting 0 [ 579.398985][ T932] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 579.399019][ T932] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 579.399038][ T932] usb 5-1: config 0 interface 0 has no altsetting 0 [ 579.674064][ T932] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 579.674095][ T932] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 579.674113][ T932] usb 5-1: Product: syz [ 579.674126][ T932] usb 5-1: Manufacturer: syz [ 579.674138][ T932] usb 5-1: SerialNumber: syz [ 579.720624][ T932] usb 5-1: config 0 descriptor?? [ 579.811294][ T932] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 582.259549][ C0] usb 5-1: yurex_control_callback - control failed: -2 [ 582.693793][ T9779] usb 5-1: USB disconnect, device number 9 [ 582.696327][ T9779] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 583.053284][ T37] audit: type=1326 audit(1770584010.710:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10072 comm="syz.4.1098" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdb1169aeb9 code=0x0 [ 583.349227][ T9771] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 583.592093][T10084] binder: 10079:10084 ioctl 0 200000000040 returned -22 [ 586.241788][ T9771] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 586.354681][ T9771] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 586.819683][ T9771] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 587.917906][ T5875] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 587.958835][T10113] overlayfs: regular lower layers cannot follow data lower layers [ 588.067906][ T5875] usb 1-1: Using ep0 maxpacket: 16 [ 588.072049][ T5875] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 129, using maximum allowed: 30 [ 588.072080][ T5875] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 588.072093][ T5875] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 588.072105][ T5875] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 129 [ 588.072127][ T5875] usb 1-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00 [ 588.072139][ T5875] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 588.075129][ T5875] usb 1-1: config 0 descriptor?? [ 588.342317][T10120] netlink: 107460 bytes leftover after parsing attributes in process `syz.3.1110'. [ 588.391320][T10120] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1110'. [ 589.612585][ T5875] input: HID 0458:5013 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5013.0001/input/input5 [ 589.908226][ T5875] input: HID 0458:5013 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5013.0001/input/input6 [ 590.143369][ T5875] kye 0003:0458:5013.0001: input,hiddev0,hidraw0: USB HID vff.fa Device [HID 0458:5013] on usb-dummy_hcd.0-1/input0 [ 590.254685][ T5875] usb 1-1: USB disconnect, device number 10 [ 590.422498][T10133] fido_id[10133]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 590.998583][T10139] binder: 10130:10139 ioctl 0 200000000040 returned -22 [ 592.081603][ T5875] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 592.493408][ T5875] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 592.493475][ T5875] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 592.493531][ T5875] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 592.493583][ T5875] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 592.493698][ T5875] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 592.493752][ T5875] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 592.834332][ T5875] usb 1-1: config 0 descriptor?? [ 593.456392][ T5875] usbhid 1-1:0.0: can't add hid device: -71 [ 593.456468][ T5875] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 593.577579][ T5875] usb 1-1: USB disconnect, device number 11 [ 593.729922][ T4428] bridge_slave_1: left allmulticast mode [ 593.729951][ T4428] bridge_slave_1: left promiscuous mode [ 593.730199][ T4428] bridge0: port 2(bridge_slave_1) entered disabled state [ 593.760055][T10153] overlayfs: regular lower layers cannot follow data lower layers [ 593.821753][T10153] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 593.821771][T10153] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 593.821994][T10153] vhci_hcd vhci_hcd.0: Device attached [ 593.883971][ T4428] bridge_slave_0: left allmulticast mode [ 593.883993][ T4428] bridge_slave_0: left promiscuous mode [ 593.884169][ T4428] bridge0: port 1(bridge_slave_0) entered disabled state [ 593.937979][T10154] vhci_hcd: connection closed [ 593.940382][ T7567] vhci_hcd vhci_hcd.3: stop threads [ 593.940407][ T7567] vhci_hcd vhci_hcd.3: release socket [ 593.940444][ T7567] vhci_hcd vhci_hcd.3: disconnect device [ 594.729846][ T4428] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 595.085813][T10170] 9pnet_virtio: no channels available for device syz [ 595.697297][ T4428] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 596.609265][ T4428] bond0 (unregistering): Released all slaves [ 598.901128][ T9771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 599.010303][T10185] binder: BINDER_SET_CONTEXT_MGR already set [ 599.010320][T10185] binder: 10184:10185 ioctl 4018620d 200000000100 returned -16 [ 599.012294][T10185] binder: BINDER_SET_CONTEXT_MGR already set [ 599.012302][T10185] binder: 10184:10185 ioctl 4018620d 200000004a80 returned -16 [ 599.238226][ T4428] hsr_slave_0: left promiscuous mode [ 599.281293][ T4428] hsr_slave_1: left promiscuous mode [ 599.282241][ T4428] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 599.328457][ T4428] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 599.553091][T10193] overlayfs: regular lower layers cannot follow data lower layers [ 599.584786][T10193] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 599.584816][T10193] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 599.584880][T10193] vhci_hcd vhci_hcd.0: Device attached [ 599.639360][T10195] vhci_hcd: connection closed [ 599.641837][ T12] vhci_hcd vhci_hcd.3: stop threads [ 599.641863][ T12] vhci_hcd vhci_hcd.3: release socket [ 599.641899][ T12] vhci_hcd vhci_hcd.3: disconnect device [ 600.004171][ T5860] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 600.149981][ T5860] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 600.150013][ T5860] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 600.150036][ T5860] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 600.150057][ T5860] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 600.150094][ T5860] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 600.150115][ T5860] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 600.192305][ T5860] usb 1-1: config 0 descriptor?? [ 601.550434][ T4428] team0 (unregistering): Port device team_slave_1 removed [ 602.035317][T10219] 9pnet_virtio: no channels available for device syz [ 602.062843][T10219] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 602.205706][T10219] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 602.205841][T10219] overlayfs: failed to look up (tracing) for ino (-66) [ 602.684609][ T4428] team0 (unregistering): Port device team_slave_0 removed [ 603.903212][ T5860] usbhid 1-1:0.0: can't add hid device: -71 [ 603.904748][ T5860] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 603.920712][ T5860] usb 1-1: USB disconnect, device number 12 [ 604.103619][ T9771] 8021q: adding VLAN 0 to HW filter on device team0 [ 604.163867][T10236] overlayfs: regular lower layers cannot follow data lower layers [ 604.208854][T10236] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 604.208874][T10236] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 604.208942][T10236] vhci_hcd vhci_hcd.0: Device attached [ 604.282442][T10238] vhci_hcd: connection closed [ 604.298178][ T12] vhci_hcd vhci_hcd.3: stop threads [ 604.298195][ T12] vhci_hcd vhci_hcd.3: release socket [ 604.298217][ T12] vhci_hcd vhci_hcd.3: disconnect device [ 604.310421][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 604.310563][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 604.314587][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 604.314711][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 604.847857][ T932] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 605.010564][ T932] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 605.010593][ T932] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 605.010617][ T932] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 605.010629][ T932] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 605.107867][T10240] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 605.115122][ T932] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 605.433296][ T807] usb 1-1: USB disconnect, device number 13 [ 