last executing test programs: 8.777338937s ago: executing program 0 (id=4324): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x4000000004002, 0x0) r1 = syz_io_uring_setup(0xa0, &(0x7f00000002c0)={0x0, 0x89b8, 0x1, 0x0, 0x207}, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) 8.375224954s ago: executing program 0 (id=4326): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={0x0}, 0x1, 0x0, 0x0, 0x4040}, 0x40040040) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000d00)=ANY=[@ANYBLOB="b70000008100003bbfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071105400000000001d400500000000004704000001ed00000f030000000000001d440000000000006b0a00fe000000007313000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff31a8fd3c0fd8b7ff831028e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646c0200000000000000020000e35208b0bb0d2cd829e654400e2438ec649dc76128610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda82fc9c4d7ecc7a803bf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714f62ba7a54f0c33d39000d0bfed3a6a59ff616236fd8f2477184bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06fa2e04cfe0649226c697d9e8eaade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00023ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a83469620c6e74e1f46132559c4f8700a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88f15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a920099c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40fc5d2f55ff07c53147de202ce517b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661061173f359e9052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff26b61aac8aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3ba18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e26534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336dfaa6d5d164301190bc2d4c04087729033342045804a28082abc3b4762302a271722fb515f31e0dd115a292f1e68481a62c49d15ea5460a29c60b1058fb7aa9bf4ee3cbe11b03711a15d730646b72d074dab1e8c429339f3460d324c17a4a8bfc7d7eab45bef00664d6dc82300000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 7.171651031s ago: executing program 3 (id=4331): syz_emit_vhci(&(0x7f00000005c0)=ANY=[@ANYBLOB="04060300c900be9fcc8fa26c1e984f0c122370c1d6d0e77aac164da6cd61a1b639b9aa930846ef35af9b954ee4ea92572d21f14141e78c5ca35b9ba401e8d32e6f552561dde5b4fff950e8d4c3099b8d9e8ede0ba2e6"], 0x6) 7.169824633s ago: executing program 0 (id=4332): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$alg(0x26, 0x5, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x800) recvmmsg$unix(r3, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0) 6.933112828s ago: executing program 3 (id=4335): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r0 = socket(0x10, 0x803, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000ec0)=@newtfilter={0x50, 0x2c, 0xd27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r2, {0xc, 0xfff1}, {}, {0x5, 0xf}}, [@filter_kind_options=@f_flow={{0x9}, {0x20, 0x2, [@TCA_FLOW_EMATCHES={0x1c, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xfffb}}, @TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0xc, 0x2, 0x0, 0x0, {{0xfffc, 0x9, 0x100}}}]}]}]}}]}, 0x50}}, 0x20040054) 6.10958148s ago: executing program 3 (id=4338): r0 = socket$kcm(0x10, 0x2, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) connect$unix(0xffffffffffffffff, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) ftruncate(r0, 0x4263) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) mknod$loop(&(0x7f0000000180)='./file0\x00', 0x400, 0x1) r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='.\x00', 0x0, 0x0) renameat(r5, &(0x7f00000004c0)='./cgroup.net/devices.allow\x00', r5, &(0x7f0000000380)='./cgroup.net/cgroup.procs\x00') r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), r7) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000480)={'wlan0\x00'}) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_COALESCE(r8, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) 5.046104087s ago: executing program 3 (id=4342): lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) r0 = syz_open_dev$sndpcmp(&(0x7f0000001540), 0x1, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(r0, 0xc1004111, &(0x7f0000001580)={0x0, [0x0, 0x100], [{}, {}, {}, {0x1000000, 0x4}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1}]}) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) futex(0x0, 0x18d, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) openat2(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', &(0x7f0000000200)={0x200803, 0x90, 0x1d}, 0x18) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_SET(r3, 0x4b72, &(0x7f0000000040)={0x0, 0x0, 0x8, 0xd, 0x200, &(0x7f0000000080)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a7309000a0000fdfd000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000005000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6dccbe2ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"}) copy_file_range(r2, 0x0, r2, 0x0, 0x400, 0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) r5 = openat$random(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0) r6 = dup(r5) mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r6}}) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, 0x0) r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bca900000000000035090100013800002c00000000000000b7020000000000007b9af8ff00000000b509000000000000dbaaf8fff1000000bf8600000000000007080000f8ff07040000f0ffffffc70200000800000018", @ANYRES32=r4, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000007000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 3.34592671s ago: executing program 3 (id=4347): io_uring_register$IORING_REGISTER_BUFFERS2(0xffffffffffffffff, 0xf, &(0x7f0000001880)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)}, 0x20) r0 = socket$key(0xf, 0x3, 0x2) recvmmsg(r0, 0x0, 0x0, 0x2000000022, &(0x7f0000000480)={0x77359400}) sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYRESOCT, @ANYRESHEX=r0], 0x10}}, 0x0) poll(0x0, 0x0, 0x1) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) bind$unix(r3, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r3, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000b00)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0xfffffff7, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x4, 0x5, 0x0, @void, @value, @void, @value}, 0x50) socket$nl_xfrm(0x10, 0x3, 0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000001a40)=""/102392, 0x18ff8) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[], 0x14}}, 0x0) ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f00000006c0)={0x4, 0x0, 0x0, 0x0, 0x104, 0x3}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) 3.292278895s ago: executing program 4 (id=4348): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x10, 0x803, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000ec0)=@newtfilter={0x50, 0x2c, 0xd27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r3, {0xc, 0xfff1}, {}, {0x5, 0xf}}, [@filter_kind_options=@f_flow={{0x9}, {0x20, 0x2, [@TCA_FLOW_EMATCHES={0x1c, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xfffb}}, @TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0xc, 0x2, 0x0, 0x0, {{0xfffc, 0x9, 0x100}}}]}]}]}}]}, 0x50}}, 0x20040054) 3.241304786s ago: executing program 2 (id=4349): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000004c0)={r1, 0x3, 0x6, @broadcast}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000040)={r1, 0x1, 0x6, @local}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0xfff3}}}, 0x24}}, 0x0) 2.438046006s ago: executing program 1 (id=4351): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x800) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002ac0)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)) openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x109140, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="5000000010008105e9c51c000000000000000000", @ANYRES32=r3, @ANYBLOB="01000000000000002800128009000100766c616e000000001800028006000100000000000c0002000c0000000d00", @ANYRES64=r1], 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x0) 2.402528718s ago: executing program 3 (id=4352): syz_usb_connect(0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x48000) socket$nl_route(0x10, 0x3, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x68c81, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) writev(r0, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xcdc}}, 0x48d4) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r6 = dup(r5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r6, 0x2000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) ptrace(0x10, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x90, 0x0, 0x0, {0x3, 0x2, 0x0, 0xffffffffffffffff, 0xfffffffb, 0xfffffffe, {0x0, 0x4, 0xfffffffffffffffd, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x1000}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) ptrace$setregs(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_PRE_FAULT_MEMORY(r4, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000}) 2.216209779s ago: executing program 4 (id=4353): syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00') r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_IKEY={0x8, 0x4, 0x7a}]}}}, @IFLA_MASTER={0x8, 0x3, r2}]}, 0x44}}, 0x0) 2.201088603s ago: executing program 1 (id=4354): r0 = syz_usb_connect$hid(0x3, 0x36, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f00000195c0)=ANY=[@ANYBLOB="00222300000097b21106"], 0x0}, 0x0) 2.126077849s ago: executing program 2 (id=4355): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0) r2 = socket(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x3, 0x2}}}}]}, 0x44}}, 0x800) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000007c0)=@newtfilter={0x54, 0x28, 0xd27, 0x1003ffd, 0x0, {0x0, 0x0, 0x0, r3, {0xffe0, 0x9}, {}, {0x2, 0xb}}, [@filter_kind_options=@f_fw={{0x7}, {0x28, 0x2, [@TCA_FW_INDEV={0x14, 0x3, 'geneve0\x00'}, @TCA_FW_POLICE={0xfd16, 0x2, [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x200}]}]}}, @TCA_CHAIN={0x0, 0xb, 0xffffffff}]}, 0x54}, 0x1, 0x0, 0x0, 0x810}, 0x200008c0) 2.125834313s ago: executing program 0 (id=4356): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14}}, 0x64}}, 0x0) sendmsg$IPSET_CMD_SAVE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000080601010000000000000000070000070500010007"], 0x3c}, 0x1, 0x0, 0x0, 0x4010}, 0x4000004) 1.911177345s ago: executing program 2 (id=4357): lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) r0 = syz_open_dev$sndpcmp(&(0x7f0000001540), 0x1, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(r0, 0xc1004111, &(0x7f0000001580)={0x0, [0x0, 0x100], [{}, {}, {}, {0x1000000, 0x4}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1}]}) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) futex(0x0, 0x18d, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) openat2(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', &(0x7f0000000200)={0x200803, 0x90, 0x1d}, 0x18) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_SET(r3, 0x4b72, &(0x7f0000000040)={0x0, 0x0, 0x8, 0xd, 0x200, &(0x7f0000000080)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a7309000a0000fdfd000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000005000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6dccbe2ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"}) copy_file_range(r2, 0x0, r2, 0x0, 0x400, 0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) r5 = openat$random(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0) r6 = dup(r5) mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r6}}) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, 0x0) r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bca900000000000035090100013800002c00000000000000b7020000000000007b9af8ff00000000b509000000000000dbaaf8fff1000000bf8600000000000007080000f8ff07040000f0ffffffc70200000800000018", @ANYRES32=r4, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000007000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 1.84271268s ago: executing program 4 (id=4358): socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, 0x0, 0x0) syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={0x0}, 0x1, 0x0, 0x0, 0x4081}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) recvmsg$can_raw(r0, &(0x7f0000001940)={&(0x7f0000000180)=@phonet, 0x80, &(0x7f0000001880)=[{&(0x7f0000000240)=""/96, 0x60}, {&(0x7f0000000000)=""/60, 0x3c}, {&(0x7f00000004c0)=""/239, 0xef}, {&(0x7f0000000080)=""/24, 0x18}, {&(0x7f00000005c0)=""/180, 0xb4}, {0x0}, {&(0x7f0000001680)=""/179, 0xb3}, {&(0x7f0000001740)=""/113, 0x71}, {&(0x7f00000017c0)=""/9, 0x9}, {0x0}], 0xa}, 0x2) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="1400d7141000010000000000000000000000000a7c000000060a0b04000000000000000002000000500004802c0001800b000100736f636b657400001c000280f7ff02400000000b0800014000000003080003000000008920000180080001006475700014000280050001400000000e08000240000000020900010073797a30000000"], 0xa4}}, 0x0) 1.797222178s ago: executing program 0 (id=4359): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r3}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="8b3329bd70000000"], 0x2c}}, 0x0) r6 = bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x8) bind$netlink(r6, &(0x7f0000000180)={0x10, 0x0, 0x25dfdbfb, 0x40000000}, 0xc) sendmsg$IEEE802154_LLSEC_LIST_DEV(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={0x0}}, 0x24000800) socket$nl_route(0x10, 0x3, 0x0) sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r0, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x20, r1, 0x4, 0x70bd2d, 0x25dfdbfb, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x20004004}, 0x0) r7 = socket(0x40000000015, 0x5, 0x0) setsockopt$sock_int(r7, 0x1, 0x23, &(0x7f0000000000)=0x2, 0x4) bind$inet(r7, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) recvmmsg(r7, &(0x7f00000040c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000015c0)=""/127, 0x7f}}], 0x1, 0x0, 0x0) sendto$inet(r7, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, 0x0, &(0x7f00000001c0)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x600, 0x0, 0x0, 0x6}, [@IFLA_ADDRESS={0xa, 0x3, @random="08e7eebc872f"}, @IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}]}, 0x44}}, 0x0) r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff) r9 = gettid() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010028bd7000ffdbdf2514000000080001000100000008001c00", @ANYRES32=r9], 0x24}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000000) 1.014017068s ago: executing program 1 (id=4360): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000001c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x8a, 0x3}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) dup3(r1, r0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) mkdirat(0xffffffffffffffff, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x10000000000) 992.049617ms ago: executing program 2 (id=4361): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0xfffc}, 0x8) sendto$inet6(r0, &(0x7f0000000740)='\x00', 0x1, 0x44, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x16, 0x0, 0x0) 947.276362ms ago: executing program 4 (id=4362): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x38011, r1, 0x9988000) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r2, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) fadvise64(r0, 0x18, 0x0, 0x4) 649.114889ms ago: executing program 1 (id=4363): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x10, 0x803, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000ec0)=@newtfilter={0x50, 0x2c, 0xd27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r3, {0xc, 0xfff1}, {}, {0x5, 0xf}}, [@filter_kind_options=@f_flow={{0x9}, {0x20, 0x2, [@TCA_FLOW_EMATCHES={0x1c, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xfffb}}, @TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0xc, 0x2, 0x0, 0x0, {{0xfffc, 0x9, 0x100}}}]}]}]}}]}, 0x50}}, 0x20040054) 517.323206ms ago: executing program 2 (id=4364): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x800) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002ac0)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)) openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x109140, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="5000000010008105e9c51c000000000000000000", @ANYRES32=r3, @ANYBLOB="01000000000000002800128009000100766c616e000000001800028006000100000000000c0002000c0000000d00000008", @ANYRES64=r1], 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x0) 370.029901ms ago: executing program 4 (id=4365): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800"/13], 0x0, 0x3, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000000900010073797a30000000000800034000000005"], 0x64}, 0x1, 0x0, 0x0, 0x890}, 0x0) 254.98778ms ago: executing program 2 (id=4366): r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x2002) r1 = dup(r0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) ioctl$NBD_SET_FLAGS(r0, 0xab0a, 0xbdf) ioctl$NBD_SET_SOCK(r0, 0xab00, r2) ioctl$NBD_DO_IT(r0, 0xab03) 242.77356ms ago: executing program 1 (id=4367): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0) r2 = socket(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x3, 0x2}}}}]}, 0x44}}, 0x800) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000007c0)=@newtfilter={0x54, 0x28, 0xd27, 0x1003ffd, 0x0, {0x0, 0x0, 0x0, r3, {0xffe0, 0x9}, {}, {0x2, 0xb}}, [@filter_kind_options=@f_fw={{0x7}, {0x28, 0x2, [@TCA_FW_INDEV={0x14, 0x3, 'geneve0\x00'}, @TCA_FW_POLICE={0xfd16, 0x2, [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x200}]}]}}, @TCA_CHAIN={0x0, 0xb, 0xffffffff}]}, 0x54}, 0x1, 0x0, 0x0, 0x810}, 0x200008c0) 186.641522ms ago: executing program 4 (id=4368): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) r0 = syz_io_uring_setup(0x5ce, &(0x7f0000000240)={0x0, 0x7734, 0x0, 0x40000, 0x178}, &(0x7f00000000c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0xb2752a96f73d6e14, 0x0, 0x0, 0x0, 0x23456}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) 185.825008ms ago: executing program 0 (id=4369): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14}}, 0x64}}, 0x0) sendmsg$IPSET_CMD_SAVE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000080601010000000000000000070000070500010007"], 0x3c}, 0x1, 0x0, 0x0, 0x4010}, 0x4000004) 0s ago: executing program 1 (id=4370): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000400)=ANY=[], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f00000195c0)=ANY=[@ANYBLOB="00222300000097b21106"], 0x0}, 0x0) kernel console output (not intermixed with test programs): 63006][ T6758] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 401.372373][ T6719] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 401.403204][T12048] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2376'. [ 401.535444][ T6719] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 401.556559][ T6758] usb 4-1: Using ep0 maxpacket: 32 [ 401.556563][ T6719] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 401.563720][ T6719] usb 5-1: config 0 descriptor?? [ 401.586848][ T6758] usb 4-1: unable to get BOS descriptor or descriptor too short [ 401.597068][ T6719] cp210x 5-1:0.0: cp210x converter detected [ 401.604071][ T6758] usb 4-1: config 128 has an invalid interface number: 127 but max is 3 [ 401.620804][ T6758] usb 4-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 401.639838][ T6758] usb 4-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 401.679921][ T6758] usb 4-1: config 128 has no interface number 0 [ 401.702378][ T6758] usb 4-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0 [ 401.735751][ T6758] usb 4-1: config 128 interface 127 has no altsetting 0 [ 401.739676][ T6758] usb 4-1: language id specifier not provided by device, defaulting to English [ 401.742457][ T6758] usb 4-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 401.742488][ T6758] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 401.742510][ T6758] usb 4-1: Product: syz [ 401.742528][ T6758] usb 4-1: Manufacturer: syz [ 401.742545][ T6758] usb 4-1: SerialNumber: syz [ 401.799736][T12057] 9pnet_fd: Insufficient options for proto=fd [ 402.052559][ T5937] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 402.119629][ T6719] cp210x 5-1:0.0: failed to get vendor val 0x370c size 13: -71 [ 402.128058][ T6719] cp210x 5-1:0.0: GPIO initialisation failed: -71 [ 402.138570][ T6719] usb 5-1: cp210x converter now attached to ttyUSB0 [ 402.148435][ T6719] usb 5-1: USB disconnect, device number 10 [ 402.158422][ T6719] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 402.166825][ T6719] cp210x 5-1:0.0: device disconnected [ 402.895344][ T5937] usb 3-1: unable to get BOS descriptor or descriptor too short [ 402.903883][ T6758] usb 4-1: USB disconnect, device number 10 [ 402.914737][ T5937] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 402.927455][ T5937] usb 3-1: can't read configurations, error -71 [ 403.031900][T12074] netlink: 'syz.0.2388': attribute type 13 has an invalid length. [ 403.523998][ T6758] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 403.662730][ T5887] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 403.695026][ T6758] usb 1-1: config 0 has an invalid interface number: 251 but max is 0 [ 403.705164][ T6758] usb 1-1: config 0 has no interface number 0 [ 403.825294][ T5887] usb 5-1: Using ep0 maxpacket: 32 [ 403.860649][ T6758] usb 1-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 403.969671][ T5887] usb 5-1: unable to get BOS descriptor or descriptor too short [ 403.992568][ T6758] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 404.036979][ T5887] usb 5-1: config 128 has an invalid interface number: 127 but max is 3 [ 404.059340][ T6758] usb 1-1: Product: syz [ 404.088277][ T6758] usb 1-1: Manufacturer: syz [ 404.106374][ T5887] usb 5-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 404.145632][ T6758] usb 1-1: SerialNumber: syz [ 404.237728][ T5887] usb 5-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 404.269434][ T6758] usb 1-1: config 0 descriptor?? [ 404.275830][ T5887] usb 5-1: config 128 has no interface number 0 [ 404.285192][ T5887] usb 5-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0 [ 404.295909][ T5887] usb 5-1: config 128 interface 127 has no altsetting 0 [ 404.314138][ T5887] usb 5-1: language id specifier not provided by device, defaulting to English [ 404.471485][ T5887] usb 5-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 404.481444][ T5887] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 404.490346][ T5887] usb 5-1: Product: syz [ 404.494736][ T5887] usb 5-1: Manufacturer: syz [ 404.499394][ T5887] usb 5-1: SerialNumber: syz [ 404.729472][ T6758] asix 1-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 404.750282][ T6758] asix 1-1:0.251 (unnamed net_device) (uninitialized): Failed to read MAC address: -71 [ 404.769667][ T6758] asix 1-1:0.251: probe with driver asix failed with error -5 [ 404.807383][ T6758] usb 1-1: USB disconnect, device number 8 [ 405.004982][ T5887] usb 5-1: USB disconnect, device number 11 [ 406.003407][T12141] netlink: 'syz.0.2409': attribute type 13 has an invalid length. [ 407.047501][T12171] input: syz1 as /devices/virtual/input/input8 [ 407.312531][ T6719] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 407.482416][ T6719] usb 3-1: Using ep0 maxpacket: 32 [ 407.607109][T12191] lo speed is unknown, defaulting to 1000 [ 407.706790][ T6719] usb 3-1: unable to get BOS descriptor or descriptor too short [ 407.718943][ T6719] usb 3-1: config 128 has an invalid interface number: 127 but max is 3 [ 407.731802][ T6719] usb 3-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 407.970469][ T6719] usb 3-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 408.583245][ T6719] usb 3-1: config 128 has no interface number 0 [ 408.589606][ T6719] usb 3-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0 [ 408.673285][T12200] netlink: 'syz.0.2433': attribute type 10 has an invalid length. [ 408.681372][ T6719] usb 3-1: config 128 interface 127 has no altsetting 0 [ 408.700492][T12200] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2433'. [ 408.718925][ T6719] usb 3-1: language id specifier not provided by device, defaulting to English [ 408.735816][T12200] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2433'. [ 408.739977][ T6719] usb 3-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 408.757503][ T6719] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 408.765835][ T6719] usb 3-1: Product: syz [ 408.770045][ T6719] usb 3-1: Manufacturer: syz [ 408.778624][ T6719] usb 3-1: SerialNumber: syz [ 408.800062][T12200] syz_tun (unregistering): left allmulticast mode [ 408.821927][T12200] syz_tun (unregistering): left promiscuous mode [ 408.962328][ T6758] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 409.132522][ T6758] usb 2-1: Using ep0 maxpacket: 32 [ 409.143096][ T6758] usb 2-1: unable to get BOS descriptor or descriptor too short [ 409.155803][ T6758] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 409.168985][ T6758] usb 2-1: config 1 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 409.207966][ T6758] usb 2-1: config 1 interface 0 has no altsetting 0 [ 409.222075][ T6758] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 409.231805][ T6719] usb 3-1: USB disconnect, device number 12 [ 409.231977][ T6758] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 409.252174][ T6758] usb 2-1: Product: syz [ 409.256604][ T6758] usb 2-1: Manufacturer: syz [ 409.261364][ T6758] usb 2-1: SerialNumber: syz [ 409.480393][ T6758] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22 [ 409.506676][ T6758] usb 2-1: USB disconnect, device number 4 [ 409.592517][ T977] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 409.754608][ T977] usb 1-1: config 0 has an invalid interface number: 214 but max is 0 [ 409.768965][ T977] usb 1-1: config 0 has no interface number 0 [ 409.782430][ T977] usb 1-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 409.796146][ T977] usb 1-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 409.805921][ T977] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 409.817858][ T977] usb 1-1: Product: syz [ 409.823031][ T977] usb 1-1: Manufacturer: syz [ 409.828312][ T977] usb 1-1: SerialNumber: syz [ 409.836713][ T977] usb 1-1: config 0 descriptor?? [ 409.898152][T12237] netlink: 'syz.4.2449': attribute type 10 has an invalid length. [ 409.909708][T12237] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2449'. [ 409.919153][T12237] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 409.938649][T12237] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2449'. [ 409.959866][T12237] syz_tun (unregistering): left allmulticast mode [ 410.051646][ T977] usbtouchscreen 1-1:0.214: Failed to read FW rev: -32 [ 410.060228][ T977] usbtouchscreen 1-1:0.214: probe with driver usbtouchscreen failed with error -32 [ 410.069742][ T6758] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 410.088327][ T977] usb 1-1: USB disconnect, device number 9 [ 410.250241][ T6758] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 410.270156][ T6758] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 410.380424][ T6758] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 410.485408][ T6758] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 410.558242][ T6758] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 410.730652][ T6758] usb 3-1: config 0 descriptor?? [ 411.147815][T12253] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2455'. [ 411.255166][T12259] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2459'. [ 411.373185][ T6758] plantronics 0003:047F:FFFF.0013: No inputs registered, leaving [ 411.389724][ T6758] plantronics 0003:047F:FFFF.0013: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 411.662899][ T6758] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 411.919213][ T6758] usb 4-1: config 0 has an invalid interface number: 255 but max is 0 [ 412.111332][ T6758] usb 4-1: config 0 has no interface number 0 [ 412.117576][ T6758] usb 4-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 412.129667][ T6758] usb 4-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 412.143832][ T6758] usb 4-1: config 0 interface 255 has no altsetting 0 [ 412.150680][ T6758] usb 4-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b [ 412.159790][ T6758] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 412.171553][ T6758] usb 4-1: config 0 descriptor?? [ 412.185649][ T6758] ums-realtek 4-1:0.255: USB Mass Storage device detected [ 412.359004][T12279] ptrace attach of "./syz-executor exec"[5843] was attempted by ""[12279] [ 412.416099][ T977] usb 4-1: USB disconnect, device number 11 [ 412.555811][ T5887] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 412.724077][ T5887] usb 5-1: config 0 has an invalid interface number: 64 but max is 0 [ 412.743696][ T5887] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 412.754203][ T5887] usb 5-1: config 0 has no interface number 0 [ 412.774742][ T5887] usb 5-1: New USB device found, idVendor=056d, idProduct=0000, bcdDevice=39.00 [ 412.791206][ T5887] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 412.806002][ T5887] usb 5-1: Product: syz [ 412.810238][ T5887] usb 5-1: Manufacturer: syz [ 412.815018][ T5887] usb 5-1: SerialNumber: syz [ 412.835012][ T5887] usb 5-1: config 0 descriptor?? [ 413.060716][ T5887] usb 5-1: Found UVC 0.00 device syz (056d:0000) [ 413.077457][ T5887] usb 5-1: No valid video chain found. [ 413.092831][ T5887] usb 5-1: USB disconnect, device number 12 [ 413.149955][ C1] plantronics 0003:047F:FFFF.0013: usb_submit_urb(ctrl) failed: -1 [ 413.637529][T12289] ptrace attach of "./syz-executor exec"[12290] was attempted by "./syz-executor exec"[12289] [ 414.114980][ T6728] usb 3-1: USB disconnect, device number 13 [ 414.162509][ T6722] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 414.329907][ T6722] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 414.344277][ T6722] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 414.407068][ T6722] usb 5-1: config 0 descriptor?? [ 414.433132][ T6722] cp210x 5-1:0.0: cp210x converter detected [ 414.762745][T12276] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2461'. [ 414.820203][T12298] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2471'. [ 415.284860][ T6722] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 415.326554][ T6722] cp210x 5-1:0.0: failed to get vendor val 0x3711 size 2: -121 [ 415.352398][ T6722] cp210x 5-1:0.0: GPIO initialisation failed: -121 [ 415.397077][ T6722] usb 5-1: cp210x converter now attached to ttyUSB0 [ 415.496816][ T30] audit: type=1326 audit(1749923277.612:2357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12310 comm="syz.1.2474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7f0d8e929 code=0x7fc00000 [ 415.883853][T12333] tipc: Enabled bearer , priority 0 [ 415.909844][T12332] tipc: Resetting bearer [ 416.275615][ T30] audit: type=1326 audit(1749923278.392:2358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12310 comm="syz.1.2474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fb7f0d8e929 code=0x7fc00000 [ 416.530547][ T30] audit: type=1326 audit(1749923278.412:2359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12310 comm="syz.1.2474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7f0d8e929 code=0x7fc00000 [ 416.744590][ T30] audit: type=1326 audit(1749923278.412:2360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12310 comm="syz.1.2474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7f0d8e929 code=0x7fc00000 [ 416.792361][ T30] audit: type=1326 audit(1749923278.422:2361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12310 comm="syz.1.2474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7f0d8e929 code=0x7fc00000 [ 416.815616][ T30] audit: type=1326 audit(1749923278.422:2362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12310 comm="syz.1.2474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7f0d8e929 code=0x7fc00000 [ 416.865328][ T30] audit: type=1326 audit(1749923278.422:2363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12310 comm="syz.1.2474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7f0d8e929 code=0x7fc00000 [ 416.995163][ T5887] usb 5-1: USB disconnect, device number 13 [ 417.035312][ T5887] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 417.049755][ T5887] cp210x 5-1:0.0: device disconnected [ 417.149778][ T30] audit: type=1326 audit(1749923278.422:2364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12310 comm="syz.1.2474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7f0d8e929 code=0x7fc00000 [ 417.172390][ T30] audit: type=1326 audit(1749923278.432:2365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12310 comm="syz.1.2474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7f0d8e929 code=0x7fc00000 [ 417.194941][ T30] audit: type=1326 audit(1749923278.432:2366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12310 comm="syz.1.2474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7f0d8e929 code=0x7fc00000 [ 418.984314][ T6722] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 419.039356][ T6728] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 419.132331][ T5887] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 419.146066][ T6722] usb 1-1: Using ep0 maxpacket: 16 [ 419.159106][ T6722] usb 1-1: New USB device found, idVendor=0403, idProduct=b8d8, bcdDevice=30.bb [ 419.180920][ T6722] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 419.204228][ T6728] usb 5-1: config 220 has an invalid interface number: 76 but max is 2 [ 419.215252][ T6722] usb 1-1: Product: syz [ 419.219472][ T6722] usb 1-1: Manufacturer: syz [ 419.234773][ T6728] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 419.246150][ T6722] usb 1-1: SerialNumber: syz [ 419.254062][ T6728] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 419.284059][ T5887] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 419.290723][ T6728] usb 5-1: config 220 has no interface number 2 [ 419.293364][ T5887] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 419.298149][ T5887] usb 2-1: config 0 descriptor?? [ 419.302742][ T6728] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 419.310852][ T5887] cp210x 2-1:0.0: cp210x converter detected [ 419.334378][ T6728] usb 5-1: config 220 interface 0 has no altsetting 0 [ 419.341494][ T6728] usb 5-1: config 220 interface 76 has no altsetting 0 [ 419.353374][ T6728] usb 5-1: config 220 interface 1 has no altsetting 0 [ 419.379583][ T6728] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 419.393326][ T6728] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 419.427051][ T6728] usb 5-1: Product: syz [ 419.431334][ T6728] usb 5-1: Manufacturer: syz [ 419.438950][ T6728] usb 5-1: SerialNumber: syz [ 419.711429][ T6728] usb 5-1: Found UVC 7.01 device syz (8086:0b07) [ 419.730687][ T6728] usb 5-1: No valid video chain found. [ 419.747189][ T6728] usb 5-1: selecting invalid altsetting 0 [ 419.788267][ T6728] usb 5-1: selecting invalid altsetting 0 [ 419.799201][ T6728] usbtest 5-1:220.1: probe with driver usbtest failed with error -22 [ 419.829667][ T6728] usb 5-1: USB disconnect, device number 14 [ 419.873851][ T5887] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 419.905905][ T6722] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 420.105578][ T5887] usb 2-1: cp210x converter now attached to ttyUSB0 [ 420.138353][ T6722] snd-usb-audio 1-1:222.0: probe with driver snd-usb-audio failed with error -71 [ 420.149620][ T6722] usb 1-1: USB disconnect, device number 10 [ 420.295201][ T6728] usb 2-1: USB disconnect, device number 5 [ 420.318501][ T6728] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 420.557314][ T6728] cp210x 2-1:0.0: device disconnected [ 420.593822][T12332] tipc: Disabling bearer [ 423.231697][T12411] pim6reg: tun_chr_ioctl cmd 1074025677 [ 423.242667][T12411] pim6reg: linktype set to 65534 [ 423.406787][T12421] tipc: Enabled bearer , priority 0 [ 423.452606][T12413] tipc: Resetting bearer [ 424.312411][ T6728] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 424.470523][ T6722] tipc: Node number set to 453652671 [ 424.482332][ T6728] usb 5-1: Using ep0 maxpacket: 8 [ 424.492333][ T6728] usb 5-1: unable to get BOS descriptor or descriptor too short [ 424.511366][ T6728] usb 5-1: config index 0 descriptor too short (expected 65534, got 116) [ 424.529516][ T6728] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 424.550069][ T6728] usb 5-1: config 1 interface 1 has no altsetting 0 [ 424.567178][ T6728] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 424.584224][ T6728] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 424.600203][ T6728] usb 5-1: Product: syz [ 424.609047][ T6728] usb 5-1: Manufacturer: syz [ 424.619500][ T6728] usb 5-1: SerialNumber: syz [ 424.849383][ T6728] usb 5-1: selecting invalid altsetting 0 [ 424.869784][ T6728] usb 5-1: selecting invalid altsetting 0 [ 424.879741][ T6728] cdc_ncm 5-1:1.0: bind() failure [ 424.903364][ T6728] usb 5-1: selecting invalid altsetting 0 [ 424.909191][ T6728] cdc_ncm 5-1:1.1: probe with driver cdc_ncm failed with error -22 [ 424.936858][ T6728] usb 5-1: selecting invalid altsetting 0 [ 424.956813][ T6728] cdc_mbim 5-1:1.1: probe with driver cdc_mbim failed with error -22 [ 424.973284][ T6728] usb 5-1: selecting invalid altsetting 0 [ 424.989402][ T6728] usbtest 5-1:1.1: probe with driver usbtest failed with error -22 [ 425.040599][ T6728] usb 5-1: USB disconnect, device number 15 [ 427.946268][T12413] tipc: Disabling bearer [ 428.082855][T12477] lo speed is unknown, defaulting to 1000 [ 430.136980][T12515] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2550'. [ 431.125798][T12529] Invalid ELF header magic: != ELF [ 431.333517][ T5887] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 431.504334][ T5887] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11 [ 431.534033][ T5887] usb 4-1: New USB device found, idVendor=046d, idProduct=ca03, bcdDevice= 0.00 [ 431.553585][ T5887] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 431.639474][ T5887] usb 4-1: config 0 descriptor?? [ 431.922334][ T6728] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 431.943250][T12545] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2561'. [ 432.072345][ T6728] usb 1-1: Using ep0 maxpacket: 16 [ 432.088615][ T5887] logitech 0003:046D:CA03.0014: hidraw0: USB HID v0.00 Device [HID 046d:ca03] on usb-dummy_hcd.3-1/input0 [ 432.089968][ T6728] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 432.122711][ T5887] logitech 0003:046D:CA03.0014: no inputs found [ 432.136377][ T6728] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 432.162325][ T6728] usb 1-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 432.185731][ T6728] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 432.197990][ T6728] usb 1-1: config 0 descriptor?? [ 432.298301][ T5887] usb 4-1: USB disconnect, device number 12 [ 432.415123][T12543] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2560'. [ 432.424350][T12543] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2560'. [ 432.433453][ T6722] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 432.484572][T12556] Invalid ELF header magic: != ELF [ 432.524067][ T6728] usbhid 1-1:0.0: can't add hid device: -71 [ 432.530143][ T6728] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 432.555227][ T6728] usb 1-1: USB disconnect, device number 11 [ 432.592353][ T6722] usb 3-1: Using ep0 maxpacket: 16 [ 432.620699][ T6722] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 432.813046][ T6722] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 432.823373][ T6722] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 432.836882][ T6722] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 433.162438][ T6722] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 433.221247][ T6722] usb 3-1: config 0 descriptor?? [ 433.676415][ T6722] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0 [ 433.728479][ T6722] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0 [ 433.766859][ T6722] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0 [ 433.805417][ T6722] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0 [ 433.855447][ T6722] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0 [ 433.899452][ T6722] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0 [ 433.934823][ T6722] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0 [ 433.955550][ T6728] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 433.975231][ T6722] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0 [ 434.004251][ T6722] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0 [ 434.011643][ T6722] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0 [ 434.274260][ T6728] usb 4-1: Using ep0 maxpacket: 16 [ 434.323730][ T6728] usb 4-1: config 0 interface 0 has no altsetting 0 [ 434.344142][ T6722] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0 [ 434.346256][T12583] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 434.359945][ T6728] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 434.373738][ T6722] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0 [ 434.426358][ T6722] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0 [ 434.447573][ T6728] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 434.502582][ T6722] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0 [ 434.844538][ T6722] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0 [ 434.885208][ T6728] usb 4-1: config 0 descriptor?? [ 434.909043][ T6722] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0 [ 434.988336][ T6722] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0 [ 435.015702][ T6722] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0 [ 435.045692][ T6722] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0 [ 435.065912][ T6722] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0 [ 435.087973][ T6722] microsoft 0003:045E:07DA.0015: collection stack underflow [ 435.096047][ T6722] microsoft 0003:045E:07DA.0015: item 0 1 0 12 parsing failed [ 435.113248][ T6722] microsoft 0003:045E:07DA.0015: parse failed [ 435.119687][ T6722] microsoft 0003:045E:07DA.0015: probe with driver microsoft failed with error -22 [ 435.169509][ T6722] usb 3-1: USB disconnect, device number 14 [ 435.216501][T12591] Invalid ELF header magic: != ELF [ 435.260903][ T6728] usbhid 4-1:0.0: can't add hid device: -71 [ 435.281814][ T6728] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 435.309279][ T6728] usb 4-1: USB disconnect, device number 13 [ 438.172404][ T5887] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 438.196489][T12624] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 438.349500][ T5887] usb 4-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 438.380909][ T5887] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 438.403024][ T5887] usb 4-1: config 0 descriptor?? [ 439.487239][ T5887] pegasus 4-1:0.0: probe with driver pegasus failed with error -32 [ 440.957817][ T5887] usb 4-1: USB disconnect, device number 14 [ 442.352488][ T6728] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 442.512584][ T6728] usb 1-1: Using ep0 maxpacket: 32 [ 442.543388][ T6728] usb 1-1: unable to get BOS descriptor or descriptor too short [ 442.562036][ T6728] usb 1-1: config 128 has an invalid interface number: 127 but max is 3 [ 442.601729][ T6728] usb 1-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 442.646590][ T6728] usb 1-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 442.695176][ T6728] usb 1-1: config 128 has no interface number 0 [ 442.728821][ T6728] usb 1-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0 [ 442.780604][ T6728] usb 1-1: config 128 interface 127 has no altsetting 0 [ 442.889386][ T6728] usb 1-1: language id specifier not provided by device, defaulting to English [ 442.932547][ T6728] usb 1-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 442.970582][ T6728] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 443.025418][ T6728] usb 1-1: Product: syz [ 443.029762][ T6728] usb 1-1: Manufacturer: syz [ 443.077211][ T6728] usb 1-1: SerialNumber: syz [ 444.248290][T12717] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2621'. [ 444.311355][ T6728] usb 1-1: USB disconnect, device number 12 [ 444.325521][T12717] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2621'. [ 445.181714][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 446.594911][T12745] ptrace attach of "./syz-executor exec"[12746] was attempted by "./syz-executor exec"[12745] [ 447.939615][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 447.939640][ T30] audit: type=1326 audit(1749923310.042:2370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12750 comm="syz.0.2630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f242b78e929 code=0x7ffc0000 [ 448.100846][ T30] audit: type=1326 audit(1749923310.042:2371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12750 comm="syz.0.2630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f242b78e929 code=0x7ffc0000 [ 448.238955][ T30] audit: type=1326 audit(1749923310.082:2372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12750 comm="syz.0.2630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f242b78e929 code=0x7ffc0000 [ 449.144661][ T30] audit: type=1326 audit(1749923310.082:2373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12750 comm="syz.0.2630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f242b78e929 code=0x7ffc0000 [ 449.185523][T12764] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2634'. [ 449.223167][ T30] audit: type=1326 audit(1749923310.082:2374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12750 comm="syz.0.2630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f242b78e929 code=0x7ffc0000 [ 449.628618][ T30] audit: type=1326 audit(1749923310.092:2375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12750 comm="syz.0.2630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f242b78e929 code=0x7ffc0000 [ 449.723629][ T30] audit: type=1326 audit(1749923310.092:2376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12750 comm="syz.0.2630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f242b78e929 code=0x7ffc0000 [ 449.772630][ T30] audit: type=1326 audit(1749923310.092:2377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12750 comm="syz.0.2630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=432 compat=0 ip=0x7f242b78e929 code=0x7ffc0000 [ 450.428934][ T6728] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 450.485676][ T30] audit: type=1326 audit(1749923310.092:2378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12750 comm="syz.0.2630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f242b78e929 code=0x7ffc0000 [ 450.514627][ T30] audit: type=1326 audit(1749923310.102:2379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12750 comm="syz.0.2630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=81 compat=0 ip=0x7f242b78e929 code=0x7ffc0000 [ 450.603922][ T6728] usb 1-1: Using ep0 maxpacket: 16 [ 450.621329][ T6728] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 450.704550][ T6728] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 450.833066][ T6728] usb 1-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 450.882711][ T6728] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 450.937617][ T6728] usb 1-1: config 0 descriptor?? [ 451.233985][T12770] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2637'. [ 451.302672][T12770] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2637'. [ 451.595371][ T6728] usbhid 1-1:0.0: can't add hid device: -71 [ 451.625471][ T6728] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 451.702408][ T6728] usb 1-1: USB disconnect, device number 13 [ 451.812868][T12802] netlink: 72 bytes leftover after parsing attributes in process `syz.4.2648'. [ 452.046627][T12805] syz.3.2649 (12805) used greatest stack depth: 17992 bytes left [ 454.144207][ T6722] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 455.219163][ T6722] usb 2-1: device descriptor read/all, error -71 [ 455.282038][ T6728] kernel write not supported for file 1244/task/1245/clear_refs (pid: 6728 comm: kworker/1:16) [ 455.423116][T12830] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2659'. [ 455.669999][ T6722] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 455.883869][ T6722] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 455.906895][ T6722] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 455.943908][ T6722] usb 2-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00 [ 455.962355][ T6722] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 456.178507][ T6722] usb 2-1: config 0 descriptor?? [ 458.876073][ T6722] usb 2-1: Direct firmware load for ar3k/ramps_0x9e0825d9_26.dfu failed with error -2 [ 458.892612][ T6722] usb 2-1: Falling back to sysfs fallback for: ar3k/ramps_0x9e0825d9_26.dfu [ 459.064701][T12857] netlink: 'syz.1.2670': attribute type 153 has an invalid length. [ 460.459883][T12872] libceph: resolve '½@½Ée2²âOAq§¨­cz' (ret=-3): failed [ 461.804859][T12879] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 462.708122][T12893] input: syz1 as /devices/virtual/input/input11 [ 462.726219][T12893] input: failed to attach handler leds to device input11, error: -6 [ 464.178604][T12922] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 465.067451][T12940] pimreg: entered allmulticast mode [ 465.107014][T12940] pimreg: left allmulticast mode [ 468.625544][T12974] Invalid ELF header magic: != ELF [ 468.664807][ T6728] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 468.862396][ T6728] usb 4-1: Using ep0 maxpacket: 32 [ 468.934346][ T6728] usb 4-1: config 1 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 16 [ 469.103800][ T6728] usb 4-1: config 1 interface 0 altsetting 2 bulk endpoint 0x3 has invalid maxpacket 1024 [ 469.287848][ T6728] usb 4-1: config 1 interface 0 has no altsetting 0 [ 469.378914][ T6728] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 469.427421][ T6728] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 469.435687][ T6728] usb 4-1: Product: syz [ 469.448847][ T6728] usb 4-1: Manufacturer: syz [ 469.458916][ T6728] usb 4-1: SerialNumber: syz [ 469.470792][T12968] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 469.482659][T12968] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 469.510320][T12986] binder: 12985:12986 ioctl c0306201 200000000240 returned -14 [ 469.955428][ T6728] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71 [ 469.975337][ T6728] usb 4-1: USB disconnect, device number 15 [ 472.725814][T13023] Invalid ELF header magic: != ELF [ 474.032540][T13044] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2735'. [ 476.663900][T13074] Invalid ELF header magic: != ELF [ 478.984318][T13102] futex_wake_op: syz.4.2754 tries to shift op by -1; fix this program [ 480.711010][T13117] Invalid ELF header magic: != ELF [ 483.186464][T13137] netlink: 'syz.0.2768': attribute type 1 has an invalid length. [ 483.227543][T13137] netlink: 'syz.0.2768': attribute type 2 has an invalid length. [ 484.223969][T13137] netlink: 'syz.0.2768': attribute type 1 has an invalid length. [ 484.234488][T13137] netlink: 'syz.0.2768': attribute type 2 has an invalid length. [ 484.311834][T13152] Invalid ELF header magic: != ELF [ 489.292670][T13180] bond0: (slave bond_slave_0): Releasing backup interface [ 489.323185][T13180] bond0: (slave bond_slave_1): Releasing backup interface [ 489.353959][T13180] team0: Port device team_slave_0 removed [ 489.361637][T13180] team0: Port device team_slave_1 removed [ 489.369637][T13180] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 489.378030][T13180] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 489.389774][T13180] team0: Port device geneve0 removed [ 489.399971][T13180] bond1: (slave gretap1): Releasing backup interface [ 489.845347][T13197] Invalid ELF header magic: != ELF [ 492.861447][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 492.861468][ T30] audit: type=1326 audit(1749923354.972:2382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13211 comm="syz.0.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f242b78e929 code=0x7ffc0000 [ 492.995635][ T30] audit: type=1326 audit(1749923355.002:2383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13211 comm="syz.0.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f242b78e929 code=0x7ffc0000 [ 493.022725][ T30] audit: type=1326 audit(1749923355.002:2384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13211 comm="syz.0.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f242b78e929 code=0x7ffc0000 [ 493.062298][ T30] audit: type=1326 audit(1749923355.002:2385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13211 comm="syz.0.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f242b78e929 code=0x7ffc0000 [ 493.235919][ T30] audit: type=1326 audit(1749923355.002:2386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13211 comm="syz.0.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f242b78e929 code=0x7ffc0000 [ 493.599636][ T30] audit: type=1326 audit(1749923355.022:2387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13211 comm="syz.0.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f242b78e929 code=0x7ffc0000 [ 494.002355][ T30] audit: type=1326 audit(1749923355.022:2388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13211 comm="syz.0.