last executing test programs: 48.517234018s ago: executing program 2 (id=975): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_usb_connect$hid(0x4, 0x36, &(0x7f0000000140)=ANY=[], 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) r4 = syz_io_uring_setup(0x86a, &(0x7f00000000c0)={0x0, 0x2822, 0x400, 0x4, 0xc1}, &(0x7f00000003c0)=0x0, &(0x7f0000000200)=0x0) epoll_create1(0x0) syz_open_procfs(0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r3, 0x0, 0x0, 0x0, 0x80000}) io_uring_enter(r4, 0x47f5, 0x0, 0x0, 0x0, 0x0) 44.801753442s ago: executing program 2 (id=984): r0 = landlock_create_ruleset(&(0x7f0000000080)={0x10}, 0x10, 0x0) landlock_restrict_self(r0, 0x0) landlock_restrict_self(r0, 0x0) landlock_restrict_self(r0, 0x0) landlock_restrict_self(r0, 0x0) landlock_restrict_self(r0, 0x0) landlock_restrict_self(r0, 0x0) r1 = landlock_create_ruleset(&(0x7f00000000c0)={0x8152}, 0x18, 0x0) landlock_restrict_self(r0, 0x0) landlock_restrict_self(r1, 0x0) landlock_restrict_self(r0, 0x0) landlock_restrict_self(r0, 0x6) syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2) 44.697339193s ago: executing program 2 (id=986): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r0, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000fc0)="985e44efeabe001cabcf3d867300000000a2d3197970cb347b70a243bf77139a94bcda6b1a0ea305f3bf3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e0", 0x70}], 0x1}}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000800)="cc5a4dbac0affd0a979c63ea8352d608a51fc8625318716ddf62b7752be4540c4ac7d344c53a3ad28313abc2437b60b03c0e587cafcf9a435bf90c618351f70a828238fdf90bc5d36c7d614b82552649954e0185662defd28f78449f073bad544f586136c5076a6f0f1b6fc9adf80557eb44db1b41824e9ef104c95e999766bbf27d74ad5d8fa63210cde65d384dd3e87c1fedaec3144d1ee66a0eb0750363e346cb930dae6109df6b9955bf8af119b5c9a86622af4ff8b5949fb90f8edbde416d046d61512fe4c453bb601a780e1bbc00dbedc5e50d3cd9bc92", 0xda}], 0x1}}], 0x2, 0x2090) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000002000)="2ad905091cd53461119ebc0fa5b6db3ccbb0a60c8d86be91b4310dee634e143e20d77c4bb301a1e93dcedbcd65f9bbafc6262b0d7530ca17344ca5944d7dc340106482c1330d0c43b81321ef678fea269e59c177759990124eaa0ec54954e79171634eabc8ddbded0602ab51978c1c2a4e14786eb3edfa1602fcb49162d84bf01e7e72427066ef1c52390f9e27fd5a488bc3cbeda37ec495d68e72f9cd6148353da532fcd1085db3670065231fd7213fba98d313b46c59a1c6ce396c0493ebc8753afaa01ac9a0a3a9f6525cb45f87d94472f5041c1c905eadabd2f6c82810709fa7def750d9e8c3be1bc07b327fad424235f503504b63ae4cf4f46f2d1453c28f0ad0cad8bc560afe994dc699ffbcc45dcda5e4a9e569d44978ef29bc3ec3c71cba93de18654cbf8675132d1eddea8c7eebe417d14d6d4018eab6de0d276d5b063483b94a41fc625ec7b905b38b4b4785c1fd43e1e9c10d444d289a0dabfa7768e1f982aa4df2c7811d5d88277da119a34b32c09897cb19b7a6ca87c82e0785716404f137478261a6c8f7cd361cae806611edf2223cbeb58b8b3e511c4399113d7522dd9ced0bb703f6be064995cb005e6125f2f91a04fbec8c92c529b75f1f981bbe77a257e0cafeb93530d1d10ad9d96486c044bd677f0ad9f258a617e11929e1cf0f6f8fbb706827b382815eeabf7ff936c3d695c08df52788cad395f45bf16cab19d81b233461801a080672dabe358701cec54ecafa85a97c50dd2b78b387b70e86075a34173e3f16c0f68e0fa33f27725a525fad424094bca88ff9afcb8f73113fca45ab6e5e9cfa822b73d6cd84924050630e16a8b2ab73c676751475208bcb1a19164ad2ab005dce51e9e8c6270eee860969dea6f88f0cc0d63cbcc1f12096e5c23a8108e792742f8183ddceac9d727a22025eb6ad4b5d454af95dbfe5e8d220002e7f76c8ac7ba5e10669386affec97772c00596211bb075b31273c64ad0deed0b7070bfd98de295246e1ae33118971659c6ee3c7b34b97091dc129584ba7f62733dab9b919781a5600606ddcf5cf728e342591ffdb2081e4ca942864b2f507cb3448278d5b4ba8a2f5d5aef4c47f608631bce9039bed1e9bf23a4ff92f271c9766f173f0d70530b06404bd257cbc2aa297b9e2c21135dfe807feaf4a1e1fc3333a226b5d000fef273c3cf2008577628b2df4f763520c27967e3565d8545d190db919144100720dc633397142c570740082ea944a9a2a190c15b00580bbed07ec5528641b0bbc2a9ec0c83aacd53768322f7a99f39e718257eedfe4022f56bdbc1e64bc7e665111d19640e380e32cb30ac13bc4c3f1478951dc7dd219638197e46af48277bf99e385fd4aca87966da6869bd0bfb1c71fa6585acb52133802c1b8e7fd14acbf8081b4b79e283b453ec933e5e96545f76b945df0119de2ffd36b6099ec2887bde26a17afcaf28a8aa4ee21cf2f35b41f20746001146dcab23c21b867fcbaa238cbbfefa5cb13b480ef6bdafee6fc4de330ac48927e2e9ef48c2cba5d0822097694b73dd3c67da881e2f558f3c71892e6cbe3841b982d5eac9e4f7dae6255787d5a129a703d6aedda232267d8b49ebebe5150383fe6c128514c77cf349a28d3615a20a71cb8f02cf2153f66999769f9d8b34c244d8b58aebe1501aede9dd936ed209df52ebc63764380bacbd2c71768f12dc886e50b616e4cfd46ca5593e7c421bf99723aa2a5e008ea8b00c310ed118380701f41be3bea1e7c2fe007a3b85126f7a02a352878ef85b324c3169eab600a04ca7a117684110d663ef8b35bb112c09d4d9bc7287b9dcf964b9860f34e3a43c53e9b3eec2e9f987975a629da2dcd924973ba41af487f5424a2be264ac46eedd0d4ddb1cf245f5b77169fb4b89f16c6fd87aca8005b246e671a60dfef07fe2af87881d1fc2b2f9e89ae29a11b5573de8e6dd859ca8df1de0d25813a9765f1669cf604d5c0379a14f6bb89594ca576c4ef01b53dfc0b3ee57cee0e88175d3a09404327a6cb030f4bb549798904f56909c7db8860408cdd2521a02fa2d5002c4215b71c2a9494b8d35c8e74e5e70917dafff4fbc0564e26dec0fdc9b4e9dd81ee3accae233f2261cd10", 0x5e3, 0x800, 0x0, 0x0) 44.037129933s ago: executing program 2 (id=989): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x114) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="f8000000000000000b01000003000000b38ad0fa5344f86392a8a624588a9ebd811192cbcbc48c43148a7cc729a98cdc74f191ae2cd62d2652d78d6acf62b5eb8f161c8b04b3b2b547119b38e2badd726674a4693c080fe5c3496137c986cb152d529c9225c772f2f854bf5ab89e259312dacf6b9debd2bf43be3dc19840f0c35b2d960ac50a9f2bcf98156f76700462166d7eb6416b2a7510be974b3f7a06c8927e28a62f708cce515c9c922c8c0c8daf4646e725d7282571b819097b58963d71992c2938f34c3516c547423d99a2f90f3a146a044cb732f4f4a0305c9d37fcb667e5e900000000000028000000000000000000000000080000c133a12a91872b3730467c92a3a5050f02b82b7e452f3e6b500000000000000012010000ff030000ae15b1a3e016bb782adb738fa764d4487026530ac6f50e3b31ec875a38f17bac40e87117dbd6ba47cf721b216e5b8cb28d424f1b5ed9793f5167332a0000000038000000000000000a010000630a0000fa08"], 0x1c8}, 0x4000c010) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000005000000fd0900008400000005010000", @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r4}, 0x38) bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, &(0x7f0000000840)=""/121, &(0x7f0000000680), &(0x7f0000000540), 0x6c, r4}, 0x38) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000240)={0x50, 0x0, r5, {0x7, 0x1f, 0x0, 0x202, 0x0, 0x0, 0x2}}, 0x50) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r3, 0x50009418, &(0x7f0000000ec0)={{r2}, 0x0, 0x8, @inherit={0x68, &(0x7f0000000600)={0x0, 0x4, 0x4, 0xf06, {0x8, 0x8000, 0x2, 0x200, 0x100000000}, [0x2, 0xfffffffffffffff8, 0x2, 0x5]}}, @devid}) r6 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382) r7 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n0x0}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) close(r3) socket$unix(0x1, 0x2, 0x0) fcntl$setstatus(r0, 0x4, 0x2000) r4 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r4, &(0x7f00000000c0)={&(0x7f0000000500)=@xdp={0x2c, 0x0, r2, 0xc}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000180)="2703", 0x2}], 0x1}, 0x4) 43.561274646s ago: executing program 0 (id=991): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0xc2, &(0x7f0000000200)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xf}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0xb4, 0xfffd, 0x4000, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x8, 0x10, 0x0, 0x0, 0x2d9, {[@timestamp={0x8, 0xa, 0x29, 0xfffffaa6}, @sack_perm={0x4, 0x2}]}}, {"6d4e193315e21f7a3ce5080000002fcfca08de345f0b1eacce9d18116ef7070e733a2aeb4de4c99077fdffce6f2caef590088201911bc3a65d7eb7fe2f5682d1b0bb8612d56dc54e51a502ba5a700797eaed2616f851f382a87c746efcc8391c4889a1541b171a76cf6979d69ec1b54fa3b8fbbc3b58160157cf254da4fa4cc8"}}}}}}, 0x0) 43.345551827s ago: executing program 0 (id=992): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4543(gcm(aes))\x00'}, 0x58) bind$alg(r0, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'pcrypt(generic-gcm-aesni)\x00'}, 0x58) 43.248823219s ago: executing program 0 (id=993): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x50) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0) r1 = socket(0x23, 0x6, 0x1000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x0, &(0x7f0000000040)}) ioctl$sock_FIOGETOWN(r2, 0x8903, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x100000001, 0xffffffff, 0x108, 0x65aa}, 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000100)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000940)={0x84, &(0x7f0000000380)={0x0, 0x10, 0xd, "5e6424818327b2369deca65eb2"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r4, &(0x7f0000000100)=[{&(0x7f00000000c0)='4', 0x1}], 0x1) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000037c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@ipv6_deladdrlabel={0x38, 0x48, 0x301, 0x70bd2d, 0x25dfdbfc, {0xa, 0x0, 0x80, 0x0, 0x0, 0x5}, [@IFAL_ADDRESS={0x14, 0x1, @loopback}, @IFAL_LABEL={0x8, 0x2, 0x9}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000881}, 0x44040) recvfrom$rxrpc(r1, &(0x7f00000003c0)=""/92, 0x5c, 0x100, &(0x7f0000000140)=@in4={0x21, 0x2, 0x2, 0x10, {0x2, 0x4e24, @local}}, 0x24) write$sysctl(r4, &(0x7f0000000180)='4\x00', 0x2) syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f00000002c0)={0x84, &(0x7f0000000500)=ANY=[@ANYRESDEC=r4, @ANYRES8, @ANYRESDEC, @ANYBLOB="8a96b5b1cb41cc6cddf50c4be17d728e2cb3436818b951770e0a3d79c92880699e5b2909179886496f13e415cab9d0794d54cf5075903075bdae1e574e0f3dac3688937db0571810ef9590d1d96f7ac3f72953ed90e080d8f34d0d1580a37ead8131174b4b5bb9dcd2be17607e41d1d42048f1504974f9bbdb2bc99676069585e5b7c27e6c5080406e6442926ca111eff156e0", @ANYRES16=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 41.308739457s ago: executing program 0 (id=998): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_io_uring_setup(0x118f7, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0/../file0/file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4) sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) sendmsg$inet(0xffffffffffffffff, 0x0, 0x20001) connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000007fc0), 0x800001d, 0x0) 40.67049698s ago: executing program 2 (id=1000): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r0, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000fc0)="985e44efeabe001cabcf3d867300000000a2d3197970cb347b70a243bf77139a94bcda6b1a0ea305f3bf3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e0", 0x70}], 0x1}}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000800)="cc5a4dbac0affd0a979c63ea8352d608a51fc8625318716ddf62b7752be4540c4ac7d344c53a3ad28313abc2437b60b03c0e587cafcf9a435bf90c618351f70a828238fdf90bc5d36c7d614b82552649954e0185662defd28f78449f073bad544f586136c5076a6f0f1b6fc9adf80557eb44db1b41824e9ef104c95e999766bbf27d74ad5d8fa63210cde65d384dd3e87c1fedaec3144d1ee66a0eb0750363e346cb930dae6109df6b9955bf8af119b5c9a86622af4ff8b5949fb90f8edbde416d046d61512fe4c453bb601a780e1bbc00dbedc5e50d3cd9bc92", 0xda}], 0x1}}], 0x2, 0x2090) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000002000)="2ad905091cd53461119ebc0fa5b6db3ccbb0a60c8d86be91b4310dee634e143e20d77c4bb301a1e93dcedbcd65f9bbafc6262b0d7530ca17344ca5944d7dc340106482c1330d0c43b81321ef678fea269e59c177759990124eaa0ec54954e79171634eabc8ddbded0602ab51978c1c2a4e14786eb3edfa1602fcb49162d84bf01e7e72427066ef1c52390f9e27fd5a488bc3cbeda37ec495d68e72f9cd6148353da532fcd1085db3670065231fd7213fba98d313b46c59a1c6ce396c0493ebc8753afaa01ac9a0a3a9f6525cb45f87d94472f5041c1c905eadabd2f6c82810709fa7def750d9e8c3be1bc07b327fad424235f503504b63ae4cf4f46f2d1453c28f0ad0cad8bc560afe994dc699ffbcc45dcda5e4a9e569d44978ef29bc3ec3c71cba93de18654cbf8675132d1eddea8c7eebe417d14d6d4018eab6de0d276d5b063483b94a41fc625ec7b905b38b4b4785c1fd43e1e9c10d444d289a0dabfa7768e1f982aa4df2c7811d5d88277da119a34b32c09897cb19b7a6ca87c82e0785716404f137478261a6c8f7cd361cae806611edf2223cbeb58b8b3e511c4399113d7522dd9ced0bb703f6be064995cb005e6125f2f91a04fbec8c92c529b75f1f981bbe77a257e0cafeb93530d1d10ad9d96486c044bd677f0ad9f258a617e11929e1cf0f6f8fbb706827b382815eeabf7ff936c3d695c08df52788cad395f45bf16cab19d81b233461801a080672dabe358701cec54ecafa85a97c50dd2b78b387b70e86075a34173e3f16c0f68e0fa33f27725a525fad424094bca88ff9afcb8f73113fca45ab6e5e9cfa822b73d6cd84924050630e16a8b2ab73c676751475208bcb1a19164ad2ab005dce51e9e8c6270eee860969dea6f88f0cc0d63cbcc1f12096e5c23a8108e792742f8183ddceac9d727a22025eb6ad4b5d454af95dbfe5e8d220002e7f76c8ac7ba5e10669386affec97772c00596211bb075b31273c64ad0deed0b7070bfd98de295246e1ae33118971659c6ee3c7b34b97091dc129584ba7f62733dab9b919781a5600606ddcf5cf728e342591ffdb2081e4ca942864b2f507cb3448278d5b4ba8a2f5d5aef4c47f608631bce9039bed1e9bf23a4ff92f271c9766f173f0d70530b06404bd257cbc2aa297b9e2c21135dfe807feaf4a1e1fc3333a226b5d000fef273c3cf2008577628b2df4f763520c27967e3565d8545d190db919144100720dc633397142c570740082ea944a9a2a190c15b00580bbed07ec5528641b0bbc2a9ec0c83aacd53768322f7a99f39e718257eedfe4022f56bdbc1e64bc7e665111d19640e380e32cb30ac13bc4c3f1478951dc7dd219638197e46af48277bf99e385fd4aca87966da6869bd0bfb1c71fa6585acb52133802c1b8e7fd14acbf8081b4b79e283b453ec933e5e96545f76b945df0119de2ffd36b6099ec2887bde26a17afcaf28a8aa4ee21cf2f35b41f20746001146dcab23c21b867fcbaa238cbbfefa5cb13b480ef6bdafee6fc4de330ac48927e2e9ef48c2cba5d0822097694b73dd3c67da881e2f558f3c71892e6cbe3841b982d5eac9e4f7dae6255787d5a129a703d6aedda232267d8b49ebebe5150383fe6c128514c77cf349a28d3615a20a71cb8f02cf2153f66999769f9d8b34c244d8b58aebe1501aede9dd936ed209df52ebc63764380bacbd2c71768f12dc886e50b616e4cfd46ca5593e7c421bf99723aa2a5e008ea8b00c310ed118380701f41be3bea1e7c2fe007a3b85126f7a02a352878ef85b324c3169eab600a04ca7a117684110d663ef8b35bb112c09d4d9bc7287b9dcf964b9860f34e3a43c53e9b3eec2e9f987975a629da2dcd924973ba41af487f5424a2be264ac46eedd0d4ddb1cf245f5b77169fb4b89f16c6fd87aca8005b246e671a60dfef07fe2af87881d1fc2b2f9e89ae29a11b5573de8e6dd859ca8df1de0d25813a9765f1669cf604d5c0379a14f6bb89594ca576c4ef01b53dfc0b3ee57cee0e88175d3a09404327a6cb030f4bb549798904f56909c7db8860408cdd2521a02fa2d5002c4215b71c2a9494b8d35c8e74e5e70917dafff4fbc0564e26dec0fdc9b4e9dd81ee3accae233f2261cd10", 0x5e3, 0x800, 0x0, 0x0) 40.50695294s ago: executing program 2 (id=1001): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) close(r3) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r4, &(0x7f00000000c0)={&(0x7f0000000500)=@xdp={0x2c, 0x0, r2, 0xc}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000180)="2703", 0x2}], 0x1}, 0x4) 39.445280857s ago: executing program 0 (id=1006): r0 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() syz_genetlink_get_family_id$ipvs(0x0, r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f00000004c0), 0x4cbe8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="30000000100001000000ce6bb9092919507f3400", @ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB="08001b"], 0x30}}, 0x0) 38.218832824s ago: executing program 3 (id=1009): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x50) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0) r1 = socket(0x23, 0x6, 0x1000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x0, &(0x7f0000000040)}) ioctl$sock_FIOGETOWN(r2, 0x8903, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x100000001, 0xffffffff, 0x108, 0x65aa}, 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000100)='./file0\x00') mknod(&(0x7f00000000c0)='./file1/file3\x00', 0xc000, 0x81b) syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000940)={0x84, &(0x7f0000000380)={0x0, 0x10, 0xd, "5e6424818327b2369deca65eb2"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r4, &(0x7f0000000100)=[{&(0x7f00000000c0)='4', 0x1}], 0x1) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000037c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@ipv6_deladdrlabel={0x38, 0x48, 0x301, 0x70bd2d, 0x25dfdbfc, {0xa, 0x0, 0x80, 0x0, 0x0, 0x5}, [@IFAL_ADDRESS={0x14, 0x1, @loopback}, @IFAL_LABEL={0x8, 0x2, 0x9}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000881}, 0x44040) recvfrom$rxrpc(r1, &(0x7f00000003c0)=""/92, 0x5c, 0x100, &(0x7f0000000140)=@in4={0x21, 0x2, 0x2, 0x10, {0x2, 0x4e24, @local}}, 0x24) write$sysctl(r4, &(0x7f0000000180)='4\x00', 0x2) syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f00000002c0)={0x84, &(0x7f0000000500)=ANY=[@ANYRESDEC=r4, @ANYRES8, @ANYRESDEC, @ANYBLOB="8a96b5b1cb41cc6cddf50c4be17d728e2cb3436818b951770e0a3d79c92880699e5b2909179886496f13e415cab9d0794d54cf5075903075bdae1e574e0f3dac3688937db0571810ef9590d1d96f7ac3f72953ed90e080d8f34d0d1580a37ead8131174b4b5bb9dcd2be17607e41d1d42048f1504974f9bbdb2bc99676069585e5b7c27e6c5080406e6442926ca111eff156e0", @ANYRES16=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 37.116722914s ago: executing program 4 (id=1011): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) recvmsg$unix(r0, 0x0, 0x2000) 36.32676291s ago: executing program 3 (id=1013): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r0, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000fc0)="985e44efeabe001cabcf3d867300000000a2d3197970cb347b70a243bf77139a94bcda6b1a0ea305f3bf3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e0", 0x70}], 0x1}}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000800)="cc5a4dbac0affd0a979c63ea8352d608a51fc8625318716ddf62b7752be4540c4ac7d344c53a3ad28313abc2437b60b03c0e587cafcf9a435bf90c618351f70a828238fdf90bc5d36c7d614b82552649954e0185662defd28f78449f073bad544f586136c5076a6f0f1b6fc9adf80557eb44db1b41824e9ef104c95e999766bbf27d74ad5d8fa63210cde65d384dd3e87c1fedaec3144d1ee66a0eb0750363e346cb930dae6109df6b9955bf8af119b5c9a86622af4ff8b5949fb90f8edbde416d046d61512fe4c453bb601a780e1bbc00dbedc5e50d3cd9bc92", 0xda}], 0x1}}], 0x2, 0x2090) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000002000)="2ad905091cd53461119ebc0fa5b6db3ccbb0a60c8d86be91b4310dee634e143e20d77c4bb301a1e93dcedbcd65f9bbafc6262b0d7530ca17344ca5944d7dc340106482c1330d0c43b81321ef678fea269e59c177759990124eaa0ec54954e79171634eabc8ddbded0602ab51978c1c2a4e14786eb3edfa1602fcb49162d84bf01e7e72427066ef1c52390f9e27fd5a488bc3cbeda37ec495d68e72f9cd6148353da532fcd1085db3670065231fd7213fba98d313b46c59a1c6ce396c0493ebc8753afaa01ac9a0a3a9f6525cb45f87d94472f5041c1c905eadabd2f6c82810709fa7def750d9e8c3be1bc07b327fad424235f503504b63ae4cf4f46f2d1453c28f0ad0cad8bc560afe994dc699ffbcc45dcda5e4a9e569d44978ef29bc3ec3c71cba93de18654cbf8675132d1eddea8c7eebe417d14d6d4018eab6de0d276d5b063483b94a41fc625ec7b905b38b4b4785c1fd43e1e9c10d444d289a0dabfa7768e1f982aa4df2c7811d5d88277da119a34b32c09897cb19b7a6ca87c82e0785716404f137478261a6c8f7cd361cae806611edf2223cbeb58b8b3e511c4399113d7522dd9ced0bb703f6be064995cb005e6125f2f91a04fbec8c92c529b75f1f981bbe77a257e0cafeb93530d1d10ad9d96486c044bd677f0ad9f258a617e11929e1cf0f6f8fbb706827b382815eeabf7ff936c3d695c08df52788cad395f45bf16cab19d81b233461801a080672dabe358701cec54ecafa85a97c50dd2b78b387b70e86075a34173e3f16c0f68e0fa33f27725a525fad424094bca88ff9afcb8f73113fca45ab6e5e9cfa822b73d6cd84924050630e16a8b2ab73c676751475208bcb1a19164ad2ab005dce51e9e8c6270eee860969dea6f88f0cc0d63cbcc1f12096e5c23a8108e792742f8183ddceac9d727a22025eb6ad4b5d454af95dbfe5e8d220002e7f76c8ac7ba5e10669386affec97772c00596211bb075b31273c64ad0deed0b7070bfd98de295246e1ae33118971659c6ee3c7b34b97091dc129584ba7f62733dab9b919781a5600606ddcf5cf728e342591ffdb2081e4ca942864b2f507cb3448278d5b4ba8a2f5d5aef4c47f608631bce9039bed1e9bf23a4ff92f271c9766f173f0d70530b06404bd257cbc2aa297b9e2c21135dfe807feaf4a1e1fc3333a226b5d000fef273c3cf2008577628b2df4f763520c27967e3565d8545d190db919144100720dc633397142c570740082ea944a9a2a190c15b00580bbed07ec5528641b0bbc2a9ec0c83aacd53768322f7a99f39e718257eedfe4022f56bdbc1e64bc7e665111d19640e380e32cb30ac13bc4c3f1478951dc7dd219638197e46af48277bf99e385fd4aca87966da6869bd0bfb1c71fa6585acb52133802c1b8e7fd14acbf8081b4b79e283b453ec933e5e96545f76b945df0119de2ffd36b6099ec2887bde26a17afcaf28a8aa4ee21cf2f35b41f20746001146dcab23c21b867fcbaa238cbbfefa5cb13b480ef6bdafee6fc4de330ac48927e2e9ef48c2cba5d0822097694b73dd3c67da881e2f558f3c71892e6cbe3841b982d5eac9e4f7dae6255787d5a129a703d6aedda232267d8b49ebebe5150383fe6c128514c77cf349a28d3615a20a71cb8f02cf2153f66999769f9d8b34c244d8b58aebe1501aede9dd936ed209df52ebc63764380bacbd2c71768f12dc886e50b616e4cfd46ca5593e7c421bf99723aa2a5e008ea8b00c310ed118380701f41be3bea1e7c2fe007a3b85126f7a02a352878ef85b324c3169eab600a04ca7a117684110d663ef8b35bb112c09d4d9bc7287b9dcf964b9860f34e3a43c53e9b3eec2e9f987975a629da2dcd924973ba41af487f5424a2be264ac46eedd0d4ddb1cf245f5b77169fb4b89f16c6fd87aca8005b246e671a60dfef07fe2af87881d1fc2b2f9e89ae29a11b5573de8e6dd859ca8df1de0d25813a9765f1669cf604d5c0379a14f6bb89594ca576c4ef01b53dfc0b3ee57cee0e88175d3a09404327a6cb030f4bb549798904f56909c7db8860408cdd2521a02fa2d5002c4215b71c2a9494b8d35c8e74e5e70917dafff4fbc0564e26dec0fdc9b4e9dd81ee3accae233f2261cd10", 0x5e3, 0x800, 0x0, 0x0) 36.113526361s ago: executing program 3 (id=1014): openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000000109021b0001000000000904000001a7a00f00090582de", @ANYRESDEC], 0x0) sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x4, 0x0, 0x2a240}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_XFRM_LINK={0x8, 0x1, 0x4}, @IFLA_XFRM_IF_ID={0x8, 0x2, 0x1}]}}}, @IFLA_LINK={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x24008000}, 0x800) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) ioctl$KVM_SET_TSC_KHZ_cpu(r2, 0xaea2, 0x1) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'pcrypt(generic-gcm-aesni)\x00'}, 0x58) 35.694639515s ago: executing program 4 (id=1015): socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') close(0x3) socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001800)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="03000000000000001c0012800c0001006d6163766c616e000c000280080001000800000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x4c}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 34.113341967s ago: executing program 1 (id=1017): r0 = socket$inet_sctp(0x2, 0x5, 0x84) io_setup(0x81, 0x0) io_submit(0x0, 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000001c0)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x4e21, @rand_addr=0x64010102}]}, &(0x7f00000002c0)=0x10) pipe2(&(0x7f0000000000), 0x800) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000000)={r2, 0x3fc}, &(0x7f00000001c0)=0x8) 33.074483258s ago: executing program 1 (id=1018): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x4003, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x7fffe, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xb, 0xb}, {0xa, 0xfff3}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendto$packet(r4, &(0x7f0000000440)="bad330752181510000316f3a277f", 0xe, 0x2000041, &(0x7f0000000080)={0x11, 0x88a8, r3, 0x1, 0xd8, 0x6, @remote}, 0x14) 24.991672308s ago: executing program 32 (id=1001): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) close(r3) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r4, &(0x7f00000000c0)={&(0x7f0000000500)=@xdp={0x2c, 0x0, r2, 0xc}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000180)="2703", 0x2}], 0x1}, 0x4) 23.751641322s ago: executing program 33 (id=1006): r0 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() syz_genetlink_get_family_id$ipvs(0x0, r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f00000004c0), 0x4cbe8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="30000000100001000000ce6bb9092919507f3400", @ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB="08001b"], 0x30}}, 0x0) 22.47649565s ago: executing program 3 (id=1021): socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000240)={0x38, 0x0, 0x8, 0x8001, 0x0, 0xaf, 0x0, 0xfffffe0000000001, 0x7, 0xffffffff}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48815}, 0xc020) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4010}, 0x4008020) ioctl$SCSI_IOCTL_STOP_UNIT(0xffffffffffffffff, 0x5319) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/cpuinfo\x00', 0x0, 0x0) pread64(r3, &(0x7f00000014c0)=""/4096, 0x1000, 0x547) lseek(r3, 0x0, 0x0) r4 = socket$pptp(0x18, 0x1, 0x2) connect$pptp(r4, &(0x7f0000000200)={0x18, 0x2, {0x0, @multicast1}}, 0x1e) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) timer_create(0x0, 0x0, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) r5 