last executing test programs: 9m11.244722384s ago: executing program 0 (id=9424): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000040)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r1, 0x1f4, 0x24, 0x0, &(0x7f0000000a80)="ff410800b083dcc1010b3efc88643acd3aaf0ae90021bd21762ae38f0000000000000053", 0x0, 0x2fe, 0x300, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0x4}, 0x50) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0xb4}}, 0x0) 9m11.068548755s ago: executing program 0 (id=9427): r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x200a4800) recvmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4135, 0x1027}], 0x1}, 0x42) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000a40)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a1d01000000"], 0xfc}}, 0x0) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xffffffffffffffba, &(0x7f0000000080)=[{&(0x7f0000000500)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00b17d10cc40a8894fb96648e582002c9644fb02faf23884372d474d8235b094550aff7f", 0x33fe0}], 0x1}, 0x8000) 9m10.928091636s ago: executing program 0 (id=9430): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x80}}, 0x0) 9m10.810544356s ago: executing program 0 (id=9432): socket$netlink(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000740)='./file0/file0\x00', 0x0, 0x28dc82, 0x0) socket(0x80000000000000a, 0x2, 0x0) umount2(&(0x7f0000000140)='./file0/../file0\x00', 0x8) 9m10.688785243s ago: executing program 0 (id=9433): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x5, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x3, 0xffffffff, 0x6361, 0x5, 0xffffffff, 0x3}, [@TCA_NETEM_JITTER64={0xc, 0xb, 0x100000001}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70b826, 0x25dfdc01, {0x0, 0x0, 0x0, r2, {0x0, 0xd}, {0xffff, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x6, 0x6691}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40040e0}, 0x2880) 9m9.979192007s ago: executing program 0 (id=9437): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000040)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r1, 0x1f4, 0x24, 0x0, &(0x7f0000000a80)="ff410800b083dcc1010b3efc88643acd3aaf0ae90021bd21762ae38f0000000000000053", 0x0, 0x2fe, 0x300, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0x4}, 0x50) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000100001000000000000dfff000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a0101000b00000000000001000000090002007379"], 0xb4}}, 0x0) 9m9.258224198s ago: executing program 32 (id=9437): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000040)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r1, 0x1f4, 0x24, 0x0, &(0x7f0000000a80)="ff410800b083dcc1010b3efc88643acd3aaf0ae90021bd21762ae38f0000000000000053", 0x0, 0x2fe, 0x300, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0x4}, 0x50) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000100001000000000000dfff000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a0101000b00000000000001000000090002007379"], 0xb4}}, 0x0) 1m56.755150719s ago: executing program 2 (id=12060): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r0, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000640)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c42200fd9232f5aa6a361816bf21afb8473a064f1988536d4b5888807b3aaafaf59f53121782a0a9370dc0feae13c8c2a1dcc8a3122aaa3dcd5b9247a915378e6492e5b94073dcdc87e7c794fb262a7e9ee0b9432f", 0xc6}], 0x1}}, {{0x0, 0x0, &(0x7f0000000500)=[{0x0}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000800)="cc5a4dbac0affd0a979c63ea8352d608a51fc8625318716ddf62b7752be4540c4ac7d344c53a3ad28313abc2437b60b03c0e587cafcf9a435bf90c618351f70a828238fdf90bc5d36c7d614b82552649954e0185662defd28f78449f073bad544f586136c5076a6f0f1b6fc9adf80557eb44db1b41824e9ef104c95e999766bbf27d74ad5d8fa63210cde65d384dd3e87c1fedaec3144d1ee66a0eb0750363e346cb930dae6109df6b9955bf8af119b5c9a86622af4ff8b5949fb90f8edbde416d046d61512fe4c453bb601a780e1bbc00dbedc5e50d3cd9bc920810eaefd5f9a171e9d32ab46b42e3e78c60087318bab42e94653cbdd600fba37c5a31d095500e91d02256f101e82447e34733220cdaaabc947f5b815080b5214c94a06fe96450ea42f48006c032b24d9e8d722841b7c7244b1d2cc012fcda1f7472fdbabb673ef862e32b359fad715b3f5cef6ef951abab80a4a0f5f8574395c5820fa25d07a119e23b39a87cb3b763fbfb0493121eec3e05eacbe7835e79e74881d1179013622a2a6421d51c974e6abd48a9882c8fcadbcee369346a9ad948fd5dd8f87496a30a9d888cdbcee8f3592dd69165358c4cd474639f", 0x1b5}], 0x1}}], 0x3, 0x2090) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 1m55.677218661s ago: executing program 2 (id=12063): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000772904202404019957c2010203010902240001000010000904430002317d5500090502020002020000090582020002"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000480)={0x2c, &(0x7f00000002c0)={0x40, 0x14, 0x4, "b4865713"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000980)={0x84, &(0x7f0000000e40)=ANY=[@ANYBLOB="00036c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f00000007c0)={0x2c, &(0x7f0000000680)={0x40, 0x7, 0x4, "292cc4ed"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) syz_usb_control_io$sierra_net(r0, 0x0, &(0x7f00000001c0)={0x1c, &(0x7f0000000340)={0x20, 0x9, 0x4, "fce890dc"}, 0x0, 0x0}) 1m52.543157385s ago: executing program 2 (id=12071): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x3, &(0x7f00000003c0)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x2, 0xb3, &(0x7f0000000140)=""/179, 0x41000, 0x7b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x38}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3fa7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r3 = syz_io_uring_setup(0x10f, &(0x7f00000000c0)={0x0, 0x1284, 0x80, 0x4, 0x304}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000040)=0xffefffdc, 0x0, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x10}, 0x94) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='>'], 0x38}, 0x1, 0x0, 0x0, 0x20000004}, 0x80) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r6, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x12, r6, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_ACCEPT={0xd, 0x8, 0x1, 0xffffffffffffffff, 0x0}) io_uring_register$IORING_REGISTER_FILES(r3, 0x2, &(0x7f00000002c0)=[0xffffffffffffffff], 0x57) io_uring_enter(r3, 0x3516, 0xc2de, 0x8, 0x0, 0x0) 1m52.18702648s ago: executing program 2 (id=12074): fsopen(&(0x7f0000000580)='overlay\x00', 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x20801, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa0f, 0xffffffff}, 0x0) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) r5 = accept4(r4, 0x0, 0x0, 0x0) recvmsg$qrtr(r5, 0x0, 0x0, 0x40) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r3, 0x3ba0, &(0x7f0000000200)={0x48}) creat(0x0, 0xecf86c37d53049cc) socketpair$unix(0x1, 0x3, 0x0, 0x0) r6 = socket$inet_smc(0x2b, 0x1, 0x0) r7 = syz_io_uring_setup(0x10d, &(0x7f0000000540)={0x0, 0xd4bb, 0x0, 0xfffffffd}, &(0x7f0000000380)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0x10000, 0x0, 0x4) syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x80800}) listen(r6, 0x5) io_uring_enter(r7, 0x3517, 0xc2de, 0x9, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 1m46.836735003s ago: executing program 2 (id=12089): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000019080)='net/dev_mcast\x00') pread64(r0, &(0x7f0000000080)=""/102356, 0x18fd4, 0xc2a) 1m46.349204061s ago: executing program 2 (id=12093): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x3, &(0x7f00000003c0)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x2, 0xb3, &(0x7f0000000140)=""/179, 0x41000, 0x7b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x38}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3fa7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r2 = syz_io_uring_setup(0x10f, &(0x7f00000000c0)={0x0, 0x1284, 0x80, 0x4, 0x304}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000040)=0xffefffdc, 0x0, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x10}, 0x94) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='>'], 0x38}, 0x1, 0x0, 0x0, 0x20000004}, 0x80) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x12, r5, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_ACCEPT={0xd, 0x8, 0x1, 0xffffffffffffffff, 0x0}) io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f00000002c0)=[0xffffffffffffffff], 0x57) io_uring_enter(r2, 0x3516, 0xc2de, 0x8, 0x0, 0x0) 1m30.79510338s ago: executing program 33 (id=12093): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x3, &(0x7f00000003c0)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x2, 0xb3, &(0x7f0000000140)=""/179, 0x41000, 0x7b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x38}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3fa7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r2 = syz_io_uring_setup(0x10f, &(0x7f00000000c0)={0x0, 0x1284, 0x80, 0x4, 0x304}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000040)=0xffefffdc, 0x0, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x10}, 0x94) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='>'], 0x38}, 0x1, 0x0, 0x0, 0x20000004}, 0x80) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x12, r5, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_ACCEPT={0xd, 0x8, 0x1, 0xffffffffffffffff, 0x0}) io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f00000002c0)=[0xffffffffffffffff], 0x57) io_uring_enter(r2, 0x3516, 0xc2de, 0x8, 0x0, 0x0) 39.889096737s ago: executing program 3 (id=12234): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) bind$isdn(r1, &(0x7f0000000100)={0x22, 0xd, 0x7f, 0xe, 0x97}, 0x6) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r4 = accept$alg(r3, 0x0, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) sendmsg$NL80211_CMD_GET_SURVEY(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, 0x0, 0x4, 0x70bd2b, 0x25dfdbfe, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x20600d0}, 0x20000054) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) r7 = socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080), 0x4) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x3, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x80000001}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r8}, 0xc) setsockopt$inet_mtu(r7, 0x0, 0xa, &(0x7f0000000000)=0x5, 0x4) bind$inet(r7, &(0x7f0000000080)={0x2, 0x5e21, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) sendmmsg$inet(r7, &(0x7f0000000440)=[{{&(0x7f0000000140)={0x2, 0x4e24, @multicast1}, 0x10, 0x0}}], 0x1, 0x44008004) write$binfmt_misc(r7, &(0x7f0000000300), 0xfdef) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000002980)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 37.529935153s ago: executing program 3 (id=12238): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000580)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="210f00000000000000002000000008000300", @ANYRES32=r1], 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x44000) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) 36.758842688s ago: executing program 3 (id=12241): prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_START_NAN(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x54, 0x0, 0x100, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r0}, @void}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x1}, @NL80211_ATTR_BANDS={0x8, 0xef, 0xc}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x1}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x1}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0xcd}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x4}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x2}]}, 0x54}, 0x1, 0x0, 0x0, 0x4004004}, 0x40) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000080)={@link_local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "b33883", 0x10, 0x3a, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @local, {[], @ndisc_ra={0xc0}}}}}}, 0x0) ioctl$BLKRASET(0xffffffffffffffff, 0x1262, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x63b5, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x6a, 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x4e23, @loopback}, 0x10) getsockopt$IP_VS_SO_GET_TIMEOUT(0xffffffffffffffff, 0x0, 0x486, &(0x7f0000000380), &(0x7f00000003c0)=0xc) file_setattr(0xffffffffffffffff, 0x0, 0x0, 0x7f, 0x100) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r2, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) accept4(r2, 0x0, 0x0, 0x0) 34.013414135s ago: executing program 3 (id=12245): openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0xc40, 0x0) r0 = openat$dsp1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX]) 33.058553908s ago: executing program 3 (id=12247): r0 = socket$can_bcm(0x1d, 0x2, 0x2) sendmsg$can_bcm(r0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000300)={@loopback, @multicast1}, &(0x7f00000003c0)=0xc) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) rseq(0x0, 0x0, 0x0, 0x0) quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r2, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) r3 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) close(r3) r4 = open(&(0x7f0000000000)='./file0\x00', 0x400, 0x1a1) fcntl$setlease(r4, 0x400, 0x1) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000340)={'#! ', './file0'}, 0xb) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 31.102671803s ago: executing program 3 (id=12248): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) pipe2(0x0, 0x0) write$P9_RGETLOCK(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0xffffff6a) pipe2(0x0, 0x800) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x6f6) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100000000000000000007000000140001800500020001000000080006001a"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x8) 19.844825925s ago: executing program 1 (id=12266): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4041080) sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x80dd) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f0000000280)="440f01c4d18300000000c4a1fd2b7900b8010000000f01c166400f3881660148b8facb0000000000000f23c00f21f835000001000f23f80f20073e0f21276726410f00568866baa10066b8f4ab66ef", 0x4f}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 19.52078219s ago: executing program 1 (id=12268): syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x48, 0x0, 0x8) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0xb, 0x8000000000000000, 0x6, 0xfa11, 0xffffffff}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) syz_usb_connect(0x0, 0x17e, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x2def, 0x0, 0x0, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x48100) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40001}, 0x4040850) socket$kcm(0xa, 0x922000000003, 0x11) r4 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0x5) ioctl$TCSETA(r4, 0x8925, &(0x7f0000000100)={0x2, 0x0, 0x1, 0x0, 0x13, "31f40000f7ece2f4"}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000380)=@delqdisc={0x434, 0x25, 0x100, 0x70bd29, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xd, 0xf}, {0xa, 0x7}, {0x0, 0x3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x408, 0x2, [@TCA_TBF_PTAB={0x404, 0x3, [0x3, 0xfffffff8, 0x4, 0x40, 0x2, 0x2, 0x5, 0x7fff, 0x4, 0x1, 0x8001, 0x1c8, 0x7, 0x0, 0x5, 0x0, 0x8, 0x9, 0x9, 0x9, 0xf5, 0x200, 0x6, 0x5, 0x6, 0xfff, 0x9, 0x1, 0x80, 0x10000, 0x5, 0x6, 0xff, 0x4, 0x6, 0x9, 0xe6c1, 0x2, 0x64, 0x6, 0x5, 0x71, 0x1f146d7e, 0x80000001, 0x89, 0xe9, 0x80000001, 0x2, 0xff, 0x8, 0xffff8dc2, 0x400, 0x0, 0x2, 0xffff, 0x10001, 0x3ff, 0x0, 0x8, 0xa000000, 0x0, 0x5, 0x8, 0x3, 0x4, 0x401, 0x5, 0x8, 0x4ad1, 0x1, 0x25ae, 0x1, 0xfff, 0x6, 0xe, 0xffffffff, 0x7, 0x5, 0x401, 0xfff, 0x8, 0xf, 0x0, 0x4, 0x626cfd3b, 0x0, 0x60df8662, 0x2, 0x5, 0x4, 0xc6, 0x8, 0x7, 0xfffffffa, 0x9, 0x4, 0x1, 0x3, 0x0, 0x7, 0x2, 0xffff8000, 0xe13, 0x8, 0x7, 0xc, 0xfdc5, 0x7ff, 0x4, 0xfffffff0, 0x1, 0x7fff, 0x40, 0x1, 0x1f1f, 0x3, 0x665195e5, 0x5, 0x7, 0x5, 0x8, 0x7, 0x4, 0x0, 0x101, 0x400, 0x2, 0x6, 0xd, 0x9, 0x7, 0xc5, 0x99, 0x0, 0x2e9, 0x4, 0x3, 0x401, 0xfffffffe, 0x7, 0x80000000, 0x8, 0x8000, 0x4, 0x37, 0x4, 0x9, 0x2, 0x2, 0x3, 0x6, 0x1, 0x690c, 0x368d, 0x9, 0x2, 0xe, 0x8, 0x8, 0x5597, 0x3, 0x4, 0x7fff, 0x62, 0xfffeffff, 0x5, 0x0, 0x7fffffff, 0x9, 0x9, 0x2, 0x100, 0x6, 0x101, 0x5, 0x2, 0x3, 0x4, 0xfc8d, 0x8, 0x3ff, 0x3, 0xaeb3, 0x3, 0x5, 0x9, 0xfc, 0x8000, 0xffffffff, 0x7, 0x20000, 0x4, 0x2, 0x9f85, 0x65, 0x85, 0x0, 0x2, 0x4, 0x3, 0x7, 0xd92, 0x40, 0xfff, 0xe1, 0x8, 0x10001, 0x5, 0x9, 0x1, 0x1000, 0x9, 0x36ae765e, 0x401, 0x9, 0x200000, 0x3, 0x4, 0x5, 0x0, 0x89, 0x5, 0x80000000, 0x9c4, 0x1, 0x41632842, 0x6, 0x10, 0x2, 0x8001, 0x5, 0x100, 0x8, 0x9, 0xfe64, 0xd, 0x1c2, 0x2, 0x6, 0x2, 0x80000001, 0xa, 0x6, 0xfffffffc, 0x5, 0x3, 0x7f, 0x8001, 0x5, 0x3, 0x6, 0x8001, 0x10001, 0x5, 0xb, 0x7]}]}}]}, 0x434}, 0x1, 0x0, 0x0, 0x40000}, 0x8010) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) syz_usbip_server_init(0x1) syz_usbip_server_init(0x2) 19.497027552s ago: executing program 5 (id=12269): io_setup(0x222, &(0x7f0000000180)) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000001740)=ANY=[@ANYRES16=0x0, @ANYRES64=0x0, @ANYRES16, @ANYRES8], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x3, &(0x7f0000000540)=ANY=[], &(0x7f0000000280)='GPL\x00', 0xc, 0xb9, &(0x7f0000000140)=""/185, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_emit_vhci(0x0, 0x0) getpid() waitid(0x300, 0x0, 0xffffffffffffffff, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r2, &(0x7f00000009c0)={0x2, 0x4e24, @loopback}, 0x10) writev(r2, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1) 16.532734228s ago: executing program 6 (id=12272): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000580)=ANY=[@ANYRES16=r1, @ANYBLOB="210f00000000000000002000000008000300", @ANYRES32=r2], 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x44000) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) 14.96501515s ago: executing program 6 (id=12275): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x44) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f00000005c0)='cgroup.max.descendants\x00', 0x2, 0x0) write$cgroup_int(r4, &(0x7f0000000300)=0x4, 0x12) io_getevents(0x0, 0x6, 0x0, &(0x7f00000003c0), &(0x7f0000000040)) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0x3, &(0x7f0000000480)=@framed, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000140)={@map=0x1, r5, 0x2f, 0x8, 0xffffffffffffffff, @void, @value=0x0}, 0x20) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000140)={@fallback, 0xffffffffffffffff, 0x7}, 0x20) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x40) 13.429127357s ago: executing program 6 (id=12276): r0 = socket$can_bcm(0x1d, 0x2, 0x2) sendmsg$can_bcm(r0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000300)={@loopback, @multicast1}, &(0x7f00000003c0)=0xc) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) rseq(0x0, 0x0, 0x0, 0x0) quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r2, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) r3 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) close(r3) open(&(0x7f0000000000)='./file0\x00', 0x400, 0x1a1) r4 = memfd_create(&(0x7f0000000180)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xecz\xabq\x95t*T9\xa9\b X \x04\"\x17\xbf\xcb\xccF\xda\xcf\xdd^\xa0\x15\xc0\xcb^h>\x1b\xb5d\xc7\x7f0\x9a&\xb0\x12#\x9c`\xa6\xed\x05\x95g\a\xccYb\xaf\xe9\xb6G?\x9f\xf5\xfe\xc1\xc0JJ\xc8\xd9d\x80\x13\x8fX\xb4\x19\xc4\\\xcb\x89-)\x90\x01\v\xac^\xdbBQ|\xaej;\x92\\\xf8u\x19Y\xee\x99EI\xf1t\xadn<\x9b\xc9\x87\xd0\xa7\x1a\x81\xb9\xc87sq\xd7\x15\xd6\x91O\x9c\x99!9>\xff\xa8\xfa\xe6=d\xcf\xca\xa9\xc61!