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f242b72ab19 code=0x7ffc0000 [ 494.124890][ T30] audit: type=1326 audit(1749923355.022:2389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13211 comm="syz.0.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f242b78e929 code=0x7ffc0000 [ 494.221032][ T30] audit: type=1326 audit(1749923355.022:2390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13211 comm="syz.0.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f242b72ab19 code=0x7ffc0000 [ 494.491988][ T30] audit: type=1326 audit(1749923355.022:2391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13211 comm="syz.0.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f242b72ab19 code=0x7ffc0000 [ 494.665014][T13230] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2798'. [ 495.018564][T13237] Invalid ELF header magic: != ELF [ 499.090551][ T5887] hid-generic 0000:0000:0000.0016: unknown main item tag 0x0 [ 499.142593][ T5887] hid-generic 0000:0000:0000.0016: hidraw0: HID v0.00 Device [syz1] on syz0 [ 499.502317][ T5887] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 500.435578][ T5887] usb 3-1: Using ep0 maxpacket: 32 [ 500.462416][ T5887] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 500.470615][ T5887] usb 3-1: config 0 has no interface number 0 [ 500.507709][ T5887] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 500.528086][ T5887] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 500.558598][ T5887] usb 3-1: Product: syz [ 500.578845][ T5887] usb 3-1: Manufacturer: syz [ 500.588968][ T5887] usb 3-1: SerialNumber: syz [ 500.717769][ T5887] usb 3-1: config 0 descriptor?? [ 500.733883][ T5887] smsc95xx v2.0.0 [ 501.809470][ T5887] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 501.894476][ T5887] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 503.068712][ T5887] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000104: -71 [ 503.082574][ T5887] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71 [ 503.094318][ T5887] usb 3-1: USB disconnect, device number 15 [ 503.975645][T13307] syzkaller0: entered promiscuous mode [ 504.031317][T13307] syzkaller0: entered allmulticast mode [ 506.701242][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 508.359778][ T5847] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 508.369498][ T5847] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 508.379697][ T5847] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 508.394860][ T5847] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 508.403705][ T5847] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 510.483661][ T5836] Bluetooth: hci5: command tx timeout [ 512.618743][ T5836] Bluetooth: hci5: command tx timeout [ 512.670198][T13364] lo speed is unknown, defaulting to 1000 [ 513.230886][T13417] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2851'. [ 513.264021][T13412] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2851'. [ 513.298424][T13422] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2851'. [ 514.642422][ T5836] Bluetooth: hci5: command tx timeout [ 516.260103][ T6283] dummy0: left allmulticast mode [ 516.329581][ T6283] bridge0: port 3(dummy0) entered disabled state [ 516.666998][ T6283] bridge_slave_1: left allmulticast mode [ 516.682915][ T6283] bridge_slave_1: left promiscuous mode [ 516.712682][ T6283] bridge0: port 2(bridge_slave_1) entered disabled state [ 516.727749][ T5836] Bluetooth: hci5: command tx timeout [ 516.783914][ T6283] bridge_slave_0: left allmulticast mode [ 516.812734][ T6283] bridge0: port 1(bridge_slave_0) entered disabled state [ 517.338924][ T6283] bond1 (unregistering): (slave gretap1): Releasing backup interface [ 517.743200][ T6283] geneve0 (unregistering): left promiscuous mode [ 517.776648][ T6283] team0: Port device geneve0 removed [ 518.058301][ T6283] bond0 (unregistering): left promiscuous mode [ 518.068295][ T6283] bond_slave_0: left promiscuous mode [ 518.077785][ T6283] bond_slave_1: left promiscuous mode [ 518.087284][ T6283] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 518.261616][ T6283] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 518.279458][ T6283] bond0 (unregistering): Released all slaves [ 518.297702][ T6283] bond1 (unregistering): Released all slaves [ 518.397597][ T6283] bond2 (unregistering): Released all slaves [ 518.419344][ T6283] bond3 (unregistering): Released all slaves [ 518.529026][ T6283] bond4 (unregistering): Released all slaves [ 518.632934][ T6283] bond5 (unregistering): Released all slaves [ 518.653731][ T6283] bond6 (unregistering): (slave bond7): Releasing backup interface [ 518.664112][ T6283] bond6 (unregistering): Released all slaves [ 518.766645][ T6283] bond7 (unregistering): Released all slaves [ 518.784434][ T6283] bond8 (unregistering): (slave bond9): Releasing backup interface [ 518.794156][ T6283] bond8 (unregistering): Released all slaves [ 518.978844][ T6283] bond9 (unregistering): Released all slaves [ 519.019148][ T6283] bond10 (unregistering): (slave bond11): Releasing backup interface [ 519.031130][ T6283] bond10 (unregistering): Released all slaves [ 519.142741][ T6283] bond11 (unregistering): Released all slaves [ 519.160481][ T6283] bond12 (unregistering): Released all slaves [ 519.177949][ T6283] bond13 (unregistering): Released all slaves [ 519.197565][ T6283] bond14 (unregistering): Released all slaves [ 519.949439][T13491] 9pnet_fd: Insufficient options for proto=fd [ 520.497656][T13364] chnl_net:caif_netlink_parms(): no params data found [ 520.985930][T13504] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2882'. [ 521.045869][T13505] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 521.348145][ T6283] tipc: Left network mode [ 521.632109][ T6283] IPVS: stopping master sync thread 8117 ... [ 521.723462][T13516] netlink: 24032 bytes leftover after parsing attributes in process `syz.1.2886'. [ 521.733264][T13516] netlink: 104088 bytes leftover after parsing attributes in process `syz.1.2886'. [ 521.743995][T13516] netlink: 24032 bytes leftover after parsing attributes in process `syz.1.2886'. [ 521.756566][T13364] bridge0: port 1(bridge_slave_0) entered blocking state [ 521.764483][T13364] bridge0: port 1(bridge_slave_0) entered disabled state [ 521.779009][T13364] bridge_slave_0: entered allmulticast mode [ 521.796696][T13364] bridge_slave_0: entered promiscuous mode [ 521.823540][T13364] bridge0: port 2(bridge_slave_1) entered blocking state [ 521.851215][T13364] bridge0: port 2(bridge_slave_1) entered disabled state [ 521.868330][T13364] bridge_slave_1: entered allmulticast mode [ 521.879205][T13364] bridge_slave_1: entered promiscuous mode [ 521.937355][ T6722] Bluetooth: Configuration file not found ar3k/ramps_0x9e0825d9_26.dfu [ 521.959874][ T6722] Bluetooth: Loading sysconfig file failed [ 521.976104][ T6722] ath3k 2-1:0.0: probe with driver ath3k failed with error -110 [ 521.995361][ T6722] usb 2-1: USB disconnect, device number 7 [ 522.079153][T13364] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 522.094280][T13527] netlink: 'syz.1.2891': attribute type 29 has an invalid length. [ 522.107557][T13529] netlink: 'syz.0.2892': attribute type 29 has an invalid length. [ 522.121417][T13364] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 522.131191][T13527] netlink: 'syz.1.2891': attribute type 29 has an invalid length. [ 522.155234][T13529] netlink: 'syz.0.2892': attribute type 29 has an invalid length. [ 522.425371][T13364] team0: Port device team_slave_0 added [ 522.652348][T13364] team0: Port device team_slave_1 added [ 526.523532][T13364] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 526.531545][T13364] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 526.566876][T13364] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 526.596743][ T6283] team0: left promiscuous mode [ 526.608089][ T6283] team_slave_0: left promiscuous mode [ 526.622548][ T6283] team_slave_1: left promiscuous mode [ 526.653694][ T6283] hsr_slave_0: left promiscuous mode [ 526.661596][ T6283] hsr_slave_1: left promiscuous mode [ 526.691895][ T6283] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 526.713132][ T6283] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 527.970900][ T6283] team0 (unregistering): Port device team_slave_1 removed [ 528.026901][ T6283] team0 (unregistering): Port device team_slave_0 removed [ 528.578452][T13364] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 528.588573][T13364] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 528.665920][T13364] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 528.937574][T13364] hsr_slave_0: entered promiscuous mode [ 528.963296][T13364] hsr_slave_1: entered promiscuous mode [ 529.536158][ T6283] IPVS: stop unused estimator thread 0... [ 530.382535][T13597] ptrace attach of "./syz-executor exec"[13598] was attempted by "./syz-executor exec"[13597] [ 534.635721][T13364] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 534.692132][T13364] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 534.716282][T13364] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 534.841966][T13364] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 534.861150][T13637] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2927'. [ 535.244301][T13364] 8021q: adding VLAN 0 to HW filter on device bond0 [ 535.330446][T13364] 8021q: adding VLAN 0 to HW filter on device team0 [ 535.406210][T12923] bridge0: port 1(bridge_slave_0) entered blocking state [ 535.413489][T12923] bridge0: port 1(bridge_slave_0) entered forwarding state [ 535.721885][ T6260] bridge0: port 2(bridge_slave_1) entered blocking state [ 535.729152][ T6260] bridge0: port 2(bridge_slave_1) entered forwarding state [ 541.298083][T13364] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 541.327722][T13707] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2940'. [ 541.337384][T13707] tipc: Enabling of bearer rejected, failed to enable media [ 541.620667][T13364] veth0_vlan: entered promiscuous mode [ 541.640360][T13364] veth1_vlan: entered promiscuous mode [ 541.778764][T13364] veth0_macvtap: entered promiscuous mode [ 542.386422][T13364] veth1_macvtap: entered promiscuous mode [ 542.481809][T13364] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 542.539482][T13364] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 544.843590][T13364] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 544.852771][T13364] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 544.861515][T13364] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 544.874982][T13364] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 545.209609][ T1113] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 545.230188][ T1113] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 545.353388][ T6290] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 545.389021][ T6290] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 546.650239][T13776] netlink: 'syz.4.2958': attribute type 4 has an invalid length. [ 546.844683][T13776] netlink: 17 bytes leftover after parsing attributes in process `syz.4.2958'. [ 550.315388][T13821] ptrace attach of "./syz-executor exec"[13822] was attempted by "./syz-executor exec"[13821] [ 553.196602][ T5847] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 553.205878][ T5847] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 553.215474][ T5847] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 553.242916][ T5847] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 553.271911][ T5847] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 553.667434][T13857] netlink: 'syz.3.2982': attribute type 1 has an invalid length. [ 553.783266][T13863] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2982'. [ 553.798784][T13843] lo speed is unknown, defaulting to 1000 [ 553.824145][T13857] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2982'. [ 553.958653][T13861] 8021q: adding VLAN 0 to HW filter on device bond11 [ 553.984604][T13861] bond10: (slave bond11): making interface the new active one [ 554.013280][T13861] bond10: (slave bond11): Enslaving as an active interface with an up link [ 554.095050][T13857] 8021q: adding VLAN 0 to HW filter on device bond10 [ 555.509450][ T5847] Bluetooth: hci2: command tx timeout [ 556.014507][T13888] netlink: 'syz.1.2992': attribute type 10 has an invalid length. [ 556.058606][T13889] netlink: 256 bytes leftover after parsing attributes in process `syz.0.2993'. [ 556.129638][ T6273] bond0 (unregistering): (slave gretap1): Releasing backup interface [ 556.267793][ T6273] bond0 (unregistering): Released all slaves [ 556.289886][ T6273] bond1 (unregistering): Released all slaves [ 556.328900][ T6273] bond2 (unregistering): Released all slaves [ 556.455830][ T6273] bond3 (unregistering): (slave bond4): Releasing backup interface [ 556.465703][ T6273] bond3 (unregistering): Released all slaves [ 556.601703][ T6273] bond4 (unregistering): Released all slaves [ 556.705827][ T6273] bond5 (unregistering): (slave bond6): Releasing backup interface [ 556.717905][ T6273] bond5 (unregistering): Released all slaves [ 556.872003][ T6273] bond6 (unregistering): Released all slaves [ 556.890951][ T6273] bond7 (unregistering): (slave bond8): Releasing backup interface [ 556.899871][ T6273] bond7 (unregistering): Released all slaves [ 556.998796][ T6273] bond8 (unregistering): Released all slaves [ 557.095280][ T6273] bond9 (unregistering): Released all slaves [ 557.110310][ T6273] bond10 (unregistering): Released all slaves [ 557.128070][ T6273] bond11 (unregistering): Released all slaves [ 557.150544][ T6273] bond12 (unregistering): Released all slaves [ 557.261280][ T6273] bond13 (unregistering): (slave bond14): Releasing backup interface [ 557.270591][ T6273] bond13 (unregistering): Released all slaves [ 557.371109][ T6273] bond14 (unregistering): Released all slaves [ 557.522722][ T5836] Bluetooth: hci2: command tx timeout [ 558.509277][T13912] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2998'. [ 558.578626][T13916] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 559.323570][T13843] chnl_net:caif_netlink_parms(): no params data found [ 559.601168][T13935] netlink: 'syz.1.3006': attribute type 10 has an invalid length. [ 559.609203][ T5836] Bluetooth: hci2: command tx timeout [ 559.748510][ T6273] hsr_slave_0: left promiscuous mode [ 559.759978][ T6273] hsr_slave_1: left promiscuous mode [ 560.923652][T13950] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3011'. [ 561.043586][T13952] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 561.353472][T13843] bridge0: port 1(bridge_slave_0) entered blocking state [ 561.360949][T13843] bridge0: port 1(bridge_slave_0) entered disabled state [ 561.376189][T13843] bridge_slave_0: entered allmulticast mode [ 561.419799][T13843] bridge_slave_0: entered promiscuous mode [ 561.466616][T13843] bridge0: port 2(bridge_slave_1) entered blocking state [ 561.478975][T13843] bridge0: port 2(bridge_slave_1) entered disabled state [ 561.488470][T13843] bridge_slave_1: entered allmulticast mode [ 561.502015][T13843] bridge_slave_1: entered promiscuous mode [ 561.513430][T13955] netlink: 'syz.1.3013': attribute type 1 has an invalid length. [ 561.674930][T13843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 561.684233][ T6273] IPVS: stop unused estimator thread 0... [ 561.701858][ T5836] Bluetooth: hci2: command tx timeout [ 561.706083][T13843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 562.655221][T13843] team0: Port device team_slave_0 added [ 562.686026][T13843] team0: Port device team_slave_1 added [ 563.034791][T13843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 563.059533][T13985] netlink: 'syz.1.3022': attribute type 10 has an invalid length. [ 563.089546][T13843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 563.224750][T13843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 563.376416][T13843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 563.440788][T13843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 563.712291][T13997] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3024'. [ 563.775019][T13998] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 563.863628][T13843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 564.567507][T13843] hsr_slave_0: entered promiscuous mode [ 564.794707][T13843] hsr_slave_1: entered promiscuous mode [ 565.081682][T13843] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 565.126036][T13843] Cannot create hsr debugfs directory [ 565.191232][T14017] C: entered allmulticast mode [ 565.583811][T14028] netlink: 'syz.1.3034': attribute type 10 has an invalid length. [ 566.718845][T14025] lo speed is unknown, defaulting to 1000 [ 567.001759][T14029] lo speed is unknown, defaulting to 1000 [ 567.082544][T14026] lo speed is unknown, defaulting to 1000 [ 567.161026][T14051] lo speed is unknown, defaulting to 1000 [ 567.566764][T14081] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 567.575393][T14081] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 567.583691][T14081] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 567.591910][T14081] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 567.972109][T13843] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 567.990654][T13843] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 568.017077][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.036013][T13843] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 568.071280][T13843] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 568.099752][T14095] lo speed is unknown, defaulting to 1000 [ 568.391444][T14106] kvm: kvm [14105]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000 [ 568.607543][T13843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 