last executing test programs: 8.489260093s ago: executing program 1 (id=4327): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e78}, [@printk={@llx, {}, {}, {0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffff6}, {}, {}, {0x85, 0x0, 0x0, 0x10}}]}, &(0x7f0000000000)='GPL\x00', 0xd, 0xfe7, &(0x7f0000001e00)=""/4071, 0x0, 0x9}, 0x90) 8.271649383s ago: executing program 1 (id=4330): syz_open_procfs$namespace(0x0, 0x0) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xc, r0, 0x0, &(0x7f00000002c0)) inotify_init1(0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 8.095260352s ago: executing program 1 (id=4333): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) mkdirat(0xffffffffffffff9c, 0x0, 0x0) 6.960379191s ago: executing program 2 (id=4336): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000007c0)={{0x14}, [@NFT_MSG_DELSET={0x2c, 0xb, 0xa, 0x801, 0x0, 0x0, {0x2}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x54}}, 0x0) 6.731803256s ago: executing program 2 (id=4338): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) linkat(0xffffffffffffff9c, &(0x7f0000000200)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffffff, 0x0, 0x0) read$FUSE(r0, &(0x7f000000e280)={0x2020, 0x0, 0x0}, 0x2020) syz_fuse_handle_req(r0, &(0x7f00000021c0)="86034f53cfcf07ad050f886b8d31feb33389b48e20da3ecb343082874c583a4059873961b45acdfb53f98dc16155b1472ed57dcd5475c404eb90019ffeaebf326c19ccc79cdc3c50db96119b51a58ce6adf14b9ab6711dd9065699c01d701a215ef9ecd648165345c5e9fa980f9fa887c963a835023966316c377230f6d1a9edb8c29df650ec2aa479c9555e386e040009065676299fa96f76fdcddbd33cc9bb5c05f34b9a7729e8118c946cb84667d96e9462d673caad1e949921e7446cf85741d8b2d6f4dc8c7a31fd250e32ebf3248d7ea534ddc3cd9342e0bba073f6abff6f19607654eca0902d47734cb284e453c743cd5bf6c9f991245c47743a0437db2ca19dd4bde049e6e8f682d1f21dcce4637b05cd978b67b4b5e43a4a118cef6f144d11db5847bceb0416205ac16e608bb22ad7534686946eea3e220eaf90a893856f5ddd8be1cfeaa3c5e80c2386bce94e8f0a30fc5169c1d6abe0980b8c071719ac21645aaa28a236dec670ba029acf899175bc3477d529d3c489556ae9cec291cc0db0d47ce7c373f1b379b8738cbcd7d4d11e09ac0a392af02599c2cded0ce610bf59be90cf5cdb0dd5d4c8708e08fc626d71f374ac488f27631cd1e0a1127f59eb0b3bfee413dc3df7319b8699e983e6f3bbd66dfc53209c93a7c247863b59e6c2675840ddfd5ba900cac48be6527720179e7e93d07b51cb00cb10ce53be415f0b09d611f24c98eab22704e45e7b30f60fcdb5bce9a4349944f2040bfd553ef9a6bca44f219009fe1a8e0f0acfe57dc09c69898d8ada47fd0fabf02cfaca0278c2d4d08c9e8ea3b2a3980910ecb6f43dc30d868db36c92f2ed8e7b48d242ec9de3d9ff04fe6ed15e176dc90a403ba0cd3a413e98755dd3b86612c8f542f357c2f22a17017329236085ebab1b30fc970f9962259881d3547490b22778a5f8d5a49b6dfb46fde6d03b8c773e4fb39afd31ab76cbdc6ad6b374cef245e391ed02e839b68846b9723289c072bc79686b75288fed44a230514b4e6ded02447351ab21dd44a70011751d76fbcc15c6489042b05deb0601b053fa2884d3078e4743586b6cb116a87be207e637b91277a7c152a4357ed3832f87e6bad1f693fd3c9f53e2cc03aa41361ba15aa777ddf8308bd3e42e848071e36471c49e8e85ba093fffde37f056291eb821bb49c22fd57fc20dcfd3b89dca1dc3eaea26de9d41eb1957911181eed0749b6314c4dfab482c36bef26b7b6567b8b3530ca929f9b97a5488b2a99389fb837a73f31327802980f41e2e1638b0ab705e67456e357b54aeb66cf4ec2444f58324993d80b438e461f488e0d498bf6408d392b0d498034667cc471e960521f37ea0b479e489f5dfb21b7e78a56e2d5d708c36bcdf2a5b8a3cfa3783d8636a2c66a342fec826618f014b267d40e6f0b23a3b66420fbe9a02d32fa002091c7cd65e8c61d0fd4d44959743a6c5dd5f26c3f10a0a6a03099ab48a271b3eaf717db8970bc4ddeb6c7c2de6c086469da371a69557b7350169bf64348972964c86c55d6f3e0d718f631a6c0d815f167db68327a46f8422875a908393c12219d9aac99016b6ad9c112bc3fcbc1c10665fc73dd874a834a806c9eba99d6b2f65ae0fca86f8c1b26e9bb933c99ff815241c322114d6cb77839f04547bf3836de002e6c44f3a13100bde7845680aa2f42f0273b2f761151786ccfcfc0a274e926bb9d49dbed3da32a91d9ea24481079a8260d59e965051591b8cad7e38d309dd70a2bc70a18793ecbca78a468c87d309d1e5fefcecffba18d3b1f09e0688d7efc2eb3b2ded980a77f3b94e0e4d9dd1614c78d4f9e6ac11002fc34230d682992ce07b65a6df352394caddbf82031fff4faa2cf413ae09e25a32cbeeb1f07f92e1638a45a4821cb2ceb302173008f5763ad081528875b06a67924596f161af65edcbc8935eff09ac56bcdb99d13844e6655798ad2ef917fc717f93a528ff9b0fffdd6a090874f31603db1fe4c11b3471505eea2f81aeeb698651fc20733d089ed64c15725b3fcdf786c145cedad43e01534099a0b1e21224fe36e97cb93182623406b1f0432693c52adb6677452840e540fde61f3c567126e6dcd317571c990ab94315ead02110c4456c420dd6ff2cf237f3a85368e0ffeed95bf223def446f3c8f6f529f37f1199f89987e9d500fb10b7c45baba035c12bba4b8bbd94751ae4f0f75199c87787618ae5b8b822e3f10011d14ea9c3176c6cdf73f5394abefe5783280d972179514ce123582c7db33ba510214a7bf7debe83f5de729c1a0437967843ecfe29e601123a64e08a2c88a5562aca2bef564f0a13165ac5764d5b5f602515c91565c504dcda5dec10d20fbf22569d80dbaf9dccab4b0445de49f6a5a6079ce4af8cf0ecf8db16b4168c80bf68b45402989a00af521a0d1bd5516e95601a2ceb6230c799c0c10f62ac78754d92c993cdeec8b8cec86d31a55121e294704bef0cb1a534182494829507e1f614ae2ed57536ffa6ec8848e4719789c9829ad33ada6ca2a2f40ffab8d3378be9973723ca69a7215595281fc49583f4fc4e8d7b7199f869740ff4d5d8ea2e01167db46650cdef3018c9e07c169237f0f6eccf71b48ebe4a4aaa592987fd3cc5d192072868260a832034691f9213f733068a2b68fc5c776990e93676af2c81e9b7d598e2f118e5e5d6f80241fda71160af21d136a630d1ce8c739edef41948796d5baf0a510addc36fa85f0ea54b9d0052a2a186e1e2245ecc4f9a5f4d1b76e63f6cdf7689ee6d253d5b548b21ada5783ce6ac337de86198a3ac060ef6a7ed0d9654fbb7b3da1a5b47c40a3f54b58bac14854d6f339dd563bccfd1a38d16676d5554e4ce351e8d5f919e9e7591a30944e995ebfb4348d176cc9e734a8db34b6bc7cad5db6cda8b4fb4c7f246e3348d680d4bcb3dd4bbadcdb41abf04853cdbac35e28f8a6190d54edb9af6d1a8ef424a9b2036f87c3b9d1141dc0e4dbf2468361de924c31907f79f493984b51baadc3108c55afe1e92198994ba2c03a77ce8f72e1642f0c3a7fdad2bbba382016cc1f6049cc590348be05d6c3782e8fab6caf451b033a38550f4e93bf85311d42d640777c5dfd718e82b5615bc8a8267d1c9513cf8b2c2d15dda031d4f4579d1e9357a1ed5e52363871853274f96b86cabd92e1d9210775e6c3fb1a2b7c360d46cf4496df67a1181c840e060239e672b64889a6c37dceaf00e4d732f671ad6e96c5f5d12fc5b80b3e4ab7e4c897ab52aa72f8a03514a40fedce2d1251eb981666304b90127e502c6ce0a53e8748802a890ad02b6a0145f0ac384669c7c88f1a9d75dbd41a62d7f9612360a67ff2f7966afd0385f4a4f0c6eb33a44fec924f2be56ad32b8b7bc5f9d86a9999359333c885335c6c83fe92567c6b36f1ebdd9f1992b71e446bb92b489bc1071bd0300000000000000b803165d24bbf8264cb4997b31a7c1e12021e832439a3f949521da0f10f236997fed47fe226c4c8b7fdb1d955e05cfdb6760ae1f49c66aec53c5f4a552d3ed50b7b7d63b496cee4c2991945f7d0b8950efc9b7a7303bcb244095b77a1ce562a51c01cb1b5e8cb088bf3243b3c965da3c0dbdbdcd146d19c2cac768f25f539ec9f273e56f2009e8daa0159b62d01f6c70b085c7286075867e2b2daf2854719b0efcdf98dde02a5217f2b4ddb7333cc188040f47fce02640356e2016071144b3122575629d2472c7a90675c11c6ff4bacd4b4593553f2906e27214b2a50ac274fd8e92283929d55e61859f177016bc4311947dbee015946789dec15f2d74d8a7c7d545f4445f0beb0cb3f1396bae7a0af9aab17f51fb35fcd5359a73bde467c4aa06e33bef29e3e478184a3d85ec41fbfbf47d0cd918ac0006b88283997e5633e61e5824551cf6f12690d5c7616749d7891548ec611ca7d926cf128b4a2a725d3983934e079c1977c478526ae4de235d2784f419b447b5a26c134299157d1aa1d2efcf8e1aa7188a680843995227da7174ae15d76c87743037705881473cfe3dfe8127e3346711173e418b011b1d9ddf92880e60611dc18b75b65adf4240cea9f864eeff564a5356a850440982666e57b06da5294748a2be5123bb9f694bf9f80c188b447038114e259cf47a16aac4c39ce39159f7447dbdd3e98848a81d1873e326f48781647c30e412cf6b368a32194df454dc067b6972ea3c2c57e93ce7da5448b71f328b3f34c5fa2759ca6a16207c666681c199c3763eac54d390bbb20a3ae519e5d28c87cbbde0a91bae0b639cef78d2e1e1658db311b70b41f7d03fbd908c2ba6101c15cd26db688dbdf1eb547e5b6bc592a2dbad0ce653617ad614bddc15cbf23c209340224830d8f81a4cf509339deed7e01204dd2efce9ec26152a292c855121d976c05ac804b8ff53c54e2cc838cf1470333657d4f8051e018043fb94542abfeecd494ba8f90da8a71a0bb6b621bc14c36316206fb93669d50538492352154a50317c5e67bf1d6f89b769a891dfb4a4e5bf8f7a534b1dce8746d2c07b7b6f3a219694b087c7407be4dfa177f36df168a8a4b19f0428d67c7b3e443ec357f200794313785ffd48c7def6b52699dc0c5e5b9222a6daadcc638cdf14af0f8e9fab96f824fcddc4c5e94dfec49fb7a3f9fa66f411a97f40d78f86b22a72346c1741ec50996702f177f072da3867410c7ca14618ea02c04e267225b6955b61965bef758754c65723d84ebcd110b15a21a50be9219af9a4cbc9564f4e33146158f30bced23994b2f65e5035fe9e407118e66dc8b29d906d544fe371b0ffd2bf163f6b2de8f8aea93edce4415fa7c7f0ad08717490395c8d420f8ac249edfa86453c632c4dcc1e64080c5e44477ae75efbbf9dbe8169ecb7e806596ec6b6ead075141cb5fcfdd00654673a6c67d85bcfdcdd8cfbad0c4b0a6709804a8ed80565f3c43bbbfe4d02e40eaa3dead2eeb1e4ec9e3ba337943633ff6694c0d602cdb2de4c456faab8be9a54c37728507bf7406986e42854cb0e84256ce302c0e2ea933f255e7797d82379ea7662c1a0001fc7117392ab5f3bd5945adbb3d74d2e811f613f08e17adee52a191991894533fbc1e358f5b3ebc5011b2ab49300c60cf6cb3ff43292b4df7aa3c07ad5b9eb3dabe64339589882e4f1a0f4ed2e90f28f2b6b1728038296d878f8fb1240cec62e5a3e85a8e247dbf4de020bb8b3f8fe3cbd93e3ea2905b4b2818d653a2ad7b8522198741d1d76312bfb1b4df432736f70a66caf1c99137fdc32f170e85a1fbcf37e23a089854fec54d1c90c7269bbaf626caff99bcb5a45f8b444180fb19b55448e272207889fd11ebcbb1a788043231b1204f936ef6c1f96fbf6516ff04c2a7f94ad66823104ff250b0ab7234bbdfa110073afa4a87abd0553d5c4a151c3a337d65884a7ce032837dd4c5067f2a006dec376b911ecd5bed79ad3dd21b9a98c73c85d2bbf9a9b0421b892f77da6709df4438a608fefedd8e8a2c5e0130292c565c499c43a5b26a35e5fba7a500187e45e7218fd8425a932eae7e217e46009c95ad138e8b96f1c6d9898c71f6d37f7632190f199741e699ba14c02db59748509b096de39eed34b9fae574d57bb89780bccb4798b7febf0b0c5def1799e2a3112afe1be531ce44bb00f4a8640535a0a1e8fb395620cb76d479bfe10a5f0b4c86276531ab86b0f5c94a285f654a3d1fa8850cad3638634d66bef83c5c879bcc7bd0a7a0dc496f571d50c4de4fdaaddb603155009c182382e01d02b5f71f28fb29655e0d4503ca055870810badf45ebdf9ba89dc91cbf63cc502b1bebf78e52c48eb7c3b015f5b4246af50b9a3a72e290ac5925a6aa702f4553c3bb0d566ea5f7ec9535ad1045b743b9e66dc832c415c275aff804bf23b1f2ffc7d74a31dc12a1880325838c903084e4087e42bdcbbcad374a793277f09ae9fb53c3b2e0b0f67c2b5fe274498e28092e9cbc76b76e5a3b92ff7bd6d36b80872b1a5118c72c7575b5b7b2f7b2e4186ed4a166d3dfa72e1dc03e1af9e7579f7b23290845988121203978cd383e45539262269d0ac959e9b3041f0a3605e170c40f162fea317e7b894daae83ff080fc6501660bd0bafaed2b3764772a2a5daa754e07febdcc57c99aaa8138f09347d22483d39937d2daad3e150305d9701c97e54d3b4d28c990e041242ad0bfd1a45f34eb0de7366477d175e0a0bcbce60561d4ba66eb5c092abe0d1041078b29dc752f6a5ecd7330a12ca008e308e551b9bf75480cbc32698487b9fa4b077dac8d26da29dd1327b1247c18804b7ade957866ee5c7fdb5b637775482100a8a5f1128b9f0ab4e5ba30872194716fea4303387c00f2d1629d8ab90120a0579940102e9224e58ad5cc68c9b459d328cfb07cd88d4a58bb847eb83fb1f877917602b257730c14bcf028b2d0798541ca6a67ad5caeef34ae2878643edef2639afe4324d82d1073666386a6baf78656012373bfdc70ad2bdf58846fe42cffda1923ca470fa85b85988e3e112662e7295d179bfd4ab41abf81e33f2886a310b5681ebd4480782b88d232a1cc9b8b6891effd3345057bca246ed2afaf203f8f805aad8153dc7637e1084ae907e6e0c123604ac80e620a76ff96be3f66bf54c3f6e8b85922f10e467e58c79b77556422629715243d105a7605452c60c7373ca0df94fb90d3499dd0e4681a15cd460721a246a752162157df62c6c33c29d67e0e29a71cfb88bb7c35e75f9995619f7b76cf995b5863c22191ebbdd507a87b6a3c5df8ab5b40ac5d7252d6fd424974ece842f0c3eef34d406f5fd76fd1d9a94ca5e5243eb3f6d566dd8cf024dfe7be7971f2df70d1aea560592bc47e2bb31b30ac3d08f9d657d84a454e91b3372c9e02ec3ef5130a21e68acc848edd27c032479b60f69655e050dd16405d8bac98113aa730bf9f239fb5448842b7bd63204725d913792feeb4426b7c312f3f8daa9c4c77f3f784d7defd51c53fdfc61740d0808a435b51de0fe1868e4a98cd901a13fd69c6fbc22876b9d75b82cb81912c5797884d3257e6c99c444583ed7b2d828779c9ab8d00e295351e5837cfc4233f8c541762a9d2d02f8b50c23d303af2dd567686f2328c6db44830c542a3910319e95976c2d71708e68a9d4b6fffe5862b2593ea88d7d740d4a79abaf22e3261b9bebd0ee9eb96b5007fec4b2345929f58fa3dbd14cf6842ec72d658aeee8dae99e8df1ac88b1f810041c946e30191e7f4677403d50db975afe523a201d30f6b76dd96797db4f8c56195f39e8975b690f739b78866ca5d44b18f3f11c569d6efea77049e422f02c4fcccc5b8eea63e631e17cd7bda36edefcb25ef965c89b4ae72d69c269116c1cbe78759d75dce1ed73ea2b8a9e85bf74f28c4fb460f2dd8f617bd24b2d2e5b806a8efe55f2eb46d4d2cb8c029784a659dec446769b4569c2a4dc217fa24590e54bf0c6d006082b8cb0a204e7778ad72e13239025058fb6fa0b232196d6faa8cae5fc28faf1e093f08597d0cbb0dd8fb54184000a390380a9b8b1430632e8467ab8a72777e220c4400a8c0e06054903dacd7585e4f12e582bb76d709676530cbf0fd68a7bdb84884ef4e155faeb423e4834421d3b504b9083a625fa3d1fb8068f9210d577679ff1559df63c6d96a41a2ec12a2045375f8468f3944de9dada47e531a176ccc02e949bdae64e9f67db301b1695d25f17d6dd1f17e4ec40b84d30d44c7156a3e280fc1e04d74c2da1ca421e3b27154dd653bf6de09853e19a07eb0d89f06db3ca49bda710852655572710957bbed772717ec188e955291d3a3a7391adf58c09999f3e347c79a390bf1a931ed5211d1addf2699f99c8aab92d3ca8b82c2b9c74ce9268c8ab4af9be06831d20368361e127b9f9a6c60f10659ed65bfc4f15d8684900b658d2305dddbf12f66fde1a9caaf4ee62f848cfdd8430927606c37271a9c7f4cd85f12ec5efb9af19e7f392e2de960494c9dd8a78b2285cb2cca0de16c42b4e940345ff54a2ba9d3c13da0bcc74aa4ab61ce189c71afc400f7a36bffee289908989f8a7702f36c15e76ac6f0701bba9098e2a68e7eb1829c3501f233a409f20e55c659f35199183d48bc2aeab86c11387a37bee3ed408f14698379a50fdd521bcbee18c10ea5e4fec36167df18a0a57a8bc4e90cf0a8847435062481a566ce554f36a663cd6b0a9096043fcfef1d234ea2551d64c0cb21b2741875abe82f7cfefed79c553494edca19b447bd00d779c11da448d8626dc521377bf24e954dc7e8edc724201a7ea35202ab0859c73adb2d36b24f3aff0234ff8326094ea92a3107b239a4db7450f17c0893a63a777398efec8a922b5acda527a0fe42c9dd4bf3a052a51be56399fa8120440b0e84fd7abe85cb49905978af117e4baf183be956e8ac0a8ef9fcc63f02adcefbca4f000e1bc30e7793de67243706e4d36dad28633f7fe7f8063c32d566207923c5e9a9c2fa48b725fdc54d1a81376ac98161316b26925a9b84bd588231007c267ef985d699ab0432f75ebb4a6352dd79d4ab1a89ef373a28d2036d5c85269f644a7222d4a047ce846a6e523f17d55e1aaa0d172ce42ef0cae03edd6f43962789c9894d6a72dd075cdb6fd5129da3b9bb22faa472533325f6ad2ed5dfcf79f3686976ac39df778319b5f3bd25dd6de204c9f2602ebf74fe4c8945f0ab65ecd537dbfc8851ca014fc4506d481a7dfecb4d6e86609a257aa03a2d0bc3fe782a093461db58eb8d0cb297213e50feba4612a291931408df4ba8d0266c4aa7160e5ff47ac789d0866d3907663c06eda06fe5f61666ce4ce67bd6fbd58f7959c3b73f1300570e71afdd588e8328c2fe01312d5a8f079d92022fa8ad70286e20dbbed72690cb05ddcdf4aaf70c34815979d56c7c14a7928d6e39357c34eacbd031ce18cde9ef66aa22d1dec8a783860a918718d3085464302966a0c2d604868f88d3ff49d2161e50a71cedd4b721cdf1d8c70fcc99a7db693560f5c96a8054d3d6ff0a98d3c29f1ffe181c32e756b24a15d59e750dcf440289151de6e721fe4dbce1acb1f3e615afd11592620d5467a3207e62801f0a78874fa29da5f9e45a13343145894e460022b7cac2799d9bd1e436f31c57caaea241d95531d3b19fe2a301664f6b69cb6e413f929be2cf29a14a2b3c18ae9da4f99183bf11147cb72e83f634161f6e89ffbe38710d0155a234a0f9c1f908f14c4aafc455f83df21c23441e463c3cde8d815c18ce783907e8d87f9f266ef0617a22ee8ad782a3f4d374840647d036cb14b5ad517db0c95a9c0e03d716a1867b1153a52a09cae405d958ed2a0aaadebcb2165f79e18c9e87231e08c6f29d80aa048245e201b7729110a3fff255ed8ec61f7e75143a93ed2826cab726b378de44ed4c8f573841ee3554b23870b539e8e730a3e44a58998854396115221afb57bf0b13fadec1df72a1ebc3aa3947072b096c74eb6457ff7814cef7f8b6eded6883f3b95455dcc170a7727aa05e2a5b85cd77e881b95c6fe7c76ec5bf10e36a195dcafa2db63ddf2528bfd407370074f3aa26f6c392d3846282c4d1ab81c28284a5cf242439d9ab3a0d18a1adca02f65ae44a38d8bc77ec1a7c421bdd8a30e8cecff29661a8c09e9fa55290ef8dfe1be8b8eb4ba85bc3dee9e0fac114f3eb3ee69d9a609c2827788558d3f5d1ba1629a2de8983028383984d0dc7d75a1e58643ae65a44198f218ffcc6f644f9c69e192e4cb0e24f398cf9c4a613691cd45ed2013558adedae4ab7c8d8f4f7fb853e8062ceab986f613501e872bc5e43c08988423c4c60cd4beb1b6f8cdbc9eae92163ce6ede5bba16cb9597936fdc9c724914a1d3e5d5aa4c5a216af968a2cdf7c086c02b2312b76c720ea8c65abc9076fd9f695511797197d6435609c5bc81a1bd955dff7379cb4348a0ed798f63f485998193fd23ae456630787d46ddd706ddc74bd0cba6f1dbeefb5348d6defdd8a0e65ac009868c112eed4a9eba5ee61c43da9c519a3e34d5f343a36ec8479dbb2ca5adb98db17dce676dd75aa00e7db749090aac709c59990d3629ce288d73ee93b41f1bee293947587cc18a6a310bf6a05b9443c768b65ce8075a97e59f75e320358e7ba86e9f6c26bc30ed971a977064a5949d16eb06ff6a5e141164e6f7ce1126c5fc742151c3782b1a06c1cba9894e6a6745f453abdaaed889a293abe38fdd86a20dd3f0233dbcce3d27a7366ecef25fd8dac1515beae5df474990c31fc880709fcaae77b269f0ae6144fc79922c45afe58699f9f6c4ca315f98906adadf9c9d145468136d578c22bb41d83d3a9d3b8dc58b00720f129d65a98c4c3dd58ef3ca30cec384fa47b8af6bfaba517f5c02fc6c2737f108456e9dd5110c801ef700aef3f91b946cea13d368cb2e9d4ed4bca09958df837510a2eccf591f72b9ff79cb8eb07b95c19273b87136e7ca3a3ef1890e04652701f5be45963dcd850f9627892964355ec95e1d86a700e9768f03e23c1e4766f416fa2f05a610e8582f8b5ba28c323876872f27e3e46ce559b8b2e53bc8a386f724d446107828cd9926c7e2b2a54d9f396d3bfb3dd55099d8a5aa2df6b4efbdb5405dcab593e43a1153432dc4610d326e3e09349ca71f3e87bfa50701d36e7546e6139ff196d3005bbc53b6cdf222d3fac641afe5a1ec735955c301ff6b8333c3ce842222b94eb0b5daace6502f9871d61d5b6dbecfa2f5ef0bcd4e798a5bf1d63b67b9c657325577e1f559a265c139b1639f1cb1f3ded7c901bfb4960bf36d955faf33b3c0e25a9191d46e3d34967b8dc9db401a6a1637f77896c7c59b59566c70af8dc6014715e4a2db244b4a178af1382fe309e3519cb3a25370c3dac3a26a33bda2c0f56f478731bca990f5acf8e4c37e680760461f66107894664efdcf9110946550b10cfa59484c670457b7ccbf3f7d50089be25ad98fc62377f56db55696564256d4baf00fbbc6e0bc715d5d5c216719fba32afed281b8e9c26277f8396ea96849ae0c063656d0cbcdfd478fc6095f3eb9f7589faae50bbd1e13e7767fd474193888349757e9324aa30d3f7456018b52604960851f84cd0bbf2af0eaccc0033ab407606614b88b3eee4338d2a43f2c151a0b54abe8a426a53f29ffba2f762dd07b498449b2a89d5cc9eb7406daececd1eef59820942ecd6233c934098aa06640eaa6b6530c856b61f7935fdd51b3295ff9c1bc989441a5d8907382099337a7cdb81bf0d1baaaa30163bcf6570e5547900b8b230c965bee5c43e8d5306df4656b38617fb9d8658a432217c9929023834dd68798d735973ad57608bcdeceb4fec2e74568686970b64f4ddb2bcb7fb5b3dce956be317f139e02ff04d8527457516cc00b8b832d5ddd5b75f49aee8068968c4cb59466bfe83b0c9470843eb49b506fb7e2c5f1c572c7be636cb321e4bacfb2ef89210c3d021729ff92cbf4b4b3cc41e5448471d963b1916dcc5d5f29d5f59fe2d445e725b9c08d115cb97fb9b7de1dabed0cb0683b5af49861fcfa807125137167bddd9e76a99dc84c1e38d55f0f0e8a3da54efa41151e92cc3a", 0x2000, &(0x7f0000000f80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x90}, 0x0, 0x0, 0x0, 0x0}) write$FUSE_INIT(r0, &(0x7f0000000380)={0x50, 0x0, r1}, 0x50) listxattr(&(0x7f0000000100)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0) 6.305369454s ago: executing program 1 (id=4340): mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x0) mlock2(&(0x7f0000018000/0x2000)=nil, 0x2000, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaa"], 0x0) syz_usb_connect(0x0, 0x41, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000e518a708ac0501859d200000690109022f00010000000009040000000e010000152403"], 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01) ioctl$USBDEVFS_SETINTERFACE(r2, 0x80085504, &(0x7f0000004840)) 6.222500747s ago: executing program 2 (id=4341): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000000)) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$kcm(0x10, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x4) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) socket$l2tp(0x2, 0x2, 0x73) arch_prctl$ARCH_GET_GS(0x5005, &(0x7f0000000080)) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000180), r4) sendmsg$NLBL_CALIPSO_C_LISTALL(r4, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000940)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="0103000000600000000004000000"], 0x14}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x1f, 0x4, 0x0, 0x0, 0x7c, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x0, [{@multicast1}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x659}, {@broadcast, 0x8000}, {@empty}, {@multicast1, 0xffd200}, {@private, 0x7}]}, @timestamp_prespec={0x44, 0x24, 0x0, 0x3, 0x0, [{@dev}, {@multicast2}, {@private=0xa010104, 0x4}, {}]}, @noop, @noop, @lsrr={0x83, 0xb, 0x0, [@private, @rand_addr]}]}}}}}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r8, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r8, 0x0) r9 = dup(r7) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) 4.405924956s ago: executing program 4 (id=4344): openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x298) syz_emit_ethernet(0xce, &(0x7f0000000740)=ANY=[@ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB], 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$netlink(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001f00), 0x10000000000000de, 0x0, 0x6, 0x24040}, 0x8044851) syz_emit_ethernet(0x4a, &(0x7f0000000380)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd600a843500140600fe8000000000000000000000000000bbff02000000000000000000000000000100004e", @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) ioctl$KDDELIO(0xffffffffffffffff, 0x4b35, 0x9) mkdir(&(0x7f0000000080)='./file1\x00', 0x0) mount(&(0x7f0000000040)=@nullb, &(0x7f0000000a00)='./file1\x00', &(0x7f0000000000)='omfs\x00', 0x0, &(0x7f00000000c0)=',\x00') fallocate(r0, 0x0, 0x4000000000, 0x0) socket$l2tp6(0xa, 0x2, 0x73) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00') preadv(r2, &(0x7f0000000140)=[{&(0x7f0000000000)=""/151, 0x97}], 0x1, 0x0, 0x0) r3 = syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(r3, 0xc0205647, &(0x7f0000000100)={0xf000000, 0x400, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x980913, 0x0, '\x00', @p_u8=0x0}}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$key(0xf, 0x3, 0x2) set_mempolicy(0x4005, &(0x7f0000000040)=0x1001, 0x4) socket$nl_netfilter(0x10, 0x3, 0xc) syz_clone(0x0, 0x0, 0x2c, 0x0, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000014c0)={0x2, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0xe0}}, 0x0) r5 = dup(r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0xe501, 0x3, 0x280, 0x1e8, 0xa, 0x2, 0x0, 0x0, 0x1e8, 0x230, 0x230, 0x1e8, 0x223, 0x3, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'veth0_vlan\x00', 'veth1_to_hsr\x00'}, 0x0, 0xc8, 0x110, 0x0, {}, [@common=@inet=@l2tp={{0x30}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@ip={@dev, @rand_addr, 0x0, 0x0, 'ipvlan0\x00', 'veth1_to_batadv\x00'}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz0\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x2e0) 4.227673742s ago: executing program 2 (id=4347): r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_mreq(r0, 0x84, 0x0, &(0x7f0000000fc0)={@initdev={0xac, 0x1e, 0x0, 0x0}, @empty}, 0x8) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) syz_emit_ethernet(0x36, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r4 = dup(r2) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, &(0x7f00000003c0)="b9ad020000b805000000b9b7080000b800100000ba000000000f300f30c4c1f56b03b8003000000f23d80f21f835c00000100f23f89a0b00000005013e0f01cbb9b00100000f320f63650966baf80cb8e86e868fef66bafc0cb8c67512e7ef670f01c3663e660fc7b4390d000000", 0x6e}], 0x1, 0x40, 0x0, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) mount(&(0x7f0000000100)=@md0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000440)='anon_inodefs\x00', 0x2001000, &(0x7f0000000480)='/dev/hwrng\x00') ioctl$KVM_RUN(r5, 0xae80, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0), 0x48) socket$nl_route(0x10, 0x3, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r6) r7 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r6, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r7, 0x0) r8 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r8, &(0x7f0000000000)={0x2, 0x4e22, @remote}, 0x10) r9 = socket$netlink(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="1506000000000000004c0100000024000180060005004e22000008000300ffffffff060001000200000008000600a7"], 0x38}}, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) 3.247895991s ago: executing program 4 (id=4350): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.swap.