\xc6P\x13\xd0\x88gZ\xbe\xdfl\xfa\xff\xb0m;d07tx\xbb\xabd\xe5\x16\xc4\xae\xf0', 0x0) write$binfmt_script(r4, &(0x7f0000000340)={'#! ', './file0'}, 0xb) execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 12.330571387s ago: executing program 1 (id=12277): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000006080)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2) ftruncate(r2, 0x80079a0) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r2, 0x0) 11.111925504s ago: executing program 5 (id=12278): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001bc0)=ANY=[@ANYBLOB], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000140), &(0x7f00000002c0)=""/4095}, 0x20) 10.613049373s ago: executing program 5 (id=12279): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000040000000c"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000a76e089b0000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0}, &(0x7f0000000300), &(0x7f0000000340)=r1}, 0x20) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 10.453499216s ago: executing program 6 (id=12280): r0 = syz_open_dev$dri(&(0x7f00000002c0), 0x1, 0x2100) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000300)={0x0}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000200)={0x0, r1, r2, 0x0, 0x80000003, 0x80000003, 0x7, 0x0, 0x7, 0x8, 0x60be988f, 0x31e}) 10.369083058s ago: executing program 4 (id=12281): bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) mkdirat(0xffffffffffffff9c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) munmap(&(0x7f0000ff3000/0xb000)=nil, 0xb000) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff0000/0xd000)=nil, &(0x7f0000ff3000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5416, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) set_mempolicy(0x4005, &(0x7f0000000080)=0x3, 0x2) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) 10.320476441s ago: executing program 5 (id=12282): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="54000000090601020000000000000000020000000900020073797a310000000005000100070000002c0007801800018014000240fe80000000000000000000007649ec6106000440000400000500070006"], 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) 10.088245002s ago: executing program 6 (id=12283): r0 = socket$kcm(0x29, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r4 = io_uring_setup(0x3450, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000002c0), 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef42d430f6296b72a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed40000000022278d00031e5388ee5c867ddd58211d6ece3ccb0cd2b6d3cffd962867a3a2f624f992daa94a6a556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409e011f1264d43f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7000026a4e739c60f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf3f704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eedd9068ca1457870eb30d219e23ccc8e06dddeb61799257ab5000013c86ba99523d61a00000000c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb8629aeec90e6d1857da822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae200f279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f34a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be10ba7dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2db484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b00ffffff7f000000000801f71d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cf0d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67856ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e2b8e7370baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b09000000d31df213c802d74797056fd3bca8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221fff0f0000705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f14fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008f3a20b49fe7636806867283e35cff8d00e7b251bab3cf6377a24f8e8d4bda7503674bc94bf7f4d2fa6f25944bf0a186436d9f6831995976328a1fdc78492c65c1434855dc35c3cf7cf9610c5387794443c99b304799114132362849c3fa85d6379729ff9094933db0cfbe8887c50b87e1469fdf454cef4cbc5f7bf384000000000000a4e8c1a25f47c440144a9776be6cb40aafdb9d3cc8f6a6050974e1c4000000000000008b753f4e1bef9556efcc087a99dbf231167013a4b2eaf6338a0b100c98a331dffc09"], &(0x7f0000000140)='GPL\x00'}, 0x48) r6 = socket$kcm(0x2, 0x1, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000040)={r6, r5}) sendmsg$kcm(r0, &(0x7f0000002080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f0000000880)="1a", 0x100000}], 0x1}, 0x0) 8.99837339s ago: executing program 5 (id=12284): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000580)=ANY=[@ANYRES16=r1, @ANYBLOB="210f00000000000000002000000008000300", @ANYRES32=r2], 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x44000) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) 8.9176665s ago: executing program 4 (id=12285): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x44) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f00000005c0)='cgroup.max.descendants\x00', 0x2, 0x0) write$cgroup_int(r4, &(0x7f0000000300)=0x4, 0x12) io_getevents(0x0, 0x6, 0x0, &(0x7f00000003c0), &(0x7f0000000040)) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0x3, &(0x7f0000000480)=@framed, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000140)={@map=0x1, r5, 0x2f, 0x8, 0xffffffffffffffff, @void, @value=0x0}, 0x20) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000140)={@fallback, 0xffffffffffffffff, 0x7}, 0x20) socket$inet6_mptcp(0xa, 0x1, 0x106) 8.878589026s ago: executing program 5 (id=12286): syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x48, 0x0, 0x8) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0xb, 0x8000000000000000, 0x6, 0xfa11, 0xffffffff}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) syz_usb_connect(0x0, 0x17e, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x2def, 0x0, 0x0, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x48100) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40001}, 0x4040850) socket$kcm(0xa, 0x922000000003, 0x11) r4 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0x5) ioctl$TCSETA(r4, 0x8925, &(0x7f0000000100)={0x2, 0x0, 0x1, 0x0, 0x13, "31f40000f7ece2f4"}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000380)=@delqdisc={0x434, 0x25, 0x100, 0x70bd29, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xd, 0xf}, {0xa, 0x7}, {0x0, 0x3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x408, 0x2, [@TCA_TBF_PTAB={0x404, 0x3, [0x3, 0xfffffff8, 0x4, 0x40, 0x2, 0x2, 0x5, 0x7fff, 0x4, 0x1, 0x8001, 0x1c8, 0x7, 0x0, 0x5, 0x0, 0x8, 0x9, 0x9, 0x9, 0xf5, 0x200, 0x6, 0x5, 0x6, 0xfff, 0x9, 0x1, 0x80, 0x10000, 0x5, 0x6, 0xff, 0x4, 0x6, 0x9, 0xe6c1, 0x2, 0x64, 0x6, 0x5, 0x71, 0x1f146d7e, 0x80000001, 0x89, 0xe9, 0x80000001, 0x2, 0xff, 0x8, 0xffff8dc2, 0x400, 0x0, 0x2, 0xffff, 0x10001, 0x3ff, 0x0, 0x8, 0xa000000, 0x0, 0x5, 0x8, 0x3, 0x4, 0x401, 0x5, 0x8, 0x4ad1, 0x1, 0x25ae, 0x1, 0xfff, 0x6, 0xe, 0xffffffff, 0x7, 0x5, 0x401, 0xfff, 0x8, 0xf, 0x0, 0x4, 0x626cfd3b, 0x0, 0x60df8662, 0x2, 0x5, 0x4, 0xc6, 0x8, 0x7, 0xfffffffa, 0x9, 0x4, 0x1, 0x3, 0x0, 0x7, 0x2, 0xffff8000, 0xe13, 0x8, 0x7, 0xc, 0xfdc5, 0x7ff, 0x4, 0xfffffff0, 0x1, 0x7fff, 0x40, 0x1, 0x1f1f, 0x3, 0x665195e5, 0x5, 0x7, 0x5, 0x8, 0x7, 0x4, 0x0, 0x101, 0x400, 0x2, 0x6, 0xd, 0x9, 0x7, 0xc5, 0x99, 0x0, 0x2e9, 0x4, 0x3, 0x401, 0xfffffffe, 0x7, 0x80000000, 0x8, 0x8000, 0x4, 0x37, 0x4, 0x9, 0x2, 0x2, 0x3, 0x6, 0x1, 0x690c, 0x368d, 0x9, 0x2, 0xe, 0x8, 0x8, 0x5597, 0x3, 0x4, 0x7fff, 0x62, 0xfffeffff, 0x5, 0x0, 0x7fffffff, 0x9, 0x9, 0x2, 0x100, 0x6, 0x101, 0x5, 0x2, 0x3, 0x4, 0xfc8d, 0x8, 0x3ff, 0x3, 0xaeb3, 0x3, 0x5, 0x9, 0xfc, 0x8000, 0xffffffff, 0x7, 0x20000, 0x4, 0x2, 0x9f85, 0x65, 0x85, 0x0, 0x2, 0x4, 0x3, 0x7, 0xd92, 0x40, 0xfff, 0xe1, 0x8, 0x10001, 0x5, 0x9, 0x1, 0x1000, 0x9, 0x36ae765e, 0x401, 0x9, 0x200000, 0x3, 0x4, 0x5, 0x0, 0x89, 0x5, 0x80000000, 0x9c4, 0x1, 0x41632842, 0x6, 0x10, 0x2, 0x8001, 0x5, 0x100, 0x8, 0x9, 0xfe64, 0xd, 0x1c2, 0x2, 0x6, 0x2, 0x80000001, 0xa, 0x6, 0xfffffffc, 0x5, 0x3, 0x7f, 0x8001, 0x5, 0x3, 0x6, 0x8001, 0x10001, 0x5, 0xb, 0x7]}]}}]}, 0x434}, 0x1, 0x0, 0x0, 0x40000}, 0x8010) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) syz_usbip_server_init(0x1) syz_usbip_server_init(0x2) 7.717631413s ago: executing program 6 (id=12287): io_setup(0x222, &(0x7f0000000180)) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000001740)=ANY=[@ANYRES16=0x0, @ANYRES64=0x0, @ANYRES16, @ANYRES8], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x3, &(0x7f0000000540)=ANY=[], &(0x7f0000000280)='GPL\x00', 0xc, 0xb9, &(0x7f0000000140)=""/185, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_emit_vhci(0x0, 0x0) getpid() waitid(0x300, 0x0, 0xffffffffffffffff, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r2, &(0x7f00000009c0)={0x2, 0x4e24, @loopback}, 0x10) writev(r2, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1) 5.884491188s ago: executing program 1 (id=12288): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x4, 0x400}, 0x0, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0cc5605, &(0x7f0000000140)={0x3, @win={{0x3, 0x6, 0x9, 0x5}, 0x1, 0x3, &(0x7f0000000100)={{0x2, 0x3c, 0x8000, 0x1}, &(0x7f0000000280)={{0xffffffff, 0xfffffff8, 0x1}, &(0x7f0000000000)={{0x2, 0x2, 0x4, 0x4}}}}, 0x1, &(0x7f0000000840)="d01b933b50b431242f6b09e5fa4021f60b10260ad61d4cea9eec2ca978c2234ca27ae8c2ed85258fa6d76152da656c549d9055a37902adc78f5ef65d64cf7403349ade21274402b4813f53929fef3ab98df411fe2b4c9c6dbcf9bda0c9a4c6b0b345974bfd6de0b55323853ea49188fbe93efdefc2d62da610bcff5fb707c91a76eb2db2e76a3deec094a57adea21dd9df8b8821d88612da2ae1b4dc1d6ee6473045fff121fe24388c030e5c3312d151bc30f52be9307c346cf15dc3fc4f3e963042490d6c585adbacc2271ed53611e6f3aeb26f9d33a770ee8285338ded8984922918a5cd394abb85e0e3a2952038cdaae3cde5d8b1a064f93cb7accdff679df33633cdc38e205e3a3008860d65e620dec27d23f42176a24d175cf794897b9593c5166d9a1bfb65f020953a0653a84eaff8b5a59a717ace72a0bf09d0b98f2832132d4bec0216729969799a1ebbb63a15ff56c19e73933ade58cf359840d73afe199ca073e1578257fac7da9aadcf0dcf11b46d53a6da8712bd49f00ef45d9ea39a33787fd5dfb973ee90c00c9d55d3263472f4fbf9806101602d7394edac9f93a8f7527f22ec44983618ea743e51592080f81612b1eac29b44f6a82b6ebda1752ca80c0cfc97c38932786b79432737bd8b2f35d41d36019c99f4351d37b068b7618b024cf48e5e172e7f364ab3a8818762fd24635c60791b544484e26e37a34658a2ab1646e544488c8712257174d742550dc3f4fe52c8f546448e046f0517f3a1fd868c289dfca2f4e2f3685c1cba316ce27b1b562dfee3ea34772e7c772e4ebf6522c5e518937c2cc1b9f7602f250dbb0ca72770ab4a89181539d93aa68755a93aa675d098c2a6e73dc975b936e34b242473bebfcbf56e83a3409cbdfa7188b7d4a2f37836815f740f23567b49fa2ff93dac7a2d9d6f176a4cf58f80a1896d04559a38fdad02a154f2cc62cfa63994a5a7239f1c90a93e56d7e28e3aee059fb8ccf684f2663de521829a39b369a7df731c6ae339a2a88088922f72425e9d23ea3e17a0120bf6964214d3d83b118ff4408263895fceb940cc0a9da530fad9c787531e228795ed7d2ab17897b3bff4d33c838cdb937a5235a64f83616407a4198c62791b4edafe8b1c651ac51656f8c6a5109ab934988b7f28276fe1f2e1aee44a11afb56611b2dfc68cc997664922121ca43dd3654912d033d98eb95efe235b4089cf3547cee67b919f229ebf5a8449d3cd2ec8ec72e5da02dfd253f14fcaa96191be8eba24bc1603beaa93450ba9693d5c6e136e47a8211e7edfdde5a37c0d5c4429ae90a037d891056ab046bab788c3c5f40ecb388c5a708a8a0d3a09a55330461a04f69ee8a40631718f5d48bd1753251f9c5e7a79fa2e12918f96520d4112eb9c40c2f2159610489ecdc81684d195de3a1020730d56c3b5a9c084dba538eb92028676a467ef58b67edbf7891b59bf9e65cf0d49313274d2dce6545535207b48908873570384ad11c8c7899bc53049c137965250769880518351757e0d5951a75d8e4892afbaff5f72238a746810e16e740c16e02d06234b6e38cf098f7ab4c8bb83b9a9929e5846ffff2d36407969047dce8710c32dbf20a392a4d74d2546595a5666e915dabcf6472f6fab81368bddad15bbb808a64a7aec260b735a69cf6022542c02c3d5e2d875400d0ab13819036b9a5adb2950edcbdea557cd1061c36a3bc5a68edf73983a0044431e55c977a304d9d0eb0c6c4846cd2f8aced174ebf61998d2e0daee0a52680cd99181067ebf66c9dd310a80e305d81e6f51838927301638be2215614990187867bd6f4ae00e311e171fe2bec73a44b9c9fc29d326b52258364b2e52b50f0c9050fc34a83ce52bca2a1bd78b17dd830b2626beaf6e606149a248e6b9ad5329be6305724edcb531bd5d01d27cc49c04a21d633bef63ff91fba1035d57b89ce222f8c3ddcbfe40a44efe0bdf38eedca76307d14fcddce220cca9869be093d9e5bae89d9ef336e0128eeff2683e012bd839101d8fcb473b9214276d97ce321412536f2d85770d0c34879e3fd2f7ae7091d43f3066f2c1e939b3684156bbef0f6a9e00db16e32ef13327378c68e1526a8df1930ec7b65b3631bffe8c01102af2d9123b33380ed1590988df7a01f86cea2f4db0569fde4ba86ef76a140a9c854db61ed926da474f1b3ee2714b7c85ebd39d53820c10a090fa1228bdffc4e8ef39caa20287137cf9455281d2b0465d65469ea3e25e3e4794d825eebc3fb2e8d4b5aa4b21aaf8548ea87182bdaf9faa6e5614ae9a083e5ee0df3ca761c5f12b324378fb2c39bdfb8dc9cf9e44d236d229948237772de458148ec817a6028f8d49b7a331ffcc01998f1379721c201f1b32162b5b38f5f7f09b946f5a219fac689d744e63ae782e7039bb47a8f45474bb1aa14ce25dffa83a3fc990ed3130de2a3dad70be0a7faacff63fb8c0c32c6f15db93a20e754d015c3d884899104d6624d89a99fc9c14445394094bed7706334c8b1718e486959c076ff3ae368ba350e4d1e12b3c57618eb9e1b742c8d29464f76763f30debea879db28be1e57050be15c0eb18e171d7d6884495d4e313ca6b0c2ebd685471d3fcfe7313dd2461ad9e50afcd5378346464bd06faa20320c7bf95edacd41a9da5341f85a5e030a4d211e83b87ce7b6b0a531e6c12fe53c74483b86577fd41f8550de3b0b02106ea7325ebe13525d333acd6213e3f59f3337d8ea76acdc3c957bd7c6ff9f05d1cbb02d9cc6f5cd58f61ab43d4a5cc51cd5cf41b7005a2166cc6e9689270cbb6e9ac52ab2c57fcc444a63acaa67be3188ff81068cd06e51177905a4d86b2160b61475f0c02efc04d8aab1440383d4f17388b798b6850b1d4a91a2bdf8b8f261d725b0fd566609e6b88120b0caa14a47b4c755d9afe5563b66a6dbd5350a31b6aab0a284f5407d101f3e802cdb68ee5b21871d932117f4eddabef398e32be7654d36f15da96ff08d0a488aae2cd587d9cbc9f63a60a3bdf1a04ced442b06574f10c172a6345e3a3cbae4077ec833bc487517b2158fdbcd8da50887caae4197f3abb538b2c73f1301900c90bd207280232f4b630d08a3280d8083171f46afa632e1632e665625c1519e4744f120a186b731acc5aad4823830a6f979f0924b3e174b3924d1f4db47d9d43a684e4f65b406afbbce224d4c1da343c728a93de3544fbbe91889eb185aa16104391f3dc992b892781667a3e191a1c8680a304dccdadaa38d737e228dc9e148222489c1946d6ce11c7cfcbf008ad80c887ba454c73a591ac7c5488d8acc522c0ea178d4a8f5bdc2ed77a3e2be7a9df7741ea5f0a3fd77fc366d7fd0aab194a79c0338c223b0963ccdaa36266ad17ed563a24b151c106b3275fef4877ec661b72665d8d2467a83dc3a17c22cba8d6b0b798c8149f0f1ca9f8a13a3718e9d4ba4c285f04ee79ed624e85bf985b305a848bd3c50a451a062793a155817f5885f80d6c962ffa649c664fddf27b530f312fb689a86f98b0f89c18eddd43e8cff2ff7679eabd7637b2353bf7150685c5b2bf9598b36795a77d46546ee1cd050ae7ae67e948acd11e8e372f3c202f087e48746ecdc001edcdf748442a5a33ea9aeea97d31c377a9a81e7a072df3a8e7caf30bda6b8bda0ce4fdc07b6472fc23edccf226035261c1308b348abde4218fbdbd3db21b379d3f619bbd238de47c2deb34338b8c82239c5a560f0a3df1404dbb7fc365a59fbf1b48587cbedcb009c30418a0ff6147cfc6f63c532985faee9ddba2d18930baad313fd25348ecf1d02a9caaca99b9667fa385c2351ad1d34bb766c680a985b691c264cec0d2646055976400ff0c35b69362c2b6c2c7f7475fbc5f738ac7e2ae46946f56a97e7a41375ff6dbe0702e762caa5c384a173945daffc1aa4387f224cfd6f5716e89c72389f8b5dfb288a16bba9098d972fd843e6cff86e3efe0d9ddb3a6354da46a15a1838c1d972ce8bde0cb19594011149fd8a3576da55e411c3be82b8b1cd10c544c405c656836b15e5081364c4ef87c5d8947bdfd210965b1963197052b4ac6135b96a63ad3cd81430e13376beac33f8a0822954808bab42f905ef04a058fe7411f1a1deccf01e6ad41b906f2176a448da7a0117085e127baa793426b88e9cf7d0dd29a63fd63bba1bd043d8c1b002bc22a1cb7d47c220b841870be7b04859bf2cfdef7d0b13f40dd11d8ccccc89b9a75c6c703af51563931e708556976de22b73fbf4c237ae5f02470d3ae3dad1a4bfb9c0ce036a792783842153bc70531ec52715ec4d37bf66be7f71349c457c0f4485f7fb9533a6a864eabb0d596bf6d135206bec4857ef15b7608d817439c9c825c91f593be4d4eb5912d787b12f558fff1e2c172496c1bd72cdab11fddc158c8225ad2060f25fece64c6e528b393a3675d2b8f52a4ac89f2ad5d6850263c5b86e6436314eeae429b4145fce02eb32fee9abef2bd84f285eb78a639070ec40cbcdae907e410f7aa6d71884e9e03b292ceb68aca8dde63abe47a1c68c3ce9f12a6b49e9d8f58a1af7ef33ffd66d84a3e8e0f3e5708eb0808ae8ea7b5cb158b0ec38d331d99769416e5e09c2d21254986774b7e89cc1c4f51b88000adfe91bd9f631da5dd9aeef40416aad1a1128091f5063ccbc7a98b00414bdeb7e69afdfc2002bf9d28c58a53257b2178ba7818852924549ef6e3ba5246a03ce20e738c5987645bb2c21d380f46d30abd9d486eec1a16c494f0eb6e9ebd7c2bbed8d4b45c0d9245cce1821c8cf40efcfbb1a6914c4a1fecab5388e5c1ad9f391f567d01259128a6ca2b1535948c62d060039d9dcba6702869d081ac1a97ff7c0d5f552140c7cec63d156063e233a22760d1c523e0d161091b466d4d46a809bdf3be9bedfc2ef057fe48c8aee8c85d7babb36eef186526024a45d7632522f38d077668519c89c99632d49f10a6bc373eec97ffd1a57250e3a7500969787ac42799a220398f8d141eeb8ffa51fe760c60144318867b8c1c70f040419752afa5d4af0f2e2d80bcb83058839b26ae0cc6644f76619f839812d29e94f977ca94028dfa458640b3209eeb1ba1a635118c7887443778e96a7c3ea41bffe6981e006a43de6bdbf5883816b3d17526930017f5bf41fa9fdae5485f03a391b5fe13f7db060f4576fe5140927f6b65a6c24f47fc4beaf5ed3d6f39e32e648fb09427f0036ba87846393a4d03021dfc8ecefbd0292df489714b793fb9b187af5ecc7fba607dd880af877ca9f3bcdb2156924b150dcfa31c712f90638c1be750ec7437da76bae4fbd9aa4a9f4c69665f3386a5c164388ae7a51b818a248789f05892959234de78f3a6c4de614d3aea8c600113e5ec4c7637a6d2cc5e449ee8786e5dfde3f128c9d711b8992140bb0e7f99e347d1a3e4d116e8786c0fccf788606fa32e5d9a6d191b8becad472646ef380b8d8daf749fbb1b6bd0c62a6b1d74e7bef587ca0c783442c93588cd99e482b5edda9d34ab3ce4f0ec6ceb8f74e27a7a0126d54cf5ada5dcf89cfae808fd2b691b09238e1954c0875dfb27769530764f20f809ef84de5a5e8146c4d39496f182c7c0dafafbc109f0", 0x2}}) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x15, 0x10, &(0x7f0000000040)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffff5}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000240)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, @sk_reuseport=0x28, 0x0, 0x8300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 2.654362217s ago: executing program 1 (id=12289): r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r0, 0x106, 0x1, 0x0, &(0x7f0000000080)) 2.245035161s ago: executing program 1 (id=12290): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000040)='notify_on_release\x00', 0x2, 0x0) sendfile(r3, r3, 0x0, 0x40000002) r4 = fsopen(&(0x7f0000000040)='afs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f00000001c0)='source', 0x0, 0x0) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x40000) close(0x3) ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000180)=0x6f) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$SNDCTL_DSP_SPEED(r5, 0xc0045002, &(0x7f00000001c0)=0x2) read$FUSE(r5, &(0x7f00000063c0)={0x2020}, 0x2020) 1.94710127s ago: executing program 4 (id=12291): syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC=r0, @ANYRES8, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) unshare(0x24020400) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, 0x0, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) 560.488585ms ago: executing program 4 (id=12292): r0 = syz_open_dev$dri(&(0x7f00000002c0), 0x1, 0x2100) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000300)={0x0}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000200)={0x0, r1, r2, 0x0, 0x80000003, 0x80000003, 0x7, 0x0, 0x7, 0x8, 0x60be988f, 0x31e}) 283.907399ms ago: executing program 4 (id=12293): bind$inet6(0xffffffffffffffff, &(0x7f0000000500)={0xa, 0x4e20, 0xffffffff, @empty, 0x4}, 0x1c) syz_emit_ethernet(0x42, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, 0x0, 0x40814) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB], 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000000a0601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070088000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90) 0s ago: executing program 4 (id=12294): bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) mkdirat(0xffffffffffffff9c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) munmap(&(0x7f0000ff3000/0xb000)=nil, 0xb000) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff0000/0xd000)=nil, &(0x7f0000ff3000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5416, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) set_mempolicy(0x4005, &(0x7f0000000080)=0x3, 0x2) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4000080}, 0xc010) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): ew USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 1225.557237][T23056] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1225.557260][T23056] usb 2-1: Product: syz [ 1225.557277][T23056] usb 2-1: Manufacturer: syz [ 1225.557293][T23056] usb 2-1: SerialNumber: syz [ 1225.624049][T23056] usb 2-1: config 0 descriptor?? [ 1225.626674][T29111] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1225.843170][T29111] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1225.890479][ T809] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 1226.042103][ T809] usb 5-1: Using ep0 maxpacket: 16 [ 1226.049059][ T809] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1226.049097][ T809] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1226.049123][ T809] usb 5-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 1226.049154][ T809] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1226.049191][ T809] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 1226.049216][ T809] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1226.062308][ T809] usb 5-1: config 0 descriptor?? [ 1226.461060][T29121] netlink: 180 bytes leftover after parsing attributes in process `syz.2.9462'. [ 1226.509151][T29115] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1226.526096][T29115] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1226.571949][ T809] hid (null): unknown global tag 0xe [ 1226.574053][ T809] hid (null): unknown global tag 0xd [ 1226.574077][ T809] hid (null): unknown global tag 0xc [ 1226.574102][ T809] hid (null): report_id 0 is invalid [ 1226.574164][ T809] hid (null): unknown global tag 0xe [ 1226.574180][ T809] hid (null): unknown global tag 0xc [ 1226.574213][ T809] hid (null): invalid report_count 39979 [ 1226.574247][ T809] hid (null): unknown global tag 0xd [ 1226.666194][T29055] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1226.724482][T29055] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1226.777554][T29055] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1226.805487][ T809] usb 5-1: USB disconnect, device number 38 [ 1226.868375][T29055] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1226.907470][T23056] asix 2-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 1226.907783][T23056] asix 2-1:0.188: probe with driver asix failed with error -71 [ 1226.951139][T23056] usb 2-1: USB disconnect, device number 96 [ 1226.980706][ T5800] Bluetooth: hci2: command tx timeout [ 1227.099033][T29055] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1227.126113][T29055] 8021q: adding VLAN 0 to HW filter on device team0 [ 1227.139407][ T1119] bridge0: port 1(bridge_slave_0) entered blocking state [ 1227.139537][ T1119] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1227.174266][ T1119] bridge0: port 2(bridge_slave_1) entered blocking state [ 1227.174447][ T1119] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1227.555019][T29142] netlink: 'syz.1.9465': attribute type 9 has an invalid length. [ 1227.555046][T29142] netlink: 'syz.1.9465': attribute type 11 has an invalid length. [ 1227.555062][T29142] netlink: 'syz.1.9465': attribute type 12 has an invalid length. [ 1227.555078][T29142] netlink: 210020 bytes leftover after parsing attributes in process `syz.1.9465'. [ 1227.663787][T29055] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1228.124638][T29151] kvm: requested 7542 ns i8254 timer period limited to 200000 ns [ 1228.318395][T29151] kvm: pic: non byte read [ 1228.326612][T29151] kvm: pic: non byte read [ 1228.327094][T29151] kvm: pic: non byte read [ 1228.327502][T29151] kvm: pic: non byte read [ 1228.327881][T29151] kvm: pic: non byte read [ 1228.328308][T29151] kvm: pic: non byte read [ 1228.328696][T29151] kvm: pic: non byte read [ 1228.329108][T29151] kvm: pic: non byte read [ 1228.351267][T29151] kvm: pic: non byte read [ 1228.351855][T29151] kvm: pic: non byte read [ 1228.886344][T29055] veth0_vlan: entered promiscuous mode [ 1228.937566][T29171] netlink: 180 bytes leftover after parsing attributes in process `syz.3.9472'. [ 1228.947106][T29055] veth1_vlan: entered promiscuous mode [ 1229.029984][T29173] netlink: 'syz.3.9475': attribute type 9 has an invalid length. [ 1229.030008][T29173] netlink: 'syz.3.9475': attribute type 11 has an invalid length. [ 1229.030023][T29173] netlink: 'syz.3.9475': attribute type 12 has an invalid length. [ 1229.030037][T29173] netlink: 210020 bytes leftover after parsing attributes in process `syz.3.9475'. [ 1229.062958][ T5800] Bluetooth: hci2: command tx timeout [ 1229.175978][T29179] tipc: Enabling of bearer rejected, failed to enable media [ 1229.192261][T29055] veth0_macvtap: entered promiscuous mode [ 1229.214838][T29055] veth1_macvtap: entered promiscuous mode [ 1229.246246][T29055] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1229.285976][T29055] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1229.314201][ T6354] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1229.323204][ T6354] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1229.339560][ T6354] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1229.339616][ T6354] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1229.818338][ T1119] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1229.818364][ T1119] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1229.921653][T21010] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1229.921677][T21010] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1230.156081][ T36] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 1230.314593][ T36] usb 3-1: config 0 has an invalid interface number: 13 but max is 0 [ 1230.314627][ T36] usb 3-1: config 0 has no interface number 0 [ 1230.314680][ T36] usb 3-1: config 0 interface 13 has no altsetting 0 [ 1230.317289][ T36] usb 3-1: Dual-Role OTG device on HNP port [ 1230.317626][ T36] usb 3-1: New USB device found, idVendor=17cc, idProduct=1940, bcdDevice=1e.7a [ 1230.317654][ T36] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1230.317677][ T36] usb 3-1: Product: syz [ 1230.317693][ T36] usb 3-1: Manufacturer: syz [ 1230.317709][ T36] usb 3-1: SerialNumber: syz [ 1230.363515][ T36] usb 3-1: config 0 descriptor?? [ 1230.388237][T29203] netlink: 180 bytes leftover after parsing attributes in process `syz.4.9484'. [ 1230.524298][T29207] netlink: 'syz.5.9486': attribute type 9 has an invalid length. [ 1230.524325][T29207] netlink: 'syz.5.9486': attribute type 11 has an invalid length. [ 1230.524340][T29207] netlink: 'syz.5.9486': attribute type 12 has an invalid length. [ 1230.524357][T29207] netlink: 210020 bytes leftover after parsing attributes in process `syz.5.9486'. [ 1230.609046][ T36] snd-usb-caiaq 3-1:0.13: can't set alt interface. [ 1230.609074][ T36] usb 3-1: unable to init card! (ret=-5) [ 1230.639550][ T36] snd-usb-caiaq 3-1:0.13: probe with driver snd-usb-caiaq failed with error -5 [ 1230.673330][ T36] usb 3-1: USB disconnect, device number 43 [ 1230.678929][T29211] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1230.984378][ T5800] Bluetooth: hci0: command 0x0406 tx timeout [ 1231.141199][ T5802] Bluetooth: hci2: command tx timeout [ 1231.324687][T29221] fuse: Bad value for 'fd' [ 1231.406944][T29223] kvm: requested 7542 ns i8254 timer period limited to 200000 ns [ 1232.060070][ T809] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 1232.148190][ T809] hid-generic 0000:0000:0000.000E: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1232.965528][T29255] fuse: Bad value for 'fd' [ 1233.331439][ T5940] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 1233.481241][ T5940] usb 3-1: Using ep0 maxpacket: 32 [ 1233.484592][ T5940] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1233.484622][ T5940] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1233.494177][ T5940] usb 3-1: New USB device found, idVendor=0763, idProduct=1031, bcdDevice= 0.40 [ 1233.494210][ T5940] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1233.494230][ T5940] usb 3-1: Product: syz [ 1233.494245][ T5940] usb 3-1: Manufacturer: syz [ 1233.494260][ T5940] usb 3-1: SerialNumber: syz [ 1233.765177][ T5940] usb 3-1: USB disconnect, device number 44 [ 1235.041443][ T809] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 1235.191468][ T809] usb 6-1: Using ep0 maxpacket: 8 [ 1235.194437][ T809] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1235.199250][ T809] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1235.199280][ T809] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1235.238585][ T809] usb 6-1: New USB device found, idVendor=1235, idProduct=8213, bcdDevice= 0.40 [ 1235.238620][ T809] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1235.238641][ T809] usb 6-1: Product: syz [ 1235.238657][ T809] usb 6-1: Manufacturer: syz [ 1235.238673][ T809] usb 6-1: SerialNumber: syz [ 1235.372173][ T36] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 1235.521535][ T36] usb 3-1: Using ep0 maxpacket: 16 [ 1235.529193][ T36] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7 [ 1235.529232][ T36] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid maxpacket 2047, setting to 1024 [ 1235.567578][ T36] usb 3-1: string descriptor 0 read error: -22 [ 1235.567749][ T36] usb 3-1: New USB device found, idVendor=041e, idProduct=3020, bcdDevice= 0.40 [ 1235.567775][ T36] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1235.716749][ T809] usb 6-1: USB disconnect, device number 2 [ 1235.914116][T28741] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 1235.933177][T28742] udevd[28742]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1236.061691][T28741] usb 5-1: Using ep0 maxpacket: 32 [ 1236.073383][T28741] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1236.074670][T28741] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 18, changing to 7 [ 1236.079468][T28741] usb 5-1: New USB device found, idVendor=1235, idProduct=8215, bcdDevice= 0.40 [ 1236.079498][T28741] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1236.079517][T28741] usb 5-1: Product: syz [ 1236.079530][T28741] usb 5-1: Manufacturer: syz [ 1236.079544][T28741] usb 5-1: SerialNumber: syz [ 1236.261758][ T5800] Bluetooth: hci5: command 0x1003 tx timeout [ 1236.279870][ T36] usb 3-1: USB disconnect, device number 45 [ 1236.298535][ T5802] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1236.556337][ T5890] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 1236.673457][T28741] usb 5-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 1236.684325][T28741] usb 5-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 1236.751682][ T5890] usb 6-1: Using ep0 maxpacket: 32 [ 1236.762262][ T5890] usb 6-1: config 2 has an invalid interface number: 88 but max is 0 [ 1236.762291][ T5890] usb 6-1: config 2 has no interface number 0 [ 1236.762338][ T5890] usb 6-1: config 2 interface 88 altsetting 7 bulk endpoint 0x6 has invalid maxpacket 256 [ 1236.762364][ T5890] usb 6-1: config 2 interface 88 has no altsetting 0 [ 1236.773611][ T5890] usb 6-1: New USB device found, idVendor=0557, idProduct=2009, bcdDevice=c7.1e [ 1236.773643][ T5890] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1236.773663][ T5890] usb 6-1: Product: syz [ 1236.773677][ T5890] usb 6-1: Manufacturer: syz [ 1236.773691][ T5890] usb 6-1: SerialNumber: syz [ 1236.873945][T29324] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 1237.064204][T28741] usb 5-1: USB disconnect, device number 39 [ 1237.089023][T29324] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 1237.336382][T28742] udevd[28742]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1237.731554][ T5890] asix 6-1:2.88 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 1237.732001][ T5890] asix 6-1:2.88: probe with driver asix failed with error -71 [ 1237.744963][ T5890] usb 6-1: USB disconnect, device number 3 [ 1237.940248][T29362] fuse: Bad value for 'fd' [ 1238.022159][ T5801] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 1238.051942][T28741] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 1238.182323][ T5801] usb 5-1: Using ep0 maxpacket: 32 [ 1238.197481][ T5801] usb 5-1: config 0 has an invalid interface number: 231 but max is 0 [ 1238.197513][ T5801] usb 5-1: config 0 has no interface number 0 [ 1238.197564][ T5801] usb 5-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 1238.197593][ T5801] usb 5-1: config 0 interface 231 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 1238.203479][ T5801] usb 5-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=b0.9b [ 1238.203512][ T5801] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1238.203533][ T5801] usb 5-1: Product: syz [ 1238.203549][ T5801] usb 5-1: Manufacturer: syz [ 1238.203564][ T5801] usb 5-1: SerialNumber: syz [ 1238.215777][T28741] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1238.219645][T28741] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1238.219670][T28741] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1238.239072][T28741] usb 3-1: New USB device found, idVendor=17cc, idProduct=1011, bcdDevice= 0.40 [ 1238.239103][T28741] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1238.239122][T28741] usb 3-1: Product: syz [ 1238.239136][T28741] usb 3-1: Manufacturer: syz [ 1238.239151][T28741] usb 3-1: SerialNumber: syz [ 1238.324356][ T5801] usb 5-1: config 0 descriptor?? [ 1238.325417][T29354] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 1238.325552][T29354] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 1238.397677][ T5801] plusb 5-1:0.231 usb0: register 'plusb' at usb-dummy_hcd.4-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1, 22:5d:92:b3:b8:90 [ 1238.633663][T28741] usb 3-1: Audio class v2/v3 interfaces need an interface association [ 1238.778665][T28741] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 1238.804796][T28741] usb 3-1: USB disconnect, device number 46 [ 1238.881618][T28742] udevd[28742]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1239.157376][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 1239.157458][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 1239.893197][T29395] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1240.620825][T23056] usb 5-1: USB disconnect, device number 40 [ 1240.624858][T23056] plusb 5-1:0.231 usb0: unregister 'plusb' usb-dummy_hcd.4-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1 [ 1240.936609][T29433] kvm: requested 7542 ns i8254 timer period limited to 200000 ns [ 1241.649445][T29450] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1241.722219][T23056] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 1241.880090][T23056] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 1241.880125][T23056] usb 5-1: config 0 has no interface number 0 [ 1241.880176][T23056] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1241.880204][T23056] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1241.880244][T23056] usb 5-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00 [ 1241.880270][T23056] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1241.952047][T23056] usb 5-1: config 0 descriptor?? [ 1242.381829][T23056] prodikeys 0003:041E:2801.000F: unbalanced collection at end of report description [ 1242.392605][T23056] prodikeys 0003:041E:2801.000F: hid parse failed [ 1242.392742][T23056] prodikeys 0003:041E:2801.000F: probe with driver prodikeys failed with error -22 [ 1242.577038][T28741] usb 5-1: USB disconnect, device number 41 [ 1245.258967][T29534] netlink: 'syz.2.9602': attribute type 9 has an invalid length. [ 1245.258993][T29534] netlink: 'syz.2.9602': attribute type 11 has an invalid length. [ 1245.259007][T29534] netlink: 'syz.2.9602': attribute type 12 has an invalid length. [ 1245.259022][T29534] netlink: 210020 bytes leftover after parsing attributes in process `syz.2.9602'. [ 1245.982805][T22580] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 1246.154844][T22580] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1246.154868][T22580] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1246.154882][T22580] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1246.154911][T22580] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1246.154925][T22580] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1246.160409][T22580] usb 3-1: config 0 descriptor?? [ 1246.240307][T29565] fuse: Bad value for 'fd' [ 1246.433642][T29569] netlink: 830 bytes leftover after parsing attributes in process `syz.5.9618'. [ 1246.669057][T22580] plantronics 0003:047F:FFFF.0010: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 1246.962569][ T36] usb 3-1: USB disconnect, device number 47 [ 1247.273339][T29597] netlink: 'syz.5.9629': attribute type 29 has an invalid length. [ 1247.274150][T29597] netlink: 'syz.5.9629': attribute type 29 has an invalid length. [ 1247.282885][T28741] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 1247.405197][ T37] audit: type=1326 audit(1772374255.667:3515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29598 comm="syz.5.9630" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f213e76c799 code=0x0 [ 1247.443038][T28741] usb 5-1: Using ep0 maxpacket: 32 [ 1247.449762][T28741] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1247.449786][T28741] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1247.449817][T28741] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1247.449831][T28741] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1247.455310][T28741] usb 5-1: config 0 descriptor?? [ 1247.489867][T28741] hub 5-1:0.0: USB hub found [ 1247.702959][T28741] hub 5-1:0.0: 1 port detected [ 1247.921942][T28741] hub 5-1:0.0: hub_hub_status failed (err = -71) [ 1247.921975][T28741] hub 5-1:0.0: config failed, can't get hub status (err -71) [ 1247.929427][T28741] usbhid 5-1:0.0: can't add hid device: -71 [ 1247.929551][T28741] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1247.965348][T28741] usb 5-1: USB disconnect, device number 42 [ 1248.460517][T29604] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1248.460685][T29604] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1248.542165][T29628] 2: renamed from team_slave_1 (while UP) [ 1248.557840][T29604] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1248.557990][T29604] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1248.648169][T29604] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1248.728688][T29604] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1248.728832][T29604] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1248.827923][T29604] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1248.929302][T29604] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1248.929647][T29604] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1248.995509][T29604] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1249.057582][T29604] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1249.057691][T29604] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1249.125405][T29604] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1249.276709][T29642] syzkaller0: entered promiscuous mode [ 1249.276730][T29642] syzkaller0: entered allmulticast mode [ 1249.463241][T22580] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 1249.473148][ T5801] usb 5-1: new full-speed USB device number 43 using dummy_hcd [ 1249.613098][T22580] usb 6-1: Using ep0 maxpacket: 8 [ 1249.615923][T22580] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7 [ 1249.619601][T22580] usb 6-1: New USB device found, idVendor=2b73, idProduct=001b, bcdDevice= 0.40 [ 1249.619631][T22580] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1249.619654][T22580] usb 6-1: Product: syz [ 1249.619670][T22580] usb 6-1: Manufacturer: syz [ 1249.619686][T22580] usb 6-1: SerialNumber: syz [ 1249.665057][ T5801] usb 5-1: not running at top speed; connect to a high speed hub [ 1249.680551][ T5801] usb 5-1: New USB device found, idVendor=0763, idProduct=2003, bcdDevice= 0.40 [ 1249.680642][ T5801] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1249.680665][ T5801] usb 5-1: Product: syz [ 1249.680682][ T5801] usb 5-1: Manufacturer: syz [ 1249.680697][ T5801] usb 5-1: SerialNumber: syz [ 1249.713295][ T5802] Bluetooth: hci0: command 0x0406 tx timeout [ 1249.946482][T22580] usb 6-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 1249.946946][T22580] usb 6-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 1250.093106][T22580] snd-usb-audio 6-1:1.0: probe with driver snd-usb-audio failed with error -71 [ 1250.097492][ T5801] usb 5-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 1250.100373][ T5801] usb 5-1: 2:1: invalid format type 0x1001 is detected, processed as PCM [ 1250.100404][ T5801] usb 5-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 1250.231093][T22580] usb 6-1: USB disconnect, device number 4 [ 1250.340493][T29661] 2: renamed from team_slave_1 (while UP) [ 1250.358483][T28742] udevd[28742]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1250.593218][ T5802] Bluetooth: hci4: command 0x0c1a tx timeout [ 1250.675633][ T5801] usb 5-1: USB disconnect, device number 43 [ 1250.743236][ T5802] Bluetooth: hci1: command 0x0c1a tx timeout [ 1250.833482][T28742] udevd[28742]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1250.983308][ T5802] Bluetooth: hci3: command 0x0c1a tx timeout [ 1251.023458][T22580] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 1251.073488][ T5802] Bluetooth: hci2: command 0x0c1a tx timeout [ 1251.174988][T22580] usb 6-1: Using ep0 maxpacket: 32 [ 1251.175195][T29680] fuse: root generation should be zero [ 1251.187682][T22580] usb 6-1: string descriptor 0 read error: -22 [ 1251.187839][T22580] usb 6-1: New USB device found, idVendor=1235, idProduct=8012, bcdDevice= 0.40 [ 1251.187863][T22580] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1251.202204][T22580] usb 6-1: BAAD HEADSET ADAPTER c_chmask mismatch [ 1251.418606][T22580] snd-usb-audio 6-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 1251.470583][T22580] usb 6-1: USB disconnect, device number 5 [ 1251.651540][T29695] overlayfs: failed to clone upperpath [ 1251.788876][ T5802] Bluetooth: hci0: command 0x0406 tx timeout [ 1252.267420][ T37] audit: type=1326 audit(1772374260.526:3516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29715 comm="syz.4.9675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f896944c799 code=0x7ffc0000 [ 1252.267482][ T37] audit: type=1326 audit(1772374260.526:3517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29715 comm="syz.4.9675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f896944c799 code=0x7ffc0000 [ 1252.318224][ T37] audit: type=1326 audit(1772374260.586:3518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29715 comm="syz.4.9675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=131 compat=0 ip=0x7f896944c799 code=0x7ffc0000 [ 1252.318867][ T37] audit: type=1326 audit(1772374260.586:3519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29715 comm="syz.4.9675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f896944c799 code=0x7ffc0000 [ 1252.318922][ T37] audit: type=1326 audit(1772374260.586:3520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29715 comm="syz.4.9675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f896944c799 code=0x7ffc0000 [ 1252.318972][ T37] audit: type=1326 audit(1772374260.586:3521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29715 comm="syz.4.9675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f896944c799 code=0x7ffc0000 [ 1252.322274][ T37] audit: type=1326 audit(1772374260.586:3522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29715 comm="syz.4.9675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f896944c799 code=0x7ffc0000 [ 1252.322337][ T37] audit: type=1326 audit(1772374260.586:3523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29715 comm="syz.4.9675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f896944c799 code=0x7ffc0000 [ 1252.323056][ T37] audit: type=1326 audit(1772374260.586:3524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29715 comm="syz.4.9675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f896944c799 code=0x7ffc0000 [ 1252.415670][ T37] kauditd_printk_skb: 66 callbacks suppressed [ 1252.415785][ T37] audit: type=1326 audit(1772374260.676:3591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29715 comm="syz.4.9675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f8969446517 code=0x7ffc0000 [ 1252.415917][ T37] audit: type=1326 audit(1772374260.676:3592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29715 comm="syz.4.9675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f89693edb19 code=0x7ffc0000 [ 1252.420237][ T37] audit: type=1326 audit(1772374260.686:3593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29715 comm="syz.4.9675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f8969446517 code=0x7ffc0000 [ 1252.420290][ T37] audit: type=1326 audit(1772374260.686:3594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29715 comm="syz.4.9675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f89693edb19 code=0x7ffc0000 [ 1252.420332][ T37] audit: type=1326 audit(1772374260.686:3595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29715 comm="syz.4.9675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f8969446517 code=0x7ffc0000 [ 1252.420372][ T37] audit: type=1326 audit(1772374260.686:3596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29715 comm="syz.4.9675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f89693edb19 code=0x7ffc0000 [ 1252.422082][ T37] audit: type=1326 audit(1772374260.686:3597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29715 comm="syz.4.9675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f8969446517 code=0x7ffc0000 [ 1252.422127][ T37] audit: type=1326 audit(1772374260.686:3598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29715 comm="syz.4.9675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f89693edb19 code=0x7ffc0000 [ 1252.422646][ T37] audit: type=1326 audit(1772374260.686:3599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29715 comm="syz.4.9675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f8969446517 code=0x7ffc0000 [ 1252.422747][ T37] audit: type=1326 audit(1772374260.686:3600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29715 comm="syz.4.9675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f89693edb19 code=0x7ffc0000 [ 1252.663819][ T5802] Bluetooth: hci4: command 0x0c1a tx timeout [ 1252.823876][ T5802] Bluetooth: hci1: command 0x0c1a tx timeout [ 1253.063581][ T5802] Bluetooth: hci3: command 0x0c1a tx timeout [ 1253.155506][ T5802] Bluetooth: hci2: command 0x0c1a tx timeout [ 1253.493538][ T993] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 1253.663581][ T993] usb 5-1: Using ep0 maxpacket: 32 [ 1253.668234][T29747] tipc: Started in network mode [ 1253.668257][T29747] tipc: Node identity 4, cluster identity 4711 [ 1253.668271][T29747] tipc: Node number set to 4 [ 1253.680983][ T993] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 1253.681023][ T993] usb 5-1: config 0 has no interface number 0 [ 1253.719576][ T993] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 1253.719610][ T993] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1253.719631][ T993] usb 5-1: Product: syz [ 1253.719646][ T993] usb 5-1: Manufacturer: syz [ 1253.719662][ T993] usb 5-1: SerialNumber: syz [ 1253.799506][ T993] usb 5-1: config 0 descriptor?? [ 1253.987616][T29752] 2: renamed from team_slave_1 (while UP) [ 1254.232002][ T993] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 1254.232040][ T993] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 1254.744039][ T5802] Bluetooth: hci4: command 0x0c1a tx timeout [ 1254.919046][ T5802] Bluetooth: hci1: command 0x0c1a tx timeout [ 1255.144255][ T5802] Bluetooth: hci3: command 0x0c1a tx timeout [ 1255.223791][ T5802] Bluetooth: hci2: command 0x0c1a tx timeout [ 1255.335728][T29774] netlink: 60 bytes leftover after parsing attributes in process `syz.1.9697'. [ 1255.337907][T29774] netlink: 60 bytes leftover after parsing attributes in process `syz.1.9697'. [ 1255.338532][T29774] netlink: 60 bytes leftover after parsing attributes in process `syz.1.9697'. [ 1255.341835][T29774] netlink: 60 bytes leftover after parsing attributes in process `syz.1.9697'. [ 1255.457675][ T993] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32 [ 1255.457881][ T993] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -32 [ 1255.863834][T29749] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 1255.874403][ T5802] Bluetooth: hci0: command 0x0406 tx timeout [ 1256.388040][T29804] netlink: 60 bytes leftover after parsing attributes in process `syz.1.9711'. [ 1256.389016][T29804] netlink: 60 bytes leftover after parsing attributes in process `syz.1.9711'. [ 1256.389508][T29804] netlink: 60 bytes leftover after parsing attributes in process `syz.1.9711'. [ 1256.390223][T29804] netlink: 60 bytes leftover after parsing attributes in process `syz.1.9711'. [ 1256.554944][ T993] usb 5-1: USB disconnect, device number 44 [ 1257.063693][T29834] netlink: 60 bytes leftover after parsing attributes in process `syz.3.9723'. [ 1257.064601][T29834] netlink: 60 bytes leftover after parsing attributes in process `syz.3.9723'. [ 1257.254060][T23056] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 1257.384181][T23056] usb 3-1: device descriptor read/64, error -71 [ 1257.524067][ T993] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 1257.634292][T23056] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 1257.684189][ T993] usb 5-1: Using ep0 maxpacket: 32 [ 1257.689555][ T993] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 1257.689589][ T993] usb 5-1: config 0 has no interface number 0 [ 1257.707596][ T993] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 1257.707637][ T993] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1257.707657][ T993] usb 5-1: Product: syz [ 1257.707670][ T993] usb 5-1: Manufacturer: syz [ 1257.707685][ T993] usb 5-1: SerialNumber: syz [ 1257.729139][ T993] usb 5-1: config 0 descriptor?? [ 1257.774186][T23056] usb 3-1: device descriptor read/64, error -71 [ 1257.894950][T23056] usb usb3-port1: attempt power cycle [ 1258.135271][T29870] overlayfs: failed to clone upperpath [ 1258.138965][ T993] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 1258.138999][ T993] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 1258.274648][T23056] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 1258.294951][T23056] usb 3-1: device descriptor read/8, error -71 [ 1258.534356][T23056] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 1258.555420][T23056] usb 3-1: device descriptor read/8, error -71 [ 1258.675519][T23056] usb usb3-port1: unable to enumerate USB device [ 1259.368373][ T993] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32 [ 1259.368711][ T993] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -32 [ 1260.395735][ T36] usb 5-1: USB disconnect, device number 45 [ 1262.084574][T22580] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 1262.234638][T22580] usb 5-1: Using ep0 maxpacket: 32 [ 1262.237384][T22580] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 1262.237414][T22580] usb 5-1: config 0 has no interface number 0 [ 1262.238840][T29962] overlayfs: failed to clone upperpath [ 1262.240826][T22580] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 1262.240870][T22580] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1262.240892][T22580] usb 5-1: Product: syz [ 1262.240908][T22580] usb 5-1: Manufacturer: syz [ 1262.240924][T22580] usb 5-1: SerialNumber: syz [ 1262.252409][T22580] usb 5-1: config 0 descriptor?? [ 1262.688347][T29981] __nla_validate_parse: 6 callbacks suppressed [ 1262.688372][T29981] netlink: 72 bytes leftover after parsing attributes in process `syz.3.9785'. [ 1262.693648][T22580] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 1262.693673][T22580] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 1262.936046][T29987] overlayfs: failed to clone upperpath [ 1263.623771][T30010] overlayfs: failed to clone upperpath [ 1263.839137][T30014] overlayfs: failed to clone upperpath [ 1263.953005][T22580] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32 [ 1263.953378][T22580] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -32 [ 1265.455111][T23056] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 1265.604944][T23056] usb 3-1: Using ep0 maxpacket: 32 [ 1265.608079][T23056] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 1265.608112][T23056] usb 3-1: config 0 has no interface number 0 [ 1265.612448][T23056] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 1265.612482][T23056] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1265.612504][T23056] usb 3-1: Product: syz [ 1265.612521][T23056] usb 3-1: Manufacturer: syz [ 1265.612538][T23056] usb 3-1: SerialNumber: syz [ 1265.699157][T23056] usb 3-1: config 0 descriptor?? [ 1265.914748][T30048] overlayfs: failed to clone upperpath [ 1266.146317][T23056] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 1266.146354][T23056] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 1266.175103][ T5801] usb 5-1: USB disconnect, device number 46 [ 1267.199886][T30085] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9829'. [ 1267.858315][T30093] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9831'. [ 1268.351121][T30109] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9840'. [ 1268.397542][T23056] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 1268.397902][T23056] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71 [ 1268.433233][T23056] usb 3-1: USB disconnect, device number 52 [ 1268.757765][ T5802] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1269.163688][T30136] random: crng reseeded on system resumption [ 1271.355686][ T5801] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 1271.513747][ T5801] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1271.524590][ T5801] usb 5-1: config 208 has an invalid interface number: 119 but max is 0 [ 1271.524621][ T5801] usb 5-1: config 208 has no interface number 0 [ 1271.524656][ T5801] usb 5-1: config 208 interface 119 has no altsetting 0 [ 1271.528420][ T5801] usb 5-1: New USB device found, idVendor=0584, idProduct=0008, bcdDevice= 1.02 [ 1271.528449][ T5801] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1271.528468][ T5801] usb 5-1: Product: syz [ 1271.528481][ T5801] usb 5-1: Manufacturer: syz [ 1271.528541][ T5801] usb 5-1: SerialNumber: syz [ 1271.840173][ T5801] ums-alauda 5-1:208.119: USB Mass Storage device detected [ 1271.956186][ T5801] usb 5-1: USB disconnect, device number 47 [ 1273.117986][T30275] fuse: Bad value for 'fd' [ 1273.345868][ T809] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 1273.495828][ T809] usb 5-1: Using ep0 maxpacket: 32 [ 1273.498964][ T809] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1273.499003][ T809] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1273.499045][ T809] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 1273.499071][ T809] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1273.527920][ T809] usb 5-1: config 0 descriptor?? [ 1274.014202][ T809] savu 0003:1E7D:2D5A.0011: hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.4-1/input0 [ 1274.042740][T30301] overlayfs: failed to clone upperpath [ 1274.208516][ T809] usb 5-1: USB disconnect, device number 48 [ 1275.109966][T30327] kvm: requested 7542 ns i8254 timer period limited to 200000 ns [ 1277.106438][T23056] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 1277.263846][T23056] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1277.263878][T23056] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1277.265933][T23056] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1277.265966][T23056] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1277.265987][T23056] usb 5-1: SerialNumber: syz [ 1277.543885][T23056] usb 5-1: 0:2 : does not exist [ 1277.628758][T23056] usb 5-1: USB disconnect, device number 49 [ 1277.703068][T28742] udevd[28742]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1278.737135][T23056] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 1278.917049][T23056] usb 3-1: Using ep0 maxpacket: 16 [ 1278.932159][T23056] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1278.932195][T23056] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1278.932217][T23056] usb 3-1: Product: syz [ 1278.932234][T23056] usb 3-1: Manufacturer: syz [ 1278.932250][T23056] usb 3-1: SerialNumber: syz [ 1278.975902][T23056] r8152-cfgselector 3-1: Unknown version 0x0000 [ 1278.975934][T23056] r8152-cfgselector 3-1: config 0 descriptor?? [ 1279.214879][T23056] r8152-cfgselector 3-1: Needed 1 retries to read version [ 1279.468973][ T5890] usb 5-1: new high-speed USB device number 50 using dummy_hcd [ 1279.550559][T30470] overlayfs: failed to clone upperpath [ 1279.619308][ T5890] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1279.619367][ T5890] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 1279.622668][ T5890] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1279.622702][ T5890] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1279.622722][ T5890] usb 5-1: Product: syz [ 1279.622738][ T5890] usb 5-1: Manufacturer: syz [ 1279.622753][ T5890] usb 5-1: SerialNumber: syz [ 1279.897998][T30455] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 1280.130330][T30488] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9989'. [ 1280.508416][T30455] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 1280.709540][ T5890] cdc_ncm 5-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 1280.709572][ T5890] cdc_ncm 5-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048 [ 1280.709594][ T5890] cdc_ncm 5-1:1.0: setting rx_max = 2048 [ 1280.919250][ T5890] cdc_ncm 5-1:1.0: setting tx_max = 88 [ 1280.954670][ T5890] cdc_ncm 5-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.4-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 1280.985756][ T5890] usb 5-1: USB disconnect, device number 50 [ 1280.988524][ T5890] cdc_ncm 5-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.4-1, CDC NCM (NO ZLP) [ 1281.237500][T30523] netlink: 4 bytes leftover after parsing attributes in process `syz.5.10002'. [ 1281.524610][T23056] r8152-cfgselector 3-1: USB disconnect, device number 53 [ 1284.542157][ T5890] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 1284.697156][ T5890] usb 3-1: Using ep0 maxpacket: 32 [ 1284.702170][ T5890] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 1284.702224][ T5890] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1284.702252][ T5890] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1284.705686][ T5890] usb 3-1: New USB device found, idVendor=0763, idProduct=2003, bcdDevice= 0.40 [ 1284.705716][ T5890] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1284.705736][ T5890] usb 3-1: Product: syz [ 1284.705750][ T5890] usb 3-1: Manufacturer: syz [ 1284.705765][ T5890] usb 3-1: SerialNumber: syz [ 1285.013745][ T5890] usb 3-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 1285.152734][ T5890] usb 3-1: USB disconnect, device number 54 [ 1285.204500][T28742] udevd[28742]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1286.077053][T30670] netlink: 28 bytes leftover after parsing attributes in process `syz.4.10056'. [ 1288.059347][T30727] cgroup: Unknown subsys name 'cpuset' [ 1289.883682][T30790] netlink: 28 bytes leftover after parsing attributes in process `syz.5.10107'. [ 1290.037786][ T5801] usb 5-1: new high-speed USB device number 51 using dummy_hcd [ 1290.277808][ T5801] usb 5-1: Using ep0 maxpacket: 32 [ 1290.280092][ T5801] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1290.280129][ T5801] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1290.280172][ T5801] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1290.280196][ T5801] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1290.285815][ T5801] usb 5-1: config 0 descriptor?? [ 1290.290918][ T5801] hub 5-1:0.0: USB hub found [ 1290.507959][ T5801] hub 5-1:0.0: 1 port detected [ 1291.125834][T30808] overlayfs: failed to clone upperpath [ 1291.739098][ T5801] hub 5-1:0.0: hub_hub_status failed (err = -32) [ 1291.739120][ T5801] hub 5-1:0.0: config failed, can't get hub status (err -32) [ 1291.743106][ T5801] usbhid 5-1:0.0: can't add hid device: -32 [ 1291.743189][ T5801] usbhid 5-1:0.0: probe with driver usbhid failed with error -32 [ 1291.800240][ T5801] usb 5-1: USB disconnect, device number 51 [ 1292.587156][T30833] overlayfs: failed to clone upperpath [ 1292.631809][T30835] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10126'. [ 1292.631892][T30835] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10126'. [ 1293.148182][T22580] usb 3-1: new high-speed USB device number 55 using dummy_hcd [ 1293.298142][T22580] usb 3-1: Using ep0 maxpacket: 32 [ 1293.327381][T22580] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1293.327422][T22580] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1293.327463][T22580] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1293.327487][T22580] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1293.352728][T22580] usb 3-1: config 0 descriptor?? [ 1293.370925][T22580] hub 3-1:0.0: USB hub found [ 1293.574049][T22580] hub 3-1:0.0: 1 port detected [ 1294.858784][T22580] hub 3-1:0.0: hub_hub_status failed (err = -32) [ 1294.858818][T22580] hub 3-1:0.0: config failed, can't get hub status (err -32) [ 1294.876238][T22580] usbhid 3-1:0.0: can't add hid device: -32 [ 1294.876370][T22580] usbhid 3-1:0.0: probe with driver usbhid failed with error -32 [ 1294.916975][T22580] usb 3-1: USB disconnect, device number 55 [ 