last executing test programs: 3m3.9166196s ago: executing program 2 (id=3787): r0 = socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00'], 0x20}}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x4000000000001ac, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x5, 0x8) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r4, &(0x7f00000002c0)=ANY=[], 0x15) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10) r6 = bpf$MAP_CREATE(0x0, 0x0, 0x0) r7 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_ENUMINPUT(r7, 0xc050561a, &(0x7f0000000180)={0x2, "b3bdef8a6c86dd43fd39a0cba9f0d90de0b4dc9fd32607136370bf515fa3ea9e", 0x1, 0xfffffde6, 0x2, 0x1, 0x2000000, 0x8}) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r6, &(0x7f0000000100), 0x0, 0x2}, 0x20) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0xb, 0x0, 0x0) r8 = syz_create_resource$binfmt(&(0x7f0000000e40)='./file0\x00') openat$binfmt(0xffffff9c, r8, 0x41, 0x1ff) execve(&(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0) execve(&(0x7f0000001040)='./file0\x00', 0x0, &(0x7f0000001280)={[0x0]}) preadv(0xffffffffffffffff, &(0x7f0000000480)=[{&(0x7f0000000180)=""/165, 0xa5}], 0x1, 0x0, 0x0) 3m1.976992793s ago: executing program 2 (id=3788): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$KVM_GET_NESTED_STATE(0xffffffffffffffff, 0x40140921, 0x0) r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0) listen(r4, 0x4) socket$rds(0x15, 0x5, 0x0) 3m1.21545355s ago: executing program 2 (id=3791): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000400012800c0001"], 0x68}}, 0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'}) write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0xfdef) 3m0.037679275s ago: executing program 2 (id=3796): r0 = socket$inet(0xa, 0x801, 0x84) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f00000005c0)={0x0, 0x7f}, &(0x7f0000000a40)=0x8) 2m59.946813743s ago: executing program 2 (id=3798): sched_setscheduler(0x0, 0x1, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="043e110b"], 0xfc) 2m59.76511331s ago: executing program 2 (id=3799): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket(0x840000000002, 0x3, 0xfa) connect$inet(r1, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r1, &(0x7f0000005240), 0x4000095, 0x0) 2m44.38438625s ago: executing program 32 (id=3799): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket(0x840000000002, 0x3, 0xfa) connect$inet(r1, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r1, &(0x7f0000005240), 0x4000095, 0x0) 25.077176985s ago: executing program 0 (id=4205): r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000040)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) openat$nvram(0xffffffffffffff9c, &(0x7f0000002440), 0x80, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000680)={0x24, r4, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}]}, 0x24}}, 0x0) r6 = socket$l2tp(0x2, 0x2, 0x73) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000680), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f00000006c0)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000700)={0x24, r8, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r9}]}, 0x24}}, 0x0) 23.740277724s ago: executing program 1 (id=4208): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=@updpolicy={0xb8, 0x15, 0xfd3649826d894c67, 0x0, 0x20000, {{@in6=@local, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x80, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}}}, 0xb8}}, 0x0) 23.602023076s ago: executing program 1 (id=4209): setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f00000010c0)=0x5, 0x4) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xa, [{}, {0x10}]}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = socket(0x1a, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000440)='gre0\x00', 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000a85"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)={0x6, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r3, 0x0) write$tun(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaa589051c4773856aaaabb000c0300000000020000cf4b1686dd170311d8e73d3c162c1c3dc82478eabffcecc5ad6ec9560413f0b6850529ef982f260a70ddc74a9e629a374d5a005df6469c197b4df42a365e1fe7a3baf42745e632b80ef8e78c21c244f7f64dcca0c560eae5f92957275bc68d41b96a8b258a6cc1dcafbf050db013311386f0b32dc7112192ce0b27d10c50901add85375b1151bd348a1f56f72958664ad50094f929e4f088d99b9069600922caf73e4e6682456cee7287d26cafc5b72f34b853dcc9e7e43388de9dc924332e9b8a96ff6c36160846399e90ad718e1ae6b6366d04f103a049319246f429647a22ca7b5918e0f09402e5bd"], 0x1e) open(0x0, 0x400141042, 0x0) mount(&(0x7f00000002c0)=@nullb, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f00000000c0)=0x1) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x100010, r3, 0x86435000) r5 = open(&(0x7f00000005c0)='./bus\x00', 0x145842, 0x0) pwritev2(r5, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x100000}], 0x2, 0x0, 0x0, 0xb) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_GET(r6, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={0x0, 0x14}}, 0x0) 23.028749897s ago: executing program 1 (id=4211): r0 = openat$udambuf(0xffffff9c, 0x0, 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, 0x0) 22.99409134s ago: executing program 5 (id=4212): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f0000004cc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r0, @ANYBLOB="0000000014000000000000000100000001"], 0x30, 0x40400d1}}], 0x1, 0x10) 22.922935287s ago: executing program 1 (id=4213): r0 = shmget(0x1, 0x4000, 0x200, &(0x7f0000ff8000/0x4000)=nil) shmat(r0, &(0x7f0000ffd000/0x2000)=nil, 0x6000) shmctl$IPC_RMID(r0, 0x0) 22.922719587s ago: executing program 5 (id=4214): unshare(0x22020400) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4efad000) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000002640), 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000077c0)={0x2020}, 0x2020) close_range(r1, 0xffffffffffffffff, 0x0) 22.88000123s ago: executing program 1 (id=4215): r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r0, &(0x7f00000001c0)={0x1a, 0x0, 0x3, 0x0, 0x0, 0x0, @dev}, 0x10) poll(&(0x7f0000000280)=[{r0, 0x1}], 0x1, 0x0) 22.580666797s ago: executing program 0 (id=4218): syz_open_dev$dri(0x0, 0x3ff, 0x4f6482) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) socket$nl_xfrm(0x10, 0x3, 0x6) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$TOKEN_CREATE(0x24, &(0x7f0000000400)={0x0, r2}, 0x8) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='host1x_channel_submit_complete\x00', r3, 0x0, 0x80000000025}, 0x18) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_GET_BYINDEX(r4, &(0x7f0000000500)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000700)={&(0x7f0000000580)={0x44, 0xf, 0x6, 0x301, 0x0, 0x0, {0x3, 0x0, 0x4}, [@IPSET_ATTR_INDEX={0x6, 0xb, 0x2}, @IPSET_ATTR_INDEX={0x6}, @IPSET_ATTR_INDEX={0x6, 0xb, 0x2}, @IPSET_ATTR_INDEX={0x6, 0xb, 0xffffffffffffffff}, @IPSET_ATTR_INDEX={0x6, 0xb, 0x2}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}}, 0x20000000) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000054000000030a01030000000000000000050000000900010073797a30000000000900030073797a320000000028000c80080002400000000008000140000000001400030076657468315f09005f6873720000000014000000020a090100000000000000000000000014000000110001"], 0xb0}}, 0x0) prctl$PR_MCE_KILL(0x41, 0x2, 0x0) r6 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r6, 0x29, 0x39, &(0x7f0000000040)="ff0204000000000100000000000000000000000000000205", 0x18) sendmmsg$inet6(r6, &(0x7f0000001c80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) semctl$SEM_STAT(0x0, 0x2, 0x12, &(0x7f0000000600)=""/250) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB="f800000012000100000000000000000000000000000000000000000000000000ff0100000000000000000000000000010000000000000000000000003b0000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000010000000033000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff020000fd00000000000000000500000005000000"], 0xf8}}, 0x800) 22.428963391s ago: executing program 4 (id=4219): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = fsopen(&(0x7f0000000240)='sockfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) fsmount(r1, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f00000003c0)=ANY=[@ANYBLOB="9feb010018000000000000003800000038000000090000000000000001000004ff000000050000000400000040000000000000000100000d000000000000000000000000000000000000000a000000000000002e0061615f00db3230b4fe5f040b196a684aeca86216505465fbee977187ce6d95c04f6168bfbbac21a57414"], &(0x7f0000000340)=""/5, 0x59, 0x5, 0x1, 0x0, 0x0, @void, @value}, 0x20) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[@ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00001d00000000000000000000ff0000000000000000f5ff00"/111], 0xb8}}, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$TCFLSH(r6, 0x400455c8, 0x2) ioctl$TIOCSETD(r6, 0x5412, &(0x7f0000000140)=0xffffffc0) 22.166871814s ago: executing program 3 (id=4220): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001640)={0x2, 0x1, 0x0, 0x9, 0x8, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x20}}}]}, 0x40}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001ec0)=ANY=[@ANYBLOB="020100030a0000000000000000000000020010000000000200000000000000000300050000000000020000009d1414000000000000000000030006000000000002000000ac14"], 0x50}}, 0x0) 21.641616921s ago: executing program 0 (id=4221): setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f00000010c0)=0x5, 0x4) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xa, [{}, {0x10}]}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = socket(0x1a, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000440)='gre0\x00', 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000a85"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)={0x6, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r3, 0x0) write$tun(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaa589051c4773856aaaabb000c0300000000020000cf4b1686dd170311d8e73d3c162c1c3dc82478eabffcecc5ad6ec9560413f0b6850529ef982f260a70ddc74a9e629a374d5a005df6469c197b4df42a365e1fe7a3baf42745e632b80ef8e78c21c244f7f64dcca0c560eae5f92957275bc68d41b96a8b258a6cc1dcafbf050db013311386f0b32dc7112192ce0b27d10c50901add85375b1151bd348a1f56f72958664ad50094f929e4f088d99b9069600922caf73e4e6682456cee7287d26cafc5b72f34b853dcc9e7e43388de9dc924332e9b8a96ff6c36160846399e90ad718e1ae6b6366d04f103a049319246f429647a22ca7b5918e0f09402e5bd"], 0x1e) open(0x0, 0x400141042, 0x0) mount(&(0x7f00000002c0)=@nullb, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f00000000c0)=0x1) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x100010, r3, 0x86435000) r5 = open(&(0x7f00000005c0)='./bus\x00', 0x145842, 0x0) pwritev2(r5, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x100000}], 0x2, 0x0, 0x0, 0xb) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_GET(r6, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={0x0, 0x14}}, 0x0) 21.553328169s ago: executing program 1 (id=4222): r0 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3) r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2) r2 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3) ftruncate(r2, 0xffff) fcntl$addseals(r2, 0x409, 0x7) r3 = ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f0000000100)={r2, 0x0, 0x0, 0x1000}) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = socket$unix(0x1, 0x5, 0x0) bind$unix(r5, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) mount$9p_fd(0x0, &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f00000001c0), 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r0]) 21.482988765s ago: executing program 3 (id=4223): r0 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000240)={0xa1, 0x0, 0x0, 0x200, 0x2000}, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 21.482805335s ago: executing program 5 (id=4224): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) r1 = userfaultfd(0x801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}, 0x1}) ioctl$UFFDIO_CONTINUE(r1, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) 21.412526321s ago: executing program 4 (id=4225): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r3 = accept(r0, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000100)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0x85c}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 21.3130583s ago: executing program 5 (id=4226): userfaultfd(0x80001) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000e80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)={0x90, 0xfffffffffffffff5, 0x400, {0x3, 0x0, 0x20fff, 0x4, 0xfffffffd, 0x400, {0x1, 0xff, 0x2, 0x6, 0x2, 0x0, 0x2, 0x1ff, 0x9, 0x8000, 0xb, 0x0, 0x0, 0x0, 0x54}}}, 0x0, 0x0, 0x0, 0x0}) unshare(0x20000400) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 21.066939832s ago: executing program 3 (id=4227): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$getregset(0x4205, r0, 0x2, &(0x7f0000000080)={0x0, 0x6c00}) 21.066630132s ago: executing program 5 (id=4228): socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f00000000c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @broadcast}}}, 0x108) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) openat$adsp1(0xffffffffffffff9c, 0x0, 0x8200, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000300), 0x43, 0x20044800) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = syz_open_dev$vim2m(&(0x7f0000000080), 0x1, 0x2) ioctl$vim2m_VIDIOC_STREAMOFF(r5, 0x40045612, &(0x7f0000000000)=0x1) socket$inet6_sctp(0xa, 0x0, 0x84) fanotify_mark(0xffffffffffffffff, 0x1, 0x0, 0xffffffffffffffff, 0x0) ioctl$vim2m_VIDIOC_QBUF(r5, 0xc058560f, &(0x7f0000000140)=@multiplanar_mmap={0x0, 0x1, 0x4, 0x0, 0x0, {0x0, 0x2710}, {}, 0x0, 0x1, {0x0}}) close(r5) r6 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00') preadv(r6, &(0x7f0000002200)=[{&(0x7f0000000000)=""/9, 0x9}, {&(0x7f0000002480)=""/95, 0x5f}], 0x2, 0x5e, 0xfffffffc) 20.926501395s ago: executing program 0 (id=4229): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) connect$pppoe(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000280)=ANY=[]) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000840)=@filter={'filter\x00', 0x2, 0x4, 0x378, 0xffffffff, 0x0, 0xf8, 0xf8, 0xfeffffff, 0xffffffff, 0x2f8, 0x2f8, 0x2f8, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xa8, 0xd0}, @REJECT={0x28}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @dev}, @ipv4={'\x00', '\xff\xff', @remote}, [], [], 'sit0\x00', 'dvmrp0\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}, {{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@loopback}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) r1 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x4, 0x1}) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) 20.828885683s ago: executing program 3 (id=4230): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00224f00000015a8407a330b93bf02800300000080"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r1, 0x40184810, 0x0) socket(0x29, 0x2, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "00009200000000000000000000000058b200"}) r3 = syz_open_pts(r2, 0x0) r4 = dup(r3) ioctl$F2FS_IOC_MOVE_RANGE(r4, 0x541b, &(0x7f0000000080)={0xffffffffffffffff}) close_range(r5, r3, 0x0) 20.702882964s ago: executing program 4 (id=4231): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000000)={0x0, 0x43, 0x0, 0x4}, 0xc) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x1}, 0xe) 20.427747619s ago: executing program 4 (id=4232): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$LOOP_SET_DIRECT_IO(0xffffffffffffffff, 0x4c08, 0xfffffffffffffff9) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) r5 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r4, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0) 20.117711827s ago: executing program 5 (id=4233): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) ioctl$VHOST_GET_VRING_ENDIAN(r0, 0x4028af11, &(0x7f0000000040)) 19.483230893s ago: executing program 4 (id=4234): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x5, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) sendmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="e8000000000000000b210000ff3f7c081e0f315b91fcaec7bf495d5c618332756cbb1bb9ce6d12b9d976d1f33aca41e50a3342bcd67c311f7885a05c3fcf2ae21f1498ec481e7ca2c3ca4c7b3bf94448f62e111e5a79929b9182cc977ba6ae766ce37bdaac6da997fbc15f0c79f42155b99a280667b51fdc7902d7be5ef41f953fedb32aceeada13250626957e2013d5b12cc916541ccbeb0d4060a4dd89664eaba2f6b4ede0c9e3dc1c9446d9284ebe0e46eee7bc145ff0a2779c025553298812978ea53a8c60f254f23344a80a0aac7b141787bad6b0ba090000005f2f3158f0d200000000000070000000000000000701000040000000afbb30c2946e41ef3167d1f6ed47aa1f52bad114a89dbed741f74a23cd8d915e2dcc74a4932646b90f90a9d3956d5cadb642ac79fcb0aae3654482188263abd27e9d57cc28032453dc75f333e1f367ab38b7e7719805a454e79802d07ec60c00b0000000000000000100000001"], 0x208}, 0x0) socketpair(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg(r5, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[], 0x208}, 0x0) recvmmsg(r6, &(0x7f0000001dc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=""/188, 0xbc, 0xdf0e}}], 0x1800, 0x2002, 0x0) r7 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r7, 0x2285, &(0x7f00000005c0)={0x53, 0xfffffffc, 0x6, 0x0, @buffer={0x0, 0xca, &(0x7f0000000300)=""/202}, &(0x7f00000000c0)="008d7acda0b2", 0x0, 0x0, 0x0, 0x0, 0x0}) socket$rds(0x15, 0x5, 0x0) 18.890754306s ago: executing program 4 (id=4235): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = fsopen(&(0x7f0000000240)='sockfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) fsmount(r1, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f00000003c0)=ANY=[@ANYBLOB="9feb010018000000000000003800000038000000090000000000000001000004ff000000050000000400000040000000000000000100000d000000000000000000000000000000000000000a000000000000002e0061615f00db3230b4fe5f040b196a684aeca86216505465fbee977187ce6d95c04f6168bfbbac21a57414"], &(0x7f0000000340)=""/5, 0x59, 0x5, 0x1, 0x0, 0x0, @void, @value}, 0x20) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[@ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00001d00000000000000000000ff0000000000000000f5ff00"/111], 0xb8}}, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$TCFLSH(r6, 0x400455c8, 0x2) ioctl$TIOCSETD(r6, 0x5412, &(0x7f0000000140)=0xffffffc0) 18.078033998s ago: executing program 0 (id=4236): r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg$802154_raw(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)="711f04800000000000000c55f5", 0xd}}, 0x0) recvmmsg(r0, &(0x7f0000002e40)=[{{0x0, 0x0, 0x0}}], 0x40000000000019e, 0x142, 0x0) 18.050342931s ago: executing program 0 (id=4237): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, 0x0, 0x0) 15.762885215s ago: executing program 3 (id=4238): r0 = socket$kcm(0x2, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000280)={&(0x7f0000000300)={0x2, 0x4e1f, @empty}, 0x10, 0x0, 0x0, &(0x7f0000000040)=ANY=[], 0x6, 0x5}, 0x0) 15.762352105s ago: executing program 3 (id=4239): setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f00000010c0)=0x5, 0x4) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xa, [{}, {0x10}]}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = socket(0x1a, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000440)='gre0\x00', 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000a85"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)={0x6, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r3, 0x0) write$tun(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaa589051c4773856aaaabb000c0300000000020000cf4b1686dd170311d8e73d3c162c1c3dc82478eabffcecc5ad6ec9560413f0b6850529ef982f260a70ddc74a9e629a374d5a005df6469c197b4df42a365e1fe7a3baf42745e632b80ef8e78c21c244f7f64dcca0c560eae5f92957275bc68d41b96a8b258a6cc1dcafbf050db013311386f0b32dc7112192ce0b27d10c50901add85375b1151bd348a1f56f72958664ad50094f929e4f088d99b9069600922caf73e4e6682456cee7287d26cafc5b72f34b853dcc9e7e43388de9dc924332e9b8a96ff6c36160846399e90ad718e1ae6b6366d04f103a049319246f429647a22ca7b5918e0f09402e5bd"], 0x1e) open(0x0, 0x400141042, 0x0) mount(&(0x7f00000002c0)=@nullb, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f00000000c0)=0x1) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x100010, r3, 0x86435000) r5 = open(&(0x7f00000005c0)='./bus\x00', 0x145842, 0x0) pwritev2(r5, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x100000}], 0x2, 0x0, 0x0, 0xb) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_GET(r6, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={0x0, 