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) ioctl$sock_inet_SIOCGIFADDR(r1, 0x8915, 0x0) 2.967987043s ago: executing program 1 (id=4352): mkdir(&(0x7f0000000000)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000240)='devtmpfs\x00', 0x0, 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000280)='./file0\x00', &(0x7f0000000000)='./file0/../file0/file0\x00', 0x0, 0x2879c03, 0x0) mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1adc51, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0) 2.746380227s ago: executing program 1 (id=4353): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0) mount_setattr(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') open(&(0x7f0000000040)='./file0\x00', 0x903840, 0x0) link(&(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='./bus\x00') 2.680590287s ago: executing program 4 (id=4355): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x8, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$NL80211_CMD_DEAUTHENTICATE(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)={0x24, r5, 0xfc5, 0x0, 0x0, {{0x11}, {@val={0x8}, @void}}, [@NL80211_ATTR_IE={0x8, 0x2a, [@perr={0x84, 0xffffffffffffff21}]}]}, 0x24}}, 0x0) 2.644179839s ago: executing program 2 (id=4356): socket(0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x4030582b, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x21, @none}, 0xe) 2.426541613s ago: executing program 3 (id=4357): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000001fc0)={0x0}, &(0x7f0000002000)=0xc) sendmmsg$unix(r0, &(0x7f0000001d40)=[{{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000240)="af", 0x1}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000014c0)=[@cred={{0x1c, 0x1, 0x2, {r2}}}, @rights={{0x14, 0x1, 0x1, [r0]}}], 0x38}}], 0x2, 0x801) 2.395889017s ago: executing program 0 (id=4358): epoll_create1(0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$RTC_PIE_ON(r0, 0x7005) r1 = syz_io_uring_setup(0x2ddd, &(0x7f00000006c0)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0x5e2, &(0x7f0000000000), &(0x7f0000000180)=0x0, &(0x7f0000000380)) syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4}) io_uring_enter(r1, 0x381b, 0x0, 0x0, 0x0, 0x0) r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_SET_FORCE_PACK_ID(r4, 0x227b, &(0x7f00000001c0)=0x2001) r5 = fcntl$dupfd(r4, 0x0, r4) readv(r5, &(0x7f0000000000)=[{&(0x7f0000001140)=""/136, 0x88}], 0x1) 2.296274053s ago: executing program 3 (id=4359): bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="8500000023000000350000000000000085000000a000000095000000000000001b90b31a08f54ff40571eda5c56ad924a10c7b1e6003c9325fea577f8e56fe212b358f1d0838c8119ed74e74552ce4e6c8093375e35c8250f448a6a31260c2f9fbb70400000000000000b08b7aab5fd5d24dcff1ca14025b73c2da8f550900000000000000c340b111fcee90d6d90100000001000000babdee5b76635ce4f35f985e434196b5699ba66b9cb05e5259a1f61cafa3586a2228c4581dc29931a4ca0f4967706596014dc06b99b9c9ba49b34e516e0baed5cca7aeeb0d5dcdce0900000000000100ef363c9f5ca80b125dabc3adab1179388e76c44e7328318078af6a0a1a248a7b2ca42a05f4b033e9d8a7880a116a60bd69a463a73745e8950a8e03000000000000008c4e7c6037b670a823e59267ae980c73ba09410000000000000000000000000000000042f7ae3d341b2a8e0c1681be5db38db3bf61f7ede5efbf55df1ee21b8e21b7a4a0bbc1d6a5483477260c03bf09959a71dac6b9f67019fe6ddacf40aed79f018c9fb9e9fc69425618b0d46811cff20f7b13e3e35c670b87bae02b63ebb47ca8e16be95b2ec5bde931fd425b3944783b922733b688b96e998bf39a2213f05ef1aad563d787d58d37cf2236ee2f00decc43c496fe7b27f0d98c0754bc7c305726ef314eb082d2989f2481d71f96c2d175145cec2251d7c080c782af32edd0ae00d83cfcd3d5a7abb0175a6be378acd0bbdc5c"], &(0x7f0000000140)='GPL\x00', 0x0, 0xa0, &(0x7f0000000180)=""/153}, 0x15) syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00') syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) fchdir(r0) r1 = syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) syz_pidfd_open(r1, 0x0) pipe(&(0x7f00000001c0)) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) wait4(0x0, 0x0, 0x40000000, 0x0) 1.556808716s ago: executing program 4 (id=4360): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=@gettaction={0x14, 0x32, 0x301}, 0x14}}, 0x0) unshare(0x20000400) recvmmsg(r0, &(0x7f0000001200)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f00000012c0)) 1.449848641s ago: executing program 2 (id=4361): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0) ioctl$HIDIOCSREPORT(r1, 0x81044804, &(0x7f0000000400)={0x1}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) 1.324576897s ago: executing program 4 (id=4362): socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000380)={@ifindex, 0xffffffffffffffff, 0x0, 0x201c, 0x0, @link_id}, 0x20) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000540)={0x0, 0x0, 0x0, &(0x7f00000002c0)=""/138, 0x0}) pselect6(0x40, &(0x7f0000000600), 0x0, &(0x7f0000000680)={0xff}, 0x0, 0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000140)={0x1, r1}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000940)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x20000) 1.318202684s ago: executing program 3 (id=4363): getpid() sched_setscheduler(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x10, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0) ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, &(0x7f00000001c0)={0x9, @raw_data="ff0f000000000000efea567e94df4108411e554a6ebde080b4a2617b8d8499264e879ed6ed029f7180d0509ad2ff7fb9e67cf2e876f625bb2ce7f5594538a8b9211d46b6a7db49fa8a1a2c7f8bff98a2eb648810ff9e433c2995cab6f83e32e882eb99d56a4b80cef9aca3f94c74b89894144ca07598070bcc70a0ecc332a3c453da5948e338590a4a866a82a7f81aba0562f339c823c09db7cb91a317c36510ce3fd8068499f45b7ec2527c7b192d856d46be47fa2cc41a0a00e8b9e626e0dfe2437851c567d700"}) 1.225984288s ago: executing program 3 (id=4364): sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000001880)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000002ec0)=ANY=[], 0x1774}}, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000005d80)=[{{0x0, 0x0, &(0x7f0000002d40)=[{&(0x7f0000000140)='.', 0x1}], 0x1}}], 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) 1.118432103s ago: executing program 3 (id=4365): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0x19, 0x0, 0x0}) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000200)={0x15, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r3, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1}) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r2, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r4, 0x0, 0x10000, 0x0, 0x0, 0x4000, 0x1de6b9}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r5, 0x3ba0, &(0x7f00000004c0)={0x48, 0x7, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x23b3b6}) r6 = dup3(r0, r5, 0x0) r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r2, 0x3ba0, &(0x7f0000000240)={0x48, 0x7, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa194f}) ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f00000002c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_UNMAP$ALL(r6, 0x3b86, &(0x7f0000000180)={0x18, r8}) 812.712065ms ago: executing program 3 (id=4366): syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x88, 0x59, 0xf1, 0x10, 0x582, 0xe6, 0x4e06, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0xe2, 0xb2}}]}}]}}, 0x0) 655.484851ms ago: executing program 0 (id=4367): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000540), 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r0, 0x0) move_pages(0x0, 0x1, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), 0x0, 0x0) 580.827778ms ago: executing program 0 (id=4368): r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$pidfd(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) fcntl$notify(r1, 0x402, 0x21) r2 = openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) writev(r2, &(0x7f0000000440)=[{&(0x7f00000000c0)='I', 0x1}], 0x1) readv(r0, 0x0, 0x0) 463.967083ms ago: executing program 0 (id=4369): capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000040)) r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0xffffffbe}) 348.491331ms ago: executing program 0 (id=4370): socket(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, 0x0, &(0x7f00000001c0)=0x7) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'team_slave_1\x00'}) socket$netlink(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000a0db000000000000000000850000000e000000d50000002a00c50095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = socket(0x10, 0x3, 0x0) sendto$inet6(r2, &(0x7f0000000080)="7800000018002507b9409b02ffff48000203be04020406050a02040c5c000900580006080a0000000d0085a168d0bf46d32345653600648d040012000a00000049935ade4a460c89b6ec0cff3959547f509058ba86c902007a00004a32000407160012000a0000000000e000e218d1dd3b6ed538f2523250", 0x78, 0x0, 0x0, 0x52) ioctl$sock_inet_SIOCDARP(r1, 0x8953, &(0x7f0000000180)={{0x2, 0x0, @remote}, {0x0, @broadcast}, 0x0, {0x2, 0x0, @multicast2}}) r3 = socket$igmp6(0xa, 0x3, 0x2) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'team0\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r3, 0x890b, &(0x7f00000001c0)={@dev={0xfe, 0x80, '\x00', 0x3f}, @local, @private1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2, r4}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000640)={'syztnl0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000a80)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1400}, 0xc, &(0x7f0000000a40)={&(0x7f0000000ac0)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="020000000000fedbdf2500000000080001", @ANYRES32=0x0, @ANYBLOB="04000280", @ANYRES32=0x0, @ANYBLOB="b400028040000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b0000000800040007000000080007000000000038000100240001006d636173745f72656a6f696e5f636f756e7400000000000000000000000000000500030003000000080004001f00000038000100240001006e6f746966795f70656572735f636f756e7400"/161, @ANYRES32=0x0, @ANYBLOB="240102805c000100240001006270665f686173685f66756e6300000000000000000000000000000000000000050003000b0000002c00040000000081000000000800037f0004000000004000090000000900062fc79a000000000000090000003c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="3c00010024000100757365725f6c696e6b75700000000000000000", @ANYRES32=r4, @ANYBLOB="4c000100240001006c625f74785f6d6574686f640000000000000000000000000000000000000000050003000500000019000400686173685f746f5f706f72745f6d617070696e670000000008000100", @ANYRES32=0x0, @ANYBLOB="4400028040000100240001006c8000000000000000685f13d9d6b5978a77dc746f5f706f72745fe723ebb4041b580c0000000000050003000300000008000404258a9381fc21e6fbf1080c2bc2ba3c4ad5e9bf406bcf21507829f1eb253e46f3409b34846402560bae5e343b44a47f362d4d9c3a22ae60f4914578e3b994474b78030000000000000000008033417fd921ab1183c748c4d19cff1e6c651b9fe82695345dda6155390e2e4de46ef10fad8c099aea8ca22f6795cff729c575b88d45ad412834ec71c963278c41c0ec5e6417c895e2ebfcee44f93ceee62f0e90d3a6fa970d9699767ccd8eaca21b9f72f28262af01819e3ee0f55fc72bd8821a4d62d2e60100000001000000255923b1758f00ba87b4fb1136b2292637a97c5a850055de7fa9a81bf83ea5fb74c27d97fd2bfcb470044040284bb7e79babeaada88f51a092be1f713f911ff4b9287070c486b9ddd8e5d8b4bbd1400000000000000000", @ANYRES32=0x0, @ANYBLOB="080007000000000008000100", @ANYRES32=0x0, @ANYBLOB="d800028040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="080007000000000038000100240001006e6f746966795f70656572735f696e74657276616c0000000000000000000000050003000300000008000400000100005c000100240001006270665f686173685f66756e6300000000000000000000000000000000000000050003000b0000002c00040002001f04040000000000068104000000ff7f0800000000000800000200000000ff00003f03000000"], 0x334}}, 0x20000004) r5 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000040)={0x0, 0x3f, 0x8}, 0xc) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={0x1, 0x0, 0x0}, 0x10) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000180), 0x4) bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@bloom_filter={0x1e, 0x0, 0x9, 0x5, 0x14, r5, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x5, 0x5, 0xb}, 0x48) socket$nl_route(0x10, 0x3, 0x0) 103.646623ms ago: executing program 4 (id=4371): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) prlimit64(0xffffffffffffffff, 0x13, &(0x7f0000000380)={0x9}, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3) bind$netlink(r2, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0x2d34075d}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000340)={{{@in=@private=0xa010102, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x73}, {0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x81, 0x0, 0x0, 0x3}, {}, 0x4974, 0x6e6bb4, 0x1}, {{@in=@remote}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x7, 0xfffffffe}}, 0xe8) keyctl$chown(0x4, 0x0, 0x0, 0x0) syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x9, &(0x7f00000002c0)={&(0x7f0000001c40)=@newtaction={0xf0, 0x30, 0x1, 0x0, 0x0, {}, [{0xdc, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x6c, 0x2, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xf0}}, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) 0s ago: executing program 0 (id=4372): r0 = io_uring_setup(0x354a, &(0x7f0000000140)) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x10000000}}, 0x10) bind$tipc(r1, &(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x42, 0x1}}}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x42}, 0x10) r3 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x2}, 0x10) r4 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r4, &(0x7f00000006c0)=@name={0x1e, 0x2, 0x0, {{0x42, 0x10000001}}}, 0x10) bind$tipc(r1, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f00000001c0)={0x42, 0x4}, 0x10) close_range(r0, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): 0] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 820.290270][ T966] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 820.301805][T10820] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 820.307949][ T5226] usb 3-1: Product: syz [ 820.331422][ T5226] usb 3-1: Manufacturer: syz [ 820.334100][T10820] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 820.339475][ T5226] usb 3-1: SerialNumber: syz [ 820.348262][T10820] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 820.350258][ T5226] usb 3-1: config 0 descriptor?? [ 820.367480][ T966] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 820.375176][ T966] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 820.384469][ T5226] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 820.468874][ T966] veth1_macvtap: left promiscuous mode [ 820.484677][ T966] veth0_macvtap: left promiscuous mode [ 820.494916][ T966] veth1_vlan: left promiscuous mode [ 820.503235][ T966] veth0_vlan: left promiscuous mode [ 820.735541][ T5268] usb 3-1: USB disconnect, device number 48 [ 821.307744][T15555] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3384'. [ 821.659684][ T966] team0 (unregistering): Port device team_slave_1 removed [ 821.752018][ T966] team0 (unregistering): Port device team_slave_0 removed [ 822.451944][ T5217] Bluetooth: hci1: command tx timeout [ 822.618386][T15548] ip6gretap0 speed is unknown, defaulting to 1000 [ 824.545112][ T5217] Bluetooth: hci1: command tx timeout [ 826.119792][T15548] chnl_net:caif_netlink_parms(): no params data found [ 826.695110][ T5217] Bluetooth: hci1: command tx timeout [ 826.837536][T15624] netlink: 'syz.0.3402': attribute type 3 has an invalid length. [ 826.901322][T15624] netlink: 'syz.0.3402': attribute type 4 has an invalid length. [ 827.035494][T15624] netlink: 'syz.0.3402': attribute type 7 has an invalid length. [ 827.078288][T15624] netlink: 'syz.0.3402': attribute type 8 has an invalid length. [ 827.086246][T15624] netlink: 'syz.0.3402': attribute type 7 has an invalid length. [ 827.120587][T15548] bridge0: port 1(bridge_slave_0) entered blocking state [ 827.141883][T15548] bridge0: port 1(bridge_slave_0) entered disabled state [ 827.151100][T15624] netlink: 198180 bytes leftover after parsing attributes in process `syz.0.3402'. [ 827.185890][T15548] bridge_slave_0: entered allmulticast mode [ 827.233893][T15548] bridge_slave_0: entered promiscuous mode [ 827.266948][T15548] bridge0: port 2(bridge_slave_1) entered blocking state [ 827.283099][T15548] bridge0: port 2(bridge_slave_1) entered disabled state [ 827.293012][T15548] bridge_slave_1: entered allmulticast mode [ 827.303528][T15548] bridge_slave_1: entered promiscuous mode [ 827.317244][T15633] netlink: 6 bytes leftover after parsing attributes in process `syz.2.3405'. [ 827.428771][T15548] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 827.580132][T15548] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 827.616263][ T5217] Bluetooth: hci3: unexpected event for opcode 0x1005 [ 827.719807][T15548] team0: Port device team_slave_0 added [ 827.730312][T15548] team0: Port device team_slave_1 added [ 827.802613][T15548] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 827.810173][T15548] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 827.841309][T15548] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 827.858625][T15548] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 827.866227][T15548] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 827.898861][T15548] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 828.045213][T15548] hsr_slave_0: entered promiscuous mode [ 828.051820][T15548] hsr_slave_1: entered promiscuous mode [ 828.060419][T15548] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 828.068433][T15548] Cannot create hsr debugfs directory [ 828.772514][ T5217] Bluetooth: hci1: command tx timeout [ 829.550546][T15659] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3415'. [ 829.657846][T15548] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 829.690888][T15548] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 829.701915][T15548] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 829.719864][T15548] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 829.946774][T15548] 8021q: adding VLAN 0 to HW filter on device bond0 [ 829.973091][T15548] 8021q: adding VLAN 0 to HW filter on device team0 [ 829.992442][ T5268] bridge0: port 1(bridge_slave_0) entered blocking state [ 829.999653][ T5268] bridge0: port 1(bridge_slave_0) entered forwarding state [ 830.058701][ T5268] bridge0: port 2(bridge_slave_1) entered blocking state [ 830.065935][ T5268] bridge0: port 2(bridge_slave_1) entered forwarding state [ 