1295.083765][T30874] overlayfs: failed to resolve './file0': -2 [ 1295.462295][T22580] usb 5-1: new high-speed USB device number 52 using dummy_hcd [ 1295.618871][T22580] usb 5-1: Using ep0 maxpacket: 32 [ 1295.621315][T22580] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 1295.621346][T22580] usb 5-1: config 0 has no interface number 0 [ 1295.639505][T22580] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 1295.639537][T22580] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1295.639556][T22580] usb 5-1: Product: syz [ 1295.639571][T22580] usb 5-1: Manufacturer: syz [ 1295.639587][T22580] usb 5-1: SerialNumber: syz [ 1295.653427][T22580] usb 5-1: config 0 descriptor?? [ 1296.042510][T30896] netlink: 4 bytes leftover after parsing attributes in process `syz.5.10148'. [ 1296.042829][T30896] netlink: 4 bytes leftover after parsing attributes in process `syz.5.10148'. [ 1296.089167][T22580] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 1296.089202][T22580] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 1296.581547][T30904] overlayfs: failed to resolve './file0': -2 [ 1298.135480][T22580] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000006c: -71 [ 1298.135843][T22580] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -71 [ 1298.181848][T22580] usb 5-1: USB disconnect, device number 52 [ 1299.028826][T22580] usb 5-1: new high-speed USB device number 53 using dummy_hcd [ 1299.209273][T22580] usb 5-1: Using ep0 maxpacket: 32 [ 1299.212714][T22580] usb 5-1: config 0 has an invalid interface number: 184 but max is 0 [ 1299.212745][T22580] usb 5-1: config 0 has no interface number 0 [ 1299.212798][T22580] usb 5-1: config 0 interface 184 has no altsetting 0 [ 1299.217858][T22580] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1299.217892][T22580] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1299.217914][T22580] usb 5-1: Product: syz [ 1299.217930][T22580] usb 5-1: Manufacturer: syz [ 1299.217946][T22580] usb 5-1: SerialNumber: syz [ 1299.248230][T22580] usb 5-1: config 0 descriptor?? [ 1300.070593][T22580] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000040: -71 [ 1300.070627][T22580] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Error writing E2P_CMD [ 1300.073738][T22580] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 1300.073770][T22580] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 1300.073789][T22580] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 1300.073810][T22580] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 1300.074147][T22580] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -71 [ 1300.099572][T22580] usb 5-1: USB disconnect, device number 53 [ 1300.232104][T30948] overlayfs: failed to resolve './file0': -2 [ 1300.600847][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 1300.600928][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 1300.746809][T30967] tipc: Started in network mode [ 1300.746846][T30967] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 1300.748325][T30967] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 1300.789019][T30967] tipc: Enabled bearer , priority 10 [ 1300.955818][T30977] overlayfs: failed to resolve './file0': -2 [ 1301.189076][T28741] usb 5-1: new high-speed USB device number 54 using dummy_hcd [ 1301.339158][T28741] usb 5-1: Using ep0 maxpacket: 16 [ 1301.342215][T28741] usb 5-1: config 0 has an invalid interface number: 34 but max is 0 [ 1301.342246][T28741] usb 5-1: config 0 has no interface number 0 [ 1301.342295][T28741] usb 5-1: config 0 interface 34 altsetting 0 bulk endpoint 0xA has invalid maxpacket 1023 [ 1301.342318][T28741] usb 5-1: config 0 interface 34 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 80 [ 1301.344659][T28741] usb 5-1: New USB device found, idVendor=0b95, idProduct=772a, bcdDevice=82.73 [ 1301.344688][T28741] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1301.344701][T28741] usb 5-1: Product: syz [ 1301.344710][T28741] usb 5-1: Manufacturer: syz [ 1301.344719][T28741] usb 5-1: SerialNumber: syz [ 1301.348095][T28741] usb 5-1: config 0 descriptor?? [ 1301.351304][T30975] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1301.351433][T30975] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1301.558606][T30975] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1301.558764][T30975] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1301.718758][ T37] kauditd_printk_skb: 996 callbacks suppressed [ 1301.718779][ T37] audit: type=1326 audit(1772374309.970:4597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30995 comm="syz.2.10191" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f27883bc799 code=0x0 [ 1301.761178][T28741] asix 5-1:0.34 (unnamed net_device) (uninitialized): invalid hw address, using random [ 1301.867401][ T809] tipc: Node number set to 1 [ 1301.962008][T28741] asix 5-1:0.34 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 1301.962042][T28741] asix 5-1:0.34 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 1301.962342][T28741] asix 5-1:0.34: probe with driver asix failed with error -71 [ 1302.011406][T28741] usb 5-1: USB disconnect, device number 54 [ 1302.149537][T31008] overlayfs: failed to resolve './file0': -2 [ 1302.860772][T31033] overlayfs: failed to resolve './file0': -2 [ 1302.996371][T31040] overlayfs: failed to clone upperpath [ 1303.419404][ T5801] usb 5-1: new full-speed USB device number 55 using dummy_hcd [ 1303.571904][ T5801] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1303.571941][ T5801] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 1303.571971][ T5801] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 1303.572000][ T5801] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 1024, setting to 64 [ 1303.572028][ T5801] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1303.576681][ T5801] usb 5-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 1303.576716][ T5801] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1303.576738][ T5801] usb 5-1: Product: syz [ 1303.576754][ T5801] usb 5-1: Manufacturer: syz [ 1303.576770][ T5801] usb 5-1: SerialNumber: syz [ 1303.590895][ T5801] usb 5-1: config 0 descriptor?? [ 1303.602325][T31048] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1303.648845][ T5801] input: KB Gear Tablet as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input26 [ 1303.770933][ C0] kbtab 5-1:0.0: kbtab_irq - usb_submit_urb failed with result -1 [ 1303.806885][T31063] overlayfs: failed to clone upperpath [ 1303.835623][ T5801] usb 5-1: USB disconnect, device number 55 [ 1303.835724][ C1] kbtab 5-1:0.0: kbtab_irq - usb_submit_urb failed with result -19 [ 1305.090596][T31108] tipc: Started in network mode [ 1305.090634][T31108] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 1305.090988][T31108] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 1305.092697][T31108] tipc: Enabled bearer , priority 10 [ 1305.363692][ T809] usb 3-1: new high-speed USB device number 56 using dummy_hcd [ 1305.734597][ T809] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1305.734630][ T809] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1305.734672][ T809] usb 3-1: New USB device found, idVendor=5543, idProduct=004d, bcdDevice= 0.00 [ 1305.734698][ T809] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1305.740647][ T809] usb 3-1: config 0 descriptor?? [ 1305.976909][ T809] usb 3-1: USB disconnect, device number 56 [ 1306.164479][T31118] overlayfs: failed to clone upperpath [ 1306.165787][T31116] overlayfs: failed to clone upperpath [ 1306.309870][ T5801] tipc: Node number set to 1 [ 1306.423832][T31106] overlayfs: failed to clone upperpath [ 1307.653591][T31150] overlayfs: failed to clone upperpath [ 1308.045785][T31166] overlayfs: failed to clone upperpath [ 1308.529874][T23056] usb 3-1: new high-speed USB device number 57 using dummy_hcd [ 1308.679831][T23056] usb 3-1: Using ep0 maxpacket: 16 [ 1308.691220][T23056] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1308.691254][T23056] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1308.691275][T23056] usb 3-1: Product: syz [ 1308.691290][T23056] usb 3-1: Manufacturer: syz [ 1308.691304][T23056] usb 3-1: SerialNumber: syz [ 1308.703521][T23056] r8152-cfgselector 3-1: Unknown version 0x0000 [ 1308.703548][T23056] r8152-cfgselector 3-1: config 0 descriptor?? [ 1309.259042][T31187] overlayfs: failed to clone upperpath [ 1310.407120][T31217] netlink: 60 bytes leftover after parsing attributes in process `syz.4.10289'. [ 1310.408611][T31217] netlink: 60 bytes leftover after parsing attributes in process `syz.4.10289'. [ 1310.409270][T31217] netlink: 60 bytes leftover after parsing attributes in process `syz.4.10289'. [ 1311.260632][T28741] r8152-cfgselector 3-1: USB disconnect, device number 57 [ 1311.690206][T28741] usb 3-1: new high-speed USB device number 58 using dummy_hcd [ 1311.840246][T28741] usb 3-1: Using ep0 maxpacket: 16 [ 1311.843147][T28741] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1311.843185][T28741] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 57600, setting to 1024 [ 1311.843211][T28741] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1311.843251][T28741] usb 3-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00 [ 1311.843275][T28741] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1311.925509][T28741] usb 3-1: config 0 descriptor?? [ 1312.464119][T28741] input: HID 054c:03d5 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:054C:03D5.0012/input/input27 [ 1312.618190][T28741] sony 0003:054C:03D5.0012: input,hidraw0: USB HID v0.00 Joystick [HID 054c:03d5] on usb-dummy_hcd.2-1/input0 [ 1312.645003][T31238] netlink: 60 bytes leftover after parsing attributes in process `syz.5.10297'. [ 1312.645483][T31241] netlink: 60 bytes leftover after parsing attributes in process `syz.5.10297'. [ 1312.703121][T28741] usb 3-1: USB disconnect, device number 58 [ 1312.953874][T31250] netlink: 9286 bytes leftover after parsing attributes in process `syz.4.10302'. [ 1313.021797][T31246] fido_id[31246]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory [ 1313.376314][ T6352] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1313.498029][T31248] netlink: 160 bytes leftover after parsing attributes in process `syz.4.10302'. [ 1313.949808][ T6352] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1314.001555][T31281] netlink: 60 bytes leftover after parsing attributes in process `syz.3.10316'. [ 1314.002039][T31283] netlink: 60 bytes leftover after parsing attributes in process `syz.3.10316'. [ 1314.367326][ T6352] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1314.434512][T31298] netlink: 60 bytes leftover after parsing attributes in process `syz.3.10323'. [ 1314.688084][T31311] kvm: requested 7542 ns i8254 timer period limited to 200000 ns [ 1314.740066][ T6352] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1314.793516][T31303] picdev_read: 4 callbacks suppressed [ 1314.793625][T31303] kvm: pic: non byte read [ 1314.811327][T31303] kvm: pic: single mode not supported [ 1314.813090][T31303] kvm: pic: level sensitive irq not supported [ 1314.813724][T31303] kvm: pic: non byte read [ 1314.819821][T31303] kvm: pic: non byte read [ 1314.823117][T31303] kvm: pic: non byte read [ 1315.048413][T31321] C: renamed from team_slave_0 (while UP) [ 1315.471154][T31334] __nla_validate_parse: 6 callbacks suppressed [ 1315.471180][T31334] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.10337'. [ 1315.471624][T31334] bridge_slave_1: default FDB implementation only supports local addresses [ 1315.626938][T31341] netlink: 60 bytes leftover after parsing attributes in process `syz.4.10342'. [ 1315.627955][T31341] netlink: 60 bytes leftover after parsing attributes in process `syz.4.10342'. [ 1315.816242][ T6352] bridge_slave_1: left allmulticast mode [ 1315.816277][ T6352] bridge_slave_1: left promiscuous mode [ 1315.816566][ T6352] bridge0: port 2(bridge_slave_1) entered disabled state [ 1315.955001][ T6352] bridge_slave_0: left allmulticast mode [ 1315.955036][ T6352] bridge_slave_0: left promiscuous mode [ 1315.955338][ T6352] bridge0: port 1(bridge_slave_0) entered disabled state [ 1317.304647][ T6352] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1317.371822][ T6352] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1317.396093][ T6352] bond0 (unregistering): Released all slaves [ 1317.440837][T31368] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.10348'. [ 1317.737562][T31393] netlink: 60 bytes leftover after parsing attributes in process `syz.2.10354'. [ 1317.738588][T31393] netlink: 60 bytes leftover after parsing attributes in process `syz.2.10354'. [ 1319.056551][T31433] netlink: 60 bytes leftover after parsing attributes in process `syz.2.10366'. [ 1319.057826][T31437] netlink: 60 bytes leftover after parsing attributes in process `syz.2.10366'. [ 1319.559365][ T6352] hsr_slave_0: left promiscuous mode [ 1319.569563][T31466] overlayfs: failed to clone upperpath [ 1319.596652][ T6352] hsr_slave_1: left promiscuous mode [ 1319.597832][ T6352] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1319.597861][ T6352] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1319.642184][ T6352] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1319.642215][ T6352] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1319.740704][ T6352] veth1_macvtap: left promiscuous mode [ 1319.740826][ T6352] veth0_macvtap: left promiscuous mode [ 1319.745458][ T6352] veth1_vlan: left promiscuous mode [ 1319.745652][ T6352] veth0_vlan: left promiscuous mode [ 1320.590959][T31498] overlayfs: failed to clone upperpath [ 1321.532633][ T6352] team0 (unregistering): Port device 12 removed [ 1321.622242][ T6352] team0 (unregistering): Port device team_slave_0 removed [ 1322.167447][T31475] netlink: 60 bytes leftover after parsing attributes in process `syz.5.10384'. [ 1322.167760][T31510] tipc: Started in network mode [ 1322.167789][T31510] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 1322.168188][T31510] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 1322.169900][T31510] tipc: Enabled bearer , priority 10 [ 1322.438409][T31535] netlink: 60 bytes leftover after parsing attributes in process `syz.5.10406'. [ 1322.439156][T31535] netlink: 60 bytes leftover after parsing attributes in process `syz.5.10406'. [ 1322.439639][T31535] netlink: 60 bytes leftover after parsing attributes in process `syz.5.10406'. [ 1323.286211][T28741] tipc: Node number set to 1 [ 1323.480702][T31568] netlink: 60 bytes leftover after parsing attributes in process `syz.5.10418'. [ 1323.481977][T31568] netlink: 60 bytes leftover after parsing attributes in process `syz.5.10418'. [ 1323.482451][T31568] netlink: 60 bytes leftover after parsing attributes in process `syz.5.10418'. [ 1323.794610][T31580] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1323.794816][T31580] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1323.965701][T31585] netlink: 'syz.3.10425': attribute type 16 has an invalid length. [ 1323.965730][T31585] netlink: 2 bytes leftover after parsing attributes in process `syz.3.10425'. [ 1326.378677][T31671] netlink: 60 bytes leftover after parsing attributes in process `syz.4.10454'. [ 1326.379704][T31671] netlink: 60 bytes leftover after parsing attributes in process `syz.4.10454'. [ 1329.440566][T31763] netlink: 60 bytes leftover after parsing attributes in process `syz.3.10491'. [ 1329.478405][T31763] netlink: 60 bytes leftover after parsing attributes in process `syz.3.10491'. [ 1329.479281][T31763] netlink: 60 bytes leftover after parsing attributes in process `syz.3.10491'. [ 1330.613073][T31798] netlink: 'syz.5.10505': attribute type 2 has an invalid length. [ 1330.613099][T31798] netlink: 'syz.5.10505': attribute type 9 has an invalid length. [ 1331.480814][T31827] netlink: 60 bytes leftover after parsing attributes in process `syz.3.10518'. [ 1331.502008][T31827] netlink: 60 bytes leftover after parsing attributes in process `syz.3.10518'. [ 1331.516670][T31827] netlink: 60 bytes leftover after parsing attributes in process `syz.3.10518'. [ 1331.746154][T31835] netlink: 60 bytes leftover after parsing attributes in process `syz.5.10522'. [ 1331.752088][T31835] netlink: 60 bytes leftover after parsing attributes in process `syz.5.10522'. [ 1331.823732][T31839] netlink: 44 bytes leftover after parsing attributes in process `syz.4.10524'. [ 1331.951951][T31844] overlayfs: missing 'lowerdir' [ 1332.433056][ T5890] usb 3-1: new high-speed USB device number 59 using dummy_hcd [ 1332.582529][ T5890] usb 3-1: Using ep0 maxpacket: 16 [ 1332.584527][ T5890] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1332.584562][ T5890] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 57600, setting to 1024 [ 1332.584592][ T5890] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1332.584638][ T5890] usb 3-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00 [ 1332.584664][ T5890] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1332.590432][ T5890] usb 3-1: config 0 descriptor?? [ 1332.762304][T31873] netlink: 60 bytes leftover after parsing attributes in process `syz.3.10536'. [ 1333.211184][ T5890] usbhid 3-1:0.0: can't add hid device: -71 [ 1333.211339][ T5890] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1333.282768][ T5890] usb 3-1: USB disconnect, device number 59 [ 1334.457392][T31907] __nla_validate_parse: 3 callbacks suppressed [ 1334.457419][T31907] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10550'. [ 1335.384050][T31948] delete_channel: no stack [ 1335.831048][T31966] netlink: 60 bytes leftover after parsing attributes in process `syz.3.10578'. [ 1335.831896][T31966] netlink: 60 bytes leftover after parsing attributes in process `syz.3.10578'. [ 1336.109006][T31979] delete_channel: no stack [ 1336.177487][T31982] netlink: 60 bytes leftover after parsing attributes in process `syz.5.10586'. [ 1336.181471][T31982] netlink: 60 bytes leftover after parsing attributes in process `syz.5.10586'. [ 1336.192639][T31982] netlink: 60 bytes leftover after parsing attributes in process `syz.5.10586'. [ 1337.763147][ T5890] usb 3-1: new high-speed USB device number 60 using dummy_hcd [ 1337.888078][T32046] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10610'. [ 1337.903159][ T5890] usb 3-1: device descriptor read/64, error -71 [ 1338.163984][ T5890] usb 3-1: new high-speed USB device number 61 using dummy_hcd [ 1338.293213][ T5890] usb 3-1: device descriptor read/64, error -71 [ 1338.403740][ T5890] usb usb3-port1: attempt power cycle [ 1338.745765][ T5890] usb 3-1: new high-speed USB device number 62 using dummy_hcd [ 1338.764118][ T5890] usb 3-1: device descriptor read/8, error -71 [ 1338.764225][T32071] netlink: 'syz.3.10616': attribute type 10 has an invalid length. [ 1338.937770][T32071] team0 (unregistering): Port device team_slave_0 removed [ 1339.014342][ T5890] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 1339.015388][T32071] team0 (unregistering): Port device 12 removed [ 1339.069868][ T5890] usb 3-1: device descriptor read/8, error -71 [ 1339.175383][ T5890] usb usb3-port1: unable to enumerate USB device [ 1339.822232][T32109] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10627'. [ 1341.671815][T32174] netlink: 12 bytes leftover after parsing attributes in process `syz.5.10648'. [ 1342.168564][T32192] kAFS: unable to lookup cell '.