last executing test programs: 7.858712452s ago: executing program 0 (id=2839): r0 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007e3dc410cd0621013ddd0102030109021b000100094000090485000189fe1f000905820220"], 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, &(0x7f0000002800)) syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000300)={0x14, 0x0, &(0x7f00000002c0)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 6.122594172s ago: executing program 4 (id=2851): r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x20000008, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000400)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_HARDIF(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES32, @ANYRES32=r2], 0x34}}, 0x0) ioctl$HIDIOCGUSAGES(0xffffffffffffffff, 0xd01c4813, &(0x7f00000006c0)={{0x2, 0x3, 0x54, 0x1, 0x4, 0x9}, 0x3eb, [0x80000000, 0x7ff, 0x5, 0x9, 0x4, 0x2b1, 0x2, 0xc, 0x101, 0x80000001, 0x3, 0x5, 0x7, 0x1, 0x4a70b2dc, 0x1000, 0x3e0, 0xe787, 0x40, 0x5, 0x1bc, 0x10000, 0xff, 0x3, 0xa, 0x3, 0x49c, 0x1, 0x10001, 0x200, 0x3, 0x6, 0x2, 0x900000, 0x0, 0x10, 0x0, 0x5, 0x6, 0x1, 0x7c, 0xcc1, 0x7, 0x1, 0x8, 0x4, 0x7, 0x5, 0xaa78, 0x3c4, 0x6dc0, 0x8, 0xef31, 0x2, 0x10001, 0x1, 0x1, 0x0, 0x81, 0x4, 0x3, 0x3, 0x9, 0x7, 0xff, 0x9, 0x40, 0x2, 0x4, 0x5, 0x7ff, 0xa24, 0xff, 0x4, 0xf, 0x2, 0x0, 0x4, 0x1, 0x6, 0x10001, 0x9, 0x57, 0xd1, 0x4, 0x6, 0x4, 0x59bb6727, 0x1, 0x200, 0xd, 0x3, 0x6, 0x2, 0x6, 0x4, 0xcae3, 0x7f2e8000, 0x6, 0x81, 0x5, 0x8, 0x9, 0x4, 0x5, 0x852, 0x8001, 0x3, 0x9, 0x4, 0x3, 0x3, 0x8, 0x80000001, 0x9, 0x8, 0xc832, 0x8, 0x2, 0xd, 0xfffffff0, 0x6, 0xfffffffe, 0x68, 0x3, 0x7f, 0x8, 0x81, 0x6, 0x5, 0x2, 0x0, 0xef92, 0x0, 0xffff0000, 0x349175d9, 0x7d0, 0x4, 0x2, 0x3, 0x8001, 0x3, 0x4, 0x8d7, 0x89c, 0xd1, 0x5, 0x0, 0xfffffffa, 0x5, 0x3, 0x5, 0x6, 0x3, 0x7, 0x9, 0x80000000, 0x0, 0x2, 0x7b8, 0xc1, 0x5, 0x8, 0x2, 0x82, 0x1, 0x7f, 0x9, 0x6, 0x3, 0xd, 0x3, 0x8000, 0x20000, 0x2, 0xca09, 0x5, 0x40, 0xe84, 0x1, 0x1, 0xb, 0x2, 0xfff, 0x400, 0xfffffff7, 0x5, 0x4, 0x5, 0x5, 0x7ff, 0x1, 0x0, 0x20, 0xfffffff8, 0x5, 0xffff7bf9, 0x10000, 0x40, 0x4, 0x9, 0x43, 0x3, 0x6, 0x7, 0x7, 0xfffffffe, 0xffffffff, 0x3, 0x0, 0x9, 0x5, 0x2, 0x9, 0x5, 0x8, 0x0, 0x8, 0x6c, 0x8000, 0x2e, 0x2, 0x52, 0x8, 0x10000, 0x1000, 0x8, 0x25, 0x9, 0x4, 0x5, 0xffff1bb8, 0xfffffffd, 0x5, 0x1000, 0x521aef36, 0x5, 0x0, 0x45ea1f35, 0xb, 0x636, 0x800, 0x4, 0x5, 0x8, 0x9, 0x2, 0x5, 0xfffe, 0x0, 0x55ed, 0x80, 0xae800000, 0x3, 0xba1, 0x101, 0x5, 0x6, 0x66d, 0x1, 0x9, 0x5ca0, 0x0, 0xfff, 0x5, 0x2, 0x8, 0x79283876, 0x1, 0x6, 0x4, 0x5, 0xc22, 0xfffffff7, 0x80, 0xff, 0x4000, 0x8, 0x3, 0x7fffffff, 0x8, 0x1, 0xd3, 0x8, 0xc99b, 0x80000001, 0x7, 0x10001, 0x6, 0x8, 0x3b5, 0x1000, 0x0, 0x9dd, 0x1, 0x7, 0xe, 0x4, 0x7, 0xffff9b3f, 0x1, 0xffff, 0x7fffffff, 0x7, 0x7, 0x1e1, 0x5, 0x8, 0x3, 0x10001, 0x5, 0x800, 0x0, 0x28e88f9b, 0xb36, 0xd, 0x80000000, 0xa, 0x1, 0x6, 0x9, 0x4, 0x80000001, 0x3, 0xe, 0xfdb7, 0x9, 0x200, 0x8, 0x10, 0xfffffff4, 0x8, 0x5, 0x0, 0x2, 0x401, 0x9, 0x1, 0xfffffffc, 0x2b3a, 0x8383, 0x5387, 0x6, 0x6, 0x6, 0x5, 0x1, 0x2, 0x1, 0x1, 0x1, 0x8001, 0x80000000, 0x4, 0x6, 0x8000, 0x101, 0x5, 0x7, 0x6, 0x8, 0x5, 0x7fffffff, 0x5, 0xfff, 0x3, 0x9, 0x9, 0x7, 0x101, 0x4, 0x2, 0x0, 0x4, 0x8, 0x7, 0x6, 0x9, 0x1, 0xfffffffd, 0x7, 0x18000000, 0x7, 0x7, 0x7, 0x10001, 0x9, 0x9, 0x6c, 0x7, 0x10000, 0x4, 0x74, 0xea, 0x2, 0xffffff42, 0x51, 0x5, 0xf, 0x6, 0x0, 0xf15, 0x5cf, 0x10001, 0x8, 0x6ae, 0xc62, 0x10, 0x75aca70, 0x5a, 0x9, 0xd, 0x101, 0xf, 0x16b37584, 0x80000, 0xcb, 0x3, 0x1, 0x11, 0x6, 0x0, 0xd, 0x101, 0xd, 0x0, 0x40, 0x2, 0x0, 0x3a, 0x4, 0xd0, 0x2, 0x9, 0x6, 0x1c2, 0x3, 0x10001, 0x6, 0x3, 0x9, 0x1, 0x0, 0x1, 0x4, 0x6034, 0x10001, 0xb7, 0x3fa, 0x8, 0x6, 0x10, 0x7d, 0x6, 0x7fff, 0x7fffffff, 0x1, 0x1, 0x4, 0x4b3, 0xea, 0x5, 0x40, 0x5, 0xfffffff9, 0x1, 0x3, 0x7, 0x3c, 0x8000, 0x3, 0x3, 0x3, 0x3, 0x1, 0x5, 0x2e, 0x6, 0x4, 0x0, 0x7, 0x1, 0x7, 0x1, 0xffff, 0xf, 0x8001, 0x7, 0x5f37, 0xcd, 0x2, 0x4, 0x2, 0xfffffff8, 0x5, 0x1, 0x6, 0x4, 0x2, 0xf, 0x7, 0x5, 0x667b6536, 0x1, 0x9, 0xc1, 0x2, 0x7, 0x7f77, 0x3, 0x2, 0x9, 0x2, 0x4, 0x9f6, 0xd, 0x3, 0xfff, 0x5, 0x10000, 0x5, 0x8f, 0x3, 0x8, 0x80000000, 0x666, 0x401, 0x41, 0xfffffff9, 0x6, 0xd, 0x400, 0x8, 0xd4, 0x3f681b61, 0x1, 0x641d, 0x838, 0x1, 0x1, 0x4, 0x1, 0x5ef, 0x0, 0x8, 0xd, 0x200, 0xad1, 0x0, 0xffff, 0x8, 0x8cc0, 0x0, 0x4, 0x7, 0x1, 0xf9e, 0x40, 0x8, 0x8, 0x0, 0x5c42, 0xa86c, 0x9, 0x2, 0x0, 0x2, 0x4, 0x2, 0x6, 0xbb, 0x7, 0x2, 0x4, 0xfffffffe, 0x84e, 0x5, 0x0, 0x8, 0x40, 0x3, 0xee, 0x3, 0x200, 0x80000000, 0x3, 0x8000, 0x947, 0xb, 0x3ff, 0x2, 0xffffffff, 0x7, 0xffff, 0x1, 0x14, 0x1, 0x80, 0x0, 0x7, 0xbb34, 0xffffffff, 0x2, 0xffff, 0xb, 0x10001, 0x8, 0x5, 0x19f, 0x8, 0x7, 0x2, 0x61, 0x2, 0x1000, 0x5, 0x0, 0x39, 0x4f8435bc, 0x40, 0x1, 0x8000, 0xff, 0x6, 0x81, 0x3, 0x8000, 0x6, 0x3, 0x6, 0x10000, 0x3, 0x80000001, 0x5, 0x6, 0x6755, 0xffff, 0x1, 0x80000001, 0x40, 0xc, 0x0, 0x0, 0xb0, 0x7, 0x5, 0x8, 0x2, 0x4, 0x2, 0x7, 0xfffffffd, 0x0, 0x5783d24c, 0x1000, 0xb, 0xe92f, 0x10, 0xc0000000, 0x80000001, 0x81, 0xf, 0x3f, 0x3, 0xd02, 0x3, 0x3, 0x2, 0x8, 0x5, 0x7, 0x4, 0x8, 0x16b1, 0x1, 0x9, 0x2, 0xa17, 0x1, 0xd, 0x1ff, 0x9, 0x10, 0x1000, 0x8, 0x10001, 0x2, 0x9, 0xd12d, 0xb, 0x80000000, 0x10, 0x7, 0x7, 0x5, 0x0, 0x4, 0x10000, 0x2, 0x6, 0x2, 0x1, 0x5, 0x2, 0xfffffffd, 0x800, 0xc30, 0x6, 0x1, 0x401, 0x7, 0x4, 0x2, 0x1, 0x14bb21e8, 0x6, 0x7, 0x9, 0x2, 0x6, 0x0, 0x7, 0x9, 0x10000, 0x7, 0x9, 0xc3, 0x9, 0x33, 0x7, 0x2, 0x8, 0xfffffdc7, 0x10001, 0x1000, 0x1, 0x8, 0x3, 0x0, 0x0, 0x200, 0x80000000, 0x8, 0x80000001, 0x6, 0x0, 0x10000, 0x4, 0xd2ae, 0x8001, 0x7f, 0x3, 0x9, 0xfffffff8, 0xecc, 0xf7b7, 0x0, 0x2, 0x8, 0x8, 0x39, 0x4745b028, 0xb1, 0xffc, 0x6, 0x7ff, 0x7088, 0x5, 0x5, 0x9, 0x9dd, 0x8, 0xffff6c24, 0x6, 0x3, 0x40, 0x1, 0x2, 0x2, 0x80000001, 0x4, 0x3ff00000, 0x5, 0xb, 0x1ff, 0x34, 0x6, 0x8710, 0x10001, 0x8, 0x9, 0x8, 0xb, 0x9, 0x5, 0x7ff, 0x1000, 0xb, 0x7, 0x9, 0x0, 0x7, 0x9, 0x5, 0x5, 0x0, 0x0, 0x7, 0x6, 0x4, 0x8, 0x89df, 0x6, 0x8, 0x32, 0x8, 0x5, 0x8, 0x4, 0x40, 0x4, 0x80, 0x8, 0x0, 0x6, 0x0, 0xdef, 0x5, 0x312, 0x3, 0x2, 0x200000, 0x8, 0x7, 0x7f, 0xb4, 0x0, 0x219, 0x4, 0x5, 0x5, 0x10000, 0x3152aec6, 0x3, 0x1, 0x1ff, 0xfffffff8, 0x5a, 0x401, 0x101, 0x72, 0x5, 0x7, 0x9, 0x8000, 0xc, 0x1, 0x7, 0x5, 0x5, 0x1ff, 0x0, 0x46e1e3bd, 0x0, 0xfff, 0xfffffffb, 0x8, 0x8, 0x2, 0x4, 0x1, 0xfffffffb, 0x448bf557, 0x6, 0x7, 0x98f1, 0x8, 0x361, 0x7, 0x12, 0x8001, 0xf2, 0x2, 0x6, 0x7, 0x3, 0x6c4, 0xe181, 0x200001, 0x1, 0x4, 0x10001, 0x400, 0xff, 0xae90, 0x8, 0x10000, 0x1, 0x40, 0x9, 0x8, 0x1000, 0x40, 0xd, 0xcf3, 0x2, 0xbf8, 0x0, 0x8, 0x9, 0x800, 0x9, 0x54, 0xb, 0xa49, 0x3f, 0xfffffff7, 0x4, 0x12c70, 0xcb4, 0x4, 0x4, 0x5, 0x0, 0xffff, 0x601, 0x7, 0x7, 0x4, 0xfffffffa, 0x0, 0x7, 0x0, 0xff00, 0x7, 0xffffff80, 0x6, 0x1ff, 0x10, 0xe, 0x7fffffff, 0x8a, 0xf, 0x9, 0x5, 0x2, 0x401, 0x4, 0x2, 0xc3, 0x0, 0x6, 0x4, 0x1, 0xe62, 0x1, 0x6, 0xfffffffb, 0xb, 0x6, 0x1, 0xc, 0x8000, 0xfc, 0x8, 0x0, 0x0, 0x5, 0x5, 0x400, 0xa, 0x6, 0x6, 0x80000001, 0x10, 0x18000, 0x400, 0x80000000, 0xb51, 0x3, 0x3, 0x8, 0x3, 0xfffffff7, 0x40, 0x9b59, 0x4, 0xffffffff, 0x8000, 0x3, 0x8, 0x3, 0x7, 0x1, 0x6, 0x8, 0x14e6, 0x7, 0x80, 0x9, 0x3, 0xfffffffd, 0xe, 0x4, 0x9, 0x3, 0x5, 0x9937, 0x1000, 0x7, 0x0, 0xfffffffc, 0x3, 0x1, 0x81, 0x79e74c8e, 0x8, 0xf, 0x53e, 0x5, 0x80000001, 0x5, 0x0, 0x9]}) r3 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) write$char_usb(r3, &(0x7f0000000040)="e2", 0x2250) 5.991617214s ago: executing program 4 (id=2854): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/uevent_seqnum', 0x100, 0x24) write$P9_RWALK(r0, &(0x7f0000000000)=ANY=[], 0x9) syz_open_dev$midi(&(0x7f00000001c0), 0x2, 0x2) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f0000000500), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102376, 0x18fe8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)=ANY=[@ANYBLOB="540100001800010000000000000000001d0100001500030000"], 0x154}}, 0x0) setsockopt$SO_J1939_FILTER(r2, 0x6b, 0x1, &(0x7f00000003c0)=[{0x0, 0x1, {0x1, 0x1}, {0x1, 0xf0, 0x1}, 0xfe, 0xfe}, {0x0, 0x1, {0x2, 0xf0, 0x1}, {0x1, 0xff}, 0xff, 0x1}, {0x2, 0x1, {0x1, 0xf0, 0x4}, {0x0, 0x1, 0x5}, 0xff, 0xff}, {0x2, 0x0, {0x1, 0xff, 0x2}, {0x1, 0xf0, 0x3}, 0xff, 0x1}, {0x3, 0x0, {0x1, 0x0, 0x2}, {0x0, 0x1, 0x3}, 0xff, 0x1}], 0xa0) signalfd4(0xffffffffffffffff, &(0x7f0000000240), 0x8, 0x0) syz_io_uring_setup(0x7933, &(0x7f0000000100)={0x0, 0x1, 0x8, 0x1, 0xffffffff, 0x0, r0}, 0x0, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r5 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x5, @mcast1, 0x9}, 0x1c) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r7, &(0x7f0000000200), 0xfffffecc) r8 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r8, &(0x7f0000000040), 0x208e24b) r9 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) sendfile(r9, r8, 0x0, 0xffefffff) splice(r6, 0x0, r5, 0x0, 0x8001, 0x0) r10 = fsopen(&(0x7f00000004c0)='gadgetfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r10, 0x6, 0x0, 0x0, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) 5.452124851s ago: executing program 0 (id=2857): bind$netlink(0xffffffffffffffff, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000401c1b3e1b00000000000109026a00010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0) syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x4000) 4.970554014s ago: executing program 2 (id=2859): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="300000003b0007010000000000000000047c0000040000000c00018006000600800a00000c00028005"], 0x30}}, 0xc000) 4.754287415s ago: executing program 2 (id=2861): bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) getpid() socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095000000000000002f4486b46aa96d075d4dc0a17c8cd2340621637d9de7505ee6805c52b195"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x13, 0x4, 