605.608183][ T932] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 605.780566][ T932] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 605.782028][ T932] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 605.782085][ T932] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 605.782113][ T932] usb 5-1: config 0 interface 0 has no altsetting 0 [ 605.783162][ T932] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 605.783215][ T932] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 605.783242][ T932] usb 5-1: config 0 interface 0 has no altsetting 0 [ 605.784314][ T932] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 605.784366][ T932] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 605.784393][ T932] usb 5-1: config 0 interface 0 has no altsetting 0 [ 605.786266][ T932] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 605.786318][ T932] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 605.786344][ T932] usb 5-1: config 0 interface 0 has no altsetting 0 [ 605.849224][ T932] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 605.849284][ T932] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 605.849310][ T932] usb 5-1: config 0 interface 0 has no altsetting 0 [ 605.850570][ T932] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 605.850622][ T932] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 605.850648][ T932] usb 5-1: config 0 interface 0 has no altsetting 0 [ 605.851845][ T932] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 605.852333][ T932] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 605.852361][ T932] usb 5-1: config 0 interface 0 has no altsetting 0 [ 605.853535][ T932] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 605.853583][ T932] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 605.853608][ T932] usb 5-1: config 0 interface 0 has no altsetting 0 [ 605.857524][ T932] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 605.857550][ T932] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 605.857569][ T932] usb 5-1: Product: syz [ 605.857583][ T932] usb 5-1: Manufacturer: syz [ 605.857596][ T932] usb 5-1: SerialNumber: syz [ 605.881337][ T932] usb 5-1: config 0 descriptor?? [ 605.909609][ T932] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 606.398567][ T5806] usb 5-1: USB disconnect, device number 10 [ 606.404213][ T5806] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 606.553241][ T9894] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 606.632001][ T9894] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 606.661925][ T9771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 606.662331][ T9894] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 606.732747][T10268] capability: warning: `syz.0.1150' uses deprecated v2 capabilities in a way that may be insecure [ 606.733995][ T9894] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 606.775070][T10268] overlayfs: upper fs does not support file handles, falling back to index=off. [ 606.775783][T10268] overlayfs: overlapping lowerdir path [ 607.377020][T10279] 9pnet_virtio: no channels available for device syz [ 608.717172][T10290] overlayfs: regular lower layers cannot follow data lower layers [ 609.141115][T10287] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 609.149561][T10287] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 609.153682][T10287] vhci_hcd vhci_hcd.0: Device attached [ 609.234218][T10292] vhci_hcd: connection closed [ 609.240536][ T4428] vhci_hcd vhci_hcd.3: stop threads [ 609.240617][ T4428] vhci_hcd vhci_hcd.3: release socket [ 609.240656][ T4428] vhci_hcd vhci_hcd.3: disconnect device [ 612.221509][ T9894] 8021q: adding VLAN 0 to HW filter on device bond0 [ 612.516900][ T9894] 8021q: adding VLAN 0 to HW filter on device team0 [ 612.532727][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 612.532803][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 612.542920][ T1484] bridge0: port 2(bridge_slave_1) entered blocking state [ 612.542996][ T1484] bridge0: port 2(bridge_slave_1) entered forwarding state [ 612.864663][ T9771] veth0_vlan: entered promiscuous mode [ 612.886076][T10303] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1156'. [ 613.960097][ T9894] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 614.181537][ T9894] veth0_vlan: entered promiscuous mode [ 