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0) sendmsg$nl_route_sched(r5, 0x0, 0x2000400c) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) 22.36929099s ago: executing program 4 (id=1022): socket$can_j1939(0x1d, 0x2, 0x7) socketpair$unix(0x1, 0x3, 0x0, 0x0) socket$tipc(0x1e, 0x5, 0x0) socket(0x1d, 0x2, 0x6) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000805}, 0x0) keyctl$invalidate(0x15, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) socket$nl_xfrm(0x10, 0x3, 0x6) getresuid(&(0x7f0000000180)=0x0, 0x0, &(0x7f0000000340)) openat$kvm(0xffffffffffffff9c, 0x0, 0x80000, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_emit_ethernet(0x3e, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaa0020000000080800470000300000000000069078ac141400ac1e0001070707000000000000000000", @ANYRES32=0x41424344, @ANYRESHEX=r2, @ANYBLOB="0000000000000020c21944d604000016612f69444755fe9225ff9ae200000000"], 0x0) ioctl$KVM_PRE_FAULT_MEMORY(0xffffffffffffffff, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3) 22.020740527s ago: executing program 1 (id=1023): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x114) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="f8000000000000000b01000003000000b38ad0fa5344f86392a8a624588a9ebd811192cbcbc48c43148a7cc729a98cdc74f191ae2cd62d2652d78d6acf62b5eb8f161c8b04b3b2b547119b38e2badd726674a4693c080fe5c3496137c986cb152d529c9225c772f2f854bf5ab89e259312dacf6b9debd2bf43be3dc19840f0c35b2d960ac50a9f2bcf98156f76700462166d7eb6416b2a7510be974b3f7a06c8927e28a62f708cce515c9c922c8c0c8daf4646e725d7282571b819097b58963d71992c2938f34c3516c547423d99a2f90f3a146a044cb732f4f4a0305c9d37fcb667e5e900000000000028000000000000000000000000080000c133a12a91872b3730467c92a3a5050f02b82b7e452f3e6b500000000000000012010000ff030000ae15b1a3e016bb782adb738fa764d4487026530ac6f50e3b31ec875a38f17bac40e87117dbd6ba47cf721b216e5b8cb28d424f1b5ed9793f5167332a0000000038000000000000000a010000630a0000fa08ab919987305c8ad63785f4a4bc84cb79f70a5d7698a3f59e1f0dbbe9b9f8ed97000000100000000000000013010000090000001000000000000000100100"], 0x1c8}, 0x4000c010) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000005000000fd0900008400000005010000", @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r4}, 0x38) bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, &(0x7f0000000840)=""/121, &(0x7f0000000680), &(0x7f0000000540), 0x6c, r4}, 0x38) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000240)={0x50, 0x0, r5, {0x7, 0x1f, 0x0, 0x202, 0x0, 0x0, 0x2}}, 0x50) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r3, 0x50009418, &(0x7f0000000ec0)={{r2}, 0x0, 0x8, @inherit={0x68, &(0x7f0000000600)={0x0, 0x4, 0x4, 0xf06, {0x8, 0x8000, 0x2, 0x200, 0x100000000}, [0x2, 0xfffffffffffffff8, 0x2, 0x5]}}, @devid}) r6 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382) r7 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x0, &(0x7f0000000040)}) ioctl$sock_FIOGETOWN(r2, 0x8903, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x100000001, 0xffffffff, 0x108, 0x65aa}, 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000100)='./file0\x00') mknod(&(0x7f00000000c0)='./file1/file3\x00', 0xc000, 0x81b) syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000940)={0x84, &(0x7f0000000380)={0x0, 0x10, 0xd, "5e6424818327b2369deca65eb2"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r4, &(0x7f0000000100)=[{&(0x7f00000000c0)='4', 0x1}], 0x1) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000037c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@ipv6_deladdrlabel={0x38, 0x48, 0x301, 0x70bd2d, 0x25dfdbfc, {0xa, 0x0, 0x80, 0x0, 0x0, 0x5}, [@IFAL_ADDRESS={0x14, 0x1, @loopback}, @IFAL_LABEL={0x8, 0x2, 0x9}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000881}, 0x44040) recvfrom$rxrpc(r1, &(0x7f00000003c0)=""/92, 0x5c, 0x100, &(0x7f0000000140)=@in4={0x21, 0x2, 0x2, 0x10, {0x2, 0x4e24, @local}}, 0x24) write$sysctl(r4, &(0x7f0000000180)='4\x00', 0x2) syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f00000002c0)={0x84, &(0x7f0000000500)=ANY=[@ANYRESDEC=r4, @ANYRES8, @ANYRESDEC, @ANYBLOB="8a96b5b1cb41cc6cddf50c4be17d728e2cb3436818b951770e0a3d79c92880699e5b2909179886496f13e415cab9d0794d54cf5075903075bdae1e574e0f3dac3688937db0571810ef9590d1d96f7ac3f72953ed90e080d8f34d0d1580a37ead8131174b4b5bb9dcd2be17607e41d1d42048f1504974f9bbdb2bc99676069585e5b7c27e6c5080406e6442926ca111eff156e0", @ANYRES16=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 20.019386463s ago: executing program 4 (id=1025): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) recvmsg$unix(r0, 0x0, 0x2000) 18.711614965s ago: executing program 1 (id=1026): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r0, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000fc0)="985e44efeabe001cabcf3d867300000000a2d3197970cb347b70a243bf77139a94bcda6b1a0ea305f3bf3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e0", 0x70}], 0x1}}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000800)="cc5a4dbac0affd0a979c63ea8352d608a51fc8625318716ddf62b7752be4540c4ac7d344c53a3ad28313abc2437b60b03c0e587cafcf9a435bf90c618351f70a828238fdf90bc5d36c7d614b82552649954e0185662defd28f78449f073bad544f586136c5076a6f0f1b6fc9adf80557eb44db1b41824e9ef104c95e999766bbf27d74ad5d8fa63210cde65d384dd3e87c1fedaec3144d1ee66a0eb0750363e346cb930dae6109df6b9955bf8af119b5c9a86622af4ff8b5949fb90f8edbde416d046d61512fe4c453bb601a780e1bbc00dbedc5e50d3cd9bc92", 0xda}], 0x1}}], 0x2, 0x2090) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000002000)="2ad905091cd53461119ebc0fa5b6db3ccbb0a60c8d86be91b4310dee634e143e20d77c4bb301a1e93dcedbcd65f9bbafc6262b0d7530ca17344ca5944d7dc340106482c1330d0c43b81321ef678fea269e59c177759990124eaa0ec54954e79171634eabc8ddbded0602ab51978c1c2a4e14786eb3edfa1602fcb49162d84bf01e7e72427066ef1c52390f9e27fd5a488bc3cbeda37ec495d68e72f9cd6148353da532fcd1085db3670065231fd7213fba98d313b46c59a1c6ce396c0493ebc8753afaa01ac9a0a3a9f6525cb45f87d94472f5041c1c905eadabd2f6c82810709fa7def750d9e8c3be1bc07b327fad424235f503504b63ae4cf4f46f2d1453c28f0ad0cad8bc560afe994dc699ffbcc45dcda5e4a9e569d44978ef29bc3ec3c71cba93de18654cbf8675132d1eddea8c7eebe417d14d6d4018eab6de0d276d5b063483b94a41fc625ec7b905b38b4b4785c1fd43e1e9c10d444d289a0dabfa7768e1f982aa4df2c7811d5d88277da119a34b32c09897cb19b7a6ca87c82e0785716404f137478261a6c8f7cd361cae806611edf2223cbeb58b8b3e511c4399113d7522dd9ced0bb703f6be064995cb005e6125f2f91a04fbec8c92c529b75f1f981bbe77a257e0cafeb93530d1d10ad9d96486c044bd677f0ad9f258a617e11929e1cf0f6f8fbb706827b382815eeabf7ff936c3d695c08df52788cad395f45bf16cab19d81b233461801a080672dabe358701cec54ecafa85a97c50dd2b78b387b70e86075a34173e3f16c0f68e0fa33f27725a525fad424094bca88ff9afcb8f73113fca45ab6e5e9cfa822b73d6cd84924050630e16a8b2ab73c676751475208bcb1a19164ad2ab005dce51e9e8c6270eee860969dea6f88f0cc0d63cbcc1f12096e5c23a8108e792742f8183ddceac9d727a22025eb6ad4b5d454af95dbfe5e8d220002e7f76c8ac7ba5e10669386affec97772c00596211bb075b31273c64ad0deed0b7070bfd98de295246e1ae33118971659c6ee3c7b34b97091dc129584ba7f62733dab9b919781a5600606ddcf5cf728e342591ffdb2081e4ca942864b2f507cb3448278d5b4ba8a2f5d5aef4c47f608631bce9039bed1e9bf23a4ff92f271c9766f173f0d70530b06404bd257cbc2aa297b9e2c21135dfe807feaf4a1e1fc3333a226b5d000fef273c3cf2008577628b2df4f763520c27967e3565d8545d190db919144100720dc633397142c570740082ea944a9a2a190c15b00580bbed07ec5528641b0bbc2a9ec0c83aacd53768322f7a99f39e718257eedfe4022f56bdbc1e64bc7e665111d19640e380e32cb30ac13bc4c3f1478951dc7dd219638197e46af48277bf99e385fd4aca87966da6869bd0bfb1c71fa6585acb52133802c1b8e7fd14acbf8081b4b79e283b453ec933e5e96545f76b945df0119de2ffd36b6099ec2887bde26a17afcaf28a8aa4ee21cf2f35b41f20746001146dcab23c21b867fcbaa238cbbfefa5cb13b480ef6bdafee6fc4de330ac48927e2e9ef48c2cba5d0822097694b73dd3c67da881e2f558f3c71892e6cbe3841b982d5eac9e4f7dae6255787d5a129a703d6aedda232267d8b49ebebe5150383fe6c128514c77cf349a28d3615a20a71cb8f02cf2153f66999769f9d8b34c244d8b58aebe1501aede9dd936ed209df52ebc63764380bacbd2c71768f12dc886e50b616e4cfd46ca5593e7c421bf99723aa2a5e008ea8b00c310ed118380701f41be3bea1e7c2fe007a3b85126f7a02a352878ef85b324c3169eab600a04ca7a117684110d663ef8b35bb112c09d4d9bc7287b9dcf964b9860f34e3a43c53e9b3eec2e9f987975a629da2dcd924973ba41af487f5424a2be264ac46eedd0d4ddb1cf245f5b77169fb4b89f16c6fd87aca8005b246e671a60dfef07fe2af87881d1fc2b2f9e89ae29a11b5573de8e6dd859ca8df1de0d25813a9765f1669cf604d5c0379a14f6bb89594ca576c4ef01b53dfc0b3ee57cee0e88175d3a09404327a6cb030f4bb549798904f56909c7db8860408cdd2521a02fa2d5002c4215b71c2a9494b8d35c8e74e5e70917dafff4fbc0564e26dec0fdc9b4e9dd81ee3accae233f2261cd10", 0x5e3, 0x800, 0x0, 0x0) 18.361391711s ago: executing program 4 (id=1027): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_io_uring_setup(0x118f7, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0/../file0/file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4) sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) sendmsg$inet(0xffffffffffffffff, 0x0, 0x20001) connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000007fc0), 0x800001d, 0x0) 18.361068981s ago: executing program 1 (id=1028): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="12010000d4c18a080204025676350102030109021200010000"], 0x0) 18.0254281s ago: executing program 3 (id=1029): openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000000109021b0001000000000904000001a7a00f00090582de", @ANYRESDEC], 0x0) sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x4, 0x0, 0x2a240}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_XFRM_LINK={0x8, 0x1, 0x4}, @IFLA_XFRM_IF_ID={0x8, 0x2, 0x1}]}}}, @IFLA_LINK={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x24008000}, 0x800) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) ioctl$KVM_SET_TSC_KHZ_cpu(r2, 0xaea2, 0x1) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'pcrypt(generic-gcm-aesni)\x00'}, 0x58) 16.793085896s ago: executing program 4 (id=1030): r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c0000005e007f0a7eed1168379a3601ffc4910700004f78d4"], 0x1c}, 0x1, 0x0, 0x0, 0x200080d5}, 0x4044010) recvmmsg$unix(r0, &(0x7f0000002380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), r4) sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001800)=ANY=[@ANYBLOB="180000002500010324bd7002ffdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0) recvmsg(r4, &(0x7f00000031c0)={0x0, 0x0, 0x0}, 0x40000000) recvmmsg(r4, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000007c0)=""/217, 0xd9}, {&(0x7f0000000500)=""/74, 0x4a}, {&(0x7f0000000580)=""/230, 0xe6}, {&(0x7f0000001840)=""/4108, 0x100c}], 0x4}, 0x70003}, {{0x0, 0x0, 0x0}, 0xfffffffe}, {{0x0, 0x0, 0x0}, 0xfffff001}], 0x3, 0x102, 0x0) r5 = syz_open_dev$video(&(0x7f0000000080), 0x7, 0x0) ioctl$VIDIOC_S_TUNER(r5, 0x4054561e, &(0x7f0000000680)={0x0, "4900bb33663fb3b6d05a929145325c94db33661d4653f6702f7c8d16a03d8bc8", 0x5, 0x4, 0x6660, 0x8000, 0x8, 0x1, 0x0, 0x5}) sendmsg$nl_route(r1, &(0x7f00000078c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@ipv4_newroute={0x2c, 0x1a, 0x1, 0x70bd24, 0x0, {0x2, 0x20, 0x14, 0x0, 0xff, 0x0, 0x0, 0x7, 0x200}, [@RTA_IIF={0x8, 0x3, r3}, @RTA_DST={0x8, 0x1, @multicast1}]}, 0x2c}}, 0xea5bc50b6199d7fe) 15.118932161s ago: executing program 1 (id=1031): r0 = socket$pptp(0x18, 0x1, 0x2) r1 = syz_io_uring_setup(0x837, &(0x7f0000000180)={0x0, 0x679a, 0x10, 0x4, 0x3cf}, &(0x7f0000000280)=0x0, &(0x7f0000000340)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x40, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r1, 0x3514, 0x9141, 0x69, 0x0, 0x0) 1.999363014s ago: executing program 34 (id=1029): openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000000109021b0001000000000904000001a7a00f00090582de", @ANYRESDEC], 0x0) sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x4, 0x0, 0x2a240}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_XFRM_LINK={0x8, 0x1, 0x4}, @IFLA_XFRM_IF_ID={0x8, 0x2, 0x1}]}}}, @IFLA_LINK={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x24008000}, 0x800) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) ioctl$KVM_SET_TSC_KHZ_cpu(r2, 0xaea2, 0x1) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'pcrypt(generic-gcm-aesni)\x00'}, 0x58) 375.092178ms ago: executing program 35 (id=1030): r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c0000005e007f0a7eed1168379a3601ffc4910700004f78d4"], 0x1c}, 0x1, 0x0, 0x0, 0x200080d5}, 0x4044010) recvmmsg$unix(r0, &(0x7f0000002380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), r4) sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001800)=ANY=[@ANYBLOB="180000002500010324bd7002ffdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0) recvmsg(r4, &(0x7f00000031c0)={0x0, 0x0, 0x0}, 0x40000000) recvmmsg(r4, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000007c0)=""/217, 0xd9}, {&(0x7f0000000500)=""/74, 0x4a}, {&(0x7f0000000580)=""/230, 0xe6}, {&(0x7f0000001840)=""/4108, 0x100c}], 0x4}, 0x70003}, {{0x0, 0x0, 0x0}, 0xfffffffe}, {{0x0, 0x0, 0x0}, 0xfffff001}], 0x3, 0x102, 0x0) r5 = syz_open_dev$video(&(0x7f0000000080), 0x7, 0x0) ioctl$VIDIOC_S_TUNER(r5, 0x4054561e, &(0x7f0000000680)={0x0, "4900bb33663fb3b6d05a929145325c94db33661d4653f6702f7c8d16a03d8bc8", 0x5, 0x4, 0x6660, 0x8000, 0x8, 0x1, 0x0, 0x5}) sendmsg$nl_route(r1, &(0x7f00000078c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@ipv4_newroute={0x2c, 0x1a, 0x1, 0x70bd24, 0x0, {0x2, 0x20, 0x14, 0x0, 0xff, 0x0, 0x0, 0x7, 0x200}, [@RTA_IIF={0x8, 0x3, r3}, @RTA_DST={0x8, 0x1, @multicast1}]}, 0x2c}}, 0xea5bc50b6199d7fe) 0s ago: executing program 36 (id=1031): r0 = socket$pptp(0x18, 0x1, 0x2) r1 = syz_io_uring_setup(0x837, &(0x7f0000000180)={0x0, 0x679a, 0x10, 0x4, 0x3cf}, &(0x7f0000000280)=0x0, &(0x7f0000000340)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x40, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r1, 0x3514, 0x9141, 0x69, 0x0, 0x0) kernel console output (not intermixed with test programs): t: type=1326 audit(1773182892.119:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5365 comm="syz.1.257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 148.982902][ T5374] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 149.082307][ T26] audit: type=1326 audit(1773182892.119:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5365 comm="syz.1.257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 149.143398][ T26] audit: type=1326 audit(1773182892.129:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5365 comm="syz.1.257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 149.162405][ T5378] random: crng reseeded on system resumption [ 149.266459][ T26] audit: type=1326 audit(1773182892.129:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5365 comm="syz.1.257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 149.392546][ T26] audit: type=1326 audit(1773182892.129:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5365 comm="syz.1.257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 151.337497][ T27] sierra 4-1:255.252: Sierra USB modem converter detected [ 151.431472][ T27] usb 4-1: Sierra USB modem converter now attached to ttyUSB0 [ 151.540988][ T27] usb 4-1: USB disconnect, device number 3 [ 151.902917][ T27] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 151.940833][ T27] sierra 4-1:255.252: device disconnected [ 152.311587][ T5412] device syzkaller0 entered promiscuous mode [ 152.412419][ T5413] netlink: 'syz.3.266': attribute type 1 has an invalid length. [ 152.523035][ T5413] 8021q: adding VLAN 0 to HW filter on device bond1 [ 152.981396][ T5433] netlink: 8 bytes leftover after parsing attributes in process `syz.3.270'. [ 153.071253][ T5434] netlink: 36 bytes leftover after parsing attributes in process `syz.4.269'. [ 153.116924][ T5433] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 153.128975][ T5433] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 153.171305][ T5433] 8021q: adding VLAN 0 to HW filter on device bond0 [ 153.201941][ T5439] relay: one or more items not logged [item size (56) > sub-buffer size (3)] [ 153.222687][ T5433] 8021q: adding VLAN 0 to HW filter on device team0 [ 153.266546][ T5433] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 153.524077][ T14] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 153.730880][ T14] usb 5-1: config 1 has an invalid interface number: 128 but max is 1 [ 153.758170][ T14] usb 5-1: config 1 has an invalid descriptor of length 129, skipping remainder of the config [ 153.861999][ T14] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 153.939165][ T14] usb 5-1: config 1 has no interface number 0 [ 153.987890][ T14] usb 5-1: config 1 interface 128 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 154.109313][ T14] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 154.138836][ T14] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.178905][ T14] usb 5-1: Product: syz [ 154.188646][ T14] usb 5-1: Manufacturer: syz [ 154.209532][ T14] usb 5-1: SerialNumber: syz [ 154.239295][ T14] cdc_wdm: probe of 5-1:1.128 failed with error -22 [ 154.317173][ T4347] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 154.504083][ T4347] usb 4-1: Using ep0 maxpacket: 32 [ 154.512324][ T4347] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 154.549000][ T4347] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 154.576458][ T4347] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 154.598656][ T4347] usb 4-1: Product: syz [ 154.609986][ T4347] usb 4-1: Manufacturer: syz [ 154.621838][ T4347] usb 4-1: SerialNumber: syz [ 154.652561][ T4347] usb 4-1: config 0 descriptor?? [ 154.679937][ T5447] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 154.900189][ T5456] netlink: 16 bytes leftover after parsing attributes in process `syz.0.275'. [ 156.961303][ T4677] usb 4-1: USB disconnect, device number 4 [ 157.149981][ T27] usb 5-1: USB disconnect, device number 5 [ 157.321328][ T5469] device syzkaller0 entered promiscuous mode [ 157.684301][ T5477] netlink: 'syz.3.281': attribute type 1 has an invalid length. [ 157.804509][ T5477] 8021q: adding VLAN 0 to HW filter on device bond2 [ 157.825916][ T5481] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 158.059466][ T5485] random: crng reseeded on system resumption [ 158.479908][ T5494] vivid-000: ================= START STATUS ================= [ 158.497477][ T5494] vivid-000: Radio HW Seek Mode: Bounded [ 158.518805][ T5494] vivid-000: Radio Programmable HW Seek: false [ 158.539870][ T5494] vivid-000: RDS Rx I/O Mode: Block I/O [ 158.553940][ T5494] vivid-000: Generate RBDS Instead of RDS: false [ 158.582304][ T5494] vivid-000: RDS Reception: true [ 158.609165][ T5494] vivid-000: RDS Program Type: 0 inactive [ 158.647761][ T5494] vivid-000: RDS PS Name: inactive [ 158.670203][ T5494] vivid-000: RDS Radio Text: inactive [ 158.687680][ T5494] vivid-000: RDS Traffic Announcement: false inactive [ 158.704141][ T5494] vivid-000: RDS Traffic Program: false inactive [ 158.757559][ T5494] vivid-000: RDS Music: false inactive [ 158.804529][ T5494] vivid-000: ================== END STATUS ================== [ 160.495681][ T26] kauditd_printk_skb: 9 callbacks suppressed [ 160.495693][ T26] audit: type=1326 audit(1773182904.129:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5508 comm="syz.3.289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f906059c799 code=0x7ffc0000 [ 160.523792][ C0] vkms_vblank_simulate: vblank timer overrun [ 160.755917][ T5515] loop6: detected capacity change from 0 to 7 [ 160.872070][ T26] audit: type=1326 audit(1773182904.169:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5508 comm="syz.3.289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f906059c799 code=0x7ffc0000 [ 160.935417][ T26] audit: type=1326 audit(1773182904.179:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5508 comm="syz.3.289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f906059c799 code=0x7ffc0000 [ 160.959472][ T5515] Dev loop6: unable to read RDB block 7 [ 161.127992][ T5515] loop6: AHDI p2 p3 [ 161.132151][ T5515] loop6: partition table partially beyond EOD, truncated [ 161.141570][ T5515] loop6: p2 size 157513074 extends beyond EOD, truncated [ 161.157408][ T26] audit: type=1326 audit(1773182904.179:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5508 comm="syz.3.289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f906059c799 code=0x7ffc0000 [ 161.219367][ T26] audit: type=1326 audit(1773182904.179:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5508 comm="syz.3.289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f906059c799 code=0x7ffc0000 [ 161.237636][ T5530] netlink: 8 bytes leftover after parsing attributes in process `syz.4.294'. [ 161.241517][ C0] vkms_vblank_simulate: vblank timer overrun [ 161.339914][ T5530] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 161.355962][ T5530] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 161.385027][ T5530] 8021q: adding VLAN 0 to HW filter on device bond0 [ 161.465196][ T5530] 8021q: adding VLAN 0 to HW filter on device team0 [ 161.471940][ T26] audit: type=1326 audit(1773182904.179:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5508 comm="syz.3.289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f906059c799 code=0x7ffc0000 [ 161.550555][ T5530] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 161.619037][ T4379] udevd[4379]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 161.680306][ T26] audit: type=1326 audit(1773182904.189:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5508 comm="syz.3.289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f906059c799 code=0x7ffc0000 [ 161.816992][ T26] audit: type=1326 audit(1773182904.189:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5508 comm="syz.3.289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f906059c799 code=0x7ffc0000 [ 161.839199][ C0] vkms_vblank_simulate: vblank timer overrun [ 161.907348][ T26] audit: type=1326 audit(1773182904.189:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5508 comm="syz.3.289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f906059c799 code=0x7ffc0000 [ 161.940744][ T26] audit: type=1326 audit(1773182904.189:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5508 comm="syz.3.289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f906059c799 code=0x7ffc0000 [ 163.938089][ T5564] device syzkaller0 entered promiscuous mode [ 164.214752][ T5570] netlink: 'syz.1.306': attribute type 1 has an invalid length. [ 164.416524][ T5570] 8021q: adding VLAN 0 to HW filter on device bond1 [ 164.425012][ T5568] device syzkaller0 entered promiscuous mode [ 166.082289][ T26] kauditd_printk_skb: 31 callbacks suppressed [ 166.082300][ T26] audit: type=1326 audit(1773182909.709:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5606 comm="syz.4.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb467b9c799 code=0x7ffc0000 [ 166.246136][ T5613] loop6: detected capacity change from 0 to 7 [ 166.255123][ T4379] Dev loop6: unable to read RDB block 7 [ 166.263667][ T4379] loop6: AHDI p2 p3 [ 166.279596][ T4379] loop6: partition table partially beyond EOD, truncated [ 166.307611][ T26] audit: type=1326 audit(1773182909.749:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5606 comm="syz.4.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7fb467b9c799 code=0x7ffc0000 [ 166.350736][ T4379] loop6: p2 size 157513074 extends beyond EOD, truncated [ 166.410116][ T5613] Dev loop6: unable to read RDB block 7 [ 166.417350][ T5613] loop6: AHDI p2 p3 [ 166.482158][ T5613] loop6: partition table partially beyond EOD, truncated [ 166.532850][ T26] audit: type=1326 audit(1773182909.749:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5606 comm="syz.4.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb467b9c799 code=0x7ffc0000 [ 166.555070][ C0] vkms_vblank_simulate: vblank timer overrun [ 166.566890][ T5613] loop6: p2 size 157513074 extends beyond EOD, truncated [ 166.693330][ T5620] netlink: 'syz.3.321': attribute type 1 has an invalid length. [ 166.776376][ T4379] udevd[4379]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 166.819035][ T5620] 8021q: adding VLAN 0 to HW filter on device bond3 [ 166.846150][ T26] audit: type=1326 audit(1773182909.759:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5606 comm="syz.4.