0x14}}, 0x0) 6.005478134s ago: executing program 33 (id=4222): r0 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3) r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2) r2 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3) ftruncate(r2, 0xffff) fcntl$addseals(r2, 0x409, 0x7) r3 = ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f0000000100)={r2, 0x0, 0x0, 0x1000}) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = socket$unix(0x1, 0x5, 0x0) bind$unix(r5, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) mount$9p_fd(0x0, &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f00000001c0), 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r0]) 4.509919208s ago: executing program 34 (id=4233): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) ioctl$VHOST_GET_VRING_ENDIAN(r0, 0x4028af11, &(0x7f0000000040)) 3.495834498s ago: executing program 35 (id=4235): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = fsopen(&(0x7f0000000240)='sockfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) fsmount(r1, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f00000003c0)=ANY=[@ANYBLOB="9feb010018000000000000003800000038000000090000000000000001000004ff000000050000000400000040000000000000000100000d000000000000000000000000000000000000000a000000000000002e0061615f00db3230b4fe5f040b196a684aeca86216505465fbee977187ce6d95c04f6168bfbbac21a57414"], &(0x7f0000000340)=""/5, 0x59, 0x5, 0x1, 0x0, 0x0, @void, @value}, 0x20) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[@ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00001d00000000000000000000ff0000000000000000f5ff00"/111], 0xb8}}, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$TCFLSH(r6, 0x400455c8, 0x2) ioctl$TIOCSETD(r6, 0x5412, &(0x7f0000000140)=0xffffffc0) 2.428515843s ago: executing program 36 (id=4237): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, 0x0, 0x0) 0s ago: executing program 37 (id=4239): setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f00000010c0)=0x5, 0x4) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xa, [{}, {0x10}]}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = socket(0x1a, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000440)='gre0\x00', 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000a85"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)={0x6, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r3, 0x0) write$tun(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaa589051c4773856aaaabb000c0300000000020000cf4b1686dd170311d8e73d3c162c1c3dc82478eabffcecc5ad6ec9560413f0b6850529ef982f260a70ddc74a9e629a374d5a005df6469c197b4df42a365e1fe7a3baf42745e632b80ef8e78c21c244f7f64dcca0c560eae5f92957275bc68d41b96a8b258a6cc1dcafbf050db013311386f0b32dc7112192ce0b27d10c50901add85375b1151bd348a1f56f72958664ad50094f929e4f088d99b9069600922caf73e4e6682456cee7287d26cafc5b72f34b853dcc9e7e43388de9dc924332e9b8a96ff6c36160846399e90ad718e1ae6b6366d04f103a049319246f429647a22ca7b5918e0f09402e5bd"], 0x1e) open(0x0, 0x400141042, 0x0) mount(&(0x7f00000002c0)=@nullb, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f00000000c0)=0x1) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x100010, r3, 0x86435000) r5 = open(&(0x7f00000005c0)='./bus\x00', 0x145842, 0x0) pwritev2(r5, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x100000}], 0x2, 0x0, 0x0, 0xb) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_GET(r6, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={0x0, 0x14}}, 0x0) kernel console output (not intermixed with test programs): d_slave_1): Releasing backup interface [ 1128.818552][T12223] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1128.830141][ T4252] infiniband syz1: ib_query_port failed (-19) [ 1128.893816][T12223] bond0 (unregistering): Released all slaves [ 1128.966526][T15498] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1128.982709][ T4541] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1128.993171][ T4541] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1129.014427][ T1107] bond0 speed is unknown, defaulting to 1000 [ 1129.031996][T15498] 8021q: adding VLAN 0 to HW filter on device team0 [ 1129.073429][ T4204] r8152-cfgselector 1-1: Unknown version 0x0000 [ 1129.079940][ T4204] r8152-cfgselector 1-1: bad CDC descriptors [ 1129.099412][ T4450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1129.140431][ T4450] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1129.149153][ T4204] r8152-cfgselector 1-1: Unknown version 0x0000 [ 1129.212975][ T4204] r8152-cfgselector 1-1: USB disconnect, device number 8 [ 1129.225795][ T4450] bridge0: port 1(bridge_slave_0) entered blocking state [ 1129.232960][ T4450] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1129.268409][ T4450] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1129.279139][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1129.294575][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1129.321456][ T4380] bridge0: port 2(bridge_slave_1) entered blocking state [ 1129.328644][ T4380] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1130.303280][T15498] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1130.321948][T15498] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1130.396411][T15666] netlink: 'syz.0.2971': attribute type 2 has an invalid length. [ 1130.404694][T15666] netlink: 244 bytes leftover after parsing attributes in process `syz.0.2971'. [ 1130.726200][T15669] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2972'. [ 1130.815534][T15669] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2972'. [ 1130.991940][T15669] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 1131.000969][T15669] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 1131.009813][T15669] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 1131.019343][T15669] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 1131.029848][ T4251] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1131.037863][T14366] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 1131.046504][ T4251] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1131.055869][ T4251] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1131.065443][ T4251] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1131.074958][ T4251] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1131.109331][ T4251] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1131.121600][ T4251] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1131.130942][ T4251] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1131.170242][ T4251] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1131.184084][ T4251] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1131.207761][ T4251] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1131.220598][ T4251] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1131.417661][T14366] usb 4-1: config 0 has an invalid interface number: 117 but max is 0 [ 1131.819085][ T4251] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1131.830143][ T4251] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1131.854873][T15498] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1131.923652][T14366] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1131.942894][T14366] usb 4-1: config 0 has no interface number 0 [ 1131.949831][T14366] usb 4-1: config 0 interface 117 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 1131.965166][T14366] usb 4-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1132.262800][T14366] usb 4-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 1132.289792][T14366] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1132.480609][T14366] usb 4-1: config 0 descriptor?? [ 1132.512685][T14366] usb 4-1: can't set config #0, error -71 [ 1132.524076][T14366] usb 4-1: USB disconnect, device number 12 [ 1133.721181][T15722] netlink: 'syz.0.2983': attribute type 2 has an invalid length. [ 1133.729199][T15722] netlink: 244 bytes leftover after parsing attributes in process `syz.0.2983'. [ 1133.961294][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1134.840853][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1135.011734][ T4251] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1135.033446][ T4251] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1135.052242][ T4251] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1135.079744][ T4251] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1135.144937][T15739] netlink: 208 bytes leftover after parsing attributes in process `syz.2.2988'. [ 1135.834049][T15498] device veth0_vlan entered promiscuous mode [ 1137.968139][T15498] device veth1_vlan entered promiscuous mode [ 1138.021860][ T4251] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1138.041897][ T4251] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1138.075453][T15498] device veth0_macvtap entered promiscuous mode [ 1138.110958][T15498] device veth1_macvtap entered promiscuous mode [ 1138.142356][T15708] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 1138.154705][T15498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1138.174808][T15498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1138.194746][T15498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1138.216970][T15498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1138.236368][T15498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1138.257375][T15498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1138.277835][T15498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1138.303928][T15498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1138.327268][T15498] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1138.345504][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1138.357808][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1138.383604][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1138.401605][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1138.423571][T15498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1138.441603][T15498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1138.465485][T15498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1138.487591][T15498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1138.509466][T15498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1138.530529][T15498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1138.543707][T15708] usb 1-1: config 0 has an invalid interface number: 117 but max is 0 [ 1138.551954][T15498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1138.559229][T15708] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1138.575305][T15498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1138.595786][T15708] usb 1-1: config 0 has no interface number 0 [ 1138.600502][T15498] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1138.609203][T15708] usb 1-1: config 0 interface 117 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 1138.609234][T15708] usb 1-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1138.646047][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1138.656279][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1138.716870][ T26] kauditd_printk_skb: 19 callbacks suppressed [ 1138.716885][ T26] audit: type=1326 audit(1730843990.545:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15750 comm="syz.1.2992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd611c7719 code=0x7ffc0000 [ 1138.749757][T15498] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1138.810235][ T26] audit: type=1326 audit(1730843990.585:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15750 comm="syz.1.2992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=163 compat=0 ip=0x7fbd611c7719 code=0x7ffc0000 [ 1138.847855][T15498] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1138.877351][T15498] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1138.924909][ T26] audit: type=1326 audit(1730843990.585:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15750 comm="syz.1.2992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd611c7719 code=0x7ffc0000 [ 1138.940066][T15498] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1139.380611][ T26] audit: type=1326 audit(1730843990.585:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15750 comm="syz.1.2992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fbd611c7719 code=0x7ffc0000 [ 1139.406031][ T26] audit: type=1326 audit(1730843990.585:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15750 comm="syz.1.2992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd611c7719 code=0x7ffc0000 [ 1139.436284][ T26] audit: type=1326 audit(1730843990.585:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15750 comm="syz.1.2992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd611c7719 code=0x7ffc0000 [ 1139.519397][ T26] audit: type=1326 audit(1730843990.585:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15750 comm="syz.1.2992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbd611c7719 code=0x7ffc0000 [ 1139.543381][T15708] usb 1-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 1139.555458][T15708] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1139.566735][T15708] usb 1-1: config 0 descriptor?? [ 1139.575330][ T26] audit: type=1326 audit(1730843990.585:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15750 comm="syz.1.2992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd611c7719 code=0x7ffc0000 [ 1139.600351][T15708] usb 1-1: can't set config #0, error -71 [ 1139.786726][T15768] netlink: 112 bytes leftover after parsing attributes in process `syz.0.2995'. [ 1139.799185][ T26] audit: type=1326 audit(1730843990.585:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15750 comm="syz.1.2992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd611c7719 code=0x7ffc0000 [ 1140.215146][T15771] netlink: 'syz.3.2994': attribute type 2 has an invalid length. [ 1140.223121][T15771] netlink: 244 bytes leftover after parsing attributes in process `syz.3.2994'. [ 1140.280890][T15708] usb 1-1: USB disconnect, device number 9 [ 1140.831589][T14409] Bluetooth: hci2: command 0x1003 tx timeout [ 1140.921076][ T26] audit: type=1326 audit(1730843990.585:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15750 comm="syz.1.2992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7fbd611c7719 code=0x7ffc0000 [ 1140.944939][T15252] Bluetooth: hci2: sending frame failed (-49) [ 1141.855626][ T4541] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1141.872689][ T4541] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1141.888970][ T4264] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1141.911162][ T4264] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1141.943520][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1142.718660][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1142.917273][T15794] ERROR: device name not specified. [ 1143.590775][ T3504] Bluetooth: hci2: command 0x1001 tx timeout [ 1143.604675][T15252] Bluetooth: hci2: sending frame failed (-49) [ 1144.922689][ T4252] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 1145.301870][T15815] netlink: 112 bytes leftover after parsing attributes in process `syz.0.3006'. [ 1145.792867][T15817] netlink: 'syz.4.3007': attribute type 2 has an invalid length. [ 1145.800724][T15817] netlink: 244 bytes leftover after parsing attributes in process `syz.4.3007'. [ 1145.855632][ T3504] Bluetooth: hci2: command 0x1009 tx timeout [ 1146.633831][ T4252] usb 4-1: config 0 has an invalid interface number: 117 but max is 0 [ 1146.642567][ T4252] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1146.652861][ T4252] usb 4-1: config 0 has no interface number 0 [ 1146.659101][ T4252] usb 4-1: config 0 interface 117 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 1146.825151][ T4252] usb 4-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1147.214879][T15831] overlayfs: unrecognized mount option "context=sysadm_u" or missing value [ 1148.291768][T15835] netlink: 'syz.0.3012': attribute type 2 has an invalid length. [ 1148.299611][T15835] netlink: 244 bytes leftover after parsing attributes in process `syz.0.3012'. [ 1148.430077][ T4252] usb 4-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 1148.456705][ T4252] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1148.472313][ T4252] usb 4-1: Product: syz [ 1148.476618][ T4252] usb 4-1: Manufacturer: syz [ 1148.486227][ T4252] usb 4-1: config 0 descriptor?? [ 1148.505253][ T4252] usb 4-1: can't set config #0, error -71 [ 1148.512225][ T4252] usb 4-1: USB disconnect, device number 13 [ 1150.282156][T15863] hfs: can't find a HFS filesystem on dev nullb0 [ 1150.657594][ T4164] device syz_tun left promiscuous mode [ 1151.292540][T15877] netlink: 208 bytes leftover after parsing attributes in process `syz.1.3022'. [ 1151.332787][ T4164] syz-executor (4164) used greatest stack depth: 18776 bytes left [ 1151.353661][T15866] chnl_net:caif_netlink_parms(): no params data found [ 1152.474695][T15891] netlink: 'syz.1.3026': attribute type 2 has an invalid length. [ 1152.482719][T15891] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3026'. [ 1152.604674][T15866] bridge0: port 1(bridge_slave_0) entered blocking state [ 1152.639266][T15866] bridge0: port 1(bridge_slave_0) entered disabled state [ 1152.647886][T15866] device bridge_slave_0 entered promiscuous mode [ 1152.656926][T15866] bridge0: port 2(bridge_slave_1) entered blocking state [ 1152.668469][T15866] bridge0: port 2(bridge_slave_1) entered disabled state [ 1152.683220][T15866] device bridge_slave_1 entered promiscuous mode [ 1153.496224][T15772] Bluetooth: hci0: command 0x0409 tx timeout [ 1153.725340][T15866] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1154.051590][T15866] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1154.129733][T15866] team0: Port device team_slave_0 added [ 1154.144703][T15866] team0: Port device team_slave_1 added [ 1154.203010][T15866] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1154.209975][T15866] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1154.266246][T15866] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1154.281208][T15866] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1154.288647][T15866] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1154.320540][T15866] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1154.358688][T15866] device hsr_slave_0 entered promiscuous mode [ 1154.366340][T15866] device hsr_slave_1 entered promiscuous mode [ 1154.730345][T15866] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1154.738066][T15866] Cannot create hsr debugfs directory [ 1155.376369][T15923] netlink: 'syz.1.3035': attribute type 1 has an invalid length. [ 1155.542479][T15772] Bluetooth: hci0: command 0x041b tx timeout [ 1155.594959][T15866] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1155.655811][T15866] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1156.311812][T15935] netlink: 'syz.0.3038': attribute type 2 has an invalid length. [ 1156.319724][T15935] netlink: 244 bytes leftover after parsing attributes in process `syz.0.3038'. [ 1156.721038][T15866] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1156.742488][T15866] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1156.801045][T15940] netlink: 'syz.4.3039': attribute type 1 has an invalid length. [ 1157.019670][T15866] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1157.079404][T15866] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1157.145390][T15947] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1157.154334][T15947] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1157.284808][T15866] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1157.322390][T15866] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1157.622476][T15866] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1157.632465][T15708] Bluetooth: hci0: command 0x040f tx timeout [ 1157.639184][T15866] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1157.649442][T15866] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1157.671673][T15866] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1158.495007][T15866] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1158.544423][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1158.556833][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1158.609390][T15965] netlink: 'syz.0.3048': attribute type 1 has an invalid length. [ 1158.652873][T15866] 8021q: adding VLAN 0 to HW filter on device team0 [ 1158.677923][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1158.691013][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1158.712070][T12787] bridge0: port 1(bridge_slave_0) entered blocking state [ 1158.719211][T12787] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1158.727678][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1158.747374][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1158.763958][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1158.783800][T12787] bridge0: port 2(bridge_slave_1) entered blocking state [ 1158.790915][T12787] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1159.014660][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1159.177781][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1159.513435][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1159.535848][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1159.551389][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1159.573343][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1159.582152][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1159.601075][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1159.627954][T15866] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1159.655874][T15866] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1159.681390][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1159.712442][T13050] Bluetooth: hci0: command 0x0419 tx timeout [ 1159.727560][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1160.057464][T15978] netlink: 'syz.3.3051': attribute type 2 has an invalid length. [ 1160.065468][T15978] netlink: 244 bytes leftover after parsing attributes in process `syz.3.3051'. [ 1160.149685][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1161.567562][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1161.589397][T16000] netlink: 112 bytes leftover after parsing attributes in process `syz.3.3056'. [ 1161.606693][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1161.707084][T15866] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1161.753575][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1161.763400][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1161.779437][T16003] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1161.789005][T16003] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1161.811696][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1161.821419][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1161.842793][T15866] device veth0_vlan entered promiscuous mode [ 1161.849642][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1161.859847][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1161.896401][T15866] device veth1_vlan entered promiscuous mode [ 1161.998809][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1162.014521][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1162.043775][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1162.083887][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1162.127649][T15866] device veth0_macvtap entered promiscuous mode [ 1162.154361][T15866] device veth1_macvtap entered promiscuous mode [ 1162.318799][T15866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1162.336717][T15866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1162.350229][T15866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1162.361058][T15866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1162.371265][T15866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1162.394835][T15866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1162.408872][T15866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1162.501300][T15866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1162.525306][T15866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1162.542054][T15866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1162.693874][T15866] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1162.737798][ T4541] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1162.784229][ T4541] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1162.835608][ T4541] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1162.844588][ T4541] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1162.924598][T15866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1162.952032][T15866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1163.021638][T15866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1163.033044][T15866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1163.051469][T15866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1163.062030][T15866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1163.087207][T15866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1163.101351][T16017] netlink: 208 bytes leftover after parsing attributes in process `syz.0.3061'. [ 1163.101960][T15866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1163.129692][T15866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1163.140379][T15866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1163.165619][T15866] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1163.182513][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1163.204674][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1163.229817][T15866] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1163.246653][T15866] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1163.259823][T15866] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1163.335581][T16026] netlink: 208 bytes leftover after parsing attributes in process `syz.1.3062'. [ 1163.789201][T15866] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1164.151199][T16034] netlink: 'syz.0.3065': attribute type 2 has an invalid length. [ 1164.159027][T16034] netlink: 244 bytes leftover after parsing attributes in process `syz.0.3065'. [ 1164.281441][ T4511] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1164.649469][ T4511] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1164.805227][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1164.914620][T12787] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1164.974697][T12787] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1165.073566][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1166.687922][T16060] infiniband syz0: set active [ 1166.693858][T16060] infiniband syz0: added veth1_to_team [ 1166.706700][T16068] netlink: 208 bytes leftover after parsing attributes in process `syz.3.3074'. [ 1166.709498][T16060] infiniband syz0: Couldn't open port 1 [ 1166.759645][T16060] RDS/IB: syz0: added [ 1166.764508][T16060] smc: adding ib device syz0 with port count 1 [ 1166.770968][T16060] smc: ib device syz0 port 1 has pnetid [ 1168.736433][T12223] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1169.577182][T12223] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1170.378124][T16112] netlink: 'syz.3.3087': attribute type 2 has an invalid length. [ 1170.385970][T16112] netlink: 244 bytes leftover after parsing attributes in process `syz.3.3087'. [ 1171.226846][ T4265] Bluetooth: hci2: command 0x0409 tx timeout [ 1171.356422][T12223] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1171.531545][T16116] netlink: 112 bytes leftover after parsing attributes in process `syz.0.3088'. [ 1172.089310][T12223] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1172.326407][T16131] netlink: 'syz.3.3092': attribute type 2 has an invalid length. [ 1172.334219][T16131] netlink: 244 bytes leftover after parsing attributes in process `syz.3.3092'. [ 1172.740623][T16084] chnl_net:caif_netlink_parms(): no params data found [ 1173.129590][T16084] bridge0: port 1(bridge_slave_0) entered blocking state [ 1173.141697][T16084] bridge0: port 1(bridge_slave_0) entered disabled state [ 1173.268891][T16084] device bridge_slave_0 entered promiscuous mode [ 1173.314365][T16084] bridge0: port 2(bridge_slave_1) entered blocking state [ 1173.321796][T16084] bridge0: port 2(bridge_slave_1) entered disabled state [ 1173.330348][T16084] device bridge_slave_1 entered promiscuous mode [ 1173.786303][ T4265] Bluetooth: hci2: command 0x041b tx timeout [ 1173.930762][T16084] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1174.011001][T16084] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1175.946499][ T4265] Bluetooth: hci2: command 0x040f tx timeout [ 1176.010969][T16084] team0: Port device team_slave_0 added [ 1176.265201][T16195] netlink: 'syz.0.3105': attribute type 2 has an invalid length. [ 1176.273125][T16195] netlink: 244 bytes leftover after parsing attributes in process `syz.0.3105'. [ 1176.427623][T16084] team0: Port device team_slave_1 added [ 1176.469753][T16084] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1176.476838][T16084] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1176.519277][T16084] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1176.593861][T16084] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1176.604167][T16084] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1176.648965][T16084] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1176.757544][T16205] siw: device registration error -23 [ 1177.424942][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.431399][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 1177.441607][T16084] device hsr_slave_0 entered promiscuous mode [ 1177.477439][T16084] device hsr_slave_1 entered promiscuous mode [ 1177.494647][T16084] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1177.502235][T16084] Cannot create hsr debugfs directory [ 1178.012375][T15449] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 1178.026370][ T1107] Bluetooth: hci2: command 0x0419 tx timeout [ 1178.209058][T12223] device hsr_slave_0 left promiscuous mode [ 1178.230610][T12223] device hsr_slave_1 left promiscuous mode [ 1178.244790][T12223] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1178.260301][T12223] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1178.262669][T15449] usb 5-1: Using ep0 maxpacket: 16 [ 1178.277920][T12223] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1178.305437][T12223] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1178.318408][T12223] device bridge_slave_1 left promiscuous mode [ 1178.328690][T12223] bridge0: port 2(bridge_slave_1) entered disabled state [ 1178.346032][T12223] device bridge_slave_0 left promiscuous mode [ 1178.355009][T12223] bridge0: port 1(bridge_slave_0) entered disabled state [ 1178.368850][T12223] device veth1_macvtap left promiscuous mode [ 1178.375758][T12223] device veth0_macvtap left promiscuous mode [ 1178.381886][T12223] device veth1_vlan left promiscuous mode [ 1178.387820][T12223] device veth0_vlan left promiscuous mode [ 1178.392654][T15449] usb 5-1: config 0 has too many interfaces: 98, using maximum allowed: 32 [ 1179.291927][T15449] usb 5-1: config 0 has an invalid interface number: 153 but max is 97 [ 1179.300353][T15449] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 98 [ 1179.324454][T15449] usb 5-1: config 0 has no interface number 0 [ 1179.653231][T15449] usb 5-1: New USB device found, idVendor=1199, idProduct=0025, bcdDevice=1e.64 [ 1179.667661][T15449] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1179.678522][T15449] usb 5-1: Product: syz [ 1180.059487][T15449] usb 5-1: Manufacturer: syz [ 1180.065508][T15449] usb 5-1: SerialNumber: syz [ 1180.078811][T15449] usb 5-1: config 0 descriptor?? [ 1180.245296][T15449] sierra 5-1:0.153: Sierra USB modem converter detected [ 1180.341978][T12223] team0 (unregistering): Port device team_slave_1 removed [ 1180.446481][T12223] team0 (unregistering): Port device team_slave_0 removed [ 1180.553798][T12223] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1180.581577][T12223] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1180.715073][T15449] usb 5-1: USB disconnect, device number 12 [ 1180.723622][T15449] sierra 5-1:0.153: device disconnected [ 1180.777383][T12223] bond0 (unregistering): Released all slaves [ 1180.909959][T16084] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1180.936817][T16084] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1180.948047][T16084] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1180.995359][T16254] netlink: 'syz.2.3116': attribute type 2 has an invalid length. [ 1181.003286][T16254] netlink: 244 bytes leftover after parsing attributes in process `syz.2.3116'. [ 1181.014543][T16084] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1181.283650][T16261] siw: device registration error -23 [ 1182.207539][T16084] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1182.241115][T16272] netlink: 'syz.2.3119': attribute type 2 has an invalid length. [ 1182.248948][T16272] netlink: 244 bytes leftover after parsing attributes in process `syz.2.3119'. [ 1182.684849][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1182.796033][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1182.901322][T16084] 8021q: adding VLAN 0 to HW filter on device team0 [ 1182.937312][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1182.964888][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1183.021615][ T4334] bridge0: port 1(bridge_slave_0) entered blocking state [ 1183.028762][ T4334] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1183.102754][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1183.123077][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1183.182040][ T4334] bridge0: port 2(bridge_slave_1) entered blocking state [ 1183.189176][ T4334] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1183.244199][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1183.285398][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1183.294408][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1183.317261][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1183.338719][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1183.357892][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1183.385917][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1183.461232][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1183.619156][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1184.721265][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1184.846955][T16084] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1184.936656][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1184.961232][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1186.720239][T16339] netlink: 'syz.4.3131': attribute type 2 has an invalid length. [ 1186.728075][T16339] netlink: 244 bytes leftover after parsing attributes in process `syz.4.3131'. [ 1187.442561][T15708] usb 1-1: new full-speed USB device number 10 using dummy_hcd [ 1187.493234][T16084] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1187.502651][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1187.510188][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1187.591363][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1187.605453][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1187.689664][T16084] device veth0_vlan entered promiscuous mode [ 1187.727229][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1187.743107][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1187.782665][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1187.810986][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1187.832619][T15708] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1187.852094][T15708] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1187.854783][T16084] device veth1_vlan entered promiscuous mode [ 1187.891962][T15708] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 1187.923731][T15708] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1187.952627][ T4204] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 1187.970774][T15708] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1187.985160][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1188.001591][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1188.031749][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1188.040424][T16336] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 1188.063424][T15708] hub 1-1:1.0: bad descriptor, ignoring hub [ 1188.071758][T15708] hub: probe of 1-1:1.0 failed with error -5 [ 1188.078880][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1188.099678][T15708] cdc_wdm 1-1:1.0: skipping garbage [ 1188.116297][T16084] device veth0_macvtap entered promiscuous mode [ 1188.130491][T15708] cdc_wdm 1-1:1.0: skipping garbage [ 1188.145464][T16084] device veth1_macvtap entered promiscuous mode [ 1188.201845][T16084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1188.214506][T15708] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 1188.220446][T15708] cdc_wdm 1-1:1.0: Unknown control protocol [ 1188.227013][ T4204] usb 4-1: Using ep0 maxpacket: 32 [ 1188.284371][T16084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1188.342468][T16084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1188.353359][ T4204] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 1188.361716][ T4204] usb 4-1: config 0 has no interface number 0 [ 1188.412358][T16084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1188.439798][T16084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1188.484646][T16084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1188.526362][T16084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1188.577482][T16084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1188.592836][ T4204] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 1188.622361][ T4204] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1188.630475][ T4204] usb 4-1: Product: syz [ 1188.631709][T16084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1188.649402][ T4204] usb 4-1: Manufacturer: syz [ 1188.667774][ T4204] usb 4-1: SerialNumber: syz [ 1188.693098][ T4204] usb 4-1: config 0 descriptor?? [ 1188.706350][T16084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1188.745410][ T4204] usb 4-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 1188.753730][T16084] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1188.757576][ T23] usb 1-1: USB disconnect, device number 10 [ 1188.772370][ T4204] usb 4-1: selecting invalid altsetting 1 [ 1188.794648][ T4204] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 1188.814710][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1188.826598][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1188.837776][ T4204] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 1188.862139][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1188.878719][ T4204] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 1188.888728][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1188.906821][ T4204] usb 4-1: media controller created [ 1188.918857][T16084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1189.105734][T16084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1189.121265][T16084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1189.125495][ T4204] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1189.142114][T16084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1189.175405][T16084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1189.356686][T16084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1189.390812][T16084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1189.437036][T16084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1189.493207][T16084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1189.548810][T16084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1189.707762][T16084] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1189.722521][ T4204] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 1189.730334][ T4204] zl10353_read_register: readreg error (reg=127, ret==-71) [ 1189.953066][ T4204] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 1190.368351][ T4204] usb 4-1: USB disconnect, device number 14 [ 1190.492066][T16084] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1190.597450][T16084] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1190.617815][T16084] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1190.638122][T16084] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1190.969728][ T4264] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1191.013002][ T4264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1191.237987][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1191.251336][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1191.394043][ T4511] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1191.416123][ T4264] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1191.423811][ T4511] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1191.440388][ T4264] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1191.675850][T16418] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3143'. [ 1191.799333][ T26] kauditd_printk_skb: 11 callbacks suppressed [ 1191.799346][ T26] audit: type=1326 audit(1730844043.625:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16420 comm="syz.1.3145" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1a7e8fe719 code=0x0 [ 1193.271762][T15644] Bluetooth: hci4: command 0x1003 tx timeout [ 1193.283547][T14319] Bluetooth: hci4: sending frame failed (-49) [ 1194.643799][T15644] Bluetooth: hci5: command 0x0409 tx timeout [ 1195.306775][T15708] Bluetooth: hci4: command 0x1001 tx timeout [ 1195.334650][T14319] Bluetooth: hci4: sending frame failed (-49) [ 1195.954832][T16451] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "@" [ 1195.967180][T12223] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1196.121952][T16423] chnl_net:caif_netlink_parms(): no params data found [ 1196.765065][T15644] Bluetooth: hci5: command 0x041b tx timeout [ 1196.812734][T12223] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1197.022675][T12223] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1197.251186][T16423] bridge0: port 1(bridge_slave_0) entered blocking state [ 1197.266151][T16423] bridge0: port 1(bridge_slave_0) entered disabled state [ 1197.287206][T16423] device bridge_slave_0 entered promiscuous mode [ 1197.308303][T16423] bridge0: port 2(bridge_slave_1) entered blocking state [ 1197.327786][T16423] bridge0: port 2(bridge_slave_1) entered disabled state [ 1197.347974][T16423] device bridge_slave_1 entered promiscuous mode [ 1197.440707][T16423] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1197.476502][T16423] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1197.502989][T15708] Bluetooth: hci4: command 0x1009 tx timeout [ 1197.911388][T12223] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1197.955169][T16423] team0: Port device team_slave_0 added [ 1197.978194][T16423] team0: Port device team_slave_1 added [ 1198.153907][T16423] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1198.160984][T16423] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1198.949274][ T3504] Bluetooth: hci5: command 0x040f tx timeout [ 1199.201428][T16423] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1199.225939][T16423] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1199.234253][T16423] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1199.260341][T16423] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1199.987314][T16423] device hsr_slave_0 entered promiscuous mode [ 1200.003262][T16423] device hsr_slave_1 entered promiscuous mode [ 1200.012907][T16423] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1200.033536][T16423] Cannot create hsr debugfs directory [ 1200.982540][ T3504] Bluetooth: hci5: command 0x0419 tx timeout [ 1202.048587][T12223] bond0: (slave wlan1): Releasing backup interface [ 1202.133082][T16423] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1202.164870][T16423] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1202.210547][T16423] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1202.233074][T16423] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1205.030128][T16423] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1205.066300][ T4541] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1205.083312][ T4541] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1205.553649][T16423] 8021q: adding VLAN 0 to HW filter on device team0 [ 1205.609364][ T4450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1205.623223][ T4450] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1205.638265][ T4450] bridge0: port 1(bridge_slave_0) entered blocking state [ 1205.645489][ T4450] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1206.200168][T16584] netlink: 'syz.1.3177': attribute type 2 has an invalid length. [ 1206.208175][T16584] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3177'. [ 1206.605888][ T4450] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1206.823023][T12223] device hsr_slave_0 left promiscuous mode [ 1206.854474][T12223] device hsr_slave_1 left promiscuous mode [ 1206.879013][T12223] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1206.902409][T12223] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1206.922530][T12223] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1206.930000][T12223] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1206.963112][T12223] device bridge_slave_1 left promiscuous mode [ 1206.969326][T12223] bridge0: port 2(bridge_slave_1) entered disabled state [ 1207.004836][T12223] device bridge_slave_0 left promiscuous mode [ 1207.024759][T12223] bridge0: port 1(bridge_slave_0) entered disabled state [ 1207.052940][T12223] device vlan0 left promiscuous mode [ 1207.059067][T12223] device veth1_macvtap left promiscuous mode [ 1207.079487][T12223] device veth0_macvtap left promiscuous mode [ 1207.094166][T12223] device veth1_vlan left promiscuous mode [ 1207.120027][T12223] device veth0_vlan left promiscuous mode [ 1207.616728][T12223] team0 (unregistering): Port device team_slave_1 removed [ 1207.624963][T13050] Bluetooth: hci3: command 0x1003 tx timeout [ 1207.633610][T14319] Bluetooth: hci3: sending frame failed (-49) [ 1207.652969][T12223] team0 (unregistering): Port device team_slave_0 removed [ 1207.669221][T12223] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1207.689836][T12223] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1207.808574][T12223] bond0 (unregistering): Released all slaves [ 1207.872967][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1207.893096][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1207.914471][T12787] bridge0: port 2(bridge_slave_1) entered blocking state [ 1207.921649][T12787] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1209.739556][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1209.754045][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1209.765865][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1209.777308][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1209.787163][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1209.805155][T15772] Bluetooth: hci3: command 0x1001 tx timeout [ 1209.811253][T14319] Bluetooth: hci3: sending frame failed (-49) [ 1209.848523][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1209.866960][T16621] netlink: 'syz.4.3184': attribute type 1 has an invalid length. [ 1209.879714][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1209.903842][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1209.923067][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1209.945252][ T4541] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1210.225800][ T4541] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1210.368549][T16423] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1210.797313][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1210.823415][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1210.993592][T16423] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1211.025048][ T4264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1211.092446][T16634] netlink: 'syz.0.3188': attribute type 2 has an invalid length. [ 1211.100245][T16634] netlink: 244 bytes leftover after parsing attributes in process `syz.0.3188'. [ 1211.284935][ T4264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1211.549577][ T4264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1211.630483][ T4264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1211.711906][ T4264] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1211.794574][ T4264] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1211.904023][T16423] device veth0_vlan entered promiscuous mode [ 1211.911281][T13050] Bluetooth: hci3: command 0x1009 tx timeout [ 1212.219364][T16644] netlink: 'syz.0.3190': attribute type 3 has an invalid length. [ 1213.107830][T16423] device veth1_vlan entered promiscuous mode [ 1213.279375][T16423] device veth0_macvtap entered promiscuous mode [ 1213.329382][T16423] device veth1_macvtap entered promiscuous mode [ 1213.382686][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1213.391269][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1213.452886][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1213.471307][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1213.634091][T16423] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1213.693797][T16423] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1213.860529][T16423] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1213.922063][T16423] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1213.970565][T16423] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1214.028360][T16423] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1214.082275][T16423] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1214.138938][T16423] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1214.186590][T16423] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1214.197303][T16423] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1214.209030][T16423] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1214.219113][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1214.229836][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1214.240766][T16423] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1214.271984][T16423] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1214.289295][T16423] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1214.306207][T16423] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1214.320429][T16423] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1214.336511][T16423] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1214.352410][T16423] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1214.370521][T16423] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1214.387882][T16423] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1214.406298][T16423] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1214.425329][T16423] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1214.440148][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1214.458673][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1214.493596][T16423] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1214.509053][T16423] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1214.527356][T16423] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1214.553793][T16423] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1214.717978][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1214.740309][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1214.762993][ T4264] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1214.785911][ T4264] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1214.801778][ T4450] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1214.829993][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1215.003084][T16666] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3195'. [ 1215.317651][T16677] netlink: 208 bytes leftover after parsing attributes in process `syz.1.3196'. [ 1215.791523][T16681] netlink: 'syz.0.3199': attribute type 2 has an invalid length. [ 1215.799469][T16681] netlink: 244 bytes leftover after parsing attributes in process `syz.0.3199'. [ 1218.317349][T16694] ufs: Invalid option: "'" or missing value [ 1218.323717][T16694] ufs: wrong mount options [ 1219.433959][T16705] netlink: 'syz.2.3203': attribute type 1 has an invalid length. [ 1220.077685][T16720] netlink: 'syz.0.3208': attribute type 3 has an invalid length. [ 1220.693970][ T1107] Bluetooth: hci6: command 0x0406 tx timeout [ 1220.811509][T16732] netlink: 208 bytes leftover after parsing attributes in process `syz.0.3212'. [ 1221.506159][T16742] netlink: 'syz.1.3214': attribute type 2 has an invalid length. [ 1221.514060][T16742] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3214'. [ 1221.636787][ T4204] Bluetooth: hci5: command 0x0405 tx timeout [ 1225.429797][T16776] netlink: 'syz.3.3223': attribute type 3 has an invalid length. [ 1225.971152][T16783] netlink: 208 bytes leftover after parsing attributes in process `syz.4.3226'. [ 1226.772963][T16791] netlink: 'syz.0.3228': attribute type 2 has an invalid length. [ 1226.780910][T16791] netlink: 244 bytes leftover after parsing attributes in process `syz.0.3228'. [ 1230.084935][T16812] binder: 16805:16812 ioctl c0306201 0 returned -14 [ 1235.052016][T16862] bond0: (slave rose0): Enslaving as an active interface with an up link [ 1235.547297][ T21] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 1237.084524][ T21] usb 3-1: device not accepting address 17, error -71 [ 1238.631567][T16901] netlink: 60 bytes leftover after parsing attributes in process `syz.4.3256'. [ 1238.644369][T16901] netlink: 60 bytes leftover after parsing attributes in process `syz.4.3256'. [ 1238.675154][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 1241.097628][T16951] tipc: Enabling not permitted [ 1241.103582][T16951] tipc: Enabling of bearer rejected, failed to enable media [ 1241.150764][T15449] Bluetooth: hci1: command 0x0406 tx timeout [ 1245.641215][T17008] netlink: 'syz.4.3284': attribute type 3 has an invalid length. [ 1246.924896][T17020] netlink: 'syz.4.3287': attribute type 2 has an invalid length. [ 1246.933246][T17020] netlink: 244 bytes leftover after parsing attributes in process `syz.4.3287'. [ 1247.758779][T17004] tipc: Enabling not permitted [ 1247.785340][T17004] tipc: Enabling of bearer rejected, failed to enable media [ 1249.266582][T17058] netlink: 'syz.1.3297': attribute type 3 has an invalid length. [ 1250.917550][T17086] netlink: 'syz.3.3304': attribute type 2 has an invalid length. [ 1250.925930][T17086] netlink: 244 bytes leftover after parsing attributes in process `syz.3.3304'. [ 1254.032455][T15772] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 1254.896904][T15772] usb 4-1: config 0 has an invalid interface number: 117 but max is 0 [ 1254.956226][T17105] netlink: 'syz.1.3313': attribute type 3 has an invalid length. [ 1255.110014][T15772] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1255.120557][T15772] usb 4-1: config 0 has no interface number 0 [ 1255.129349][T15772] usb 4-1: config 0 interface 117 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 1255.140059][T15772] usb 4-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1255.379221][T17112] siw: device registration error -23 [ 1255.472681][T15772] usb 4-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 1255.538389][T15772] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1256.091041][T15772] usb 4-1: Product: syz [ 1256.095335][T15772] usb 4-1: Manufacturer: syz [ 1256.100248][T15772] usb 4-1: SerialNumber: syz [ 1256.116314][T15772] usb 4-1: config 0 descriptor?? [ 1256.864526][T17126] netlink: 112 bytes leftover after parsing attributes in process `syz.1.3318'. [ 1257.413148][T15772] usb 4-1: USB disconnect, device number 15 [ 1257.490345][T17134] netlink: 'syz.0.3319': attribute type 2 has an invalid length. [ 1257.498312][T17134] netlink: 244 bytes leftover after parsing attributes in process `syz.0.3319'. [ 1259.011632][T17152] siw: device registration error -23 [ 1260.392898][T17157] tipc: Enabling not permitted [ 1260.398493][T17157] tipc: Enabling of bearer rejected, failed to enable media [ 1260.744776][T17165] netlink: 'syz.3.3326': attribute type 3 has an invalid length. [ 1261.552590][T17176] netlink: 112 bytes leftover after parsing attributes in process `syz.4.3333'. [ 1261.858595][T17180] netlink: 'syz.3.3334': attribute type 2 has an invalid length. [ 1261.866722][T17180] netlink: 244 bytes leftover after parsing attributes in process `syz.3.3334'. [ 1264.359031][T17199] tipc: Enabling not permitted [ 1264.364651][T17199] tipc: Enabling of bearer rejected, failed to enable media [ 1265.602629][T17204] siw: device registration error -23 [ 1265.659626][T17205] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3337'. [ 1266.709285][T17226] netlink: 112 bytes leftover after parsing attributes in process `syz.4.3345'. [ 1267.085243][T17236] netlink: 'syz.3.3346': attribute type 2 has an invalid length. [ 1267.093193][T17236] netlink: 244 bytes leftover after parsing attributes in process `syz.3.3346'. [ 1269.513236][T17251] tipc: Enabling not permitted [ 1269.518881][T17251] tipc: Enabling of bearer rejected, failed to enable media [ 1270.436745][T17254] siw: device registration error -23 [ 1270.559748][ T4223] device batadv_slave_0 left promiscuous mode [ 1270.579142][ T4223] device hsr_slave_0 left promiscuous mode [ 1270.623188][ T4223] device hsr_slave_1 left promiscuous mode [ 1270.633342][ T4223] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1270.640800][ T4223] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1270.925978][ T4223] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1270.956742][ T4223] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1271.431774][ T4223] device bridge_slave_1 left promiscuous mode [ 1271.438880][ T4223] bridge0: port 2(bridge_slave_1) entered disabled state [ 1271.604008][ T4223] device bridge_slave_0 left promiscuous mode [ 1271.610760][ T4223] bridge0: port 1(bridge_slave_0) entered disabled state [ 1271.629110][T17291] netlink: 112 bytes leftover after parsing attributes in process `syz.0.3361'. [ 1271.682423][ T4223] device veth1_vlan left promiscuous mode [ 1271.697849][ T4223] device veth0_vlan left promiscuous mode [ 1271.981851][T17297] netlink: 'syz.4.3362': attribute type 2 has an invalid length. [ 1271.990071][T17297] netlink: 244 bytes leftover after parsing attributes in process `syz.4.3362'. [ 1273.063943][T17309] netlink: 'syz.0.3363': attribute type 2 has an invalid length. [ 1273.071884][T17309] netlink: 244 bytes leftover after parsing attributes in process `syz.0.3363'. [ 1273.105750][ T5621] Bluetooth: hci3: sending frame failed (-49) [ 1274.397342][T17316] sg_write: data in/out 1363439467/4056 bytes for SCSI command 0x27-- guessing data in; [ 1274.397342][T17316] program syz.2.3366 not setting count and/or reply_len properly [ 1274.680884][ T4223] team0 (unregistering): Port device team_slave_1 removed [ 1274.803989][T17324] siw: device registration error -23 [ 1275.595370][ T4223] team0 (unregistering): Port device team_slave_0 removed [ 1275.647142][ T4223] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1275.678791][ T4223] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1275.837072][T15644] Bluetooth: hci3: command 0x1003 tx timeout [ 1275.844361][ T5621] Bluetooth: hci3: sending frame failed (-49) [ 1276.006522][ T4223] bond0 (unregistering): Released all slaves [ 1276.197350][T17338] netlink: 112 bytes leftover after parsing attributes in process `syz.1.3373'. [ 1277.180436][ T26] audit: type=1326 audit(1730844129.005:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17350 comm="syz.0.3378" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f67f1b3a719 code=0x0 [ 1277.281174][T17352] netlink: 'syz.1.3377': attribute type 2 has an invalid length. [ 1277.289039][T17352] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3377'. [ 1277.876113][T15644] Bluetooth: hci3: command 0x1001 tx timeout [ 1277.891513][ T5621] Bluetooth: hci3: sending frame failed (-49) [ 1278.570069][T17371] siw: device registration error -23 [ 1281.369673][T17090] Bluetooth: hci3: command 0x1009 tx timeout [ 1282.519431][T17406] netlink: 'syz.4.3391': attribute type 2 has an invalid length. [ 1282.527325][T17406] netlink: 244 bytes leftover after parsing attributes in process `syz.4.3391'. [ 1283.332063][T17410] siw: device registration error -23 [ 1286.745053][T17458] siw: device registration error -23 [ 1288.110636][T17479] netlink: 'syz.1.3409': attribute type 2 has an invalid length. [ 1288.118577][T17479] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3409'. [ 1289.018836][T17472] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1291.092530][T17514] siw: device registration error -23 [ 1291.985018][T13050] Bluetooth: hci2: command 0x0406 tx timeout [ 1292.683894][T17532] netlink: 'syz.1.3426': attribute type 2 has an invalid length. [ 1292.691733][T17532] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3426'. [ 1295.295565][T17540] netlink: 'syz.4.3429': attribute type 1 has an invalid length. [ 1295.312575][T17542] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3430'. [ 1295.427982][T17544] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3429'. [ 