614.410491][T10323] overlayfs: failed to resolve './file1/file0': -2 [ 614.501425][ T9894] veth1_vlan: entered promiscuous mode [ 614.685909][ T5800] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 614.725607][ T5800] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 614.729235][ T932] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 614.746172][ T5800] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 614.759409][ T5800] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 614.764891][ T5800] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 614.853406][T10335] overlayfs: regular lower layers cannot follow data lower layers [ 614.880191][ T932] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 614.880229][ T932] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 614.880267][ T932] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 614.880290][ T932] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 614.896315][T10324] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 615.028593][T10338] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 615.028620][T10338] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 615.028687][T10338] vhci_hcd vhci_hcd.0: Device attached [ 615.074480][ T932] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 615.258451][ T932] usb 4-1: USB disconnect, device number 7 [ 615.267268][T10339] vhci_hcd: connection closed [ 615.283167][ T1484] vhci_hcd vhci_hcd.0: stop threads [ 615.283195][ T1484] vhci_hcd vhci_hcd.0: release socket [ 615.283260][ T1484] vhci_hcd vhci_hcd.0: disconnect device [ 615.796128][T10317] udevd[10317]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 615.996657][ T9894] veth0_macvtap: entered promiscuous mode [ 616.020983][ T9894] veth1_macvtap: entered promiscuous mode [ 616.381889][T10349] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1166'. [ 616.812522][ T61] Bluetooth: hci2: command tx timeout [ 617.206563][ T9894] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 617.562143][ T9894] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 618.081258][ T6021] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 618.107065][ T6021] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 618.113078][ T6021] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 618.141901][ T6021] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 618.875291][T10332] chnl_net:caif_netlink_parms(): no params data found [ 618.888034][ T61] Bluetooth: hci2: command tx timeout [ 618.936617][T10377] overlayfs: regular lower layers cannot follow data lower layers [ 618.974195][T10377] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 618.974221][T10377] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 618.974296][T10377] vhci_hcd vhci_hcd.0: Device attached [ 619.049021][T10378] vhci_hcd: connection closed [ 619.050197][ T13] vhci_hcd vhci_hcd.3: stop threads [ 619.050218][ T13] vhci_hcd vhci_hcd.3: release socket [ 619.050255][ T13] vhci_hcd vhci_hcd.3: disconnect device [ 619.248432][ T12] bridge_slave_1: left allmulticast mode [ 619.248463][ T12] bridge_slave_1: left promiscuous mode [ 619.248712][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 619.340798][ T12] bridge_slave_0: left allmulticast mode [ 619.340828][ T12] bridge_slave_0: left promiscuous mode [ 619.341070][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 619.802538][T10384] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1176'. [ 621.000894][ T61] Bluetooth: hci2: command tx timeout [ 623.174635][ T61] Bluetooth: hci2: command tx timeout [ 623.228222][T10416] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1187'. [ 624.929070][ T5800] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 624.932821][ T5800] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 624.937386][ T5800] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 624.977673][ T5800] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 624.987258][ T5800] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 625.029554][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 625.149629][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 625.323254][ T12] bond0 (unregistering): Released all slaves [ 626.237759][ T37] audit: type=1326 audit(1770584053.890:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10448 comm="syz.4.