830.162746][T15548] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 830.545140][ T5267] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 830.689544][T15548] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 830.725238][ T5267] usb 4-1: Using ep0 maxpacket: 8 [ 830.740099][ T5267] usb 4-1: config 0 has an invalid interface number: 38 but max is 0 [ 830.751043][ T5267] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 830.763122][ T5267] usb 4-1: config 0 has no interface number 0 [ 830.776433][ T5267] usb 4-1: config 0 interface 38 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 830.790803][ T5267] usb 4-1: config 0 interface 38 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 520 [ 830.802938][ T5267] usb 4-1: config 0 interface 38 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 830.822847][ T5267] usb 4-1: config 0 interface 38 altsetting 0 has 6 endpoint descriptors, different from the interface descriptor's value: 7 [ 830.894824][ T5267] usb 4-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=4b.63 [ 830.908430][ T5267] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 830.921423][ T5267] usb 4-1: Product: syz [ 830.934427][ T5267] usb 4-1: Manufacturer: syz [ 830.937195][T15548] veth0_vlan: entered promiscuous mode [ 830.946425][ T5267] usb 4-1: SerialNumber: syz [ 830.960395][T15694] Bluetooth: MGMT ver 1.23 [ 830.979829][T15548] veth1_vlan: entered promiscuous mode [ 830.991547][ T5267] usb 4-1: config 0 descriptor?? [ 831.010344][T15676] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 831.042867][T15548] veth0_macvtap: entered promiscuous mode [ 831.043279][ T5267] pn533_usb 4-1:0.38: NFC: Could not find bulk-in or bulk-out endpoint [ 831.069621][T15548] veth1_macvtap: entered promiscuous mode [ 831.111378][T15548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 831.129678][T15548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.150275][T15548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 831.161246][T15548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.171831][T15548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 831.186732][T15548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.200142][T15548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 831.212896][T15548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.229992][T15548] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 831.243968][T15548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 831.254824][T15548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.273506][ T5291] usb 4-1: USB disconnect, device number 44 [ 831.297836][T15548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 831.319142][T15548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.330408][T15548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 831.349533][T15548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.380151][T15548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 831.422011][T15548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.457053][T15548] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 831.532128][T15548] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.544853][T15548] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.554427][T15548] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.568155][T15548] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.708973][ T6735] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 831.722775][ T6735] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 831.800534][ T3029] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 831.814094][ T3029] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 833.015376][T15165] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 833.227178][T15165] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 833.242897][T15165] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 833.273349][T15165] usb 3-1: New USB device found, idVendor=0079, idProduct=0006, bcdDevice= 0.00 [ 833.299271][T15165] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 833.315459][T15165] usb 3-1: config 0 descriptor?? [ 833.650816][T15732] ip6gretap0 speed is unknown, defaulting to 1000 [ 833.677705][T15730] IPVS: rr: SCTP 127.0.0.1:0 - no destination available [ 834.149898][T15165] dragonrise 0003:0079:0006.0029: unknown main item tag 0x0 [ 834.216012][T15165] dragonrise 0003:0079:0006.0029: hidraw0: USB HID v0.00 Device [HID 0079:0006] on usb-dummy_hcd.2-1/input0 [ 834.235714][T15165] dragonrise 0003:0079:0006.0029: no inputs found [ 834.261239][T15165] dragonrise 0003:0079:0006.0029: force feedback init failed [ 834.433877][ T5226] usb 3-1: USB disconnect, device number 49 [ 836.109390][ T3029] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 836.594249][ T3029] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 836.692919][ T3029] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 836.771468][ T3029] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 836.860011][ T3029] bridge_slave_1: left allmulticast mode [ 836.865960][ T3029] bridge_slave_1: left promiscuous mode [ 836.872131][ T3029] bridge0: port 2(bridge_slave_1) entered disabled state [ 836.880858][ T3029] bridge_slave_0: left allmulticast mode [ 836.886758][ T3029] bridge_slave_0: left promiscuous mode [ 836.892411][ T3029] bridge0: port 1(bridge_slave_0) entered disabled state [ 840.711334][ T3029] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 840.770210][ T3029] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 840.803126][T10820] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 840.818226][T10820] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 840.829383][T10820] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 840.839666][T10820] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 840.848823][T10820] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 840.856266][T10820] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 840.905267][ T3029] bond0 (unregistering): Released all slaves [ 842.251316][T15766] nicvf0: tun_chr_ioctl cmd 1074025677 [ 842.285427][T15766] nicvf0: linktype set to 827 [ 842.413905][T15777] ip6gretap0 speed is unknown, defaulting to 1000 [ 842.927227][T10820] Bluetooth: hci1: command tx timeout [ 843.617500][T15799] ipt_REJECT: TCP_RESET invalid for non-tcp [ 844.596226][ T3029] hsr_slave_0: left promiscuous mode [ 844.608569][ T3029] hsr_slave_1: left promiscuous mode [ 844.674502][ T3029] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 844.715101][ T3029] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 844.737507][ T3029] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 844.840220][ T3029] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 844.918394][T15816] netlink: 168 bytes leftover after parsing attributes in process `syz.2.3461'. [ 844.932869][ T3029] veth1_macvtap: left promiscuous mode [ 844.957140][ T3029] veth0_macvtap: left promiscuous mode [ 844.969766][ T3029] veth1_vlan: left promiscuous mode [ 844.986645][ T3029] veth0_vlan: left promiscuous mode [ 845.005122][T10820] Bluetooth: hci1: command tx timeout [ 845.273182][ T25] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 845.465271][ T25] usb 3-1: Using ep0 maxpacket: 8 [ 845.482525][ T25] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=95.0d [ 845.503673][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 845.513765][ T25] usb 3-1: Product: syz [ 845.530416][ T25] usb 3-1: Manufacturer: syz [ 845.537074][ T25] usb 3-1: SerialNumber: syz [ 845.556708][ T25] usb 3-1: config 0 descriptor?? [ 845.841376][ T25] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 845.850449][ T25] dvb_usb_af9015 3-1:0.0: probe with driver dvb_usb_af9015 failed with error -22 [ 845.882531][ T25] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 845.891379][ T25] dvb_usb_af9035 3-1:0.0: probe with driver dvb_usb_af9035 failed with error -22 [ 845.926085][ T25] usb 3-1: USB disconnect, device number 50 [ 847.928303][T10820] Bluetooth: hci1: command tx timeout [ 849.690676][T15806] syz.4.3457 (15806): drop_caches: 2 [ 849.849480][ T3029] team0 (unregistering): Port device team_slave_1 removed [ 849.965151][T10820] Bluetooth: hci1: command tx timeout [ 850.388691][ T3029] team0 (unregistering): Port device team_slave_0 removed [ 855.609724][ T29] audit: type=1326 audit(1722749308.897:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15874 comm="syz.0.3479" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe30f7779f9 code=0x0 [ 855.645314][ T5291] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 855.776355][T15777] chnl_net:caif_netlink_parms(): no params data found [ 856.650494][T10820] Bluetooth: hci4: unexpected event for opcode 0x0c14 [ 856.660633][T15885] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3479'. [ 856.666203][ T29] audit: type=1326 audit(1722749309.977:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15894 comm="syz.4.3484" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f261ad779f9 code=0x0 [ 856.690570][ C1] vkms_vblank_simulate: vblank timer overrun [ 856.779151][T15897] 9pnet_fd: Insufficient options for proto=fd [ 856.839526][T15777] bridge0: port 1(bridge_slave_0) entered blocking state [ 856.852836][ T29] audit: type=1326 audit(1722749310.027:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15894 comm="syz.4.3484" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f261ad779f9 code=0x0 [ 856.875621][T15900] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 856.911866][T15777] bridge0: port 1(bridge_slave_0) entered disabled state [ 856.940459][T15777] bridge_slave_0: entered allmulticast mode [ 856.983126][T15777] bridge_slave_0: entered promiscuous mode [ 857.036319][T15777] bridge0: port 2(bridge_slave_1) entered blocking state [ 857.072163][T15777] bridge0: port 2(bridge_slave_1) entered disabled state [ 857.099388][T15777] bridge_slave_1: entered allmulticast mode [ 857.121557][T15777] bridge_slave_1: entered promiscuous mode [ 857.476274][T15777] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 857.519818][T15777] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 857.732787][T15777] team0: Port device team_slave_0 added [ 857.772182][T15777] team0: Port device team_slave_1 added [ 858.038030][T15777] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 858.047548][T15777] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 858.076625][T15777] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 858.293169][T15777] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 858.474552][T15908] vxfs: WRONG superblock magic 00000000 at 1 [ 858.485123][T15908] vxfs: WRONG superblock magic 00000000 at 8 [ 858.491560][T15908] vxfs: can't find superblock. [ 859.115121][T15777] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 859.204084][T15777] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 859.239136][T15908] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3488'. [ 859.535582][T15777] hsr_slave_0: entered promiscuous mode [ 859.554517][T15777] hsr_slave_1: entered promiscuous mode [ 859.600125][T15777] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 859.619902][T15777] Cannot create hsr debugfs directory [ 860.590445][ T5269] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 860.657943][T15777] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 860.678162][T15777] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 860.690757][T15777] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 860.723314][T15777] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 860.788986][ T5269] usb 3-1: New USB device found, idVendor=59cc, idProduct=980d, bcdDevice=b4.8e [ 860.917030][ T5269] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 861.226606][ T5269] usb 3-1: config 0 descriptor?? [ 861.336776][ T5269] usb-storage 3-1:0.0: USB Mass Storage device detected [ 861.467487][T15941] netlink: 201412 bytes leftover after parsing attributes in process `syz.4.3503'. [ 861.477353][T15941] netlink: zone id is out of range [ 861.482504][T15941] netlink: zone id is out of range [ 861.487668][T15941] netlink: zone id is out of range [ 861.492767][T15941] netlink: zone id is out of range [ 861.497905][T15941] netlink: zone id is out of range [ 861.502996][T15941] netlink: zone id is out of range [ 861.508199][T15941] netlink: zone id is out of range [ 861.513284][T15941] netlink: zone id is out of range [ 861.518421][T15941] netlink: zone id is out of range [ 861.523509][T15941] netlink: zone id is out of range [ 861.536874][T15777] 8021q: adding VLAN 0 to HW filter on device bond0 [ 861.565419][T10820] Bluetooth: hci3: command 0x0405 tx timeout [ 861.630960][T15777] 8021q: adding VLAN 0 to HW filter on device team0 [ 861.657907][ T5291] bridge0: port 1(bridge_slave_0) entered blocking state [ 861.665056][ T5291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 861.727073][ T5291] bridge0: port 2(bridge_slave_1) entered blocking state [ 861.734239][ T5291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 862.004863][T15961] Mount JFS Failure: -22 [ 862.022748][ T5291] usb 3-1: USB disconnect, device number 51 [ 863.373795][T15777] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 863.682150][T15777] veth0_vlan: entered promiscuous mode [ 864.581174][T15777] veth1_vlan: entered promiscuous mode [ 864.715219][T15993] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3516'. [ 864.816908][T15777] veth0_macvtap: entered promiscuous mode [ 864.851154][T15777] veth1_macvtap: entered promiscuous mode [ 864.882713][T15777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 864.907821][T15777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 864.919012][T15777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 864.931479][T15777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 864.941695][T15777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 864.952269][T15777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 864.962315][T15777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 864.972889][T15777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 864.991937][T15777] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 865.043754][T15777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 865.055327][T15777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 865.067302][T15777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 865.078778][T15777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 865.091737][T15777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 865.102634][T15777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 865.112755][T16004] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3521'. [ 865.112897][T15777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 865.130557][T16004] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3521'. [ 865.134329][T15777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 865.159708][T15777] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 865.197729][T15777] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 865.206699][T15777] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 865.215818][T15777] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 865.225382][T15777] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 865.449188][ T6733] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 865.493511][ T6733] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 867.485220][ T5217] Bluetooth: hci3: command 0x0405 tx timeout [ 868.679982][ T3021] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 868.689096][ T3021] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 869.621875][ T29] audit: type=1804 audit(1722749322.507:461): pid=16025 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.2.3525" name="/newroot/204/file0" dev="fuse" ino=1 res=1 errno=0 [ 869.685146][ T5267] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 869.876558][T16034] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 869.894752][ T5267] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 869.918640][ T5267] usb 4-1: config 0 has no interfaces? [ 869.924166][ T5267] usb 4-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 869.939239][ T5267] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 869.972841][ T5267] usb 4-1: config 0 descriptor?? [ 870.015195][ T940] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 870.527788][ T1271] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.704704][ T1271] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.809890][ T940] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 870.820377][ T940] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 870.852720][ T940] usb 3-1: config 0 descriptor?? [ 871.243939][T16047] ip6gretap0 speed is unknown, defaulting to 1000 [ 871.509348][ T940] usb 3-1: Cannot set MAC address [ 871.514732][ T940] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 871.536916][ T940] usb 3-1: USB disconnect, device number 52 [ 872.073735][T16051] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3535'. [ 872.207336][ T940] IPVS: starting estimator thread 0... [ 872.234386][ T5291] usb 4-1: USB disconnect, device number 46 [ 872.395330][T16054] IPVS: using max 20 ests per chain, 48000 per kthread [ 873.465029][ T940] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 874.695824][T16091] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 874.750548][ T940] usb 4-1: New USB device found, idVendor=16c0, idProduct=05df, bcdDevice=9e.66 [ 874.775351][ T940] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 874.803852][ T940] usb 4-1: Product: syz [ 874.823971][ T940] usb 4-1: Manufacturer: syz [ 874.831958][ T940] usb 4-1: SerialNumber: syz [ 874.842983][ T940] usb 4-1: config 0 descriptor?? [ 874.852334][ T940] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 875.105675][ T940] usb 4-1: USB disconnect, device number 47 [ 875.683077][T16124] trusted_key: encrypted_key: hex blob is missing [ 875.720563][T16122] netlink: 'syz.4.3563': attribute type 7 has an invalid length. [ 877.388562][T16149] ip6gretap0 speed is unknown, defaulting to 1000 [ 877.943046][ T29] audit: type=1326 audit(1722749331.207:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16163 comm="syz.0.3575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe30f7779f9 code=0x7ffc0000 [ 878.148454][T16148] xt_CONNSECMARK: invalid mode: 0 [ 878.437565][ T29] audit: type=1326 audit(1722749331.207:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16163 comm="syz.0.3575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe30f7779f9 code=0x7ffc0000 [ 878.543716][ T29] audit: type=1326 audit(1722749331.227:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16163 comm="syz.0.3575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7fe30f7779f9 code=0x7ffc0000 [ 878.649230][ T29] audit: type=1326 audit(1722749331.227:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16163 comm="syz.0.3575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe30f7779f9 code=0x7ffc0000 [ 878.701748][ T29] audit: type=1326 audit(1722749331.227:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16163 comm="syz.0.3575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe30f7779f9 code=0x7ffc0000 [ 878.755881][ T29] audit: type=1326 audit(1722749331.227:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16163 comm="syz.0.3575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7fe30f7779f9 code=0x7ffc0000 [ 878.820797][ T29] audit: type=1326 audit(1722749331.227:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16163 comm="syz.0.3575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe30f7779f9 code=0x7ffc0000 [ 878.851349][ T29] audit: type=1326 audit(1722749331.237:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16163 comm="syz.0.3575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=244 compat=0 ip=0x7fe30f7779f9 code=0x7ffc0000 [ 878.949588][ T29] audit: type=1326 audit(1722749331.237:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16163 comm="syz.0.3575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe30f7779f9 code=0x7ffc0000 [ 878.994990][ T29] audit: type=1326 audit(1722749331.237:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16163 comm="syz.0.3575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe30f7779f9 code=0x7ffc0000 [ 879.152957][T16193] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3588'. [ 879.245749][ T5222] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 879.455181][ T5222] usb 2-1: Using ep0 maxpacket: 32 [ 879.471186][ T5222] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 879.486543][ T5222] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 879.502384][ T5222] usb 2-1: New USB device found, idVendor=413c, idProduct=819b, bcdDevice=a7.c0 [ 879.511855][ T5222] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 879.525061][ T5222] usb 2-1: Product: syz [ 879.529246][ T5222] usb 2-1: Manufacturer: syz [ 879.554751][ T5222] usb 2-1: SerialNumber: syz [ 879.578303][ T5222] usb 2-1: config 0 descriptor?? [ 879.614162][ T5222] qmi_wwan 2-1:0.0: probe with driver qmi_wwan failed with error -22 [ 879.713095][ T5291] hid-generic 0000:0000:0000.002A: unknown main item tag 0x0 [ 879.720829][ T5291] hid-generic 0000:0000:0000.002A: unknown main item tag 0x0 [ 879.729003][ T5291] hid-generic 0000:0000:0000.002A: unknown main item tag 0x0 [ 879.737232][ T5291] hid-generic 0000:0000:0000.002A: unknown main item tag 0x0 [ 879.745207][ T5291] hid-generic 0000:0000:0000.002A: unknown main item tag 0x0 [ 879.752869][ T5291] hid-generic 0000:0000:0000.002A: unknown main item tag 0x0 [ 879.763087][ T5291] hid-generic 0000:0000:0000.002A: unknown main item tag 0x0 [ 879.773250][ T5291] hid-generic 0000:0000:0000.002A: unknown main item tag 0x0 [ 879.816882][ T5291] hid-generic 0000:0000:0000.002A: unknown main item tag 0x0 [ 879.824332][ T5291] hid-generic 0000:0000:0000.002A: unknown main item tag 0x0 [ 879.845543][ T5291] hid-generic 0000:0000:0000.002A: unknown main item tag 0x0 [ 879.864854][ T5269] usb 2-1: USB disconnect, device number 40 [ 879.868282][ T5291] hid-generic 0000:0000:0000.002A: hidraw0: HID v0.00 Device [syz1] on syz0 [ 879.871250][ T940] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 880.222673][T16236] 9pnet_fd: Insufficient options for proto=fd [ 880.246093][T16236] netlink: 'syz.4.3604': attribute type 1 has an invalid length. [ 880.247295][ T940] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 880.253968][T16236] netlink: 112860 bytes leftover after parsing attributes in process `syz.4.3604'. [ 880.273294][ T940] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 880.279787][T16236] netlink: 'syz.4.3604': attribute type 1 has an invalid length. [ 880.888145][ T940] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 880.897904][ T940] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 880.936474][ T940] usb 3-1: config 0 descriptor?? [ 881.989023][T16243] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 882.080432][T16243] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 882.990079][T16247] (unnamed net_device) (uninitialized): Unable to set down delay as MII monitoring is disabled [ 884.269960][ T940] uclogic 0003:256C:006D.002B: v1 frame probing failed: -71 [ 884.299192][ T940] uclogic 0003:256C:006D.002B: failed probing parameters: -71 [ 884.342307][ T940] uclogic 0003:256C:006D.002B: probe with driver uclogic failed with error -71 [ 884.389877][ T940] usb 3-1: USB disconnect, device number 53 [ 885.626111][T16300] netlink: 'syz.3.3631': attribute type 1 has an invalid length. [ 885.640662][T16300] netlink: 9324 bytes leftover after parsing attributes in process `syz.3.3631'. [ 885.660315][T16297] Bluetooth: MGMT ver 1.23 [ 885.668498][T16297] Bluetooth: hci3: invalid length 0, exp 2 for type 20 [ 885.670043][T16300] netlink: 'syz.3.3631': attribute type 1 has an invalid length. [ 885.683435][T16300] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3631'. [ 886.026061][ T29] kauditd_printk_skb: 10 callbacks suppressed [ 886.026078][ T29] audit: type=1326 audit(1722749339.337:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16314 comm="syz.1.3638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4166d779f9 code=0x7ffc0000 [ 886.131521][ T29] audit: type=1326 audit(1722749339.337:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16314 comm="syz.1.3638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4166d779f9 code=0x7ffc0000 [ 886.193222][ T29] audit: type=1326 audit(1722749339.367:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16314 comm="syz.1.3638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f4166d779f9 code=0x7ffc0000 [ 886.269006][ T29] audit: type=1326 audit(1722749339.367:485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16314 comm="syz.1.3638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4166d779f9 code=0x7ffc0000 [ 886.390849][ T29] audit: type=1326 audit(1722749339.367:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16314 comm="syz.1.3638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4166d779f9 code=0x7ffc0000 [ 886.412445][ C0] vkms_vblank_simulate: vblank timer overrun [ 886.635717][ T5291] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 886.860573][ T5291] usb 2-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.04 [ 886.895086][ T5291] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 886.924615][ T5291] usb 2-1: config 0 descriptor?? [ 886.981808][ T5291] go7007 2-1:0.0: probe with driver go7007 failed with error -12 [ 887.025207][T16336] nbd2: detected capacity change from 0 to 8388607 [ 887.259988][ T940] usb 2-1: USB disconnect, device number 41 [ 887.392724][T10820] block nbd2: Receive control failed (result -32) [ 887.393032][T16336] block nbd2: shutting down sockets [ 889.415190][ T5291] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 889.697786][ T5291] usb 2-1: Using ep0 maxpacket: 8 [ 889.744987][ T5291] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xE has an invalid bInterval 0, changing to 7 [ 889.825390][ T5291] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 889.898436][ T5291] usb 2-1: New USB device found, idVendor=0582, idProduct=28e8, bcdDevice=f5.06 [ 889.927339][ T5291] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 889.943608][ T5291] usb 2-1: Product: syz [ 889.960735][ T5291] usb 2-1: Manufacturer: syz [ 889.978700][T16400] futex_wake_op: syz.0.3675 tries to shift op by 32; fix this program [ 889.989787][ T5291] usb 2-1: SerialNumber: syz [ 890.214397][ T5291] usb 2-1: config 0 descriptor?? [ 890.740732][ T5291] usb 2-1: USB disconnect, device number 42 [ 892.251718][T16441] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3691'. [ 892.747496][ T5267] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 892.936937][ T5267] usb 3-1: Using ep0 maxpacket: 8 [ 892.956755][ T5267] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 893.006901][ T5267] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 893.035309][ T5267] usb 3-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00 [ 893.055016][ T5267] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 893.087724][ T5267] usb 3-1: config 0 descriptor?? [ 893.175274][ T5291] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 893.207392][T16463] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 893.280465][T16463] kvm: pic: level sensitive irq not supported [ 893.282847][T16463] kvm: pic: non byte read [ 893.295381][T16463] kvm: pic: level sensitive irq not supported [ 893.295464][T16463] kvm: pic: non byte read [ 893.335712][T16463] kvm: pic: level sensitive irq not supported [ 893.335782][T16463] kvm: pic: non byte read [ 893.375594][T16463] kvm: pic: level sensitive irq not supported [ 893.375688][T16463] kvm: pic: non byte read [ 893.395236][ T5291] usb 4-1: Using ep0 maxpacket: 16 [ 893.407769][ T5291] usb 4-1: config 0 has no interfaces? [ 893.433827][ T5291] usb 4-1: New USB device found, idVendor=045e, idProduct=05da, bcdDevice= 0.00 [ 893.455364][ T5291] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 893.470743][T10820] Bluetooth: hci1: unexpected event 0x03 length: 4 < 11 [ 893.484173][ T5291] usb 4-1: config 0 descriptor?? [ 893.527921][ T5267] lenovo 0003:17EF:6067.002C: unknown main item tag 0x0 [ 893.552686][ T5267] lenovo 0003:17EF:6067.002C: item fetching failed at offset 5/7 [ 893.585688][ T5267] lenovo 0003:17EF:6067.002C: hid_parse failed [ 893.591956][ T5267] lenovo 0003:17EF:6067.002C: probe with driver lenovo failed with error -22 [ 893.720616][ T5291] usb 4-1: USB disconnect, device number 48 [ 893.737226][T15465] usb 3-1: USB disconnect, device number 54 [ 893.766932][ T940] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 893.789254][T16481] netlink: 'syz.4.3707': attribute type 21 has an invalid length. [ 894.101852][ T940] usb 2-1: New USB device found, idVendor=0413, idProduct=6f00, bcdDevice=d8.3f [ 894.115044][ T940] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 894.219553][ T940] usb 2-1: config 0 descriptor?? [ 894.648559][ T940] dvb-usb: found a 'Leadtek Winfast DTV Dongle (STK7700P based)' in cold state, will try to load a firmware [ 894.689204][ T940] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 894.698553][ T940] dib0700: firmware download failed at 7 with -22 [ 894.709642][ T940] usb 2-1: USB disconnect, device number 43 [ 895.129739][T16509] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3717'. [ 895.768329][T16523] binder: 16518:16523 ioctl 4018620d 0 returned -22 [ 896.523489][T16525] net_ratelimit: 69 callbacks suppressed [ 896.523507][T16525] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 896.827195][T16539] binder: 16538:16539 ioctl 4018620d 0 returned -22 [ 896.865040][ T940] usb 3-1: new high-speed USB device number 55 using dummy_hcd [ 896.947067][T16549] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3736'. [ 897.045313][ T940] usb 3-1: Using ep0 maxpacket: 32 [ 897.082495][ T940] usb 3-1: New USB device found, idVendor=0b48, idProduct=1009, bcdDevice=55.33 [ 897.092460][T15517] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 897.106350][ T940] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 897.115217][T15465] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 897.137036][ T940] usb 3-1: Product: syz [ 897.150501][ T940] usb 3-1: Manufacturer: syz [ 897.169518][ T940] usb 3-1: SerialNumber: syz [ 897.178237][ T940] usb 3-1: config 0 descriptor?? [ 897.189455][ T940] ttusb_dec_send_command: command bulk message failed: error -22 [ 897.200900][ T940] ttusb-dec 3-1:0.0: probe with driver ttusb-dec failed with error -22 [ 897.315214][T15517] usb 2-1: Using ep0 maxpacket: 8 [ 897.321786][T15517] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 897.335267][T15517] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 897.347869][T15517] usb 2-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x76, changing to 0x6 [ 897.366722][T15465] usb 4-1: config 250 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 897.371638][T15517] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 100, changing to 10 [ 897.399554][T15517] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 24936, setting to 1024 [ 897.420564][ T940] usb 3-1: USB disconnect, device number 55 [ 897.434223][T15517] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 897.445610][T15465] usb 4-1: language id specifier not provided by device, defaulting to English [ 897.462085][T15517] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 897.472781][T15465] usb 4-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.40 [ 897.500641][T15517] hub 2-1:1.0: bad descriptor, ignoring hub [ 897.510157][T15517] hub 2-1:1.0: probe with driver hub failed with error -5 [ 897.513680][T15465] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 897.519267][T15517] cdc_wdm 2-1:1.0: skipping garbage [ 897.542751][T15517] cdc_wdm 2-1:1.0: skipping garbage [ 897.551733][T15517] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22 [ 897.561691][T15465] usb 4-1: Product: syz [ 897.573569][T15465] usb 4-1: Manufacturer: é°ï»¥å‚–ᅅ㞴岼먊ߧᚨ筨鴴ã®î¡ˆë ƒèˆŠé™Œç¬Ù¶å¯¥æ·´é§–켧ἲ㯩譅㯂֫凑ᶜ鎣䟒ᣇ邛྽ⰨꢅŦꂙ섾倞ࡢᅗ힋䒺⿰挱 [ 897.639098][T15465] usb 4-1: SerialNumber: syz [ 897.675267][T15465] usbhid 4-1:250.0: couldn't find an input interrupt endpoint [ 897.809402][T16568] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3743'. [ 897.835977][ T940] usb 2-1: USB disconnect, device number 44 [ 898.007770][T16542] bridge0: port 1(bridge_slave_0) entered disabled state [ 900.291060][ T940] usb 1-1: new high-speed USB device number 72 using dummy_hcd [ 900.628768][T15465] usb 4-1: USB disconnect, device number 49 [ 900.715050][ T940] usb 1-1: Using ep0 maxpacket: 8 [ 900.728256][ T940] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 900.967986][ T940] usb 1-1: New USB device found, idVendor=1b80, idProduct=d700, bcdDevice=d0.46 [ 901.084373][ T940] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 901.255269][ T940] usb 1-1: Product: syz [ 901.339395][ T940] usb 1-1: Manufacturer: syz [ 901.418569][ T940] usb 1-1: SerialNumber: syz [ 901.450243][ T940] usb 1-1: config 0 descriptor?? [ 901.486443][ T940] usb 1-1: can't set config #0, error -71 [ 901.502787][ T940] usb 1-1: USB disconnect, device number 72 [ 901.567568][T16602] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3754'. [ 901.628490][T16604] sch_tbf: burst 3 is lower than device lo mtu (65550) ! [ 901.927676][T16618] vivid-001: disconnect [ 901.954471][T16614] vivid-001: reconnect [ 902.790661][ T29] audit: type=1400 audit(1722749356.097:487): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="#!" requested=w pid=16644 comm="syz.3.3771" [ 903.424497][ T29] audit: type=1400 audit(1722749356.727:488): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="#!" requested=w pid=16654 comm="syz.3.3776" dest=2 [ 904.812381][T16674] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 905.209195][T16690] overlayfs: conflicting lowerdir path [ 907.325965][T16695] dvmrp0: entered allmulticast mode [ 907.811139][T15465] usb 1-1: new high-speed USB device number 73 using dummy_hcd [ 909.125959][T15465] usb 1-1: config 0 has an invalid interface number: 199 but max is 1 [ 909.134181][T15465] usb 1-1: config 0 has no interface number 1 [ 909.140758][T15465] usb 1-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 909.151704][T15465] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 909.169966][T15465] usb 1-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00 [ 909.179745][T15465] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 909.187999][T15465] usb 1-1: SerialNumber: syz [ 909.205276][T15465] usb 1-1: config 0 descriptor?? [ 909.516436][T15465] usb 1-1: Found UVC 0.00 device (0002:0000) [ 909.655469][T15465] usb 1-1: No valid video chain found. [ 909.684583][T15465] usb 1-1: USB disconnect, device number 73 [ 909.815343][T16735] netlink: 'syz.3.3806': attribute type 21 has an invalid length. [ 909.827964][T16735] netlink: 156 bytes leftover after parsing attributes in process `syz.3.3806'. [ 910.030305][T16743] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3811'. [ 911.323295][T16775] vlan2: entered promiscuous mode [ 911.338022][T16775] vlan2: entered allmulticast mode [ 911.358623][T16775] bridge0: port 4(vlan2) entered blocking state [ 911.380413][T16775] bridge0: port 4(vlan2) entered disabled state [ 912.448351][ T5291] IPVS: starting estimator thread 0... [ 912.461029][T16808] vcan0: entered allmulticast mode [ 912.467096][T16808] vcan0: left allmulticast mode [ 913.465202][T16814] IPVS: using max 17 ests per chain, 40800 per kthread [ 913.879658][ T29] audit: type=1326 audit(1722749367.187:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16829 comm="syz.1.3844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4166d779f9 code=0x7ffc0000 [ 913.932944][ T29] audit: type=1326 audit(1722749367.187:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16829 comm="syz.1.3844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4166d779f9 code=0x7ffc0000 [ 913.978170][T16835] x_tables: unsorted entry at hook 3 [ 913.981627][ T29] audit: type=1326 audit(1722749367.217:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16829 comm="syz.1.3844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=113 compat=0 ip=0x7f4166d779f9 code=0x7ffc0000 [ 914.010147][ T29] audit: type=1326 audit(1722749367.217:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16829 comm="syz.1.3844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4166d779f9 code=0x7ffc0000 [ 914.033953][ T29] audit: type=1326 audit(1722749367.217:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16829 comm="syz.1.3844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4166d779f9 code=0x7ffc0000 [ 914.082773][T16836] rtc_cmos 00:00: Alarms can be up to one day in the future [ 914.100019][ T29] audit: type=1326 audit(1722749367.217:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16829 comm="syz.1.3844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7f4166d779f9 code=0x7ffc0000 [ 914.152360][ T29] audit: type=1326 audit(1722749367.217:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16829 comm="syz.1.3844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4166d779f9 code=0x7ffc0000 [ 914.189179][ T29] audit: type=1326 audit(1722749367.217:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16829 comm="syz.1.3844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4166d779f9 code=0x7ffc0000 [ 914.212634][ T29] audit: type=1326 audit(1722749367.217:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16829 comm="syz.1.3844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=31 compat=0 ip=0x7f4166d779f9 code=0x7ffc0000 [ 914.235187][ T29] audit: type=1326 audit(1722749367.217:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16829 comm="syz.1.3844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4166d779f9 code=0x7ffc0000 [ 914.470041][T16841] netlink: 'syz.3.3847': attribute type 10 has an invalid length. [ 915.399071][T16841] bridge0: port 3(hsr0) entered disabled state [ 915.465583][T16841] hsr0: left allmulticast mode [ 915.475224][T16841] hsr_slave_0: left allmulticast mode [ 915.481123][T16833] rtc_cmos 00:00: Alarms can be up to one day in the future [ 915.508059][T15465] kernel write not supported for file bpf-prog (pid: 15465 comm: kworker/1:6) [ 915.512374][T16841] hsr_slave_1: left allmulticast mode [ 915.540343][T16841] bridge0: port 3(hsr0) entered disabled state [ 915.562930][ T940] rtc_cmos 00:00: Alarms can be up to one day in the future [ 915.594504][T16841] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 915.607446][ T940] rtc_cmos 00:00: Alarms can be up to one day in the future [ 915.655763][T16841] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 915.660414][ T940] rtc_cmos 00:00: Alarms can be up to one day in the future [ 915.666292][T16841] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 915.693209][T16841] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 915.700146][ T940] rtc_cmos 00:00: Alarms can be up to one day in the future [ 915.700170][ T940] rtc rtc0: __rtc_set_alarm: err=-22 [ 916.198694][T16872] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3859'. [ 916.215028][ T940] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 916.369675][ T5226] usb 2-1: new full-speed USB device number 45 using dummy_hcd [ 916.445757][ T940] usb 4-1: Using ep0 maxpacket: 16 [ 918.399116][ T940] usb 4-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 918.408707][ T940] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 918.422321][ T940] usb 4-1: Product: syz [ 918.426668][ T940] usb 4-1: Manufacturer: syz [ 918.432734][ T940] usb 4-1: SerialNumber: syz [ 918.464567][ T940] usb 4-1: config 0 descriptor?? [ 918.469978][ T5226] usb 2-1: not running at top speed; connect to a high speed hub [ 918.483914][ T5226] usb 2-1: config 123 has an invalid interface number: 222 but max is 1 [ 918.493289][ T5226] usb 2-1: config 123 has an invalid interface number: 61 but max is 1 [ 918.501977][ T5226] usb 2-1: config 123 has no interface number 0 [ 918.510660][ T5226] usb 2-1: config 123 has no interface number 1 [ 918.520832][ T5226] usb 2-1: config 123 interface 61 altsetting 2 endpoint 0xF has invalid maxpacket 1024, setting to 64 [ 918.527025][ T940] visor 4-1:0.0: Sony Clie 3.5 converter detected [ 918.532601][ T5226] usb 2-1: config 123 interface 61 altsetting 2 has a duplicate endpoint with address 0xF, skipping [ 918.555182][ T5226] usb 2-1: config 123 interface 222 has no altsetting 0 [ 918.562476][ T5226] usb 2-1: config 123 interface 61 has no altsetting 0 [ 918.587812][ T5226] usb 2-1: string descriptor 0 read error: -22 [ 918.594511][ T5226] usb 2-1: New USB device found, idVendor=13d3, idProduct=3321, bcdDevice=8f.1c [ 918.604337][ T5226] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 918.628377][ T5226] usb 2-1: bad CDC descriptors [ 918.770751][ T940] usb 4-1: clie_3_5_startup: get config number failed: -71 [ 918.778797][ T940] visor 4-1:0.0: probe with driver visor failed with error -71 [ 918.791029][ T940] usb 4-1: USB disconnect, device number 50 [ 919.005131][ T5226] usb 2-1: USB disconnect, device number 45 [ 920.475167][ T940] usb 3-1: new high-speed USB device number 56 using dummy_hcd [ 921.405642][ T940] usb 3-1: Using ep0 maxpacket: 8 [ 921.427744][ T940] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 921.456568][ T940] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 921.472166][ T940] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 921.483858][ T940] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 921.505379][ T940] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 921.514580][ T940] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 