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb467b9c799 code=0x7ffc0000 [ 166.949451][ T4379] udevd[4379]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 167.148700][ T5624] device syzkaller0 entered promiscuous mode [ 167.264708][ T26] audit: type=1326 audit(1773182909.759:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5606 comm="syz.4.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb467b9c799 code=0x7ffc0000 [ 167.286911][ C0] vkms_vblank_simulate: vblank timer overrun [ 167.510351][ T26] audit: type=1326 audit(1773182909.769:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5606 comm="syz.4.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fb467b9c799 code=0x7ffc0000 [ 167.639337][ T5631] syz.2.325 uses obsolete (PF_INET,SOCK_PACKET) [ 167.704029][ T26] audit: type=1326 audit(1773182909.769:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5606 comm="syz.4.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb467b9c799 code=0x7ffc0000 [ 167.774198][ T14] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 167.784909][ T26] audit: type=1326 audit(1773182909.779:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5606 comm="syz.4.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fb467b9c799 code=0x7ffc0000 [ 167.806980][ C0] vkms_vblank_simulate: vblank timer overrun [ 167.898447][ T26] audit: type=1326 audit(1773182909.779:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5606 comm="syz.4.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb467b9c799 code=0x7ffc0000 [ 167.920634][ C0] vkms_vblank_simulate: vblank timer overrun [ 167.999066][ T26] audit: type=1326 audit(1773182909.779:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5606 comm="syz.4.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fb467b9c799 code=0x7ffc0000 [ 168.021143][ C0] vkms_vblank_simulate: vblank timer overrun [ 168.031396][ T14] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 168.060714][ T14] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 168.091158][ T14] usb 4-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00 [ 168.225742][ T14] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.260377][ T14] usb 4-1: config 0 descriptor?? [ 169.464234][ T14] logitech-djreceiver 0003:046D:C71F.0001: unknown main item tag 0x7 [ 169.573705][ T14] logitech-djreceiver 0003:046D:C71F.0001: hidraw0: USB HID v0.00 Device [HID 046d:c71f] on usb-dummy_hcd.3-1/input0 [ 170.647859][ T14] usb 4-1: USB disconnect, device number 5 [ 171.443477][ T5664] netlink: 'syz.3.332': attribute type 1 has an invalid length. [ 171.451360][ T5664] netlink: 'syz.3.332': attribute type 2 has an invalid length. [ 171.465670][ T5664] netlink: 8 bytes leftover after parsing attributes in process `syz.3.332'. [ 171.710632][ T5653] fido_id[5653]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 171.745779][ T5676] netlink: 16 bytes leftover after parsing attributes in process `syz.0.336'. [ 172.179965][ T26] kauditd_printk_skb: 26 callbacks suppressed [ 172.179975][ T26] audit: type=1326 audit(1773182915.809:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5677 comm="syz.1.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 172.320214][ T26] audit: type=1326 audit(1773182915.859:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5677 comm="syz.1.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 172.393821][ T5684] loop6: detected capacity change from 0 to 7 [ 172.419766][ T4379] Dev loop6: unable to read RDB block 7 [ 172.434377][ T4379] loop6: AHDI p2 p3 [ 172.448503][ T26] audit: type=1326 audit(1773182915.859:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5677 comm="syz.1.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 172.500315][ T26] audit: type=1326 audit(1773182915.859:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5677 comm="syz.1.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 172.526200][ T4379] loop6: partition table partially beyond EOD, truncated [ 172.575610][ T4379] loop6: p2 size 157513074 extends beyond EOD, truncated [ 172.645496][ T5684] Dev loop6: unable to read RDB block 7 [ 172.651244][ T26] audit: type=1326 audit(1773182915.859:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5677 comm="syz.1.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 172.688362][ T5684] loop6: AHDI p2 p3 [ 172.709785][ T5684] loop6: partition table partially beyond EOD, truncated [ 172.741376][ T5684] loop6: p2 size 157513074 extends beyond EOD, truncated [ 172.760517][ T26] audit: type=1326 audit(1773182915.859:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5677 comm="syz.1.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 172.899448][ T26] audit: type=1326 audit(1773182915.859:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5677 comm="syz.1.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 172.995983][ T4379] udevd[4379]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 173.099488][ T26] audit: type=1326 audit(1773182915.859:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5677 comm="syz.1.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 174.107920][ T26] audit: type=1326 audit(1773182915.869:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5677 comm="syz.1.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 174.343130][ T26] audit: type=1326 audit(1773182915.869:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5677 comm="syz.1.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 175.430077][ T5711] vivid-001: ================= START STATUS ================= [ 175.455847][ T5711] vivid-001: Radio HW Seek Mode: Bounded [ 175.471752][ T5711] vivid-001: Radio Programmable HW Seek: false [ 175.598157][ T5711] vivid-001: RDS Rx I/O Mode: Block I/O [ 175.651263][ T5711] vivid-001: Generate RBDS Instead of RDS: false [ 175.688534][ T5711] vivid-001: RDS Reception: true [ 175.698392][ T5711] vivid-001: RDS Program Type: 0 inactive [ 175.744105][ T5711] vivid-001: RDS PS Name: inactive [ 175.760078][ T5711] vivid-001: RDS Radio Text: inactive [ 175.761696][ T5719] netlink: 'syz.2.348': attribute type 1 has an invalid length. [ 175.889428][ T5711] vivid-001: RDS Traffic Announcement: false inactive [ 175.896715][ T5711] vivid-001: RDS Traffic Program: false inactive [ 175.903177][ T5711] vivid-001: RDS Music: false inactive [ 175.911789][ T5711] vivid-001: ================== END STATUS ================== [ 176.915580][ T5741] loop6: detected capacity change from 0 to 7 [ 176.938135][ T5742] netlink: 'syz.1.354': attribute type 1 has an invalid length. [ 176.947642][ T5742] netlink: 'syz.1.354': attribute type 2 has an invalid length. [ 176.966899][ T4379] Dev loop6: unable to read RDB block 7 [ 176.972488][ T4379] loop6: AHDI p2 p3 [ 176.982885][ T5742] netlink: 8 bytes leftover after parsing attributes in process `syz.1.354'. [ 177.000093][ T4379] loop6: partition table partially beyond EOD, truncated [ 177.077599][ T4379] loop6: p2 size 157513074 extends beyond EOD, truncated [ 177.138244][ T5741] Dev loop6: unable to read RDB block 7 [ 177.189629][ T5741] loop6: AHDI p2 p3 [ 177.193740][ T5741] loop6: partition table partially beyond EOD, truncated [ 177.224612][ T5741] loop6: p2 size 157513074 extends beyond EOD, truncated [ 177.299039][ T26] kauditd_printk_skb: 64 callbacks suppressed [ 177.299052][ T26] audit: type=1326 audit(1773182920.929:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5739 comm="syz.4.355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb467b9c799 code=0x7ffc0000 [ 177.477183][ T26] audit: type=1326 audit(1773182920.959:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5739 comm="syz.4.355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb467b9c799 code=0x7ffc0000 [ 177.635754][ T4379] udevd[4379]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 177.894517][ T4379] udevd[4379]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 177.949137][ T5742] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.956457][ T5742] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.720896][ T5762] relay: one or more items not logged [item size (56) > sub-buffer size (3)] [ 179.352932][ T5770] netlink: 16 bytes leftover after parsing attributes in process `syz.0.359'. [ 179.494902][ T5742] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 179.523859][ T5742] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 179.601564][ T5772] netlink: 'syz.3.360': attribute type 1 has an invalid length. [ 179.638853][ T5772] netlink: 'syz.3.360': attribute type 2 has an invalid length. [ 180.013062][ T5742] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.022550][ T5742] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.032315][ T5742] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.054948][ T5742] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.312412][ T5772] netlink: 8 bytes leftover after parsing attributes in process `syz.3.360'. [ 180.564115][ T4315] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 180.742038][ T5772] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 180.754113][ T4315] usb 3-1: Using ep0 maxpacket: 16 [ 180.761673][ T4315] usb 3-1: config 0 has no interfaces? [ 180.779636][ T4315] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 180.808555][ T4315] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 180.821602][ T5772] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 180.843190][ T4315] usb 3-1: Product: syz [ 180.857271][ T4315] usb 3-1: Manufacturer: syz [ 180.866138][ T5772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 180.879766][ T4315] usb 3-1: SerialNumber: syz [ 180.906015][ T4315] usb 3-1: config 0 descriptor?? [ 180.912851][ T5772] 8021q: adding VLAN 0 to HW filter on device team0 [ 180.954176][ T4281] Bluetooth: hci3: command 0x0406 tx timeout [ 180.960281][ T4286] Bluetooth: hci0: command 0x0406 tx timeout [ 180.967281][ T4283] Bluetooth: hci1: command 0x0406 tx timeout [ 180.974056][ T4284] Bluetooth: hci2: command 0x0406 tx timeout [ 180.980057][ T4278] Bluetooth: hci4: command 0x0406 tx timeout [ 181.059687][ T5772] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 181.475237][ T5787] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 181.784073][ T14] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 181.978959][ T14] usb 4-1: config 0 has no interfaces? [ 181.988175][ T14] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.81 [ 182.001622][ T14] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 182.010255][ T14] usb 4-1: Product: syz [ 182.022889][ T14] usb 4-1: Manufacturer: syz [ 182.028072][ T14] usb 4-1: SerialNumber: syz [ 182.061139][ T14] usb 4-1: config 0 descriptor?? [ 182.317669][ T5791] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 182.334489][ T5791] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 182.609581][ T5801] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 182.730981][ T128] usb 4-1: USB disconnect, device number 6 [ 183.314826][ T14] usb 3-1: USB disconnect, device number 7 [ 183.492528][ T5818] netlink: 'syz.3.371': attribute type 1 has an invalid length. [ 184.424095][ T5818] 8021q: adding VLAN 0 to HW filter on device bond4 [ 184.682850][ T26] audit: type=1326 audit(1773182928.309:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5822 comm="syz.0.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f6519c799 code=0x7ffc0000 [ 184.734758][ T5825] loop6: detected capacity change from 0 to 7 [ 184.765604][ T4379] Dev loop6: unable to read RDB block 7 [ 184.771187][ T4379] loop6: AHDI p2 p3 [ 184.780856][ T26] audit: type=1326 audit(1773182928.309:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5822 comm="syz.0.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f6519c799 code=0x7ffc0000 [ 184.822530][ T4379] loop6: partition table partially beyond EOD, truncated [ 184.870353][ T4379] loop6: p2 size 157513074 extends beyond EOD, truncated [ 184.883462][ T26] audit: type=1326 audit(1773182928.339:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5822 comm="syz.0.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f4f6519c799 code=0x7ffc0000 [ 184.929510][ T5825] Dev loop6: unable to read RDB block 7 [ 184.935424][ T5825] loop6: AHDI p2 p3 [ 184.940576][ T5825] loop6: partition table partially beyond EOD, truncated [ 184.969223][ T26] audit: type=1326 audit(1773182928.339:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5822 comm="syz.0.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f6519c799 code=0x7ffc0000 [ 184.999622][ T5825] loop6: p2 size 157513074 extends beyond EOD, truncated [ 185.073664][ T26] audit: type=1326 audit(1773182928.339:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5822 comm="syz.0.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f6519c799 code=0x7ffc0000 [ 185.210022][ T4379] udevd[4379]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 185.270543][ T26] audit: type=1326 audit(1773182928.339:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5822 comm="syz.0.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4f6519c799 code=0x7ffc0000 [ 185.311284][ T4379] udevd[4379]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 185.404099][ T26] audit: type=1326 audit(1773182928.339:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5822 comm="syz.0.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f6519c799 code=0x7ffc0000 [ 185.887375][ T5848] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 185.919769][ T26] audit: type=1326 audit(1773182928.339:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5822 comm="syz.0.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f6519c799 code=0x7ffc0000 [ 186.026597][ T5849] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 186.036112][ T5853] device syzkaller0 entered promiscuous mode [ 186.061514][ T26] audit: type=1326 audit(1773182928.359:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5822 comm="syz.0.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f4f6519c799 code=0x7ffc0000 [ 186.261003][ T26] audit: type=1326 audit(1773182928.359:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5822 comm="syz.0.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f6519c799 code=0x7ffc0000 [ 186.327261][ T5855] random: crng reseeded on system resumption [ 186.406531][ T5859] relay: one or more items not logged [item size (56) > sub-buffer size (3)] [ 186.641276][ T5864] netlink: 'syz.1.383': attribute type 1 has an invalid length. [ 186.778349][ T5864] 8021q: adding VLAN 0 to HW filter on device bond2 [ 187.114666][ T5873] ipt_ECN: cannot use operation on non-tcp rule [ 189.377119][ T5908] device syzkaller0 entered promiscuous mode [ 190.549083][ T5906] batman_adv: batadv0: Adding interface: macsec1 [ 190.564279][ T5906] batman_adv: batadv0: The MTU of interface macsec1 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.599990][ T5906] batman_adv: batadv0: Interface activated: macsec1 [ 191.946187][ T5931] ipt_ECN: cannot use operation on non-tcp rule [ 194.237494][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.243827][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.781068][ T5964] device syzkaller0 entered promiscuous mode [ 194.894133][ T4677] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 195.171863][ T4677] usb 4-1: Using ep0 maxpacket: 16 [ 195.217405][ T4677] usb 4-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice=38.b7 [ 195.234290][ T4677] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.248956][ T4677] usb 4-1: Product: syz [ 195.299702][ T4677] usb 4-1: Manufacturer: syz [ 195.328519][ T4677] usb 4-1: SerialNumber: syz [ 195.419504][ T4677] usb 4-1: config 0 descriptor?? [ 195.451335][ T4677] hub 4-1:0.0: bad descriptor, ignoring hub [ 195.468104][ T5973] netlink: 'syz.0.412': attribute type 1 has an invalid length. [ 195.476182][ T4677] hub: probe of 4-1:0.0 failed with error -5 [ 195.520439][ T5973] netlink: 'syz.0.412': attribute type 2 has an invalid length. [ 195.536963][ T5978] netlink: 8 bytes leftover after parsing attributes in process `syz.0.412'. [ 196.265835][ T26] kauditd_printk_skb: 43 callbacks suppressed [ 196.265848][ T26] audit: type=1326 audit(1773182939.889:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5981 comm="syz.2.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 196.323698][ T5978] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.332884][ T5978] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.375873][ T5984] loop6: detected capacity change from 0 to 7 [ 196.390697][ T26] audit: type=1326 audit(1773182939.939:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5981 comm="syz.2.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 196.434825][ T5984] Dev loop6: unable to read RDB block 7 [ 196.440496][ T5984] loop6: AHDI p2 p3 [ 196.446416][ T5984] loop6: partition table partially beyond EOD, truncated [ 196.496999][ T5984] loop6: p2 size 157513074 extends beyond EOD, [ 196.497529][ T26] audit: type=1326 audit(1773182939.939:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5981 comm="syz.2.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 196.498135][ T5984] truncated [ 196.553831][ T26] audit: type=1326 audit(1773182939.949:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5981 comm="syz.2.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 196.613384][ T26] audit: type=1326 audit(1773182939.949:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5981 comm="syz.2.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 196.654228][ T26] audit: type=1326 audit(1773182939.949:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5981 comm="syz.2.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 196.677194][ T26] audit: type=1326 audit(1773182939.949:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5981 comm="syz.2.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 196.725600][ T26] audit: type=1326 audit(1773182939.949:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5981 comm="syz.2.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 196.765411][ T26] audit: type=1326 audit(1773182939.949:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5981 comm="syz.2.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 196.796154][ T26] audit: type=1326 audit(1773182939.949:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5981 comm="syz.2.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 197.507532][ T5978] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 197.576773][ T5978] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 197.601114][ T4347] usb 4-1: USB disconnect, device number 7 [ 197.810717][ T6009] ipt_ECN: cannot use operation on non-tcp rule [ 198.019127][ T6012] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 198.052934][ T6012] random: crng reseeded on system resumption [ 198.267663][ T5978] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 198.296935][ T5978] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 198.330925][ T5978] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 198.361435][ T5978] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 198.870341][ T6022] fuse: Bad value for 'fd' [ 200.344102][ T4677] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 200.522247][ T6049] IPVS: lblc: FWM 3 0x00000003 - no destination available [ 200.564061][ T4677] usb 3-1: Using ep0 maxpacket: 16 [ 200.584428][ T4677] usb 3-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice=38.b7 [ 200.621976][ T4677] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 200.702232][ T4677] usb 3-1: Product: syz [ 200.742362][ T4677] usb 3-1: Manufacturer: syz [ 200.767287][ T6051] device syzkaller0 entered promiscuous mode [ 200.821783][ T6055] ipt_ECN: cannot use operation on non-tcp rule [ 200.829505][ T4677] usb 3-1: SerialNumber: syz [ 200.911822][ T4677] usb 3-1: config 0 descriptor?? [ 200.954736][ T4677] hub 3-1:0.0: bad descriptor, ignoring hub [ 201.017606][ T4677] hub: probe of 3-1:0.0 failed with error -5 [ 202.609505][ T6076] netlink: 'syz.1.440': attribute type 1 has an invalid length. [ 202.642009][ T6076] 8021q: adding VLAN 0 to HW filter on device bond3 [ 203.904281][ T4346] usb 3-1: USB disconnect, device number 8 [ 204.031111][ T6093] device syzkaller0 entered promiscuous mode [ 204.421572][ T6098] netlink: 'syz.4.445': attribute type 1 has an invalid length. [ 204.465356][ T6098] netlink: 'syz.4.445': attribute type 2 has an invalid length. [ 204.581333][ T6098] netlink: 8 bytes leftover after parsing attributes in process `syz.4.445'. [ 205.219635][ T26] kauditd_printk_skb: 22 callbacks suppressed [ 205.219645][ T26] audit: type=1326 audit(1773182948.849:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6107 comm="syz.2.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 205.346774][ T6110] loop6: detected capacity change from 0 to 7 [ 205.372679][ T4379] Dev loop6: unable to read RDB block 7 [ 205.384358][ T4379] loop6: AHDI p2 p3 [ 205.391109][ T26] audit: type=1326 audit(1773182948.879:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6107 comm="syz.2.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 205.394467][ T4379] loop6: partition table partially beyond EOD, [ 205.531855][ T26] audit: type=1326 audit(1773182948.879:396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6107 comm="syz.2.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 205.566383][ T4379] truncated [ 205.590233][ T4379] loop6: p2 size 157513074 extends beyond EOD, truncated [ 205.597133][ T26] audit: type=1326 audit(1773182948.889:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6107 comm="syz.2.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 205.665047][ T6110] Dev loop6: unable to read RDB block 7 [ 205.673301][ T6110] loop6: AHDI p2 p3 [ 205.677722][ T6110] loop6: partition table partially beyond EOD, truncated [ 205.695683][ T26] audit: type=1326 audit(1773182948.889:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6107 comm="syz.2.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 205.728018][ T6110] loop6: p2 size 157513074 extends beyond EOD, [ 205.730877][ T26] audit: type=1326 audit(1773182948.899:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6107 comm="syz.2.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 205.770569][ T6110] truncated [ 205.777109][ T6098] batman_adv: batadv0: Interface deactivated: macsec1 [ 205.784817][ T26] audit: type=1326 audit(1773182948.899:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6107 comm="syz.2.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 205.809765][ T26] audit: type=1326 audit(1773182948.899:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6107 comm="syz.2.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 206.004498][ T26] audit: type=1326 audit(1773182948.899:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6107 comm="syz.2.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 206.028719][ T4379] udevd[4379]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 206.110882][ T4379] udevd[4379]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 206.122276][ T26] audit: type=1326 audit(1773182948.899:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6107 comm="syz.2.