568.798598][T13843] 8021q: adding VLAN 0 to HW filter on device team0 [ 568.945212][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 568.952485][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 568.991122][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 568.998422][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 569.927227][T13843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 571.006813][T14143] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3067'. [ 571.060926][T14144] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 571.314982][T13843] veth0_vlan: entered promiscuous mode [ 571.613815][T13843] veth1_vlan: entered promiscuous mode [ 571.689984][T14155] netlink: 'syz.0.3070': attribute type 10 has an invalid length. [ 572.626869][T13843] veth0_macvtap: entered promiscuous mode [ 572.678201][T13843] veth1_macvtap: entered promiscuous mode [ 572.730658][T13843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 572.756411][T13843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 572.877429][T13843] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 572.887079][T13843] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 572.901190][T13843] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 572.917961][T13843] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 573.722475][ T1113] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 573.760910][ T1113] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 573.901392][ T6273] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 573.929850][ T6273] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 574.052628][T14182] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 575.233260][ T5847] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 575.252553][ T5847] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 575.261014][ T5847] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 575.291319][ T5847] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 575.305717][ T5847] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 575.341443][T14213] siw: device registration error -23 [ 575.352898][T14213] netlink: 'syz.1.3092': attribute type 13 has an invalid length. [ 575.501130][T14208] lo speed is unknown, defaulting to 1000 [ 577.366594][ T5836] Bluetooth: hci1: command tx timeout [ 578.175653][T14208] chnl_net:caif_netlink_parms(): no params data found [ 578.646994][T14208] bridge0: port 1(bridge_slave_0) entered blocking state [ 578.683094][T14208] bridge0: port 1(bridge_slave_0) entered disabled state [ 578.690426][T14208] bridge_slave_0: entered allmulticast mode [ 578.725726][T14208] bridge_slave_0: entered promiscuous mode [ 578.744576][T14208] bridge0: port 2(bridge_slave_1) entered blocking state [ 578.751874][T14208] bridge0: port 2(bridge_slave_1) entered disabled state [ 578.792634][T14208] bridge_slave_1: entered allmulticast mode [ 578.805674][T14278] netlink: 'syz.1.3116': attribute type 10 has an invalid length. [ 578.811218][T14208] bridge_slave_1: entered promiscuous mode [ 578.828435][T14276] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3114'. [ 578.859391][T14276] openvswitch: netlink: Missing key (keys=40, expected=80) [ 579.053175][T14208] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 579.102537][T14208] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 579.443288][ T5836] Bluetooth: hci1: command tx timeout [ 579.518821][T14208] team0: Port device team_slave_0 added [ 580.034738][T14314] netlink: 'syz.2.3127': attribute type 10 has an invalid length. [ 580.473076][T14322] siw: device registration error -23 [ 580.528094][T14322] netlink: 'syz.1.3131': attribute type 13 has an invalid length. [ 580.664161][T14208] team0: Port device team_slave_1 added [ 581.119777][T14208] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 581.146830][T14208] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 581.186805][T14208] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 581.310147][T14332] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3134'. [ 581.369877][T14208] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 581.382598][T14208] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 581.461311][T14208] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 581.506419][T14346] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3139'. [ 581.522809][ T5836] Bluetooth: hci1: command tx timeout [ 581.533810][T14346] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 581.696771][T14208] hsr_slave_0: entered promiscuous mode [ 581.715406][T14208] hsr_slave_1: entered promiscuous mode [ 581.730137][T14208] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 581.772486][T14208] Cannot create hsr debugfs directory [ 582.282322][T14368] lo: entered allmulticast mode [ 582.992697][T14378] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3150'. [ 583.199397][T14382] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 583.406563][T14208] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 583.467833][T14208] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 583.495953][T14208] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 583.550333][T14208] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 583.608112][ T5836] Bluetooth: hci1: command tx timeout [ 583.709557][T14208] 8021q: adding VLAN 0 to HW filter on device bond0 [ 583.753600][T14208] 8021q: adding VLAN 0 to HW filter on device team0 [ 583.895399][ T6276] bridge0: port 1(bridge_slave_0) entered blocking state [ 583.903660][ T6276] bridge0: port 1(bridge_slave_0) entered forwarding state [ 584.073378][T14208] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 584.102388][T14208] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 585.136428][ T1113] bridge0: port 2(bridge_slave_1) entered blocking state [ 585.143770][ T1113] bridge0: port 2(bridge_slave_1) entered forwarding state [ 586.274191][T14428] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3168'. [ 586.302907][T14428] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 586.962976][T14208] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 587.074970][T14208] veth0_vlan: entered promiscuous mode [ 587.111321][T14208] veth1_vlan: entered promiscuous mode [ 587.200339][T14208] veth0_macvtap: entered promiscuous mode [ 587.227580][T14208] veth1_macvtap: entered promiscuous mode [ 587.271113][T14208] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 587.321208][T14208] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 587.447389][T14208] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 587.461865][T14208] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 587.482367][T14208] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 587.507609][T14208] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 587.518968][T14443] netlink: 256 bytes leftover after parsing attributes in process `syz.1.3173'. [ 587.748764][ T6283] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 587.768167][ T6283] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 587.873712][ T6273] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 587.892644][ T6273] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 588.936935][T14466] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3179'. [ 589.370287][T14467] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 591.673210][T14477] netlink: 256 bytes leftover after parsing attributes in process `syz.4.3183'. [ 592.205521][T14483] ptrace attach of "./syz-executor exec"[14484] was attempted by "./syz-executor exec"[14483] [ 592.604705][ T5847] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 592.614716][ T5847] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 592.626442][ T5847] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 592.636762][ T5847] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 592.644429][ T5847] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 592.768224][T14490] lo speed is unknown, defaulting to 1000 [ 594.326715][T14509] Illegal XDP return value 4294967274 on prog (id 909) dev N/A, expect packet loss! [ 594.563354][T14490] chnl_net:caif_netlink_parms(): no params data found [ 594.592724][T14512] siw: device registration error -23 [ 594.649928][T14512] netlink: 'syz.3.3194': attribute type 13 has an invalid length. [ 594.722646][ T5836] Bluetooth: hci4: command tx timeout [ 595.471385][T14512] bridge0: port 2(bridge_slave_1) entered disabled state [ 595.479316][T14512] bridge0: port 1(bridge_slave_0) entered disabled state [ 595.813528][T14512] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 595.843247][T14512] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 596.082227][T14512] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 596.091375][T14512] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 596.103158][T14512] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 596.112245][T14512] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 596.213222][T14537] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3203'. [ 596.306250][ T6290] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 596.449545][ T6290] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 596.724682][ T6290] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 596.822803][ T5836] Bluetooth: hci4: command tx timeout [ 597.154336][T14490] bridge0: port 1(bridge_slave_0) entered blocking state [ 597.182560][T14490] bridge0: port 1(bridge_slave_0) entered disabled state [ 597.192020][T14490] bridge_slave_0: entered allmulticast mode [ 597.353198][T14490] bridge_slave_0: entered promiscuous mode [ 597.359158][T14490] bridge0: port 2(bridge_slave_1) entered blocking state [ 597.359281][T14490] bridge0: port 2(bridge_slave_1) entered disabled state [ 597.359450][T14490] bridge_slave_1: entered allmulticast mode [ 597.361356][T14490] bridge_slave_1: entered promiscuous mode [ 597.379084][ T6290] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 597.414141][T14558] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3210'. [ 597.579077][T14490] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 597.604673][T14490] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 597.780263][T14490] team0: Port device team_slave_0 added [ 597.820423][T14490] team0: Port device team_slave_1 added [ 597.961550][T14579] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3219'. [ 598.004359][T14490] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 598.019521][T14490] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 598.045611][ C1] vkms_vblank_simulate: vblank timer overrun [ 598.100849][T14584] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3221'. [ 598.109608][T14490] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 598.143733][T14571] syzkaller0: entered promiscuous mode [ 598.149371][T14571] syzkaller0: entered allmulticast mode [ 598.159649][T14490] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 598.181871][T14490] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 598.242761][T14490] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 598.386458][ T6290] bridge_slave_1: left allmulticast mode [ 598.399254][ T6290] bridge_slave_1: left promiscuous mode [ 598.423897][ T6290] bridge0: port 2(bridge_slave_1) entered disabled state [ 598.476876][ T6290] bridge_slave_0: left allmulticast mode [ 598.515271][ T6290] bridge_slave_0: left promiscuous mode [ 598.521127][ T6290] bridge0: port 1(bridge_slave_0) entered disabled state [ 598.717739][ T6290] ip6gretap0 (unregistering): left promiscuous mode [ 598.793667][T14604] netlink: 'syz.1.3229': attribute type 12 has an invalid length. [ 598.826513][T14604] netlink: 9472 bytes leftover after parsing attributes in process `syz.1.3229'. [ 598.895396][ T5847] Bluetooth: hci4: command tx timeout [ 598.930560][T14609] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3232'. [ 599.054444][ T6290] erspan0 (unregistering): left promiscuous mode [ 599.119828][ T6290] gretap0 (unregistering): left promiscuous mode [ 599.220022][ T6290] bond2 (unregistering): (slave gretap1): Releasing backup interface [ 599.365103][ T6290] geneve0 (unregistering): left promiscuous mode [ 599.386824][ T6290] team0: Port device geneve0 removed [ 599.555673][ T6290] bond0 (unregistering): left promiscuous mode [ 599.561913][ T6290] bond_slave_0: left promiscuous mode [ 599.567801][ T6290] bond_slave_1: left promiscuous mode [ 599.574883][ T6290] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 599.588282][ T6290] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 599.598090][ T6290] bond0 (unregistering): Released all slaves [ 599.613637][ T6290] bond1 (unregistering): Released all slaves [ 599.721117][ T6290] bond2 (unregistering): Released all slaves [ 599.738254][ T6290] bond3 (unregistering): (slave bond4): Releasing backup interface [ 599.747084][ T6290] bond3 (unregistering): Released all slaves [ 599.858962][ T6290] bond4 (unregistering): Released all slaves [ 599.879026][ T6290] bond5 (unregistering): (slave bond6): Releasing backup interface [ 599.888050][ T6290] bond5 (unregistering): Released all slaves [ 600.000530][ T6290] bond6 (unregistering): Released all slaves [ 600.023456][ T6290] bond7 (unregistering): Released all slaves [ 600.089308][T14490] hsr_slave_0: entered promiscuous mode [ 600.113505][T14490] hsr_slave_1: entered promiscuous mode [ 600.120056][T14490] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 600.142209][T14490] Cannot create hsr debugfs directory [ 600.509022][T14630] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.3237'. [ 600.538216][T14628] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.3237'. [ 600.579401][T14633] netlink: 'syz.3.3241': attribute type 1 has an invalid length. [ 600.616578][T14634] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3242'. [ 600.655767][T14633] bond1 (unregistering): Released all slaves [ 600.735050][T14641] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3241'. [ 600.982283][ T5847] Bluetooth: hci4: command tx timeout [ 601.394198][T14647] netlink: 'syz.2.3246': attribute type 12 has an invalid length. [ 601.404715][T14647] netlink: 9472 bytes leftover after parsing attributes in process `syz.2.3246'. [ 601.896825][T14490] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 601.927937][T14490] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 601.956715][T14490] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 602.021533][T14490] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 602.111202][ T6290] tipc: Left network mode [ 602.192069][T14675] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 604.064371][T14701] __nla_validate_parse: 5 callbacks suppressed [ 604.064395][T14701] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3267'. [ 604.093360][T14699] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.3268'. [ 604.153200][T14694] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.3268'. [ 604.287513][T14490] 8021q: adding VLAN 0 to HW filter on device bond0 [ 604.392759][T14490] 8021q: adding VLAN 0 to HW filter on device team0 [ 604.640653][T14710] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3273'. [ 604.652747][ T6260] bridge0: port 1(bridge_slave_0) entered blocking state [ 604.659954][ T6260] bridge0: port 1(bridge_slave_0) entered forwarding state [ 604.701108][T14711] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 604.741053][ T6290] team0: left promiscuous mode [ 604.746193][ T6290] team_slave_0: left promiscuous mode [ 604.755383][ T6290] team_slave_1: left promiscuous mode [ 604.787984][ T6290] hsr_slave_0: left promiscuous mode [ 604.798600][ T6290] hsr_slave_1: left promiscuous mode [ 604.818465][ T6290] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 604.840635][ T6290] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 605.585449][ T6290] team0 (unregistering): Port device team_slave_1 removed [ 605.644482][ T6290] team0 (unregistering): Port device team_slave_0 removed [ 606.190507][ T6290] C (unregistering): left allmulticast mode [ 606.233937][ T6260] bridge0: port 2(bridge_slave_1) entered blocking state [ 606.241187][ T6260] bridge0: port 2(bridge_slave_1) entered forwarding state [ 606.799415][T14737] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3280'. [ 606.959804][ T6290] IPVS: stop unused estimator thread 0... [ 607.080500][T14490] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 608.976163][T14749] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3284'. [ 608.994225][T14749] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 609.106808][T14490] veth0_vlan: entered promiscuous mode [ 609.148621][T14490] veth1_vlan: entered promiscuous mode [ 609.249948][T14490] veth0_macvtap: entered promiscuous mode [ 609.335071][T14490] veth1_macvtap: entered promiscuous mode [ 609.398286][T14490] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 609.435816][T14490] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 609.538576][T14490] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 609.553117][T14490] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 609.562066][T14490] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 609.571106][T14490] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 610.306278][ T6283] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 610.337710][ T6283] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 610.543713][ T6260] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 610.587258][ T6260] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 612.576276][ T6290] bridge_slave_1: left allmulticast mode [ 612.632493][ T6290] bridge_slave_1: left promiscuous mode [ 612.648737][ T6290] bridge0: port 2(bridge_slave_1) entered disabled state [ 612.741288][ T6290] bridge_slave_0: left allmulticast mode [ 612.770559][ T6290] bridge_slave_0: left promiscuous mode [ 612.797666][ T6290] bridge0: port 1(bridge_slave_0) entered disabled state [ 613.508164][ T5836] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 613.526731][ T5836] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 613.549812][ T5836] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 613.559496][ T5836] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 613.568318][ T5836] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 613.599707][ T6290] bond1 (unregistering): (slave gretap1): Releasing backup interface [ 613.675092][ T6290] geneve0 (unregistering): left promiscuous mode [ 613.688430][ T6290] team0: Port device geneve0 removed [ 613.901610][ T6290] bond0 (unregistering): left promiscuous mode [ 613.908123][ T6290] bond_slave_0: left promiscuous mode [ 613.914046][ T6290] bond_slave_1: left promiscuous mode [ 613.921064][ T6290] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 613.931496][ T6290] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 613.947746][ T6290] bond0 (unregistering): Released all slaves [ 613.963432][ T6290] bond1 (unregistering): Released all slaves [ 613.978656][ T6290] bond2 (unregistering): Released all slaves [ 614.001057][ T6290] bond3 (unregistering): Released all slaves [ 614.023008][ T6290] bond4 (unregistering): Released all slaves [ 614.041264][ T6290] bond5 (unregistering): Released all slaves [ 614.156692][ T6290] bond6 (unregistering): Released all slaves [ 614.259304][ T6290] bond7 (unregistering): Released all slaves [ 614.274296][ T6290] bond8 (unregistering): Released all slaves [ 614.288532][ T6290] bond9 (unregistering): Released all slaves [ 614.404878][ T6290] bond10 (unregistering): (slave bond11): Releasing backup interface [ 614.414032][ T6290] bond10 (unregistering): Released all slaves [ 614.521607][ T6290] bond11 (unregistering): Released all slaves [ 614.538551][T14794] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3300'. [ 614.601335][T14801] lo speed is unknown, defaulting to 1000 [ 615.442641][T14817] netlink: 'syz.0.3308': attribute type 153 has an invalid length. [ 615.603039][ T5847] Bluetooth: hci3: command tx timeout [ 615.624038][T14821] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3310'. [ 615.725738][T14829] netlink: 'syz.0.3313': attribute type 1 has an invalid length. [ 615.786974][T14829] bond1 (unregistering): Released all slaves [ 615.863450][T14834] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3313'. [ 616.064933][T14839] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3314'. [ 616.234613][T14821] lo speed is unknown, defaulting to 1000 [ 616.451421][T14801] chnl_net:caif_netlink_parms(): no params data found [ 616.864823][T14801] bridge0: port 1(bridge_slave_0) entered blocking state [ 616.873119][T14801] bridge0: port 1(bridge_slave_0) entered disabled state [ 616.880386][T14801] bridge_slave_0: entered allmulticast mode [ 616.897496][T14801] bridge_slave_0: entered promiscuous mode [ 617.000469][T14801] bridge0: port 2(bridge_slave_1) entered blocking state [ 617.012025][T14801] bridge0: port 2(bridge_slave_1) entered disabled state [ 617.020951][T14801] bridge_slave_1: entered allmulticast mode [ 617.039198][T14801] bridge_slave_1: entered promiscuous mode [ 617.277309][T14869] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3324'. [ 617.356068][T14870] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 617.682379][ T5847] Bluetooth: hci3: command tx timeout [ 617.970786][T14801] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 618.049450][T14801] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 618.507143][T14801] team0: Port device team_slave_0 added [ 618.565346][T14801] team0: Port device team_slave_1 added [ 618.571972][ T6290] team0: left promiscuous mode [ 618.582224][ T6290] team_slave_0: left promiscuous mode [ 618.589044][ T6290] team_slave_1: left promiscuous mode [ 618.614380][ T6290] hsr_slave_0: left promiscuous mode [ 618.620763][ T6290] hsr_slave_1: left promiscuous mode [ 618.627405][ T6290] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 618.643196][ T6290] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 619.131771][ T6290] team0 (unregistering): Port device team_slave_1 removed [ 619.178818][ T6290] team0 (unregistering): Port device team_slave_0 removed [ 619.708800][T14888] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.3331'. [ 619.733203][T14801] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 619.757025][T14801] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 619.794325][ T5847] Bluetooth: hci3: command tx timeout [ 619.799926][T14801] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 619.815428][T14801] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 619.822543][T14801] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 619.852427][T14801] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 620.030219][T14801] hsr_slave_0: entered promiscuous mode [ 620.065527][T14801] hsr_slave_1: entered promiscuous mode [ 620.072076][T14801] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 620.085337][T14801] Cannot create hsr debugfs directory [ 620.093026][T14908] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3339'. [ 620.300028][T14912] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3340'. [ 620.504551][T14913] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 620.904051][T14923] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3345'. [ 620.907314][ T6290] IPVS: stop unused estimator thread 0... [ 620.992168][T14924] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.3344'. [ 621.030428][T14920] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.3344'. [ 621.079022][T14928] netlink: 'syz.2.3347': attribute type 12 has an invalid length. [ 621.120294][T14928] netlink: 9472 bytes leftover after parsing attributes in process `syz.2.3347'. [ 621.321443][T14938] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3350'. [ 621.498141][T14943] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3351'. [ 621.772352][T14953] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3356'. [ 621.842562][ T5847] Bluetooth: hci3: command tx timeout [ 622.157632][T14801] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 622.203575][T14801] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 622.542754][T14975] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 623.039146][ T6290] bond0 (unregistering): Released all slaves [ 623.141529][ T6290] bond1 (unregistering): Released all slaves [ 623.160184][ T6290] bond2 (unregistering): Released all slaves [ 623.176809][ T6290] bond3 (unregistering): Released all slaves [ 623.284495][ T6290] bond4 (unregistering): Released all slaves [ 623.300462][ T6290] bond5 (unregistering): Released all slaves [ 623.316018][ T6290] bond6 (unregistering): Released all slaves [ 623.347986][T14801] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 623.382864][T14801] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 623.540450][ T6290] tipc: Left network mode [ 623.675421][ T6290] IPVS: stopping master sync thread 7863 ... [ 623.801637][T14801] 8021q: adding VLAN 0 to HW filter on device bond0 [ 623.955262][T14801] 8021q: adding VLAN 0 to HW filter on device team0 [ 624.506743][ T6260] bridge0: port 1(bridge_slave_0) entered blocking state [ 624.514019][ T6260] bridge0: port 1(bridge_slave_0) entered forwarding state [ 624.537960][ T6260] bridge0: port 2(bridge_slave_1) entered blocking state [ 624.545219][ T6260] bridge0: port 2(bridge_slave_1) entered forwarding state [ 624.864283][T15014] __nla_validate_parse: 7 callbacks suppressed [ 624.864305][T15014] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3378'. [ 624.893173][T15014] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 625.209741][T15018] syzkaller0: entered promiscuous mode [ 625.233581][T15018] syzkaller0: entered allmulticast mode [ 625.413566][T15027] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3383'. [ 628.743215][T15050] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3388'. [ 628.809689][ T6290] hsr_slave_0: left promiscuous mode [ 628.862208][ T6290] hsr_slave_1: left promiscuous mode [ 629.103115][T15057] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3390'. [ 629.166100][T15062] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 629.449888][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.470452][T15066] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3395'. [ 629.618872][T15068] x_tables: duplicate entry at hook 2 [ 629.777913][ T6260] smc: removing ib device syz! [ 630.589780][ T6290] lo (unregistering): left allmulticast mode [ 631.487814][T14801] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 631.532283][ T5836] Bluetooth: hci5: command 0x0406 tx timeout [ 631.723427][T15087] syzkaller0: entered promiscuous mode [ 631.729055][T15087] syzkaller0: entered allmulticast mode [ 631.825251][T14801] veth0_vlan: entered promiscuous mode [ 632.023189][T15107] x_tables: duplicate entry at hook 2 [ 635.832949][T14801] veth1_vlan: entered promiscuous mode [ 635.906348][T14801] veth0_macvtap: entered promiscuous mode [ 635.936427][T14801] veth1_macvtap: entered promiscuous mode [ 635.999230][T14801] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 636.028195][T14801] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 636.061743][T14801] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 636.082402][T14801] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 636.113108][T14801] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 636.132052][T14801] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 636.156697][T15135] x_tables: duplicate entry at hook 2 [ 636.321762][ T6290] IPVS: stop unused estimator thread 0... [ 636.387972][ T1113] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 636.414141][ T1113] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 636.493493][T15143] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3419'. [ 636.535516][T15144] netlink: 256 bytes leftover after parsing attributes in process `syz.4.3421'. [ 636.546265][T15146] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 636.561792][ T6273] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 636.617589][ T6273] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 638.912752][T15168] syzkaller0: entered promiscuous mode [ 638.989437][T15168] syzkaller0: entered allmulticast mode [ 642.188497][T15184] x_tables: duplicate entry at hook 2 [ 642.631268][T15200] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 642.640200][T15200] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 642.649118][T15200] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 642.657859][T15200] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 642.714081][T15201] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3438'. [ 642.768234][T15202] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 643.327649][T15211] lo speed is unknown, defaulting to 1000 [ 643.359815][T15211] lo speed is unknown, defaulting to 1000 [ 643.397536][T15211] lo speed is unknown, defaulting to 1000 [ 643.443108][T15214] netlink: 'syz.0.3441': attribute type 13 has an invalid length. [ 643.533617][T15211] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 643.917302][T15214] bridge0: port 2(bridge_slave_1) entered disabled state [ 643.924907][T15214] bridge0: port 1(bridge_slave_0) entered disabled state [ 644.230485][T15214] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 644.293679][T15214] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 644.657742][T15214] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 644.667283][T15214] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 644.678336][T15214] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 644.687587][T15214] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 644.827828][ T5937] lo speed is unknown, defaulting to 1000 [ 644.835355][ T5937] syz0: Port: 1 Link DOWN [ 644.843530][T15211] lo speed is unknown, defaulting to 1000 [ 645.025218][T15211] lo speed is unknown, defaulting to 1000 [ 645.066906][T15211] lo speed is unknown, defaulting to 1000 [ 645.140895][T15211] lo speed is unknown, defaulting to 1000 [ 645.149363][T15211] lo speed is unknown, defaulting to 1000 [ 645.203260][T15211] lo speed is unknown, defaulting to 1000 [ 645.873807][T15248] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3453'. [ 646.015333][T15252] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 646.367182][T15255] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3452'. [ 646.440875][T15261] netlink: 'syz.0.3459': attribute type 13 has an invalid length. [ 646.577064][T15259] IPVS: persistence engine module ip_vs_pe_ not found [ 648.280244][T15289] ªªªªª@: renamed from bridge_slave_0 (while UP) [ 648.665751][T15290] netlink: 256 bytes leftover after parsing attributes in process `syz.2.3467'. [ 648.848348][T15300] siw: device registration error -23 [ 648.880851][T15300] netlink: 'syz.1.3472': attribute type 13 has an invalid length. [ 649.014073][T15305] netlink: 'syz.2.3474': attribute type 1 has an invalid length. [ 649.151987][T15300] bridge0: port 2(bridge_slave_1) entered disabled state [ 649.159884][T15300] bridge0: port 1(bridge_slave_0) entered disabled state [ 649.513612][T15300] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 649.556594][T15300] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 650.892582][T15300] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.901706][T15300] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.947642][T15300] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.961627][T15300] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 651.302874][T15305] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 651.348628][T15307] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 651.634428][T15340] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3484'. [ 651.653274][T15340] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 652.326579][T15352] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 652.336054][T15352] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 652.345087][T15352] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 652.354145][T15352] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 654.824589][T15380] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3483'. [ 654.847701][T15380] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 654.981470][T15382] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 654.990400][T15382] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 654.999182][T15382] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 655.007950][T15382] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 655.772217][T15394] x_tables: duplicate entry at hook 2 [ 656.073203][T15403] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3510'. [ 656.085399][T15403] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 656.369469][T15407] !: renamed from dummy0 [ 661.793213][T15506] netlink: 'syz.2.3514': attribute type 10 has an invalid length. [ 661.828423][T15506] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3514'. [ 661.991676][T15507] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3514'. [ 662.017536][T15506] team0: Port device geneve0 added [ 664.795099][T15524] ptrace attach of "./syz-executor exec"[15525] was attempted by "./syz-executor exec"[15524] [ 666.220223][T15532] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3533'. [ 666.260567][T15532] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 666.494121][T15538] netlink: 'syz.0.3536': attribute type 1 has an invalid length. [ 667.027683][T15542] 8021q: adding VLAN 0 to HW filter on device bond2 [ 667.055709][T15542] bond1: (slave bond2): making interface the new active one [ 667.081049][T15542] bond1: (slave bond2): Enslaving as an active interface with an up link [ 667.145101][T15562] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3530'. [ 667.161231][T15538] bond1: (slave gretap1): Enslaving as a backup interface with an up link [ 667.315968][T15566] x_tables: duplicate entry at hook 2 [ 668.340580][T15584] ptrace attach of "./syz-executor exec"[15585] was attempted by "./syz-executor exec"[15584] [ 668.916262][T15579] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3543'. [ 669.363326][T15574] syzkaller0: entered promiscuous mode [ 669.368874][T15574] syzkaller0: entered allmulticast mode [ 669.417743][T15591] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 669.478652][T15591] batadv_slave_0: entered promiscuous mode [ 669.980128][T15605] netlink: 'syz.2.3551': attribute type 1 has an invalid length. [ 670.945949][T15626] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3556'. [ 672.631832][T15648] ptrace attach of "./syz-executor exec"[15649] was attempted by "./syz-executor exec"[15648] [ 675.473476][T15605] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 675.474342][T15608] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 675.624561][T15660] 8021q: VLANs not supported on ip_vti0 [ 677.612408][ T5836] Bluetooth: hci2: command 0x0406 tx timeout [ 677.941065][T15689] ptrace attach of "./syz-executor exec"[15690] was attempted by "./syz-executor exec"[15689] [ 679.005538][T15697] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3574'. [ 679.030738][T15695] syzkaller0: entered promiscuous mode [ 679.043579][T15695] syzkaller0: entered allmulticast mode [ 679.051799][T15699] 8021q: VLANs not supported on ip_vti0 [ 680.049769][T15716] netlink: 'syz.1.3580': attribute type 1 has an invalid length. [ 684.204860][T15761] block nbd0: server does not support multiple connections per device. [ 684.237425][T15761] block nbd0: shutting down sockets [ 686.619188][T15721] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 