({^@' [ 1342.506529][T32199] syz.2.10655 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 1347.044587][T32310] fuse: Bad value for 'fd' [ 1348.234346][T28741] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 1348.404342][T28741] usb 3-1: Using ep0 maxpacket: 32 [ 1348.407190][T28741] usb 3-1: config 0 has an invalid interface number: 35 but max is 0 [ 1348.407222][T28741] usb 3-1: config 0 has no interface number 0 [ 1348.407274][T28741] usb 3-1: config 0 interface 35 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 1348.407303][T28741] usb 3-1: config 0 interface 35 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 1348.410429][T28741] usb 3-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad [ 1348.410463][T28741] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1348.410485][T28741] usb 3-1: Product: syz [ 1348.410501][T28741] usb 3-1: Manufacturer: syz [ 1348.410518][T28741] usb 3-1: SerialNumber: syz [ 1348.417775][T28741] usb 3-1: config 0 descriptor?? [ 1348.636978][T32357] overlayfs: missing 'lowerdir' [ 1348.776195][T32362] fuse: Bad value for 'fd' [ 1348.866460][T28741] radio-si470x 3-1:0.35: DeviceID=0xc804 ChipID=0x81c4 [ 1349.067489][T28741] radio-si470x 3-1:0.35: software version 200, hardware version 4 [ 1349.270700][T28741] radio-si470x 3-1:0.35: si470x_set_report: usb_control_msg returned -71 [ 1349.270795][T28741] radio-si470x 3-1:0.35: submitting int urb failed (-90) [ 1349.271256][T28741] radio-si470x 3-1:0.35: si470x_set_report: usb_control_msg returned -71 [ 1349.271633][T28741] radio-si470x 3-1:0.35: probe with driver radio-si470x failed with error -22 [ 1349.295837][T28741] radio-raremono 3-1:0.35: this is not Thanko's Raremono. [ 1349.325231][T28741] usb 3-1: USB disconnect, device number 64 [ 1349.482973][T32373] delete_channel: no stack [ 1350.481647][T32398] fuse: Bad value for 'fd' [ 1352.634514][T32397] bridge0: port 2(bridge_slave_1) entered disabled state [ 1353.089761][T32446] zonefs (nullb0) ERROR: Not a zoned block device [ 1353.916388][T32447] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1354.005055][T32397] bridge0: port 1(bridge_slave_0) entered disabled state [ 1354.249071][T32455] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10764'. [ 1355.612502][T32397] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1355.616924][T32397] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1357.706479][T21012] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1357.706714][T21012] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1357.706775][T21012] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1357.706798][T21012] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1357.802101][T32488] netlink: 3724 bytes leftover after parsing attributes in process `syz.4.10776'. [ 1358.371280][T32520] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10789'. [ 1358.439726][T32523] netlink: 3724 bytes leftover after parsing attributes in process `syz.5.10791'. [ 1359.001859][T32549] netlink: 3724 bytes leftover after parsing attributes in process `syz.2.10804'. [ 1359.539347][T32574] overlayfs: missing 'lowerdir' [ 1360.927180][T32586] netlink: 3724 bytes leftover after parsing attributes in process `syz.1.10817'. [ 1361.317498][T32608] overlayfs: missing 'lowerdir' [ 1361.390100][T32607] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1361.582595][T32615] netlink: 20 bytes leftover after parsing attributes in process `syz.3.10829'. [ 1362.046617][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 1362.046694][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 1362.098379][T32626] netlink: 3724 bytes leftover after parsing attributes in process `syz.3.10833'. [ 1364.109386][T32645] overlayfs: missing 'lowerdir' [ 1365.493243][T32661] netlink: 3724 bytes leftover after parsing attributes in process `syz.1.10846'. [ 1366.844851][T32682] overlayfs: missing 'lowerdir' [ 1368.259638][T32693] netlink: 3724 bytes leftover after parsing attributes in process `syz.1.10858'. [ 1368.953428][T32708] overlayfs: missing 'lowerdir' [ 1369.435468][T32727] netlink: 3724 bytes leftover after parsing attributes in process `syz.4.10872'. [ 1369.764234][T32738] overlayfs: missing 'lowerdir' [ 1370.040793][T32751] netlink: 3724 bytes leftover after parsing attributes in process `syz.1.10884'. [ 1370.392303][ T300] overlayfs: missing 'workdir' [ 1370.773167][ T311] netlink: 3724 bytes leftover after parsing attributes in process `syz.3.10897'. [ 1371.096888][ T5890] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 1371.269256][ T5890] usb 3-1: Using ep0 maxpacket: 32 [ 1371.276641][ T5890] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1371.276673][ T5890] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1371.283569][ T5890] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 1371.283602][ T5890] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1371.283622][ T5890] usb 3-1: Product: syz [ 1371.283637][ T5890] usb 3-1: Manufacturer: syz [ 1371.283652][ T5890] usb 3-1: SerialNumber: syz [ 1371.294603][ T5890] usb 3-1: config 0 descriptor?? [ 1371.775517][ T338] overlayfs: missing 'workdir' [ 1372.769248][ T353] netlink: 3724 bytes leftover after parsing attributes in process `syz.1.10911'. [ 1374.208310][T28737] usb 3-1: USB disconnect, device number 65 [ 1375.184856][ T392] netlink: 3724 bytes leftover after parsing attributes in process `syz.3.10924'. [ 1376.505932][ T418] mkiss: ax0: crc mode is auto. [ 1376.884158][ T424] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(17) [ 1376.884190][ T424] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 1376.957333][ T424] vhci_hcd vhci_hcd.0: Device attached [ 1377.095918][ T418] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(14) [ 1377.095950][ T418] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1377.104497][ T418] vhci_hcd vhci_hcd.0: Device attached [ 1377.167995][T23056] vhci_hcd vhci_hcd.2: vhci_device speed not set [ 1377.222194][ T438] netlink: 3724 bytes leftover after parsing attributes in process `syz.5.10941'. [ 1377.227647][T23056] usb 37-2: new full-speed USB device number 2 using vhci_hcd [ 1377.975031][ T448] overlayfs: missing 'lowerdir' [ 1378.152384][ T451] overlayfs: missing 'lowerdir' [ 1378.306125][ T452] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 1378.306209][ T452] CIFS mount error: No usable UNC path provided in device string! [ 1378.306209][ T452] [ 1378.306520][ T452] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 1380.013555][ T466] netlink: 3724 bytes leftover after parsing attributes in process `syz.1.10952'. [ 1380.602148][ T427] vhci_hcd: connection reset by peer [ 1380.608775][ T479] overlayfs: missing 'lowerdir' [ 1380.608830][T32474] vhci_hcd vhci_hcd.2: stop threads [ 1380.608856][T32474] vhci_hcd vhci_hcd.2: release socket [ 1380.608947][T32474] vhci_hcd vhci_hcd.2: disconnect device [ 1380.641616][ T423] vhci_hcd: connection closed [ 1380.664625][T32474] vhci_hcd vhci_hcd.2: stop threads [ 1380.664665][T32474] vhci_hcd vhci_hcd.2: release socket [ 1380.664752][T32474] vhci_hcd vhci_hcd.2: disconnect device [ 1380.924824][ T496] netlink: 3724 bytes leftover after parsing attributes in process `syz.4.10964'. [ 1381.278041][T22580] usb 3-1: new full-speed USB device number 66 using dummy_hcd [ 1381.434782][T22580] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1381.435587][T22580] usb 3-1: not running at top speed; connect to a high speed hub [ 1381.437140][T22580] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid maxpacket 1024, setting to 1023 [ 1381.437192][T22580] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 143, changing to 4 [ 1381.441191][T22580] usb 3-1: New USB device found, idVendor=0763, idProduct=2003, bcdDevice= 0.40 [ 1381.441221][T22580] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1381.441240][T22580] usb 3-1: Product: syz [ 1381.441254][T22580] usb 3-1: Manufacturer: syz [ 1381.441267][T22580] usb 3-1: SerialNumber: syz [ 1381.740908][T22580] usb 3-1: 1:1 : format type 0 is detected, processed as PCM [ 1381.740941][T22580] usb 3-1: 1:1 : sample bitwidth 202 in over sample bytes 2 [ 1381.740967][T22580] usb 3-1: 1:1 : invalid UAC_FORMAT_TYPE desc [ 1381.741984][T22580] usb 3-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 1381.940526][T22580] usb 3-1: USB disconnect, device number 66 [ 1383.114223][ T526] udevd[526]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1383.248318][T23056] vhci_hcd vhci_hcd.2: vhci_device speed not set [ 1384.818394][ T5890] usb 3-1: new high-speed USB device number 67 using dummy_hcd [ 1384.978620][ T5890] usb 3-1: Using ep0 maxpacket: 16 [ 1384.980641][ T5890] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1384.980701][ T5890] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 1384.980913][ T5890] usb 3-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00 [ 1384.980940][ T5890] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1385.027454][ T5890] usb 3-1: config 0 descriptor?? [ 1385.043048][ T5890] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 1386.666267][T23056] usb 3-1: USB disconnect, device number 67 [ 1387.855409][ T636] netlink: 184 bytes leftover after parsing attributes in process `syz.3.11024'. [ 1387.855456][ T636] team_slave_0: entered allmulticast mode [ 1389.706842][ T674] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11042'. [ 1389.874773][ T680] netlink: 3724 bytes leftover after parsing attributes in process `syz.3.11045'. [ 1389.888991][T28741] usb 3-1: new high-speed USB device number 68 using dummy_hcd [ 1390.039016][T28741] usb 3-1: Using ep0 maxpacket: 32 [ 1390.042551][T28741] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1390.042604][T28741] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1390.042630][T28741] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1390.052966][T28741] usb 3-1: config 0 descriptor?? [ 1390.063173][T28741] hub 3-1:0.0: bad descriptor, ignoring hub [ 1390.063214][T28741] hub 3-1:0.0: probe with driver hub failed with error -5 [ 1390.066402][T28741] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 1390.948408][ T710] netlink: 3724 bytes leftover after parsing attributes in process `syz.3.11058'. [ 1392.371622][ T728] netlink: 176 bytes leftover after parsing attributes in process `syz.1.11063'. [ 1392.692923][ T740] netlink: 3724 bytes leftover after parsing attributes in process `syz.5.11069'. [ 1392.832437][T28737] usb 3-1: USB disconnect, device number 68 [ 1393.707587][ T773] netlink: 3724 bytes leftover after parsing attributes in process `syz.4.11085'. [ 1406.372034][ T912] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11133'. [ 1420.650867][ T1108] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.11188'. [ 1421.704197][ T5890] IPVS: starting estimator thread 0... [ 1421.796885][ T1114] IPVS: using max 10 ests per chain, 24000 per kthread [ 1422.864499][ T1128] overlayfs: failed to clone upperpath [ 1422.933376][ T1132] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1422.933604][ T1132] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1423.089472][ T1142] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.11200'. [ 1423.489161][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 1423.489215][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 1425.486945][ T1168] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1425.487049][ T1168] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1425.582392][ T1173] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.11211'. [ 1428.477367][ T1244] tipc: Started in network mode [ 1428.477402][ T1244] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 1428.477781][ T1244] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 1428.481992][ T1244] tipc: Enabled bearer , priority 10 [ 1428.493284][ T5940] usb 3-1: new high-speed USB device number 69 using dummy_hcd [ 1428.804585][ T5940] usb 3-1: Using ep0 maxpacket: 16 [ 1428.807355][ T5940] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1428.807414][ T5940] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1428.807461][ T5940] usb 3-1: New USB device found, idVendor=1532, idProduct=011b, bcdDevice= 0.00 [ 1428.807488][ T5940] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1428.866331][ T5940] usb 3-1: config 0 descriptor?? [ 1428.886332][ T5940] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 1429.493451][ T5940] tipc: Node number set to 1 [ 1431.376865][ T5940] usb 3-1: USB disconnect, device number 69 [ 1433.776933][ T1306] netlink: 60 bytes leftover after parsing attributes in process `syz.4.11259'. [ 1447.136994][ T1501] netlink: 8 bytes leftover after parsing attributes in process `syz.5.11326'. [ 1450.627894][ T1543] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11340'. [ 1456.616918][T28741] IPVS: starting estimator thread 0... [ 1456.860797][ T1593] IPVS: using max 13 ests per chain, 31200 per kthread [ 1458.503145][ T1625] fuse: Unknown parameter '0x0000000000000006' [ 1458.973244][ T1627] netlink: 24 bytes leftover after parsing attributes in process `syz.1.11370'. [ 1463.532091][ T1666] netlink: 24 bytes leftover after parsing attributes in process `syz.5.11383'. [ 1465.602059][ T1676] netlink: 'syz.3.11386': attribute type 1 has an invalid length. [ 1465.602078][ T1676] netlink: 2088 bytes leftover after parsing attributes in process `syz.3.11386'. [ 1465.602089][ T1676] netlink: 1 bytes leftover after parsing attributes in process `syz.3.11386'. [ 1468.044479][ T1696] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11390'. [ 1471.482276][ T1741] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11403'. [ 1477.879653][ T1814] tipc: Enabling of bearer rejected, already enabled [ 1477.910482][ T1813] netlink: 4560 bytes leftover after parsing attributes in process `syz.5.11428'. [ 1477.910517][ T1813] netlink: 4560 bytes leftover after parsing attributes in process `syz.5.11428'. [ 1478.842855][ T1832] netlink: 8 bytes leftover after parsing attributes in process `syz.5.11434'. [ 1479.487863][ T1837] netlink: 468 bytes leftover after parsing attributes in process `syz.5.11437'. [ 1480.430354][ T1865] netlink: 60 bytes leftover after parsing attributes in process `syz.4.11448'. [ 1482.010008][ T1876] netlink: 468 bytes leftover after parsing attributes in process `syz.1.11450'. [ 1482.063806][ T1877] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11451'. [ 1485.733025][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 1485.733115][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 1485.737060][ T36] IPVS: starting estimator thread 0... [ 1485.785167][ T1906] netlink: 60 bytes leftover after parsing attributes in process `syz.1.11461'. [ 1485.790670][ T1906] netlink: 60 bytes leftover after parsing attributes in process `syz.1.11461'. [ 1486.656657][ T1902] IPVS: using max 7 ests per chain, 16800 per kthread [ 1486.773991][ T5802] Bluetooth: hci3: unexpected cc 0x042e length: 1 < 7 [ 1486.774029][ T5802] Bluetooth: hci3: unexpected event for opcode 0x042e [ 1488.545664][ T1946] fuse: Unknown parameter '0x0000000000000006' [ 1490.904561][ T1986] tipc: Enabling of bearer rejected, already enabled [ 1491.268514][ T1998] netlink: 60 bytes leftover after parsing attributes in process `syz.5.11493'. [ 1491.275476][ T1998] netlink: 60 bytes leftover after parsing attributes in process `syz.5.11493'. [ 1491.323543][ T1975] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.11483'. [ 1491.816563][ T2004] netlink: 8 bytes leftover after parsing attributes in process `syz.5.11495'. [ 1492.733676][ T2022] fuse: Unknown parameter '0x0000000000000006' [ 1493.637024][ T2031] netlink: 48 bytes leftover after parsing attributes in process `syz.1.11504'. [ 1502.730899][ T2146] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11545'. [ 1504.225111][T28737] IPVS: starting estimator thread 0... [ 1504.951736][ T2160] IPVS: using max 6 ests per chain, 14400 per kthread [ 1507.939884][ T2217] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11564'. [ 1511.863126][ T2238] fuse: Unknown parameter '0x0000000000000006' [ 1512.415180][ T2243] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11574'. [ 1512.929990][ T2255] 9p: Bad value for 'rfdno' [ 1513.005256][ T2257] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11579'. [ 1515.414849][ T2276] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11588'. [ 1515.931015][ T2280] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11586'. [ 1517.478471][ T2289] fuse: Unknown parameter '0x0000000000000006' [ 1519.787533][ T2314] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11598'. [ 1519.846812][ T2313] netlink: 8 bytes leftover after parsing attributes in process `syz.5.11599'. [ 1521.056881][ T2322] 9p: Bad value for 'rfdno' [ 1525.627143][ T2384] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11621'. [ 1527.859266][ T2417] netlink: 8 bytes leftover after parsing attributes in process `syz.5.11640'. [ 1532.015854][ T5800] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1532.043484][ T5800] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1532.052220][ T5800] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1532.065480][ T5800] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1532.073258][ T5800] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1532.769382][ T2525] chnl_net:caif_netlink_parms(): no params data found [ 1533.203999][ T2525] bridge0: port 1(bridge_slave_0) entered blocking state [ 1533.216496][ T2525] bridge0: port 1(bridge_slave_0) entered disabled state [ 1533.216796][ T2525] bridge_slave_0: entered allmulticast mode [ 1533.226484][ T2525] bridge_slave_0: entered promiscuous mode [ 1533.230252][ T2525] bridge0: port 2(bridge_slave_1) entered blocking state [ 1533.235146][ T2525] bridge0: port 2(bridge_slave_1) entered disabled state [ 1533.235733][ T2525] bridge_slave_1: entered allmulticast mode [ 1533.244690][ T2525] bridge_slave_1: entered promiscuous mode [ 1533.326449][ T2525] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1533.332396][ T2525] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1533.421398][ T2525] team0: Port device team_slave_0 added [ 1533.431749][ T2525] team0: Port device team_slave_1 added [ 1533.499206][ T2525] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1533.499226][ T2525] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1533.499255][ T2525] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1533.501896][ T2525] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1533.501911][ T2525] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1533.501938][ T2525] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1538.231161][ T5802] Bluetooth: hci5: command tx timeout [ 1540.313719][ T5800] Bluetooth: hci5: command tx timeout [ 1540.563695][ T2525] hsr_slave_0: entered promiscuous mode [ 1540.565194][ T2525] hsr_slave_1: entered promiscuous mode [ 1540.581908][ T2525] debugfs: 'hsr0' already exists in 'hsr' [ 1540.581937][ T2525] Cannot create hsr debugfs directory [ 1540.625416][ T5801] usb 3-1: new high-speed USB device number 70 using dummy_hcd [ 1540.795508][ T5801] usb 3-1: Using ep0 maxpacket: 16 [ 1540.813431][ T5801] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1540.813467][ T5801] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1540.813489][ T5801] usb 3-1: Product: syz [ 1540.813504][ T5801] usb 3-1: Manufacturer: syz [ 1540.813520][ T5801] usb 3-1: SerialNumber: syz [ 1540.875190][ T5801] r8152-cfgselector 3-1: Unknown version 0x0000 [ 1540.875220][ T5801] r8152-cfgselector 3-1: config 0 descriptor?? [ 1541.120633][ T5801] r8152-cfgselector 3-1: Needed 1 retries to read version [ 1542.795147][ T5800] Bluetooth: hci5: command tx timeout [ 1543.290777][ T2705] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11725'. [ 1544.821826][ T5890] r8152-cfgselector 3-1: USB disconnect, device number 70 [ 1544.855890][ T5800] Bluetooth: hci5: command tx timeout [ 1546.452218][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 1546.452303][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 1546.950369][ T2763] netlink: 8 bytes leftover after parsing attributes in process `syz.5.11737'. [ 1546.996797][ T6354] bridge_slave_1: left allmulticast mode [ 1546.996834][ T6354] bridge_slave_1: left promiscuous mode [ 1546.997217][ T6354] bridge0: port 2(bridge_slave_1) entered disabled state [ 1547.119121][T23056] usb 3-1: new high-speed USB device number 71 using dummy_hcd [ 1547.312635][ T6354] bridge_slave_0: left promiscuous mode [ 1547.317261][ T6354] bridge0: port 1(bridge_slave_0) entered disabled state [ 1547.326252][T23056] usb 3-1: Using ep0 maxpacket: 32 [ 1547.334341][T23056] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1547.334376][T23056] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1547.334400][T23056] usb 3-1: Product: syz [ 1547.334416][T23056] usb 3-1: Manufacturer: syz [ 1547.334433][T23056] usb 3-1: SerialNumber: syz [ 1549.329499][T23056] usblp 3-1:1.0: usblp0: USB Bidirectional printer dev 71 if 0 alt 0 proto 2 vid 0x0525 pid 0xA4A8 [ 1549.355347][T23056] usb 3-1: USB disconnect, device number 71 [ 1549.372248][T23056] usblp0: removed [ 1552.101480][ T2819] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11750'. [ 