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 206.451475][ T6116] netlink: 'syz.3.449': attribute type 1 has an invalid length. [ 206.560164][ T6116] netlink: 'syz.3.449': attribute type 2 has an invalid length. [ 206.603108][ T6117] netlink: 8 bytes leftover after parsing attributes in process `syz.3.449'. [ 208.347011][ T6133] netlink: 'syz.2.454': attribute type 1 has an invalid length. [ 208.637469][ T6133] netlink: 'syz.2.454': attribute type 2 has an invalid length. [ 208.708843][ T6133] netlink: 8 bytes leftover after parsing attributes in process `syz.2.454'. [ 209.057333][ T6133] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 209.101776][ T6133] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 209.151780][ T6133] 8021q: adding VLAN 0 to HW filter on device bond0 [ 209.179499][ T6133] 8021q: adding VLAN 0 to HW filter on device team0 [ 209.289615][ T6133] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 209.310938][ T6133] syz.2.454 (6133) used greatest stack depth: 20464 bytes left [ 209.337425][ T6146] netlink: 'syz.3.458': attribute type 1 has an invalid length. [ 209.364771][ T6146] 8021q: adding VLAN 0 to HW filter on device bond5 [ 210.432337][ T6163] netlink: 16 bytes leftover after parsing attributes in process `syz.1.462'. [ 210.857933][ T6168] netlink: 'syz.4.464': attribute type 1 has an invalid length. [ 210.880258][ T6168] netlink: 'syz.4.464': attribute type 2 has an invalid length. [ 210.893588][ T6168] netlink: 8 bytes leftover after parsing attributes in process `syz.4.464'. [ 210.984120][ T4677] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 211.174107][ T4677] usb 2-1: device descriptor read/64, error -71 [ 211.514651][ T4677] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 211.734620][ T4677] usb 2-1: device descriptor read/64, error -71 [ 211.864344][ T4677] usb usb2-port1: attempt power cycle [ 212.274116][ T4677] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 212.336104][ T4677] usb 2-1: device descriptor read/8, error -71 [ 212.754142][ T4677] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 212.815537][ T4677] usb 2-1: device descriptor read/8, error -71 [ 212.934256][ T4677] usb usb2-port1: unable to enumerate USB device [ 213.182879][ T6194] netlink: 8 bytes leftover after parsing attributes in process `syz.2.468'. [ 213.198331][ T6194] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 213.211680][ T6194] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 214.268923][ T26] kauditd_printk_skb: 22 callbacks suppressed [ 214.268936][ T26] audit: type=1326 audit(1773182957.899:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6203 comm="syz.4.474" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb467b9c799 code=0x0 [ 214.296812][ C0] vkms_vblank_simulate: vblank timer overrun [ 216.053158][ T6238] netlink: 'syz.0.482': attribute type 1 has an invalid length. [ 216.071279][ T6238] netlink: 'syz.0.482': attribute type 2 has an invalid length. [ 216.091072][ T6238] netlink: 8 bytes leftover after parsing attributes in process `syz.0.482'. [ 218.560259][ T6256] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 219.340654][ T6269] netlink: 14 bytes leftover after parsing attributes in process `syz.4.491'. [ 220.278330][ T6289] netlink: 'syz.3.497': attribute type 1 has an invalid length. [ 220.319410][ T6289] netlink: 'syz.3.497': attribute type 2 has an invalid length. [ 220.505880][ T6289] netlink: 8 bytes leftover after parsing attributes in process `syz.3.497'. [ 220.667977][ T6294] device syzkaller0 entered promiscuous mode [ 222.038995][ T6314] netlink: 'syz.3.502': attribute type 1 has an invalid length. [ 222.064166][ T6314] netlink: 'syz.3.502': attribute type 2 has an invalid length. [ 222.233699][ T6314] netlink: 8 bytes leftover after parsing attributes in process `syz.3.502'. [ 222.557066][ T6317] netlink: 'syz.1.503': attribute type 1 has an invalid length. [ 222.652882][ T6317] 8021q: adding VLAN 0 to HW filter on device bond4 [ 223.784060][ T4315] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 223.963388][ T6334] ipt_ECN: cannot use operation on non-tcp rule [ 223.984225][ T4315] usb 2-1: Using ep0 maxpacket: 16 [ 224.016515][ T4315] usb 2-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice=38.b7 [ 224.061263][ T4315] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 224.200360][ T4315] usb 2-1: Product: syz [ 224.221550][ T4315] usb 2-1: Manufacturer: syz [ 224.241517][ T4315] usb 2-1: SerialNumber: syz [ 224.266213][ T4315] usb 2-1: config 0 descriptor?? [ 224.290544][ T4315] hub 2-1:0.0: bad descriptor, ignoring hub [ 224.318257][ T4315] hub: probe of 2-1:0.0 failed with error -5 [ 225.053607][ T6345] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 225.598540][ T6355] netlink: 16 bytes leftover after parsing attributes in process `syz.0.511'. [ 226.009867][ T6362] netlink: 'syz.2.512': attribute type 1 has an invalid length. [ 226.039664][ T6362] netlink: 'syz.2.512': attribute type 2 has an invalid length. [ 226.139427][ T6362] netlink: 8 bytes leftover after parsing attributes in process `syz.2.512'. [ 226.174426][ T4315] usb 2-1: USB disconnect, device number 6 [ 226.898019][ T6370] netlink: 14 bytes leftover after parsing attributes in process `syz.4.514'. [ 227.487164][ T6376] device syzkaller0 entered promiscuous mode [ 227.909103][ T26] audit: type=1326 audit(1773182971.539:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6382 comm="syz.2.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 227.946250][ T6388] loop6: detected capacity change from 0 to 7 [ 227.961431][ T26] audit: type=1326 audit(1773182971.539:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6382 comm="syz.2.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 228.031956][ T6388] Dev loop6: unable to read RDB block 7 [ 228.043554][ T6388] loop6: AHDI p2 p3 [ 228.051362][ T26] audit: type=1326 audit(1773182971.539:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6382 comm="syz.2.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 228.074701][ T6388] loop6: partition table partially beyond EOD, truncated [ 228.113307][ T6388] loop6: p2 size 157513074 extends beyond EOD, truncated [ 228.139503][ T26] audit: type=1326 audit(1773182971.539:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6382 comm="syz.2.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 228.250373][ T26] audit: type=1326 audit(1773182971.559:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6382 comm="syz.2.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 228.351463][ T26] audit: type=1326 audit(1773182971.559:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6382 comm="syz.2.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 228.487982][ T26] audit: type=1326 audit(1773182971.559:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6382 comm="syz.2.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 228.579725][ T26] audit: type=1326 audit(1773182971.559:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6382 comm="syz.2.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 228.648197][ T26] audit: type=1326 audit(1773182971.559:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6382 comm="syz.2.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 228.694090][ T4346] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 228.803093][ T26] audit: type=1326 audit(1773182971.559:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6382 comm="syz.2.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 228.905633][ T4346] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 228.934702][ T4346] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 228.989646][ T4346] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 229.031143][ T4346] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 229.063580][ T4346] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 229.090727][ T4346] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 229.111577][ T4346] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 229.173044][ T4346] usb 2-1: Product: syz [ 229.200132][ T4346] usb 2-1: Manufacturer: syz [ 229.238468][ T4346] cdc_wdm 2-1:1.0: skipping garbage [ 229.260359][ T4346] cdc_wdm 2-1:1.0: skipping garbage [ 229.307068][ T4346] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 229.336188][ T4346] cdc_wdm 2-1:1.0: Unknown control protocol [ 229.639280][ T4315] usb 2-1: USB disconnect, device number 7 [ 230.029105][ T6410] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 230.339723][ T6416] device syzkaller0 entered promiscuous mode [ 230.791168][ T6427] netlink: 14 bytes leftover after parsing attributes in process `syz.1.531'. [ 230.834219][ T4315] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 231.054098][ T4315] usb 4-1: Using ep0 maxpacket: 16 [ 231.076958][ T4315] usb 4-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice=38.b7 [ 231.099716][ T4315] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 231.131690][ T4315] usb 4-1: Product: syz [ 231.144174][ T4315] usb 4-1: Manufacturer: syz [ 231.161565][ T4315] usb 4-1: SerialNumber: syz [ 231.190329][ T4315] usb 4-1: config 0 descriptor?? [ 231.227662][ T4315] hub 4-1:0.0: bad descriptor, ignoring hub [ 231.246062][ T4315] hub: probe of 4-1:0.0 failed with error -5 [ 232.304055][ T4315] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 232.514041][ T4315] usb 3-1: Using ep0 maxpacket: 32 [ 232.520746][ T4315] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 232.541763][ T4315] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 232.569971][ T4315] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 232.591765][ T4315] usb 3-1: Product: syz [ 232.703201][ T4315] usb 3-1: Manufacturer: syz [ 232.723392][ T4315] usb 3-1: SerialNumber: syz [ 232.750397][ T4315] usb 3-1: config 0 descriptor?? [ 233.964196][ T6459] 9pnet_virtio: no channels available for device syz [ 234.900165][ T6449] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 234.982381][ T6463] device syzkaller1 entered promiscuous mode [ 235.077104][ T14] usb 4-1: USB disconnect, device number 8 [ 235.094044][ T4315] usb 3-1: USB disconnect, device number 9 [ 235.273355][ T6467] relay: one or more items not logged [item size (56) > sub-buffer size (3)] [ 236.017061][ T6481] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 236.929752][ T6493] netlink: 'syz.4.550': attribute type 1 has an invalid length. [ 237.087290][ T6493] 8021q: adding VLAN 0 to HW filter on device bond1 [ 238.130949][ T6525] netlink: 8 bytes leftover after parsing attributes in process `syz.2.555'. [ 238.494058][ T4346] usb 4-1: new full-speed USB device number 9 using dummy_hcd [ 238.688769][ T4346] usb 4-1: config index 0 descriptor too short (expected 28277, got 36) [ 238.697629][ T4346] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 238.708172][ T4346] usb 4-1: config 0 has no interfaces? [ 238.713818][ T4346] usb 4-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00 [ 238.723323][ T4346] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.734959][ T4346] usb 4-1: config 0 descriptor?? [ 238.962747][ T6529] device syzkaller0 entered promiscuous mode [ 239.904700][ T6547] netlink: 'syz.4.562': attribute type 1 has an invalid length. [ 239.977031][ T6547] 8021q: adding VLAN 0 to HW filter on device bond2 [ 239.992371][ T6545] netlink: 'syz.1.561': attribute type 13 has an invalid length. [ 240.961441][ T4346] usb 4-1: USB disconnect, device number 9 [ 241.565869][ T6569] netlink: 8 bytes leftover after parsing attributes in process `syz.1.567'. [ 242.475453][ T6583] netlink: 14 bytes leftover after parsing attributes in process `syz.4.569'. [ 243.338693][ T6599] netlink: 'syz.2.575': attribute type 1 has an invalid length. [ 243.498312][ T6599] 8021q: adding VLAN 0 to HW filter on device bond1 [ 243.781121][ T6607] device syzkaller1 entered promiscuous mode [ 244.144983][ T6620] tipc: Failed to remove unknown binding: 66,1,1/0:882315107/882315109 [ 245.902182][ T6648] netlink: 'syz.3.588': attribute type 1 has an invalid length. [ 245.944686][ T6648] netlink: 'syz.3.588': attribute type 2 has an invalid length. [ 246.020196][ T6651] netlink: 14 bytes leftover after parsing attributes in process `syz.0.591'. [ 246.339660][ T6656] netlink: 'syz.4.589': attribute type 1 has an invalid length. [ 246.359238][ T6656] netlink: 'syz.4.589': attribute type 2 has an invalid length. [ 246.387788][ T6656] netlink: 8 bytes leftover after parsing attributes in process `syz.4.589'. [ 246.706277][ T6656] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 246.745877][ T6656] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 246.769710][ T6656] 8021q: adding VLAN 0 to HW filter on device bond0 [ 246.823363][ T6656] 8021q: adding VLAN 0 to HW filter on device team0 [ 246.878732][ T6656] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 246.959006][ T6656] syz.4.589 (6656) used greatest stack depth: 20208 bytes left [ 247.798513][ T26] kauditd_printk_skb: 32 callbacks suppressed [ 247.798527][ T26] audit: type=1326 audit(1773182991.429:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6670 comm="syz.1.596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 247.840017][ T6672] loop6: detected capacity change from 0 to 7 [ 247.849810][ T4379] Dev loop6: unable to read RDB block 7 [ 247.855714][ T4379] loop6: AHDI p2 p3 [ 247.864330][ T26] audit: type=1326 audit(1773182991.469:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6670 comm="syz.1.596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 247.869047][ T4379] loop6: partition table partially beyond EOD, [ 247.887821][ T26] audit: type=1326 audit(1773182991.469:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6670 comm="syz.1.596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 247.921870][ T26] audit: type=1326 audit(1773182991.469:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6670 comm="syz.1.596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 247.944783][ T26] audit: type=1326 audit(1773182991.469:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6670 comm="syz.1.596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 247.982856][ T26] audit: type=1326 audit(1773182991.469:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6670 comm="syz.1.596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 248.012629][ T4379] truncated [ 248.019647][ T4379] loop6: p2 size 157513074 extends beyond EOD, truncated [ 248.037176][ T6672] Dev loop6: unable to read RDB block 7 [ 248.046359][ T6672] loop6: AHDI p2 p3 [ 248.050288][ T6672] loop6: partition table partially beyond EOD, truncated [ 248.058282][ T26] audit: type=1326 audit(1773182991.469:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6670 comm="syz.1.596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 248.089209][ T26] audit: type=1326 audit(1773182991.469:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6670 comm="syz.1.596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 248.112841][ T26] audit: type=1326 audit(1773182991.469:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6670 comm="syz.1.596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 248.119462][ T6672] loop6: p2 size 157513074 extends beyond EOD, truncated [ 248.135733][ T26] audit: type=1326 audit(1773182991.469:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6670 comm="syz.1.596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 248.386325][ T4379] udevd[4379]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 248.446801][ T6680] netlink: 'syz.3.599': attribute type 1 has an invalid length. [ 248.460438][ T6680] netlink: 'syz.3.599': attribute type 2 has an invalid length. [ 248.472998][ T6680] netlink: 8 bytes leftover after parsing attributes in process `syz.3.599'. [ 248.551514][ T4379] udevd[4379]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 248.571594][ T6682] device syzkaller0 entered promiscuous mode [ 250.363159][ T6718] netlink: 'syz.4.609': attribute type 1 has an invalid length. [ 250.469746][ T6720] netlink: 8 bytes leftover after parsing attributes in process `syz.4.609'. [ 250.627952][ T6718] netlink: 'syz.4.609': attribute type 2 has an invalid length. [ 251.581404][ T6720] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 251.656280][ T6720] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 251.966913][ T6735] device syzkaller0 entered promiscuous mode [ 252.572464][ T6743] ipt_ECN: cannot use operation on non-tcp rule [ 252.693756][ T6739] relay: one or more items not logged [item size (56) > sub-buffer size (3)] [ 253.790179][ T6764] device syzkaller1 entered promiscuous mode [ 255.675571][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.681996][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.720086][ T6803] netlink: 36 bytes leftover after parsing attributes in process `syz.0.633'. [ 256.781484][ T6821] device syzkaller0 entered promiscuous mode [ 260.267587][ T6856] IPVS: lblc: FWM 3 0x00000003 - no destination available [ 260.637372][ T6859] device syzkaller0 entered promiscuous mode [ 261.176183][ T6867] netlink: 'syz.1.651': attribute type 1 has an invalid length. [ 261.194078][ T6867] netlink: 'syz.1.651': attribute type 2 has an invalid length. [ 261.206282][ T6867] netlink: 8 bytes leftover after parsing attributes in process `syz.1.651'. [ 261.639812][ T6867] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 261.728646][ T6867] 8021q: adding VLAN 0 to HW filter on device bond0 [ 261.801190][ T6867] 8021q: adding VLAN 0 to HW filter on device team0 [ 261.827948][ T6867] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 262.255078][ T6884] netlink: 8 bytes leftover after parsing attributes in process `syz.0.655'. [ 262.279978][ T6884] netlink: 8 bytes leftover after parsing attributes in process `syz.0.655'. [ 262.493196][ T6886] ipt_ECN: cannot use operation on non-tcp rule [ 264.634130][ T4677] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 264.824045][ T4677] usb 3-1: Using ep0 maxpacket: 16 [ 264.850407][ T4677] usb 3-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice=38.b7 [ 265.097800][ T4677] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 265.122721][ T4677] usb 3-1: Product: syz [ 265.184894][ T4677] usb 3-1: Manufacturer: syz [ 265.204154][ T4677] usb 3-1: SerialNumber: syz [ 265.211222][ T4677] usb 3-1: config 0 descriptor?? [ 265.252044][ T4677] hub 3-1:0.0: bad descriptor, ignoring hub [ 265.268044][ T4677] hub: probe of 3-1:0.0 failed with error -5 [ 267.187264][ T6954] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 267.354296][ T4677] usb 3-1: USB disconnect, device number 10 [ 267.774585][ T26] kauditd_printk_skb: 26 callbacks suppressed [ 267.774600][ T26] audit: type=1326 audit(1773183011.409:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6963 comm="syz.1.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 267.814914][ T6965] loop6: detected capacity change from 0 to 7 [ 267.836000][ T4379] Dev loop6: unable to read RDB block 7 [ 267.849559][ T4379] loop6: AHDI p2 p3 [ 267.853764][ T4379] loop6: partition table partially beyond EOD, truncated [ 267.863571][ T26] audit: type=1326 audit(1773183011.409:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6963 comm="syz.1.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 268.024038][ T26] audit: type=1326 audit(1773183011.409:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6963 comm="syz.1.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 268.046398][ T26] audit: type=1326 audit(1773183011.409:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6963 comm="syz.1.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 268.068967][ T26] audit: type=1326 audit(1773183011.409:509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6963 comm="syz.1.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 268.091903][ T4379] loop6: p2 size 157513074 extends beyond EOD, truncated [ 268.118246][ T6965] Dev loop6: unable to read RDB block 7 [ 268.124132][ T6965] loop6: AHDI p2 p3 [ 268.129585][ T6965] loop6: partition table partially beyond EOD, truncated [ 268.153738][ T26] audit: type=1326 audit(1773183011.409:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6963 comm="syz.1.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 268.193266][ T6965] loop6: p2 size 157513074 extends beyond EOD, truncated [ 268.412465][ T26] audit: type=1326 audit(1773183011.409:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6963 comm="syz.1.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 268.629347][ T26] audit: type=1326 audit(1773183011.409:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6963 comm="syz.1.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 268.744781][ T4379] udevd[4379]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 268.780304][ T26] audit: type=1326 audit(1773183011.409:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6963 comm="syz.1.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 268.935062][ T26] audit: type=1326 audit(1773183011.409:514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6963 comm="syz.1.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fca7a19c799 code=0x7ffc0000 [ 269.736662][ T6995] mmap: syz.3.684 (6995) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 270.002486][ T6998] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 270.294412][ T4677] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 270.404980][ T7009] relay: one or more items not logged [item size (56) > sub-buffer size (3)] [ 270.464066][ T4677] usb 4-1: device descriptor read/64, error -71 [ 270.734008][ T4677] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 270.914106][ T4677] usb 4-1: device descriptor read/64, error -71 [ 270.966940][ T7015] loop2: detected capacity change from 0 to 7 [ 270.979321][ T4379] Dev loop2: unable to read RDB block 7 [ 270.985581][ T4379] loop2: AHDI p2 p3 [ 270.989710][ T4379] loop2: partition table partially beyond EOD, truncated [ 271.054201][ T4677] usb usb4-port1: attempt power cycle [ 271.319415][ T7015] Dev loop2: unable to read RDB block 7 [ 271.397442][ T7015] loop2: AHDI p2 p3 [ 271.401712][ T7015] loop2: partition table partially beyond EOD, truncated [ 271.446606][ T7021] device syzkaller0 entered promiscuous mode [ 271.477979][ T4677] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 271.527050][ T4677] usb 4-1: device descriptor read/8, error -71 [ 271.565436][ T7026] netlink: 'syz.4.690': attribute type 13 has an invalid length. [ 271.677364][ T3639] Dev loop2: unable to read RDB block 7 [ 271.682949][ T3639] loop2: AHDI p2 p3 [ 271.691983][ T3639] loop2: partition table partially beyond EOD, truncated [ 271.699826][ T7026] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 271.804091][ T4677] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 271.844777][ T4677] usb 4-1: device descriptor read/8, error -71 [ 271.964283][ T4677] usb usb4-port1: unable to enumerate USB device [ 272.073532][ T7032] device syzkaller1 entered promiscuous mode [ 272.948384][ T7046] netlink: 'syz.1.696': attribute type 1 has an invalid length. [ 272.973061][ T7046] netlink: 'syz.1.696': attribute type 2 has an invalid length. [ 273.015489][ T7046] netlink: 8 bytes leftover after parsing attributes in process `syz.1.696'. [ 273.238118][ T7046] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 273.363582][ T7046] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 274.967762][ T7072] device syzkaller0 entered promiscuous mode [ 275.437906][ T7076] device syzkaller1 entered promiscuous mode [ 275.551626][ T7088] loop2: detected capacity change from 0 to 7 [ 275.630545][ T4379] Dev loop2: unable to read RDB block 7 [ 275.644035][ T4379] loop2: AHDI p2 p3 [ 275.658749][ T4379] loop2: partition table partially beyond EOD, truncated [ 275.763747][ T7091] device syzkaller0 entered promiscuous mode [ 275.895729][ T7088] Dev loop2: unable to read RDB block 7 [ 276.230917][ T7088] loop2: AHDI p2 p3 [ 276.289956][ T7088] loop2: partition table partially beyond EOD, truncated [ 277.718307][ T7114] netlink: 16 bytes leftover after parsing attributes in process `syz.0.715'. [ 277.913001][ T7116] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 278.338674][ T7126] device syzkaller1 entered promiscuous mode [ 280.040031][ T7131] netlink: 'syz.1.721': attribute type 1 has an invalid length. [ 280.047785][ T7131] netlink: 'syz.1.721': attribute type 2 has an invalid length. [ 280.057294][ T7131] netlink: 8 bytes leftover after parsing attributes in process `syz.1.721'. [ 280.557472][ T26] kauditd_printk_skb: 28 callbacks suppressed [ 280.557487][ T26] audit: type=1326 audit(1773183024.189:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7141 comm="syz.2.724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 280.722313][ T26] audit: type=1326 audit(1773183024.189:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7141 comm="syz.2.724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 280.753347][ T7145] loop6: detected capacity