921.637993][T16942] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.3885'. [ 921.740007][ T940] usb 3-1: GET_CAPABILITIES returned 0 [ 921.750193][ T940] usbtmc 3-1:16.0: can't read capabilities [ 921.955091][ T5267] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 921.980163][ T940] usb 3-1: USB disconnect, device number 56 [ 922.149832][ T5267] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 922.159074][ T5267] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 922.170521][ T5267] usb 2-1: config 0 descriptor?? [ 922.179126][ T5267] cp210x 2-1:0.0: cp210x converter detected [ 922.393073][T16957] fuse: Bad value for 'user_id' [ 922.398088][T16957] fuse: Bad value for 'user_id' [ 922.713146][T16942] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 922.745182][T16942] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 923.591897][T16974] random: crng reseeded on system resumption [ 923.622134][T10820] Bluetooth: hci1: unknown advertising packet type: 0x23 [ 923.624600][T10820] Bluetooth: hci1: unknown advertising packet type: 0x56 [ 923.642013][T10820] Bluetooth: hci1: unknown advertising packet type: 0x8e [ 923.649671][T10820] Bluetooth: hci1: unknown advertising packet type: 0x1a [ 923.660419][T10820] Bluetooth: hci1: unknown advertising packet type: 0x12 [ 923.667565][T10820] Bluetooth: hci1: unknown advertising packet type: 0xfa [ 923.674685][T10820] Bluetooth: hci1: unknown advertising packet type: 0x66 [ 923.952952][ T5267] cp210x 2-1:0.0: failed to get vendor val 0x3711 size 2: -71 [ 924.120670][ T5267] cp210x 2-1:0.0: GPIO initialisation failed: -71 [ 924.165611][ T5267] usb 2-1: cp210x converter now attached to ttyUSB0 [ 924.264385][ T5267] usb 2-1: USB disconnect, device number 46 [ 924.995720][ T5267] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 925.024094][ T5267] cp210x 2-1:0.0: device disconnected [ 926.369763][T17012] netem: incorrect ge model size [ 926.515172][ T5226] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 926.733224][ T5226] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 926.744987][ T5226] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 926.754985][ T5226] usb 2-1: New USB device found, idVendor=056e, idProduct=00fb, bcdDevice= 0.00 [ 926.764156][ T5226] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 926.786928][ T5226] usb 2-1: config 0 descriptor?? [ 927.411816][ T5226] elecom 0003:056E:00FB.002D: hidraw0: USB HID v0.00 Device [HID 056e:00fb] on usb-dummy_hcd.1-1/input0 [ 927.606838][T17030] vxfs: WRONG superblock magic 00000000 at 1 [ 927.613737][T17030] vxfs: WRONG superblock magic 00000000 at 8 [ 927.619963][T17030] vxfs: can't find superblock. [ 928.331286][ T29] kauditd_printk_skb: 77 callbacks suppressed [ 928.331303][ T29] audit: type=1326 audit(1722749381.637:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17027 comm="syz.0.3913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe30f7779f9 code=0x7ffc0000 [ 928.380711][T15465] usb 2-1: USB disconnect, device number 47 [ 928.421672][ T29] audit: type=1326 audit(1722749381.677:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17027 comm="syz.0.3913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe30f7779f9 code=0x7ffc0000 [ 928.469043][ T29] audit: type=1326 audit(1722749381.677:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17027 comm="syz.0.3913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=208 compat=0 ip=0x7fe30f7779f9 code=0x7ffc0000 [ 928.555123][ T29] audit: type=1326 audit(1722749381.677:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17027 comm="syz.0.3913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe30f7779f9 code=0x7ffc0000 [ 928.610340][ T29] audit: type=1326 audit(1722749381.677:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17027 comm="syz.0.3913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fe30f7779f9 code=0x7ffc0000 [ 928.736009][ T29] audit: type=1326 audit(1722749381.677:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17027 comm="syz.0.3913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe30f7779f9 code=0x7ffc0000 [ 928.806006][ T29] audit: type=1326 audit(1722749381.677:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17027 comm="syz.0.3913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fe30f7779f9 code=0x7ffc0000 [ 928.865097][ T29] audit: type=1326 audit(1722749381.677:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17027 comm="syz.0.3913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe30f7779f9 code=0x7ffc0000 [ 928.996015][ T29] audit: type=1326 audit(1722749381.677:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17027 comm="syz.0.3913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fe30f7779f9 code=0x7ffc0000 [ 929.023776][ T29] audit: type=1326 audit(1722749381.687:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17027 comm="syz.0.3913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe30f7779f9 code=0x7ffc0000 [ 929.700754][T17046] Bluetooth: MGMT ver 1.23 [ 930.056848][T17061] fuse: Bad value for 'fd' [ 931.268687][T17066] vxfs: WRONG superblock magic 00000000 at 1 [ 931.278826][T17066] vxfs: WRONG superblock magic 00000000 at 8 [ 931.286698][T17066] vxfs: can't find superblock. [ 931.337581][T17066] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3925'. [ 932.045568][ T1271] ieee802154 phy0 wpan0: encryption failed: -22 [ 932.055079][ T1271] ieee802154 phy1 wpan1: encryption failed: -22 [ 932.531396][T17089] xt_cgroup: invalid path, errno=-2 [ 933.470177][T17116] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 933.477472][T17116] IPv6: NLM_F_CREATE should be set when creating new route [ 933.484704][T17116] IPv6: NLM_F_CREATE should be set when creating new route [ 933.517123][T17116] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 933.604137][ T29] kauditd_printk_skb: 47 callbacks suppressed [ 933.604154][ T29] audit: type=1400 audit(1722749386.907:633): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="#!" requested=w pid=17117 comm="syz.2.3943" dest=19999 [ 933.828308][T17128] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 933.837952][ T5291] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 933.861016][ T5291] hid-generic 0000:0000:0000.002E: hidraw0: HID v0.00 Device [syz0] on syz0 [ 933.947306][ T29] audit: type=1326 audit(1722749387.257:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17127 comm="syz.1.3948" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4166d779f9 code=0x0 [ 934.331975][T17142] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.3953'. [ 934.344576][ T5291] usb 3-1: new high-speed USB device number 57 using dummy_hcd [ 934.354586][T17142] openvswitch: netlink: IP tunnel attribute has 3064 unknown bytes. [ 934.595598][ T5291] usb 3-1: Using ep0 maxpacket: 32 [ 934.633292][T17150] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3955'. [ 934.666796][ T940] usb 1-1: new high-speed USB device number 74 using dummy_hcd [ 934.695417][ T5291] usb 3-1: New USB device found, idVendor=17cc, idProduct=1010, bcdDevice=40.72 [ 934.777542][ T5291] usb 3-1: New USB device strings: Mfr=1, Product=129, SerialNumber=0 [ 934.789051][ T5291] usb 3-1: Product: syz [ 934.804724][ T5291] usb 3-1: Manufacturer: syz [ 934.825788][ T5291] usb 3-1: config 0 descriptor?? [ 937.042849][ T940] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 937.090424][ T940] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 937.285791][ T940] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 937.296853][ T940] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 937.312397][ T940] usb 1-1: SerialNumber: syz [ 937.423866][ T5291] usb 3-1: can't set config #0, error -71 [ 937.447897][ T5291] usb 3-1: USB disconnect, device number 57 [ 937.493176][ T940] usb 1-1: can't set config #1, error -71 [ 937.531044][ T940] usb 1-1: USB disconnect, device number 74 [ 938.025171][ T5291] usb 3-1: new high-speed USB device number 58 using dummy_hcd [ 938.535146][ T5291] usb 3-1: Using ep0 maxpacket: 16 [ 938.563602][ T5291] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xDF, changing to 0x8F [ 938.585014][ T5291] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 938.625114][ T5291] usb 3-1: New USB device found, idVendor=077d, idProduct=0410, bcdDevice=ec.c1 [ 938.648921][ T5291] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 938.664995][ T5291] usb 3-1: Product: syz [ 938.669201][ T5291] usb 3-1: Manufacturer: syz [ 938.676237][ T5291] usb 3-1: SerialNumber: syz [ 938.686444][ T5291] usb 3-1: config 0 descriptor?? [ 939.740986][T17160] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 939.772061][T17160] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 939.815959][T17160] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 939.857775][T17160] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 939.873689][T17160] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 939.917040][T17160] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 940.229326][T17160] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 940.245392][T17160] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 940.279773][ T5291] powermate: Expected payload of 3--6 bytes, found 512 bytes! [ 940.319620][ T5291] input: Griffin PowerMate as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input45 [ 940.377654][ C1] powermate: config urb returned -71 [ 940.383165][ C1] powermate: config urb returned -71 [ 940.388714][ C1] powermate: config urb returned -71 [ 940.394315][ C1] powermate: config urb returned -71 [ 940.442963][ T5291] usb 3-1: USB disconnect, device number 58 [ 940.448915][ C1] powermate 3-1:0.0: powermate_irq - usb_submit_urb failed with result: -19 [ 940.755315][T17184] 9pnet_fd: Insufficient options for proto=fd [ 940.975325][T15465] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 941.075873][T17202] batadv_slave_1: entered promiscuous mode [ 941.105813][T17202] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3970'. [ 941.124733][T17202] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3970'. [ 941.215066][T15465] usb 2-1: Using ep0 maxpacket: 32 [ 941.237614][T15465] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 941.273623][T15465] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 941.308164][T15465] usb 2-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 941.325238][T15465] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 941.356083][T15465] usb 2-1: config 0 descriptor?? [ 941.592561][ T29] audit: type=1400 audit(1722749394.887:635): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="#!" object="_" requested=w pid=17208 comm="syz.2.3975" daddr=fe80::aa dest=20002 netif=wpan0 [ 941.768739][T17213] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3974'. [ 942.765636][ T5291] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 948.349644][T15465] usbhid 2-1:0.0: can't add hid device: -32 [ 948.378419][T17195] batadv_slave_1: left promiscuous mode [ 948.435315][T15465] usbhid 2-1:0.0: probe with driver usbhid failed with error -32 [ 948.477119][T15465] usb 2-1: USB disconnect, device number 48 [ 948.815658][ T29] audit: type=1326 audit(1722749402.127:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17225 comm="syz.3.3981" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2ca77779f9 code=0x0 [ 948.948386][T17237] batman_adv: batadv0: Adding interface: gretap1 [ 948.965462][T17237] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 949.034378][T17237] batman_adv: batadv0: Not using interface gretap1 (retrying later): interface not active [ 949.388555][T17253] overlayfs: conflicting options: nfs_export=on,index=off [ 949.412846][T17254] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3988'. [ 950.778101][T17261] mac80211_hwsim hwsim26 wlan0: entered promiscuous mode [ 950.857089][T17261] mac80211_hwsim hwsim26 wlan0: left promiscuous mode [ 950.859795][T17272] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 950.921856][T17272] loop7: detected capacity change from 0 to 49152 [ 951.259897][T17287] Falling back ldisc for ttyS3. [ 951.636552][ T5222] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 951.904660][ T5222] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 952.023184][ T5222] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 952.109823][ T5222] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 952.126738][ T5222] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 952.247489][ T5222] usb 4-1: Product: syz [ 952.251706][ T5222] usb 4-1: Manufacturer: syz [ 952.255124][T15165] usb 3-1: new high-speed USB device number 59 using dummy_hcd [ 952.256745][ T5222] usb 4-1: SerialNumber: syz [ 952.277989][ T5222] usb 4-1: selecting invalid altsetting 1 [ 952.406772][T17309] netlink: 'syz.0.4011': attribute type 64 has an invalid length. [ 952.435187][T17309] netlink: 212868 bytes leftover after parsing attributes in process `syz.0.4011'. [ 953.036537][T17319] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 953.051065][T17319] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 953.058912][T15165] usb 3-1: Using ep0 maxpacket: 32 [ 953.066355][T15165] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 953.514403][T15165] usb 3-1: New USB device found, idVendor=0123, idProduct=0001, bcdDevice=4a.fe [ 953.565232][T15165] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 953.612604][T15165] usb 3-1: Product: syz [ 953.629336][T15165] usb 3-1: Manufacturer: syz [ 953.644437][T15165] usb 3-1: SerialNumber: syz [ 953.987034][T15165] usb 3-1: config 0 descriptor?? [ 954.026566][ T5222] cdc_ncm 4-1:1.0: SET_CRC_MODE failed [ 954.051461][T17325] netlink: 80 bytes leftover after parsing attributes in process `syz.0.4018'. [ 954.053544][ T5222] cdc_ncm 4-1:1.0: SET_NTB_FORMAT failed [ 954.109588][ T5222] usb 4-1: selecting invalid altsetting 1 [ 954.281970][T15165] usbtouchscreen 3-1:0.0: probe with driver usbtouchscreen failed with error -71 [ 954.426604][ T5222] cdc_ncm 4-1:1.0: bind() failure [ 954.595143][T15165] usb 3-1: USB disconnect, device number 59 [ 954.972788][ T5222] usb 4-1: USB disconnect, device number 52 [ 955.518930][T17358] ip6gretap0 speed is unknown, defaulting to 1000 [ 955.908103][T15165] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 956.451058][T17349] xt_CHECKSUM: unsupported CHECKSUM operation 2 [ 956.487820][T17349] netlink: 166 bytes leftover after parsing attributes in process `syz.3.4026'. [ 956.555242][T15165] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 956.591126][T15165] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 956.658198][T17367] 9pnet_fd: Insufficient options for proto=fd [ 956.689746][T15165] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 956.708586][T15165] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 956.732190][T15165] usb 2-1: config 0 descriptor?? [ 962.095222][T15165] usbhid 2-1:0.0: can't add hid device: -71 [ 962.101227][T15165] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 962.814502][T15165] usb 2-1: USB disconnect, device number 49 [ 968.586605][T17400] Smack: duplicate mount options [ 969.067377][ T5217] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 969.092718][ T5217] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 969.115074][ T5217] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 969.145244][ T5217] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 969.153715][ T5217] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 969.161083][ T5217] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 969.265229][T15517] usb 2-1: new low-speed USB device number 50 using dummy_hcd [ 969.296189][T10820] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 969.324791][T10820] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 969.334010][T10820] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 969.356331][T10820] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 969.364521][T17405] ip6gretap0 speed is unknown, defaulting to 1000 [ 969.371828][T10820] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 969.381527][T10820] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 969.510142][T15517] usb 2-1: No LPM exit latency info found, disabling LPM. [ 969.572954][T15517] usb 2-1: config 1 interface 0 altsetting 2 endpoint 0x1 is Bulk; changing to Interrupt [ 969.606216][T15517] usb 2-1: config 1 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 969.699506][T15517] usb 2-1: config 1 interface 0 has no altsetting 0 [ 969.763978][T15517] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 969.773833][T15517] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 969.781933][T15517] usb 2-1: Product: ߬ [ 969.786860][T15517] usb 2-1: Manufacturer: Э [ 969.791406][T15517] usb 2-1: SerialNumber: አ[ 969.799952][T17404] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 970.135544][T17412] fuse: Unknown parameter 'fd0x0000000000000007' [ 970.655937][T17407] ip6gretap0 speed is unknown, defaulting to 1000 [ 971.201358][ T6733] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 971.214456][ T6733] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 971.242718][T17411] ip6gretap0 speed is unknown, defaulting to 1000 [ 971.249449][T10820] Bluetooth: hci5: command tx timeout [ 971.288799][T17405] chnl_net:caif_netlink_parms(): no params data found [ 971.466950][ T6733] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 971.489129][T10820] Bluetooth: hci6: command tx timeout [ 971.496995][ T6733] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 972.053113][T15517] usb 2-1: USB disconnect, device number 50 [ 972.152217][ T6733] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 972.270144][ T6733] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 973.091057][T17417] bond0: entered promiscuous mode [ 973.097187][T17417] bond_slave_0: entered promiscuous mode [ 973.103069][T17417] bond_slave_1: entered promiscuous mode [ 973.118464][T17417] dummy0: entered promiscuous mode [ 973.333560][T10820] Bluetooth: hci5: command tx timeout [ 973.345594][ T6733] bond0: (slave netdevsim0): Releasing backup interface [ 973.355024][ T6733] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 973.369583][ T6733] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 973.565179][T10820] Bluetooth: hci6: command tx timeout [ 974.244002][T17405] bridge0: port 1(bridge_slave_0) entered blocking state [ 974.251874][T17405] bridge0: port 1(bridge_slave_0) entered disabled state [ 974.259232][T17405] bridge_slave_0: entered allmulticast mode [ 974.270021][T17405] bridge_slave_0: entered promiscuous mode [ 974.278465][T17405] bridge0: port 2(bridge_slave_1) entered blocking state [ 974.291874][T17427] ip6gretap0 speed is unknown, defaulting to 1000 [ 974.297397][T17405] bridge0: port 2(bridge_slave_1) entered disabled state [ 974.306379][T17405] bridge_slave_1: entered allmulticast mode [ 974.349148][T17405] bridge_slave_1: entered promiscuous mode [ 974.452342][T17405] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 974.545994][T17405] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 975.408845][T10820] Bluetooth: hci5: command tx timeout [ 975.645327][T10820] Bluetooth: hci6: command tx timeout [ 975.671653][T17405] team0: Port device team_slave_0 added [ 975.680994][T17405] team0: Port device team_slave_1 added [ 975.777876][ T6733] dummy0: left allmulticast mode [ 975.782839][ T6733] dummy0: left promiscuous mode [ 975.792792][ T6733] bridge0: port 4(dummy0) entered disabled state [ 975.801119][ T6733] bridge_slave_1: left allmulticast mode [ 975.807163][ T6733] bridge_slave_1: left promiscuous mode [ 975.812926][ T6733] bridge0: port 2(bridge_slave_1) entered disabled state [ 975.821927][ T6733] bridge_slave_0: left promiscuous mode [ 975.830519][ T6733] bridge0: port 1(bridge_slave_0) entered disabled state [ 975.893852][ T29] audit: type=1326 audit(1722749429.197:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17448 comm="syz.4.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f261ad779f9 code=0x7ffc0000 [ 975.939685][ T29] audit: type=1326 audit(1722749429.227:638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17448 comm="syz.4.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f261ad779f9 code=0x7ffc0000 [ 975.984702][ T29] audit: type=1326 audit(1722749429.227:639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17448 comm="syz.4.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=264 compat=0 ip=0x7f261ad779f9 code=0x7ffc0000 [ 976.012497][ T29] audit: type=1326 audit(1722749429.227:640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17448 comm="syz.4.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f261ad779f9 code=0x7ffc0000 [ 976.076397][ T29] audit: type=1326 audit(1722749429.227:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17448 comm="syz.4.