688.003525][T15796] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3610'. [ 688.559003][T15811] netlink: 'syz.4.3615': attribute type 1 has an invalid length. [ 688.668896][T15811] 8021q: adding VLAN 0 to HW filter on device bond2 [ 688.687205][T15811] bond1: (slave bond2): making interface the new active one [ 688.697780][T15811] bond1: (slave bond2): Enslaving as an active interface with an up link [ 688.733693][T15814] bond1: (slave gretap1): Enslaving as a backup interface with an up link [ 690.099069][T15831] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3621'. [ 690.108631][T15831] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 691.782764][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 692.893526][T15876] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3637'. [ 692.966629][T15876] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 694.970262][T15895] netlink: 'syz.2.3645': attribute type 1 has an invalid length. [ 696.732298][T15919] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3653'. [ 696.773699][T15919] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 698.355722][ T5836] Bluetooth: hci1: command 0x0406 tx timeout [ 698.787544][T15923] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3655'. [ 698.956306][T15936] siw: device registration error -23 [ 698.978713][T15936] netlink: 'syz.3.3659': attribute type 13 has an invalid length. [ 699.299332][T15946] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3664'. [ 700.034618][T15946] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3664'. [ 700.081047][T15952] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3666'. [ 701.886291][T15961] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3669'. [ 701.896223][T15961] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 702.169049][T15975] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3673'. [ 702.406403][T15979] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3676'. [ 705.370964][T16001] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3684'. [ 705.380868][T16001] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 705.648157][T16011] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3687'. [ 708.184213][T16039] ptrace attach of "./syz-executor exec"[16040] was attempted by "./syz-executor exec"[16039] [ 712.582036][T16089] ptrace attach of "./syz-executor exec"[16090] was attempted by "./syz-executor exec"[16089] [ 713.541827][T16104] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3696'. [ 713.553303][T16104] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 713.675474][T16114] netlink: 4083 bytes leftover after parsing attributes in process `syz.4.3725'. [ 714.686978][T16119] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3729'. [ 715.474293][T16136] ptrace attach of "./syz-executor exec"[16137] was attempted by "./syz-executor exec"[16136] [ 716.297338][T16144] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3738'. [ 716.585550][T16144] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 716.743249][T16151] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3740'. [ 718.272485][T16163] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3744'. [ 718.568676][ T5836] Bluetooth: hci4: command 0x0406 tx timeout [ 720.208523][T16186] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3754'. [ 720.228615][T16183] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3752'. [ 720.238553][T16183] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 720.629764][T16202] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3760'. [ 721.756175][T16211] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3763'. [ 722.491690][T16222] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3768'. [ 722.510115][T16218] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3766'. [ 722.520026][T16218] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 723.086899][T16229] syz.0.3771: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 723.869518][T16229] CPU: 0 UID: 0 PID: 16229 Comm: syz.0.3771 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) [ 723.869554][T16229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 723.869576][T16229] Call Trace: [ 723.869592][T16229] [ 723.869602][T16229] dump_stack_lvl+0x189/0x250 [ 723.869647][T16229] ? __pfx_dump_stack_lvl+0x10/0x10 [ 723.869679][T16229] ? __pfx__printk+0x10/0x10 [ 723.869700][T16229] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 723.869736][T16229] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 723.869773][T16229] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 723.869812][T16229] warn_alloc+0x214/0x310 [ 723.869843][T16229] ? __kfence_alloc+0x385/0x3b0 [ 723.869870][T16229] ? __pfx_warn_alloc+0x10/0x10 [ 723.869897][T16229] ? futex_unqueue+0x22/0x240 [ 723.869916][T16229] ? __kmalloc_cache_noprof+0x329/0x3d0 [ 723.869942][T16229] ? xsk_setsockopt+0x43f/0x710 [ 723.869969][T16229] ? do_sock_setsockopt+0x257/0x3e0 [ 723.870011][T16229] __vmalloc_node_range_noprof+0x125/0x12f0 [ 723.870072][T16229] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 723.870115][T16229] ? __kasan_kmalloc+0x22/0xb0 [ 723.870146][T16229] vmalloc_user_noprof+0xad/0xf0 [ 723.870174][T16229] ? xskq_create+0xbf/0x170 [ 723.870205][T16229] xskq_create+0xbf/0x170 [ 723.870238][T16229] xsk_init_queue+0xb0/0x110 [ 723.870276][T16229] xsk_setsockopt+0x43f/0x710 [ 723.870308][T16229] ? __pfx_xsk_setsockopt+0x10/0x10 [ 723.870335][T16229] ? __lock_acquire+0xab9/0xd20 [ 723.870375][T16229] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 723.870400][T16229] ? __pfx_xsk_setsockopt+0x10/0x10 [ 723.870430][T16229] do_sock_setsockopt+0x257/0x3e0 [ 723.870459][T16229] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 723.870490][T16229] ? __fget_files+0x2a/0x420 [ 723.870530][T16229] __x64_sys_setsockopt+0x18b/0x220 [ 723.870563][T16229] do_syscall_64+0xfa/0x3b0 [ 723.870596][T16229] ? lockdep_hardirqs_on+0x9c/0x150 [ 723.870627][T16229] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 723.870650][T16229] ? clear_bhb_loop+0x60/0xb0 [ 723.870677][T16229] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 723.870698][T16229] RIP: 0033:0x7f365298e929 [ 723.870717][T16229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 723.870735][T16229] RSP: 002b:00007f3653833038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 723.870759][T16229] RAX: ffffffffffffffda RBX: 00007f3652bb5fa0 RCX: 00007f365298e929 [ 723.870775][T16229] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003 [ 723.870789][T16229] RBP: 00007f3652a10b39 R08: 0000000000000004 R09: 0000000000000000 [ 723.870802][T16229] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 723.870816][T16229] R13: 0000000000000000 R14: 00007f3652bb5fa0 R15: 00007ffc6c5524a8 [ 723.870850][T16229] [ 724.151946][ C0] vkms_vblank_simulate: vblank timer overrun [ 724.175878][T16229] Mem-Info: [ 724.179078][T16229] active_anon:232 inactive_anon:6260 isolated_anon:0 [ 724.179078][T16229] active_file:25146 inactive_file:35575 isolated_file:0 [ 724.179078][T16229] unevictable:768 dirty:119 writeback:0 [ 724.179078][T16229] slab_reclaimable:11647 slab_unreclaimable:149489 [ 724.179078][T16229] mapped:30343 shmem:1360 pagetables:1396 [ 724.179078][T16229] sec_pagetables:0 bounce:0 [ 724.179078][T16229] kernel_misc_reclaimable:0 [ 724.179078][T16229] free:1252783 free_pcp:16652 free_cma:0 [ 724.224732][ C0] vkms_vblank_simulate: vblank timer overrun [ 724.231961][T16229] Node 0 active_anon:928kB inactive_anon:25040kB active_file:100384kB inactive_file:142300kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:121372kB dirty:476kB writeback:0kB shmem:3904kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12028kB pagetables:5532kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 724.265613][ C0] vkms_vblank_simulate: vblank timer overrun [ 724.302513][T16229] Node 1 active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:80kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 724.400605][T16229] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 724.429565][ C0] vkms_vblank_simulate: vblank timer overrun [ 724.437759][T16229] lowmem_reserve[]: 0 2501 2503 2503 2503 [ 724.444176][T16229] Node 0 DMA32 free:1088244kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1012kB inactive_anon:26304kB active_file:98632kB inactive_file:142232kB unevictable:1536kB writepending:476kB present:3129332kB managed:2561484kB mlocked:0kB bounce:0kB free_pcp:45148kB local_pcp:23924kB free_cma:0kB [ 724.476883][ C0] vkms_vblank_simulate: vblank timer overrun [ 724.561061][T16229] lowmem_reserve[]: 0 0 1 1 1 [ 724.590609][T16229] Node 0 Normal free:20kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1752kB inactive_file:68kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB [ 724.692503][T16229] lowmem_reserve[]: 0 0 0 0 0 [ 724.697341][T16229] Node 1 Normal free:3902900kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:20152kB local_pcp:6336kB free_cma:0kB [ 724.842764][T16229] lowmem_reserve[]: 0 0 0 0 0 [ 724.883119][T16229] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 724.941768][T16229] Node 0 DMA32: 2817*4kB (UM) 1259*8kB (UM) 982*16kB (UME) 976*32kB (UME) 507*64kB (ME) 286*128kB (UME) 555*256kB (UM) 354*512kB (UME) 216*1024kB (UM) 20*2048kB (UM) 82*4096kB (UME) = 1058684kB [ 725.312560][T16229] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB [ 725.402236][T16229] Node 1 Normal: 213*4kB (UME) 52*8kB (UME) 50*16kB (UME) 229*32kB (UME) 62*64kB (UME) 13*128kB (UME) 5*256kB (UME) 3*512kB (ME) 2*1024kB (ME) 2*2048kB (UE) 947*4096kB (M) = 3902900kB [ 725.477290][T16229] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 725.509554][T16229] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 725.539635][T16229] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 725.609551][T16229] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 725.620118][T16229] 63838 total pagecache pages [ 725.625503][T16229] 0 pages in swap cache [ 725.629702][T16229] Free swap = 124996kB [ 725.634120][T16229] Total swap = 124996kB [ 725.638353][T16229] 2097051 pages RAM [ 725.647422][T16229] 0 pages HighMem/MovableOnly [ 725.658412][T16229] 424573 pages reserved [ 725.663726][T16229] 0 pages cma reserved [ 725.959442][T16262] syzkaller1: entered promiscuous mode [ 725.965607][T16262] syzkaller1: entered allmulticast mode [ 726.010145][T16266] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3784'. [ 727.041687][T16278] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3789'. [ 727.099631][T16278] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 727.109489][T16278] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 727.118999][T16278] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 727.122619][T16280] siw: device registration error -23 [ 727.127802][T16278] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 727.188120][T16280] netlink: 'syz.4.3790': attribute type 13 has an invalid length. [ 727.329849][T16286] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3791'. [ 727.392639][T16288] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 727.662639][T16280] bridge0: port 2(bridge_slave_1) entered disabled state [ 727.671756][T16280] bridge0: port 1(ªªªªª@) entered disabled state [ 727.800614][T16280] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 727.813804][T16280] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 727.961025][T16280] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 727.971747][T16280] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 727.981034][T16280] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 727.991485][T16280] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 729.494322][T16319] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3806'. [ 729.504054][T16319] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 729.630496][T16321] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3807'. [ 729.761298][T16325] siw: device registration error -23 [ 729.807744][T16325] netlink: 'syz.3.3809': attribute type 13 has an invalid length. [ 729.992615][T16327] block nbd0: server does not support multiple connections per device. [ 730.016549][T16327] block nbd0: shutting down sockets [ 730.395888][T16344] netlink: 452 bytes leftover after parsing attributes in process `syz.3.3815'. [ 731.375239][T16353] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3818'. [ 731.403225][T16353] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 731.873980][T16363] siw: device registration error -23 [ 731.884098][T16363] netlink: 'syz.4.3822': attribute type 13 has an invalid length. [ 733.921700][T16382] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3830'. [ 733.931704][T16382] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 734.028599][T16384] xt_CT: No such helper "snmp" [ 734.057153][T16392] netlink: 84 bytes leftover after parsing attributes in process `syz.4.3833'. [ 736.011638][T16417] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 736.203468][T16419] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 736.714099][T16434] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 738.672776][T16466] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3859'. [ 738.684532][T16466] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 739.051935][ T5836] Bluetooth: hci3: command 0x0406 tx timeout [ 742.373568][T16501] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3873'. [ 742.383331][T16501] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 742.867771][T16520] netlink: 'syz.1.3881': attribute type 1 has an invalid length. [ 743.081183][T16520] bond1 (unregistering): Released all slaves [ 744.659871][T16548] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3887'. [ 744.723902][T16548] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 744.731630][T16545] lo speed is unknown, defaulting to 1000 [ 746.779680][T16581] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3902'. [ 746.789548][T16581] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 747.140540][T16597] ptrace attach of "./syz-executor exec"[16598] was attempted by "./syz-executor exec"[16597] [ 747.979623][T16599] lo speed is unknown, defaulting to 1000 [ 750.787523][T16633] ptrace attach of "./syz-executor exec"[16634] was attempted by "./syz-executor exec"[16633] [ 751.766568][T16640] sctp: [Deprecated]: syz.1.3919 (pid 16640) Use of int in maxseg socket option. [ 751.766568][T16640] Use struct sctp_assoc_value instead [ 752.328876][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 753.514648][T16666] ptrace attach of "./syz-executor exec"[16667] was attempted by "./syz-executor exec"[16666] [ 753.967622][T16673] lo speed is unknown, defaulting to 1000 [ 754.049343][T16676] sctp: [Deprecated]: syz.3.3933 (pid 16676) Use of int in maxseg socket option. [ 754.049343][T16676] Use struct sctp_assoc_value instead [ 754.377345][T16685] geneve2: entered allmulticast mode [ 754.491235][T16690] netlink: 'syz.0.3938': attribute type 13 has an invalid length. [ 754.576137][T16697] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3942'. [ 755.384659][T16707] ptrace attach of "./syz-executor exec"[16708] was attempted by "./syz-executor exec"[16707] [ 758.356607][T16751] ptrace attach of "./syz-executor exec"[16752] was attempted by "./syz-executor exec"[16751] [ 760.813985][T16792] ptrace attach of "./syz-executor exec"[16793] was attempted by "./syz-executor exec"[16792] [ 761.576858][T16794] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3977'. [ 761.586531][T16794] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 762.182482][T16814] block nbd0: server does not support multiple connections per device. [ 762.214630][T16814] block nbd0: shutting down sockets [ 765.043339][T16876] netlink: 'syz.3.4011': attribute type 1 has an invalid length. [ 765.168512][T16876] 8021q: adding VLAN 0 to HW filter on device bond1 [ 765.193413][T16879] bond1: (slave gretap1): making interface the new active one [ 765.202989][T16879] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 765.575454][T16898] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4020'. [ 765.669141][T16898] bond0: (slave macvlan2): Error -98 calling set_mac_address [ 765.964997][T16906] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 766.021730][T16906] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 766.268813][T16906] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 766.280217][T16906] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 766.817063][T16906] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 767.022796][T16906] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 767.092581][ T6728] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 767.361435][ T6728] usb 4-1: config 0 has an invalid interface number: 214 but max is 0 [ 767.394530][ T6728] usb 4-1: config 0 has no interface number 0 [ 767.400768][ T6728] usb 4-1: config 0 interface 214 altsetting 4 endpoint 0x6 has invalid maxpacket 520, setting to 64 [ 767.415576][ T6728] usb 4-1: config 0 interface 214 has no altsetting 0 [ 767.427718][ T6728] usb 4-1: New USB device found, idVendor=0499, idProduct=1008, bcdDevice=6c.26 [ 767.457312][ T6728] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 767.474377][T16906] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 767.484705][ T6728] usb 4-1: Product: syz [ 767.484728][ T6728] usb 4-1: Manufacturer: syz [ 767.484746][ T6728] usb 4-1: SerialNumber: syz [ 767.499542][ T6728] usb 4-1: config 0 descriptor?? [ 767.504807][T16906] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 767.520339][T16950] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 767.882833][T16906] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 767.891966][T16906] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 