1554.469309][ T6354] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1554.551379][ T6354] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1554.698247][ T6354] bond0 (unregistering): Released all slaves [ 1554.878434][ T2854] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11760'. [ 1558.978739][ T6354] tipc: Disabling bearer [ 1558.979501][ T6354] tipc: Left network mode [ 1559.131124][ T2901] netlink: 60 bytes leftover after parsing attributes in process `syz.1.11770'. [ 1559.131989][ T2901] netlink: 60 bytes leftover after parsing attributes in process `syz.1.11770'. [ 1560.214232][ T2905] netlink: 8 bytes leftover after parsing attributes in process `syz.5.11771'. [ 1560.879886][ T2924] netlink: 212348 bytes leftover after parsing attributes in process `syz.3.11775'. [ 1562.891633][ T2943] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11779'. [ 1565.820716][ T2960] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11783'. [ 1565.994536][ T2964] netlink: 212348 bytes leftover after parsing attributes in process `syz.1.11785'. [ 1568.040901][ T2971] tipc: Enabling of bearer rejected, already enabled [ 1568.412868][ T2995] netlink: 8 bytes leftover after parsing attributes in process `syz.5.11793'. [ 1570.483665][ T3002] netlink: 212348 bytes leftover after parsing attributes in process `syz.1.11796'. [ 1570.880963][ T6354] hsr_slave_0: left promiscuous mode [ 1570.922448][ T6354] hsr_slave_1: left promiscuous mode [ 1570.923563][ T6354] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1570.969738][ T6354] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1576.641109][ T6354] team0 (unregistering): Port device team_slave_1 removed [ 1577.155377][ T6354] team0 (unregistering): Port device C removed [ 1577.788959][ T3008] netlink: 60 bytes leftover after parsing attributes in process `syz.3.11799'. [ 1577.799404][ T3018] tipc: Enabling of bearer rejected, already enabled [ 1578.141774][ T2525] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1580.150431][ T2525] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1580.237853][ T2525] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1581.354822][ T3091] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 1581.355660][ T3091] tipc: Enabled bearer , priority 10 [ 1581.355739][ T3089] netlink: 60 bytes leftover after parsing attributes in process `syz.5.11822'. [ 1581.360429][ T2525] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1583.364728][ T2525] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1583.387550][ T2525] 8021q: adding VLAN 0 to HW filter on device team0 [ 1583.428388][ T37] audit: type=1326 audit(1772374591.649:4598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3114 comm="syz.5.11828" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f213e76c799 code=0x0 [ 1583.579073][T21012] bridge0: port 1(bridge_slave_0) entered blocking state [ 1583.579229][T21012] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1583.583433][T21012] bridge0: port 2(bridge_slave_1) entered blocking state [ 1583.583600][T21012] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1583.793337][ T3135] netlink: 20 bytes leftover after parsing attributes in process `syz.2.11833'. [ 1585.121605][ T37] audit: type=1326 audit(1772374593.319:4599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3134 comm="syz.2.11833" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f27883bc799 code=0x0 [ 1585.364129][ T6354] IPVS: stop unused estimator thread 0... [ 1587.050922][ T3165] tipc: Enabling of bearer rejected, already enabled [ 1587.051934][ T3163] netlink: 60 bytes leftover after parsing attributes in process `syz.5.11837'. [ 1587.056766][ T3163] netlink: 60 bytes leftover after parsing attributes in process `syz.5.11837'. [ 1587.641525][ T2525] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1588.178432][ T3198] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.11847'. [ 1588.440903][ T3202] netlink: 60 bytes leftover after parsing attributes in process `syz.3.11848'. [ 1588.442001][ T3202] netlink: 60 bytes leftover after parsing attributes in process `syz.3.11848'. [ 1588.786221][ T3212] tipc: Enabling of bearer rejected, already enabled [ 1589.364298][ T3217] overlayfs: missing 'lowerdir' [ 1589.660102][ T2525] veth0_vlan: entered promiscuous mode [ 1589.733961][ T2525] veth1_vlan: entered promiscuous mode [ 1589.881744][ T2525] veth0_macvtap: entered promiscuous mode [ 1589.888017][ T2525] veth1_macvtap: entered promiscuous mode [ 1589.959716][ T2525] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1589.991540][ T2525] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1590.016037][T13087] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1590.018643][ T6352] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1590.056652][ T6352] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1590.057013][ T6352] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1590.136527][ T3238] netlink: 60 bytes leftover after parsing attributes in process `syz.5.11859'. [ 1590.268482][ T3238] netlink: 60 bytes leftover after parsing attributes in process `syz.5.11859'. [ 1590.268782][ T3242] tipc: Enabling of bearer rejected, already enabled [ 1590.957278][ T6354] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1590.957305][ T6354] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1592.183663][ T3265] netlink: 44 bytes leftover after parsing attributes in process `syz.1.11867'. [ 1592.502584][ T3272] tipc: Enabling of bearer rejected, already enabled [ 1592.867866][ T5802] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1592.905996][ T5802] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1592.925060][ T5802] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1592.949776][ T5802] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1592.950679][ T5802] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1595.340311][ T5802] Bluetooth: hci0: command tx timeout [ 1596.523353][T21012] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1597.958802][ T5802] Bluetooth: hci0: command tx timeout [ 1598.600817][T21012] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1599.199748][T21012] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1600.409726][ T5802] Bluetooth: hci0: command tx timeout [ 1600.684918][T21012] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1600.777189][ T3280] chnl_net:caif_netlink_parms(): no params data found [ 1601.084987][ T3280] bridge0: port 1(bridge_slave_0) entered blocking state [ 1601.085238][ T3280] bridge0: port 1(bridge_slave_0) entered disabled state [ 1601.085461][ T3280] bridge_slave_0: entered allmulticast mode [ 1601.110836][ T3280] bridge_slave_0: entered promiscuous mode [ 1601.127022][ T3280] bridge0: port 2(bridge_slave_1) entered blocking state [ 1601.134735][ T3280] bridge0: port 2(bridge_slave_1) entered disabled state [ 1601.135016][ T3280] bridge_slave_1: entered allmulticast mode [ 1601.155020][ T3280] bridge_slave_1: entered promiscuous mode [ 1601.353213][ T3280] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1601.708155][ T3280] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1602.479517][ T5802] Bluetooth: hci0: command tx timeout [ 1604.763073][ T3280] team0: Port device team_slave_0 added [ 1604.778301][ T3280] team0: Port device team_slave_1 added [ 1605.120144][T21012] bridge_slave_1: left allmulticast mode [ 1605.120180][T21012] bridge_slave_1: left promiscuous mode [ 1605.120452][T21012] bridge0: port 2(bridge_slave_1) entered disabled state [ 1605.197806][T21012] bridge_slave_0: left allmulticast mode [ 1605.197843][T21012] bridge_slave_0: left promiscuous mode [ 1605.198190][T21012] bridge0: port 1(bridge_slave_0) entered disabled state [ 1606.597357][ T3453] fuse: Unknown parameter 'group_i00000000000000000000' [ 1607.831505][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 1607.831586][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 1609.954328][T21012] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1610.046926][T21012] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1610.086639][T21012] bond0 (unregistering): Released all slaves [ 1610.124180][ T3280] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1610.124201][ T3280] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1610.124232][ T3280] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1610.154114][ T3474] netlink: 60 bytes leftover after parsing attributes in process `syz.3.11929'. [ 1610.168954][ T3280] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1610.168972][ T3280] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1610.168998][ T3280] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1610.234957][ T3475] netlink: 60 bytes leftover after parsing attributes in process `syz.3.11929'. [ 1610.425461][ T3280] hsr_slave_0: entered promiscuous mode [ 1610.426405][ T3280] hsr_slave_1: entered promiscuous mode [ 1610.427001][ T3280] debugfs: 'hsr0' already exists in 'hsr' [ 1610.427019][ T3280] Cannot create hsr debugfs directory [ 1614.596695][ T3522] netlink: 60 bytes leftover after parsing attributes in process `syz.2.11940'. [ 1614.641088][ T3525] netlink: 60 bytes leftover after parsing attributes in process `syz.2.11940'. [ 1615.222719][T21012] hsr_slave_0: left promiscuous mode [ 1615.551407][T21012] hsr_slave_1: left promiscuous mode [ 1615.552719][T21012] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1615.552750][T21012] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1615.591312][T21012] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1615.591340][T21012] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1617.266296][T21012] veth1_macvtap: left promiscuous mode [ 1617.266417][T21012] veth0_macvtap: left promiscuous mode [ 1617.266696][T21012] veth1_vlan: left promiscuous mode [ 1617.266904][T21012] veth0_vlan: left promiscuous mode [ 1619.309207][T21012] team0 (unregistering): Port device team_slave_1 removed [ 1619.358833][T21012] team0 (unregistering): Port device team_slave_0 removed [ 1619.622574][ T3571] netlink: 60 bytes leftover after parsing attributes in process `syz.5.11953'. [ 1619.706300][ T3572] netlink: 60 bytes leftover after parsing attributes in process `syz.5.11953'. [ 1625.840696][ T3280] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1625.886266][ T3280] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1625.983892][ T3280] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1626.564198][ T3280] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1628.210194][ T3280] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1628.289620][ T3280] 8021q: adding VLAN 0 to HW filter on device team0 [ 1628.340090][ T1488] bridge0: port 1(bridge_slave_0) entered blocking state [ 1628.340405][ T1488] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1628.529529][T21012] bridge0: port 2(bridge_slave_1) entered blocking state [ 1628.529681][T21012] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1628.769410][ T37] audit: type=1326 audit(1772374892.975:4600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3706 comm="syz.1.11993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f860b40c799 code=0x7ffc0000 [ 1628.769469][ T37] audit: type=1326 audit(1772374892.985:4601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3706 comm="syz.1.11993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f860b40c799 code=0x7ffc0000 [ 1628.769517][ T37] audit: type=1326 audit(1772374892.985:4602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3706 comm="syz.1.11993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f860b40c799 code=0x7ffc0000 [ 1628.769566][ T37] audit: type=1326 audit(1772374892.985:4603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3706 comm="syz.1.11993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f860b40c799 code=0x7ffc0000 [ 1628.769617][ T37] audit: type=1326 audit(1772374892.985:4604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3706 comm="syz.1.11993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f860b40c799 code=0x7ffc0000 [ 1628.769665][ T37] audit: type=1326 audit(1772374892.985:4605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3706 comm="syz.1.11993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f860b40c799 code=0x7ffc0000 [ 1628.769712][ T37] audit: type=1326 audit(1772374892.985:4606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3706 comm="syz.1.11993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f860b40c799 code=0x7ffc0000 [ 1628.769760][ T37] audit: type=1326 audit(1772374892.985:4607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3706 comm="syz.1.11993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f860b40c799 code=0x7ffc0000 [ 1628.769806][ T37] audit: type=1326 audit(1772374892.985:4608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3706 comm="syz.1.11993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f860b40c799 code=0x7ffc0000 [ 1628.769861][ T37] audit: type=1326 audit(1772374892.985:4609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3706 comm="syz.1.11993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f860b40c799 code=0x7ffc0000 [ 1631.815393][ T3280] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1632.565327][ T3763] tipc: Enabling of bearer rejected, already enabled [ 1637.644249][ T3811] tipc: Enabling of bearer rejected, already enabled [ 1637.688322][ T3280] veth0_vlan: entered promiscuous mode [ 1637.726014][ T3280] veth1_vlan: entered promiscuous mode [ 1638.066393][ T3280] veth0_macvtap: entered promiscuous mode [ 1638.080553][ T3280] veth1_macvtap: entered promiscuous mode [ 1638.512487][ T3825] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12019'. [ 1638.539858][ T3825] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12019'. [ 1638.812237][ T3280] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1638.891786][ T3280] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1638.944527][ T3427] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1638.944910][ T3427] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1638.945176][ T3427] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1638.946634][ T3427] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1639.655788][T13087] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1639.655816][T13087] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1640.030518][T32474] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1640.030547][T32474] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1643.505662][ T5800] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1643.534892][ T5800] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1643.537249][ T5800] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1643.538394][ T5800] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1643.539175][ T5800] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1645.885356][ T5800] Bluetooth: hci2: command tx timeout [ 1646.076691][T13087] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1646.280403][ T3896] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.12039'. [ 1647.669166][T13087] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1647.954839][ T5800] Bluetooth: hci2: command tx timeout [ 1650.035943][ T5800] Bluetooth: hci2: command tx timeout [ 1650.213434][T13087] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1651.903907][T13087] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1652.111800][ T5802] Bluetooth: hci2: command tx timeout [ 1652.575430][ T3867] chnl_net:caif_netlink_parms(): no params data found [ 1654.763719][T13087] bridge_slave_1: left allmulticast mode [ 1654.763752][T13087] bridge_slave_1: left promiscuous mode [ 1654.764029][T13087] bridge0: port 2(bridge_slave_1) entered disabled state [ 1654.861436][T13087] bridge_slave_0: left allmulticast mode [ 1654.861459][T13087] bridge_slave_0: left promiscuous mode [ 1654.861661][T13087] bridge0: port 1(bridge_slave_0) entered disabled state [ 1656.229818][T22580] usb 3-1: new high-speed USB device number 72 using dummy_hcd [ 1656.260301][T13087] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1656.360437][T13087] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1656.385229][T22580] usb 3-1: Using ep0 maxpacket: 32 [ 1656.387129][T22580] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 1656.387148][T22580] usb 3-1: config 0 has no interface number 0 [ 1656.411893][T22580] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 1656.411916][T22580] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1656.411928][T22580] usb 3-1: Product: syz [ 1656.411937][T22580] usb 3-1: Manufacturer: syz [ 1656.411946][T22580] usb 3-1: SerialNumber: syz [ 1656.470141][T22580] usb 3-1: config 0 descriptor?? [ 1656.474601][T13087] bond0 (unregistering): Released all slaves [ 1656.936707][T13087] tipc: Disabling bearer [ 1656.936972][T13087] tipc: Left network mode [ 1656.978382][T22580] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 1656.978417][T22580] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 1657.081246][ T3867] bridge0: port 1(bridge_slave_0) entered blocking state [ 1657.081389][ T3867] bridge0: port 1(bridge_slave_0) entered disabled state [ 1657.081637][ T3867] bridge_slave_0: entered allmulticast mode [ 1657.084394][ T3867] bridge_slave_0: entered promiscuous mode [ 1657.087283][ T3867] bridge0: port 2(bridge_slave_1) entered blocking state [ 1657.087412][ T3867] bridge0: port 2(bridge_slave_1) entered disabled state [ 1657.087585][ T3867] bridge_slave_1: entered allmulticast mode [ 1657.106936][ T3867] bridge_slave_1: entered promiscuous mode [ 1657.340445][T22580] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61 [ 1657.340815][T22580] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -61 [ 1657.683187][ T3867] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1657.687264][ T3867] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1657.840859][ T4000] overlay: Unknown parameter 'fowner' [ 1657.904787][ T3867] team0: Port device team_slave_0 added [ 1657.907281][ T3867] team0: Port device team_slave_1 added [ 1658.034692][ T4003] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12066'. [ 1658.553660][ T3867] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1658.553681][ T3867] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1658.553712][ T3867] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1658.690837][ T3867] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1658.690859][ T3867] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1658.690890][ T3867] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1659.036637][T22580] usb 3-1: USB disconnect, device number 72 [ 1659.570147][ T3867] hsr_slave_0: entered promiscuous mode [ 1659.571670][ T3867] hsr_slave_1: entered promiscuous mode [ 1659.591328][ T3867] debugfs: 'hsr0' already exists in 'hsr' [ 1659.591359][ T3867] Cannot create hsr debugfs directory [ 1659.952317][ T4037] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1660.234391][ T4044] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12077'. [ 1661.154993][ T4051] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1661.165183][ T4051] batadv_slave_0: entered promiscuous mode [ 1665.744945][T13087] hsr_slave_0: left promiscuous mode [ 1665.765002][T13087] hsr_slave_1: left promiscuous mode [ 1665.766194][T13087] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1665.766222][T13087] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1665.796090][T13087] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1665.796118][T13087] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1665.870232][T13087] veth1_macvtap: left promiscuous mode [ 1665.870353][T13087] veth0_macvtap: left promiscuous mode [ 1665.870638][T13087] veth1_vlan: left promiscuous mode [ 1665.870846][T13087] veth0_vlan: left promiscuous mode [ 1667.247686][T13087] team0 (unregistering): Port device 12 removed [ 1667.344963][T13087] team0 (unregistering): Port device team_slave_0 removed [ 1667.995499][ T4117] netlink: 108 bytes leftover after parsing attributes in process `syz.4.12098'. [ 1667.995524][ T4117] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12098'. [ 1669.236499][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 