0x4, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @remote}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r4, 0x8923, &(0x7f0000000000)={'vlan0\x00', @local}) 4.191423072s ago: executing program 4 (id=2864): r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x20000008, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000400)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_HARDIF(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES32, @ANYRES32=r2], 0x34}}, 0x0) ioctl$HIDIOCGUSAGES(0xffffffffffffffff, 0xd01c4813, &(0x7f00000006c0)={{0x2, 0x3, 0x54, 0x1, 0x4, 0x9}, 0x3eb, [0x80000000, 0x7ff, 0x5, 0x9, 0x4, 0x2b1, 0x2, 0xc, 0x101, 0x80000001, 0x3, 0x5, 0x7, 0x1, 0x4a70b2dc, 0x1000, 0x3e0, 0xe787, 0x40, 0x5, 0x1bc, 0x10000, 0xff, 0x3, 0xa, 0x3, 0x49c, 0x1, 0x10001, 0x200, 0x3, 0x6, 0x2, 0x900000, 0x0, 0x10, 0x0, 0x5, 0x6, 0x1, 0x7c, 0xcc1, 0x7, 0x1, 0x8, 0x4, 0x7, 0x5, 0xaa78, 0x3c4, 0x6dc0, 0x8, 0xef31, 0x2, 0x10001, 0x1, 0x1, 0x0, 0x81, 0x4, 0x3, 0x3, 0x9, 0x7, 0xff, 0x9, 0x40, 0x2, 0x4, 0x5, 0x7ff, 0xa24, 0xff, 0x4, 0xf, 0x2, 0x0, 0x4, 0x1, 0x6, 0x10001, 0x9, 0x57, 0xd1, 0x4, 0x6, 0x4, 0x59bb6727, 0x1, 0x200, 0xd, 0x3, 0x6, 0x2, 0x6, 0x4, 0xcae3, 0x7f2e8000, 0x6, 0x81, 0x5, 0x8, 0x9, 0x4, 0x5, 0x852, 0x8001, 0x3, 0x9, 0x4, 0x3, 0x3, 0x8, 0x80000001, 0x9, 0x8, 0xc832, 0x8, 0x2, 0xd, 0xfffffff0, 0x6, 0xfffffffe, 0x68, 0x3, 0x7f, 0x8, 0x81, 0x6, 0x5, 0x2, 0x0, 0xef92, 0x0, 0xffff0000, 0x349175d9, 0x7d0, 0x4, 0x2, 0x3, 0x8001, 0x3, 0x4, 0x8d7, 0x89c, 0xd1, 0x5, 0x0, 0xfffffffa, 0x5, 0x3, 0x5, 0x6, 0x3, 0x7, 0x9, 0x80000000, 0x0, 0x2, 0x7b8, 0xc1, 0x5, 0x8, 0x2, 0x82, 0x1, 0x7f, 0x9, 0x6, 0x3, 0xd, 0x3, 0x8000, 0x20000, 0x2, 0xca09, 0x5, 0x40, 0xe84, 0x1, 0x1, 0xb, 0x2, 0xfff, 0x400, 0xfffffff7, 0x5, 0x4, 0x5, 0x5, 0x7ff, 0x1, 0x0, 0x20, 0xfffffff8, 0x5, 0xffff7bf9, 0x10000, 0x40, 0x4, 0x9, 0x43, 0x3, 0x6, 0x7, 0x7, 0xfffffffe, 0xffffffff, 0x3, 0x0, 0x9, 0x5, 0x2, 0x9, 0x5, 0x8, 0x0, 0x8, 0x6c, 0x8000, 0x2e, 0x2, 0x52, 0x8, 0x10000, 0x1000, 0x8, 0x25, 0x9, 0x4, 0x5, 0xffff1bb8, 0xfffffffd, 0x5, 0x1000, 0x521aef36, 0x5, 0x0, 0x45ea1f35, 0xb, 0x636, 0x800, 0x4, 0x5, 0x8, 0x9, 0x2, 0x5, 0xfffe, 0x0, 0x55ed, 0x80, 0xae800000, 0x3, 0xba1, 0x101, 0x5, 0x6, 0x66d, 0x1, 0x9, 0x5ca0, 0x0, 0xfff, 0x5, 0x2, 0x8, 0x79283876, 0x1, 0x6, 0x4, 0x5, 0xc22, 0xfffffff7, 0x80, 0xff, 0x4000, 0x8, 0x3, 0x7fffffff, 0x8, 0x1, 0xd3, 0x8, 0xc99b, 0x80000001, 0x7, 0x10001, 0x6, 0x8, 0x3b5, 0x1000, 0x0, 0x9dd, 0x1, 0x7, 0xe, 0x4, 0x7, 0xffff9b3f, 0x1, 0xffff, 0x7fffffff, 0x7, 0x7, 0x1e1, 0x5, 0x8, 0x3, 0x10001, 0x5, 0x800, 0x0, 0x28e88f9b, 0xb36, 0xd, 0x80000000, 0xa, 0x1, 0x6, 0x9, 0x4, 0x80000001, 0x3, 0xe, 0xfdb7, 0x9, 0x200, 0x8, 0x10, 0xfffffff4, 0x8, 0x5, 0x0, 0x2, 0x401, 0x9, 0x1, 0xfffffffc, 0x2b3a, 0x8383, 0x5387, 0x6, 0x6, 0x6, 0x5, 0x1, 0x2, 0x1, 0x1, 0x1, 0x8001, 0x80000000, 0x4, 0x6, 0x8000, 0x101, 0x5, 0x7, 0x6, 0x8, 0x5, 0x7fffffff, 0x5, 0xfff, 0x3, 0x9, 0x9, 0x7, 0x101, 0x4, 0x2, 0x0, 0x4, 0x8, 0x7, 0x6, 0x9, 0x1, 0xfffffffd, 0x7, 0x18000000, 0x7, 0x7, 0x7, 0x10001, 0x9, 0x9, 0x6c, 0x7, 0x10000, 0x4, 0x74, 0xea, 0x2, 0xffffff42, 0x51, 0x5, 0xf, 0x6, 0x0, 0xf15, 0x5cf, 0x10001, 0x8, 0x6ae, 0xc62, 0x10, 0x75aca70, 0x5a, 0x9, 0xd, 0x101, 0xf, 0x16b37584, 0x80000, 0xcb, 0x3, 0x1, 0x11, 0x6, 0x0, 0xd, 0x101, 0xd, 0x0, 0x40, 0x2, 0x0, 0x3a, 0x4, 0xd0, 0x2, 0x9, 0x6, 0x1c2, 0x3, 0x10001, 0x6, 0x3, 0x9, 0x1, 0x0, 0x1, 0x4, 0x6034, 0x10001, 0xb7, 0x3fa, 0x8, 0x6, 0x10, 0x7d, 0x6, 0x7fff, 0x7fffffff, 0x1, 0x1, 0x4, 0x4b3, 0xea, 0x5, 0x40, 0x5, 0xfffffff9, 0x1, 0x3, 0x7, 0x3c, 0x8000, 0x3, 0x3, 0x3, 0x3, 0x1, 0x5, 0x2e, 0x6, 0x4, 0x0, 0x7, 0x1, 0x7, 0x1, 0xffff, 0xf, 0x8001, 0x7, 0x5f37, 0xcd, 0x2, 0x4, 0x2, 0xfffffff8, 0x5, 0x1, 0x6, 0x4, 0x2, 0xf, 0x7, 0x5, 0x667b6536, 0x1, 0x9, 0xc1, 0x2, 0x7, 0x7f77, 0x3, 0x2, 0x9, 0x2, 0x4, 0x9f6, 0xd, 0x3, 0xfff, 0x5, 0x10000, 0x5, 0x8f, 0x3, 0x8, 0x80000000, 0x666, 0x401, 0x41, 0xfffffff9, 0x6, 0xd, 0x400, 0x8, 0xd4, 0x3f681b61, 0x1, 0x641d, 0x838, 0x1, 0x1, 0x4, 0x1, 0x5ef, 0x0, 0x8, 0xd, 0x200, 0xad1, 0x0, 0xffff, 0x8, 0x8cc0, 0x0, 0x4, 0x7, 0x1, 0xf9e, 0x40, 0x8, 0x8, 0x0, 0x5c42, 0xa86c, 0x9, 0x2, 0x0, 0x2, 0x4, 0x2, 0x6, 0xbb, 0x7, 0x2, 0x4, 0xfffffffe, 0x84e, 0x5, 0x0, 0x8, 0x40, 0x3, 0xee, 0x3, 0x200, 0x80000000, 0x3, 0x8000, 0x947, 0xb, 0x3ff, 0x2, 0xffffffff, 0x7, 0xffff, 0x1, 0x14, 0x1, 0x80, 0x0, 0x7, 0xbb34, 0xffffffff, 0x2, 0xffff, 0xb, 0x10001, 0x8, 0x5, 0x19f, 0x8, 0x7, 0x2, 0x61, 0x2, 0x1000, 0x5, 0x0, 0x39, 0x4f8435bc, 0x40, 0x1, 0x8000, 0xff, 0x6, 0x81, 0x3, 0x8000, 0x6, 0x3, 0x6, 0x10000, 0x3, 0x80000001, 0x5, 0x6, 0x6755, 0xffff, 0x1, 0x80000001, 0x40, 0xc, 0x0, 0x0, 0xb0, 0x7, 0x5, 0x8, 0x2, 0x4, 0x2, 0x7, 0xfffffffd, 0x0, 0x5783d24c, 0x1000, 0xb, 0xe92f, 0x10, 0xc0000000, 0x80000001, 0x81, 0xf, 0x3f, 0x3, 0xd02, 0x3, 0x3, 0x2, 0x8, 0x5, 0x7, 0x4, 0x8, 0x16b1, 0x1, 0x9, 0x2, 0xa17, 0x1, 0xd, 0x1ff, 0x9, 0x10, 0x1000, 0x8, 0x10001, 0x2, 0x9, 0xd12d, 0xb, 0x80000000, 0x10, 0x7, 0x7, 0x5, 0x0, 0x4, 0x10000, 0x2, 0x6, 0x2, 0x1, 0x5, 0x2, 0xfffffffd, 0x800, 0xc30, 0x6, 0x1, 0x401, 0x7, 0x4, 0x2, 0x1, 0x14bb21e8, 0x6, 0x7, 0x9, 0x2, 0x6, 0x0, 0x7, 0x9, 0x10000, 0x7, 0x9, 0xc3, 0x9, 0x33, 0x7, 0x2, 0x8, 0xfffffdc7, 0x10001, 0x1000, 0x1, 0x8, 0x3, 0x0, 0x0, 0x200, 0x80000000, 0x8, 0x80000001, 0x6, 0x0, 0x10000, 0x4, 0xd2ae, 0x8001, 0x7f, 0x3, 0x9, 0xfffffff8, 0xecc, 0xf7b7, 0x0, 0x2, 0x8, 0x8, 0x39, 0x4745b028, 0xb1, 0xffc, 0x6, 0x7ff, 0x7088, 0x5, 0x5, 0x9, 0x9dd, 0x8, 0xffff6c24, 0x6, 0x3, 0x40, 0x1, 0x2, 0x2, 0x80000001, 0x4, 0x3ff00000, 0x5, 0xb, 0x1ff, 0x34, 0x6, 0x8710, 0x10001, 0x8, 0x9, 0x8, 0xb, 0x9, 0x5, 0x7ff, 0x1000, 0xb, 0x7, 0x9, 0x0, 0x7, 0x9, 0x5, 0x5, 0x0, 0x0, 0x7, 0x6, 0x4, 0x8, 0x89df, 0x6, 0x8, 0x32, 0x8, 0x5, 0x8, 0x4, 0x40, 0x4, 0x80, 0x8, 0x0, 0x6, 0x0, 0xdef, 0x5, 0x312, 0x3, 0x2, 0x200000, 0x8, 0x7, 0x7f, 0xb4, 0x0, 0x219, 0x4, 0x5, 0x5, 0x10000, 0x3152aec6, 0x3, 0x1, 0x1ff, 0xfffffff8, 0x5a, 0x401, 0x101, 0x72, 0x5, 0x7, 0x9, 0x8000, 0xc, 0x1, 0x7, 0x5, 0x5, 0x1ff, 0x0, 0x46e1e3bd, 0x0, 0xfff, 0xfffffffb, 0x8, 0x8, 0x2, 0x4, 0x1, 0xfffffffb, 0x448bf557, 0x6, 0x7, 0x98f1, 0x8, 0x361, 0x7, 0x12, 0x8001, 0xf2, 0x2, 0x6, 0x7, 0x3, 0x6c4, 0xe181, 0x200001, 0x1, 0x4, 0x10001, 0x400, 0xff, 0xae90, 0x8, 0x10000, 0x1, 0x40, 0x9, 0x8, 0x1000, 0x40, 0xd, 0xcf3, 0x2, 0xbf8, 0x0, 0x8, 0x9, 0x800, 0x9, 0x54, 0xb, 0xa49, 0x3f, 0xfffffff7, 0x4, 0x12c70, 0xcb4, 0x4, 0x4, 0x5, 0x0, 0xffff, 0x601, 0x7, 0x7, 0x4, 0xfffffffa, 0x0, 0x7, 0x0, 0xff00, 0x7, 0xffffff80, 0x6, 0x1ff, 0x10, 0xe, 0x7fffffff, 0x8a, 0xf, 0x9, 0x5, 0x2, 0x401, 0x4, 0x2, 0xc3, 0x0, 0x6, 0x4, 0x1, 0xe62, 0x1, 0x6, 0xfffffffb, 0xb, 0x6, 0x1, 0xc, 0x8000, 0xfc, 0x8, 0x0, 0x0, 0x5, 0x5, 0x400, 0xa, 0x6, 0x6, 0x80000001, 0x10, 0x18000, 0x400, 0x80000000, 0xb51, 0x3, 0x3, 0x8, 0x3, 0xfffffff7, 0x40, 0x9b59, 0x4, 0xffffffff, 0x8000, 0x3, 0x8, 0x3, 0x7, 0x1, 0x6, 0x8, 0x14e6, 0x7, 0x80, 0x9, 0x3, 0xfffffffd, 0xe, 0x4, 0x9, 0x3, 0x5, 0x9937, 0x1000, 0x7, 0x0, 0xfffffffc, 0x3, 0x1, 0x81, 0x79e74c8e, 0x8, 0xf, 0x53e, 0x5, 0x80000001, 0x5, 0x0, 0x9]}) r3 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) write$char_usb(r3, &(0x7f0000000040)="e2", 0x2250) 4.068771489s ago: executing program 1 (id=2865): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000a40)=0x4, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000008c0)={'geneve0\x00', 0x0}) sendto$packet(r0, &(0x7f00000000c0)="c45559a8efd926c47b24dd1ef250", 0xe, 0x0, &(0x7f0000000080)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @remote}, 0x14) 3.937384447s ago: executing program 4 (id=2866): pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0x0, 0x0, 0x0, {}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_NAT={0x8}, @TCA_CAKE_WASH={0x8}]}}]}, 0x44}}, 0x810) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a000100"], 0x3}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_route(0x10, 0x3, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0) 3.881384659s ago: executing program 1 (id=2867): socket$inet6(0xa, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$phonet_pipe(0x23, 0x5, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r5, 0xfff) syz_emit_ethernet(0x82, &(0x7f00000004c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x4c, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x13, 0x0, 0x0, 0x0, 0x0, {[@sack_perm={0x4, 0x2}, @timestamp={0x8, 0xa}, @window={0x3, 0x3}, @window={0x3, 0x3}, @sack_perm={0x4, 0x2}, @sack_perm={0x4, 0x2}, @fastopen={0x22, 0xf, "cf6af75d5cdcf048b19c939556"}, @md5sig={0x13, 0x12, "27406263e43d5959a166a23bd1116edc"}]}}}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a843500140600fe8000000000000000000000000000bbfe8000000000000000000000000000aa", @ANYRES32=0x41424344, @ANYBLOB], 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000080)=0x1f6, 0x4) getsockopt$PNPIPE_IFINDEX(r1, 0x113, 0x2, &(0x7f0000000080)=0x0, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0) ioctl$vim2m_VIDIOC_QBUF(0xffffffffffffffff, 0xc058565d, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x8, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "244cb303"}, 0x0, 0x1, {0x0}, 0x3}) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000180)={'ip_vti0\x00', &(0x7f0000000100)={'ip_vti0\x00', r6, 0x80, 0x7, 0x4, 0x6, {{0x5, 0x4, 0x2, 0x22, 0x14, 0x64, 0x0, 0xf6, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x27}, @private=0xa0100ff}}}}) ioctl$AUTOFS_IOC_EXPIRE_MULTI(0xffffffffffffffff, 0x40049366, &(0x7f0000000040)) 3.27575645s ago: executing program 0 (id=2869): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000b40), 0x2b842ac, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00'}, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000003e00)={'wg2\x00'}) setresgid(0x0, 0xee00, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x3ae6970fdb301443) bind$inet6(0xffffffffffffffff, 0x0, 0x0) memfd_secret(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 