change from 0 to 7 [ 280.759773][ T26] audit: type=1326 audit(1773183024.239:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7141 comm="syz.2.724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 280.794499][ T4379] Dev loop6: unable to read RDB block 7 [ 280.803352][ T4379] loop6: AHDI p2 p3 [ 280.833690][ T7148] lo: Caught tx_queue_len zero misconfig [ 280.839721][ T26] audit: type=1326 audit(1773183024.239:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7141 comm="syz.2.724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 280.877001][ T4379] loop6: partition table partially beyond EOD, truncated [ 280.913476][ T26] audit: type=1326 audit(1773183024.239:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7141 comm="syz.2.724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 280.935654][ C1] vkms_vblank_simulate: vblank timer overrun [ 280.961203][ T4379] loop6: p2 size 157513074 extends beyond EOD, truncated [ 281.002371][ T26] audit: type=1326 audit(1773183024.239:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7141 comm="syz.2.724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 281.027577][ T7145] Dev loop6: unable to read RDB block 7 [ 281.041163][ T7145] loop6: AHDI p2 p3 [ 281.047207][ T7145] loop6: partition table partially beyond EOD, truncated [ 281.060578][ T7156] loop2: detected capacity change from 0 to 7 [ 281.079332][ T7145] loop6: p2 size 157513074 extends beyond EOD, truncated [ 281.080522][ T4955] Dev loop2: unable to read RDB block 7 [ 281.132771][ T4955] loop2: AHDI p2 p3 [ 281.153094][ T26] audit: type=1326 audit(1773183024.239:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7141 comm="syz.2.724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 281.156368][ T4955] loop2: partition table partially beyond EOD, truncated [ 281.292710][ T4379] udevd[4379]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 281.321228][ T26] audit: type=1326 audit(1773183024.239:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7141 comm="syz.2.724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 281.363821][ T4379] udevd[4379]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 281.385959][ T26] audit: type=1326 audit(1773183024.259:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7141 comm="syz.2.724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 281.408682][ T7156] Dev loop2: unable to read RDB block 7 [ 281.422927][ T7156] loop2: AHDI p2 p3 [ 281.433047][ T7156] loop2: partition table partially beyond EOD, truncated [ 281.468608][ T26] audit: type=1326 audit(1773183024.259:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7141 comm="syz.2.724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 281.768230][ T7161] netlink: 16 bytes leftover after parsing attributes in process `syz.2.728'. [ 282.351647][ T7167] netlink: 14 bytes leftover after parsing attributes in process `syz.1.732'. [ 282.384146][ T14] usb 3-1: new full-speed USB device number 11 using dummy_hcd [ 282.435294][ T4315] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 282.657129][ T128] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 282.668259][ T14] usb 3-1: too many configurations: 109, using maximum allowed: 8 [ 282.690798][ T14] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 282.698711][ T4315] usb 4-1: Using ep0 maxpacket: 32 [ 282.708351][ T4315] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 282.721897][ T14] usb 3-1: can't read configurations, error -61 [ 282.737096][ T4315] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 282.750024][ T4315] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 282.759700][ T4315] usb 4-1: Product: syz [ 282.766612][ T4315] usb 4-1: Manufacturer: syz [ 282.771505][ T4315] usb 4-1: SerialNumber: syz [ 282.782194][ T4315] usb 4-1: config 0 descriptor?? [ 282.791532][ T7164] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 282.854604][ T128] usb 5-1: Using ep0 maxpacket: 16 [ 282.880151][ T128] usb 5-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice=38.b7 [ 282.894819][ T14] usb 3-1: new full-speed USB device number 12 using dummy_hcd [ 282.908682][ T128] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 282.909382][ T7183] netlink: 'syz.0.736': attribute type 1 has an invalid length. [ 282.941892][ T128] usb 5-1: Product: syz [ 282.949023][ T128] usb 5-1: Manufacturer: syz [ 282.953778][ T128] usb 5-1: SerialNumber: syz [ 282.974713][ T128] usb 5-1: config 0 descriptor?? [ 282.997309][ T128] hub 5-1:0.0: bad descriptor, ignoring hub [ 283.055396][ T7183] netlink: 'syz.0.736': attribute type 2 has an invalid length. [ 283.067888][ T7184] netlink: 8 bytes leftover after parsing attributes in process `syz.0.736'. [ 283.114652][ T14] usb 3-1: too many configurations: 109, using maximum allowed: 8 [ 283.130878][ T128] hub: probe of 5-1:0.0 failed with error -5 [ 283.140468][ T14] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 283.160496][ T14] usb 3-1: can't read configurations, error -61 [ 283.177305][ T14] usb usb3-port1: attempt power cycle [ 283.614039][ T14] usb 3-1: new full-speed USB device number 13 using dummy_hcd [ 283.657886][ T14] usb 3-1: too many configurations: 109, using maximum allowed: 8 [ 283.683883][ T14] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 283.702095][ T14] usb 3-1: can't read configurations, error -61 [ 283.874165][ T14] usb 3-1: new full-speed USB device number 14 using dummy_hcd [ 283.988127][ T14] usb 3-1: too many configurations: 109, using maximum allowed: 8 [ 284.110401][ T14] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 284.123469][ T14] usb 3-1: can't read configurations, error -61 [ 284.149224][ T14] usb usb3-port1: unable to enumerate USB device [ 285.140705][ T14] usb 4-1: USB disconnect, device number 14 [ 285.344343][ T4677] usb 5-1: USB disconnect, device number 6 [ 285.622543][ T7198] loop2: detected capacity change from 0 to 7 [ 285.633660][ T4379] Dev loop2: unable to read RDB block 7 [ 285.639723][ T4379] loop2: AHDI p2 p3 [ 285.654695][ T4379] loop2: partition table partially beyond EOD, truncated [ 285.692077][ T7198] Dev loop2: unable to read RDB block 7 [ 285.729366][ T7198] loop2: AHDI p2 p3 [ 285.739510][ T7198] loop2: partition table partially beyond EOD, truncated [ 285.855568][ T7205] netlink: 16 bytes leftover after parsing attributes in process `syz.4.742'. [ 286.144139][ T14] usb 5-1: new full-speed USB device number 7 using dummy_hcd [ 286.359151][ T14] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 286.424439][ T14] usb 5-1: can't read configurations, error -61 [ 286.605172][ T14] usb 5-1: new full-speed USB device number 8 using dummy_hcd [ 286.821689][ T14] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 286.844707][ T14] usb 5-1: can't read configurations, error -61 [ 286.852364][ T14] usb usb5-port1: attempt power cycle [ 286.897832][ T7221] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 287.004128][ T4677] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 287.037274][ T7224] netlink: 14 bytes leftover after parsing attributes in process `syz.2.749'. [ 287.225404][ T4677] usb 2-1: Using ep0 maxpacket: 32 [ 287.233829][ T4677] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 287.264205][ T14] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 287.293077][ T4677] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 287.324346][ T14] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 287.337235][ T4677] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 287.351208][ T14] usb 5-1: can't read configurations, error -61 [ 287.370231][ T4677] usb 2-1: Product: syz [ 287.392729][ T4677] usb 2-1: Manufacturer: syz [ 287.424211][ T4677] usb 2-1: SerialNumber: syz [ 287.448717][ T4677] usb 2-1: config 0 descriptor?? [ 287.463115][ T7217] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 287.489448][ T7237] netlink: 16 bytes leftover after parsing attributes in process `syz.0.751'. [ 287.514442][ T14] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 287.580492][ T14] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 287.598434][ T14] usb 5-1: can't read configurations, error -61 [ 287.612714][ T14] usb usb5-port1: unable to enumerate USB device [ 287.994292][ T14] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 288.194168][ T14] usb 4-1: Using ep0 maxpacket: 16 [ 288.208511][ T14] usb 4-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice=38.b7 [ 288.253242][ T14] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 288.300839][ T14] usb 4-1: Product: syz [ 288.325800][ T14] usb 4-1: Manufacturer: syz [ 288.352233][ T14] usb 4-1: SerialNumber: syz [ 288.387673][ T14] usb 4-1: config 0 descriptor?? [ 288.418216][ T14] hub 4-1:0.0: bad descriptor, ignoring hub [ 288.441289][ T14] hub: probe of 4-1:0.0 failed with error -5 [ 289.682831][ T4677] usb 2-1: USB disconnect, device number 8 [ 290.692504][ T4346] usb 4-1: USB disconnect, device number 15 [ 292.617591][ T7284] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 292.847032][ T7294] netlink: 16 bytes leftover after parsing attributes in process `syz.1.764'. [ 293.224239][ T4346] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 293.532700][ T4346] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 293.548400][ T4346] usb 2-1: can't read configurations, error -61 [ 293.724288][ T4346] usb 2-1: new full-speed USB device number 10 using dummy_hcd [ 293.950783][ T4346] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 293.970951][ T4346] usb 2-1: can't read configurations, error -61 [ 294.023741][ T4346] usb usb2-port1: attempt power cycle [ 294.474158][ T4346] usb 2-1: new full-speed USB device number 11 using dummy_hcd [ 294.527978][ T4346] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 294.563746][ T4346] usb 2-1: can't read configurations, error -61 [ 294.634119][ T4677] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 294.742193][ T7316] netlink: 16 bytes leftover after parsing attributes in process `syz.4.769'. [ 294.754146][ T4346] usb 2-1: new full-speed USB device number 12 using dummy_hcd [ 294.811006][ T4346] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 294.824044][ T4677] usb 4-1: Using ep0 maxpacket: 16 [ 294.840769][ T4677] usb 4-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice=38.b7 [ 294.884886][ T4346] usb 2-1: can't read configurations, error -61 [ 294.909935][ T7320] ipt_ECN: cannot use operation on non-tcp rule [ 294.929586][ T4346] usb usb2-port1: unable to enumerate USB device [ 294.941784][ T4677] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 294.970181][ T7315] relay: one or more items not logged [item size (56) > sub-buffer size (3)] [ 294.979631][ T4677] usb 4-1: Product: syz [ 295.000109][ T4677] usb 4-1: Manufacturer: syz [ 295.017043][ T4677] usb 4-1: SerialNumber: syz [ 295.042820][ T4677] usb 4-1: config 0 descriptor?? [ 295.093214][ T4677] hub 4-1:0.0: bad descriptor, ignoring hub [ 295.114296][ T4677] hub: probe of 4-1:0.0 failed with error -5 [ 295.204077][ T14] usb 5-1: new full-speed USB device number 11 using dummy_hcd [ 295.430349][ T14] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 295.446123][ T14] usb 5-1: can't read configurations, error -61 [ 295.624244][ T14] usb 5-1: new full-speed USB device number 12 using dummy_hcd [ 295.839674][ T14] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 295.852213][ T14] usb 5-1: can't read configurations, error -61 [ 295.889509][ T14] usb usb5-port1: attempt power cycle [ 296.336149][ T14] usb 5-1: new full-speed USB device number 13 using dummy_hcd [ 296.409453][ T14] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 296.427632][ T14] usb 5-1: can't read configurations, error -61 [ 296.666746][ T14] usb 5-1: new full-speed USB device number 14 using dummy_hcd [ 296.809234][ T14] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 296.884280][ T14] usb 5-1: can't read configurations, error -61 [ 296.903147][ T14] usb usb5-port1: unable to enumerate USB device [ 297.324296][ T14] usb 4-1: USB disconnect, device number 16 [ 298.514196][ T7351] netlink: 'syz.3.778': attribute type 1 has an invalid length. [ 298.537556][ T7351] netlink: 'syz.3.778': attribute type 2 has an invalid length. [ 298.584423][ T7351] netlink: 8 bytes leftover after parsing attributes in process `syz.3.778'. [ 300.160465][ T7374] device syzkaller0 entered promiscuous mode [ 300.513226][ T7376] netlink: 'syz.3.785': attribute type 1 has an invalid length. [ 300.520934][ T7376] netlink: 'syz.3.785': attribute type 2 has an invalid length. [ 300.534116][ T7376] netlink: 8 bytes leftover after parsing attributes in process `syz.3.785'. [ 300.555188][ T7376] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 300.562457][ T7376] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 300.570581][ T7376] 8021q: adding VLAN 0 to HW filter on device bond0 [ 300.578851][ T7376] 8021q: adding VLAN 0 to HW filter on device team0 [ 300.592139][ T14] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 300.604276][ T7376] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 300.822082][ T14] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 300.871955][ T14] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 300.925246][ T14] usb 5-1: Product: syz [ 300.929466][ T14] usb 5-1: Manufacturer: syz [ 300.966048][ T14] usb 5-1: SerialNumber: syz [ 301.086453][ T7381] tipc: Started in network mode [ 301.122246][ T7381] tipc: Node identity de368968e58b, cluster identity 4711 [ 301.152705][ T7381] tipc: Enabled bearer , priority 0 [ 301.192558][ T14] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 301.217171][ T7382] device syzkaller0 entered promiscuous mode [ 301.237291][ T14] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 301.267232][ T14] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 301.314204][ T14] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 301.377411][ T14] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 301.431545][ T14] lan78xx: probe of 5-1:1.0 failed with error -71 [ 301.485199][ T14] usb 5-1: USB disconnect, device number 15 [ 301.962489][ T7396] netlink: 16 bytes leftover after parsing attributes in process `syz.3.793'. [ 302.129127][ T7398] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 302.306451][ T4346] usb 4-1: new full-speed USB device number 17 using dummy_hcd [ 302.538483][ T4346] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 302.556381][ T4346] usb 4-1: can't read configurations, error -61 [ 302.737024][ T4346] usb 4-1: new full-speed USB device number 18 using dummy_hcd [ 302.939866][ T4346] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 302.953001][ T4346] usb 4-1: can't read configurations, error -61 [ 302.991588][ T7404] tipc: Failed to remove unknown binding: 66,1,1/0:2162469670/2162469672 [ 303.005033][ T4346] usb usb4-port1: attempt power cycle [ 303.474151][ T4346] usb 4-1: new full-speed USB device number 19 using dummy_hcd [ 303.537325][ T4346] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 303.554311][ T4346] usb 4-1: can't read configurations, error -61 [ 303.734238][ T4346] usb 4-1: new full-speed USB device number 20 using dummy_hcd [ 303.913613][ T4346] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 303.924294][ T4346] usb 4-1: can't read configurations, error -61 [ 303.956333][ T4346] usb usb4-port1: unable to enumerate USB device [ 304.482715][ T7408] netlink: 'syz.2.795': attribute type 1 has an invalid length. [ 304.512200][ T7408] netlink: 'syz.2.795': attribute type 2 has an invalid length. [ 305.667817][ T7382] tipc: Resetting bearer [ 305.677602][ T7380] tipc: Resetting bearer [ 305.706606][ T7380] tipc: Disabling bearer [ 305.727746][ T4347] tipc: Node number set to 1002277224 [ 305.736300][ T7408] netlink: 8 bytes leftover after parsing attributes in process `syz.2.795'. [ 306.135807][ T7423] trusted_key: encrypted_key: key user:syz not found [ 306.277156][ T7430] device syzkaller0 entered promiscuous mode [ 308.004154][ T4346] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 308.235735][ T4346] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 308.254125][ T4346] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 308.274197][ T4346] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 308.299547][ T4346] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 308.351391][ T4346] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 308.382122][ T4346] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 308.417041][ T7464] netlink: 'syz.1.811': attribute type 1 has an invalid length. [ 308.424865][ T4346] usb 4-1: Manufacturer: syz [ 308.431026][ T4346] usb 4-1: config 0 descriptor?? [ 308.439317][ T7464] netlink: 'syz.1.811': attribute type 2 has an invalid length. [ 308.543602][ T7465] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 308.618792][ T7464] netlink: 8 bytes leftover after parsing attributes in process `syz.1.811'. [ 308.842360][ T4346] appleir 0003:05AC:8243.0002: unknown main item tag 0x0 [ 308.864755][ T4346] appleir 0003:05AC:8243.0002: No inputs registered, leaving [ 309.004662][ T4346] appleir 0003:05AC:8243.0002: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 309.119668][ T14] usb 4-1: USB disconnect, device number 21 [ 309.203463][ T7470] fido_id[7470]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory [ 309.380862][ T7471] netlink: 14 bytes leftover after parsing attributes in process `syz.4.812'. [ 310.742608][ T7504] device ip6gre1 entered promiscuous mode [ 310.978988][ T7505] netlink: 16 bytes leftover after parsing attributes in process `syz.0.820'. [ 311.852037][ T7517] rtc_cmos 00:00: Alarms can be up to one day in the future [ 311.893330][ T7520] loop6: detected capacity change from 0 to 7 [ 311.894605][ T4379] Dev loop6: unable to read RDB block 7 [ 311.894623][ T4379] loop6: AHDI p2 p3 [ 311.894637][ T4379] loop6: partition table partially beyond EOD, truncated [ 311.894865][ T4379] loop6: p2 size 157513074 extends beyond EOD, truncated [ 311.908490][ T7520] Dev loop6: unable to read RDB block 7 [ 311.908509][ T7520] loop6: AHDI p2 p3 [ 311.908521][ T7520] loop6: partition table partially beyond EOD, truncated [ 311.911500][ T7520] loop6: p2 size 157513074 extends beyond EOD, truncated [ 312.303626][ T4677] rtc_cmos 00:00: Alarms can be up to one day in the future [ 312.303860][ T4677] rtc_cmos 00:00: Alarms can be up to one day in the future [ 312.304112][ T4677] rtc_cmos 00:00: Alarms can be up to one day in the future [ 312.304291][ T4677] rtc_cmos 00:00: Alarms can be up to one day in the future [ 312.304301][ T4677] rtc rtc0: __rtc_set_alarm: err=-22 [ 312.739667][ T7524] netlink: 'syz.0.825': attribute type 1 has an invalid length. [ 312.740432][ T7524] netlink: 'syz.0.825': attribute type 2 has an invalid length. [ 312.744844][ T7524] netlink: 8 bytes leftover after parsing attributes in process `syz.0.825'. [ 313.198419][ T7531] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 313.366433][ T7534] netlink: 14 bytes leftover after parsing attributes in process `syz.2.828'. [ 313.528902][ T7537] netlink: 20 bytes leftover after parsing attributes in process `syz.4.829'. [ 313.909356][ T7540] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 316.857188][ T7586] relay: one or more items not logged [item size (56) > sub-buffer size (3)] [ 317.010991][ T7592] ALSA: mixer_oss: invalid OSS volume '' [ 317.068123][ T7594] netlink: 'syz.0.843': attribute type 10 has an invalid length. [ 317.089345][ T7594] device wlan1 entered promiscuous mode [ 317.103134][ T7594] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 317.115713][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.122081][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.543142][ T7597] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 317.962310][ T7604] netlink: 'syz.0.846': attribute type 1 has an invalid length. [ 317.990446][ T7604] netlink: 'syz.0.846': attribute type 2 has an invalid length. [ 318.031139][ T7604] netlink: 8 bytes leftover after parsing attributes in process `syz.0.846'. [ 318.190497][ T7604] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 318.198325][ T7604] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 318.218755][ T7604] 8021q: adding VLAN 0 to HW filter on device bond0 [ 318.293887][ T7604] 8021q: adding VLAN 0 to HW filter on device team0 [ 318.335607][ T7604] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 318.352853][ T7606] device syzkaller1 entered promiscuous mode [ 318.645794][ T7625] netlink: 20 bytes leftover after parsing attributes in process `syz.1.852'. [ 318.674167][ T7625] tipc: Invalid UDP bearer configuration [ 318.674215][ T7625] tipc: Enabling of bearer rejected, failed to enable media [ 318.855408][ T7632] loop2: detected capacity change from 0 to 7 [ 318.862881][ T4379] Dev loop2: unable to read RDB block 7 [ 318.871351][ T4379] loop2: AHDI p2 p3 [ 318.875862][ T4379] loop2: partition table partially beyond EOD, truncated [ 318.896648][ T7632] Dev loop2: unable to read RDB block 7 [ 318.917908][ T7632] loop2: AHDI p2 p3 [ 318.923023][ T7632] loop2: partition table partially beyond EOD, truncated [ 319.105712][ T26] kauditd_printk_skb: 34 callbacks suppressed [ 319.105726][ T26] audit: type=1326 audit(1773183062.739:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7622 comm="syz.4.851" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb467b9c799 code=0x0 [ 319.965121][ T7657] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 320.774665][ T7668] device syzkaller1 entered promiscuous mode [ 320.831919][ T7664] relay: one or more items not logged [item size (56) > sub-buffer size (3)] [ 321.412790][ T7680] netlink: 'syz.4.865': attribute type 1 has an invalid length. [ 321.428828][ T7682] ipt_ECN: cannot use operation on non-tcp rule [ 321.447599][ T7680] netlink: 'syz.4.865': attribute type 2 has an invalid length. [ 321.480239][ T7680] netlink: 8 bytes leftover after parsing attributes in process `syz.4.865'. [ 321.528211][ T7680] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 321.643246][ T7680] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 322.582710][ T26] audit: type=1326 audit(1773183066.209:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7697 comm="syz.0.872" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4f6519c799 code=0x0 [ 322.821413][ T7715] device ip6gre2 entered promiscuous mode [ 324.469646][ T7754] relay: one or more items not logged [item size (56) > sub-buffer size (3)] [ 324.674503][ T7769] loop2: detected capacity change from 0 to 7 [ 324.701767][ T4379] Dev loop2: unable to read RDB block 7 [ 324.712932][ T4379] loop2: AHDI p2 p3 [ 324.735142][ T4379] loop2: partition table partially beyond EOD, truncated [ 324.838363][ T7772] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 324.883471][ T7769] Dev loop2: unable to read RDB block 7 [ 324.930112][ T7769] loop2: AHDI p2 p3 [ 324.937251][ T7769] loop2: partition table partially beyond EOD, truncated [ 325.387579][ T3639] Dev loop2: unable to read RDB block 7 [ 325.393172][ T3639] loop2: AHDI p2 p3 [ 325.414376][ T3639] loop2: partition table partially beyond EOD, truncated [ 327.134888][ T7800] ucma_write: process 629 (syz.4.896) changed security contexts after opening file descriptor, this is not allowed. [ 327.479816][ T7824] loop6: detected capacity change from 0 to 7 [ 327.498465][ T4379] Dev loop6: unable to read RDB block 7 [ 327.505634][ T4379] loop6: AHDI p2 p3 [ 327.513114][ T4379] loop6: partition table partially beyond EOD, truncated [ 327.528030][ T4379] loop6: p2 size 157513074 extends beyond EOD, truncated [ 327.542556][ T7824] Dev loop6: unable to read RDB block 7 [ 327.553830][ T7824] loop6: AHDI p2 p3 [ 327.558255][ T7824] loop6: partition table partially beyond EOD, truncated [ 327.566663][ T7825] relay: one or more items not logged [item size (56) > sub-buffer size (3)] [ 327.585225][ T7824] loop6: p2 size 157513074 extends beyond EOD, truncated [ 329.582472][ T7849] netlink: 'syz.2.907': attribute type 1 has an invalid length. [ 329.624415][ T7849] netlink: 'syz.2.907': attribute type 2 has an