1295.464968][T17544] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 1295.491950][T17544] bond1: (slave batadv1): Enslaving as a backup interface with an up link [ 1296.913824][T17565] siw: device registration error -23 [ 1297.550116][T15772] Bluetooth: hci3: command 0x1003 tx timeout [ 1297.560532][T14319] Bluetooth: hci3: sending frame failed (-49) [ 1297.583991][T17580] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 1297.629478][T17580] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 1298.863258][T17601] netlink: 'syz.0.3444': attribute type 2 has an invalid length. [ 1298.871152][T17601] netlink: 244 bytes leftover after parsing attributes in process `syz.0.3444'. [ 1299.861718][T16796] Bluetooth: hci3: command 0x1001 tx timeout [ 1299.952305][T14319] Bluetooth: hci3: sending frame failed (-49) [ 1299.954387][T17604] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1299.977064][ C0] vkms_vblank_simulate: vblank timer overrun [ 1300.604443][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 1301.409576][T17636] siw: device registration error -23 [ 1302.470183][ T3504] Bluetooth: hci3: command 0x1009 tx timeout [ 1302.495696][T17639] overlayfs: failed to resolve './file1': -2 [ 1302.714774][T17652] netlink: 'syz.4.3459': attribute type 2 has an invalid length. [ 1302.722790][T17652] netlink: 244 bytes leftover after parsing attributes in process `syz.4.3459'. [ 1303.644708][T17654] delete_channel: no stack [ 1303.790551][T17664] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1303.986657][T17672] netlink: 208 bytes leftover after parsing attributes in process `syz.1.3466'. [ 1305.005776][T17680] siw: device registration error -23 [ 1307.693054][T17702] netlink: 'syz.1.3471': attribute type 2 has an invalid length. [ 1307.701411][T17702] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3471'. [ 1309.409267][T17707] overlayfs: failed to resolve './file1': -2 [ 1310.466464][T17721] netlink: 208 bytes leftover after parsing attributes in process `syz.3.3479'. [ 1311.066580][T17728] hfs: can't find a HFS filesystem on dev nullb0 [ 1311.716642][T17733] siw: device registration error -23 [ 1313.394346][T17755] netlink: 'syz.1.3487': attribute type 2 has an invalid length. [ 1313.402248][T17755] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3487'. [ 1314.323079][ T4210] Bluetooth: hci3: command 0x1003 tx timeout [ 1314.329328][T14319] Bluetooth: hci3: sending frame failed (-49) [ 1314.944028][T17769] netlink: 208 bytes leftover after parsing attributes in process `syz.4.3492'. [ 1315.750916][T17776] netlink: 208 bytes leftover after parsing attributes in process `syz.4.3493'. [ 1316.044681][T17782] netlink: 'syz.1.3495': attribute type 2 has an invalid length. [ 1316.053052][T17782] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3495'. [ 1316.090120][T17783] siw: device registration error -23 [ 1316.342294][ T4210] Bluetooth: hci3: command 0x1001 tx timeout [ 1316.363133][T14319] Bluetooth: hci3: sending frame failed (-49) [ 1317.925638][T17806] netlink: 208 bytes leftover after parsing attributes in process `syz.4.3503'. [ 1318.592527][ T4210] Bluetooth: hci3: command 0x1009 tx timeout [ 1319.111748][T17814] netlink: 'syz.1.3505': attribute type 2 has an invalid length. [ 1319.119552][T17814] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3505'. [ 1319.874600][T17818] netlink: 208 bytes leftover after parsing attributes in process `syz.4.3506'. [ 1320.481917][T17823] netlink: 'syz.1.3507': attribute type 2 has an invalid length. [ 1320.489820][T17823] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3507'. [ 1320.785459][T17830] siw: device registration error -23 [ 1322.672540][T13050] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 1323.281163][T17862] netlink: 'syz.1.3517': attribute type 2 has an invalid length. [ 1323.288964][T17862] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3517'. [ 1323.303970][T13050] usb 3-1: device descriptor read/64, error -71 [ 1323.744856][T13050] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 1324.769692][T13050] usb 3-1: device descriptor read/64, error -71 [ 1324.903208][T13050] usb usb3-port1: attempt power cycle [ 1325.716916][T17882] siw: device registration error -23 [ 1326.251241][T17886] netlink: 'syz.2.3524': attribute type 2 has an invalid length. [ 1326.259178][T17886] netlink: 244 bytes leftover after parsing attributes in process `syz.2.3524'. [ 1326.278565][T17887] overlayfs: failed to resolve './file0': -2 [ 1327.755857][T17914] netlink: 'syz.4.3530': attribute type 2 has an invalid length. [ 1327.763761][T17914] netlink: 244 bytes leftover after parsing attributes in process `syz.4.3530'. [ 1328.459689][T17921] netlink: 208 bytes leftover after parsing attributes in process `syz.2.3535'. [ 1330.344253][T17936] siw: device registration error -23 [ 1330.652584][T15772] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 1330.700774][T17940] overlayfs: failed to resolve './file0': -2 [ 1330.956618][T17947] netlink: 208 bytes leftover after parsing attributes in process `syz.2.3540'. [ 1331.726830][T15772] usb 2-1: device descriptor read/64, error -71 [ 1332.300507][T17953] netlink: 'syz.2.3541': attribute type 2 has an invalid length. [ 1332.308318][T17953] netlink: 244 bytes leftover after parsing attributes in process `syz.2.3541'. [ 1332.626103][T17959] tipc: Enabling not permitted [ 1332.631769][T17959] tipc: Enabling of bearer rejected, failed to enable media [ 1333.549864][T17942] hpfs: Bad magic ... probably not HPFS [ 1334.882583][T17976] tipc: Enabling not permitted [ 1334.888211][T17976] tipc: Enabling of bearer rejected, failed to enable media [ 1337.281676][T17984] overlayfs: failed to resolve './file0': -2 [ 1337.379116][T17988] netlink: 'syz.3.3547': attribute type 2 has an invalid length. [ 1337.387150][T17988] netlink: 244 bytes leftover after parsing attributes in process `syz.3.3547'. [ 1338.192368][T17989] blackhole_netdev_xmit(): Dropping skb. [ 1338.198584][T17989] blackhole_netdev_xmit(): Dropping skb. [ 1338.289206][T17989] blackhole_netdev_xmit(): Dropping skb. [ 1338.295133][T17989] blackhole_netdev_xmit(): Dropping skb. [ 1338.300823][T17989] blackhole_netdev_xmit(): Dropping skb. [ 1338.306617][T17989] blackhole_netdev_xmit(): Dropping skb. [ 1338.322474][T17989] blackhole_netdev_xmit(): Dropping skb. [ 1338.332677][T17989] blackhole_netdev_xmit(): Dropping skb. [ 1338.338558][T17989] blackhole_netdev_xmit(): Dropping skb. [ 1338.449382][T17989] blackhole_netdev_xmit(): Dropping skb. [ 1338.810840][T18006] dlm: no local IP address has been set [ 1338.830386][T18006] dlm: cannot start dlm midcomms -107 [ 1339.573312][ T4210] Bluetooth: hci5: command 0x0406 tx timeout [ 1340.924877][T18028] tipc: Enabling not permitted [ 1340.937892][T18028] tipc: Enabling of bearer rejected, failed to enable media [ 1341.106824][T18034] netlink: 208 bytes leftover after parsing attributes in process `syz.1.3563'. [ 1342.837924][T15644] Bluetooth: hci3: command 0x1003 tx timeout [ 1342.871831][ T5621] Bluetooth: hci3: sending frame failed (-49) [ 1343.921588][T18054] netlink: 'syz.2.3568': attribute type 2 has an invalid length. [ 1343.929486][T18054] netlink: 244 bytes leftover after parsing attributes in process `syz.2.3568'. [ 1344.751599][T18064] hfs: can't find a HFS filesystem on dev nullb0 [ 1344.760733][T18065] netlink: 'syz.4.3571': attribute type 2 has an invalid length. [ 1344.768595][T18065] netlink: 244 bytes leftover after parsing attributes in process `syz.4.3571'. [ 1344.902396][T14409] Bluetooth: hci3: command 0x1001 tx timeout [ 1344.919063][ T5621] Bluetooth: hci3: sending frame failed (-49) [ 1345.597590][T18079] netlink: 208 bytes leftover after parsing attributes in process `syz.4.3575'. [ 1347.311536][ T4207] Bluetooth: hci3: command 0x1009 tx timeout [ 1348.731276][T18103] netlink: 'syz.2.3582': attribute type 2 has an invalid length. [ 1348.739263][T18103] netlink: 244 bytes leftover after parsing attributes in process `syz.2.3582'. [ 1349.891631][T18089] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3579'. [ 1350.118178][T18113] tipc: Enabling not permitted [ 1350.123979][T18113] tipc: Enabling of bearer rejected, failed to enable media [ 1350.892772][T18116] netlink: 'syz.2.3585': attribute type 2 has an invalid length. [ 1350.900689][T18116] netlink: 244 bytes leftover after parsing attributes in process `syz.2.3585'. [ 1350.993045][T18123] netlink: 208 bytes leftover after parsing attributes in process `syz.3.3586'. [ 1352.194681][T18127] netlink: 'syz.0.3588': attribute type 2 has an invalid length. [ 1352.202486][T18127] netlink: 244 bytes leftover after parsing attributes in process `syz.0.3588'. [ 1353.840137][T18132] hpfs: Bad magic ... probably not HPFS [ 1354.751534][T18167] tipc: Enabling not permitted [ 1354.757534][T18167] tipc: Enabling of bearer rejected, failed to enable media [ 1355.671468][T18175] netlink: 208 bytes leftover after parsing attributes in process `syz.0.3601'. [ 1356.752464][ T4207] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 1357.002981][ T4207] usb 1-1: Using ep0 maxpacket: 8 [ 1357.123199][ T4207] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1357.154422][ T4207] usb 1-1: config 0 has no interfaces? [ 1357.345182][ T4207] usb 1-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 1357.354665][ T4207] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1357.366632][ T4207] usb 1-1: Product: syz [ 1357.371006][ T4207] usb 1-1: Manufacturer: syz [ 1357.376111][ T4207] usb 1-1: SerialNumber: syz [ 1357.408547][ T4207] usb 1-1: config 0 descriptor?? [ 1358.748329][ T4207] usb 1-1: USB disconnect, device number 11 [ 1358.930291][T18202] netlink: 208 bytes leftover after parsing attributes in process `syz.2.3607'. [ 1359.034206][T18205] tipc: Enabling not permitted [ 1359.039957][T18205] tipc: Enabling of bearer rejected, failed to enable media [ 1359.112127][T18206] netlink: 'syz.3.3610': attribute type 2 has an invalid length. [ 1359.120117][T18206] netlink: 244 bytes leftover after parsing attributes in process `syz.3.3610'. [ 1361.538366][T18213] netlink: 208 bytes leftover after parsing attributes in process `syz.1.3612'. [ 1361.673204][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 1362.372370][T18220] hfs: can't find a HFS filesystem on dev nullb0 [ 1364.024617][T18233] capability: warning: `syz.4.3619' uses deprecated v2 capabilities in a way that may be insecure [ 1365.735896][T18251] netlink: 208 bytes leftover after parsing attributes in process `syz.4.3623'. [ 1366.171157][T18255] tipc: Enabling not permitted [ 1366.177021][T18255] tipc: Enabling of bearer rejected, failed to enable media [ 1368.008090][T18267] netlink: 208 bytes leftover after parsing attributes in process `syz.1.3628'. [ 1369.031846][T18276] netlink: 'syz.0.3625': attribute type 1 has an invalid length. [ 1370.364373][T18288] siw: device registration error -23 [ 1373.013895][T18309] netlink: 208 bytes leftover after parsing attributes in process `syz.0.3636'. [ 1373.251555][T18313] tipc: Enabling not permitted [ 1373.257446][T18313] tipc: Enabling of bearer rejected, failed to enable media [ 1374.566632][T18324] netlink: 208 bytes leftover after parsing attributes in process `syz.0.3639'. [ 1375.870678][T18337] siw: device registration error -23 [ 1378.875527][T18363] netlink: 208 bytes leftover after parsing attributes in process `syz.1.3650'. [ 1380.592546][T18372] tipc: Enabling not permitted [ 1380.598225][T18372] tipc: Enabling of bearer rejected, failed to enable media [ 1382.695631][T18380] netlink: 208 bytes leftover after parsing attributes in process `syz.1.3654'. [ 1383.487480][T18389] device sit0 entered promiscuous mode [ 1383.501992][T18389] netlink: 'syz.0.3656': attribute type 1 has an invalid length. [ 1383.509927][T18389] netlink: 1 bytes leftover after parsing attributes in process `syz.0.3656'. [ 1383.947075][T18392] siw: device registration error -23 [ 1384.708326][T18400] siw: device registration error -23 [ 1386.002305][T18406] hfs: can't find a HFS filesystem on dev nullb0 [ 1386.282757][T18416] netlink: 208 bytes leftover after parsing attributes in process `syz.2.3664'. [ 1386.442360][ T3504] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 1386.542100][T18419] tipc: Enabling not permitted [ 1386.547902][T18419] tipc: Enabling of bearer rejected, failed to enable media [ 1387.561461][ T3504] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1387.561603][ T3504] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1387.561910][ T3504] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 1387.562004][ T3504] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1387.630993][ T3504] usb 5-1: config 0 descriptor?? [ 1388.326143][ T3504] usbhid 5-1:0.0: can't add hid device: -71 [ 1388.326229][ T3504] usbhid: probe of 5-1:0.0 failed with error -71 [ 1388.332915][ T3504] usb 5-1: USB disconnect, device number 13 [ 1389.252579][T18437] device sit0 entered promiscuous mode [ 1389.261360][T18437] netlink: 'syz.3.3669': attribute type 1 has an invalid length. [ 1389.269885][T18437] netlink: 1 bytes leftover after parsing attributes in process `syz.3.3669'. [ 1389.508499][T18444] siw: device registration error -23 [ 1390.782610][T15644] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 1390.792057][T15772] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 1391.061074][T15644] usb 1-1: Using ep0 maxpacket: 8 [ 1391.254335][T18465] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3678'. [ 1391.273954][T18465] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 1391.313176][T15644] usb 1-1: config 135 has an invalid interface number: 230 but max is 0 [ 1391.345428][T15644] usb 1-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 1391.391561][T15644] usb 1-1: config 135 has no interface number 0 [ 1391.402272][T15772] usb 3-1: Using ep0 maxpacket: 16 [ 1391.407908][T15644] usb 1-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 1391.484659][T18467] tipc: Enabling not permitted [ 1391.490329][T18467] tipc: Enabling of bearer rejected, failed to enable media [ 1391.563103][T15772] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1391.763165][T15772] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1391.784885][T15772] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1391.826050][T15772] usb 3-1: Product: syz [ 1391.851157][T15772] usb 3-1: Manufacturer: syz [ 1391.875243][T15772] usb 3-1: SerialNumber: syz [ 1391.939714][T15772] usb 3-1: config 0 descriptor?? [ 1391.993825][T15772] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1392.027258][T15772] em28xx 3-1:0.0: DVB interface 0 found: bulk [ 1392.271880][T18474] netlink: 112 bytes leftover after parsing attributes in process `syz.4.3680'. [ 1392.363081][T15644] usb 1-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 1392.410237][T15644] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1392.488895][T15644] usb 1-1: Product: syz [ 1392.530734][T15644] usb 1-1: Manufacturer: syz [ 1392.578290][T15644] usb 1-1: SerialNumber: syz [ 1392.894671][T15644] usb 1-1: Found UVC 0.00 device syz (18ec:3288) [ 1392.908910][T15644] usb 1-1: No valid video chain found. [ 1393.002632][T15772] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 1393.147653][ T21] usb 1-1: USB disconnect, device number 12 [ 1393.177059][T18487] hfs: can't find a HFS filesystem on dev nullb0 [ 1393.881399][T15772] em28xx 3-1:0.0: failed to get i2c transfer status from bridge register (error=-5) [ 1393.915374][T15772] em28xx 3-1:0.0: board has no eeprom [ 1394.208055][T15772] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 1394.216600][T15772] em28xx 3-1:0.0: dvb set to bulk mode. [ 1394.228296][ T3504] em28xx 3-1:0.0: Binding DVB extension [ 1394.246607][T15772] usb 3-1: USB disconnect, device number 22 [ 1394.258356][T15772] em28xx 3-1:0.0: Disconnecting em28xx [ 1394.984329][ T3504] em28xx 3-1:0.0: Registering input extension [ 1394.991131][T15772] em28xx 3-1:0.0: Closing input extension [ 1395.013365][T18508] capability: warning: `syz.0.3689' uses 32-bit capabilities (legacy support in use) [ 1395.043096][T18508] program syz.0.3689 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1395.232442][T15772] em28xx 3-1:0.0: Freeing device [ 1395.497594][ T4380] Bluetooth: (null): Invalid header checksum [ 1395.532380][ T4380] Bluetooth: (null): Invalid header checksum [ 1395.579836][ T4380] Bluetooth: (null): Invalid header checksum [ 1395.904539][T18533] netlink: 112 bytes leftover after parsing attributes in process `syz.3.3693'. [ 1396.720539][T18537] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3697'. [ 1398.079149][ C1] sd 0:0:1:0: tag#3927 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 1398.089071][ C1] sd 0:0:1:0: tag#3927 CDB: Read(6) 08 00 0c 6a 08 48 [ 1398.658954][T18556] netlink: 'syz.3.3703': attribute type 1 has an invalid length. [ 1398.832248][ T1107] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 1399.072212][ T1107] usb 3-1: Using ep0 maxpacket: 32 [ 1399.172867][T18573] overlayfs: missing 'lowerdir' [ 1399.216266][T18575] netlink: 112 bytes leftover after parsing attributes in process `syz.3.3709'. [ 1400.240841][T18585] netlink: 'syz.4.3715': attribute type 1 has an invalid length. [ 1400.722623][ T4204] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 1401.006684][ T1107] usb 3-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 1401.017934][ T1107] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1401.026011][ T1107] usb 3-1: Product: syz [ 1401.030173][ T1107] usb 3-1: Manufacturer: syz [ 1401.034888][ T1107] usb 3-1: SerialNumber: syz [ 1401.052883][ T1107] usb 3-1: config 0 descriptor?? [ 1401.522410][ T1107] peak_usb 3-1:0.0 can0: unable to request usb[type=0 value=1] err=-71 [ 1401.589005][ T1107] peak_usb 3-1:0.0: unable to read PCAN-USB Pro firmware info (err -71) [ 1401.794437][T18612] netlink: 208 bytes leftover after parsing attributes in process `syz.4.3722'. [ 1401.812684][ T4204] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1401.812839][ T1107] peak_usb: probe of 3-1:0.0 failed with error -71 [ 1402.264459][ T1107] usb 3-1: USB disconnect, device number 23 [ 1402.330836][ T4204] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 1402.471799][ T4204] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 1402.492676][ T4204] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1402.541487][ T4204] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1402.909980][ T4204] snd-usb-audio: probe of 2-1:27.0 failed with error -12 [ 1402.944047][ T4204] usb 2-1: USB disconnect, device number 23 [ 1403.656079][T18631] overlayfs: missing 'workdir' [ 1403.858708][T18640] siw: device registration error -23 [ 1404.979402][T18654] netlink: 208 bytes leftover after parsing attributes in process `syz.0.3733'. [ 1404.998078][T18655] netlink: 'syz.3.3732': attribute type 3 has an invalid length. [ 1405.711450][T18658] xt_l2tp: missing protocol rule (udp|l2tpip) [ 1406.103029][T13050] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 1406.423217][T13050] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 1406.532368][T13050] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1406.552205][T13050] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1406.582195][T13050] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1406.690808][T13050] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1406.927830][T18681] net_ratelimit: 595 callbacks suppressed [ 1406.933879][T18681] openvswitch: netlink: Flow key attr not present in new flow. [ 1407.898435][T18682] siw: device registration error -23 [ 1408.939982][T13050] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1408.962182][T13050] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1409.212543][T13050] usb 4-1: unable to read config index 2 descriptor/start: -71 [ 1409.702197][T13050] usb 4-1: can't read configurations, error -71 [ 1411.019761][ T26] audit: type=1326 audit(1730844262.845:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18729 comm="syz.2.3754" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1899e04719 code=0x0 [ 1411.233033][T18733] siw: device registration error -23 [ 1412.441333][T18745] siw: device registration error -23 [ 1414.286151][T14409] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 1415.032353][T14409] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1415.057962][T14409] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1415.089432][T14409] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1415.131083][T14409] usb 1-1: config 0 descriptor?? [ 1415.195367][T14409] pwc: Askey VC010 type 2 USB webcam detected. [ 1415.649796][T18777] device sit0 entered promiscuous mode [ 1415.669225][T18777] netlink: 'syz.1.3765': attribute type 1 has an invalid length. [ 1415.677066][T18777] netlink: 1 bytes leftover after parsing attributes in process `syz.1.3765'. [ 1415.812446][T14409] pwc: recv_control_msg error -32 req 02 val 2b00 [ 1416.073447][T14409] pwc: recv_control_msg error -71 req 02 val 2c00 [ 1416.092413][T14409] pwc: recv_control_msg error -71 req 04 val 1000 [ 1416.122433][T14409] pwc: recv_control_msg error -71 req 04 val 1300 [ 1416.151379][T14409] pwc: recv_control_msg error -71 req 04 val 1400 [ 1416.183213][T14409] pwc: recv_control_msg error -71 req 02 val 2000 [ 1416.214510][T14409] pwc: recv_control_msg error -71 req 02 val 2100 [ 1416.242404][T14409] pwc: recv_control_msg error -71 req 04 val 1500 [ 1416.272377][T14409] pwc: recv_control_msg error -71 req 02 val 2500 [ 1416.292512][T14409] pwc: recv_control_msg error -71 req 02 val 2400 [ 1416.322444][T14409] pwc: recv_control_msg error -71 req 02 val 2600 [ 1416.397819][T18784] siw: device registration error -23 [ 1417.036967][T14409] pwc: recv_control_msg error -71 req 02 val 2900 [ 1417.062858][T14409] pwc: recv_control_msg error -71 req 02 val 2800 [ 1417.245062][T14409] pwc: recv_control_msg error -71 req 04 val 1100 [ 1417.422623][T14409] pwc: recv_control_msg error -71 req 04 val 1200 [ 1417.829509][T14409] pwc: Registered as video103. [ 1417.839358][T14409] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input12 [ 1417.911785][T14409] usb 1-1: USB disconnect, device number 13 [ 1418.075896][T18805] netlink: 'syz.1.3771': attribute type 1 has an invalid length. [ 1421.900907][T18833] netlink: 'syz.3.3777': attribute type 1 has an invalid length. [ 1421.908898][T18833] netlink: 1 bytes leftover after parsing attributes in process `syz.3.3777'. [ 1422.284750][T18836] block nbd0: shutting down sockets [ 1422.454723][T18839] device bridge0 entered promiscuous mode [ 1422.461003][T18839] device macsec1 entered promiscuous mode [ 1422.523237][T18839] device bridge0 left promiscuous mode [ 1422.810563][T18843] siw: device registration error -23 [ 1423.486187][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 1423.574263][T18847] hpfs: Bad magic ... probably not HPFS [ 1426.845900][T18857] netlink: 'syz.3.3785': attribute type 1 has an invalid length. [ 1427.664721][T18886] netlink: 'syz.1.3790': attribute type 1 has an invalid length. [ 1427.673101][T18886] netlink: 1 bytes leftover after parsing attributes in process `syz.1.3790'. [ 1428.134090][T18893] netlink: 'syz.0.3792': attribute type 2 has an invalid length. [ 1428.141841][T18893] netlink: 244 bytes leftover after parsing attributes in process `syz.0.3792'. [ 1428.890679][T18904] hpfs: Bad magic ... probably not HPFS [ 1429.215659][T18915] siw: device registration error -23 [ 1429.328829][T18917] tipc: Enabling not permitted [ 1429.328916][T18917] tipc: Enabling of bearer rejected, failed to enable media [ 1430.620496][T18902] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1431.226137][T18928] netlink: 'syz.3.3803': attribute type 1 has an invalid length. [ 1431.234166][T18928] netlink: 1 bytes leftover after parsing attributes in process `syz.3.3803'. [ 1432.201787][T18939] syz.3.3806 sent an empty control message without MSG_MORE. [ 1433.071470][T18944] netlink: 'syz.0.3805': attribute type 1 has an invalid length. [ 1433.917689][T18957] netlink: 'syz.1.3807': attribute type 2 has an invalid length. [ 1433.925623][T18957] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3807'. [ 1434.168778][T18959] syz.0.3809 uses old SIOCAX25GETINFO [ 1438.589129][T18976] tipc: Enabling not permitted [ 1438.594853][T18976] tipc: Enabling of bearer rejected, failed to enable media [ 1440.062408][T18992] netlink: 'syz.0.3816': attribute type 1 has an invalid length. [ 1440.070196][T18992] netlink: 1 bytes leftover after parsing attributes in process `syz.0.3816'. [ 1442.792323][ T4207] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 1443.042324][ T4207] usb 2-1: Using ep0 maxpacket: 8 [ 1443.541521][T19013] netlink: 'syz.0.3822': attribute type 2 has an invalid length. [ 1443.549496][T19013] netlink: 244 bytes leftover after parsing attributes in process `syz.0.3822'. [ 1445.200584][ T4207] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1445.217054][ T4207] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1445.314072][ T4207] usb 2-1: Product: syz [ 1445.324149][ T4207] usb 2-1: Manufacturer: syz [ 1445.334225][ T4207] usb 2-1: SerialNumber: syz [ 1445.909951][T19031] siw: device registration error -23 [ 1445.948555][ T4207] usb 2-1: config 0 descriptor?? [ 1445.984806][ T4207] usb 2-1: can't set config #0, error -71 [ 1446.434583][T19034] tipc: Enabling not permitted [ 1446.440332][T19034] tipc: Enabling of bearer rejected, failed to enable media [ 1446.812348][ T4207] usb 2-1: USB disconnect, device number 24 [ 1447.905710][T19048] netlink: 'syz.1.3831': attribute type 1 has an invalid length. [ 1447.913800][T19048] netlink: 1 bytes leftover after parsing attributes in process `syz.1.3831'. [ 1448.684933][T19060] netlink: 'syz.1.3834': attribute type 2 has an invalid length. [ 1448.692849][T19060] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3834'. [ 1450.102292][ T4207] Bluetooth: hci3: command 0x0409 tx timeout [ 1452.142429][T19094] netlink: 'syz.3.3843': attribute type 1 has an invalid length. [ 1452.150239][T19094] netlink: 1 bytes leftover after parsing attributes in process `syz.3.3843'. [ 1452.176004][ T1107] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 1452.278084][T19082] siw: device registration error -23 [ 1452.375241][ T4207] Bluetooth: hci3: command 0x041b tx timeout [ 1453.002313][ T1107] usb 2-1: Using ep0 maxpacket: 16 [ 1453.069972][T19111] netlink: 'syz.3.3847': attribute type 2 has an invalid length. [ 1453.070035][T19111] netlink: 244 bytes leftover after parsing attributes in process `syz.3.3847'. [ 1453.371836][ T1107] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF3, skipping [ 1454.252503][ T1107] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1454.261608][ T1107] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1454.310592][ T1107] usb 2-1: Product: syz [ 1454.315230][ T1107] usb 2-1: Manufacturer: syz [ 1454.319834][ T1107] usb 2-1: SerialNumber: syz [ 1454.343026][ T1107] usb 2-1: config 0 descriptor?? [ 1454.422264][ T1107] Bluetooth: hci3: command 0x040f tx timeout [ 1454.601008][T15772] usb 2-1: USB disconnect, device number 25 [ 1455.249231][T19035] chnl_net:caif_netlink_parms(): no params data found [ 1456.575904][T19142] siw: device registration error -23 [ 1456.662260][ T1107] Bluetooth: hci3: command 0x0419 tx timeout [ 1457.125200][T19151] Bluetooth: (null): Invalid header checksum [ 1457.481921][ T4334] Bluetooth: (null): Invalid header checksum [ 1458.773964][T19035] bridge0: port 1(bridge_slave_0) entered blocking state [ 1458.842345][T19035] bridge0: port 1(bridge_slave_0) entered disabled state [ 1458.865778][T19035] device bridge_slave_0 entered promiscuous mode [ 1458.876380][T19035] bridge0: port 2(bridge_slave_1) entered blocking state [ 1458.884447][T19035] bridge0: port 2(bridge_slave_1) entered disabled state [ 1458.905984][T19035] device bridge_slave_1 entered promiscuous mode [ 1459.167069][T19167] nfs4: Unknown parameter 'dev/cpu/#/msr' [ 1459.600171][T19168] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1459.986071][T19035] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1460.020802][T19035] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1460.130340][T19172] overlayfs: missing 'workdir' [ 1460.179165][T19035] team0: Port device team_slave_0 added [ 1460.215038][T19165] overlayfs: failed to resolve './file0': -2 [ 1461.124412][T19035] team0: Port device team_slave_1 added [ 1461.540761][T19035] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1461.614253][T19193] siw: device registration error -23 [ 1461.629272][T19035] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1461.655244][ C1] vkms_vblank_simulate: vblank timer overrun [ 1461.664844][T19035] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1461.689551][T19035] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1461.696758][T19035] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1461.722794][ C1] vkms_vblank_simulate: vblank timer overrun [ 1462.198221][T19035] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1462.229823][ T9] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1463.809852][T19035] device hsr_slave_0 entered promiscuous mode [ 1463.839721][T19035] device hsr_slave_1 entered promiscuous mode [ 1464.025743][ T9] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1464.037985][T19211] overlayfs: missing 'workdir' [ 1464.476812][T19219] ubi0: attaching mtd0 [ 1464.487317][T19219] ubi0: scanning is finished [ 1464.492014][T19219] ubi0: empty MTD device detected [ 1466.232429][T19219] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 1466.560578][ T9] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1468.282159][T19248] siw: device registration error -23 [ 1468.436042][ T9] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1469.269692][T19035] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1469.975966][T19035] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1470.262402][ T4207] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 1470.662822][ T4207] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1470.706559][ T4207] usb 1-1: config 0 has no interfaces? [ 1470.754801][T19035] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1470.765089][ T4207] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 1470.779589][T19035] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1470.816762][ T4207] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1470.927844][ T4207] usb 1-1: config 0 descriptor?? [ 1471.818060][T19273] udc-core: couldn't find an available UDC or it's busy [ 1471.847255][T19273] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 1471.886935][T15772] usb 1-1: USB disconnect, device number 14 [ 1471.932814][T19035] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1471.980527][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1472.001491][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1472.030458][T19035] 8021q: adding VLAN 0 to HW filter on device team0 [ 1472.060171][T12223] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1472.124869][T12223] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1472.150496][T12223] bridge0: port 1(bridge_slave_0) entered blocking state [ 1472.157671][T12223] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1472.210872][T12223] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1472.238519][T12223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1472.292224][T12223] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1472.301203][T12223] bridge0: port 2(bridge_slave_1) entered blocking state [ 1472.308338][T12223] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1472.317403][T12223] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1472.326330][T12223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1472.345601][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1472.609302][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1472.637857][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1472.664051][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1472.703883][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1472.719000][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1472.731410][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1472.750760][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1472.788114][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1472.813975][T19035] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1474.645674][T19333] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3902'. [ 1475.462606][T12043] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1476.279034][T12043] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1476.378050][T19035] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1478.772012][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1478.801673][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1478.822633][T17090] Bluetooth: hci0: command 0x1003 tx timeout [ 1478.872419][T14319] Bluetooth: hci0: sending frame failed (-49) [ 1479.208504][T19035] device veth0_vlan entered promiscuous mode [ 1479.425782][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1479.444351][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1479.582777][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1479.621085][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1479.947324][ T9] device hsr_slave_0 left promiscuous mode [ 1479.954030][ T9] device hsr_slave_1 left promiscuous mode [ 1479.960293][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1479.968386][ T9] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1479.976338][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1479.984223][ T9] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1480.461419][ T9] device bridge_slave_1 left promiscuous mode [ 1480.467917][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 1480.476985][ T9] device bridge_slave_0 left promiscuous mode [ 1480.483376][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 1480.496143][ T9] rdma_rxe: ignoring netdev event = 10 for veth1_to_team [ 1480.507624][ T9] device veth1_macvtap left promiscuous mode [ 1480.514194][ T9] device veth0_macvtap left promiscuous mode [ 1480.520295][ T9] device veth1_vlan left promiscuous mode [ 1480.526334][ T9] device veth0_vlan left promiscuous mode [ 1480.580877][ T9] infiniband syz0: set down [ 1480.706235][ T9] team0 (unregistering): Port device team_slave_1 removed [ 1480.725598][ T9] team0 (unregistering): Port device team_slave_0 removed [ 1480.728844][ T4330] smc: removing ib device syz0 [ 1480.741560][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1480.758421][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1480.844892][ T9] bond0 (unregistering): Released all slaves [ 1480.881888][T19035] device veth1_vlan entered promiscuous mode [ 1480.902592][T15644] Bluetooth: hci0: command 0x1001 tx timeout [ 1480.911312][T14319] Bluetooth: hci0: sending frame failed (-49) [ 1481.086014][T19035] device veth0_macvtap entered promiscuous mode [ 1481.192702][T19035] device veth1_macvtap entered promiscuous mode [ 1481.350031][T19035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1481.401268][T19035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1481.456941][T19035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1481.510655][T19035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1481.548214][T19035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1481.558788][T19035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1481.568699][T19035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1481.579227][T19035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1481.590896][T19035] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1481.646064][T17045] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1481.691083][T17045] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1481.707706][T17045] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1481.723260][T17045] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1481.737382][T17045] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1481.767928][T17045] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1482.310671][T19035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1482.522431][T19035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1482.533424][T19035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1482.544899][T19035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1482.579546][T13050] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 1482.683914][T19035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1482.725771][T19035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1482.748292][T19035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1482.770688][T19035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1482.794010][T19035] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1482.808940][T19035] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1482.818045][T19035] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1482.828458][T19035] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1482.837965][T19035] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1482.902392][T12043] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1482.915035][T12043] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1483.026713][T13050] usb 5-1: Using ep0 maxpacket: 16 [ 1483.192738][T13050] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1483.252899][T13050] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1483.264480][T12458] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1483.292413][T12458] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1483.420511][T12458] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1483.434624][ T4207] Bluetooth: hci0: command 0x1009 tx timeout [ 1483.448279][T12787] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1483.462383][T13050] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 1483.471453][T13050] usb 5-1: New USB device strings: Mfr=236, Product=255, SerialNumber=0 [ 1483.500780][T12787] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1483.645820][T13050] usb 5-1: Product: syz [ 1483.676099][T13050] usb 5-1: Manufacturer: syz [ 1483.709984][T12787] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1483.928660][T13050] usb 5-1: config 0 descriptor?? [ 1484.425799][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 1484.475267][T13050] kovaplus 0003:1E7D:2D50.0005: item fetching failed at offset 4/7 [ 1484.484756][T13050] kovaplus 0003:1E7D:2D50.0005: parse failed [ 1484.491371][T13050] kovaplus: probe of 0003:1E7D:2D50.0005 failed with error -22 [ 1484.941286][T19500] netlink: 208 bytes leftover after parsing attributes in process `syz.5.3937'. [ 1485.450941][ T26] audit: type=1326 audit(1730844337.275:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19509 comm="syz.0.3938" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f67f1b3a719 code=0x0 [ 1485.517318][T19505] DRBG: could not allocate CTR cipher TFM handle: ctr(aes) [ 1485.714623][T19519] netlink: 'syz.5.3939': attribute type 2 has an invalid length. [ 1485.723274][T19519] netlink: 244 bytes leftover after parsing attributes in process `syz.5.3939'. [ 1486.024822][T19530] netlink: 'syz.3.3941': attribute type 2 has an invalid length. [ 1486.032663][T19530] netlink: 244 bytes leftover after parsing attributes in process `syz.3.3941'. [ 1486.625448][T13050] usb 5-1: USB disconnect, device number 14 [ 1488.996369][T19565] overlayfs: workdir and upperdir must be separate subtrees [ 1489.292688][ T26] audit: type=1326 audit(1730844341.115:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19570 comm="syz.0.3952" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f67f1b3a719 code=0x0 [ 1489.459154][T19574] netlink: 208 bytes leftover after parsing attributes in process `syz.1.3950'. [ 1489.893265][T19575] netlink: 'syz.4.3953': attribute type 2 has an invalid length. [ 1489.905907][T19575] netlink: 244 bytes leftover after parsing attributes in process `syz.4.3953'. [ 1490.049018][T19588] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3956'. [ 1490.082169][ T1107] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 1490.132394][T19591] netlink: 'syz.1.3955': attribute type 2 has an invalid length. [ 1490.140195][T19591] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3955'. [ 1490.372418][ T1107] usb 4-1: Using ep0 maxpacket: 8 [ 1490.533020][ T1107] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1490.693242][ T1107] usb 4-1: config 8 has an invalid interface number: 24 but max is 1 [ 1490.742227][ T1107] usb 4-1: config 8 has an invalid interface number: 242 but max is 1 [ 1490.798156][ T1107] usb 4-1: config 8 has no interface number 0 [ 1490.860969][ T1107] usb 4-1: config 8 has no interface number 1 [ 1490.890626][ T1107] usb 4-1: config 8 interface 24 altsetting 2 endpoint 0xE has invalid maxpacket 1535, setting to 1024 [ 1490.937839][ T1107] usb 4-1: config 8 interface 24 altsetting 2 endpoint 0x85 has an invalid bInterval 255, changing to 11 [ 1490.970474][ T1107] usb 4-1: config 8 