2.90589527s ago: executing program 1 (id=2870): pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001000"/20, @ANYRES32=r0, @ANYBLOB="00000000000000001c00128009000100626f5c64000000000c00028006001d0006"], 0x3c}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010005f3f770005000000000000000000", @ANYRES32=0x0, @ANYBLOB="ff00000000000000280012800a00010076786c"], 0x3}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe2, 0x0) 2.897234715s ago: executing program 4 (id=2871): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="300000003b0007010000000000000000047c0000040000000c00018006000600800a00000c00028005"], 0x30}}, 0xc000) 2.873240378s ago: executing program 3 (id=2872): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_DESTROY_ID(r0, &(0x7f0000000040)={0x1, 0x10, 0xfa00, {&(0x7f0000001240), r1}}, 0x18) 2.750538703s ago: executing program 3 (id=2873): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x9, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)) 2.750013606s ago: executing program 4 (id=2874): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/uevent_seqnum', 0x100, 0x24) write$P9_RWALK(r0, &(0x7f0000000000)=ANY=[], 0x9) syz_open_dev$midi(&(0x7f00000001c0), 0x2, 0x2) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f0000000500), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102376, 0x18fe8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)=ANY=[@ANYBLOB="540100001800010000000000000000001d010000150003000000000000000000dd5f392602"], 0x154}}, 0x0) setsockopt$SO_J1939_FILTER(r2, 0x6b, 0x1, &(0x7f00000003c0)=[{0x0, 0x1, {0x1, 0x1}, {0x1, 0xf0, 0x1}, 0xfe, 0xfe}, {0x0, 0x1, {0x2, 0xf0, 0x1}, {0x1, 0xff}, 0xff, 0x1}, {0x2, 0x1, {0x1, 0xf0, 0x4}, {0x0, 0x1, 0x5}, 0xff, 0xff}, {0x2, 0x0, {0x1, 0xff, 0x2}, {0x1, 0xf0, 0x3}, 0xff, 0x1}, {0x3, 0x0, {0x1, 0x0, 0x2}, {0x0, 0x1, 0x3}, 0xff, 0x1}], 0xa0) signalfd4(0xffffffffffffffff, &(0x7f0000000240), 0x8, 0x0) syz_io_uring_setup(0x7933, &(0x7f0000000100)={0x0, 0x1, 0x8, 0x1, 0xffffffff, 0x0, r0}, 0x0, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r5 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x5, @mcast1, 0x9}, 0x1c) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r7, &(0x7f0000000200), 0xfffffecc) r8 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r8, &(0x7f0000000040), 0x208e24b) r9 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) sendfile(r9, r8, 0x0, 0xffefffff) splice(r6, 0x0, r5, 0x0, 0x8001, 0x0) r10 = fsopen(&(0x7f00000004c0)='gadgetfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r10, 0x6, 0x0, 0x0, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) 2.308609693s ago: executing program 2 (id=2875): pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000580)={'#! ', './file0', [{0x20, '/proc/sys/net/ipv4/vs/cache_bypass\x00'}], 0xa, "15bf3158f3b4c5beaa8a9ea511953cef08b81dedc6989a86c441759f9143160456a26319d35748b0fa16e646523ab5bd24785a1acbae1d23a93b9e516d3c74821654c0"}, 0x72) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x7fff, 0x0) 2.221530555s ago: executing program 3 (id=2876): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="08000800000012"], 0xfdef) 2.130911286s ago: executing program 2 (id=2877): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/stat\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r1 = socket$netlink(0x10, 0x3, 0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x34}}, 0x20008084) r2 = socket$inet_tcp(0x2, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) unshare(0x8000000) r4 = semget$private(0x0, 0x4000, 0x764) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000332000/0x4000)=nil, 0x4000, &(0x7f0000012480)) r5 = socket$inet6(0xa, 0x3, 0x9) semctl$IPC_STAT(r4, 0x0, 0x2, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r5, 0x29, 0x6, &(0x7f0000000140)={0x7e, {{0x29, 0xfffd, 0x0, @local, 0xfbbe}}}, 0x88) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7ffffffe}]}) setsockopt$sock_int(r2, 0x1, 0x3c, 0x0, 0x0) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendfile(r2, r0, 0x0, 0x4000000000010046) 2.041643812s ago: executing program 0 (id=2878): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0x3654}]}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='htcp\x00', 0x5) sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0) recvmsg(r0, &(0x7f0000000580)={0x0, 0x2, &(0x7f0000000500)=[{&(0x7f0000000740)=""/4096, 0xa15b0}], 0x1}, 0x700) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/power/resume_offset', 0x2, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="c5", 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local, 0x13}, 0x1c) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3, 0x0, 0x0) r2 = fsopen(&(0x7f0000000000)='pstore\x00', 0x1) fsconfig$FSCONFIG_SET_FD(r2, 0x5, &(0x7f0000000080)='[\x00', 0x0, r1) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r3 = socket$alg(0x26, 0x5, 0x0) syz_open_procfs(0x0, 0x0) splice(r3, 0x0, 0xffffffffffffffff, 0x0, 0x7fffffff, 0x7) syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x0, 0x13580}, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$usbmon(&(0x7f00000000c0), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) fanotify_init(0x200, 0x0) syz_io_uring_setup(0x5169, &(0x7f0000000200), 0x0, 0x0) syz_io_uring_setup(0x7667, &(0x7f0000000100)={0x0, 0x0, 0x13580}, 0x0, 0x0) 2.003263362s ago: executing program 1 (id=2879): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @loopback}, 0x10) connect$inet(r0, &(0x7f0000000380)={0x2, 0x4e21, @empty}, 0x10) recvmmsg(r0, &(0x7f0000001840)=[{{0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000001400)=""/94, 0x5e}], 0x1}}], 0x1, 0x0, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000080)=0x172) sendto(r0, &(0x7f00000002c0)='%', 0x300000, 0x0, 0x0, 0x0) 1.931706251s ago: executing program 3 (id=2880): bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) mkdir(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000480)={0x8, 0x100008f}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x345000, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) ioctl$TUNSETLINK(r0, 0x400454cd, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0xffff}, 0x6) write$binfmt_misc(r1, &(0x7f0000000200), 0xd) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x400000bd2) r2 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000180001000000000000000000020000000000000600"], 0x38}}, 0x0) rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00') lgetxattr(&(0x7f0000000240)='./cgroup/../file0\x00', &(0x7f0000000280)=@random={'btrfs.', '}^(\x00'}, &(0x7f00000002c0)=""/120, 0x78) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'bond0\x00', 0x0}) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0x3}]}, 0x4c}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x5f}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x4000, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00'}, 0x10) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r7, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r7, &(0x7f0000000200), 0xd) 1.418113953s ago: executing program 1 (id=2881): pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0x0, 0x0, 0x0, {}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_NAT={0x8}, @TCA_CAKE_WASH={0x8}]}}]}, 0x44}}, 0x810) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a000100"], 0x3}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_route(0x10, 0x3, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0) 1.175664691s ago: executing program 3 (id=2882): socket$inet6(0xa, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$phonet_pipe(0x23, 0x5, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r5, 0xfff) syz_emit_ethernet(0x82, &(0x7f00000004c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x4c, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x13, 0x0, 0x0, 0x0, 0x0, {[@sack_perm={0x4, 0x2}, @timestamp={0x8, 0xa}, @window={0x3, 0x3}, @window={0x3, 0x3}, @sack_perm={0x4, 0x2}, @sack_perm={0x4, 0x2}, @fastopen={0x22, 0xf, "cf6af75d5cdcf048b19c939556"}, @md5sig={0x13, 0x12, "27406263e43d5959a166a23bd1116edc"}]}}}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a843500140600fe8000000000000000000000000000bbfe8000000000000000000000000000aa", @ANYRES32=0x41424344, @ANYBLOB], 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000080)=0x1f6, 0x4) getsockopt$PNPIPE_IFINDEX(r1, 0x113, 0x2, &(0x7f0000000080)=0x0, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0) ioctl$vim2m_VIDIOC_QBUF(0xffffffffffffffff, 0xc058565d, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x8, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "244cb303"}, 0x0, 0x1, {0x0}, 0x3}) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000180)={'ip_vti0\x00', &(0x7f0000000100)={'ip_vti0\x00', r6, 0x80, 0x7, 0x4, 0x6, {{0x5, 0x4, 0x2, 0x22, 0x14, 0x64, 0x0, 0xf6, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x27}, @private=0xa0100ff}}}}) ioctl$AUTOFS_IOC_EXPIRE_MULTI(0xffffffffffffffff, 0x40049366, &(0x7f0000000040)) 1.044167347s ago: executing program 2 (id=2883): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$RDMA_USER_CM_CMD_DESTROY_ID(r0, &(0x7f0000000040)={0x1, 0x10, 0xfa00, {&(0x7f0000001240)}}, 0x18) 898.204157ms ago: executing program 0 (id=2884): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="300000003b0007010000000000000000047c0000040000000c00018006000600800a00000c0002800500"], 0x30}}, 0xc000) 141.205768ms ago: executing program 1 (id=2885): r0 = syz_io_uring_setup(0x110, &(0x7f0000000140), &(0x7f0000000240)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x2, 0x0, 0x5, 0x0, 0x0}) io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x140, 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r3, &(0x7f00000021c0)={0x2020}, 