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f261ad779f9 code=0x7ffc0000 [ 977.485063][T10820] Bluetooth: hci5: command tx timeout [ 977.745019][T10820] Bluetooth: hci6: command tx timeout [ 980.961851][ T5217] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 980.977188][ T5217] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 980.987822][ T5217] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 980.996207][ T5217] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 981.012070][ T5217] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 981.019905][ T5217] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 981.227449][ T6733] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 981.243433][ T6733] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 981.259959][ T6733] bond0 (unregistering): Released all slaves [ 981.273071][T17405] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 981.280328][T17405] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 981.306384][T17405] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 981.344744][T17407] chnl_net:caif_netlink_parms(): no params data found [ 981.359952][T17405] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 981.394980][T17405] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 981.437470][T17405] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 982.620846][T17472] ip6gretap0 speed is unknown, defaulting to 1000 [ 982.751368][T17405] hsr_slave_0: entered promiscuous mode [ 982.765503][T17405] hsr_slave_1: entered promiscuous mode [ 982.780291][T17405] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 982.806289][T17405] Cannot create hsr debugfs directory [ 982.807182][ T5217] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 982.828280][ T5217] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 982.841672][ T5217] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 982.862891][ T5217] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 982.885797][ T5217] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 982.893749][ T5217] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 983.074264][T17407] bridge0: port 1(bridge_slave_0) entered blocking state [ 983.081598][T17407] bridge0: port 1(bridge_slave_0) entered disabled state [ 983.088792][ T5217] Bluetooth: hci2: command tx timeout [ 983.102623][T17407] bridge_slave_0: entered allmulticast mode [ 983.134322][T17407] bridge_slave_0: entered promiscuous mode [ 983.208044][T17484] ip6gretap0 speed is unknown, defaulting to 1000 [ 983.301372][T17407] bridge0: port 2(bridge_slave_1) entered blocking state [ 983.315239][T17407] bridge0: port 2(bridge_slave_1) entered disabled state [ 983.329794][T17407] bridge_slave_1: entered allmulticast mode [ 983.340805][T17407] bridge_slave_1: entered promiscuous mode [ 983.580196][T17407] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 983.612199][T17407] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 983.686951][ T6733] hsr_slave_0: left promiscuous mode [ 983.693201][ T6733] hsr_slave_1: left promiscuous mode [ 983.705464][ T6733] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 983.714113][ T6733] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 983.722096][ T6733] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 983.729751][ T6733] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 983.750795][ T6733] veth1_vlan: left promiscuous mode [ 984.565327][ T6733] team0 (unregistering): Port device team_slave_1 removed [ 984.655018][ T6733] team0 (unregistering): Port device team_slave_0 removed [ 984.889422][ T6733] bridge_slave_0 (unregistering): left allmulticast mode [ 984.925080][ T5217] Bluetooth: hci3: command tx timeout [ 985.165061][ T5217] Bluetooth: hci2: command tx timeout [ 985.498968][T17407] team0: Port device team_slave_0 added [ 985.509914][T17407] team0: Port device team_slave_1 added [ 986.408351][T17407] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 986.425614][T17407] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 986.528534][T17407] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 986.601751][T17407] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 986.609083][T17407] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 986.699268][T17407] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 986.861633][T17407] hsr_slave_0: entered promiscuous mode [ 986.877747][T17407] hsr_slave_1: entered promiscuous mode [ 986.885806][T17407] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 986.893403][T17407] Cannot create hsr debugfs directory [ 986.929238][T17472] chnl_net:caif_netlink_parms(): no params data found [ 987.005047][T10820] Bluetooth: hci3: command tx timeout [ 987.095156][T17484] chnl_net:caif_netlink_parms(): no params data found [ 987.167403][ T6733] IPVS: stop unused estimator thread 0... [ 987.182059][T17472] bridge0: port 1(bridge_slave_0) entered blocking state [ 987.189281][T17472] bridge0: port 1(bridge_slave_0) entered disabled state [ 987.199810][T17472] bridge_slave_0: entered allmulticast mode [ 987.207163][T17472] bridge_slave_0: entered promiscuous mode [ 987.226161][T17472] bridge0: port 2(bridge_slave_1) entered blocking state [ 987.233291][T17472] bridge0: port 2(bridge_slave_1) entered disabled state [ 987.240601][T17472] bridge_slave_1: entered allmulticast mode [ 987.246658][ T5217] Bluetooth: hci2: command tx timeout [ 987.252998][T17472] bridge_slave_1: entered promiscuous mode [ 987.342741][T17472] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 987.391892][T17472] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 987.430943][T17405] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 987.453294][T17484] bridge0: port 1(bridge_slave_0) entered blocking state [ 987.461098][T17484] bridge0: port 1(bridge_slave_0) entered disabled state [ 987.468386][T17484] bridge_slave_0: entered allmulticast mode [ 987.476112][T17484] bridge_slave_0: entered promiscuous mode [ 987.501839][T17405] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 987.511697][T17405] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 987.536228][T17472] team0: Port device team_slave_0 added [ 987.543378][T17484] bridge0: port 2(bridge_slave_1) entered blocking state [ 987.550955][T17484] bridge0: port 2(bridge_slave_1) entered disabled state [ 987.559836][T17484] bridge_slave_1: entered allmulticast mode [ 987.568503][T17484] bridge_slave_1: entered promiscuous mode [ 987.588112][T17405] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 987.603368][T17472] team0: Port device team_slave_1 added [ 987.676301][T17472] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 987.683457][T17472] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 987.710937][T17472] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 987.729578][T17484] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 987.820747][T17407] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 987.848928][T17472] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 987.859756][T17472] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 987.887422][T17472] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 987.936734][T17407] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 987.951979][T17484] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 988.027612][ T6733] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 988.098446][T17407] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 988.140115][T17484] team0: Port device team_slave_0 added [ 988.174806][ T6733] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 988.204126][T17472] hsr_slave_0: entered promiscuous mode [ 988.211233][T17472] hsr_slave_1: entered promiscuous mode [ 988.223373][T17472] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 988.232239][T17472] Cannot create hsr debugfs directory [ 988.243774][T17484] team0: Port device team_slave_1 added [ 988.276541][T17407] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 988.330211][ T6733] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 988.461840][ T6733] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 988.475654][T17484] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 988.482816][T17484] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 988.511918][T17484] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 988.534416][T17484] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 988.542134][T17484] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 988.569038][T17484] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 988.744185][T17405] 8021q: adding VLAN 0 to HW filter on device bond0 [ 988.772085][T17407] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 988.788655][T17407] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 988.863062][T17407] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 988.883786][T17484] hsr_slave_0: entered promiscuous mode [ 988.890343][T17484] hsr_slave_1: entered promiscuous mode [ 988.896624][T17484] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 988.904199][T17484] Cannot create hsr debugfs directory [ 988.955763][T17407] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 989.041385][ T6733] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 989.067952][T17405] 8021q: adding VLAN 0 to HW filter on device team0 [ 989.085290][ T5217] Bluetooth: hci3: command tx timeout [ 989.167121][ T6733] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 989.210002][ T5222] bridge0: port 1(bridge_slave_0) entered blocking state [ 989.217222][ T5222] bridge0: port 1(bridge_slave_0) entered forwarding state [ 989.236754][ T5222] bridge0: port 2(bridge_slave_1) entered blocking state [ 989.243919][ T5222] bridge0: port 2(bridge_slave_1) entered forwarding state [ 989.297315][ T6733] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 989.328200][ T5217] Bluetooth: hci2: command tx timeout [ 989.384860][ T6733] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 989.503320][T17407] 8021q: adding VLAN 0 to HW filter on device bond0 [ 989.554737][T17407] 8021q: adding VLAN 0 to HW filter on device team0 [ 989.601490][ T5291] bridge0: port 1(bridge_slave_0) entered blocking state [ 989.608717][ T5291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 989.621685][ T5291] bridge0: port 2(bridge_slave_1) entered blocking state [ 989.628894][ T5291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 989.715213][ T6733] bridge_slave_1: left allmulticast mode [ 989.720900][ T6733] bridge_slave_1: left promiscuous mode [ 989.727752][ T6733] bridge0: port 2(bridge_slave_1) entered disabled state [ 989.741432][ T6733] bridge_slave_0: left allmulticast mode [ 989.747893][ T6733] bridge_slave_0: left promiscuous mode [ 989.754728][ T6733] bridge0: port 1(bridge_slave_0) entered disabled state [ 989.771918][ T6733] bridge_slave_1: left allmulticast mode [ 989.778096][ T6733] bridge_slave_1: left promiscuous mode [ 989.783767][ T6733] bridge0: port 2(bridge_slave_1) entered disabled state [ 989.793118][ T6733] bridge_slave_0: left allmulticast mode [ 989.798927][ T6733] bridge_slave_0: left promiscuous mode [ 989.804616][ T6733] bridge0: port 1(bridge_slave_0) entered disabled state [ 989.824697][ T6733] bridge_slave_1: left allmulticast mode [ 989.831438][ T6733] bridge_slave_1: left promiscuous mode [ 989.837940][ T6733] bridge0: port 2(bridge_slave_1) entered disabled state [ 989.846802][ T6733] bridge_slave_0: left allmulticast mode [ 989.852553][ T6733] bridge0: port 1(bridge_slave_0) entered disabled state [ 990.484832][ T6733] batman_adv: batadv0: Removing interface: gretap1 [ 990.587668][ T6733] dvmrp0 (unregistering): left allmulticast mode [ 991.110826][ T6733] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 991.121819][ T6733] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 991.132374][ T6733] bond0 (unregistering): Released all slaves [ 991.175720][ T5217] Bluetooth: hci3: command tx timeout [ 991.340024][ T6733] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 991.350820][ T6733] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 991.361698][ T6733] bond0 (unregistering): Released all slaves [ 991.561149][ T6733] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 991.572512][ T6733] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 991.583482][ T6733] bond0 (unregistering): Released all slaves [ 991.600085][ T6733] bond1 (unregistering): Released all slaves [ 991.674680][T17407] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 991.781841][T17405] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 991.794751][ T6733] tipc: Disabling bearer [ 991.845479][ T6733] tipc: Left network mode [ 992.033048][T17405] veth0_vlan: entered promiscuous mode [ 992.053727][T17405] veth1_vlan: entered promiscuous mode [ 992.201374][T17405] veth0_macvtap: entered promiscuous mode [ 992.220082][T17405] veth1_macvtap: entered promiscuous mode [ 992.270932][T17407] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 992.375261][T17405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 992.385934][T17405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 992.395878][T17405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 992.406415][T17405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 992.416405][T17405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 992.427425][T17405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 992.437305][T17405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 992.450724][T17405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 992.462512][T17405] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 992.502877][T17405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 992.514170][T17405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 992.524163][T17405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 992.534857][T17405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 992.545776][T17405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 992.556237][T17405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 992.566231][T17405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 992.576793][T17405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 992.587913][T17405] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 992.657561][T17405] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 992.673638][T17405] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 992.683753][T17405] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 992.693910][T17405] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 992.749339][T17407] veth0_vlan: entered promiscuous mode [ 992.811575][T17407] veth1_vlan: entered promiscuous mode [ 992.985655][ T6742] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 992.993526][ T6742] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 993.102026][T17407] veth0_macvtap: entered promiscuous mode [ 993.129590][T17407] veth1_macvtap: entered promiscuous mode [ 993.137613][ T966] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 993.155133][ T966] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 993.208988][T17484] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 993.248139][T17407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 993.265439][T17407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 993.275453][T17407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 993.285978][T17407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 993.296857][T17407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 993.331087][T17407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 993.360685][T17407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 993.389733][T17407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 993.407717][ T1271] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.414522][ T1271] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.414767][T17407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 993.473104][T17407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 993.501441][T17407] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 993.589336][T17484] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 993.613404][T17484] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 993.783320][T17484] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 993.818073][T17407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 993.854052][T17407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 993.880069][T17407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 993.916043][T17407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 993.935748][T17407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 993.947682][T17407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 993.960005][T17407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 993.973236][T17407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 993.985790][T17407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 993.996487][T17407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 994.035237][T17407] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 994.215044][ T6733] hsr_slave_0: left promiscuous mode [ 994.244803][ T6733] hsr_slave_1: left promiscuous mode [ 994.267291][ T6733] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 994.288956][ T6733] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 994.304133][ T6733] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 994.448429][ T6733] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 994.473512][ T6733] hsr_slave_0: left promiscuous mode [ 994.490880][ T6733] hsr_slave_1: left promiscuous mode [ 994.521769][ T6733] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 996.625154][ T6733] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 996.636788][ T6733] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 996.653228][ T6733] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 996.707233][ T6733] hsr_slave_0: left promiscuous mode [ 996.721120][ T6733] hsr_slave_1: left promiscuous mode [ 996.738324][ T6733] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 996.746085][ T6733] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 996.754251][ T6733] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 996.761924][ T6733] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 996.896948][ T6733] veth1_macvtap: left promiscuous mode [ 996.903112][ T6733] veth0_macvtap: left promiscuous mode [ 996.915838][ T6733] veth1_vlan: left promiscuous mode [ 996.947503][ T6733] veth0_vlan: left promiscuous mode [ 996.998353][ T6733] veth1_macvtap: left promiscuous mode [ 997.029776][ T6733] veth0_macvtap: left promiscuous mode [ 997.059229][ T6733] veth1_vlan: left promiscuous mode [ 997.098987][ T6733] veth0_vlan: left promiscuous mode [ 997.143485][ T6733] veth1_macvtap: left promiscuous mode [ 997.193724][ T6733] veth0_macvtap: left promiscuous mode [ 997.249036][ T6733] veth1_vlan: left promiscuous mode [ 997.310060][ T6733] veth0_vlan: left promiscuous mode [ 998.363649][ T6733] team0 (unregistering): Port device team_slave_1 removed [ 998.441133][ T6733] team0 (unregistering): Port device team_slave_0 removed [ 999.851889][ T6733] team0 (unregistering): Port device team_slave_1 removed [ 999.929557][ T6733] team0 (unregistering): Port device team_slave_0 removed [ 1001.228105][ T6733] team0 (unregistering): Port device team_slave_1 removed [ 1001.302796][ T6733] team0 (unregistering): Port device team_slave_0 removed [ 1002.034572][T17407] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1002.045811][T17407] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1002.054521][T17407] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1002.063843][T17407] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1002.097429][T17472] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1002.112106][T17550] netlink: 'syz.4.4072': attribute type 10 has an invalid length. [ 1002.161525][T17550] 8021q: adding VLAN 0 to HW filter on device team0 [ 1002.176526][T17550] team0: entered promiscuous mode [ 1002.181616][T17550] team_slave_0: entered promiscuous mode [ 1002.384161][T17550] team_slave_1: entered promiscuous mode [ 1002.471429][T17550] bond0: (slave team0): Enslaving as an active interface with an up link [ 1003.097483][T17551] netlink: 'syz.4.4072': attribute type 10 has an invalid length. [ 1003.107702][T17551] bond0: (slave team0): Releasing backup interface [ 1003.115893][T17551] team0: left promiscuous mode [ 1003.120709][T17551] team_slave_0: left promiscuous mode [ 1003.126358][T17551] team_slave_1: left promiscuous mode [ 1003.140010][T17551] bridge0: port 4(team0) entered blocking state [ 1003.146959][T17551] bridge0: port 4(team0) entered disabled state [ 1003.153417][T17551] team0: entered allmulticast mode [ 1003.158877][T17551] team_slave_0: entered allmulticast mode [ 1003.164732][T17551] team_slave_1: entered allmulticast mode [ 