767.916623][T16906] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 767.928158][T16906] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 767.968449][T16906] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 767.979254][T16906] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 768.035202][T16906] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 768.049547][T16906] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 769.070319][T17006] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 769.552349][ T6728] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 769.724115][ T6728] snd-usb-audio 4-1:0.214: probe with driver snd-usb-audio failed with error -2 [ 769.799840][ T6728] usb 4-1: USB disconnect, device number 16 [ 770.682391][ T6758] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 771.244299][ T6758] usb 5-1: Using ep0 maxpacket: 8 [ 771.255836][ T6758] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 771.313679][ T6758] usb 5-1: config 0 has no interfaces? [ 771.331951][ T6758] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 771.344781][ T6758] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 771.353164][ T6758] usb 5-1: Product: syz [ 771.357469][ T6758] usb 5-1: Manufacturer: syz [ 771.374568][ T6758] usb 5-1: SerialNumber: syz [ 771.395630][ T6758] usb 5-1: config 0 descriptor?? [ 771.621661][T17044] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 771.650481][T17044] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 771.681868][ T6728] usb 5-1: USB disconnect, device number 16 [ 773.232207][T17063] sctp: failed to load transform for md5: -4 [ 773.789821][T17080] netlink: 'syz.1.4094': attribute type 3 has an invalid length. [ 776.957060][ T5937] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 777.142244][ T5937] usb 2-1: Using ep0 maxpacket: 32 [ 777.152131][ T5937] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 777.160199][ T5937] usb 2-1: config 0 has no interface number 0 [ 777.319028][ T5937] usb 2-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 777.335863][ T5937] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 777.352300][ T5937] usb 2-1: Product: syz [ 778.343554][ T5937] usb 2-1: Manufacturer: syz [ 778.348302][ T5937] usb 2-1: SerialNumber: syz [ 778.356015][ T5937] usb 2-1: config 0 descriptor?? [ 778.557523][ T5937] usb 2-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 778.667335][ T5937] usb 2-1: selecting invalid altsetting 1 [ 778.673565][ T5937] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 778.688339][ T5937] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 778.715393][ T5937] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 778.733189][ T5937] usb 2-1: media controller created [ 778.773819][T17152] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4118'. [ 778.790872][ T5937] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 780.024052][ T5937] usb 2-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 780.031409][ T5937] zl10353_read_register: readreg error (reg=127, ret==-71) [ 780.063117][ T5937] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 780.111489][ T5937] usb 2-1: USB disconnect, device number 8 [ 783.154098][T17196] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4131'. [ 784.008248][T17201] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4132'. [ 785.728721][T17224] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4144'. [ 787.146157][ T5847] Bluetooth: hci4: ISO packet for unknown connection handle 0 [ 788.882986][T17259] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4156'. [ 792.572753][T17298] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4168'. [ 795.230177][T17321] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 796.233080][T17323] netlink: 96 bytes leftover after parsing attributes in process `syz.4.4174'. [ 796.634677][T17335] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4181'. [ 799.245146][T17360] xt_nfacct: accounting object `syz1' does not exists [ 799.464177][T17362] netlink: 60 bytes leftover after parsing attributes in process `syz.4.4189'. [ 801.953225][T17388] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 803.921212][T17415] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4205'. [ 806.920679][T17434] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 807.917422][T17452] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4222'. [ 810.539794][T17477] 9pnet_fd: Insufficient options for proto=fd [ 813.071780][T17494] netlink: 48 bytes leftover after parsing attributes in process `syz.4.4236'. [ 814.384106][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 815.600780][T17521] 9pnet_fd: Insufficient options for proto=fd [ 816.402265][ T5836] Bluetooth: hci3: command 0x0406 tx timeout [ 816.572528][T17528] block nbd0: server does not support multiple connections per device. [ 816.593730][T17528] block nbd0: shutting down sockets [ 816.803861][ T6754] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 817.152465][ T6728] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 817.712109][ T6754] usb 3-1: Using ep0 maxpacket: 16 [ 817.724294][ T6754] usb 3-1: config 0 has an invalid interface number: 105 but max is 0 [ 817.748128][ T6754] usb 3-1: config 0 descriptor has 1 excess byte, ignoring [ 817.765576][ T6754] usb 3-1: config 0 has no interface number 0 [ 817.789817][ T6754] usb 3-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 817.804207][ T6728] usb 5-1: config 0 interface 0 altsetting 238 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 817.816041][ T6754] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 817.822096][ T6728] usb 5-1: config 0 interface 0 altsetting 238 endpoint 0x81 has invalid wMaxPacketSize 0 [ 817.959287][ T6754] usb 3-1: Product: syz [ 817.971453][ T6754] usb 3-1: Manufacturer: syz [ 817.976224][ T6754] usb 3-1: SerialNumber: syz [ 817.997600][ T6754] usb 3-1: config 0 descriptor?? [ 818.027236][ T6728] usb 5-1: config 0 interface 0 has no altsetting 0 [ 818.035022][ T6754] usb 3-1: Found UVC 0.00 device syz (046d:08f3) [ 818.042138][ T6728] usb 5-1: New USB device found, idVendor=1a34, idProduct=f705, bcdDevice= 0.00 [ 818.662564][ T6754] usb 3-1: No valid video chain found. [ 818.844538][ T6728] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 818.856315][ T6728] usb 5-1: config 0 descriptor?? [ 819.767336][ T6728] usbhid 5-1:0.0: can't add hid device: -71 [ 819.815205][ T6728] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 819.853374][ T6728] usb 5-1: USB disconnect, device number 17 [ 820.722931][ T6728] usb 3-1: USB disconnect, device number 16 [ 823.208465][T17590] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4263'. [ 834.966210][T17768] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4321'. [ 834.993872][T17768] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4321'. [ 835.602397][T17784] netlink: 'syz.2.4327': attribute type 10 has an invalid length. [ 837.557819][T17811] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4337'. [ 838.000029][T17822] netlink: 276 bytes leftover after parsing attributes in process `syz.2.4340'. [ 839.985920][T17837] 9pnet_fd: Insufficient options for proto=fd [ 841.192426][T17848] veth0: entered promiscuous mode [ 841.332515][T17854] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4349'. [ 841.458442][T17860] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4351'. [ 841.563913][T17846] veth0: left promiscuous mode [ 841.853115][T17870] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4356'. [ 841.903269][T17870] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4356'. [ 841.929737][T17870] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4356'. [ 842.368556][T17880] 9pnet_fd: Insufficient options for proto=fd [ 842.892792][ T5836] Bluetooth: hci1: command 0x0406 tx timeout [ 843.436616][T17896] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4364'. [ 843.560771][T17899] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4365'. [ 843.754518][T17907] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4369'. [ 843.765301][T17907] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4369'. [ 843.801732][T17907] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4369'. [ 843.905007][T17902] [ 843.907414][T17902] ====================================================== [ 843.914450][T17902] WARNING: possible circular locking dependency detected [ 843.921477][T17902] 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 Not tainted [ 843.928584][T17902] ------------------------------------------------------ [ 843.935600][T17902] syz.2.4366/17902 is trying to acquire lock: [ 843.941674][T17902] ffffffff8e223fc8 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0x286/0x16b0 [ 843.951298][T17902] [ 843.951298][T17902] but task is already holding lock: [ 843.958675][T17902] ffff8880254500a8 (&q->q_usage_counter(io)#51){++++}-{0:0}, at: nbd_start_device+0x16c/0xac0 [ 843.968992][T17902] [ 843.968992][T17902] which lock already depends on the new lock. [ 843.968992][T17902] [ 843.979440][T17902] [ 843.979440][T17902] the existing dependency chain (in reverse order) is: [ 843.988467][T17902] [ 843.988467][T17902] -> #2 (&q->q_usage_counter(io)#51){++++}-{0:0}: [ 843.997115][T17902] lock_acquire+0x120/0x360 [ 844.002170][T17902] blk_alloc_queue+0x538/0x620 [ 844.007484][T17902] __blk_mq_alloc_disk+0x162/0x340 [ 844.013129][T17902] nbd_dev_add+0x476/0xb00 [ 844.018081][T17902] nbd_init+0x21a/0x2d0 [ 844.022793][T17902] do_one_initcall+0x233/0x820 [ 844.028082][T17902] do_initcall_level+0x137/0x1f0 [ 844.033548][T17902] do_initcalls+0x69/0xd0 [ 844.038407][T17902] kernel_init_freeable+0x3d9/0x570 [ 844.044139][T17902] kernel_init+0x1d/0x1d0 [ 844.049000][T17902] ret_from_fork+0x3fc/0x770 [ 844.054121][T17902] ret_from_fork_asm+0x1a/0x30 [ 844.059410][T17902] [ 844.059410][T17902] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 844.066632][T17902] lock_acquire+0x120/0x360 [ 844.071681][T17902] fs_reclaim_acquire+0x72/0x100 [ 844.077155][T17902] prepare_alloc_pages+0x153/0x610 [ 844.082796][T17902] __alloc_frozen_pages_noprof+0x123/0x370 [ 844.089138][T17902] __alloc_pages_noprof+0xa/0x30 [ 844.094606][T17902] pcpu_populate_chunk+0x182/0xb30 [ 844.100244][T17902] pcpu_alloc_noprof+0xcbf/0x16b0 [ 844.105795][T17902] xt_percpu_counter_alloc+0x161/0x220 [ 844.111786][T17902] translate_table+0x1323/0x2040 [ 844.117261][T17902] ip6t_register_table+0x106/0x7d0 [ 844.122900][T17902] ip6table_filter_table_init+0x75/0xb0 [ 844.128997][T17902] xt_find_table_lock+0x309/0x3e0 [ 844.134551][T17902] xt_request_find_table_lock+0x26/0x100 [ 844.140715][T17902] do_ip6t_get_ctl+0x730/0x1180 [ 844.146109][T17902] nf_getsockopt+0x26b/0x290 [ 844.151226][T17902] ipv6_getsockopt+0x1ed/0x290 [ 844.156529][T17902] do_sock_getsockopt+0x360/0x650 [ 844.162094][T17902] __x64_sys_getsockopt+0x1a5/0x250 [ 844.167841][T17902] do_syscall_64+0xfa/0x3b0 [ 844.172888][T17902] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 844.179317][T17902] [ 844.179317][T17902] -> #0 (pcpu_alloc_mutex){+.+.}-{4:4}: [ 844.187061][T17902] validate_chain+0xb9b/0x2140 [ 844.192357][T17902] __lock_acquire+0xab9/0xd20 [ 844.197574][T17902] lock_acquire+0x120/0x360 [ 844.202643][T17902] __mutex_lock+0x182/0xe80 [ 844.207691][T17902] pcpu_alloc_noprof+0x286/0x16b0 [ 844.213250][T17902] sbitmap_init_node+0x1e1/0x630 [ 844.218724][T17902] sbitmap_queue_init_node+0x41/0x660 [ 844.224628][T17902] blk_mq_init_tags+0x110/0x280 [ 844.230006][T17902] blk_mq_alloc_map_and_rqs+0xbd/0x9f0 [ 844.236009][T17902] blk_mq_update_nr_hw_queues+0x76a/0x14c0 [ 844.242437][T17902] nbd_start_device+0x16c/0xac0 [ 844.247827][T17902] nbd_ioctl+0x636/0xeb0 [ 844.252615][T17902] blkdev_ioctl+0x5a8/0x6d0 [ 844.257650][T17902] __se_sys_ioctl+0xf9/0x170 [ 844.262782][T17902] do_syscall_64+0xfa/0x3b0 [ 844.267835][T17902] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 844.274431][T17902] [ 844.274431][T17902] other info that might help us debug this: [ 844.274431][T17902] [ 844.284662][T17902] Chain exists of: [ 844.284662][T17902] pcpu_alloc_mutex --> fs_reclaim --> &q->q_usage_counter(io)#51 [ 844.284662][T17902] [ 844.298351][T17902] Possible unsafe locking scenario: [ 844.298351][T17902] [ 844.305807][T17902] CPU0 CPU1 [ 844.311205][T17902] ---- ---- [ 844.316587][T17902] lock(&q->q_usage_counter(io)#51); [ 844.321977][T17902] lock(fs_reclaim); [ 844.328497][T17902] lock(&q->q_usage_counter(io)#51); [ 844.336401][T17902] lock(pcpu_alloc_mutex); [ 844.340908][T17902] [ 844.340908][T17902] *** DEADLOCK *** [ 844.340908][T17902] [ 844.349058][T17902] 5 locks held by syz.2.4366/17902: [ 844.354254][T17902] #0: ffff88802540a230 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_ioctl+0x131/0xeb0 [ 844.363609][T17902] #1: ffff88802540a188 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0x3b/0x14c0 [ 844.375036][T17902] #2: ffff88802540a0d8 (&set->tag_list_lock){+.+.}-{4:4}, at: blk_mq_update_nr_hw_queues+0x49/0x14c0 [ 844.386033][T17902] #3: ffff8880254500a8 (&q->q_usage_counter(io)#51){++++}-{0:0}, at: nbd_start_device+0x16c/0xac0 [ 844.396770][T17902] #4: ffff8880254500e0 (&q->q_usage_counter(queue)#3){+.+.}-{0:0}, at: nbd_start_device+0x16c/0xac0 [ 844.407688][T17902] [ 844.407688][T17902] stack backtrace: [ 844.413581][T17902] CPU: 1 UID: 0 PID: 17902 Comm: syz.2.4366 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) [ 844.413603][T17902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 844.413613][T17902] Call Trace: [ 844.413620][T17902] [ 844.413628][T17902] dump_stack_lvl+0x189/0x250 [ 844.413657][T17902] ? __pfx_dump_stack_lvl+0x10/0x10 [ 844.413680][T17902] ? __pfx__printk+0x10/0x10 [ 844.413696][T17902] ? print_lock_name+0xde/0x100 [ 844.413723][T17902] print_circular_bug+0x2ee/0x310 [ 844.413750][T17902] check_noncircular+0x134/0x160 [ 844.413777][T17902] validate_chain+0xb9b/0x2140 [ 844.413810][T17902] __lock_acquire+0xab9/0xd20 [ 844.413837][T17902] ? pcpu_alloc_noprof+0x286/0x16b0 [ 844.413856][T17902] lock_acquire+0x120/0x360 [ 844.413875][T17902] ? pcpu_alloc_noprof+0x286/0x16b0 [ 844.413900][T17902] __mutex_lock+0x182/0xe80 [ 844.413925][T17902] ? pcpu_alloc_noprof+0x286/0x16b0 [ 844.413944][T17902] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 844.413967][T17902] ? kasan_save_track+0x4f/0x80 [ 844.413983][T17902] ? kasan_save_track+0x3e/0x80 [ 844.414004][T17902] ? __kmalloc_cache_node_noprof+0x234/0x3d0 [ 844.414032][T17902] ? pcpu_alloc_noprof+0x286/0x16b0 [ 844.414060][T17902] ? blk_mq_alloc_map_and_rqs+0xbd/0x9f0 [ 844.414083][T17902] ? blk_mq_update_nr_hw_queues+0x76a/0x14c0 [ 844.414109][T17902] ? __pfx___mutex_lock+0x10/0x10 [ 844.414131][T17902] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 844.414155][T17902] pcpu_alloc_noprof+0x286/0x16b0 [ 844.414180][T17902] sbitmap_init_node+0x1e1/0x630 [ 844.414205][T17902] ? __kasan_kmalloc+0x93/0xb0 [ 844.414223][T17902] sbitmap_queue_init_node+0x41/0x660 [ 844.414247][T17902] ? __raw_spin_lock_init+0x45/0x100 [ 844.414264][T17902] blk_mq_init_tags+0x110/0x280 [ 844.414282][T17902] blk_mq_alloc_map_and_rqs+0xbd/0x9f0 [ 844.414308][T17902] ? blk_mq_update_nr_hw_queues+0x678/0x14c0 [ 844.414333][T17902] ? kfree+0x18e/0x440 [ 844.414351][T17902] blk_mq_update_nr_hw_queues+0x76a/0x14c0 [ 844.414383][T17902] nbd_start_device+0x16c/0xac0 [ 844.414407][T17902] ? security_capable+0x7e/0x2e0 [ 844.414434][T17902] nbd_ioctl+0x636/0xeb0 [ 844.414460][T17902] ? __pfx_nbd_ioctl+0x10/0x10 [ 844.414482][T17902] ? __asan_memset+0x22/0x50 [ 844.414496][T17902] ? smack_file_ioctl+0x24a/0x340 [ 844.414515][T17902] ? __pfx_smack_file_ioctl+0x10/0x10 [ 844.414533][T17902] ? __pfx_nbd_ioctl+0x10/0x10 [ 844.414558][T17902] blkdev_ioctl+0x5a8/0x6d0 [ 844.414582][T17902] ? __pfx_blkdev_ioctl+0x10/0x10 [ 844.414602][T17902] ? __fget_files+0x2a/0x420 [ 844.414625][T17902] ? bpf_lsm_file_ioctl+0x9/0x20 [ 844.414646][T17902] ? __pfx_blkdev_ioctl+0x10/0x10 [ 844.414667][T17902] __se_sys_ioctl+0xf9/0x170 [ 844.414684][T17902] do_syscall_64+0xfa/0x3b0 [ 844.414709][T17902] ? lockdep_hardirqs_on+0x9c/0x150 [ 844.414731][T17902] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 844.414746][T17902] ? clear_bhb_loop+0x60/0xb0 [ 844.414764][T17902] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 844.414779][T17902] RIP: 0033:0x7f5a4038e929 [ 844.414794][T17902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 844.414808][T17902] RSP: 002b:00007f5a411b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 844.414830][T17902] RAX: ffffffffffffffda RBX: 00007f5a405b5fa0 RCX: 00007f5a4038e929 [ 844.414842][T17902] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 844.414851][T17902] RBP: 00007f5a40410b39 R08: 0000000000000000 R09: 0000000000000000 [ 844.414861][T17902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 844.414870][T17902] R13: 0000000000000000 R14: 00007f5a405b5fa0 R15: 00007ffcebacd2a8 [ 844.414887][T17902] [ 844.969555][ T5847] block nbd2: Receive control failed (result -32) [ 844.969555][ T5836] block nbd2: Receive control failed (result -32) [ 845.003404][T17902] block nbd2: shutting down sockets [ 845.153683][ T6758] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 845.292196][ T6758] usb 2-1: device descriptor read/64, error -71 [ 845.553638][ T6758] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 845.682134][ T6758] usb 2-1: device descriptor read/64, error -71 [ 845.792441][ T6758] usb usb2-port1: attempt power cycle [ 846.152099][ T6758] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 846.172695][ T6758] usb 2-1: device descriptor read/8, error -71 [ 846.422203][ T6758] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 846.452860][ T6758] usb 2-1: device descriptor read/8, error -71 [ 846.572615][ T6758] usb usb2-port1: unable to enumerate USB device