0x2020) syz_fuse_handle_req(r3, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 134.7613ms ago: executing program 3 (id=2886): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x9d, 0xea, 0x78, 0x40, 0x18b4, 0xfffb, 0xdc7b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1, 0x0, 0x0, 0xa0, 0x1f, 0x71}}]}}]}}, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000000)={0x0, 0x0, 0x1, "01"}, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x84, &(0x7f0000000340)={0x0, 0x15, 0x1, '\v'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 44.935178ms ago: executing program 2 (id=2887): pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000580)={'#! ', './file0', [{0x20, '/proc/sys/net/ipv4/vs/cache_bypass\x00'}], 0xa, "15bf3158f3b4c5beaa8a9ea511953cef08b81dedc6989a86c441759f9143160456a26319d35748b0fa16e646523ab5bd24785a1acbae1d23a93b9e516d3c74821654c0"}, 0x72) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x7fff, 0x0) 0s ago: executing program 0 (id=2888): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000b40), 0x2b842ac, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00'}, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000003e00)={'wg2\x00'}) setresgid(0x0, 0xee00, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x3ae6970fdb301443) bind$inet6(0xffffffffffffffff, 0x0, 0x0) memfd_secret(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) kernel console output (not intermixed with test programs): rialNumber: syz [ 486.695498][ T940] usb 5-1: config 0 descriptor?? [ 486.853873][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 486.866042][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 486.880754][ T35] bond0 (unregistering): Released all slaves [ 486.914522][ T940] dvb-usb: found a 'Microsoft Xbox One Digital TV Tuner' in warm state. [ 486.948336][ T940] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 486.989919][ T940] dvbdev: DVB: registering new adapter (Microsoft Xbox One Digital TV Tuner) [ 487.007993][ T940] usb 5-1: media controller created [ 487.032181][ T35] tipc: Left network mode [ 487.037037][ T940] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 487.242450][ T35] batadv_slave_0: left promiscuous mode [ 487.262075][ T35] hsr_slave_0: left promiscuous mode [ 487.279053][ T35] hsr_slave_1: left promiscuous mode [ 487.289103][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 487.297345][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 487.310688][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 487.330321][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 487.343725][ T5230] gspca_pac7311: reg_w() failed index 0x29, value 0x53, error -71 [ 487.351649][ T5230] pac7311 1-1:0.0: probe with driver pac7311 failed with error -71 [ 487.373178][ T5230] usb 1-1: USB disconnect, device number 31 [ 487.413011][ T940] dvb-usb: no frontend was attached by 'Microsoft Xbox One Digital TV Tuner' [ 487.424786][ T35] veth1_macvtap: left promiscuous mode [ 487.432037][ T35] veth0_macvtap: left promiscuous mode [ 487.438700][ T940] dvb-usb: Microsoft Xbox One Digital TV Tuner successfully initialized and connected. [ 487.449398][ T35] veth1_vlan: left promiscuous mode [ 487.458539][ T35] veth0_vlan: left promiscuous mode [ 487.465233][ T940] usb 5-1: USB disconnect, device number 16 [ 487.531048][ T940] dvb-usb: Microsoft Xbox One Digital TV Tuner successfully deinitialized and disconnected. [ 487.752826][ T5236] Bluetooth: hci3: command tx timeout [ 488.766429][ T35] team0 (unregistering): Port device team_slave_0 removed [ 489.435123][T11220] loop2: detected capacity change from 0 to 7 [ 489.456390][T11220] Dev loop2: unable to read RDB block 7 [ 489.462507][T11220] loop2: unable to read partition table [ 489.469322][T11220] loop2: partition table beyond EOD, truncated [ 489.475647][T11220] loop_reread_partitions: partition scan of loop2 (被 ) failed (rc=-5) [ 489.742948][ T47] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 489.863659][ T5236] Bluetooth: hci3: command tx timeout [ 490.285139][ T47] usb 5-1: Using ep0 maxpacket: 16 [ 490.348671][ T47] usb 5-1: New USB device found, idVendor=0b95, idProduct=178a, bcdDevice=fc.30 [ 490.423780][ T47] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 490.655928][ T47] usb 5-1: Product: syz [ 490.775134][ T47] usb 5-1: Manufacturer: syz [ 490.836139][ T47] usb 5-1: SerialNumber: syz [ 490.942944][ T47] usb 5-1: config 0 descriptor?? [ 490.968431][ T47] ax88179_178a 5-1:0.0: probe with driver ax88179_178a failed with error -22 [ 490.986499][T11148] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 491.001936][T11148] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 491.021823][T11148] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 491.076468][T11148] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 491.163159][T11237] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1949'. [ 491.207063][T11219] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 491.303519][T11148] 8021q: adding VLAN 0 to HW filter on device bond0 [ 491.326039][T11148] 8021q: adding VLAN 0 to HW filter on device team0 [ 491.342440][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 491.349633][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 491.428174][T11241] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1948'. [ 491.518666][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 491.525853][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 491.985439][ T5236] Bluetooth: hci3: command tx timeout [ 492.017901][T11148] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 492.028506][T11148] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 492.329114][ T5310] usb 5-1: USB disconnect, device number 17 [ 492.364223][T11148] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 493.433616][T11251] loop0: detected capacity change from 0 to 128 [ 493.723596][T11148] veth0_vlan: entered promiscuous mode [ 494.840799][T11148] veth1_vlan: entered promiscuous mode [ 494.891335][T11148] veth0_macvtap: entered promiscuous mode [ 494.908496][T11148] veth1_macvtap: entered promiscuous mode [ 494.928406][T11148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 494.944018][T11148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.957027][T11148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 494.968455][T11148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.981237][T11148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 494.998661][T11148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 495.008809][T11148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 495.038932][T11148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 495.060798][T11148] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 495.069725][T11264] netlink: 'syz.1.1956': attribute type 10 has an invalid length. [ 495.085058][T11264] bond0: (slave netdevsim0): Releasing backup interface [ 495.100338][T11148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 495.111717][T11148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 495.127207][T11148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 495.137849][T11148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 495.152089][T11148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 495.169295][T11148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 495.189416][T11148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 495.220529][T11148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 495.333588][T11148] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 495.352828][T11265] netlink: 'syz.1.1956': attribute type 10 has an invalid length. [ 495.365182][T11265] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 496.141578][T11148] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 496.151384][T11148] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 496.160643][T11148] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 496.169555][T11148] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 496.314349][ T5876] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 496.337038][ T5876] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 496.370368][ T5876] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 496.380149][ T5876] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 497.134512][T11290] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1960'. [ 497.827300][T11305] squashfs: Unknown parameter '' [ 498.082953][ T5280] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 498.243831][ T5280] usb 1-1: Using ep0 maxpacket: 16 [ 498.257136][ T5280] usb 1-1: config 0 has no interfaces? [ 498.266682][ T5280] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 498.278741][ T5280] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 498.292552][ T5280] usb 1-1: config 0 descriptor?? [ 498.487413][T11309] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1969'. [ 498.509552][ T5280] usb 1-1: USB disconnect, device number 32 [ 499.057561][ T5231] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 499.392493][T11333] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1977'. [ 500.036129][ T5231] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 500.044256][ T5231] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 500.053493][ T5231] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 500.063490][ T5231] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 500.070835][ T5231] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 500.342354][T11343] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1981'. [ 500.384337][T11343] bond1: entered promiscuous mode [ 500.412369][T11345] bond1: (slave team_slave_1): Enslaving as an active interface with an up link [ 500.488780][T11327] chnl_net:caif_netlink_parms(): no params data found [ 500.549660][T11351] netlink: 'syz.1.1982': attribute