1003.172318][T17551] team0: entered promiscuous mode [ 1003.177696][T17551] team_slave_0: entered promiscuous mode [ 1003.183543][T17551] team_slave_1: entered promiscuous mode [ 1003.229995][T17472] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1003.245485][T17472] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1003.272730][T17472] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1003.314526][T17557] ip6gretap0 speed is unknown, defaulting to 1000 [ 1003.666760][T16017] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1003.683099][T16017] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1003.801517][ T6742] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1003.820141][ T6742] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1003.828341][T17564] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1003.921720][T17564] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6) [ 1003.928302][T17564] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 1003.972798][T17484] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1003.980254][T17564] vhci_hcd vhci_hcd.0: Device attached [ 1004.081978][T17472] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1004.144632][T17565] vhci_hcd: connection closed [ 1004.147754][T16017] vhci_hcd: stop threads [ 1004.202107][T16017] vhci_hcd: release socket [ 1004.248252][T17484] 8021q: adding VLAN 0 to HW filter on device team0 [ 1004.264734][T16017] vhci_hcd: disconnect device [ 1004.288391][ T940] bridge0: port 1(bridge_slave_0) entered blocking state [ 1004.295609][ T940] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1004.370983][T17472] 8021q: adding VLAN 0 to HW filter on device team0 [ 1004.511971][ T940] bridge0: port 1(bridge_slave_0) entered blocking state [ 1004.519255][ T940] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1004.557857][ T940] bridge0: port 2(bridge_slave_1) entered blocking state [ 1004.565144][ T940] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1004.576416][ T940] bridge0: port 2(bridge_slave_1) entered blocking state [ 1004.583646][ T940] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1007.110664][T17484] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1007.424691][ T6733] IPVS: stop unused estimator thread 0... [ 1008.121410][T17588] sg_write: process 22 (syz.3.4084) changed security contexts after opening file descriptor, this is not allowed. [ 1008.142918][ T6733] IPVS: stop unused estimator thread 0... [ 1008.239989][ T6733] IPVS: stop unused estimator thread 0... [ 1008.470941][T17472] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1008.638259][T17472] veth0_vlan: entered promiscuous mode [ 1008.698805][T17472] veth1_vlan: entered promiscuous mode [ 1008.795270][T17484] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1008.831814][T17472] veth0_macvtap: entered promiscuous mode [ 1008.932072][T17472] veth1_macvtap: entered promiscuous mode [ 1009.043485][T17484] veth0_vlan: entered promiscuous mode [ 1009.120810][T17472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1009.150461][T17472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1009.176234][T17472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1009.237792][T17472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1009.274112][T17472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1009.295023][T17472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1009.330259][T17472] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1009.363420][T17621] tipc: Enabling of bearer rejected, failed to enable media [ 1009.419383][T17484] veth1_vlan: entered promiscuous mode [ 1009.472651][T17472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1009.493607][T17472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1009.528656][T17472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1009.539368][T15165] usb 1-1: new high-speed USB device number 75 using dummy_hcd [ 1009.555128][T17472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1009.566331][T17472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1009.578176][T17472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1009.605776][T17472] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1009.624377][T17617] À: renamed from syztnl0 [ 1009.680174][T17472] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1009.724936][T17472] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1009.725240][T15165] usb 1-1: Using ep0 maxpacket: 8 [ 1009.749181][T17472] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1009.757423][T15165] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 1009.780364][T17472] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1009.782512][T15165] usb 1-1: New USB device found, idVendor=0582, idProduct=28e8, bcdDevice=f5.06 [ 1009.815914][T15165] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1009.854840][T15165] usb 1-1: Product: syz [ 1009.858498][T17484] veth0_macvtap: entered promiscuous mode [ 1009.859123][T15165] usb 1-1: Manufacturer: syz [ 1009.895419][T15165] usb 1-1: SerialNumber: syz [ 1009.904058][T15165] usb 1-1: config 0 descriptor?? [ 1010.118911][T17484] veth1_macvtap: entered promiscuous mode [ 1010.900835][T15165] usb 1-1: USB disconnect, device number 75 [ 1011.002504][T17484] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1011.035617][T17484] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1011.065075][T17484] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1011.094924][T17484] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1011.113724][T17484] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1011.130193][T17484] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1011.141699][T17484] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1011.159994][T17484] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1011.189809][T17484] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1011.223231][T17484] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1011.240562][T17484] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1011.253549][T17484] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1011.268040][T17484] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1011.281951][T17484] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1011.295181][T17484] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1011.314144][T17484] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1011.325830][T17484] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1011.346332][T17484] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1011.385674][T17484] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1011.450634][T17484] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1011.460689][ T5267] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 1011.476112][T17484] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1011.490273][T17484] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1011.594087][ T6742] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1011.620865][ T6742] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1011.635023][ T5267] usb 4-1: device descriptor read/64, error -71 [ 1011.768895][ T3021] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1011.791265][ T3021] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1011.846165][ T3021] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1011.853996][ T3021] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1011.915036][ T5267] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 1011.954752][ T6742] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1011.963648][ T6742] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1012.085667][ T5267] usb 4-1: device descriptor read/64, error -71 [ 1012.101447][ T5217] Bluetooth: hci4: ISO packet for unknown connection handle 200 [ 1012.211629][T17657] futex_wake_op: syz.4.4105 tries to shift op by -1; fix this program [ 1012.937720][ T5267] usb usb4-port1: attempt power cycle [ 1013.199742][T17675] netlink: 'syz.0.4110': attribute type 4 has an invalid length. [ 1013.975173][ T5267] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 1014.117876][ T5267] usb 4-1: device descriptor read/8, error -71 [ 1014.357903][T17691] fuse: Unknown parameter 'grÅupWid' [ 1014.388525][T17689] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4114'. [ 1014.407116][T17691] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.4116'. [ 1014.739351][ T29] audit: type=1326 audit(1722749468.047:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17701 comm="syz.0.4121" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff0e67779f9 code=0x0 [ 1015.365073][ T5269] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 1015.505304][ T5267] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 1015.617764][ T5267] usb 4-1: Using ep0 maxpacket: 8 [ 1015.688096][ T5267] usb 4-1: config index 0 descriptor too short (expected 6427, got 27) [ 1015.776318][ T5269] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1015.801704][ T5267] usb 4-1: config 0 has too many interfaces: 241, using maximum allowed: 32 [ 1015.962355][ T5269] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1015.973445][ T5267] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 241 [ 1015.984715][ T5267] usb 4-1: config 0 has no interface number 0 [ 1015.992224][ T5269] usb 2-1: New USB device found, idVendor=056a, idProduct=00d1, bcdDevice= 0.00 [ 1016.004587][ T5267] usb 4-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1016.016428][ T5269] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1016.030569][ T5267] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1016.052463][ T5269] usb 2-1: config 0 descriptor?? [ 1016.065294][ T5267] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1016.090118][T17741] netlink: 'syz.0.4136': attribute type 6 has an invalid length. [ 1016.091101][ T5267] usb 4-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 1016.111477][T17741] netlink: 'syz.0.4136': attribute type 8 has an invalid length. [ 1016.124756][ T5267] usb 4-1: New USB device strings: Mfr=228, Product=255, SerialNumber=0 [ 1016.146420][ T5267] usb 4-1: Product: syz [ 1016.150653][ T5267] usb 4-1: Manufacturer: syz [ 1016.216065][ T5267] usb 4-1: config 0 descriptor?? [ 1016.223645][T17746] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1016.224745][T17733] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 1016.239803][T17746] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 1016.251762][T17746] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1017.210561][ T5269] wacom 0003:056A:00D1.002F: Unknown device_type for 'HID 056a:00d1'. Assuming pen. [ 1017.220958][T17755] netlink: 'syz.2.4139': attribute type 1 has an invalid length. [ 1017.230238][T17755] netlink: 16150 bytes leftover after parsing attributes in process `syz.2.4139'. [ 1017.244269][ T5269] wacom 0003:056A:00D1.002F: hidraw0: USB HID v0.00 Device [HID 056a:00d1] on usb-dummy_hcd.1-1/input0 [ 1017.262938][ T5269] input: Wacom Bamboo 2FG 4x5 Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:00D1.002F/input/input48 [ 1017.607202][ T5269] usb 2-1: USB disconnect, device number 51 [ 1018.056384][ T5267] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.21/input/input47 [ 1018.308306][T17763] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1018.428878][ T5269] usb 4-1: USB disconnect, device number 56 [ 1018.434842][ C0] keyspan_remote 4-1:0.21: keyspan_irq_recv - usb_submit_urb failed with result: -19 [ 1018.603528][T17778] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 1018.750213][T17788] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4151'. [ 1019.245908][T17812] CUSE: unknown device info "" [ 1019.251717][T17812] CUSE: unknown device info "appraise_type" [ 1019.259734][T17812] CUSE: DEVNAME unspecified [ 1021.315181][ T5267] usb 3-1: new high-speed USB device number 60 using dummy_hcd [ 1021.326333][T17861] vlan2: entered promiscuous mode [ 1021.331387][T17861] macvlan0: entered promiscuous mode [ 1021.382753][T17861] macvlan0: left promiscuous mode [ 1021.404168][T17864] syz.4.4180: attempt to access beyond end of device [ 1021.404168][T17864] nbd4: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1021.528333][ T5267] usb 3-1: Using ep0 maxpacket: 32 [ 1021.712527][ T5267] usb 3-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 1021.725004][ T5267] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1021.835091][ T47] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 1022.674980][ T5267] usb 3-1: Product: syz [ 1022.685699][ T5267] usb 3-1: Manufacturer: syz [ 1022.690359][ T5267] usb 3-1: SerialNumber: syz [ 1022.699584][ T5267] usb 3-1: config 0 descriptor?? [ 1024.143635][ T47] usb 2-1: Using ep0 maxpacket: 16 [ 1024.371612][ T47] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1024.434316][ T47] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1024.537548][ T47] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1024.598467][ T47] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1024.631695][ T5267] airspy 3-1:0.0: usb_control_msg() failed -71 request 09 [ 1024.651683][ T5267] airspy 3-1:0.0: Could not detect board [ 1024.665314][ T5267] airspy 3-1:0.0: probe with driver airspy failed with error -71 [ 1024.671393][ T47] usb 2-1: config 0 descriptor?? [ 1024.681864][ T5267] usb 3-1: USB disconnect, device number 60 [ 1024.721903][ T47] usb 2-1: can't set config #0, error -71 [ 1024.734781][T17894] tipc: Enabling of bearer rejected, failed to enable media [ 1024.758429][ T47] usb 2-1: USB disconnect, device number 52 [ 1024.878998][T17900] netlink: 152 bytes leftover after parsing attributes in process `syz.2.4194'. [ 1025.029520][T17909] netlink: 5128 bytes leftover after parsing attributes in process `syz.2.4198'. [ 1025.077648][T17909] netlink: 5128 bytes leftover after parsing attributes in process `syz.2.4198'. [ 1025.129331][T17909] netlink: 332 bytes leftover after parsing attributes in process `syz.2.4198'. [ 1025.648786][T17934] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4205'. [ 1025.684155][T17934] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4205'. [ 1026.564780][T17950] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1026.854245][ C1] vxcan0: j1939_tp_rxtimer: 0xffff88806e4cb000: rx timeout, send abort [ 1026.863871][ C1] vxcan0: j1939_xtp_rx_abort_one: 0xffff88806e4cb000: 0x20000: (3) A timeout occurred and this is the connection abort to close the session. [ 1027.165120][T17916] Bluetooth: hci3: command 0x0406 tx timeout [ 1028.541036][T17970] netlink: 'syz.0.4218': attribute type 1 has an invalid length. [ 1028.571449][T17970] netlink: 9328 bytes leftover after parsing attributes in process `syz.0.4218'. [ 1028.611764][T17970] netlink: 'syz.0.4218': attribute type 1 has an invalid length. [ 1030.525854][ T5269] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 1030.844962][ T5269] usb 4-1: Using ep0 maxpacket: 32 [ 1030.966283][ T5269] usb 4-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 1030.993251][T17992] Bluetooth: MGMT ver 1.23 [ 1031.012934][T17992] Bluetooth: hci3: expected 2 bytes, got 7 bytes [ 1031.038842][ T5269] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1031.080042][ T5269] usb 4-1: Product: syz [ 1031.089216][ T5269] usb 4-1: Manufacturer: syz [ 1031.094802][ T5269] usb 4-1: SerialNumber: syz [ 1031.109592][ T5269] usb 4-1: config 0 descriptor?? [ 1031.484784][T18005] 9pnet_fd: Insufficient options for proto=fd [ 1031.563244][T18010] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1031.788843][ T5269] rtl8150 4-1:0.0: eth1: rtl8150 is detected [ 1031.926515][T18032] xt_ecn: cannot match TCP bits for non-tcp packets [ 1031.956829][ T29] audit: type=1804 audit(1722749485.267:643): pid=18025 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.4237" name="/newroot/42/file0" dev="fuse" ino=1 res=1 errno=0 [ 1032.080946][ T5269] usb 4-1: USB disconnect, device number 57 [ 1032.360215][T18044] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4243'. [ 1032.372129][T18044] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4243'. [ 1034.287303][ T5226] usb 3-1: new high-speed USB device number 61 using dummy_hcd [ 1035.257112][ T5226] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1035.314961][ T5226] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1035.352801][ T5226] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1035.390955][ T5226] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1035.414931][ T5226] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1035.456862][ T5226] usb 3-1: config 0 descriptor?? [ 1036.511780][ T5226] plantronics 0003:047F:FFFF.0030: unknown main item tag 0x0 [ 1036.555724][ T5226] plantronics 0003:047F:FFFF.0030: No inputs registered, leaving [ 1036.573973][ T5226] plantronics 0003:047F:FFFF.0030: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 1036.630581][T18119] vhci_hcd: invalid port number 0 [ 1036.814314][ T5269] usb 3-1: USB disconnect, device number 61 [ 1038.668654][T18139] input: syz0 as /devices/virtual/input/input52 [ 1038.900238][ T29] audit: type=1326 audit(1722749492.207:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18148 comm="syz.2.4286" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4e3ef779f9 code=0x0 [ 1040.119561][T18157] netlink: 9 bytes leftover after parsing attributes in process `syz.3.4289'. [ 1040.165911][T18157] gretap0: entered promiscuous mode [ 1040.226469][T18160] netlink: 5 bytes leftover after parsing attributes in process `syz.3.4289'. [ 1040.295212][T18160] 0ªX¹¦D: renamed from gretap0 [ 1040.338188][T18160] 0ªX¹¦D: left promiscuous mode [ 1040.343100][T18160] 0ªX¹¦D: entered allmulticast mode [ 1040.387168][T18160] A link change request failed with some changes committed already. Interface 30ªX¹¦D may have been left with an inconsistent configuration, please check. [ 1040.408728][ T29] audit: type=1326 audit(1722749493.707:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18168 comm="syz.0.4292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0e67779f9 code=0x7ffc0000 [ 1040.484664][ T29] audit: type=1326 audit(1722749493.707:646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18168 comm="syz.0.4292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0e67779f9 code=0x7ffc0000 [ 1040.533751][T18176] netlink: 830 bytes leftover after parsing attributes in process `syz.1.4294'. [ 1040.566417][ T29] audit: type=1326 audit(1722749493.717:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18168 comm="syz.0.4292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff0e67779f9 code=0x7ffc0000 [ 1040.651550][ T29] audit: type=1326 audit(1722749493.717:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18168 comm="syz.0.4292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0e67779f9 code=0x7ffc0000 [ 1040.713153][T18176] macvlan0: entered allmulticast mode [ 1040.720260][T18176] veth1_vlan: entered allmulticast mode [ 1040.741495][ T29] audit: type=1326 audit(1722749493.717:649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18168 comm="syz.0.4292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0e67779f9 code=0x7ffc0000 [ 1040.767948][T18176] pim6reg: entered allmulticast mode [ 1040.846241][ T29] audit: type=1326 audit(1722749493.747:650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18168 comm="syz.0.4292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff0e67779f9 code=0x7ffc0000 [ 1040.904992][ T29] audit: type=1326 audit(1722749493.747:651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18168 comm="syz.0.4292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0e67779f9 code=0x7ffc0000 [ 1040.943902][T18183] (unnamed net_device) (uninitialized): option arp_interval: mode dependency failed, not supported in mode 802.3ad(4) [ 1040.975287][ T29] audit: type=1326 audit(1722749493.747:652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18168 comm="syz.0.4292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0e67779f9 code=0x7ffc0000 [ 1040.997045][ C1] vkms_vblank_simulate: vblank timer overrun [ 1041.031599][ T29] audit: type=1326 audit(1722749493.757:653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18168 comm="syz.0.4292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff0e67779f9 code=0x7ffc0000 [ 1042.565346][T18207] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4304'. [ 1042.594577][ T5217] Bluetooth: hci3: unexpected cc 0x1407 length: 100 > 9 [ 1042.603600][ T5217] Bluetooth: hci3: unexpected event for opcode 0x1407 [ 1045.997271][T18269] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4326'. [ 1046.695116][ T5217] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 1046.704736][ T5217] Bluetooth: hci3: Injecting HCI hardware error event [ 1046.716549][ T5217] Bluetooth: hci3: hardware error 0x00 [ 1047.669683][T18300] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4335'. [ 