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb1169aeb9 code=0x7ffc0000 [ 626.237812][ T37] audit: type=1326 audit(1770584053.890:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10448 comm="syz.4.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb1169aeb9 code=0x7ffc0000 [ 626.550022][T10332] bridge0: port 1(bridge_slave_0) entered blocking state [ 626.557206][T10332] bridge0: port 1(bridge_slave_0) entered disabled state [ 626.557458][T10332] bridge_slave_0: entered allmulticast mode [ 626.565597][T10332] bridge_slave_0: entered promiscuous mode [ 626.847947][T10332] bridge0: port 2(bridge_slave_1) entered blocking state [ 626.848062][T10332] bridge0: port 2(bridge_slave_1) entered disabled state [ 626.848290][T10332] bridge_slave_1: entered allmulticast mode [ 626.854896][T10332] bridge_slave_1: entered promiscuous mode [ 627.310692][ T61] Bluetooth: hci5: command tx timeout [ 627.458971][ T12] hsr_slave_0: left promiscuous mode [ 627.497855][ T12] hsr_slave_1: left promiscuous mode [ 627.498844][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 627.563284][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 627.692182][ T12] veth0_vlan: left promiscuous mode [ 629.605331][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.606871][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 629.793865][ T61] Bluetooth: hci5: command tx timeout [ 630.218242][T10486] 9pnet_virtio: no channels available for device syz [ 630.243675][T10486] overlayfs: overlapping lowerdir path [ 630.482441][T10487] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 630.482836][T10487] overlayfs: overlapping lowerdir path [ 631.687972][ T5949] ------------[ cut here ]------------ [ 631.687988][ T5949] faux_driver vkms: [drm] vblank wait timed out on crtc 0 [ 631.688008][ T5949] WARNING: drivers/gpu/drm/drm_vblank.c:1318 at drm_wait_one_vblank+0x3b5/0x5d0, CPU#1: kworker/1:6/5949 [ 631.688060][ T5949] Modules linked in: [ 631.688097][ T5949] CPU: 1 UID: 0 PID: 5949 Comm: kworker/1:6 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 631.688123][ T5949] Tainted: [L]=SOFTLOCKUP [ 631.688130][ T5949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 631.688142][ T5949] Workqueue: events drm_fb_helper_damage_work [ 631.688171][ T5949] RIP: 0010:drm_wait_one_vblank+0x5a2/0x5d0 [ 631.688194][ T5949] Code: 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ef e8 0f b0 df fc 4d 8b 7d 00 48 89 df 4c 89 e6 4c 89 fa 8b 4c 24 04 <67> 48 0f b9 3a e9 e3 fc ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f [ 631.688211][ T5949] RSP: 0018:ffffc900050d7860 EFLAGS: 00010246 [ 631.688227][ T5949] RAX: 1ffff110283ea800 RBX: ffffffff8f52a070 RCX: 0000000000000000 [ 631.688241][ T5949] RDX: ffffffff8b9eb1e0 RSI: ffffffff8ba06f40 RDI: ffffffff8f52a070 [ 631.688255][ T5949] RBP: ffffc900050d7948 R08: 0000000000000000 R09: 0000000000000000 [ 631.688268][ T5949] R10: dffffc0000000000 R11: fffffbfff1e8fcaf R12: ffffffff8ba06f40 [ 631.688282][ T5949] R13: ffff888141f54000 R14: 1ffff92000a1af10 R15: ffffffff8b9eb1e0 [ 631.688296][ T5949] FS: 0000000000000000(0000) GS:ffff8881266c9000(0000) knlGS:0000000000000000 [ 631.688311][ T5949] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 631.688325][ T5949] CR2: 0000555567c1a4e8 CR3: 0000000032432000 CR4: 00000000003526f0 [ 631.688341][ T5949] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 631.688353][ T5949] DR3: 000000000000000e DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 631.688365][ T5949] Call Trace: [ 631.688373][ T5949] [ 631.688391][ T5949] ? __pfx_drm_wait_one_vblank+0x10/0x10 [ 631.688416][ T5949] ? __pfx_autoremove_wake_function+0x10/0x10 [ 631.688439][ T5949] ? rt_spin_unlock+0x160/0x200 [ 631.688462][ T5949] ? drm_vblank_get+0x147/0x260 [ 631.688491][ T5949] drm_client_modeset_wait_for_vblank+0xc5/0xf0 [ 631.688516][ T5949] drm_fb_helper_damage_work+0x131/0x6f0 [ 631.688550][ T5949] ? __pfx_drm_fb_helper_damage_work+0x10/0x10 [ 631.688576][ T5949] ? lock_acquire+0x221/0x330 [ 631.688597][ T5949] ? process_scheduled_works+0xa0f/0x17a0 [ 631.688615][ T5949] ? process_scheduled_works+0xa0f/0x17a0 [ 631.688636][ T5949] process_scheduled_works+0xaec/0x17a0 [ 631.688686][ T5949] ? __pfx_process_scheduled_works+0x10/0x10 [ 631.688703][ T5949] ? do_raw_spin_lock+0x12b/0x2f0 [ 631.688730][ T5949] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 