invalid length. [ 329.633394][ T7849] netlink: 8 bytes leftover after parsing attributes in process `syz.2.907'. [ 329.744365][ T7849] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 329.751872][ T7849] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 329.769403][ T7849] 8021q: adding VLAN 0 to HW filter on device bond0 [ 329.788576][ T7849] 8021q: adding VLAN 0 to HW filter on device team0 [ 329.805593][ T7849] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 330.533984][ T14] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 330.725711][ T14] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 14385, setting to 1024 [ 330.781042][ T14] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 330.824089][ T14] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 330.843367][ T14] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 330.869743][ T14] usb 4-1: config 0 descriptor?? [ 330.897150][ T7863] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 344.545387][ T14] ath6kl: Failed to submit usb control message: -71 [ 344.574512][ T14] ath6kl: unable to send the bmi data to the device: -71 [ 344.581612][ T14] ath6kl: Unable to send get target info: -71 [ 344.600295][ T14] ath6kl: Failed to init ath6kl core: -71 [ 344.684874][ T14] ath6kl_usb: probe of 4-1:0.0 failed with error -71 [ 345.054173][ T14] usb 4-1: USB disconnect, device number 22 [ 345.345673][ T7929] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 345.381093][ T7929] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 345.433510][ T7929] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 345.473242][ T7934] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 345.509073][ T7934] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 345.545476][ T7934] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 345.564118][ T7934] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 345.591047][ T7934] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 345.614079][ T7934] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 345.644594][ T7934] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 347.197338][ T7965] kAFS: unable to lookup cell '(,c¾Ì' [ 349.053301][ T7987] relay: one or more items not logged [item size (56) > sub-buffer size (3)] [ 349.590465][ T7992] netlink: 8 bytes leftover after parsing attributes in process `syz.3.940'. [ 350.579895][ T8002] trusted_key: encrypted_key: key user:syz not found [ 351.127625][ T26] audit: type=1326 audit(1773183094.759:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.2.943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 351.165891][ T8006] loop6: detected capacity change from 0 to 7 [ 351.212850][ T26] audit: type=1326 audit(1773183094.759:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.2.943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 351.212973][ T4379] Dev loop6: unable to read RDB block 7 [ 351.245220][ T26] audit: type=1326 audit(1773183094.799:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.2.943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 351.270055][ T26] audit: type=1326 audit(1773183094.799:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.2.943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 351.297978][ T26] audit: type=1326 audit(1773183094.799:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.2.943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 351.324443][ T26] audit: type=1326 audit(1773183094.799:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.2.943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 351.347870][ T26] audit: type=1326 audit(1773183094.799:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.2.943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 351.382667][ T4379] loop6: AHDI p2 p3 [ 351.402111][ T4379] loop6: partition table partially beyond EOD, truncated [ 351.440847][ T26] audit: type=1326 audit(1773183094.799:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.2.943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 351.469455][ T4379] loop6: p2 size 157513074 extends beyond EOD, truncated [ 351.503214][ T26] audit: type=1326 audit(1773183094.799:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.2.943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 351.581318][ T8006] Dev loop6: unable to read RDB block 7 [ 351.594283][ T8006] loop6: AHDI p2 p3 [ 351.598776][ T26] audit: type=1326 audit(1773183094.799:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.2.943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc101b9c799 code=0x7ffc0000 [ 351.624105][ T8006] loop6: partition table partially beyond EOD, truncated [ 351.694096][ T8006] loop6: p2 size 157513074 extends beyond EOD, truncated [ 352.196414][ T4379] udevd[4379]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 352.229284][ T8020] netlink: 'syz.1.947': attribute type 1 has an invalid length. [ 352.238588][ T8020] netlink: 'syz.1.947': attribute type 2 has an invalid length. [ 352.256304][ T8020] netlink: 8 bytes leftover after parsing attributes in process `syz.1.947'. [ 352.285959][ T8022] net_ratelimit: 8 callbacks suppressed [ 352.285970][ T8022] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 352.849875][ T8020] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 352.987151][ T8020] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 353.084795][ T8020] 8021q: adding VLAN 0 to HW filter on device bond0 [ 353.118146][ T8020] 8021q: adding VLAN 0 to HW filter on device team0 [ 353.150194][ T8020] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 353.182354][ T8020] syz.1.947 (8020) used greatest stack depth: 19664 bytes left [ 354.057543][ T8046] device syzkaller1 entered promiscuous mode [ 354.358786][ T8044] relay: one or more items not logged [item size (56) > sub-buffer size (3)] [ 354.489010][ T8053] netlink: 8 bytes leftover after parsing attributes in process `syz.1.955'. [ 355.264160][ T14] usb 3-1: new full-speed USB device number 15 using dummy_hcd [ 355.488677][ T14] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 355.524160][ T14] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 355.584067][ T14] usb 3-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 355.642414][ T14] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 355.687764][ T14] usb 3-1: config 0 descriptor?? [ 355.941723][ T14] usb 3-1: string descriptor 0 read error: -71 [ 355.994251][ T14] usb 3-1: USB disconnect, device number 15 [ 356.294145][ T4677] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 356.515761][ T4677] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 356.547086][ T4677] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 356.584072][ T4677] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 356.614086][ T4677] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 356.662524][ T4677] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 356.689595][ T4677] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 356.716835][ T4677] usb 5-1: Manufacturer: syz [ 356.723473][ T7972] Set syz1 is full, maxelem 65536 reached [ 356.746412][ T4677] usb 5-1: config 0 descriptor?? [ 357.175063][ T4677] usbhid 5-1:0.0: can't add hid device: -71 [ 357.184180][ T4677] usbhid: probe of 5-1:0.0 failed with error -71 [ 357.208974][ T4677] usb 5-1: USB disconnect, device number 16 [ 358.043275][ T8097] netlink: 'syz.1.966': attribute type 1 has an invalid length. [ 358.053560][ T8097] netlink: 'syz.1.966': attribute type 2 has an invalid length. [ 358.068033][ T8097] netlink: 8 bytes leftover after parsing attributes in process `syz.1.966'. [ 358.093427][ T8097] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 358.167296][ T8097] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 359.325296][ T8107] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 359.334321][ T8107] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 359.342594][ T8107] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 359.385069][ T8107] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 359.495833][ T8107] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 359.512056][ T8107] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 359.569209][ T8113] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 359.594443][ T8113] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 359.602892][ T8113] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 359.773318][ T8118] netlink: 16 bytes leftover after parsing attributes in process `syz.1.972'. [ 361.076748][ T8128] device bridge0 entered promiscuous mode [ 361.148654][ T8128] device batadv_slave_0 entered promiscuous mode [ 363.555503][ T8158] net_ratelimit: 28 callbacks suppressed [ 363.555514][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 363.671059][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 363.724208][ T8158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 363.769914][ T8160] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 363.801818][ T8160] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 363.859712][ T8162] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 363.869539][ T8162] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 363.878838][ T8162] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 363.980123][ T4677] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 363.988338][ T8162] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 364.102108][ T8162] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 364.208087][ T8171] netlink: 16 bytes leftover after parsing attributes in process `syz.1.987'. [ 364.284169][ T4677] usb 4-1: Using ep0 maxpacket: 32 [ 364.293799][ T4677] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 364.317183][ T4677] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 364.329431][ T4677] usb 4-1: config 0 descriptor?? [ 364.550336][ T4677] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 364.584385][ T4677] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 364.615131][ T4677] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 364.644390][ T4677] usb 4-1: media controller created [ 364.741859][ T4677] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 364.804905][ T4677] az6027: usb out operation failed. (-71) [ 364.832842][ T4677] az6027: usb out operation failed. (-71) [ 364.854290][ T4677] stb0899_attach: Driver disabled by Kconfig [ 364.877670][ T4677] az6027: no front-end attached [ 364.877670][ T4677] [ 364.903392][ T4677] az6027: usb out operation failed. (-71) [ 364.928987][ T4677] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 364.968120][ T4677] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input7 [ 365.043242][ T4677] dvb-usb: schedule remote query interval to 400 msecs. [ 365.076812][ T4677] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 365.106846][ T4677] usb 4-1: USB disconnect, device number 23 [ 365.255932][ T4677] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 365.791403][ T8196] loop2: detected capacity change from 0 to 7 [ 365.835480][ T8196] Dev loop2: unable to read RDB block 7 [ 365.850645][ T8196] loop2: unable to read partition table [ 365.861862][ T8196] loop2: partition table beyond EOD, truncated [ 365.873739][ T8196] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑච) failed (rc=-5) [ 366.544994][ T8204] netlink: 56 bytes leftover after parsing attributes in process `syz.4.997'. [ 368.022605][ T8215] device syzkaller0 entered promiscuous mode [ 368.254110][ T14] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 368.445571][ T14] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 368.470646][ T14] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 368.501793][ T14] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 368.527885][ T14] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 368.534139][ T8227] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1005'. [ 368.574297][ T14] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 368.583640][ T14] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 368.634004][ T14] usb 2-1: Manufacturer: syz [ 368.652734][ T14] usb 2-1: config 0 descriptor?? [ 369.100151][ T14] usbhid 2-1:0.0: can't add hid device: -71 [ 369.106289][ T14] usbhid: probe of 2-1:0.0 failed with error -71 [ 369.163476][ T14] usb 2-1: USB disconnect, device number 13 [ 372.360050][ T4315] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 372.576854][ T4315] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 14385, setting to 1024 [ 372.596078][ T4315] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 372.616022][ T4315] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 372.628316][ T4315] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.648587][ T4315] usb 4-1: config 0 descriptor?? [ 372.657757][ T8262] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 378.557820][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.564246][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.482135][ T4315] ath6kl: Failed to submit usb control message: -110 [ 384.508951][ T4315] ath6kl: unable to send the bmi data to the device: -110 [ 384.523151][ T4315] ath6kl: Unable to send get target info: -110 [ 384.553362][ T4315] ath6kl: Failed to init ath6kl core: -110 [ 384.624471][ T4315] ath6kl_usb: probe of 4-1:0.0 failed with error -110 [ 385.312030][ T4281] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 385.322949][ T4281] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 385.331749][ T4281] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 385.340638][ T4281] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 385.348693][ T4281] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 385.363183][ T4281] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 385.456320][ T8231] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1006'. [ 385.474463][ T4284] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 385.495513][ T8264] device syz_tun entered promiscuous mode [ 385.497118][ T4284] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 385.510046][ T4284] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 385.527115][ T8264] device syz_tun left promiscuous mode [ 385.532824][ T4284] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 385.554457][ T4284] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 385.561823][ T4284] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 385.621580][ T8277] device syzkaller0 entered promiscuous mode [ 385.631098][ T4346] usb 4-1: USB disconnect, device number 24 [ 386.697029][ T8292] chnl_net:caif_netlink_parms(): no params data found [ 386.736761][ T8294] chnl_net:caif_netlink_parms(): no params data found [ 387.018788][ T8294] bridge0: port 1(bridge_slave_0) entered blocking state [ 387.040858][ T8294] bridge0: port 1(bridge_slave_0) entered disabled state [ 387.068122][ T8294] device bridge_slave_0 entered promiscuous mode [ 387.128260][ T8292] bridge0: port 1(bridge_slave_0) entered blocking state [ 387.140381][ T8292] bridge0: port 1(bridge_slave_0) entered disabled state [ 387.170722][ T8292] device bridge_slave_0 entered promiscuous mode [ 387.217574][ T8294] bridge0: port 2(bridge_slave_1) entered blocking state [ 387.231538][ T8294] bridge0: port 2(bridge_slave_1) entered disabled state [ 387.263053][ T8294] device bridge_slave_1 entered promiscuous mode [ 387.294260][ T8292] bridge0: port 2(bridge_slave_1) entered blocking state [ 387.314179][ T8292] bridge0: port 2(bridge_slave_1) entered disabled state [ 387.362336][ T8292] device bridge_slave_1 entered promiscuous mode [ 387.434190][ T4281] Bluetooth: hci5: command 0x0409 tx timeout [ 387.527146][ T8294] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 387.577239][ T4523] tipc: Left network mode [ 387.579781][ T8292] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 387.595660][ T4281] Bluetooth: hci6: command 0x0409 tx timeout [ 387.629423][ T8292] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 387.674459][ T8294] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 387.687998][ T8292] team0: Port device team_slave_0 added [ 387.717551][ T8292] team0: Port device team_slave_1 added [ 388.019182][ T8294] team0: Port device team_slave_0 added [ 388.065895][ T8292] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 388.103469][ T8292] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 388.180630][ T8292] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 388.265420][ T8294] team0: Port device team_slave_1 added [ 388.279418][ T8292] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 388.296383][ T8292] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 388.351266][ T8292] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 388.484858][ T8294] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 388.506544][ T8294] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 388.564685][ T8294] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 388.600793][ T8292] device hsr_slave_0 entered promiscuous mode [ 388.618620][ T8292] device hsr_slave_1 entered promiscuous mode [ 388.640679][ T8292] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 388.695227][ T8292] Cannot create hsr debugfs directory [ 388.722088][ T8294] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 388.732590][ T8294] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 388.766446][ T8294] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 388.912069][ T8294] device hsr_slave_0 entered promiscuous mode [ 388.923250][ T8294] device hsr_slave_1 entered promiscuous mode [ 388.930762][ T8294] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 388.942742][ T8294] Cannot create hsr debugfs directory [ 389.497655][ T8292] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 389.514713][ T4281] Bluetooth: hci5: command 0x041b tx timeout [ 389.535509][ T8292] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 389.595582][ T8292] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 389.684251][ T4281] Bluetooth: hci6: command 0x041b tx timeout [ 389.836807][ T4523] bond0: (slave wlan1): Releasing backup interface [ 389.873492][ T4523] device wlan1 left promiscuous mode [ 389.919705][ T8292] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 390.293460][ T8294] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 390.394152][ T4315] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 390.416966][ T8292] 8021q: adding VLAN 0 to HW filter on device bond0 [ 390.440366][ T8294] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 390.476235][ T4523] device hsr_slave_0 left promiscuous mode [ 390.484321][ T4346] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 390.511122][ T4523] device hsr_slave_1 left promiscuous mode [ 390.533629][ T4523] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 390.548747][ T4523] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 390.576846][ T4523] device bridge_slave_1 left promiscuous mode [ 390.588957][ T4523] bridge0: port 2(bridge_slave_1) entered disabled state [ 390.604307][ T4315] usb 2-1: Using ep0 maxpacket: 8 [ 390.620831][ T4523] device bridge_slave_0 left promiscuous mode [ 390.630176][ T4315] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 390.650736][ T4523] bridge0: port 1(bridge_slave_0) entered disabled state [ 390.661104][ T4315] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 390.685718][ T4346] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 14385, setting to 1024 [ 390.709010][ T4346] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 390.712696][ T4315] usb 2-1: New USB device found, idVendor=0402, idProduct=5602, bcdDevice=35.76 [ 390.734378][ T4523] device bridge0 left promiscuous mode [ 390.760159][ T4315] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 390.763978][ T4346] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 390.777279][ T4315] usb 2-1: Product: syz [ 390.777299][ T4315] usb 2-1: Manufacturer: syz [ 390.777313][ T4315] usb 2-1: SerialNumber: syz [ 390.779136][ T4315] usb 2-1: config 0 descriptor?? [ 390.824069][ T4346] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 390.941590][ T4346] usb 4-1: config 0 descriptor?? [ 390.985966][ T8369] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 391.594218][ T4281] Bluetooth: hci5: command 0x040f tx timeout [ 391.754353][ T4281] Bluetooth: hci6: command 0x040f tx timeout [ 392.969682][ T4315] usb 2-1: USB disconnect, device number 14 [ 393.674096][ T4281] Bluetooth: hci5: command 0x0419 tx timeout [ 393.834133][ T4284] Bluetooth: hci6: command 0x0419 tx timeout [ 408.815568][ T4284] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 408.825321][ T4284] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 408.834396][ T4284] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 408.842174][ T4284] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 408.849675][ T4284] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 408.856939][ T4284] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 409.186306][ T4283] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 409.196065][ T4283] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 409.204379][ T4283] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 409.212983][ T4283] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 409.221721][ T4283] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 409.233178][ T4283] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 409.282098][ T4283] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 409.301231][ T4283] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 409.310552][ T4283] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 409.321303][ T4283] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 409.329557][ T4283] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 409.338687][ T4283] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 410.874186][ T4283] Bluetooth: hci1: command 0x0409 tx timeout [ 411.274234][ T4283] Bluetooth: hci3: command 0x0409 tx timeout [ 411.354128][ T4283] Bluetooth: hci7: command 0x0409 tx timeout [ 412.954228][ T4283] Bluetooth: hci1: command 0x041b tx timeout [ 413.354200][ T4283] Bluetooth: hci3: command 0x041b tx timeout [ 413.434393][ T4283] Bluetooth: hci7: command 0x041b tx timeout [ 415.034176][ T4283] Bluetooth: hci1: command 0x040f tx timeout [ 415.434072][ T4283] Bluetooth: hci3: command 0x040f tx timeout [ 415.524174][ T4283] Bluetooth: hci7: command 0x040f tx timeout [ 417.114035][ T4283] Bluetooth: hci1: command 0x0419 tx timeout [ 417.514151][ T4283] Bluetooth: hci3: command 0x0419 tx timeout [ 417.594521][ T4283] Bluetooth: hci7: command 0x0419 tx timeout [ 439.996620][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.003045][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 450.904115][ T4281] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 450.923652][ T4281] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 450.932017][ T4281] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 450.940239][ T4281] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 450.948917][ T4281] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 450.957285][ T4281] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 451.066254][ T4283] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 451.078453][ T4283] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 451.088665][ T4283] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 451.096895][ T4284] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 451.105143][ T4283] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 451.112904][ T4283] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 453.044258][ T4283] Bluetooth: hci8: command 0x0409 tx timeout [ 453.193987][ T4283] Bluetooth: hci9: command 0x0409 tx timeout [ 455.124266][ T4283] Bluetooth: hci8: command 0x041b tx timeout [ 455.283989][ T4283] Bluetooth: hci9: command 0x041b tx timeout [ 457.194552][ T4283] Bluetooth: hci8: command 0x040f tx timeout [ 457.354000][ T4283] Bluetooth: hci9: command 0x040f tx timeout [ 459.274208][ T4283] Bluetooth: hci8: command 0x0419 tx timeout [ 459.433939][ T4283] Bluetooth: hci9: command 0x0419 