1049.361971][ T5217] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 1049.936175][ T940] usb 2-1: new high-speed USB device number 53 using dummy_hcd [ 1050.170252][ T940] usb 2-1: Using ep0 maxpacket: 8 [ 1050.190175][T18333] omfs: Invalid superblock (0) [ 1050.213186][ T940] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1050.248532][ T940] usb 2-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 1050.271042][ T940] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 1050.289232][ T940] usb 2-1: SerialNumber: syz [ 1050.313084][ T940] usb 2-1: config 0 descriptor?? [ 1050.328604][ T940] usb 2-1: Found UVC 0.00 device (05ac:8501) [ 1050.347480][ T940] usb 2-1: No valid video chain found. [ 1050.530667][T18342] ip6gretap0 speed is unknown, defaulting to 1000 [ 1050.585750][T18333] xt_l2tp: invalid flags combination: 0 [ 1050.618513][T18316] usb usb8: usbfs: process 18316 (syz.1.4340) did not claim interface 0 before use [ 1050.741433][T15465] usb 2-1: USB disconnect, device number 53 [ 1050.815477][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1052.871348][T18376] tc_dump_action: action bad kind [ 1053.256317][ T940] usb 3-1: new high-speed USB device number 62 using dummy_hcd [ 1053.470440][ T940] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 1053.494204][ T940] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1053.506185][ T940] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1053.516595][ T940] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 1053.532266][ T940] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 1053.554161][ T940] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 1053.562820][ T940] usb 3-1: Manufacturer: syz [ 1053.579243][ T940] usb 3-1: config 0 descriptor?? [ 1053.832345][ T5226] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 1053.939929][T18398] program syz.0.4369 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1054.034106][ T940] appleir 0003:05AC:8243.0031: unknown main item tag 0x0 [ 1054.045290][ T5226] usb 4-1: Using ep0 maxpacket: 16 [ 1054.057201][ T940] appleir 0003:05AC:8243.0031: No inputs registered, leaving [ 1054.086783][ T5226] usb 4-1: New USB device found, idVendor=0582, idProduct=00e6, bcdDevice=4e.06 [ 1054.098200][ T5226] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1054.098392][ T940] appleir 0003:05AC:8243.0031: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 1054.116128][ T5226] usb 4-1: Product: syz [ 1054.121865][ T5226] usb 4-1: Manufacturer: syz [ 1054.144276][ T5226] usb 4-1: SerialNumber: syz [ 1054.177361][ T5226] usb 4-1: config 0 descriptor?? [ 1054.589314][ T5217] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585 [ 1054.608733][ T5217] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5217, name: kworker/u9:2 [ 1054.679684][ T5217] preempt_count: 0, expected: 0 [ 1054.684761][ T5217] RCU nest depth: 1, expected: 0 [ 1054.695014][ T5217] 4 locks held by kworker/u9:2/5217: [ 1054.700536][ T5217] #0: ffff88807d348148 ((wq_completion)hci4#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1054.910925][ T1271] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.915034][ T5217] #1: ffffc9000357fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1054.932117][ T5217] #2: ffff8880672c8078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0 [ 1054.946454][ T5217] #3: ffffffff8e7377e0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0 [ 1054.960231][ T5217] CPU: 1 UID: 0 PID: 5217 Comm: kworker/u9:2 Not tainted 6.11.0-rc1-syzkaller-00293-gdefaf1a2113a #0 [ 1054.971140][ T5217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1054.981199][ T5217] Workqueue: hci4 hci_rx_work [ 1054.985891][ T5217] Call Trace: [ 1054.989160][ T5217] [ 1054.992083][ T5217] dump_stack_lvl+0x241/0x360 [ 1054.996848][ T5217] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1055.002040][ T5217] ? __pfx__printk+0x10/0x10 [ 1055.006632][ T5217] __might_resched+0x5d4/0x780 [ 1055.011390][ T5217] ? __mutex_lock+0x112/0xd70 [ 1055.016064][ T5217] ? __pfx___might_resched+0x10/0x10 [ 1055.021355][ T5217] __mutex_lock+0xc1/0xd70 [ 1055.025771][ T5217] ? __pfx_lock_acquire+0x10/0x10 [ 1055.030792][ T5217] ? hci_le_create_big_complete_evt+0x3d9/0xae0 [ 1055.037125][ T5217] ? __pfx_lock_release+0x10/0x10 [ 1055.042143][ T5217] ? __pfx___mutex_lock+0x10/0x10 [ 1055.047161][ T5217] ? trace_contention_end+0x3c/0x120 [ 1055.052444][ T5217] ? skb_pull_data+0x112/0x230 [ 1055.057224][ T5217] ? hci_conn_set_handle+0x9a/0x270 [ 1055.062414][ T5217] hci_le_create_big_complete_evt+0x3d9/0xae0 [ 1055.068482][ T5217] ? __copy_skb_header+0x437/0x5b0 [ 1055.073692][ T5217] ? hci_le_create_big_complete_evt+0xdb/0xae0 [ 1055.079865][ T5217] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 1055.086469][ T5217] ? hci_le_meta_evt+0x366/0x580 [ 1055.091403][ T5217] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 1055.097996][ T5217] hci_event_packet+0xa55/0x1540 [ 1055.102985][ T5217] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1055.108271][ T5217] ? __pfx_hci_event_packet+0x10/0x10 [ 1055.113647][ T5217] ? hci_rx_work+0x247/0xca0 [ 1055.118234][ T5217] ? hci_rx_work+0x3dd/0xca0 [ 1055.122820][ T5217] hci_rx_work+0x3e8/0xca0 [ 1055.127239][ T5217] ? process_scheduled_works+0x945/0x1830 [ 1055.132951][ T5217] process_scheduled_works+0xa2c/0x1830 [ 1055.138530][ T5217] ? __pfx_process_scheduled_works+0x10/0x10 [ 1055.144522][ T5217] ? assign_work+0x364/0x3d0 [ 1055.149117][ T5217] worker_thread+0x86d/0xd40 [ 1055.153711][ T5217] ? __kthread_parkme+0x169/0x1d0 [ 1055.158873][ T5217] ? __pfx_worker_thread+0x10/0x10 [ 1055.163988][ T5217] kthread+0x2f0/0x390 [ 1055.168058][ T5217] ? __pfx_worker_thread+0x10/0x10 [ 1055.173190][ T5217] ? __pfx_kthread+0x10/0x10 [ 1055.177774][ T5217] ret_from_fork+0x4b/0x80 [ 1055.182191][ T5217] ? __pfx_kthread+0x10/0x10 [ 1055.186777][ T5217] ret_from_fork_asm+0x1a/0x30 [ 1055.191543][ T5217] [ 1055.235012][ T5217] [ 1055.237383][ T5217] ============================= [ 1055.242297][ T5217] [ BUG: Invalid wait context ] [ 1055.247124][ T5217] 6.11.0-rc1-syzkaller-00293-gdefaf1a2113a #0 Tainted: G W [ 1055.255683][ T5217] ----------------------------- [ 1055.260505][ T5217] kworker/u9:2/5217 is trying to lock: [ 1055.265938][ T5217] ffffffff8fbd9928 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0x3d9/0xae0 [ 1055.276557][ T5217] other info that might help us debug this: [ 1055.282432][ T5217] context-{4:4} [ 1055.285875][ T5217] 4 locks held by kworker/u9:2/5217: [ 1055.291172][ T5217] #0: ffff88807d348148 ((wq_completion)hci4#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1055.302125][ T5217] #1: ffffc9000357fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1055.314103][ T5217] #2: ffff8880672c8078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0 [ 1055.324719][ T5217] #3: ffffffff8e7377e0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0 [ 1055.335398][ T5217] stack backtrace: [ 1055.339096][ T5217] CPU: 1 UID: 0 PID: 5217 Comm: kworker/u9:2 Tainted: G W 6.11.0-rc1-syzkaller-00293-gdefaf1a2113a #0 [ 1055.351397][ T5217] Tainted: [W]=WARN [ 1055.355199][ T5217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1055.365324][ T5217] Workqueue: hci4 hci_rx_work [ 1055.369987][ T5217] Call Trace: [ 1055.373246][ T5217] [ 1055.376167][ T5217] dump_stack_lvl+0x241/0x360 [ 1055.380834][ T5217] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1055.386019][ T5217] ? __pfx__printk+0x10/0x10 [ 1055.390603][ T5217] __lock_acquire+0x153b/0x2040 [ 1055.395453][ T5217] lock_acquire+0x1ed/0x550 [ 1055.399941][ T5217] ? hci_le_create_big_complete_evt+0x3d9/0xae0 [ 1055.406169][ T5217] ? __pfx_lock_acquire+0x10/0x10 [ 1055.411182][ T5217] ? __mutex_lock+0x112/0xd70 [ 1055.415841][ T5217] ? __pfx___might_resched+0x10/0x10 [ 1055.421109][ T5217] __mutex_lock+0x136/0xd70 [ 1055.425593][ T5217] ? hci_le_create_big_complete_evt+0x3d9/0xae0 [ 1055.431815][ T5217] ? __pfx_lock_acquire+0x10/0x10 [ 1055.436825][ T5217] ? hci_le_create_big_complete_evt+0x3d9/0xae0 [ 1055.443052][ T5217] ? __pfx_lock_release+0x10/0x10 [ 1055.448062][ T5217] ? __pfx___mutex_lock+0x10/0x10 [ 1055.453068][ T5217] ? trace_contention_end+0x3c/0x120 [ 1055.458332][ T5217] ? skb_pull_data+0x112/0x230 [ 1055.463076][ T5217] ? hci_conn_set_handle+0x9a/0x270 [ 1055.468346][ T5217] hci_le_create_big_complete_evt+0x3d9/0xae0 [ 1055.474396][ T5217] ? __copy_skb_header+0x437/0x5b0 [ 1055.479493][ T5217] ? hci_le_create_big_complete_evt+0xdb/0xae0 [ 1055.485632][ T5217] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 1055.492227][ T5217] ? hci_le_meta_evt+0x366/0x580 [ 1055.497166][ T5217] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 1055.503743][ T5217] hci_event_packet+0xa55/0x1540 [ 1055.508665][ T5217] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1055.513940][ T5217] ? __pfx_hci_event_packet+0x10/0x10 [ 1055.519293][ T5217] ? hci_rx_work+0x247/0xca0 [ 1055.523868][ T5217] ? hci_rx_work+0x3dd/0xca0 [ 1055.528578][ T5217] hci_rx_work+0x3e8/0xca0 [ 1055.532988][ T5217] ? process_scheduled_works+0x945/0x1830 [ 1055.538698][ T5217] process_scheduled_works+0xa2c/0x1830 [ 1055.544272][ T5217] ? __pfx_process_scheduled_works+0x10/0x10 [ 1055.550255][ T5217] ? assign_work+0x364/0x3d0 [ 1055.554922][ T5217] worker_thread+0x86d/0xd40 [ 1055.559625][ T5217] ? __kthread_parkme+0x169/0x1d0 [ 1055.564723][ T5217] ? __pfx_worker_thread+0x10/0x10 [ 1055.569817][ T5217] kthread+0x2f0/0x390 [ 1055.573871][ T5217] ? __pfx_worker_thread+0x10/0x10 [ 1055.578964][ T5217] ? __pfx_kthread+0x10/0x10 [ 1055.583546][ T5217] ret_from_fork+0x4b/0x80 [ 1055.588035][ T5217] ? __pfx_kthread+0x10/0x10 [ 1055.592608][ T5217] ret_from_fork_asm+0x1a/0x30 [ 1055.597366][ T5217] [ 1055.648943][ T1271] ieee802154 phy1 wpan1: encryption failed: -22 [ 1055.656877][ T5217] ================================================================== [ 1055.665023][ T5217] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0x383/0xae0 [ 1055.674122][ T5217] Read of size 8 at addr ffff888069674000 by task kworker/u9:2/5217 [ 1055.682078][ T5217] [ 1055.684388][ T5217] CPU: 1 UID: 0 PID: 5217 Comm: kworker/u9:2 Tainted: G W 6.11.0-rc1-syzkaller-00293-gdefaf1a2113a #0 [ 1055.696706][ T5217] Tainted: [W]=WARN [ 1055.700502][ T5217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1055.710551][ T5217] Workqueue: hci4 hci_rx_work [ 1055.715237][ T5217] Call Trace: [ 1055.718512][ T5217] [ 1055.721428][ T5217] dump_stack_lvl+0x241/0x360 [ 1055.726099][ T5217] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1055.731280][ T5217] ? __pfx__printk+0x10/0x10 [ 1055.735883][ T5217] ? _printk+0xd5/0x120 [ 1055.740044][ T5217] ? __virt_addr_valid+0x183/0x530 [ 1055.745135][ T5217] ? __virt_addr_valid+0x183/0x530 [ 1055.750224][ T5217] print_report+0x169/0x550 [ 1055.754710][ T5217] ? __virt_addr_valid+0x183/0x530 [ 1055.759797][ T5217] ? __virt_addr_valid+0x183/0x530 [ 1055.764890][ T5217] ? __virt_addr_valid+0x45f/0x530 [ 1055.769992][ T5217] ? __phys_addr+0xba/0x170 [ 1055.774561][ T5217] ? hci_le_create_big_complete_evt+0x383/0xae0 [ 1055.780785][ T5217] kasan_report+0x143/0x180 [ 1055.785270][ T5217] ? hci_le_create_big_complete_evt+0x383/0xae0 [ 1055.791492][ T5217] hci_le_create_big_complete_evt+0x383/0xae0 [ 1055.797541][ T5217] ? __copy_skb_header+0x437/0x5b0 [ 1055.802640][ T5217] ? hci_le_create_big_complete_evt+0xdb/0xae0 [ 1055.808785][ T5217] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 1055.815371][ T5217] ? hci_le_meta_evt+0x366/0x580 [ 1055.820302][ T5217] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 1055.826884][ T5217] hci_event_packet+0xa55/0x1540 [ 1055.831809][ T5217] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1055.837079][ T5217] ? __pfx_hci_event_packet+0x10/0x10 [ 1055.842430][ T5217] ? hci_rx_work+0x247/0xca0 [ 1055.847004][ T5217] ? hci_rx_work+0x3dd/0xca0 [ 1055.851572][ T5217] hci_rx_work+0x3e8/0xca0 [ 1055.855968][ T5217] ? process_scheduled_works+0x945/0x1830 [ 1055.861669][ T5217] process_scheduled_works+0xa2c/0x1830 [ 1055.867204][ T5217] ? __pfx_process_scheduled_works+0x10/0x10 [ 1055.873164][ T5217] ? assign_work+0x364/0x3d0 [ 1055.877734][ T5217] worker_thread+0x86d/0xd40 [ 1055.882311][ T5217] ? __kthread_parkme+0x169/0x1d0 [ 1055.887363][ T5217] ? __pfx_worker_thread+0x10/0x10 [ 1055.892476][ T5217] kthread+0x2f0/0x390 [ 1055.896544][ T5217] ? __pfx_worker_thread+0x10/0x10 [ 1055.901658][ T5217] ? __pfx_kthread+0x10/0x10 [ 1055.906266][ T5217] ret_from_fork+0x4b/0x80 [ 1055.910677][ T5217] ? __pfx_kthread+0x10/0x10 [ 1055.915258][ T5217] ret_from_fork_asm+0x1a/0x30 [ 1055.920017][ T5217] [ 1055.923026][ T5217] [ 1055.925327][ T5217] Allocated by task 10820: [ 1055.929714][ T5217] kasan_save_track+0x3f/0x80 [ 1055.934369][ T5217] __kasan_kmalloc+0x98/0xb0 [ 1055.938934][ T5217] __kmalloc_cache_noprof+0x19c/0x2c0 [ 1055.944284][ T5217] __hci_conn_add+0x2f9/0x1850 [ 1055.949034][ T5217] hci_le_big_sync_established_evt+0x414/0xc20 [ 1055.955176][ T5217] hci_event_packet+0xa55/0x1540 [ 1055.960118][ T5217] hci_rx_work+0x3e8/0xca0 [ 1055.964616][ T5217] process_scheduled_works+0xa2c/0x1830 [ 1055.970174][ T5217] worker_thread+0x86d/0xd40 [ 1055.974759][ T5217] kthread+0x2f0/0x390 [ 1055.978813][ T5217] ret_from_fork+0x4b/0x80 [ 1055.983210][ T5217] ret_from_fork_asm+0x1a/0x30 [ 1055.987953][ T5217] [ 1055.990267][ T5217] Freed by task 5217: [ 1055.994221][ T5217] kasan_save_track+0x3f/0x80 [ 1055.998879][ T5217] kasan_save_free_info+0x40/0x50 [ 1056.003893][ T5217] poison_slab_object+0xe0/0x150 [ 1056.008838][ T5217] __kasan_slab_free+0x37/0x60 [ 1056.013584][ T5217] kfree+0x149/0x360 [ 1056.017460][ T5217] device_release+0x99/0x1c0 [ 1056.022030][ T5217] kobject_put+0x22f/0x480 [ 1056.026429][ T5217] hci_conn_del+0x8c4/0xc40 [ 1056.030911][ T5217] hci_le_create_big_complete_evt+0x619/0xae0 [ 1056.036960][ T5217] hci_event_packet+0xa55/0x1540 [ 1056.041880][ T5217] hci_rx_work+0x3e8/0xca0 [ 1056.046275][ T5217] process_scheduled_works+0xa2c/0x1830 [ 1056.051800][ T5217] worker_thread+0x86d/0xd40 [ 1056.056374][ T5217] kthread+0x2f0/0x390 [ 1056.060425][ T5217] ret_from_fork+0x4b/0x80 [ 1056.064822][ T5217] ret_from_fork_asm+0x1a/0x30 [ 1056.069565][ T5217] [ 1056.071869][ T5217] The buggy address belongs to the object at ffff888069674000 [ 1056.071869][ T5217] which belongs to the cache kmalloc-8k of size 8192 [ 1056.085895][ T5217] The buggy address is located 0 bytes inside of [ 1056.085895][ T5217] freed 8192-byte region [ffff888069674000, ffff888069676000) [ 1056.099680][ T5217] [ 1056.101992][ T5217] The buggy address belongs to the physical page: [ 1056.108394][ T5217] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x69670 [ 1056.117145][ T5217] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1056.125625][ T5217] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1056.133586][ T5217] page_type: 0xfdffffff(slab) [ 1056.138242][ T5217] raw: 00fff00000000040 ffff888015442280 0000000000000000 dead000000000001 [ 1056.146800][ T5217] raw: 0000000000000000 0000000000020002 00000001fdffffff 0000000000000000 [ 1056.155361][ T5217] head: 00fff00000000040 ffff888015442280 0000000000000000 dead000000000001 [ 1056.164006][ T5217] head: 0000000000000000 0000000000020002 00000001fdffffff 0000000000000000 [ 1056.172651][ T5217] head: 00fff00000000003 ffffea0001a59c01 ffffffffffffffff 0000000000000000 [ 1056.181300][ T5217] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 1056.189940][ T5217] page dumped because: kasan: bad access detected [ 1056.196498][ T5217] page_owner tracks the page as allocated [ 1056.202195][ T5217] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 14412, tgid 14410 (syz.2.3018), ts 729348450937, free_ts 729322433517 [ 1056.224929][ T5217] post_alloc_hook+0x1f3/0x230 [ 1056.229677][ T5217] get_page_from_freelist+0x2e4c/0x2f10 [ 1056.235199][ T5217] __alloc_pages_noprof+0x256/0x6c0 [ 1056.240393][ T5217] alloc_slab_page+0x5f/0x120 [ 1056.245045][ T5217] allocate_slab+0x5a/0x2f0 [ 1056.249521][ T5217] ___slab_alloc+0xcd1/0x14b0 [ 1056.254182][ T5217] __slab_alloc+0x58/0xa0 [ 1056.258495][ T5217] __kmalloc_node_track_caller_noprof+0x281/0x440 [ 1056.264980][ T5217] kmalloc_reserve+0x111/0x2a0 [ 1056.269719][ T5217] __alloc_skb+0x1f3/0x440 [ 1056.274109][ T5217] netlink_dump+0x1f7/0xd80 [ 1056.278590][ T5217] netlink_recvmsg+0x6bb/0x11d0 [ 1056.283416][ T5217] sock_recvmsg+0x22f/0x280 [ 1056.288331][ T5217] ____sys_recvmsg+0x1db/0x470 [ 1056.293072][ T5217] __sys_recvmsg+0x2f0/0x3e0 [ 1056.297653][ T5217] do_syscall_64+0xf3/0x230 [ 1056.302140][ T5217] page last free pid 14409 tgid 14409 stack trace: [ 1056.308618][ T5217] free_unref_page+0xd19/0xea0 [ 1056.313371][ T5217] __slab_free+0x31b/0x3d0 [ 1056.317772][ T5217] qlist_free_all+0x9e/0x140 [ 1056.322343][ T5217] kasan_quarantine_reduce+0x14f/0x170 [ 1056.327778][ T5217] __kasan_slab_alloc+0x23/0x80 [ 1056.332624][ T5217] __kmalloc_cache_node_noprof+0x166/0x300 [ 1056.338432][ T5217] __get_vm_area_node+0x113/0x270 [ 1056.343528][ T5217] __vmalloc_node_range_noprof+0x3bc/0x1460 [ 1056.349408][ T5217] vmalloc_user_noprof+0x74/0x80 [ 1056.354328][ T5217] kcov_ioctl+0x59/0x640 [ 1056.358556][ T5217] __se_sys_ioctl+0xfc/0x170 [ 1056.363127][ T5217] do_syscall_64+0xf3/0x230 [ 1056.367615][ T5217] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1056.373495][ T5217] [ 1056.375802][ T5217] Memory state around the buggy address: [ 1056.381406][ T5217] ffff888069673f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1056.389451][ T5217] ffff888069673f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1056.397485][ T5217] >ffff888069674000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1056.405515][ T5217] ^ [ 1056.409551][ T5217] ffff888069674080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1056.417611][ T5217] ffff888069674100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1056.425650][ T5217] ================================================================== [ 1056.438146][ T5217] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1056.445375][ T5217] CPU: 1 UID: 0 PID: 5217 Comm: kworker/u9:2 Tainted: G W 6.11.0-rc1-syzkaller-00293-gdefaf1a2113a #0 [ 1056.457715][ T5217] Tainted: [W]=WARN [ 1056.461504][ T5217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1056.471574][ T5217] Workqueue: hci4 hci_rx_work [ 1056.476243][ T5217] Call Trace: [ 1056.479507][ T5217] [ 1056.482521][ T5217] dump_stack_lvl+0x241/0x360 [ 1056.487219][ T5217] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1056.492438][ T5217] ? __pfx__printk+0x10/0x10 [ 1056.497020][ T5217] ? rcu_is_watching+0x15/0xb0 [ 1056.501785][ T5217] ? preempt_schedule+0xe1/0xf0 [ 1056.506638][ T5217] ? vscnprintf+0x5d/0x90 [ 1056.510965][ T5217] panic+0x349/0x860 [ 1056.514877][ T5217] ? check_panic_on_warn+0x21/0xb0 [ 1056.520070][ T5217] ? __pfx_panic+0x10/0x10 [ 1056.524479][ T5217] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 1056.530445][ T5217] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1056.536755][ T5217] ? print_report+0x502/0x550 [ 1056.541435][ T5217] check_panic_on_warn+0x86/0xb0 [ 1056.546369][ T5217] ? hci_le_create_big_complete_evt+0x383/0xae0 [ 1056.552639][ T5217] end_report+0x77/0x160 [ 1056.556895][ T5217] kasan_report+0x154/0x180 [ 1056.561394][ T5217] ? hci_le_create_big_complete_evt+0x383/0xae0 [ 1056.567626][ T5217] hci_le_create_big_complete_evt+0x383/0xae0 [ 1056.573681][ T5217] ? __copy_skb_header+0x437/0x5b0 [ 1056.578783][ T5217] ? hci_le_create_big_complete_evt+0xdb/0xae0 [ 1056.584929][ T5217] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 1056.591504][ T5217] ? hci_le_meta_evt+0x366/0x580 [ 1056.596445][ T5217] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 1056.603056][ T5217] hci_event_packet+0xa55/0x1540 [ 1056.608021][ T5217] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1056.613300][ T5217] ? __pfx_hci_event_packet+0x10/0x10 [ 1056.618664][ T5217] ? hci_rx_work+0x247/0xca0 [ 1056.623245][ T5217] ? hci_rx_work+0x3dd/0xca0 [ 1056.627914][ T5217] hci_rx_work+0x3e8/0xca0 [ 1056.632420][ T5217] ? process_scheduled_works+0x945/0x1830 [ 1056.638135][ T5217] process_scheduled_works+0xa2c/0x1830 [ 1056.643689][ T5217] ? __pfx_process_scheduled_works+0x10/0x10 [ 1056.649666][ T5217] ? assign_work+0x364/0x3d0 [ 1056.654254][ T5217] worker_thread+0x86d/0xd40 [ 1056.658842][ T5217] ? __kthread_parkme+0x169/0x1d0 [ 1056.663860][ T5217] ? __pfx_worker_thread+0x10/0x10 [ 1056.668962][ T5217] kthread+0x2f0/0x390 [ 1056.673022][ T5217] ? __pfx_worker_thread+0x10/0x10 [ 1056.678122][ T5217] ? __pfx_kthread+0x10/0x10 [ 1056.682703][ T5217] ret_from_fork+0x4b/0x80 [ 1056.687111][ T5217] ? __pfx_kthread+0x10/0x10 [ 1056.691696][ T5217] ret_from_fork_asm+0x1a/0x30 [ 1056.696467][ T5217] [ 1056.699764][ T5217] Kernel Offset: disabled [ 1056.704075][ T5217] Rebooting in 86400 seconds..