631.688753][ T5949] ? schedule+0x90/0x360 [ 631.688784][ T5949] worker_thread+0xda6/0x1360 [ 631.688830][ T5949] ? __kthread_parkme+0x19c/0x1f0 [ 631.688857][ T5949] kthread+0x726/0x8b0 [ 631.688882][ T5949] ? __pfx_worker_thread+0x10/0x10 [ 631.688900][ T5949] ? __pfx_kthread+0x10/0x10 [ 631.688919][ T5949] ? rt_spin_unlock+0x14f/0x200 [ 631.688941][ T5949] ? rt_spin_unlock+0x160/0x200 [ 631.688958][ T5949] ? __pfx_kthread+0x10/0x10 [ 631.688980][ T5949] ret_from_fork+0x51b/0xa40 [ 631.689003][ T5949] ? __pfx_ret_from_fork+0x10/0x10 [ 631.689020][ T5949] ? __switch_to+0xc82/0x1410 [ 631.689051][ T5949] ? __pfx_kthread+0x10/0x10 [ 631.689073][ T5949] ret_from_fork_asm+0x1a/0x30 [ 631.689116][ T5949] [ 631.689131][ T5949] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 631.689146][ T5949] CPU: 1 UID: 0 PID: 5949 Comm: kworker/1:6 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 631.689171][ T5949] Tainted: [L]=SOFTLOCKUP [ 631.689178][ T5949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 631.689189][ T5949] Workqueue: events drm_fb_helper_damage_work [ 631.689212][ T5949] Call Trace: [ 631.689220][ T5949] [ 631.689227][ T5949] vpanic+0x1e0/0x670 [ 631.689259][ T5949] panic+0xc5/0xd0 [ 631.689280][ T5949] ? __pfx_panic+0x10/0x10 [ 631.689312][ T5949] ? ret_from_fork_asm+0x1a/0x30 [ 631.689341][ T5949] __warn+0x315/0x4a0 [ 631.689362][ T5949] ? drm_wait_one_vblank+0x3b5/0x5d0 [ 631.689386][ T5949] ? drm_wait_one_vblank+0x3b5/0x5d0 [ 631.689410][ T5949] __report_bug+0x29a/0x540 [ 631.689440][ T5949] ? drm_wait_one_vblank+0x3b5/0x5d0 [ 631.689463][ T5949] ? __pfx___report_bug+0x10/0x10 [ 631.689505][ T5949] report_bug_entry+0x19a/0x290 [ 631.689527][ T5949] ? drm_wait_one_vblank+0x5a2/0x5d0 [ 631.689548][ T5949] ? drm_wait_one_vblank+0x5a7/0x5d0 [ 631.689569][ T5949] handle_bug+0xca/0x200 [ 631.689595][ T5949] exc_invalid_op+0x1a/0x50 [ 631.689619][ T5949] asm_exc_invalid_op+0x1a/0x20 [ 631.689637][ T5949] RIP: 0010:drm_wait_one_vblank+0x5a2/0x5d0 [ 631.689660][ T5949] Code: 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ef e8 0f b0 df fc 4d 8b 7d 00 48 89 df 4c 89 e6 4c 89 fa 8b 4c 24 04 <67> 48 0f b9 3a e9 e3 fc ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f [ 631.689676][ T5949] RSP: 0018:ffffc900050d7860 EFLAGS: 00010246 [ 631.689691][ T5949] RAX: 1ffff110283ea800 RBX: ffffffff8f52a070 RCX: 0000000000000000 [ 631.689705][ T5949] RDX: ffffffff8b9eb1e0 RSI: ffffffff8ba06f40 RDI: ffffffff8f52a070 [ 631.689719][ T5949] RBP: ffffc900050d7948 R08: 0000000000000000 R09: 0000000000000000 [ 631.689731][ T5949] R10: dffffc0000000000 R11: fffffbfff1e8fcaf R12: ffffffff8ba06f40 [ 631.689745][ T5949] R13: ffff888141f54000 R14: 1ffff92000a1af10 R15: ffffffff8b9eb1e0 [ 631.689782][ T5949] ? __pfx_drm_wait_one_vblank+0x10/0x10 [ 631.689838][ T5949] ? __pfx_autoremove_wake_function+0x10/0x10 [ 631.689861][ T5949] ? rt_spin_unlock+0x160/0x200 [ 631.689884][ T5949] ? drm_vblank_get+0x147/0x260 [ 631.689908][ T5949] drm_client_modeset_wait_for_vblank+0xc5/0xf0 [ 631.689933][ T5949] drm_fb_helper_damage_work+0x131/0x6f0 [ 631.689966][ T5949] ? __pfx_drm_fb_helper_damage_work+0x10/0x10 [ 631.689991][ T5949] ? lock_acquire+0x221/0x330 [ 631.690010][ T5949] ? process_scheduled_works+0xa0f/0x17a0 [ 631.690027][ T5949] ? process_scheduled_works+0xa0f/0x17a0 [ 631.690047][ T5949] process_scheduled_works+0xaec/0x17a0 [ 631.690095][ T5949] ? __pfx_process_scheduled_works+0x10/0x10 [ 631.690112][ T5949] ? do_raw_spin_lock+0x12b/0x2f0 [ 631.690140][ T5949] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 631.690163][ T5949] ? schedule+0x90/0x360 [ 631.690193][ T5949] worker_thread+0xda6/0x1360 [ 631.690230][ T5949] ? __kthread_parkme+0x19c/0x1f0 [ 631.690256][ T5949] kthread+0x726/0x8b0 [ 631.690281][ T5949] ? __pfx_worker_thread+0x10/0x10 [ 631.690300][ T5949] ? __pfx_kthread+0x10/0x10 [ 631.690318][ T5949] ? rt_spin_unlock+0x14f/0x200 [ 631.690342][ T5949] ? rt_spin_unlock+0x160/0x200 [ 631.690360][ T5949] ? __pfx_kthread+0x10/0x10 [ 631.690383][ T5949] ret_from_fork+0x51b/0xa40 [ 631.690405][ T5949] ? __pfx_ret_from_fork+0x10/0x10 [ 631.690423][ T5949] ? __switch_to+0xc82/0x1410 [ 631.690452][ T5949] ? __pfx_kthread+0x10/0x10 [ 631.690475][ T5949] ret_from_fork_asm+0x1a/0x30 [ 631.690514][ T5949] [ 631.690653][ T5949] Kernel Offset: disabled