interface 24 has no altsetting 0 [ 1492.253756][ T1107] usb 4-1: config 8 interface 242 has no altsetting 0 [ 1492.437142][T19626] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 1493.358202][ T1107] usb 4-1: string descriptor 0 read error: -71 [ 1493.393325][ T1107] usb 4-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=75.af [ 1493.656426][ T1107] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1493.684532][T19642] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3967'. [ 1493.933834][T19644] netlink: 'syz.3.3968': attribute type 2 has an invalid length. [ 1493.941586][T19644] netlink: 244 bytes leftover after parsing attributes in process `syz.3.3968'. [ 1495.350761][T19646] netlink: 'syz.0.3969': attribute type 2 has an invalid length. [ 1495.358784][T19646] netlink: 244 bytes leftover after parsing attributes in process `syz.0.3969'. [ 1495.605655][ T1107] usb 4-1: can't set config #8, error -71 [ 1495.784518][ T1107] usb 4-1: USB disconnect, device number 18 [ 1496.463532][T19659] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3973'. [ 1496.623945][T19659] bridge0: port 2(bridge_slave_1) entered disabled state [ 1496.631889][T19659] bridge0: port 1(bridge_slave_0) entered disabled state [ 1497.765735][T19683] siw: device registration error -23 [ 1501.372231][T19714] netlink: 'syz.5.3985': attribute type 2 has an invalid length. [ 1501.379985][T19714] netlink: 244 bytes leftover after parsing attributes in process `syz.5.3985'. [ 1503.256602][T19741] siw: device registration error -23 [ 1505.325948][ T4450] Bluetooth: (null): Invalid header checksum [ 1505.358012][T19777] netlink: 'syz.1.3999': attribute type 2 has an invalid length. [ 1505.366086][T19777] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3999'. [ 1505.387255][ T4223] Bluetooth: (null): Invalid header checksum [ 1507.540793][T19813] netlink: 132 bytes leftover after parsing attributes in process `syz.5.4007'. [ 1507.550233][T19813] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4007'. [ 1507.559904][T19813] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4007'. [ 1508.092801][T19814] siw: device registration error -23 [ 1508.175710][T19815] netlink: 208 bytes leftover after parsing attributes in process `syz.3.3988'. [ 1508.951513][T19829] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1513.872249][T19875] siw: device registration error -23 [ 1518.159139][T19926] tipc: Enabling not permitted [ 1518.164786][T19926] tipc: Enabling of bearer rejected, failed to enable media [ 1519.325541][T19931] siw: device registration error -23 [ 1520.246933][T19950] netlink: 'syz.3.4036': attribute type 2 has an invalid length. [ 1520.254854][T19950] netlink: 244 bytes leftover after parsing attributes in process `syz.3.4036'. [ 1524.309674][T19982] tipc: Enabling not permitted [ 1524.315392][T19982] tipc: Enabling of bearer rejected, failed to enable media [ 1525.770298][T20008] siw: device registration error -23 [ 1527.732891][T20025] netlink: 'syz.4.4052': attribute type 2 has an invalid length. [ 1527.740645][T20025] netlink: 244 bytes leftover after parsing attributes in process `syz.4.4052'. [ 1527.958655][T20027] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4055'. [ 1528.008432][T20027] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4055'. [ 1530.151773][T20060] siw: device registration error -23 [ 1531.047333][ T26] audit: type=1326 audit(1730844382.865:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20065 comm="syz.3.4063" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbc70aa7719 code=0x0 [ 1532.371198][T20084] netlink: 'syz.5.4068': attribute type 2 has an invalid length. [ 1532.379237][T20084] netlink: 244 bytes leftover after parsing attributes in process `syz.5.4068'. [ 1534.444270][ T4204] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 1534.712274][ T4204] usb 6-1: Using ep0 maxpacket: 16 [ 1535.562229][ T4204] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1535.589763][ T4204] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1535.602823][ T3504] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 1535.826172][ T4204] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 1535.873000][ T4204] usb 6-1: New USB device strings: Mfr=236, Product=255, SerialNumber=0 [ 1535.983426][ T4204] usb 6-1: Product: syz [ 1536.040373][ T4204] usb 6-1: Manufacturer: syz [ 1536.073022][ T3504] usb 4-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 1536.124568][ T3504] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1536.204155][ T4204] usb 6-1: config 0 descriptor?? [ 1536.370462][ T3504] usb 4-1: config 0 descriptor?? [ 1536.434360][ T3504] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 1536.518094][ T4204] usbhid 6-1:0.0: can't add hid device: -71 [ 1536.558052][ T4204] usbhid: probe of 6-1:0.0 failed with error -71 [ 1536.738772][ T4204] usb 6-1: USB disconnect, device number 2 [ 1536.837224][T20141] netlink: 'syz.1.4080': attribute type 2 has an invalid length. [ 1536.845080][T20141] netlink: 244 bytes leftover after parsing attributes in process `syz.1.4080'. [ 1538.334823][ T3504] usb 4-1: USB disconnect, device number 19 [ 1542.736675][T20197] device pim6reg1 entered promiscuous mode [ 1543.755379][T20207] netlink: 'syz.3.4098': attribute type 11 has an invalid length. [ 1544.779461][ T26] audit: type=1326 audit(1730844396.605:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20222 comm="syz.5.4101" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9a03130719 code=0x0 [ 1545.253112][T20237] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4104'. [ 1545.882630][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 1547.402591][T20263] netlink: 104 bytes leftover after parsing attributes in process `syz.0.4109'. [ 1548.802151][T14366] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 1549.233032][T14366] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1549.524983][T14366] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1549.571363][T14366] usb 1-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00 [ 1549.611455][T14366] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1549.944751][T14366] usb 1-1: config 0 descriptor?? [ 1551.354908][T14366] cougar 0003:060B:700A.0006: item fetching failed at offset 4/5 [ 1551.648213][T14366] cougar 0003:060B:700A.0006: parse failed [ 1551.661044][T14366] cougar: probe of 0003:060B:700A.0006 failed with error -22 [ 1551.678475][T14366] usb 1-1: USB disconnect, device number 15 [ 1551.722182][ T26] audit: type=1326 audit(1730844403.525:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20300 comm="syz.5.4118" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9a03130719 code=0x0 [ 1552.575331][T20323] netlink: 'syz.4.4123': attribute type 2 has an invalid length. [ 1552.583164][T20323] netlink: 244 bytes leftover after parsing attributes in process `syz.4.4123'. [ 1557.779686][ T26] audit: type=1326 audit(1730844409.605:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20384 comm="syz.1.4138" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1a7e8fe719 code=0x0 [ 1558.935326][T20403] netlink: 'syz.1.4139': attribute type 2 has an invalid length. [ 1558.943243][T20403] netlink: 244 bytes leftover after parsing attributes in process `syz.1.4139'. [ 1565.614322][T20477] netlink: 'syz.1.4152': attribute type 2 has an invalid length. [ 1565.623649][T20477] netlink: 244 bytes leftover after parsing attributes in process `syz.1.4152'. [ 1566.274982][T20494] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1566.283919][T20494] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 1567.092414][T20494] overlayfs: missing 'lowerdir' [ 1567.377110][T20512] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4165'. [ 1572.203127][T20559] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4175'. [ 1572.223511][T20558] netlink: 'syz.3.4173': attribute type 2 has an invalid length. [ 1572.231278][T20558] netlink: 244 bytes leftover after parsing attributes in process `syz.3.4173'. [ 1572.248877][T20559] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1572.289552][T20559] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 1572.317126][T20559] bond1: (slave batadv1): Enslaving as an active interface with an up link [ 1572.326865][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 1578.352411][T20614] netlink: 'syz.0.4185': attribute type 1 has an invalid length. [ 1579.954412][ T4450] Bluetooth: (null): Too short H5 packet [ 1579.970883][ T4450] Bluetooth: (null): Invalid header checksum [ 1580.016000][ T4450] Bluetooth: (null): Invalid header checksum [ 1580.031756][ T4450] Bluetooth: (null): Invalid header checksum [ 1580.048520][ T4450] Bluetooth: (null): Invalid header checksum [ 1580.882209][ T4450] Bluetooth: (null): Invalid header checksum [ 1581.421243][T20653] netlink: 104 bytes leftover after parsing attributes in process `syz.3.4195'. [ 1582.868208][T20677] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4203'. [ 1583.932317][ T21] usb 5-1: new full-speed USB device number 15 using dummy_hcd [ 1584.421511][T20696] x_tables: ip_tables: osf match: only valid for protocol 6 [ 1584.602484][ T21] usb 5-1: config 0 has no interfaces? [ 1584.609516][ T21] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1584.944571][ T21] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1585.035585][ T21] usb 5-1: config 0 descriptor?? [ 1585.057896][T20700] netlink: 104 bytes leftover after parsing attributes in process `syz.1.4208'. [ 1585.295440][ T21] usb 5-1: USB disconnect, device number 15 [ 1585.729895][T20711] netlink: 'syz.5.4210': attribute type 3 has an invalid length. [ 1586.307673][T20740] netlink: 208 bytes leftover after parsing attributes in process `syz.0.4218'. [ 1586.812596][ T4380] Bluetooth: (null): Invalid header checksum [ 1586.852981][ T4380] Bluetooth: (null): Invalid header checksum [ 1586.996867][ T4380] Bluetooth: (null): Invalid header checksum [ 1587.229714][ T4380] Bluetooth: (null): Invalid header checksum [ 1588.632169][ T21] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 1590.062670][ T21] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1590.502795][ T21] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1590.518472][ T21] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1590.534395][ T21] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1590.546149][ T21] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1590.609882][ T21] usb 4-1: config 0 descriptor?? [ 1590.642319][ T9] Bluetooth: (null): Invalid header checksum [ 1590.649530][ T9] Bluetooth: (null): Invalid header checksum [ 1590.657748][ T9] Bluetooth: (null): Invalid header checksum [ 1590.664307][ T9] Bluetooth: (null): Invalid header checksum [ 1590.671461][ T9] Bluetooth: (null): Invalid header checksum [ 1590.695088][ T9] Bluetooth: (null): Invalid header checksum [ 1591.114074][ T21] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x4 [ 1591.131919][ T21] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 1591.142923][ T21] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 1591.150625][ T21] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 1591.166138][ T21] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving [ 1591.217111][ T21] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 1593.294002][T15708] usb 4-1: USB disconnect, device number 20 [ 1603.093018][T20829] chnl_net:caif_netlink_parms(): no params data found [ 1604.272216][T15708] Bluetooth: hci3: command 0x0406 tx timeout [ 1604.982274][ T21] Bluetooth: hci0: command 0x0409 tx timeout [ 1606.502414][ T21] Bluetooth: hci4: command 0x0409 tx timeout [ 1607.304607][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 1608.582417][ T21] Bluetooth: hci8: command 0x0409 tx timeout [ 1610.662345][T15708] Bluetooth: hci8: command 0x041b tx timeout [ 1611.062114][T15708] Bluetooth: hci9: command 0x0409 tx timeout [ 1665.622190][T15708] Bluetooth: hci10: command 0x0409 tx timeout [ 1666.582288][ T21] Bluetooth: hci11: command 0x0409 tx timeout [ 1667.702235][T15708] Bluetooth: hci10: command 0x041b tx timeout [ 1668.102176][T15708] Bluetooth: hci12: command 0x0409 tx timeout [ 1668.662243][T15708] Bluetooth: hci11: command 0x041b tx timeout [ 1668.746898][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 1669.622148][ T21] Bluetooth: hci13: command 0x0409 tx timeout [ 1669.782115][ T21] Bluetooth: hci10: command 0x040f tx timeout [ 1670.182188][T15708] Bluetooth: hci12: command 0x041b tx timeout [ 1670.742279][T15708] Bluetooth: hci11: command 0x040f tx timeout [ 1725.622184][T15772] Bluetooth: hci15: command 0x0409 tx timeout [ 1727.142347][T15772] Bluetooth: hci16: command 0x0409 tx timeout [ 1728.182380][T15772] Bluetooth: hci17: command 0x0409 tx timeout [ 1729.222284][T15772] Bluetooth: hci16: command 0x041b tx timeout [ 1729.622157][ T21] Bluetooth: hci18: command 0x0409 tx timeout [ 1730.187291][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 1730.262394][ T21] Bluetooth: hci17: command 0x041b tx timeout [ 1731.302272][ T21] Bluetooth: hci16: command 0x040f tx timeout [ 1731.702185][ T21] Bluetooth: hci18: command 0x041b tx timeout [ 1732.102195][ T21] Bluetooth: hci19: command 0x0409 tx timeout [ 1732.342403][ T21] Bluetooth: hci17: command 0x040f tx timeout [ 1733.382395][ T21] Bluetooth: hci16: command 0x0419 tx timeout [ 1733.782204][ T21] Bluetooth: hci18: command 0x040f tx timeout [ 1734.182175][ T21] Bluetooth: hci19: command 0x041b tx timeout [ 1734.422365][ T21] Bluetooth: hci17: command 0x0419 tx timeout [ 1735.862105][T15772] Bluetooth: hci18: command 0x0419 tx timeout [ 1736.262187][T15772] Bluetooth: hci19: command 0x040f tx timeout [ 1738.342195][ T21] Bluetooth: hci19: command 0x0419 tx timeout [ 1742.343031][ T27] INFO: task kworker/1:6:4204 blocked for more than 143 seconds. [ 1742.350786][ T27] Not tainted 5.15.170-syzkaller #0 [ 1742.367894][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1742.379891][ T27] task:kworker/1:6 state:D stack:20696 pid: 4204 ppid: 2 flags:0x00004000 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1742.396226][ T27] Workqueue: events bpf_map_free_deferred [ 1742.413284][ T27] Call Trace: [ 1742.416787][ T27] [ 1742.419724][ T27] __schedule+0x12c4/0x45b0 [ 1742.455903][ T27] ? mark_lock+0x98/0x340 [ 1742.460422][ T27] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 1742.470025][ T27] ? release_firmware_map_entry+0x190/0x190 [ 1742.476317][ T27] ? __mutex_trylock_common+0x8d/0x2e0 [ 1742.481801][ T27] ? do_raw_spin_unlock+0x137/0x8b0 [ 1742.488839][ T27] ? _raw_spin_unlock_irq+0x1f/0x40 [ 1742.494364][ T27] ? lockdep_hardirqs_on+0x94/0x130 [ 1742.499575][ T27] schedule+0x11b/0x1f0 [ 1742.504176][ T27] schedule_preempt_disabled+0xf/0x20 [ 1742.509550][ T27] __mutex_lock_common+0xe34/0x25a0 [ 1742.515145][ T27] ? synchronize_rcu_expedited+0x350/0x740 [ 1742.520961][ T27] ? mutex_lock_io_nested+0x60/0x60 [ 1742.526517][ T27] ? do_raw_spin_lock+0x14a/0x370 [ 1742.531557][ T27] ? do_raw_spin_unlock+0x137/0x8b0 [ 1742.537146][ T27] mutex_lock_nested+0x17/0x20 [ 1742.541916][ T27] synchronize_rcu_expedited+0x350/0x740 [ 1742.550885][ T27] ? synchronize_rcu+0x1a0/0x1a0 [ 1742.556104][ T27] ? mark_lock+0x98/0x340 [ 1742.560450][ T27] ? __lock_acquire+0x1295/0x1ff0 [ 1742.574657][ T27] ? mark_lock+0x98/0x340 [ 1742.579011][ T27] synchronize_rcu+0x107/0x1a0 [ 1742.590789][ T27] ? kvfree_call_rcu+0x8a0/0x8a0 [ 1742.600092][ T27] ? lockdep_unlock+0x166/0x300 [ 1742.610715][ T27] ? lockdep_lock+0x2a0/0x2a0 [ 1742.618990][ T27] ? __is_module_percpu_address+0x287/0x3c0 [ 1742.630736][ T27] ? is_kernel_percpu_address+0x132/0x150 [ 1742.640152][ T27] lockdep_unregister_key+0x4ed/0x5c0 [ 1742.652386][ T27] ? lockdep_reset_lock+0x3f0/0x3f0 [ 1742.657658][ T27] ? htab_map_free+0x450/0x5e0 [ 1742.670500][ T27] htab_map_free+0x58c/0x5e0 [ 1742.676558][ T27] ? bpf_map_free_deferred+0x1d3/0x2e0 [ 1742.689854][ T27] process_one_work+0x8a1/0x10c0 [ 1742.695988][ T27] ? worker_detach_from_pool+0x260/0x260 [ 1742.701645][ T27] ? _raw_spin_lock_irqsave+0x120/0x120 [ 1742.716002][ T27] ? kthread_data+0x4e/0xc0 [ 1742.720529][ T27] ? wq_worker_running+0x97/0x170 [ 1742.731121][ T27] worker_thread+0xaca/0x1280 [ 1742.739235][ T27] kthread+0x3f6/0x4f0 [ 1742.753039][ T27] ? rcu_lock_release+0x20/0x20 [ 1742.757939][ T27] ? kthread_blkcg+0xd0/0xd0 [ 1742.771431][ T27] ret_from_fork+0x1f/0x30 [ 1742.776050][ T27] [ 1742.779131][ T27] INFO: task syz.5.4233:20802 blocked for more than 143 seconds. [ 1742.795953][ T27] Not tainted 5.15.170-syzkaller #0 [ 1742.801684][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1742.814763][ T27] task:syz.5.4233 state:D stack:27168 pid:20802 ppid: 19035 flags:0x00004004 [ 1742.831208][ T27] Call Trace: [ 1742.834617][ T27] [ 1742.837548][ T27] __schedule+0x12c4/0x45b0 [ 1742.850901][ T27] ? do_raw_spin_unlock+0x137/0x8b0 [ 1742.857546][ T27] ? release_firmware_map_entry+0x190/0x190 [ 1742.871998][ T27] ? __might_sleep+0xc0/0xc0 [ 1742.876610][ T27] ? wq_worker_last_func+0x40/0x40 [ 1742.881718][ T27] ? prepare_to_wait_event+0x3aa/0x3e0 [ 1742.895375][ T27] schedule+0x11b/0x1f0 [ 1742.899554][ T27] synchronize_rcu_expedited+0x5c6/0x740 [ 1742.910454][ T27] ? synchronize_rcu+0x1a0/0x1a0 [ 1742.919901][ T27] ? rcu_exp_sel_wait_wake+0x1c00/0x1c00 [ 1742.930173][ T27] ? vhost_vsock_dev_release+0x176/0x470 [ 1742.941310][ T27] ? __lock_acquire+0x1ff0/0x1ff0 [ 1742.950735][ T27] ? __lock_acquire+0x1295/0x1ff0 [ 1742.961601][ T27] ? init_wait_entry+0xd0/0xd0 [ 1742.970995][ T27] synchronize_rcu+0x107/0x1a0 [ 1742.980333][ T27] ? kvfree_call_rcu+0x8a0/0x8a0 [ 1742.992022][ T27] ? vhost_vsock_dev_release+0x4d/0x470 [ 1742.997625][ T27] ? mutex_unlock+0x10/0x10 [ 1743.011317][ T27] ? __fsnotify_parent+0x50c/0x730 [ 1743.017139][ T27] ? fsnotify_set_children_dentry_flags+0x220/0x220 [ 1743.032021][ T27] vhost_vsock_dev_release+0x17b/0x470 [ 1743.037503][ T27] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 1743.052649][ T27] ? vhost_vsock_dev_open+0x2c0/0x2c0 [ 1743.058045][ T27] __fput+0x3fe/0x8e0 [ 1743.071173][ T27] task_work_run+0x129/0x1a0 [ 1743.076993][ T27] exit_to_user_mode_loop+0x106/0x130 [ 1743.090047][ T27] exit_to_user_mode_prepare+0xb1/0x140 [ 1743.096768][ T27] syscall_exit_to_user_mode+0x5d/0x240 [ 1743.110165][ T27] do_syscall_64+0x47/0xb0 [ 1743.115752][ T27] ? clear_bhb_loop+0x15/0x70 [ 1743.120437][ T27] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1743.134053][ T27] RIP: 0033:0x7f9a03130719 [ 1743.138511][ T27] RSP: 002b:00007ffc33259a58 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1743.154003][ T27] RAX: 0000000000000000 RBX: 0000000000184018 RCX: 00007f9a03130719 [ 1743.169128][ T27] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 1743.179404][ T27] RBP: 00007f9a032e9a80 R08: 0000000000000001 R09: 00007ffc33259d4f [ 1743.187555][ T27] R10: 00007f9a02fb2000 R11: 0000000000000246 R12: 0000000000184054 [ 1743.195844][ T27] R13: 00007ffc33259b60 R14: 0000000000000032 R15: ffffffffffffffff [ 1743.204083][ T27] [ 1743.207132][ T27] INFO: task syz.4.4235:20811 blocked for more than 144 seconds. [ 1743.215343][ T27] Not tainted 5.15.170-syzkaller #0 [ 1743.221062][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1743.230093][ T27] task:syz.4.4235 state:D stack:27064 pid:20811 ppid: 15498 flags:0x00004004 [ 1743.239588][ T27] Call Trace: [ 1743.243137][ T27] [ 1743.246137][ T27] __schedule+0x12c4/0x45b0 [ 1743.250645][ T27] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 1743.257187][ T27] ? do_raw_spin_unlock+0x137/0x8b0 [ 1743.262631][ T27] ? _raw_spin_unlock_irqrestore+0x8b/0x130 [ 1743.269404][ T27] ? release_firmware_map_entry+0x190/0x190 [ 1743.276466][ T27] ? __might_sleep+0xc0/0xc0 [ 1743.281070][ T27] ? prepare_to_wait_event+0x3aa/0x3e0 [ 1743.286883][ T27] schedule+0x11b/0x1f0 [ 1743.291046][ T27] synchronize_rcu_expedited+0x671/0x740 [ 1743.297062][ T27] ? synchronize_rcu+0x1a0/0x1a0 [ 1743.302234][ T27] ? init_wait_entry+0xd0/0xd0 [ 1743.306999][ T27] ? mark_lock+0x98/0x340 [ 1743.311347][ T27] ? __might_sleep+0xc0/0xc0 [ 1743.316375][ T27] synchronize_rcu+0x107/0x1a0 [ 1743.321142][ T27] ? kvfree_call_rcu+0x8a0/0x8a0 [ 1743.326451][ T27] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 1743.332687][ T27] ? print_irqtrace_events+0x210/0x210 [ 1743.338143][ T27] ? _raw_spin_lock_irq+0xdb/0x110 [ 1743.343576][ T27] ? do_raw_spin_unlock+0x137/0x8b0 [ 1743.348775][ T27] ? _raw_spin_unlock_irq+0x1f/0x40 [ 1743.354349][ T27] ? lockdep_hardirqs_on+0x94/0x130 [ 1743.359551][ T27] rcu_sync_enter+0x1f8/0x340 [ 1743.364610][ T27] ? rcu_sync_enter_start+0x70/0x70 [ 1743.370626][ T27] ? rcu_read_lock_any_held+0xb3/0x160 [ 1743.376503][ T27] ? rcu_read_lock_bh_held+0x110/0x110 [ 1743.384288][ T27] ? tty_buffer_flush+0x321/0x380 [ 1743.389363][ T27] percpu_down_write+0x5e/0x2d0 [ 1743.394609][ T27] ? percpu_up_read+0xdc/0x1b0 [ 1743.399380][ T27] ? hci_uart_flush+0x167/0x1a0 [ 1743.404594][ T27] hci_uart_tty_close+0x12d/0x280 [ 1743.409622][ T27] tty_ldisc_kill+0xa6/0x1a0 [ 1743.414628][ T27] tty_ldisc_release+0x19d/0x200 [ 1743.419570][ T27] tty_release_struct+0x27/0xd0 [ 1743.424811][ T27] tty_release+0xd53/0x1310 [ 1743.429325][ T27] ? tty_release_struct+0xd0/0xd0 [ 1743.434703][ T27] __fput+0x3fe/0x8e0 [ 1743.438683][ T27] ? _raw_spin_lock_irq+0xdb/0x110 [ 1743.444249][ T27] task_work_run+0x129/0x1a0 [ 1743.448859][ T27] exit_to_user_mode_loop+0x106/0x130 [ 1743.454608][ T27] exit_to_user_mode_prepare+0xb1/0x140 [ 1743.460159][ T27] syscall_exit_to_user_mode+0x5d/0x240 [ 1743.466099][ T27] do_syscall_64+0x47/0xb0 [ 1743.471392][ T27] ? clear_bhb_loop+0x15/0x70 [ 1743.479826][ T27] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1743.491550][ T27] RIP: 0033:0x7f4e3ab1c719 [ 1743.500331][ T27] RSP: 002b:00007ffce13d31f8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1743.515165][ T27] RAX: 0000000000000000 RBX: 00007f4e3acd5a80 RCX: 00007f4e3ab1c719 [ 1743.529370][ T27] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 1743.541043][ T27] RBP: 00007f4e3acd5a80 R08: 0000000000000006 R09: 00007ffce13d34ef [ 1743.556931][ T27] R10: 00000000003ff2f4 R11: 0000000000000246 R12: 000000000018459c [ 1743.568612][ T27] R13: 00007ffce13d3300 R14: 0000000000000032 R15: ffffffffffffffff [ 1743.578162][ T27] [ 1743.581317][ T27] INFO: task syz.0.4237:20820 blocked for more than 144 seconds. [ 1743.590024][ T27] Not tainted 5.15.170-syzkaller #0 [ 1743.596053][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1743.606060][ T27] task:syz.0.4237 state:D stack:25944 pid:20820 ppid: 15247 flags:0x00004002 [ 1743.615715][ T27] Call Trace: [ 1743.618998][ T27] [ 1743.622295][ T27] __schedule+0x12c4/0x45b0 [ 1743.626865][ T27] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 1743.633368][ T27] ? print_irqtrace_events+0x210/0x210 [ 1743.638928][ T27] ? do_raw_spin_unlock+0x137/0x8b0 [ 1743.644501][ T27] ? _raw_spin_unlock_irqrestore+0x8b/0x130 [ 1743.650412][ T27] ? release_firmware_map_entry+0x190/0x190 [ 1743.656705][ T27] ? __might_sleep+0xc0/0xc0 [ 1743.661307][ T27] ? prepare_to_wait_event+0x3aa/0x3e0 [ 1743.667174][ T27] schedule+0x11b/0x1f0 [ 1743.671337][ T27] synchronize_rcu_expedited+0x671/0x740 [ 1743.677976][ T27] ? synchronize_rcu+0x1a0/0x1a0 [ 1743.683188][ T27] ? register_lock_class+0x100/0x9a0 [ 1743.688481][ T27] ? init_wait_entry+0xd0/0xd0 [ 1743.693703][ T27] ? is_dynamic_key+0x1f0/0x1f0 [ 1743.698571][ T27] ? __lock_acquire+0x1295/0x1ff0 [ 1743.703953][ T27] ? mark_lock+0x98/0x340 [ 1743.708303][ T27] synchronize_rcu+0x107/0x1a0 [ 1743.714169][ T27] ? kvfree_call_rcu+0x8a0/0x8a0 [ 1743.719115][ T27] ? __local_bh_enable_ip+0x164/0x1f0 [ 1743.724881][ T27] ? lockdep_hardirqs_on+0x94/0x130 [ 1743.730087][ T27] ? __local_bh_enable_ip+0x164/0x1f0 [ 1743.735844][ T27] ? bcm_release+0x1e0/0x860 [ 1743.740440][ T27] ? _local_bh_enable+0xa0/0xa0 [ 1743.745685][ T27] ? do_raw_spin_unlock+0x137/0x8b0 [ 1743.750984][ T27] bcm_release+0x5f5/0x860 [ 1743.755799][ T27] sock_close+0xcd/0x230 [ 1743.760052][ T27] ? sock_mmap+0x90/0x90 [ 1743.764629][ T27] __fput+0x3fe/0x8e0 [ 1743.768628][ T27] task_work_run+0x129/0x1a0 [ 1743.773598][ T27] do_exit+0x6a3/0x2480 [ 1743.778847][ T27] ? put_task_struct+0x80/0x80 [ 1743.797708][ T27] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 1743.807466][ T27] do_group_exit+0x144/0x310 [ 1743.817999][ T27] ? lockdep_hardirqs_on+0x94/0x130 [ 1743.827581][ T27] get_signal+0xc66/0x14e0 [ 1743.838732][ T27] arch_do_signal_or_restart+0xc3/0x1890 [ 1743.848134][ T27] ? futex_exit_release+0x1e0/0x1e0 [ 1743.859455][ T27] ? read_lock_is_recursive+0x10/0x10 [ 1743.869579][ T27] ? get_sigframe_size+0x10/0x10 [ 1743.881610][ T27] ? __lock_acquire+0x1ff0/0x1ff0 [ 1743.890355][ T27] ? __sys_connect+0x179/0x410 [ 1743.901036][ T27] ? exit_to_user_mode_loop+0x39/0x130 [ 1743.910333][ T27] exit_to_user_mode_loop+0x97/0x130 [ 1743.921369][ T27] exit_to_user_mode_prepare+0xb1/0x140 [ 1743.930571][ T27] syscall_exit_to_user_mode+0x5d/0x240 [ 1743.942593][ T27] do_syscall_64+0x47/0xb0 [ 1743.947027][ T27] ? clear_bhb_loop+0x15/0x70 [ 1743.951697][ T27] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1743.967579][ T27] RIP: 0033:0x7f67f1b3a719 [ 1743.974548][ T27] RSP: 002b:00007f67effb20e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1743.991679][ T27] RAX: fffffffffffffe00 RBX: 00007f67f1cf1f88 RCX: 00007f67f1b3a719 [ 1744.002193][ T27] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f67f1cf1f88 [ 1744.010216][ T27] RBP: 00007f67f1cf1f80 R08: 0000000000000000 R09: 0000000000000000 [ 1744.026279][ T27] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f67f1cf1f8c [ 1744.039459][ T27] R13: 0000000000000000 R14: 00007ffc2ea90b70 R15: 00007ffc2ea90c58 [ 1744.052366][ T27] [ 1744.055465][ T27] INFO: task syz.3.4239:20826 blocked for more than 145 seconds. [ 1744.071869][ T27] Not tainted 5.15.170-syzkaller #0 [ 1744.078944][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1744.092445][ T27] task:syz.3.4239 state:D stack:27352 pid:20826 ppid: 16423 flags:0x00004004 [ 1744.101708][ T27] Call Trace: [ 1744.105534][ T27] [ 1744.108473][ T27] __schedule+0x12c4/0x45b0 [ 1744.113415][ T27] ? asm_sysvec_call_function_single+0x16/0x20 [ 1744.119579][ T27] ? lockdep_hardirqs_on+0x94/0x130 [ 1744.125136][ T27] ? asm_sysvec_call_function_single+0x16/0x20 [ 1744.131341][ T27] ? mark_lock+0x98/0x340 [ 1744.136061][ T27] ? _raw_spin_unlock_irqrestore+0xd4/0x130 [ 1744.142243][ T27] ? release_firmware_map_entry+0x190/0x190 [ 1744.148145][ T27] ? __might_sleep+0xc0/0xc0 [ 1744.153275][ T27] ? prepare_to_wait_event+0x3aa/0x3e0 [ 1744.158834][ T27] schedule+0x11b/0x1f0 [ 1744.163355][ T27] synchronize_rcu_expedited+0x671/0x740 [ 1744.168996][ T27] ? synchronize_rcu+0x1a0/0x1a0 [ 1744.175330][ T27] ? init_wait_entry+0xd0/0xd0 [ 1744.180117][ T27] ? smp_call_function_many_cond+0xb41/0xd90 [ 1744.187216][ T27] ? static_key_enable_cpuslocked+0x12e/0x250 [ 1744.199036][ T27] ? static_key_enable+0x16/0x20 [ 1744.207519][ T27] ? __lock_acquire+0x1ff0/0x1ff0 [ 1744.218358][ T27] ? text_poke_sync+0x20/0x20 [ 1744.226619][ T27] ? text_poke_sync+0x20/0x20 [ 1744.231312][ T27] ? on_each_cpu_cond_mask+0x5e/0x80 [ 1744.242170][ T27] synchronize_rcu+0x107/0x1a0 [ 1744.246952][ T27] ? kvfree_call_rcu+0x8a0/0x8a0 [ 1744.251892][ T27] ? rcu_read_lock_any_held+0xb3/0x160 [ 1744.257929][ T27] ? rcu_read_lock_bh_held+0x110/0x110 [ 1744.264420][ T27] ? __jump_label_update+0x371/0x3a0 [ 1744.269734][ T27] sched_core_get+0x76/0x1d0 [ 1744.274706][ T27] sched_core_alloc_cookie+0x71/0xa0 [ 1744.279998][ T27] sched_core_share_pid+0x30d/0x740 [ 1744.286293][ T27] ? cap_task_prctl+0xce/0xd20 [ 1744.291890][ T27] ? sched_core_free+0x70/0x70 [ 1744.297078][ T27] __se_sys_prctl+0x230/0x2ab0 [ 1744.301868][ T27] ? mark_lock+0x98/0x340 [ 1744.306660][ T27] ? mark_lock+0x98/0x340 [ 1744.310994][ T27] ? validate_chain+0x112/0x5930 [ 1744.316335][ T27] ? __lock_acquire+0x1295/0x1ff0 [ 1744.321374][ T27] ? __x64_sys_prctl+0xc0/0xc0 [ 1744.326528][ T27] ? reacquire_held_locks+0x660/0x660 [ 1744.331917][ T27] ? local_lock_release+0x96/0x170 [ 1744.337464][ T27] ? handle_mm_fault+0x4bd8/0x5960 [ 1744.342908][ T27] ? __lock_acquire+0x1ff0/0x1ff0 [ 1744.347939][ T27] ? __mod_lruvec_page_state+0x218/0x340 [ 1744.353992][ T27] ? do_raw_spin_unlock+0x137/0x8b0 [ 1744.359203][ T27] ? mark_lock+0x98/0x340 [ 1744.363937][ T27] ? __lock_acquire+0x1295/0x1ff0 [ 1744.369083][ T27] ? __context_tracking_enter+0x5f/0x90 [ 1744.375180][ T27] ? __context_tracking_exit+0x4c/0x80 [ 1744.380649][ T27] ? __lock_acquire+0x1ff0/0x1ff0 [ 1744.386110][ T27] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 1744.393579][ T27] ? print_irqtrace_events+0x210/0x210 [ 1744.399055][ T27] ? vtime_user_exit+0x2d1/0x400 [ 1744.404464][ T27] ? syscall_enter_from_user_mode+0x2e/0x240 [ 1744.410454][ T27] ? lockdep_hardirqs_on+0x94/0x130 [ 1744.416002][ T27] ? __x64_sys_prctl+0x1c/0xc0 [ 1744.420859][ T27] do_syscall_64+0x3b/0xb0 [ 1744.425742][ T27] ? clear_bhb_loop+0x15/0x70 [ 1744.430426][ T27] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1744.436739][ T27] RIP: 0033:0x7fbc70aa7719 [ 1744.441159][ T27] RSP: 002b:00007fbc6eefe038 EFLAGS: 00000246 ORIG_RAX: 000000000000009d [ 1744.449991][ T27] RAX: ffffffffffffffda RBX: 00007fbc70c5f058 RCX: 00007fbc70aa7719 [ 1744.458347][ T27] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000003e [ 1744.466758][ T27] RBP: 00007fbc70b1a39e R08: 0000000000000000 R09: 0000000000000000 [ 1744.474985][ T27] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 1744.483410][ T27] R13: 0000000000000001 R14: 00007fbc70c5f058 R15: 00007ffccedc1f38 [ 1744.491404][ T27] [ 1744.497949][ T27] [ 1744.497949][ T27] Showing all locks held in the system: [ 1744.510259][ T27] 1 lock held by khungtaskd/27: [ 1744.521459][ T27] #0: ffffffff8c91fc60 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 [ 1744.534686][ T27] 2 locks held by getty/3934: [ 1744.539371][ T27] #0: ffff88814cae8098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 [ 1744.555503][ T27] #1: ffffc90002cbe2e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6af/0x1db0 [ 1744.571462][ T27] 3 locks held by kworker/1:6/4204: [ 1744.580227][ T27] #0: ffff888017070938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 1744.599526][ T27] #1: ffffc900034c7d20 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 1744.614510][ T27] #2: ffffffff8c924228 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x350/0x740 [ 1744.631917][ T27] 4 locks held by kworker/0:6/4247: [ 1744.640755][ T27] 3 locks held by kworker/u4:18/12458: [ 1744.652063][ T27] #0: ffff888017079138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 1744.663698][ T27] #1: ffffc90003227d20 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 1744.674392][ T27] #2: ffffffff8da32208 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xa/0x50 [ 1744.683696][ T27] 3 locks held by kworker/1:5/15708: [ 1744.688992][ T27] #0: ffff88802b3ab138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 1744.701265][ T27] #1: ffffc90002fe7d20 ((addr_chk_work).work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 1744.720849][ T27] #2: ffffffff8da32208 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xa/0x20 [ 1744.730956][ T27] 1 lock held by syz.5.4233/20802: [ 1744.745902][ T27] #0: ffffffff8c924228 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x280/0x740 [ 1744.763449][ T27] 3 locks held by syz.4.4235/20811: [ 1744.768658][ T27] #0: ffff88807ce60098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_release+0x58/0x200 [ 1744.785447][ T27] #1: ffff88807ce62098 (&tty->ldisc_sem/1){+.+.}-{0:0}, at: tty_ldisc_release+0x7c/0x200 [ 1744.801331][ T27] #2: ffff888024f76190 (&hu->proto_lock){++++}-{0:0}, at: hci_uart_tty_close+0x12d/0x280 [ 1744.815969][ T27] 2 locks held by syz.0.4237/20820: [ 1744.821233][ T27] #0: ffff888062fd2010 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: sock_close+0x98/0x230 [ 1744.841316][ T27] #1: ffff88802b69c120 (sk_lock-AF_CAN){+.+.}-{0:0}, at: bcm_release+0x1e0/0x860 [ 1744.855678][ T27] 1 lock held by syz.3.4239/20826: [ 1744.860815][ T27] #0: ffffffff8c7df828 (sched_core_mutex){+.+.}-{3:3}, at: sched_core_get+0x47/0x1d0 [ 1744.875843][ T27] 1 lock held by syz-executor/20829: [ 1744.881162][ T27] #0: ffffffff8da32208 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 1744.896455][ T27] 1 lock held by syz-executor/20835: [ 1744.901750][ T27] #0: ffffffff8da32208 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 1744.917236][ T27] 1 lock held by syz-executor/20838: [ 1744.928395][ T27] #0: ffffffff8da32208 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 1744.941404][ T27] 1 lock held by syz-executor/20841: [ 1744.952577][ T27] #0: ffffffff8da32208 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 1744.970217][ T27] 1 lock held by syz-executor/20844: [ 1744.976899][ T27] #0: ffffffff8da32208 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 1744.995737][ T27] 1 lock held by dhcpcd/20846: [ 1745.001105][ T27] #0: ffff888069978120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd50 [ 1745.018014][ T27] 1 lock held by dhcpcd/20847: [ 1745.026415][ T27] #0: ffff88807c844120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd50 [ 1745.041803][ T27] 1 lock held by dhcpcd/20848: [ 1745.050153][ T27] #0: ffff888025538120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd50 [ 1745.066241][ T27] 1 lock held by dhcpcd/20849: [ 1745.071019][ T27] #0: ffff88807eed6120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd50 [ 1745.085961][ T27] 1 lock held by dhcpcd/20850: [ 1745.090736][ T27] #0: ffff88802c12e120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd50 [ 1745.105189][ T27] 1 lock held by dhcpcd/20851: [ 1745.111008][ T27] #0: ffff888079d6a120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd50 [ 1745.121742][ T27] 1 lock held by dhcpcd/20852: [ 1745.127283][ T27] #0: ffff8880699b8120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd50 [ 1745.137286][ T27] 1 lock held by dhcpcd/20853: [ 1745.142746][ T27] #0: ffff8880623d2120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd50 [ 1745.152657][ T27] 1 lock held by dhcpcd/20854: [ 1745.157416][ T27] #0: ffff888057de2120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd50 [ 1745.167376][ T27] 1 lock held by syz-executor/20856: [ 1745.173397][ T27] #0: ffffffff8da32208 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 1745.183242][ T27] 1 lock held by syz-executor/20860: [ 1745.188520][ T27] #0: ffffffff8da32208 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 1745.198421][ T27] 1 lock held by syz-executor/20863: [ 1745.203947][ T27] #0: ffffffff8da32208 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 1745.214251][ T27] 1 lock held by syz-executor/20866: [ 1745.219536][ T27] #0: ffffffff8da32208 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 1745.230055][ T27] 1 lock held by syz-executor/20869: [ 1745.235642][ T27] #0: ffffffff8da32208 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 1745.245338][ T27] 1 lock held by syz-executor/20872: [ 1745.250646][ T27] #0: ffffffff8da32208 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 1745.260534][ T27] 1 lock held by syz-executor/20877: [ 1745.266061][ T27] #0: ffffffff8da32208 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 1745.275786][ T27] 1 lock held by syz-executor/20880: [ 1745.281063][ T27] #0: ffffffff8da32208 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 1745.291862][ T27] 1 lock held by syz-executor/20883: [ 1745.297675][ T27] #0: ffffffff8da32208 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 1745.307405][ T27] 1 lock held by syz-executor/20886: [ 1745.313625][ T27] #0: ffffffff8da32208 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 1745.323497][ T27] [ 1745.325819][ T27] ============================================= [ 1745.325819][ T27] [ 1745.335515][ T27] NMI backtrace for cpu 1 [ 1745.339843][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.15.170-syzkaller #0 [ 1745.347813][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1745.357861][ T27] Call Trace: [ 1745.361135][ T27] [ 1745.364058][ T27] dump_stack_lvl+0x1e3/0x2d0 [ 1745.368737][ T27] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 1745.374367][ T27] ? panic+0x860/0x860 [ 1745.378438][ T27] ? nmi_cpu_backtrace+0x23b/0x4a0 [ 1745.383564][ T27] nmi_cpu_backtrace+0x46a/0x4a0 [ 1745.388495][ T27] ? __wake_up_klogd+0xd5/0x100 [ 1745.393340][ T27] ? nmi_trigger_cpumask_backtrace+0x2a0/0x2a0 [ 1745.399491][ T27] ? _printk+0xd1/0x120 [ 1745.403639][ T27] ? panic+0x860/0x860 [ 1745.407697][ T27] ? __wake_up_klogd+0xcc/0x100 [ 1745.412549][ T27] ? panic+0x860/0x860 [ 1745.416617][ T27] ? __rcu_read_unlock+0x92/0x100 [ 1745.421637][ T27] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 1745.427702][ T27] nmi_trigger_cpumask_backtrace+0x181/0x2a0 [ 1745.433767][ T27] watchdog+0xe72/0xeb0 [ 1745.437924][ T27] kthread+0x3f6/0x4f0 [ 1745.441985][ T27] ? hungtask_pm_notify+0x50/0x50 [ 1745.447000][ T27] ? kthread_blkcg+0xd0/0xd0 [ 1745.451584][ T27] ret_from_fork+0x1f/0x30 [ 1745.456006][ T27] [ 1745.459651][ T27] Sending NMI from CPU 1 to CPUs 0: [ 1745.465112][ C0] NMI backtrace for cpu 0 [ 1745.465121][ C0] CPU: 0 PID: 4330 Comm: kworker/u4:8 Not tainted 5.15.170-syzkaller #0 [ 1745.465137][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1745.465146][ C0] Workqueue: 0x0 (phy19) [ 1745.465166][ C0] RIP: 0010:debug_object_deactivate+0x107/0x380 [ 1745.465184][ C0] Code: 41 bc 05 00 00 00 44 3b 2d a6 b1 db 09 7e 07 44 89 2d 9d b1 db 09 48 8b 7c 24 18 48 8b 74 24 10 4c 8b 7c 24 08 e9 d0 00 00 00 <48> 8d 7d 10 49 89 fd 49 c1 ed 03 43 0f b6 44 35 00 84 c0 0f 85 ad [ 1745.465196][ C0] RSP: 0018:ffffc9000306fc08 EFLAGS: 00000046 [ 1745.465208][ C0] RAX: 1ffff1100eccc20e RBX: ffff88805a1c57c0 RCX: 0000000000000001 [ 1745.465218][ C0] RDX: dffffc0000000000 RSI: 0000000000000004 RDI: ffffc9000306fae0 [ 1745.465229][ C0] RBP: ffff8880682dae38 R08: dffffc0000000000 R09: 0000000000000003 [ 1745.465239][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: 1ffff1100d05b5ca [ 1745.465249][ C0] R13: 0000000000000011 R14: dffffc0000000000 R15: ffff8880682dae50 [ 1745.465259][ C0] FS: 0000000000000000(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000 [ 1745.465272][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1745.465288][ C0] CR2: 000055bb375e9088 CR3: 000000007ae88000 CR4: 00000000003506f0 [ 1745.465301][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1745.465309][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1745.465318][ C0] Call Trace: [ 1745.465323][ C0] [ 1745.465327][ C0] ? nmi_cpu_backtrace+0x39f/0x4a0 [ 1745.465344][ C0] ? read_lock_is_recursive+0x10/0x10 [ 1745.465360][ C0] ? nmi_trigger_cpumask_backtrace+0x2a0/0x2a0 [ 1745.465376][ C0] ? unknown_nmi_error+0xd0/0xd0 [ 1745.465398][ C0] ? nmi_cpu_backtrace_handler+0x8/0x10 [ 1745.465413][ C0] ? nmi_handle+0xf7/0x370 [ 1745.465429][ C0] ? debug_object_deactivate+0x107/0x380 [ 1745.465442][ C0] ? default_do_nmi+0x62/0x150 [ 1745.465459][ C0] ? exc_nmi+0xa8/0x100 [ 1745.465472][ C0] ? end_repeat_nmi+0x16/0x31 [ 1745.465490][ C0] ? debug_object_deactivate+0x107/0x380 [ 1745.465504][ C0] ? debug_object_deactivate+0x107/0x380 [ 1745.465519][ C0] ? debug_object_deactivate+0x107/0x380 [ 1745.465533][ C0] [ 1745.465537][ C0] [ 1745.465544][ C0] process_one_work+0x33d/0x10c0 [ 1745.465568][ C0] ? worker_detach_from_pool+0x260/0x260 [ 1745.465585][ C0] ? _raw_spin_lock_irqsave+0x120/0x120 [ 1745.465602][ C0] ? kthread_data+0x4e/0xc0 [ 1745.465616][ C0] ? wq_worker_running+0x97/0x170 [ 1745.465631][ C0] worker_thread+0xaca/0x1280 [ 1745.465656][ C0] kthread+0x3f6/0x4f0 [ 1745.465669][ C0] ? rcu_lock_release+0x20/0x20 [ 1745.465683][ C0] ? kthread_blkcg+0xd0/0xd0 [ 1745.465697][ C0] ret_from_fork+0x1f/0x30 [ 1745.465719][ C0] [ 1745.743528][ T27] Kernel panic - not syncing: hung_task: blocked tasks [ 1745.750386][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.15.170-syzkaller #0 [ 1745.758367][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1745.768504][ T27] Call Trace: [ 1745.771778][ T27] [ 1745.774715][ T27] dump_stack_lvl+0x1e3/0x2d0 [ 1745.779395][ T27] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 1745.785107][ T27] ? panic+0x860/0x860 [ 1745.789183][ T27] panic+0x318/0x860 [ 1745.793072][ T27] ? schedule_preempt_disabled+0x20/0x20 [ 1745.798696][ T27] ? nmi_trigger_cpumask_backtrace+0x221/0x2a0 [ 1745.804849][ T27] ? fb_is_primary_device+0xd0/0xd0 [ 1745.810046][ T27] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 1745.816107][ T27] ? nmi_trigger_cpumask_backtrace+0x221/0x2a0 [ 1745.822253][ T27] ? nmi_trigger_cpumask_backtrace+0x281/0x2a0 [ 1745.828408][ T27] ? nmi_trigger_cpumask_backtrace+0x286/0x2a0 [ 1745.834596][ T27] watchdog+0xeb0/0xeb0 [ 1745.838760][ T27] kthread+0x3f6/0x4f0 [ 1745.842821][ T27] ? hungtask_pm_notify+0x50/0x50 [ 1745.847845][ T27] ? kthread_blkcg+0xd0/0xd0 [ 1745.852428][ T27] ret_from_fork+0x1f/0x30 [ 1745.856850][ T27] [ 1745.860050][ T27] Kernel Offset: disabled [ 1745.864360][ T27] Rebooting in 86400 seconds..