type 10 has an invalid length. [ 500.860422][T11351] bond0: (slave netdevsim0): Releasing backup interface [ 501.218334][T11353] netlink: 'syz.1.1982': attribute type 10 has an invalid length. [ 501.245482][T11353] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 501.321563][T11327] bridge0: port 1(bridge_slave_0) entered blocking state [ 501.336928][T11327] bridge0: port 1(bridge_slave_0) entered disabled state [ 501.346592][T11327] bridge_slave_0: entered allmulticast mode [ 501.355062][T11327] bridge_slave_0: entered promiscuous mode [ 501.370372][T11327] bridge0: port 2(bridge_slave_1) entered blocking state [ 501.379249][T11327] bridge0: port 2(bridge_slave_1) entered disabled state [ 501.391484][T11327] bridge_slave_1: entered allmulticast mode [ 501.403182][T11327] bridge_slave_1: entered promiscuous mode [ 501.922491][ T1266] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.930395][ T1266] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.944894][T11364] netlink: 'syz.4.1985': attribute type 4 has an invalid length. [ 501.953307][T11364] netlink: 2024 bytes leftover after parsing attributes in process `syz.4.1985'. [ 501.964620][T11364] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1985'. [ 501.974400][T11367] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1986'. [ 502.099011][T11327] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 502.143655][T11327] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 502.197661][T11374] futex_wake_op: syz.1.1988 tries to shift op by 144; fix this program [ 502.242934][ T5239] Bluetooth: hci4: command tx timeout [ 502.267292][T11374] netlink: 'syz.1.1988': attribute type 1 has an invalid length. [ 502.301308][T11374] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1988'. [ 502.331134][T11327] team0: Port device team_slave_0 added [ 502.610728][T11327] team0: Port device team_slave_1 added [ 503.253637][T11327] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 503.267759][T11327] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 503.340380][T11327] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 503.379840][T11382] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1990'. [ 503.444000][T11327] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 503.450984][T11327] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 503.761877][T11327] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 504.156505][T11327] hsr_slave_0: entered promiscuous mode [ 504.170039][T11327] hsr_slave_1: entered promiscuous mode [ 504.177396][T11327] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 504.185419][T11327] Cannot create hsr debugfs directory [ 504.313025][ T5239] Bluetooth: hci4: command tx timeout [ 504.693711][T11327] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 504.712343][T11327] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 505.027557][ T9] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 505.142212][T11406] random: crng reseeded on system resumption [ 505.239806][T11327] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 505.263136][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 505.271732][T11327] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 505.292828][ T9] usb 3-1: config 1 has an invalid interface number: 128 but max is 1 [ 505.302730][ T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 505.313086][ T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 505.321975][ T9] usb 3-1: config 1 has no interface number 0 [ 505.328274][ T9] usb 3-1: config 1 interface 128 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 505.346565][ T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 505.356331][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 505.373173][ T9] usb 3-1: Product: syz [ 505.379739][ T9] usb 3-1: Manufacturer: syz [ 505.391170][ T9] usb 3-1: SerialNumber: syz [ 505.408157][ T9] cdc_wdm 3-1:1.128: skipping garbage [ 505.418979][T11327] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 505.420254][ T9] cdc_wdm 3-1:1.128: probe with driver cdc_wdm failed with error -22 [ 505.429599][T11327] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 505.461354][T11417] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2002'. [ 505.481448][T11418] bond1: (slave team_slave_1): Releasing backup interface [ 505.527406][T11327] bond0: (slave netdevsim0): Releasing backup interface [ 505.541552][T11327] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 505.559750][T11327] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 505.622539][ T9] usb 3-1: USB disconnect, device number 20 [ 505.710865][T11327] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 505.721889][T11327] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 505.730868][T11327] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 505.741676][T11327] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 505.822008][T11327] 8021q: adding VLAN 0 to HW filter on device bond0 [ 505.843006][T11327] 8021q: adding VLAN 0 to HW filter on device team0 [ 505.854427][ T6537] bridge0: port 1(bridge_slave_0) entered blocking state [ 505.861602][ T6537] bridge0: port 1(bridge_slave_0) entered forwarding state [ 505.881390][ T5876] bridge0: port 2(bridge_slave_1) entered blocking state [ 505.888571][ T5876] bridge0: port 2(bridge_slave_1) entered forwarding state [ 505.938820][T11327] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 505.971588][T11429] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2006'. [ 505.981026][T11429] netlink: 'syz.1.2006': attribute type 12 has an invalid length. [ 506.000748][T11429] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 506.010357][T11429] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 506.019809][T11429] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 506.028731][T11429] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 506.038742][T11429] vxlan0: entered promiscuous mode [ 506.123155][T11327] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 506.177708][T11434] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2007'. [ 506.235041][T11327] veth0_vlan: entered promiscuous mode [ 506.268299][T11327] veth1_vlan: entered promiscuous mode [ 506.329784][T11327] veth0_macvtap: entered promiscuous mode [ 506.350597][T11442] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2011'. [ 506.376559][T11327] veth1_macvtap: entered promiscuous mode [ 506.394599][ T5239] Bluetooth: hci4: command tx timeout [ 506.407933][T11327] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 506.420396][T11327] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 506.431407][T11327] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 506.442974][T11327] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 506.454586][T11327] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 506.465270][T11327] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 506.469215][T11441] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 506.475576][T11327] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 506.496212][T11327] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 506.508388][T11327] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 506.635626][T11327] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 506.712676][T11327] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 506.821107][T11451] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2012'. [ 507.026131][T11327] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 507.038412][T11327] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 507.075545][T11327] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 507.096423][T11327] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 507.106804][T11327] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 507.119068][T11327] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 507.130877][T11327] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 507.143348][T11327] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 507.161362][T11327] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 507.174174][T11327] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 507.219835][T11327] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 507.251295][T11327] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 507.289651][T11327] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 507.298753][T11327] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 507.309300][T11327] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 507.434340][ T3026] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 507.467125][ T3026] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 507.498263][T11470] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2020'. [ 507.509005][ T3026] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 507.517720][ T3026] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 507.545694][T11470] team0: Port device team_slave_1 removed [ 507.563956][ T5230] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 507.712531][T11476] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2022'. [ 507.882852][ T5230] usb 2-1: Using ep0 maxpacket: 8 [ 507.912498][ T5230] usb 2-1: config 1 has an invalid interface number: 128 but max is 1 [ 508.010176][ T5230] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 508.239209][ T5230] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 508.489401][ T5230] usb 2-1: config 1 has no interface number 0 [ 508.503054][ T5239] Bluetooth: hci4: command tx timeout [ 508.523147][ T5230] usb 2-1: config 1 interface 128 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 508.600981][ T5230] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 508.601979][T11483] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2024'. [ 508.614154][ T5230] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 508.650752][ T5230] usb 2-1: Product: syz [ 508.663075][ T5230] usb 2-1: Manufacturer: syz [ 508.668653][ T5230] usb 2-1: SerialNumber: syz [ 508.686386][ T5230] cdc_wdm 2-1:1.128: skipping garbage [ 508.692505][ T5230] cdc_wdm 2-1:1.128: probe with driver cdc_wdm failed with error -22 [ 509.391234][ T5230] usb 2-1: USB disconnect, device number 28 [ 509.410154][T11492] squashfs: Unknown parameter '' [ 509.561477][T11499] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2031'. [ 509.580939][T11501] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 509.638138][T11503] netlink: 'syz.4.2032': attribute type 1 has an invalid length. [ 509.800791][T11507] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2032'. [ 511.522995][T11533] loop1: detected capacity change from 0 to 164 [ 512.873987][ T47] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 513.624755][T11550] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=536872256 (1073744512 ns) > initial count (152 ns). Using initial count to start timer. [ 513.668843][T11553] loop0: detected capacity change from 0 to 127 [ 513.907366][ T47] usb 4-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 513.922812][ T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 513.939079][ T47] usb 4-1: Product: syz [ 513.947413][ T47] usb 4-1: Manufacturer: syz [ 513.952046][ T47] usb 4-1: SerialNumber: syz [ 513.959544][ T47] usb 4-1: config 0 descriptor?? [ 514.171122][ T47] dvb_usb_dtv5100 4-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -71 [ 514.196181][ T47] usb 4-1: USB disconnect, device number 15 [ 514.224475][T11568] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=536872256 (1073744512 ns) > initial count (152 ns). Using initial count to start timer. [ 514.511170][T11579] squashfs: Unknown parameter '' [ 514.612694][ T5230] usb 5-1: new full-speed USB device number 18 using dummy_hcd [ 514.622990][ T940] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 514.792795][ T940] usb 4-1: Using ep0 maxpacket: 16 [ 514.799896][ T5230] usb 5-1: config 0 has an invalid interface number: 133 but max is 0 [ 514.809254][ T5230] usb 5-1: config 0 has no interface number 0 [ 514.819917][ T940] usb 4-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 514.838871][ T940] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 514.848279][ T940] usb 4-1: Product: syz [ 514.860845][ T940] usb 4-1: Manufacturer: syz [ 514.872940][ T5230] usb 5-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 514.883786][ T940] usb 4-1: SerialNumber: syz [ 514.901610][ T5230] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 514.912856][ T940] usb 4-1: config 0 descriptor?? [ 514.938469][ T5230] usb 5-1: Product: syz [ 514.943991][ T5230] usb 5-1: Manufacturer: syz [ 514.948662][ T5230] usb 5-1: SerialNumber: syz [ 514.956638][ T5230] usb 5-1: config 0 descriptor?? [ 515.090610][T11584] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2057'. [ 515.235919][ T29] kauditd_printk_skb: 30 callbacks suppressed [ 515.235937][ T29] audit: type=1326 audit(1727518249.583:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11585 comm="syz.2.2058" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff115d7dff9 code=0x0 [ 515.332342][ T940] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 515.361654][ T940] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 515.376193][ T940] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 515.386605][ T940] usb 4-1: media controller created [ 515.401584][ T5230] keyspan 5-1:0.133: Keyspan 1 port adapter converter detected [ 515.430156][ T5230] keyspan 5-1:0.133: found no endpoint descriptor for endpoint 81 [ 515.441774][ T940] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 515.457618][ T5230] keyspan 5-1:0.133: found no endpoint descriptor for endpoint 1 [ 515.484152][ T5230] keyspan 5-1:0.133: found no endpoint descriptor for endpoint 2 [ 515.541141][ T940] zl10353_read_register: readreg error (reg=127, ret==0) [ 515.552835][ T5230] usb 5-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 515.607034][ T940] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 515.625542][ T940] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 515.644214][ T940] usb 4-1: USB disconnect, device number 16 [ 516.350444][ T5230] usb 5-1: USB disconnect, device number 18 [ 516.374667][ T5230] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 516.384811][ T5230] keyspan 5-1:0.133: device disconnected [ 516.415450][ T940] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 518.400036][T11603] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=536872256 (1073744512 ns) > initial count (152 ns). Using initial count to start timer. [ 518.697128][T11622] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2068'. [ 518.789931][T11629] random: crng reseeded on system resumption [ 518.872431][T11633] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2070'. [ 519.073042][T11638] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2073'. [ 519.096084][T11638] netlink: 'syz.3.2073': attribute type 6 has an invalid length. [ 519.132805][T11638] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 519.141586][T11638] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 519.150445][T11638] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 519.159420][T11638] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 519.202752][T11638] vxlan0: entered promiscuous mode [ 520.918415][T11662] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2082'. [ 520.935039][T11665] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2085'. [ 520.959277][T11667] loop0: detected capacity change from 0 to 7 [ 520.982937][T11667] Dev loop0: unable to read RDB block 7 [ 521.004125][T11667] loop0: AHDI p3 p4 [ 521.010430][T11667] loop0: partition table partially beyond EOD, truncated [ 521.027838][T11667] loop0: p3 start 6514546 is beyond EOD, truncated [ 521.152848][ T940] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 522.019320][T11674] loop1: detected capacity change from 0 to 1024 [ 522.025883][ T940] usb 5-1: Using ep0 maxpacket: 16 [ 522.112754][ T940] usb 5-1: config 0 has an invalid interface number: 199 but max is 0 [ 522.120978][ T940] usb 5-1: config 0 has no interface number 0 [ 522.127299][ T940] usb 5-1: config 0 interface 199 has no altsetting 0 [ 522.148550][ T940] usb 5-1: New USB device found, idVendor=045e, idProduct=02d5, bcdDevice=f5.78 [ 522.161028][ T940] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 522.172844][ T940] usb 5-1: Product: syz [ 522.177138][ T940] usb 5-1: Manufacturer: syz [ 522.189820][T11683] loop3: detected capacity change from 0 to 128 [ 522.197748][ T940] usb 5-1: SerialNumber: syz [ 522.216924][ T940] usb 5-1: config 0 descriptor?? [ 522.434875][ T940] dvb-usb: found a 'Microsoft Xbox One Digital TV Tuner' in cold state, will try to load a firmware [ 522.546459][ T940] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 522.594757][ T940] dib0700: firmware download failed at 7 with -22 [ 522.636279][ T940] usb 5-1: USB disconnect, device number 19 [ 522.706496][T11674] /dev/loop1: Can't open blockdev [ 523.214659][T11701] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2097'. [ 523.416205][T11704] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2099'. [ 527.298522][T11727] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2108'. [ 527.412861][ T5277] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 527.573089][ T9] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 527.580889][ T5277] usb 1-1: Using ep0 maxpacket: 16 [ 527.601451][ T5277] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 527.618539][ T5277] usb 1-1: config 0 has no interfaces? [ 527.635833][ T5277] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 527.668350][ T5277] usb 1-1: config 0 has no interfaces? [ 527.679238][ T5277] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 527.707570][ T5277] usb 1-1: config 0 has no interfaces? [ 527.727174][ T5277] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 527.738164][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 527.743730][ T5277] usb 1-1: config 0 has no interfaces? [ 527.751338][ T5277] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 527.761889][ T9] usb 3-1: config 0 has an invalid interface number: 199 but max is 0 [ 527.763182][ T47] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 527.770292][ T9] usb 3-1: config 0 has no interface number 0 [ 527.784098][ T5277] usb 1-1: config 0 has no interfaces? [ 527.790094][ T9] usb 3-1: config 0 interface 199 has no altsetting 0 [ 527.799798][ T5277] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 527.809806][ T9] usb 3-1: New USB device found, idVendor=045e, idProduct=02d5, bcdDevice=f5.78 [ 527.821625][ T5277] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 527.830165][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 527.838799][ T5277] usb 1-1: Product: syz [ 527.843132][ T9] usb 3-1: Product: syz [ 527.847307][ T9] usb 3-1: Manufacturer: syz [ 527.852098][ T5277] usb 1-1: Manufacturer: syz [ 527.857265][ T5277] usb 1-1: SerialNumber: syz [ 527.862403][ T9] usb 3-1: SerialNumber: syz [ 527.870434][ T5277] usb 1-1: config 0 descriptor?? [ 527.876559][ T9] usb 3-1: config 0 descriptor?? [ 527.946617][ T47] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 527.955064][ T47] usb 2-1: config 0 has no interface number 0 [ 528.112809][ T9] dvb-usb: found a 'Microsoft Xbox One Digital TV Tuner' in cold state, will try to load a firmware [ 528.156792][ T47] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 528.160213][ T9] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 528.166015][ T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 528.166044][ T47] usb 2-1: Product: syz [ 528.166057][ T47] usb 2-1: Manufacturer: syz [ 528.166072][ T47] usb 2-1: SerialNumber: syz [ 528.196585][ T9] dib0700: firmware download failed at 7 with -22 [ 528.196820][ T47] usb 2-1: config 0 descriptor?? [ 528.206016][ T9] usb 3-1: USB disconnect, device number 21 [ 528.277400][T11751] xt_NFQUEUE: number of total queues is 0 [ 528.287281][ T5280] usb 4-1: new full-speed USB device number 17 using dummy_hcd [ 528.515169][ T5280] usb 4-1: too many endpoints for config 1 interface 0 altsetting 253: 132, using maximum allowed: 30 [ 528.671884][ T5280] usb 4-1: config 1 interface 0 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 132 [ 528.848684][ T47] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 528.857362][ T5280] usb 4-1: config 1 interface 0 has no altsetting 0 [ 528.870220][ T47] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 528.881053][ T47] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 528.890542][ T47] usb 2-1: media controller created [ 528.903918][ T5280] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 528.915650][ T940] usb 1-1: USB disconnect, device number 33 [ 528.932843][ T5280] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 528.943578][ T47] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 528.954436][ T5280] usb 4-1: Product: syz [ 528.958639][ T5280] usb 4-1: Manufacturer: syz [ 528.968815][ T5280] usb 4-1: SerialNumber: syz [ 528.995628][ T47] usb 2-1: DVB: registering adapter 1 frontend 0 (E3C EC100 DVB-T)... [ 529.006336][ T47] dvbdev: dvb_create_media_entity: media entity 'E3C EC100 DVB-T' registered. [ 529.046211][ T47] DVB: Unable to find symbol mxl5005s_attach() [ 529.242836][T11763] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2119'. [ 529.338480][ T47] usb 2-1: USB disconnect, device number 29 [ 529.388483][T11746] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 529.405844][T11746] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 529.467289][T11767] loop2: detected capacity change from 0 to 128 [ 529.625334][ T5280] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 17 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 529.776261][T11769] squashfs: Unknown parameter '' [ 530.562809][ T5277] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 530.732780][ T5277] usb 5-1: Using ep0 maxpacket: 16 [ 530.739878][ T5277] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 530.760530][ T5277] usb 5-1: config 0 has no interfaces? [ 530.768813][ T5277] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 530.788841][ T5277] usb 5-1: config 0 has no interfaces? [ 530.803962][ T5277] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 530.817804][ T5277] usb 5-1: config 0 has no interfaces? [ 530.834050][ T5277] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 530.852726][ T5277] usb 5-1: config 0 has no interfaces? [ 530.861389][ T5277] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 530.872949][ T5277] usb 5-1: config 0 has no interfaces? [ 530.881297][ T5277] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 530.893698][ T5277] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 530.901799][ T5277] usb 5-1: Product: syz [ 530.919873][ T5277] usb 5-1: Manufacturer: syz [ 530.930233][ T5277] usb 5-1: SerialNumber: syz [ 530.954959][ T5277] usb 5-1: config 0 descriptor?? [ 531.211614][ T5280] usb 4-1: USB disconnect, device number 17 [ 531.275030][ T5280] usblp0: removed [ 531.972734][ T5280] usb 5-1: USB disconnect, device number 20 [ 532.054609][T11795] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2130'. [ 532.713422][ T5280] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 532.893212][ T5280] usb 5-1: Using ep0 maxpacket: 32 [ 533.076292][ T5280] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 533.084984][ T5280] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 533.096353][ T5280] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 533.107581][ T5280] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 533.120971][ T5280] usb 5-1: config 0 interface 0 has no altsetting 0 [ 533.134925][ T5280] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 533.145224][ T5280] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 533.162660][ T5280] usb 5-1: Product: syz [ 533.167003][ T5280] usb 5-1: Manufacturer: syz [ 533.171612][ T5280] usb 5-1: SerialNumber: syz [ 533.180130][ T5280] usb 5-1: config 0 descriptor?? [ 533.191330][ T5280] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 533.203223][ T5280] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 533.379889][T11827] syzkaller0: entered promiscuous mode [ 533.421069][T11827] syzkaller0: entered allmulticast mode [ 533.424012][T11831] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2142'. [ 533.544663][ T5277] usb 5-1: USB disconnect, device number 21 [ 533.564668][ T5277] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 533.682853][ T5280] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 533.833648][ T5280] usb 1-1: Using ep0 maxpacket: 16 [ 533.860746][ T5280] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 533.879241][ T5280] usb 1-1: config 0 has no interfaces? [ 533.899371][ T5280] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 533.919686][ T5280] usb 1-1: config 0 has no interfaces? [ 533.938096][ T5280] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 533.970192][ T5280] usb 1-1: config 0 has no interfaces? [ 533.980815][ T5280] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 534.006642][ T5280] usb 1-1: config 0 has no interfaces? [ 534.021943][ T5280] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 534.042283][ T5280] usb 1-1: config 0 has no interfaces? [ 534.064558][ T5280] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 534.083139][ T5280] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 534.111605][ T5280] usb 1-1: Product: syz [ 534.121778][ T5280] usb 1-1: Manufacturer: syz [ 534.126851][ T5280] usb 1-1: SerialNumber: syz [ 534.135425][ T5280] usb 1-1: config 0 descriptor?? [ 534.377262][ T5280] usb 1-1: USB disconnect, device number 34 [ 538.142509][T11889] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2162'. [ 538.168928][T11890] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2162'. [ 538.200345][T11891] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2162'. [ 538.339158][T11906] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2168'. [ 539.347647][T11919] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2173'. [ 541.866450][T11954] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2182'. [ 541.876563][T11954] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2182'. [ 541.887084][T11954] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2182'. [ 543.380921][T11971] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2188'. [ 543.479491][T11975] team0: Device ipvlan1 failed to register rx_handler [ 545.255328][T11987] loop4: detected capacity change from 0 to 128 [ 545.730290][T11997] netlink: 2036 bytes leftover after parsing attributes in process `syz.2.2194'. [ 545.799513][T11997] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2194'. [ 545.850260][ T5239] Bluetooth: hci5: unexpected event for opcode 0x0403 [ 546.121970][T12001] netlink: 'syz.1.2196': attribute type 29 has an invalid length. [ 546.255247][T12004] netlink: 'syz.1.2196': attribute type 29 has an invalid length. [ 546.417261][T12001] netlink: 'syz.1.2196': attribute type 29 has an invalid length. [ 546.896477][T12010] loop0: detected capacity change from 0 to 7 [ 546.907123][T12010] Dev loop0: unable to read RDB block 7 [ 546.913283][T12010] loop0: AHDI p1 p2 p3 [ 546.917537][T12010] loop0: partition table partially beyond EOD, truncated [ 546.925250][T12010] loop0: p1 start 83886080 is beyond EOD, truncated [ 546.931915][T12010] loop0: p2 start 6514546 is beyond EOD, truncated [ 546.975966][T12014] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2200'. [ 547.050491][T12016] bond1: entered promiscuous mode [ 547.062556][T12016] team_slave_1: entered promiscuous mode [ 547.113431][T12016] team0: Port device team_slave_1 removed [ 547.128260][T12016] bond1: (slave team_slave_1): Enslaving as an active interface with an up link [ 547.168119][T12021] netlink: 'syz.2.2203': attribute type 10 has an invalid length. [ 547.199473][T12021] team0: Port device netdevsim0 added [ 547.233497][T12021] netlink: 'syz.2.2203': attribute type 10 has an invalid length. [ 547.291738][T12021] team0: Port device netdevsim0 removed [ 547.312271][T12021] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 548.328670][T12038] loop0: detected capacity change from 0 to 1024 [ 549.309339][T12043] /dev/loop0: Can't open blockdev [ 550.467103][T12049] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2212'. [ 550.547725][T12049] bond1: (slave team_slave_1): Releasing backup interface [ 550.675787][ T5239] Bluetooth: hci5: unexpected event for opcode 0x0403 [ 550.744873][T12063] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2218'. [ 550.770993][T12064] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2216'. [ 550.782953][T12064] netlink: 'syz.3.2216': attribute type 30 has an invalid length. [ 550.792022][T12063] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2218'. [ 550.806841][T12063] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2218'. [ 550.895078][T12057] netlink: 'syz.1.2215': attribute type 29 has an invalid length. [ 550.904183][T12057] netlink: 'syz.1.2215': attribute type 29 has an invalid length. [ 551.591010][T12075] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2221'. [ 553.709558][T12082] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 554.010113][T12087] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2227'. [ 555.477996][T12097] affs: No valid