tx timeout [ 468.191355][ T4281] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 468.248152][ T4281] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 468.587827][ T4281] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 469.279988][ T4281] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 469.304251][ T4281] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 469.316264][ T4281] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 470.967236][ T4283] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 470.988313][ T4283] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 470.997727][ T4283] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 471.011794][ T4284] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 471.024288][ T4284] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3 [ 471.032658][ T4286] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 471.047519][ T4286] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 471.057099][ T4284] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 471.067805][ T4286] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 471.076840][ T4281] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 471.084560][ T4281] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3 [ 471.092450][ T4281] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 471.434306][ T4281] Bluetooth: hci10: command 0x0409 tx timeout [ 473.121684][ T4281] Bluetooth: hci11: command 0x0409 tx timeout [ 473.211768][ T4281] Bluetooth: hci12: command 0x0409 tx timeout [ 473.524210][ T4281] Bluetooth: hci10: command 0x041b tx timeout [ 475.201532][ T4281] Bluetooth: hci11: command 0x041b tx timeout [ 475.274054][ T4281] Bluetooth: hci12: command 0x041b tx timeout [ 475.604157][ T4281] Bluetooth: hci10: command 0x040f tx timeout [ 477.281532][ T4281] Bluetooth: hci11: command 0x040f tx timeout [ 477.354440][ T4281] Bluetooth: hci12: command 0x040f tx timeout [ 477.673940][ T4281] Bluetooth: hci10: command 0x0419 tx timeout [ 479.361718][ T4281] Bluetooth: hci11: command 0x0419 tx timeout [ 479.434297][ T4281] Bluetooth: hci12: command 0x0419 tx timeout [ 501.446321][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.452692][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 508.714159][ T4283] Bluetooth: hci6: command 0x0406 tx timeout [ 508.885028][ T4281] Bluetooth: hci5: command 0x0406 tx timeout [ 512.056597][ T4283] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 512.069879][ T4283] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 512.078649][ T4283] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 512.094311][ T4283] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 512.103009][ T4283] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3 [ 512.111529][ T4283] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 512.121934][ T4281] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 512.140666][ T4286] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 512.149252][ T4286] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 512.158911][ T4286] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 512.167723][ T4286] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3 [ 512.175279][ T4286] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 514.164097][ T4286] Bluetooth: hci13: command 0x0409 tx timeout [ 514.234305][ T4286] Bluetooth: hci14: command 0x0409 tx timeout [ 516.234000][ T4286] Bluetooth: hci13: command 0x041b tx timeout [ 516.314104][ T4286] Bluetooth: hci14: command 0x041b tx timeout [ 518.313950][ T4286] Bluetooth: hci13: command 0x040f tx timeout [ 518.394096][ T4286] Bluetooth: hci14: command 0x040f tx timeout [ 520.403941][ T4286] Bluetooth: hci13: command 0x0419 tx timeout [ 520.484253][ T4286] Bluetooth: hci14: command 0x0419 tx timeout [ 529.258359][ T4284] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 530.441555][ T4284] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 530.454971][ T4284] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 530.476610][ T4284] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 530.495401][ T4284] Bluetooth: hci15: unexpected cc 0x0c25 length: 249 > 3 [ 530.507520][ T4284] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 532.445078][ T4286] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 532.456403][ T4286] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 532.465562][ T4286] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 532.473714][ T4286] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 532.482118][ T4286] Bluetooth: hci16: unexpected cc 0x0c25 length: 249 > 3 [ 532.489714][ T4286] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 532.564231][ T4284] Bluetooth: hci15: command 0x0409 tx timeout [ 532.800483][ T4281] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1 [ 532.812348][ T4281] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9 [ 532.820714][ T4281] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9 [ 532.830390][ T4281] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4 [ 532.838092][ T4281] Bluetooth: hci17: unexpected cc 0x0c25 length: 249 > 3 [ 532.845665][ T4281] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2 [ 534.234366][ T4281] Bluetooth: hci1: command 0x0406 tx timeout [ 534.240430][ T4281] Bluetooth: hci3: command 0x0406 tx timeout [ 534.246527][ T4284] Bluetooth: hci7: command 0x0406 tx timeout [ 534.554122][ T4281] Bluetooth: hci16: command 0x0409 tx timeout [ 534.644003][ T4281] Bluetooth: hci15: command 0x041b tx timeout [ 534.884206][ T4281] Bluetooth: hci17: command 0x0409 tx timeout [ 536.634106][ T4281] Bluetooth: hci16: command 0x041b tx timeout [ 536.714148][ T4281] Bluetooth: hci15: command 0x040f tx timeout [ 536.953926][ T4281] Bluetooth: hci17: command 0x041b tx timeout [ 538.724358][ T4281] Bluetooth: hci16: command 0x040f tx timeout [ 538.794110][ T4281] Bluetooth: hci15: command 0x0419 tx timeout [ 539.034063][ T4281] Bluetooth: hci17: command 0x040f tx timeout [ 540.794075][ T4281] Bluetooth: hci16: command 0x0419 tx timeout [ 541.114411][ T4281] Bluetooth: hci17: command 0x0419 tx timeout [ 543.674251][ T28] INFO: task kworker/u4:1:11 blocked for more than 143 seconds. [ 543.681945][ T28] Not tainted syzkaller #0 [ 543.700765][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 543.721158][ T28] task:kworker/u4:1 state:D stack:22672 pid:11 ppid:2 flags:0x00004000 [ 543.752337][ T28] Workqueue: events_unbound fsnotify_connector_destroy_workfn [ 543.773666][ T28] Call Trace: [ 543.780965][ T28] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 543.838500][ T28] __schedule+0x11d1/0x40e0 [ 543.843099][ T28] ? __sched_text_start+0x8/0x8 [ 543.882513][ T28] ? kthread_data+0x4b/0xc0 [ 543.910113][ T28] ? wq_worker_sleeping+0x60/0x280 [ 543.919225][ T28] schedule+0xb9/0x180 [ 543.953870][ T28] schedule_timeout+0xbd/0x2d0 [ 543.958711][ T28] ? console_conditional_schedule+0x40/0x40 [ 543.984806][ T28] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 543.997879][ T28] ? lock_chain_count+0x20/0x20 [ 544.002877][ T28] ? _raw_spin_lock_irq+0xb7/0xf0 [ 544.043466][ T28] ? _raw_spin_lock_irqsave+0x100/0x100 [ 544.065852][ T28] ? _raw_spin_unlock_irq+0x1f/0x40 [ 544.071113][ T28] ? lockdep_hardirqs_on+0x94/0x140 [ 544.114001][ T28] ? wait_for_completion+0x276/0x5a0 [ 544.119359][ T28] wait_for_completion+0x2c7/0x5a0 [ 544.153886][ T28] ? io_schedule+0xd0/0xd0 [ 544.158378][ T28] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 544.193889][ T28] ? debug_object_active_state+0x6a/0x380 [ 544.199708][ T28] __synchronize_srcu+0x2b9/0x350 [ 544.234018][ T28] ? synchronize_srcu_expedited+0x20/0x20 [ 544.239803][ T28] ? rcu_read_lock_any_held+0x130/0x130 [ 544.274107][ T28] ? __rwlock_init+0x140/0x140 [ 544.278933][ T28] ? ktime_get_mono_fast_ns+0x199/0x1b0 [ 544.304186][ T28] ? synchronize_srcu+0x192/0x1b0 [ 544.309288][ T28] ? process_one_work+0x7b0/0x1160 [ 544.322391][ T28] fsnotify_connector_destroy_workfn+0x40/0xa0 [ 544.332706][ T28] ? process_one_work+0x7b0/0x1160 [ 544.341920][ T28] process_one_work+0x8a2/0x1160 [ 544.351364][ T28] ? worker_detach_from_pool+0x240/0x240 [ 544.361416][ T28] ? _raw_spin_lock_irq+0xb7/0xf0 [ 544.370646][ T28] ? _raw_spin_lock_irqsave+0x100/0x100 [ 544.380427][ T28] ? kthread_data+0x4b/0xc0 [ 544.389510][ T28] worker_thread+0xaa2/0x1270 [ 544.398445][ T28] kthread+0x29d/0x330 [ 544.402543][ T28] ? worker_clr_flags+0x1a0/0x1a0 [ 544.414146][ T28] ? kthread_blkcg+0xd0/0xd0 [ 544.418773][ T28] ret_from_fork+0x1f/0x30 [ 544.423221][ T28] [ 544.434159][ T28] INFO: task dhcpcd:3934 blocked for more than 144 seconds. [ 544.441481][ T28] Not tainted syzkaller #0 [ 544.456115][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 544.472716][ T28] task:dhcpcd state:D stack:20848 pid:3934 ppid:3933 flags:0x00004002 [ 544.492276][ T28] Call Trace: [ 544.502945][ T28] [ 544.514044][ T28] __schedule+0x11d1/0x40e0 [ 544.518625][ T28] ? __sched_text_start+0x8/0x8 [ 544.523493][ T28] ? __mutex_trylock_common+0x86/0x260 [ 544.544432][ T28] ? trace_raw_output_contention_end+0xd0/0xd0 [ 544.550655][ T28] schedule+0xb9/0x180 [ 544.570291][ T28] schedule_preempt_disabled+0xf/0x20 [ 544.580767][ T28] __mutex_lock+0x562/0xaf0 [ 544.596408][ T28] ? __mutex_lock+0x3b2/0xaf0 [ 544.601158][ T28] ? devinet_ioctl+0x288/0x1af0 [ 544.617707][ T28] ? mutex_lock_nested+0x10/0x10 [ 544.622724][ T28] ? bpf_lsm_capable+0x5/0x10 [ 544.645312][ T28] ? security_capable+0x85/0xb0 [ 544.650236][ T28] devinet_ioctl+0x288/0x1af0 [ 544.670749][ T28] ? get_user_ifreq+0x127/0x170 [ 544.679762][ T28] inet_ioctl+0x2fa/0x460 [ 544.695558][ T28] ? inet_shutdown+0x370/0x370 [ 544.700384][ T28] ? slab_free_freelist_hook+0x131/0x1a0 [ 544.721289][ T28] ? tomoyo_path_number_perm+0x4fb/0x650 [ 544.738035][ T28] ? __kmem_cache_free+0xb6/0x1f0 [ 544.743147][ T28] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 544.757463][ T28] sock_do_ioctl+0xfb/0x320 [ 544.762031][ T28] ? sock_show_fdinfo+0xb0/0xb0 [ 544.780692][ T28] sock_ioctl+0x4d2/0x710 [ 544.792804][ T28] ? sock_poll+0x410/0x410 [ 544.802955][ T28] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 544.813528][ T28] ? fd_install+0x5c/0x4e0 [ 544.821842][ T28] ? lock_chain_count+0x20/0x20 [ 544.831380][ T28] ? bpf_lsm_file_ioctl+0x5/0x10 [ 544.840271][ T28] ? security_file_ioctl+0x7c/0xa0 [ 544.849876][ T28] ? sock_poll+0x410/0x410 [ 544.858289][ T28] __se_sys_ioctl+0xfa/0x170 [ 544.862918][ T28] do_syscall_64+0x4c/0xa0 [ 544.874009][ T28] ? clear_bhb_loop+0x60/0xb0 [ 544.878741][ T28] ? clear_bhb_loop+0x60/0xb0 [ 544.883439][ T28] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 544.904270][ T28] RIP: 0033:0x7f151a7bb378 [ 544.908743][ T28] RSP: 002b:00007ffdc027cba8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 544.926012][ T28] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 00007f151a7bb378 [ 544.938297][ T28] RDX: 00007ffdc028cda0 RSI: 0000000000008914 RDI: 0000000000000016 [ 544.950544][ T28] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 544.962581][ T28] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdc029cf40 [ 544.974576][ T28] R13: 00007f151a6bb6c8 R14: 0000000000000028 R15: 0000000000008914 [ 544.982594][ T28] [ 544.992438][ T28] INFO: task kworker/0:4:4314 blocked for more than 144 seconds. [ 545.004664][ T28] Not tainted syzkaller #0 [ 545.009632][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 545.025310][ T28] task:kworker/0:4 state:D stack:24272 pid:4314 ppid:2 flags:0x00004000 [ 545.038915][ T28] Workqueue: events switchdev_deferred_process_work [ 545.049766][ T28] Call Trace: [ 545.053343][ T28] [ 545.063177][ T28] __schedule+0x11d1/0x40e0 [ 545.071738][ T28] ? __sched_text_start+0x8/0x8 [ 545.081082][ T28] ? __mutex_trylock_common+0x86/0x260 [ 545.090534][ T28] ? lockdep_hardirqs_on+0x94/0x140 [ 545.100272][ T28] schedule+0xb9/0x180 [ 545.108514][ T28] schedule_preempt_disabled+0xf/0x20 [ 545.118416][ T28] __mutex_lock+0x562/0xaf0 [ 545.122955][ T28] ? __mutex_lock+0x3b2/0xaf0 [ 545.133960][ T28] ? switchdev_deferred_process_work+0xa/0x20 [ 545.149030][ T28] ? mutex_lock_nested+0x10/0x10 [ 545.162010][ T28] ? _raw_spin_unlock+0x40/0x40 [ 545.175736][ T28] ? _raw_spin_unlock_irq+0x1f/0x40 [ 545.180992][ T28] ? process_one_work+0x7b0/0x1160 [ 545.201557][ T28] switchdev_deferred_process_work+0xa/0x20 [ 545.212450][ T28] process_one_work+0x8a2/0x1160 [ 545.227482][ T28] ? worker_detach_from_pool+0x240/0x240 [ 545.233170][ T28] ? _raw_spin_lock_irq+0xb7/0xf0 [ 545.252568][ T28] ? _raw_spin_lock_irqsave+0x100/0x100 [ 545.269569][ T28] ? kthread_data+0x4b/0xc0 [ 545.280007][ T28] worker_thread+0xaa2/0x1270 [ 545.293579][ T28] ? __kthread_parkme+0x162/0x1c0 [ 545.304653][ T28] kthread+0x29d/0x330 [ 545.308764][ T28] ? worker_clr_flags+0x1a0/0x1a0 [ 545.313808][ T28] ? kthread_blkcg+0xd0/0xd0 [ 545.332842][ T28] ret_from_fork+0x1f/0x30 [ 545.348794][ T28] [ 545.351913][ T28] INFO: task kworker/u4:7:4448 blocked for more than 145 seconds. [ 545.374735][ T28] Not tainted syzkaller #0 [ 545.379716][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 545.401624][ T28] task:kworker/u4:7 state:D stack:21744 pid:4448 ppid:2 flags:0x00004000 [ 545.417033][ T28] Workqueue: events_unbound fsnotify_mark_destroy_workfn [ 545.433333][ T28] Call Trace: [ 545.443254][ T28] [ 545.455349][ T28] __schedule+0x11d1/0x40e0 [ 545.459947][ T28] ? __sched_text_start+0x8/0x8 [ 545.478555][ T28] ? kthread_data+0x4b/0xc0 [ 545.483120][ T28] ? wq_worker_sleeping+0x60/0x280 [ 545.501001][ T28] schedule+0xb9/0x180 [ 545.512216][ T28] schedule_timeout+0xbd/0x2d0 [ 545.525758][ T28] ? console_conditional_schedule+0x40/0x40 [ 545.531715][ T28] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 545.551001][ T28] ? lock_chain_count+0x20/0x20 [ 545.562795][ T28] ? _raw_spin_lock_irq+0xb7/0xf0 [ 545.579751][ T28] ? _raw_spin_lock_irqsave+0x100/0x100 [ 545.592708][ T28] ? _raw_spin_unlock_irq+0x1f/0x40 [ 545.607808][ T28] ? lockdep_hardirqs_on+0x94/0x140 [ 545.613079][ T28] ? wait_for_completion+0x276/0x5a0 [ 545.628090][ T28] wait_for_completion+0x2c7/0x5a0 [ 545.633291][ T28] ? io_schedule+0xd0/0xd0 [ 545.648383][ T28] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 545.665382][ T28] ? debug_object_active_state+0x6a/0x380 [ 545.671183][ T28] __synchronize_srcu+0x2b9/0x350 [ 545.690067][ T28] ? synchronize_srcu_expedited+0x20/0x20 [ 545.700651][ T28] ? rcu_read_lock_any_held+0x130/0x130 [ 545.710578][ T28] ? __rwlock_init+0x140/0x140 [ 545.719891][ T28] ? synchronize_srcu+0x192/0x1b0 [ 545.729039][ T28] ? process_one_work+0x7b0/0x1160 [ 545.738829][ T28] fsnotify_mark_destroy_workfn+0x106/0x2f0 [ 545.749059][ T28] ? fsnotify_connector_destroy_workfn+0xa0/0xa0 [ 545.760046][ T28] ? _raw_spin_unlock_irq+0x1f/0x40 [ 545.769442][ T28] ? process_one_work+0x7b0/0x1160 [ 545.778923][ T28] process_one_work+0x8a2/0x1160 [ 545.787859][ T28] ? worker_detach_from_pool+0x240/0x240 [ 545.793547][ T28] ? _raw_spin_lock_irq+0xb7/0xf0 [ 545.808033][ T28] ? _raw_spin_lock_irqsave+0x100/0x100 [ 545.813641][ T28] ? kthread_data+0x4b/0xc0 [ 545.831736][ T28] worker_thread+0xaa2/0x1270 [ 545.842082][ T28] ? __kthread_parkme+0x162/0x1c0 [ 545.858758][ T28] kthread+0x29d/0x330 [ 545.862909][ T28] ? worker_clr_flags+0x1a0/0x1a0 [ 545.877383][ T28] ? kthread_blkcg+0xd0/0xd0 [ 545.882030][ T28] ret_from_fork+0x1f/0x30 [ 545.900004][ T28] [ 545.903174][ T28] INFO: task kworker/u4:9:4523 blocked for more than 145 seconds. [ 545.918345][ T28] Not tainted syzkaller #0 [ 545.923759][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 545.946911][ T28] task:kworker/u4:9 state:D stack:23792 pid:4523 ppid:2 flags:0x00004000 [ 545.960657][ T28] Workqueue: netns cleanup_net [ 545.969601][ T28] Call Trace: [ 545.972915][ T28] [ 545.982672][ T28] __schedule+0x11d1/0x40e0 [ 545.993967][ T28] ? _raw_spin_unlock_irqrestore+0x82/0x120 [ 545.999918][ T28] ? queue_work_on+0x196/0x1f0 [ 546.013869][ T28] ? __sched_text_start+0x8/0x8 [ 546.018784][ T28] ? wq_worker_last_func+0x40/0x40 [ 546.033901][ T28] ? _raw_spin_unlock_irqrestore+0x10d/0x120 [ 546.039965][ T28] ? kthread_data+0x4b/0xc0 [ 546.063874][ T28] ? wq_worker_sleeping+0x60/0x280 [ 546.069148][ T28] schedule+0xb9/0x180 [ 546.073245][ T28] synchronize_rcu_expedited+0x6e6/0x890 [ 546.093893][ T28] ? synchronize_rcu+0x3f0/0x3f0 [ 546.099080][ T28] ? finish_task_switch+0x265/0x8f0 [ 546.113866][ T28] ? lockdep_hardirqs_on+0x94/0x140 [ 546.119119][ T28] ? finish_task_switch+0x265/0x8f0 [ 546.133966][ T28] ? sync_rcu_exp_done_unlocked+0x140/0x140 [ 546.141100][ T28] ? wake_bit_function+0x200/0x200 [ 546.146374][ T28] synchronize_rcu+0x128/0x3f0 [ 546.151162][ T28] ? schedule_delayed_monitor_work+0x160/0x160 [ 546.173957][ T28] ? lock_chain_count+0x20/0x20 [ 546.178881][ T28] ? asm_sysvec_reschedule_ipi+0x16/0x20 [ 546.193867][ T28] ? lockdep_hardirqs_on+0x94/0x140 [ 546.199232][ T28] ? asm_sysvec_reschedule_ipi+0x16/0x20 [ 546.213891][ T28] lockdep_unregister_key+0x4d2/0x550 [ 546.219345][ T28] ? lockdep_reset_lock+0x300/0x300 [ 546.233883][ T28] ? rcu_is_watching+0x11/0xa0 [ 546.238710][ T28] ? qdisc_reset+0x299/0x5c0 [ 546.243323][ T28] __qdisc_destroy+0x128/0x430 [ 546.273882][ T28] dev_shutdown+0x34b/0x440 [ 546.278451][ T28] unregister_netdevice_many+0xa4f/0x1930 [ 546.311104][ T28] ? alloc_netdev_mqs+0xf00/0xf00 [ 546.316252][ T28] ? unregister_netdevice_queue+0x1aa/0x370 [ 546.322175][ T28] ? list_netdevice+0x6c0/0x6c0 [ 546.349207][ T28] ? br_dev_delete+0xde/0x110 [ 546.364771][ T28] default_device_exit_batch+0x9e6/0xa80 [ 546.370493][ T28] ? __might_sleep+0xd0/0xd0 [ 546.393875][ T28] ? net_rps_action_and_irq_enable+0x200/0x200 [ 546.400099][ T28] ? rdma_dev_init_net+0x270/0x270 [ 546.431156][ T28] ? net_rps_action_and_irq_enable+0x200/0x200 [ 546.450992][ T28] cleanup_net+0x791/0xba0 [ 546.455520][ T28] ? ops_free_list+0x3b0/0x3b0 [ 546.460303][ T28] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 546.507119][ T28] ? _raw_spin_unlock+0x40/0x40 [ 546.512048][ T28] ? _raw_spin_unlock_irq+0x1f/0x40 [ 546.521671][ T28] ? process_one_work+0x7b0/0x1160 [ 546.561825][ T28] process_one_work+0x8a2/0x1160 [ 546.568475][ T28] ? worker_detach_from_pool+0x240/0x240 [ 546.582995][ T28] ? _raw_spin_lock_irq+0xb7/0xf0 [ 546.588137][ T28] ? _raw_spin_lock_irqsave+0x100/0x100 [ 546.593703][ T28] ? kthread_data+0x4b/0xc0 [ 546.605400][ T28] worker_thread+0xaa2/0x1270 [ 546.610144][ T28] ? __kthread_parkme+0x162/0x1c0 [ 546.620441][ T28] kthread+0x29d/0x330 [ 546.626551][ T28] ? worker_clr_flags+0x1a0/0x1a0 [ 546.631607][ T28] ? kthread_blkcg+0xd0/0xd0 [ 546.643068][ T28] ret_from_fork+0x1f/0x30 [ 546.649713][ T28] [ 546.652758][ T28] INFO: task kworker/1:10:4677 blocked for more than 146 seconds. [ 546.665725][ T28] Not tainted syzkaller #0 [ 546.670684][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 546.684438][ T28] task:kworker/1:10 state:D stack:21808 pid:4677 ppid:2 flags:0x00004000 [ 546.693689][ T28] Workqueue: ipv6_addrconf addrconf_dad_work [ 546.707413][ T28] Call Trace: [ 546.710738][ T28] [ 546.713684][ T28] __schedule+0x11d1/0x40e0 [ 546.721634][ T28] ? do_raw_spin_unlock+0x11d/0x230 [ 546.726986][ T28] ? mark_lock+0x94/0x320 [ 546.731354][ T28] ? __sched_text_start+0x8/0x8 [ 546.754099][ T28] ? lockdep_hardirqs_on+0x94/0x140 [ 546.759627][ T28] schedule+0xb9/0x180 [ 546.763724][ T28] schedule_preempt_disabled+0xf/0x20 [ 546.784090][ T28] __mutex_lock+0x562/0xaf0 [ 546.788668][ T28] ? __mutex_lock+0x3b2/0xaf0 [ 546.793390][ T28] ? addrconf_dad_work+0xca/0x14f0 [ 546.811225][ T28] ? mutex_lock_nested+0x10/0x10 [ 546.823879][ T28] addrconf_dad_work+0xca/0x14f0 [ 546.833897][ T28] ? ipv6_get_saddr_eval+0xe60/0xe60 [ 546.839229][ T28] ? read_lock_is_recursive+0x10/0x10 [ 546.871124][ T28] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 546.877375][ T28] ? _raw_spin_unlock+0x40/0x40 [ 546.882258][ T28] ? _raw_spin_unlock_irq+0x1f/0x40 [ 546.903877][ T28] ? process_one_work+0x7b0/0x1160 [ 546.909072][ T28] process_one_work+0x8a2/0x1160 [ 546.914177][ T28] ? worker_detach_from_pool+0x240/0x240 [ 546.919845][ T28] ? _raw_spin_lock_irq+0xb7/0xf0 [ 546.933866][ T28] ? _raw_spin_lock_irqsave+0x100/0x100 [ 546.939496][ T28] ? kthread_data+0x4b/0xc0 [ 546.971552][ T28] worker_thread+0xaa2/0x1270 [ 546.983881][ T28] ? __kthread_parkme+0x162/0x1c0 [ 546.988972][ T28] kthread+0x29d/0x330 [ 546.993051][ T28] ? worker_clr_flags+0x1a0/0x1a0 [ 547.023975][ T28] ? kthread_blkcg+0xd0/0xd0 [ 547.028644][ T28] ret_from_fork+0x1f/0x30 [ 547.033095][ T28] [ 547.054415][ T28] INFO: task syz-executor:8292 blocked for more than 146 seconds. [ 547.062269][ T28] Not tainted syzkaller #0 [ 547.073899][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 547.082616][ T28] task:syz-executor state:D stack:22608 pid:8292 ppid:1 flags:0x00004004 [ 547.113904][ T28] Call Trace: [ 547.117246][ T28] [ 547.120197][ T28] __schedule+0x11d1/0x40e0 [ 547.133892][ T28] ? __sched_text_start+0x8/0x8 [ 547.138807][ T28] ? __mutex_trylock_common+0x86/0x260 [ 547.153874][ T28] ? trace_raw_output_contention_end+0xd0/0xd0 [ 547.160097][ T28] schedule+0xb9/0x180 [ 547.186011][ T28] schedule_preempt_disabled+0xf/0x20 [ 547.191450][ T28] __mutex_lock+0x562/0xaf0 [ 547.213887][ T28] ? __mutex_lock+0x3b2/0xaf0 [ 547.218657][ T28] ? rtnetlink_rcv_msg+0x824/0xfc0 [ 547.241730][ T28] ? mutex_lock_nested+0x10/0x10 [ 547.256522][ T28] ? rtnetlink_rcv_msg+0x226/0xfc0 [ 547.261698][ T28] rtnetlink_rcv_msg+0x824/0xfc0 [ 547.283882][ T28] ? rtnetlink_bind+0x80/0x80 [ 547.288650][ T28] ? mark_lock+0x94/0x320 [ 547.293005][ T28] ? __lock_acquire+0x12f4/0x7d10 [ 547.304092][ T28] ? verify_lock_unused+0x140/0x140 [ 547.309350][ T28] ? netlink_sendmsg+0x654/0xbd0 [ 547.320923][ T28] ? verify_lock_unused+0x140/0x140 [ 547.326239][ T28] netlink_rcv_skb+0x1fb/0x450 [ 547.331026][ T28] ? rtnetlink_bind+0x80/0x80 [ 547.372376][ T28] ? netlink_ack+0x1170/0x1170 [ 547.383911][ T28] ? netlink_deliver_tap+0x2e/0x1b0 [ 547.389174][ T28] netlink_unicast+0x74d/0x8d0 [ 547.421175][ T28] netlink_sendmsg+0x8ad/0xbd0 [ 547.426474][ T28] ? netlink_getsockopt+0x550/0x550 [ 547.431701][ T28] ? aa_sock_msg_perm+0x94/0x150 [ 547.453872][ T28] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 547.459229][ T28] ? security_socket_sendmsg+0x7c/0xa0 [ 547.491007][ T28] __sys_sendto+0x497/0x650 [ 547.495629][ T28] ? __ia32_sys_getpeername+0x80/0x80 [ 547.501063][ T28] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 547.543877][ T28] ? lock_chain_count+0x20/0x20 [ 547.548836][ T28] __x64_sys_sendto+0xda/0xf0 [ 547.553540][ T28] do_syscall_64+0x4c/0xa0 [ 547.579163][ T28] ? clear_bhb_loop+0x60/0xb0 [ 547.599986][ T28] ? clear_bhb_loop+0x60/0xb0 [ 547.619374][ T28] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 547.625462][ T28] RIP: 0033:0x7f8e84b5cfce [ 547.629893][ T28] RSP: 002b:00007ffcad070cb8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 547.683902][ T28] RAX: ffffffffffffffda RBX: 000055556723c500 RCX: 00007f8e84b5cfce [ 547.691940][ T28] RDX: 0000000000000028 RSI: 00007f8e85944670 RDI: 0000000000000003 [ 547.723867][ T28] RBP: 0000000000000001 R08: 00007ffcad070d34 R09: 000000000000000c [ 547.732495][ T28] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 547.747756][ T28] R13: 0000000000000000 R14: 00007f8e85944670 R15: 0000000000000000 [ 547.770995][ T28] [ 547.783887][ T28] INFO: task syz-executor:8294 blocked for more than 147 seconds. [ 547.791757][ T28] Not tainted syzkaller #0 [ 547.814117][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 547.822925][ T28] task:syz-executor state:D stack:22192 pid:8294 ppid:1 flags:0x00004004 [ 547.840961][ T28] Call Trace: [ 547.845643][ T28] [ 547.848606][ T28] __schedule+0x11d1/0x40e0 [ 547.853147][ T28] ? __sched_text_start+0x8/0x8 [ 547.865652][ T28] ? __mutex_trylock_common+0x86/0x260 [ 547.871177][ T28] ? trace_raw_output_contention_end+0xd0/0xd0 [ 547.882648][ T28] schedule+0xb9/0x180 [ 547.888936][ T28] schedule_preempt_disabled+0xf/0x20 [ 547.905988][ T28] __mutex_lock+0x562/0xaf0 [ 547.910551][ T28] ? __mutex_lock+0x3b2/0xaf0 [ 547.941134][ T28] ? rtnetlink_rcv_msg+0x824/0xfc0 [ 547.961437][ T28] ? mutex_lock_nested+0x10/0x10 [ 547.966544][ T28] ? rtnetlink_rcv_msg+0x226/0xfc0 [ 547.971684][ T28] rtnetlink_rcv_msg+0x824/0xfc0 [ 548.001937][ T28] ? rtnetlink_bind+0x80/0x80 [ 548.006708][ T28] ? mark_lock+0x94/0x320 [ 548.011066][ T28] ? __lock_acquire+0x12f4/0x7d10 [ 548.033989][ T28] ? verify_lock_unused+0x140/0x140 [ 548.039260][ T28] ? netlink_sendmsg+0x654/0xbd0 [ 548.054002][ T28] ? verify_lock_unused+0x140/0x140 [ 548.059302][ T28] netlink_rcv_skb+0x1fb/0x450 [ 548.093951][ T28] ? rtnetlink_bind+0x80/0x80 [ 548.098789][ T28] ? netlink_ack+0x1170/0x1170 [ 548.103584][ T28] ? netlink_deliver_tap+0x2e/0x1b0 [ 548.130419][ T28] netlink_unicast+0x74d/0x8d0 [ 548.135310][ T28] netlink_sendmsg+0x8ad/0xbd0 [ 548.140119][ T28] ? netlink_getsockopt+0x550/0x550 [ 548.203989][ T28] ? aa_sock_msg_perm+0x94/0x150 [ 548.209102][ T28] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 548.253877][ T28] ? security_socket_sendmsg+0x7c/0xa0 [ 548.259404][ T28] __sys_sendto+0x497/0x650 [ 548.303869][ T28] ? __ia32_sys_getpeername+0x80/0x80 [ 548.309337][ T28] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 548.333878][ T28] ? lock_chain_count+0x20/0x20 [ 548.338804][ T28] __x64_sys_sendto+0xda/0xf0 [ 548.343511][ T28] do_syscall_64+0x4c/0xa0 [ 548.394068][ T28] ? clear_bhb_loop+0x60/0xb0 [ 548.398811][ T28] ? clear_bhb_loop+0x60/0xb0 [ 548.403514][ T28] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 548.439139][ T28] RIP: 0033:0x7f67ce55cfce [ 548.443616][ T28] RSP: 002b:00007fffd4893b38 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 548.486405][ T28] RAX: ffffffffffffffda RBX: 000055557694d500 RCX: 00007f67ce55cfce [ 548.513873][ T28] RDX: 0000000000000030 RSI: 00007f67cf343610 RDI: 0000000000000006 [ 548.521906][ T28] RBP: 0000000000000001 R08: 00007fffd4893bb4 R09: 000000000000000c [ 548.559169][ T28] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 548.585056][ T28] R13: 0000000000000000 R14: 00007f67cf343610 R15: 0000000000000000 [ 548.593099][ T28] [ 548.609185][ T28] INFO: task syz.3.1029:8369 blocked for more than 148 seconds. [ 548.623951][ T28] Not tainted syzkaller #0 [ 548.628925][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 548.653596][ T28] task:syz.3.1029 state:D stack:26864 pid:8369 ppid:4268 flags:0x00004004 [ 548.671808][ T28] Call Trace: [ 548.675167][ T28] [ 548.678113][ T28] __schedule+0x11d1/0x40e0 [ 548.682649][ T28] ? __sched_text_start+0x8/0x8 [ 548.703944][ T28] ? __mutex_trylock_common+0x86/0x260 [ 548.709465][ T28] ? trace_raw_output_contention_end+0xd0/0xd0 [ 548.727337][ T28] schedule+0xb9/0x180 [ 548.731462][ T28] schedule_preempt_disabled+0xf/0x20 [ 548.745174][ T28] __mutex_lock+0x562/0xaf0 [ 548.749732][ T28] ? __mutex_lock+0x3b2/0xaf0 [ 548.755419][ T28] ? rtnetlink_rcv_msg+0x824/0xfc0 [ 548.760568][ T28] ? mutex_lock_nested+0x10/0x10 [ 548.766819][ T28] ? rtnetlink_rcv_msg+0x226/0xfc0 [ 548.771962][ T28] rtnetlink_rcv_msg+0x824/0xfc0 [ 548.777821][ T28] ? rtnetlink_bind+0x80/0x80 [ 548.782525][ T28] ? __local_bh_enable_ip+0x136/0x1c0 [ 548.788868][ T28] ? lockdep_hardirqs_on+0x94/0x140 [ 548.795261][ T28] ? __local_bh_enable_ip+0x136/0x1c0 [ 548.800667][ T28] ? _local_bh_enable+0xa0/0xa0 [ 548.806410][ T28] ? __dev_queue_xmit+0x26b/0x37c0 [ 548.811547][ T28] ? __dev_queue_xmit+0x26b/0x37c0 [ 548.817659][ T28] ? __dev_queue_xmit+0x1cd2/0x37c0 [ 548.822896][ T28] ? __dev_queue_xmit+0x26b/0x37c0 [ 548.828873][ T28] ? ref_tracker_free+0x68c/0x840 [ 548.834234][ T28] ? __copy_skb_header+0x3ba/0x4f0 [ 548.839455][ T28] ? refcount_inc+0x70/0x70 [ 548.845125][ T28] ? memcpy+0x3c/0x60 [ 548.849138][ T28] ? __copy_skb_header+0x3ba/0x4f0 [ 548.863735][ T28] ? __skb_clone+0x480/0x790 [ 548.869299][ T28] netlink_rcv_skb+0x1fb/0x450 [ 548.885413][ T28] ? rtnetlink_bind+0x80/0x80 [ 548.890159][ T28] ? netlink_ack+0x1170/0x1170 [ 548.903803][ T28] ? netlink_deliver_tap+0x2e/0x1b0 [ 548.909846][ T28] netlink_unicast+0x74d/0x8d0 [ 548.916107][ T28] netlink_sendmsg+0x8ad/0xbd0 [ 548.921009][ T28] ? netlink_getsockopt+0x550/0x550 [ 548.927270][ T28] ? aa_sock_msg_perm+0x94/0x150 [ 548.932242][ T28] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 548.946212][ T28] ? security_socket_sendmsg+0x7c/0xa0 [ 548.951718][ T28] ? netlink_getsockopt+0x550/0x550 [ 548.966406][ T28] ____sys_sendmsg+0x5be/0x970 [ 548.971248][ T28] ? __sys_sendmsg_sock+0x30/0x30 [ 548.981998][ T28] ? __import_iovec+0x315/0x500 [ 548.991731][ T28] ? import_iovec+0x6f/0xa0 [ 549.001282][ T28] ___sys_sendmsg+0x2a2/0x360 [ 549.009851][ T28] ? try_to_wake_up+0x67c/0x1080 [ 549.019714][ T28] ? __sys_sendmsg+0x290/0x290 [ 549.029416][ T28] __se_sys_sendmsg+0x1bb/0x2a0 [ 549.050769][ T28] ? __x64_sys_sendmsg+0x80/0x80 [ 549.062358][ T28] ? lockdep_hardirqs_on+0x94/0x140 [ 549.071531][ T28] do_syscall_64+0x4c/0xa0 [ 549.080948][ T28] ? clear_bhb_loop+0x60/0xb0 [ 549.090290][ T28] ? clear_bhb_loop+0x60/0xb0 [ 549.100686][ T28] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 549.110557][ T28] RIP: 0033:0x7f906059c799 [ 549.120093][ T28] RSP: 002b:00007f906142c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 549.133298][ T28] RAX: ffffffffffffffda RBX: 00007f9060815fa0 RCX: 00007f906059c799 [ 549.147680][ T28] RDX: 0000000000000800 RSI: 0000200000000440 RDI: 0000000000000004 [ 549.160749][ T28] RBP: 00007f9060632c99 R08: 0000000000000000 R09: 0000000000000000 [ 549.173698][ T28] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 549.190326][ T28] R13: 00007f9060816038 R14: 00007f9060815fa0 R15: 00007ffc08046028 [ 549.199959][ T28] [ 549.203031][ T28] INFO: task syz.4.1030:8377 blocked for more than 148 seconds. [ 549.220454][ T28] Not tainted syzkaller #0 [ 549.228194][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 549.245080][ T28] task:syz.4.1030 state:D stack:26864 pid:8377 ppid:4280 flags:0x00004004 [ 549.262031][ T28] Call Trace: [ 549.268559][ T28] [ 549.271538][ T28] __schedule+0x11d1/0x40e0 [ 549.282084][ T28] ? __sched_text_start+0x8/0x8 [ 549.290556][ T28] ? __mutex_trylock_common+0x86/0x260 [ 549.302157][ T28] ? trace_raw_output_contention_end+0xd0/0xd0 [ 549.312062][ T28] schedule+0xb9/0x180 [ 549.321750][ T28] schedule_preempt_disabled+0xf/0x20 [ 549.331534][ T28] __mutex_lock+0x562/0xaf0 [ 549.343033][ T28] ? __mutex_lock+0x3b2/0xaf0 [ 549.351489][ T28] ? __netlink_dump_start+0x11f/0x6f0 [ 549.364703][ T28] ? mutex_lock_nested+0x10/0x10 [ 549.369705][ T28] ? netlink_lookup+0x30/0x200 [ 549.383094][ T28] ? netlink_lookup+0x30/0x200 [ 549.390509][ T28] __netlink_dump_start+0x11f/0x6f0 [ 549.402643][ T28] rtnetlink_rcv_msg+0xe63/0xfc0 [ 549.409552][ T28] ? rtnl_stats_get+0x650/0x650 [ 549.421351][ T28] ? rtnetlink_bind+0x80/0x80 [ 549.428951][ T28] ? __local_bh_enable_ip+0x136/0x1c0 [ 549.442018][ T28] ? lockdep_hardirqs_on+0x94/0x140 [ 549.450011][ T28] ? __local_bh_enable_ip+0x136/0x1c0 [ 549.462279][ T28] ? _local_bh_enable+0xa0/0xa0 [ 549.469033][ T28] ? __dev_queue_xmit+0x26b/0x37c0 [ 549.481160][ T28] ? __dev_queue_xmit+0x26b/0x37c0 [ 549.489774][ T28] ? __dev_queue_xmit+0x1cd2/0x37c0 [ 549.501951][ T28] ? __dev_queue_xmit+0x26b/0x37c0 [ 549.508991][ T28] ? ref_tracker_free+0x68c/0x840 [ 549.523365][ T28] ? __copy_skb_header+0x3ba/0x4f0 [ 549.531143][ T28] ? refcount_inc+0x70/0x70 [ 549.542886][ T28] ? memcpy+0x3c/0x60 [ 549.550369][ T28] ? rtnl_stats_get+0x650/0x650 [ 549.561924][ T28] ? __skb_clone+0x480/0x790 [ 549.569201][ T28] netlink_rcv_skb+0x1fb/0x450 [ 549.581008][ T28] ? rtnetlink_bind+0x80/0x80 [ 549.587629][ T28] ? netlink_ack+0x1170/0x1170 [ 549.592437][ T28] ? netlink_deliver_tap+0x2e/0x1b0 [ 549.607498][ T28] netlink_unicast+0x74d/0x8d0 [ 549.612325][ T28] netlink_sendmsg+0x8ad/0xbd0 [ 549.624015][ T28] ? netlink_getsockopt+0x550/0x550 [ 549.629271][ T28] ? aa_sock_msg_perm+0x94/0x150 [ 549.642017][ T28] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 549.649449][ T28] ? security_socket_sendmsg+0x7c/0xa0 [ 549.662670][ T28] ? netlink_getsockopt+0x550/0x550 [ 549.670673][ T28] ____sys_sendmsg+0x5be/0x970 [ 549.685491][ T28] ? __sys_sendmsg_sock+0x30/0x30 [ 549.690573][ T28] ? __import_iovec+0x315/0x500 [ 549.703441][ T28] ? import_iovec+0x6f/0xa0 [ 549.709407][ T28] ___sys_sendmsg+0x2a2/0x360 [ 549.721923][ T28] ? try_to_wake_up+0x67c/0x1080 [ 549.728641][ T28] ? __sys_sendmsg+0x290/0x290 [ 549.733503][ T28] __se_sys_sendmsg+0x1bb/0x2a0 [ 549.746629][ T28] ? __x64_sys_sendmsg+0x80/0x80 [ 549.751647][ T28] ? lockdep_hardirqs_on+0x94/0x140 [ 549.770641][ T28] do_syscall_64+0x4c/0xa0 [ 549.780044][ T28] ? clear_bhb_loop+0x60/0xb0 [ 549.788682][ T28] ? clear_bhb_loop+0x60/0xb0 [ 549.793404][ T28] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 549.808224][ T28] RIP: 0033:0x7fb467b9c799 [ 549.812689][ T28] RSP: 002b:00007fb468a55028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 549.832053][ T28] RAX: ffffffffffffffda RBX: 00007fb467e15fa0 RCX: 00007fb467b9c799 [ 549.841112][ T28] RDX: 0000000004044010 RSI: 0000200000000080 RDI: 0000000000000003 [ 549.857899][ T28] RBP: 00007fb467c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 549.870980][ T28] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 549.888792][ T28] R13: 00007fb467e16038 R14: 00007fb467e15fa0 R15: 00007ffde4c18948 [ 549.900471][ T28] [ 549.903557][ T28] [ 549.903557][ T28] Showing all locks held in the system: [ 549.921878][ T28] 2 locks held by kworker/u4:1/11: [ 549.928806][ T28] #0: ffff888017479138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 [ 549.949260][ T28] #1: ffffc90000107d00 (connector_reaper_work){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 [ 549.962365][ T28] 1 lock held by rcu_tasks_kthre/12: [ 549.975914][ T28] #0: ffffffff8cb2dfb0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x33/0xf00 [ 549.998478][ T28] 1 lock held by rcu_tasks_trace/13: [ 550.005319][ T28] #0: ffffffff8cb2e7d0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x33/0xf00 [ 550.025320][ T28] 1 lock held by khungtaskd/28: [ 550.030211][ T28] #0: ffffffff8cb2d620 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x51/0x290 [ 550.050948][ T28] 1 lock held by dhcpcd/3934: [ 550.057408][ T28] #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x288/0x1af0 [ 550.073597][ T28] 2 locks held by getty/4029: [ 550.095327][ T28] #0: ffff88814cf1a098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 [ 550.115449][ T28] #1: ffffc9000327b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x429/0x1390 [ 550.133765][ T28] 3 locks held by kworker/0:4/4314: [ 550.141859][ T28] #0: ffff888017470938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 [ 550.158226][ T28] #1: ffffc90004127d00 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 [ 550.173886][ T28] #2: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xa/0x20 [ 550.193034][ T28] 3 locks held by kworker/0:5/4315: [ 550.199393][ T28] #0: ffff88802f299d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 [ 550.220582][ T28] #1: ffffc90004137d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 [ 550.243542][ T28] #2: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x15/0x30 [ 550.262449][ T28] 6 locks held by kworker/1:7/4346: [ 550.268498][ T28] 2 locks held by kworker/u4:7/4448: [ 550.273797][ T28] #0: ffff888017479138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 [ 550.293958][ T28] #1: ffffc90004697d00 ((reaper_work).work){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 [ 550.313146][ T28] 5 locks held by kworker/u4:9/4523: [ 550.320059][ T28] #0: ffff888017616938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 [ 550.339192][ T28] #1: ffffc90004b1fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 [ 550.352544][ T28] #2: ffffffff8dd39b10 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x148/0xba0 [ 550.370804][ T28] #3: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xee/0xa80 [ 550.382376][ T28] #4: ffffffff8cb332f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x2ec/0x890 [ 550.402097][ T28] 3 locks held by kworker/1:10/4677: [ 550.411405][ T28] #0: ffff88802f299d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 [ 550.431508][ T28] #1: ffffc900052dfd00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 [ 550.453385][ T28] #2: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xca/0x14f0 [ 550.465526][ T28] 1 lock held by syz-executor/8292: [ 550.470751][ T28] #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 [ 550.489190][ T28] 1 lock held by syz-executor/8294: [ 550.497072][ T28] #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 [ 550.516105][ T28] 1 lock held by syz.3.1029/8369: [ 550.521184][ T28] #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 [ 550.538948][ T28] 1 lock held by syz.4.1030/8377: [ 550.546641][ T28] #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: __netlink_dump_start+0x11f/0x6f0 [ 550.562996][ T28] 3 locks held by syz.1.1031/8381: [ 550.571920][ T28] #0: ffff888074782c10 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: sock_close+0x90/0x240 [ 550.591754][ T28] #1: ffff88804fe74130 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: pptp_release+0x4e/0x2f0 [ 550.602856][ T28] #2: ffffffff8cb332f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x3c0/0x890 [ 550.622784][ T28] 1 lock held by syz-executor/8386: [ 550.629394][ T28] #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 [ 550.649860][ T28] 1 lock held by syz-executor/8391: [ 550.657282][ T28] #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 [ 550.675622][ T28] 1 lock held by syz-executor/8393: [ 550.680857][ T28] #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 [ 550.701595][ T28] 1 lock held by syz-executor/8397: [ 550.708892][ T28] #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 [ 550.728530][ T28] 1 lock held by syz-executor/8400: [ 550.738077][ T28] #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 [ 550.754224][ T28] 1 lock held by syz-executor/8403: [ 550.759456][ T28] #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 [ 550.777781][ T28] 1 lock held by syz-executor/8410: [ 550.783024][ T28] #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 [ 550.798646][ T28] 1 lock held by syz-executor/8412: [ 550.810672][ T28] #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 [ 550.830498][ T28] 1 lock held by syz-executor/8416: [ 550.837078][ T28] #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 [ 550.854920][ T28] 1 lock held by syz-executor/8417: [ 550.860168][ T28] #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 [ 550.879327][ T28] 1 lock held by syz-executor/8423: [ 550.888288][ T28] #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 [ 550.904438][ T28] 1 lock held by syz-executor/8429: [ 550.909677][ T28] #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 [ 550.929050][ T28] 1 lock held by syz-executor/8431: [ 550.937145][ T28] #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 [ 550.953243][ T28] [ 550.960478][ T28] ============================================= [ 550.960478][ T28] [ 550.975705][ T28] NMI backtrace for cpu 0 [ 550.980077][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted syzkaller #0 [ 550.987372][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 550.997439][ T28] Call Trace: [ 551.000725][ T28] [ 551.003664][ T28] dump_stack_lvl+0x188/0x24e [ 551.008358][ T28] ? irq_work_queue+0xb8/0x140 [ 551.013135][ T28] ? show_regs_print_info+0x12/0x12 [ 551.018350][ T28] ? load_image+0x400/0x400 [ 551.022861][ T28] ? vprintk_emit+0x59f/0x6a0 [ 551.027565][ T28] ? printk_sprint+0x460/0x460 [ 551.032350][ T28] nmi_cpu_backtrace+0x3e6/0x460 [ 551.037321][ T28] ? nmi_trigger_cpumask_backtrace+0x450/0x450 [ 551.043492][ T28] ? _printk+0xda/0x130 [ 551.047665][ T28] ? load_image+0x400/0x400 [ 551.052267][ T28] ? load_image+0x400/0x400 [ 551.056868][ T28] ? nmi_trigger_cpumask_backtrace+0xf3/0x450 [ 551.062949][ T28] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 551.069030][ T28] nmi_trigger_cpumask_backtrace+0x1d4/0x450 [ 551.075115][ T28] watchdog+0xeee/0xf30 [ 551.079285][ T28] ? watchdog+0x1ed/0xf30 [ 551.083637][ T28] kthread+0x29d/0x330 [ 551.087712][ T28] ? hungtask_pm_notify+0x40/0x40 [ 551.092749][ T28] ? kthread_blkcg+0xd0/0xd0 [ 551.097786][ T28] ret_from_fork+0x1f/0x30 [ 551.102229][ T28] [ 551.105863][ T28] Sending NMI from CPU 0 to CPUs 1: [ 551.111103][ C1] NMI backtrace for cpu 1 [ 551.111113][ C1] CPU: 1 PID: 4346 Comm: kworker/1:7 Not tainted syzkaller #0 [ 551.111130][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 551.111139][ C1] Workqueue: usb_hub_wq hub_event [ 551.111161][ C1] RIP: 0010:unwind_next_frame+0x1887/0x20b0 [ 551.111180][ C1] Code: 3b d2 0c 00 75 3e c6 05 76 3b d2 0c 01 48 c7 c7 80 85 89 8a e9 9d fa ff ff bf 01 00 00 00 e8 20 b9 1f 00 65 8b 0d e1 3d c9 7e 01 85 c9 75 75 e8 2e 52 c7 ff eb 6e 80 3d 44 3b d2 0c 00 0f 84 [ 551.111192][ C1] RSP: 0018:ffffc900041c6430 EFLAGS: 00000297 [ 551.111204][ C1] RAX: 0000000080000001 RBX: ffffc900041c6508 RCX: 0000000080000000 [ 551.111214][ C1] RDX: ffffc900041c6501 RSI: dffffc0000000000 RDI: 00000000ffffffff [ 551.111224][ C1] RBP: ffffffff8ef3126a R08: ffffc900041c6c38 R09: ffffc900041c6558 [ 551.111235][ C1] R10: dffffc0000000000 R11: fffff52000838cad R12: ffffc900041c0000 [ 551.111246][ C1] R13: dffffc0000000000 R14: ffffc900041c6518 R15: ffffc900041c6c48 [ 551.111257][ C1] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 551.111269][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 551.111280][ C1] CR2: 00007f5c287f7470 CR3: 000000000c88e000 CR4: 00000000003506e0 [ 551.111293][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 551.111301][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 551.111311][ C1] Call Trace: [ 551.111315][ C1] [ 551.111325][ C1] ? usb_alloc_urb+0x3f/0x140 [ 551.111346][ C1] ? stack_trace_save+0xf0/0xf0 [ 551.111362][ C1] arch_stack_walk+0x10c/0x140 [ 551.111387][ C1] ? ath6kl_usb_post_recv_transfers+0x24f/0x6f0 [ 551.111406][ C1] stack_trace_save+0xa6/0xf0 [ 551.111421][ C1] ? stack_trace_snprint+0xf0/0xf0 [ 551.111437][ C1] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 551.111457][ C1] save_stack+0x121/0x230 [ 551.111473][ C1] ? __reset_page_owner+0x1a0/0x1a0 [ 551.111487][ C1] ? post_alloc_hook+0x173/0x1a0 [ 551.111503][ C1] ? get_page_from_freelist+0x1a1e/0x1ab0 [ 551.111520][ C1] ? __alloc_pages+0x1ec/0x4f0 [ 551.111536][ C1] ? alloc_slab_page+0x5d/0x160 [ 551.111551][ C1] ? new_slab+0x87/0x2c0 [ 551.111564][ C1] ? ___slab_alloc+0xbc6/0x1240 [ 551.111577][ C1] ? __kmem_cache_alloc_node+0x1a0/0x260 [ 551.111591][ C1] ? __kmalloc+0xa0/0x240 [ 551.111608][ C1] ? usb_alloc_urb+0x3f/0x140 [ 551.111627][ C1] ? __lock_acquire+0x7d10/0x7d10 [ 551.111647][ C1] __set_page_owner+0x19/0x60 [ 551.111661][ C1] post_alloc_hook+0x173/0x1a0 [ 551.111678][ C1] get_page_from_freelist+0x1a1e/0x1ab0 [ 551.111701][ C1] ? verify_lock_unused+0x140/0x140 [ 551.111718][ C1] ? kasan_set_track+0x4b/0x70 [ 551.111735][ C1] ? __next_zones_zonelist+0x99/0x120 [ 551.111755][ C1] __alloc_pages+0x1ec/0x4f0 [ 551.111772][ C1] ? zone_statistics+0x170/0x170 [ 551.111793][ C1] ? alloc_pages+0x4d8/0x740 [ 551.111811][ C1] alloc_slab_page+0x5d/0x160 [ 551.111827][ C1] new_slab+0x87/0x2c0 [ 551.111847][ C1] ___slab_alloc+0xbc6/0x1240 [ 551.111863][ C1] ? usb_alloc_urb+0x3f/0x140 [ 551.111881][ C1] ? usb_alloc_urb+0x3f/0x140 [ 551.111899][ C1] __kmem_cache_alloc_node+0x1a0/0x260 [ 551.111914][ C1] ? usb_alloc_urb+0x3f/0x140 [ 551.111931][ C1] __kmalloc+0xa0/0x240 [ 551.111949][ C1] usb_alloc_urb+0x3f/0x140 [ 551.111966][ C1] ath6kl_usb_post_recv_transfers+0x24f/0x6f0 [ 551.111988][ C1] ath6kl_usb_power_on+0x66/0x280 [ 551.112003][ C1] ath6kl_core_init+0x1d6/0x1090 [ 551.112017][ C1] ? free_zapped_rcu+0x1f0/0x1f0 [ 551.112037][ C1] ? ath6kl_core_rx_complete+0x70/0x70 [ 551.112050][ C1] ? ath6kl_core_create+0x7d6/0x980 [ 551.112065][ C1] ? memcpy+0x3c/0x60 [ 551.112077][ C1] ? ath6kl_core_create+0x7d6/0x980 [ 551.112092][ C1] ath6kl_usb_probe+0x144a/0x1540 [ 551.112114][ C1] usb_probe_interface+0x5c5/0xb20 [ 551.112133][ C1] ? usb_register_driver+0x3d0/0x3d0 [ 551.112146][ C1] really_probe+0x2aa/0xc70 [ 551.112163][ C1] ? pm_runtime_barrier+0x147/0x1c0 [ 551.112179][ C1] __driver_probe_device+0x18c/0x330 [ 551.112196][ C1] driver_probe_device+0x4f/0x420 [ 551.112212][ C1] __device_attach_driver+0x2c6/0x510 [ 551.112228][ C1] ? coredump_store+0x90/0x90 [ 551.112244][ C1] bus_for_each_drv+0x184/0x210 [ 551.112259][ C1] ? coredump_store+0x90/0x90 [ 551.112273][ C1] ? subsys_find_device_by_id+0x360/0x360 [ 551.112292][ C1] __device_attach+0x2a8/0x480 [ 551.112309][ C1] ? device_attach+0x20/0x20 [ 551.112325][ C1] ? kobject_uevent_env+0x35f/0x8a0 [ 551.112344][ C1] bus_probe_device+0xbc/0x1e0 [ 551.112357][ C1] ? device_add+0x97c/0xfb0 [ 551.112376][ C1] device_add+0xa00/0xfb0 [ 551.112403][ C1] usb_set_configuration+0x1991/0x1fd0 [ 551.112429][ C1] usb_generic_driver_probe+0x89/0x150 [ 551.112445][ C1] usb_probe_device+0x139/0x270 [ 551.112460][ C1] ? usb_register_device_driver+0x230/0x230 [ 551.112474][ C1] really_probe+0x2aa/0xc70 [ 551.112490][ C1] ? pm_runtime_barrier+0x147/0x1c0 [ 551.112506][ C1] __driver_probe_device+0x18c/0x330 [ 551.112523][ C1] driver_probe_device+0x4f/0x420 [ 551.112540][ C1] __device_attach_driver+0x2c6/0x510 [ 551.112555][ C1] ? coredump_store+0x90/0x90 [ 551.112571][ C1] bus_for_each_drv+0x184/0x210 [ 551.112585][ C1] ? coredump_store+0x90/0x90 [ 551.112600][ C1] ? subsys_find_device_by_id+0x360/0x360 [ 551.112619][ C1] __device_attach+0x2a8/0x480 [ 551.112635][ C1] ? device_attach+0x20/0x20 [ 551.112648][ C1] ? __kmem_cache_free+0xb6/0x1f0 [ 551.112664][ C1] ? kobject_uevent_env+0x35f/0x8a0 [ 551.112680][ C1] bus_probe_device+0xbc/0x1e0 [ 551.112693][ C1] ? device_add+0x97c/0xfb0 [ 551.112711][ C1] device_add+0xa00/0xfb0 [ 551.112732][ C1] usb_new_device+0xd66/0x1650 [ 551.112753][ C1] ? lock_chain_count+0x20/0x20 [ 551.112769][ C1] ? usb_disconnect+0x8a0/0x8a0 [ 551.112785][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 551.112800][ C1] ? lockdep_hardirqs_on+0x94/0x140 [ 551.112815][ C1] hub_event+0x2dcf/0x5560 [ 551.112852][ C1] ? hub_post_resume+0x120/0x120 [ 551.112868][ C1] ? read_lock_is_recursive+0x10/0x10 [ 551.112883][ C1] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 551.112897][ C1] ? _raw_spin_unlock+0x40/0x40 [ 551.112911][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 551.112926][ C1] ? process_one_work+0x7b0/0x1160 [ 551.112941][ C1] process_one_work+0x8a2/0x1160 [ 551.112962][ C1] ? worker_detach_from_pool+0x240/0x240 [ 551.112978][ C1] ? _raw_spin_lock_irq+0xb7/0xf0 [ 551.112992][ C1] ? _raw_spin_lock_irqsave+0x100/0x100 [ 551.113006][ C1] ? kthread_data+0x4b/0xc0 [ 551.113025][ C1] worker_thread+0xaa2/0x1270 [ 551.113047][ C1] ? __kthread_parkme+0x162/0x1c0 [ 551.113067][ C1] kthread+0x29d/0x330 [ 551.113078][ C1] ? worker_clr_flags+0x1a0/0x1a0 [ 551.113091][ C1] ? kthread_blkcg+0xd0/0xd0 [ 551.113104][ C1] ret_from_fork+0x1f/0x30 [ 551.113127][ C1] [ 551.856982][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 551.863865][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted syzkaller #0 [ 551.871068][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 551.881130][ T28] Call Trace: [ 551.884414][ T28] [ 551.887365][ T28] dump_stack_lvl+0x188/0x24e [ 551.892058][ T28] ? memcpy+0x3c/0x60 [ 551.896048][ T28] ? show_regs_print_info+0x12/0x12 [ 551.901261][ T28] ? load_image+0x400/0x400 [ 551.905796][ T28] panic+0x2e5/0x730 [ 551.909715][ T28] ? schedule_preempt_disabled+0x20/0x20 [ 551.915369][ T28] ? bpf_jit_dump+0xd0/0xd0 [ 551.919971][ T28] ? __irq_work_queue_local+0x12c/0x190 [ 551.925548][ T28] ? nmi_trigger_cpumask_backtrace+0x35b/0x450 [ 551.931721][ T28] ? nmi_trigger_cpumask_backtrace+0x360/0x450 [ 551.937892][ T28] watchdog+0xf2d/0xf30 [ 551.942060][ T28] ? watchdog+0x1ed/0xf30 [ 551.946404][ T28] kthread+0x29d/0x330 [ 551.950481][ T28] ? hungtask_pm_notify+0x40/0x40 [ 551.955520][ T28] ? kthread_blkcg+0xd0/0xd0 [ 551.960117][ T28] ret_from_fork+0x1f/0x30 [ 551.964547][ T28] [ 551.967974][ T28] Kernel Offset: disabled [ 551.972345][ T28] Rebooting in 86400 seconds..