1669.236580][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 1672.831440][ T993] usb 5-1: new high-speed USB device number 56 using dummy_hcd [ 1673.003623][ T993] usb 5-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 1673.003658][ T993] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1673.003679][ T993] usb 5-1: Product: syz [ 1673.003695][ T993] usb 5-1: Manufacturer: syz [ 1673.003710][ T993] usb 5-1: SerialNumber: syz [ 1673.056087][ T993] r8152-cfgselector 5-1: Unknown version 0x0000 [ 1673.056115][ T993] r8152-cfgselector 5-1: config 0 descriptor?? [ 1673.458982][ T3867] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1673.514390][ T993] r8152-cfgselector 5-1: Needed 1 retries to read version [ 1673.514451][ T993] r8152-cfgselector 5-1: Unknown version 0x00c0 [ 1673.560663][ T993] r8152-cfgselector 5-1: bad CDC descriptors [ 1673.607449][ T4175] overlayfs: missing 'lowerdir' [ 1673.756447][T23056] r8152-cfgselector 5-1: USB disconnect, device number 56 [ 1673.995744][ T3867] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1674.166701][ T3867] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1674.281845][ T3867] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1674.483603][T13087] IPVS: stop unused estimator thread 0... [ 1675.334965][ T3867] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1675.455414][ T3867] 8021q: adding VLAN 0 to HW filter on device team0 [ 1675.559730][T21012] bridge0: port 1(bridge_slave_0) entered blocking state [ 1675.617800][T21012] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1675.745250][ T3427] bridge0: port 2(bridge_slave_1) entered blocking state [ 1675.745398][ T3427] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1677.629869][ T5801] usb 5-1: new high-speed USB device number 57 using dummy_hcd [ 1677.779129][ T5801] usb 5-1: Using ep0 maxpacket: 16 [ 1677.786066][ T5801] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1677.786105][ T5801] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1677.786130][ T5801] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1677.786188][ T5801] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1677.786213][ T5801] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1677.870969][ T5801] usb 5-1: config 0 descriptor?? [ 1678.576818][ T5801] usbhid 5-1:0.0: can't add hid device: -71 [ 1678.576954][ T5801] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1678.653388][ T5801] usb 5-1: USB disconnect, device number 57 [ 1679.123899][ T3867] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1680.472843][ T4263] batadv_slave_1: entered promiscuous mode [ 1680.480901][ T4263] macsec1: entered promiscuous mode [ 1680.482532][ T4263] macsec1: entered allmulticast mode [ 1680.482577][ T4263] batadv_slave_1: entered allmulticast mode [ 1681.030023][ T4263] batadv_slave_1: left allmulticast mode [ 1681.030290][ T4263] batadv_slave_1: left promiscuous mode [ 1682.071038][ T3867] veth0_vlan: entered promiscuous mode [ 1682.140383][ T3867] veth1_vlan: entered promiscuous mode [ 1682.450166][ T5800] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1682.476946][ T5800] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1682.481757][ T5800] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1682.496232][ T5800] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1682.509045][ T5800] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1682.724970][ T3867] veth0_macvtap: entered promiscuous mode [ 1682.782719][ T3867] veth1_macvtap: entered promiscuous mode [ 1683.042001][ T3867] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1683.327231][ T3867] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1684.410495][ T138] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1684.464037][ T138] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1684.520024][ T138] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1684.545602][ T138] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1684.578913][ T5802] Bluetooth: hci5: command tx timeout [ 1685.870893][ T91] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1685.870918][ T91] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1686.654491][ T5802] Bluetooth: hci5: command tx timeout [ 1688.733497][ T5802] Bluetooth: hci5: command tx timeout [ 1690.399058][ T138] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1690.642907][ T4285] chnl_net:caif_netlink_parms(): no params data found [ 1690.822401][ T5802] Bluetooth: hci5: command tx timeout [ 1690.823103][T13087] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1690.823121][T13087] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1694.858836][ T138] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1696.527950][ T138] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1696.669755][ T4398] overlayfs: failed to clone lowerpath [ 1698.133640][ T4285] bridge0: port 1(bridge_slave_0) entered blocking state [ 1698.133789][ T4285] bridge0: port 1(bridge_slave_0) entered disabled state [ 1698.134059][ T4285] bridge_slave_0: entered allmulticast mode [ 1698.145105][ T4285] bridge_slave_0: entered promiscuous mode [ 1698.387173][ T4285] bridge0: port 2(bridge_slave_1) entered blocking state [ 1698.387358][ T4285] bridge0: port 2(bridge_slave_1) entered disabled state [ 1698.387623][ T4285] bridge_slave_1: entered allmulticast mode [ 1698.412591][ T4285] bridge_slave_1: entered promiscuous mode [ 1698.481719][ T4285] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1698.486114][ T4285] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1698.635225][ T4285] team0: Port device team_slave_0 added [ 1698.674291][ T4418] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12171'. [ 1699.207126][ T138] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1699.308394][ T4285] team0: Port device team_slave_1 added [ 1700.272469][ T4285] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1700.272492][ T4285] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1700.272521][ T4285] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1700.276252][ T4285] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1700.276271][ T4285] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1700.276302][ T4285] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1700.863999][ T4285] hsr_slave_0: entered promiscuous mode [ 1700.865644][ T4285] hsr_slave_1: entered promiscuous mode [ 1700.866702][ T4285] debugfs: 'hsr0' already exists in 'hsr' [ 1700.866730][ T4285] Cannot create hsr debugfs directory [ 1702.320887][ T4443] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 1705.649184][ T138] bridge_slave_1: left allmulticast mode [ 1705.735244][ T138] bridge_slave_1: left promiscuous mode [ 1705.857776][ T138] bridge0: port 2(bridge_slave_1) entered disabled state [ 1706.346372][ T138] bridge_slave_0: left allmulticast mode [ 1706.346397][ T138] bridge_slave_0: left promiscuous mode [ 1706.346601][ T138] bridge0: port 1(bridge_slave_0) entered disabled state [ 1708.545223][ T138] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1709.574110][ T138] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1710.467470][ T138] bond0 (unregistering): Released all slaves [ 1713.115067][ T138] tipc: Disabling bearer [ 1713.115338][ T138] tipc: Left network mode [ 1717.359291][ T5802] Bluetooth: hci0: command 0x0406 tx timeout [ 1720.654788][ T4285] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1721.336669][ T4285] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1721.402310][ T4285] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1721.596247][ T4285] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1722.094396][ T138] hsr_slave_0: left promiscuous mode [ 1722.143316][ T138] hsr_slave_1: left promiscuous mode [ 1722.144096][ T138] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1722.144124][ T138] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1722.236999][ T138] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1722.237034][ T138] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1722.328825][ T138] veth1_macvtap: left promiscuous mode [ 1722.328899][ T138] veth0_macvtap: left promiscuous mode [ 1722.329056][ T138] veth1_vlan: left promiscuous mode [ 1722.329172][ T138] veth0_vlan: left promiscuous mode [ 1724.967337][ T138] team0 (unregistering): Port device 12 removed [ 1725.026144][ T138] team0 (unregistering): Port device team_slave_0 removed [ 1725.067269][ T4592] 9p: Bad value for 'rfdno' [ 1726.172933][ T4285] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1726.389488][ T4285] 8021q: adding VLAN 0 to HW filter on device team0 [ 1726.455394][ T3426] bridge0: port 1(bridge_slave_0) entered blocking state [ 1726.455549][ T3426] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1726.466249][T21016] bridge0: port 2(bridge_slave_1) entered blocking state [ 1726.467095][T21016] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1729.462249][ T138] IPVS: stop unused estimator thread 0... [ 1730.707511][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 1730.707594][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 1731.704566][ T4285] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1731.924970][ T4650] 9p: Bad value for 'rfdno' [ 1733.520775][ T4667] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12236'. [ 1733.883912][ T4660] erofs (device nbd5): cannot find valid erofs superblock [ 1734.973092][ T4285] veth0_vlan: entered promiscuous mode [ 1735.303063][ T4285] veth1_vlan: entered promiscuous mode [ 1735.877415][ T4285] veth0_macvtap: entered promiscuous mode [ 1735.961437][ T4285] veth1_macvtap: entered promiscuous mode [ 1736.175778][ T4285] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1736.201687][ T4285] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1736.288245][T21012] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1736.288485][T21012] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1736.288695][T21012] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1736.288951][T21012] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1737.918600][ T4705] 9p: Bad value for 'rfdno' [ 1738.609101][ T6807] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1738.609127][ T6807] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1740.215138][ T6807] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1740.215155][ T6807] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1741.876855][ T36] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 1742.029202][ T36] usb 6-1: config 0 has an invalid interface number: 117 but max is 0 [ 1742.029237][ T36] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1742.029259][ T36] usb 6-1: config 0 has no interface number 0 [ 1742.029313][ T36] usb 6-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 1742.029339][ T36] usb 6-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1743.264355][ T36] usb 6-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 1743.264393][ T36] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1743.264415][ T36] usb 6-1: Product: syz [ 1743.264431][ T36] usb 6-1: Manufacturer: syz [ 1743.264448][ T36] usb 6-1: SerialNumber: syz [ 1743.340484][ T36] usb 6-1: config 0 descriptor?? [ 1743.886344][ T36] usb 6-1: USB disconnect, device number 6 [ 1745.492600][ T5802] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1745.536050][ T5802] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1745.567820][ T5802] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1745.569334][ T4760] 9p: Bad value for 'rfdno' [ 1745.584428][ T5802] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1745.609278][ T5802] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1746.940832][ T4778] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12260'. [ 1747.751999][ T5800] Bluetooth: hci4: command tx timeout [ 1749.823306][ T5800] Bluetooth: hci4: command tx timeout [ 1750.531946][ T6352] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1751.911926][ T5800] Bluetooth: hci4: command tx timeout [ 1754.395111][ T4827] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12271'. [ 1754.751481][ T5800] Bluetooth: hci4: command tx timeout [ 1755.128607][ T6352] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1756.839032][ T6352] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1759.211616][ T6352] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1760.620335][ T4756] chnl_net:caif_netlink_parms(): no params data found [ 1763.674146][ T6352] bridge_slave_1: left allmulticast mode [ 1763.674182][ T6352] bridge_slave_1: left promiscuous mode [ 1763.674489][ T6352] bridge0: port 2(bridge_slave_1) entered disabled state [ 1763.997827][ T6352] bridge_slave_0: left allmulticast mode [ 1763.997863][ T6352] bridge_slave_0: left promiscuous mode [ 1763.998157][ T6352] bridge0: port 1(bridge_slave_0) entered disabled state [ 1768.921048][ T5802] Bluetooth: hci2: command 0x0406 tx timeout [ 1768.943987][ T6352] ODEBUG: Out of memory. ODEBUG disabled [ 1769.304795][ T6352] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1769.383829][ T6352] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1769.415095][ T6352] bond0 (unregistering): Released all slaves [ 1770.047452][ T4756] bridge0: port 1(bridge_slave_0) entered blocking state [ 1770.047681][ T4756] bridge0: port 1(bridge_slave_0) entered disabled state [ 1770.047944][ T4756] bridge_slave_0: entered allmulticast mode [ 1771.052269][ T4756] bridge_slave_0: entered promiscuous mode [ 1771.084456][ T6352] tipc: Disabling bearer [ 1771.084609][ T6352] tipc: Left network mode [ 1771.085793][ T4756] bridge0: port 2(bridge_slave_1) entered blocking state [ 1771.090986][ T4756] bridge0: port 2(bridge_slave_1) entered disabled state [ 1771.091251][ T4756] bridge_slave_1: entered allmulticast mode [ 1771.184921][ T4756] bridge_slave_1: entered promiscuous mode [ 1771.533138][ T4756] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1771.602318][ T4756] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1771.730510][ T4756] team0: Port device team_slave_0 added [ 1771.859570][ T4756] team0: Port device team_slave_1 added [ 1771.987096][ C0] ------------[ cut here ]------------ [ 1771.987132][ C0] 1 [ 1771.987140][ C0] WARNING: kernel/time/timer.c:716 at stub_timer+0xa/0x20, CPU#0: ktimers/0/16 [ 1771.987200][ C0] Modules linked in: [ 1771.987245][ C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1771.987286][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1771.987320][ C0] RIP: 0010:stub_timer+0xa/0x20 [ 1771.987372][ C0] Code: 0f 94 c0 5b 41 5e e9 05 2d 75 09 cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa e8 f7 bc 13 00 90 <0f> 0b 90 c3 cc cc cc cc cc 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 [ 1771.987408][ C0] RSP: 0000:ffffc90000157a38 EFLAGS: 00010246 [ 1771.987447][ C0] RAX: ffffffff81b09639 RBX: 0000000080000000 RCX: ffff88801caa0000 [ 1771.987482][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100 [ 1771.987516][ C0] RBP: ffffc90000157b30 R08: 0000000000000000 R09: 0000000000000100 [ 1771.987550][ C0] R10: dffffc0000000000 R11: ffffffff81b09630 R12: 0000000000000000 [ 1771.987585][ C0] R13: 0000000100023e28 R14: 1ffff9200002af4c R15: ffff88805cca46e8 [ 1771.987601][ C0] FS: 0000000000000000(0000) GS:ffff888126340000(0000) knlGS:0000000000000000 [ 1771.987638][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1771.987673][ C0] CR2: 00007efcbfee9e80 CR3: 0000000036c24000 CR4: 00000000003526f0 [ 1771.987712][ C0] Call Trace: [ 1771.987740][ C0] [ 1771.987769][ C0] call_timer_fn+0x192/0x640 [ 1771.987814][ C0] ? __pfx_stub_timer+0x10/0x10 [ 1771.987852][ C0] ? call_timer_fn+0xd4/0x640 [ 1771.987895][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 1771.987934][ C0] ? do_raw_spin_lock+0x12b/0x2f0 [ 1771.988017][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 1771.988068][ C0] ? __pfx_stub_timer+0x10/0x10 [ 1771.988111][ C0] __run_timer_base+0x6a3/0x9f0 [ 1771.988210][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 1771.988270][ C0] ? __pfx_run_timer_softirq+0x10/0x10 [ 1771.988329][ C0] run_timer_softirq+0xb7/0x170 [ 1771.988392][ C0] handle_softirqs+0x1de/0x6f0 [ 1771.988476][ C0] ? smpboot_thread_fn+0x4d/0xa50 [ 1771.988527][ C0] run_ktimerd+0x69/0x100 [ 1771.988579][ C0] smpboot_thread_fn+0x541/0xa50 [ 1771.988612][ C0] ? smpboot_thread_fn+0x4d/0xa50 [ 1771.988670][ C0] kthread+0x388/0x470 [ 1771.988713][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 1771.988762][ C0] ? __pfx_kthread+0x10/0x10 [ 1771.988806][ C0] ret_from_fork+0x51e/0xb90 [ 1771.988858][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 1771.988905][ C0] ? __switch_to+0xc7d/0x1450 [ 1771.988956][ C0] ? __pfx_kthread+0x10/0x10 [ 1771.989000][ C0] ret_from_fork_asm+0x1a/0x30 [ 1771.989098][ C0] [ 1771.989110][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1771.989128][ C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1771.989154][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1771.989166][ C0] Call Trace: [ 1771.989175][ C0] [ 1771.989185][ C0] vpanic+0x56c/0xa60 [ 1771.989220][ C0] ? __pfx__printk+0x10/0x10 [ 1771.989244][ C0] ? __pfx_vpanic+0x10/0x10 [ 1771.989276][ C0] ? is_bpf_text_address+0x292/0x2b0 [ 1771.989303][ C0] ? is_bpf_text_address+0x26/0x2b0 [ 1771.989506][ C0] panic+0xc5/0xd0 [ 1771.989553][ C0] ? __pfx_panic+0x10/0x10 [ 1771.989622][ C0] ? ret_from_fork_asm+0x1a/0x30 [ 1771.989653][ C0] __warn+0x315/0x4f0 [ 1771.989691][ C0] ? stub_timer+0xa/0x20 [ 1771.989714][ C0] ? stub_timer+0xa/0x20 [ 1771.989738][ C0] __report_bug+0x29a/0x540 [ 1771.989778][ C0] ? stub_timer+0xa/0x20 [ 1771.989800][ C0] ? __pfx___report_bug+0x10/0x10 [ 1771.989831][ C0] ? irqentry_exit+0x59e/0x620 [ 1771.989861][ C0] ? rcu_is_watching+0x15/0xb0 [ 1771.989894][ C0] ? stub_timer+0xc/0x20 [ 1771.989913][ C0] ? stub_timer+0xa/0x20 [ 1771.989936][ C0] ? stub_timer+0xa/0x20 [ 1771.989955][ C0] report_bug+0x16a/0x220 [ 1771.989982][ C0] ? stub_timer+0xa/0x20 [ 1771.989999][ C0] ? stub_timer+0xc/0x20 [ 1771.990018][ C0] handle_bug+0x98/0x200 [ 1771.990052][ C0] exc_invalid_op+0x1a/0x50 [ 1771.990086][ C0] asm_exc_invalid_op+0x1a/0x20 [ 1771.990109][ C0] RIP: 0010:stub_timer+0xa/0x20 [ 1771.990130][ C0] Code: 0f 94 c0 5b 41 5e e9 05 2d 75 09 cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa e8 f7 bc 13 00 90 <0f> 0b 90 c3 cc cc cc cc cc 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 [ 1771.990149][ C0] RSP: 0000:ffffc90000157a38 EFLAGS: 00010246 [ 1771.990172][ C0] RAX: ffffffff81b09639 RBX: 0000000080000000 RCX: ffff88801caa0000 [ 1771.990191][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100 [ 1771.990206][ C0] RBP: ffffc90000157b30 R08: 0000000000000000 R09: 0000000000000100 [ 1771.990222][ C0] R10: dffffc0000000000 R11: ffffffff81b09630 R12: 0000000000000000 [ 1771.990239][ C0] R13: 0000000100023e28 R14: 1ffff9200002af4c R15: ffff88805cca46e8 [ 1771.990265][ C0] ? __pfx_stub_timer+0x10/0x10 [ 1771.990290][ C0] ? stub_timer+0x9/0x20 [ 1771.990319][ C0] ? stub_timer+0x9/0x20 [ 1771.990336][ C0] call_timer_fn+0x192/0x640 [ 1771.990358][ C0] ? __pfx_stub_timer+0x10/0x10 [ 1771.990375][ C0] ? call_timer_fn+0xd4/0x640 [ 1771.990396][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 1771.990417][ C0] ? do_raw_spin_lock+0x12b/0x2f0 [ 1771.990463][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 1771.990497][ C0] ? __pfx_stub_timer+0x10/0x10 [ 1771.990521][ C0] __run_timer_base+0x6a3/0x9f0 [ 1771.990585][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 1771.990633][ C0] ? __pfx_run_timer_softirq+0x10/0x10 [ 1771.990675][ C0] run_timer_softirq+0xb7/0x170 [ 1771.990711][ C0] handle_softirqs+0x1de/0x6f0 [ 1771.990755][ C0] ? smpboot_thread_fn+0x4d/0xa50 [ 1771.990791][ C0] run_ktimerd+0x69/0x100 [ 1771.990824][ C0] smpboot_thread_fn+0x541/0xa50 [ 1771.990855][ C0] ? smpboot_thread_fn+0x4d/0xa50 [ 1771.990897][ C0] kthread+0x388/0x470 [ 1771.990921][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 1771.990950][ C0] ? __pfx_kthread+0x10/0x10 [ 1771.990977][ C0] ret_from_fork+0x51e/0xb90 [ 1771.991012][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 1771.991040][ C0] ? __switch_to+0xc7d/0x1450 [ 1771.991075][ C0] ? __pfx_kthread+0x10/0x10 [ 1771.991101][ C0] ret_from_fork_asm+0x1a/0x30 [ 1771.991145][ C0] [ 1771.991823][ C0] Kernel Offset: disabled