root block on device nbd3 [ 555.540650][T12108] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.2232'. [ 555.743648][ T5280] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 556.060618][ T5280] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 556.205802][ T5280] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 556.900352][ T5280] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 556.910351][ T5280] usb 1-1: config 0 descriptor?? [ 556.944676][T12119] netlink: 'syz.2.2235': attribute type 10 has an invalid length. [ 556.996193][T12119] bond0: (slave netdevsim0): Releasing backup interface [ 557.473233][T12119] team0: Port device netdevsim0 added [ 557.564131][ T5280] keytouch 0003:0926:3333.0006: fixing up Keytouch IEC report descriptor [ 557.661339][T12121] netlink: 'syz.2.2235': attribute type 10 has an invalid length. [ 557.734135][ T5280] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0006/input/input11 [ 557.772290][T12125] loop1: detected capacity change from 0 to 164 [ 557.794746][T12121] team0: Port device netdevsim0 removed [ 557.997684][T12121] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 558.151408][ T5280] keytouch 0003:0926:3333.0006: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 558.464419][ T5280] usb 1-1: USB disconnect, device number 35 [ 560.168135][ T940] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 560.189612][T12144] loop4: detected capacity change from 0 to 128 [ 561.342701][ T940] usb 4-1: Using ep0 maxpacket: 16 [ 561.353136][ T940] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 561.364592][ T940] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 561.382712][ T940] usb 4-1: Product: syz [ 561.387237][ T940] usb 4-1: Manufacturer: syz [ 561.403203][ T940] usb 4-1: SerialNumber: syz [ 562.745101][T12163] netlink: 'syz.4.2252': attribute type 10 has an invalid length. [ 562.845001][T12163] bond0: (slave netdevsim0): Releasing backup interface [ 563.002528][ T940] r8152-cfgselector 4-1: Unknown version 0x0000 [ 563.009071][ T940] r8152-cfgselector 4-1: config 0 descriptor?? [ 563.040197][ T940] r8152-cfgselector 4-1: can't set config #0, error -71 [ 563.072710][ T940] r8152-cfgselector 4-1: USB disconnect, device number 18 [ 563.100406][T12163] team0: Port device netdevsim0 added [ 563.119334][ T1266] ieee802154 phy0 wpan0: encryption failed: -22 [ 564.315647][T12173] netlink: 'syz.4.2252': attribute type 10 has an invalid length. [ 564.344734][T12173] team0: Port device netdevsim0 removed [ 564.350864][T12173] bond0: (slave netdevsim0): no link monitoring support [ 564.401366][T12173] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 564.595503][T12190] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2257'. [ 565.979405][T12192] loop3: detected capacity change from 0 to 128 [ 570.526001][T12227] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.2269'. [ 570.934514][T12232] netlink: 'syz.0.2271': attribute type 10 has an invalid length. [ 570.946703][T12232] bond0: (slave netdevsim0): Releasing backup interface [ 570.963371][T12232] team0: Port device netdevsim0 added [ 570.979367][T12232] netlink: 'syz.0.2271': attribute type 10 has an invalid length. [ 570.996902][T12232] team0: Port device netdevsim0 removed [ 571.007241][T12232] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 577.669428][T12275] bridge1: entered promiscuous mode [ 577.674873][T12275] bridge1: entered allmulticast mode [ 578.103726][T12273] loop3: detected capacity change from 0 to 128 [ 578.426588][T12275] bridge0: port 3(ip6gretap0) entered blocking state [ 578.434938][T12275] bridge0: port 3(ip6gretap0) entered disabled state [ 578.457722][T12275] ip6gretap0: entered allmulticast mode [ 578.654238][T12275] ip6gretap0: entered promiscuous mode [ 578.661907][T12275] bridge0: port 3(ip6gretap0) entered blocking state [ 578.669030][T12275] bridge0: port 3(ip6gretap0) entered forwarding state [ 579.035859][T12289] loop4: detected capacity change from 0 to 1024 [ 579.426511][T12291] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.2285'. [ 579.772521][T12295] /dev/loop4: Can't open blockdev [ 581.318339][T12312] syzkaller0: entered promiscuous mode [ 581.327810][T12312] syzkaller0: entered allmulticast mode [ 582.282015][T12324] loop2: detected capacity change from 0 to 128 [ 588.729437][T12344] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2300'. [ 592.020629][T12401] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2318'. [ 592.037593][T12401] netlink: 'syz.0.2318': attribute type 11 has an invalid length. [ 592.049821][T12401] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 592.058759][T12401] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 592.067626][T12401] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 592.076566][T12401] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 593.368503][T12401] vxlan0: entered promiscuous mode [ 593.948517][T12404] loop4: detected capacity change from 0 to 128 [ 595.242558][T12417] netlink: 'syz.4.2324': attribute type 75 has an invalid length. [ 595.322729][ T9] usb 1-1: new full-speed USB device number 36 using dummy_hcd [ 595.479436][ T9] usb 1-1: device descriptor read/64, error -71 [ 595.792761][ T9] usb 1-1: new full-speed USB device number 37 using dummy_hcd [ 595.932699][ T9] usb 1-1: device descriptor read/64, error -71 [ 596.049310][ T9] usb usb1-port1: attempt power cycle [ 596.414031][ T9] usb 1-1: new full-speed USB device number 38 using dummy_hcd [ 596.443783][ T9] usb 1-1: device descriptor read/8, error -71 [ 596.555642][ T5236] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 596.568577][ T5236] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 596.579157][ T5236] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 596.589051][ T5236] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 596.597143][ T5236] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 596.604687][ T5236] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 596.693803][ T9] usb 1-1: new full-speed USB device number 39 using dummy_hcd [ 598.213808][ T9] usb 1-1: device descriptor read/8, error -71 [ 598.236189][T12437] chnl_net:caif_netlink_parms(): no params data found [ 598.282771][ T5280] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 599.204035][ T5239] Bluetooth: hci5: command tx timeout [ 599.222164][ T9] usb usb1-port1: unable to enumerate USB device [ 599.257684][ T5280] usb 3-1: device descriptor read/64, error -71 [ 599.867518][T12437] bridge0: port 1(bridge_slave_0) entered blocking state [ 599.884511][T12437] bridge0: port 1(bridge_slave_0) entered disabled state [ 599.911681][T12437] bridge_slave_0: entered allmulticast mode [ 599.989462][T12437] bridge_slave_0: entered promiscuous mode [ 600.157877][T12437] bridge0: port 2(bridge_slave_1) entered blocking state [ 600.212856][T12437] bridge0: port 2(bridge_slave_1) entered disabled state [ 600.250168][T12437] bridge_slave_1: entered allmulticast mode [ 600.272111][T12437] bridge_slave_1: entered promiscuous mode [ 600.423788][T12481] x_tables: ip_tables: REDIRECT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 601.033341][T12437] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 601.069190][T12437] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 601.222515][ T9] usb 1-1: new full-speed USB device number 40 using dummy_hcd [ 601.280813][ T5236] Bluetooth: hci5: command tx timeout [ 601.310319][T12437] team0: Port device team_slave_0 added [ 602.052454][T12437] team0: Port device team_slave_1 added [ 602.154710][ T9] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 602.167938][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 602.181422][ T9] usb 1-1: config 0 descriptor?? [ 602.343579][T12437] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 602.350605][T12437] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 602.399520][T12437] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 602.412999][T12437] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 602.420068][T12437] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 602.446330][T12437] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 603.163673][T12437] hsr_slave_0: entered promiscuous mode [ 603.206131][T12437] hsr_slave_1: entered promiscuous mode [ 603.236272][T12437] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 603.269964][T12437] Cannot create hsr debugfs directory [ 603.286261][T12501] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2347'. [ 603.356312][ T5236] Bluetooth: hci5: command tx timeout [ 603.389264][T12497] netlink: 288 bytes leftover after parsing attributes in process `syz.3.2346'. [ 603.532732][ T5310] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 603.670281][T12437] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 603.691974][ T5310] usb 3-1: Using ep0 maxpacket: 8 [ 603.697284][T12437] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 603.712354][ T5310] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 603.731745][ T5310] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 603.754811][ T5310] usb 3-1: config 0 descriptor?? [ 603.837418][ T9] pegasus 1-1:0.0: can't reset MAC [ 603.843281][ T9] pegasus 1-1:0.0: probe with driver pegasus failed with error -5 [ 603.875495][ T9] usb 1-1: USB disconnect, device number 40 [ 603.889627][T12437] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 603.914835][T12437] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 604.145040][T12437] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 604.186042][T12437] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 604.428524][T12518] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 604.595585][T12518] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 604.712038][T12437] bond0: (slave netdevsim0): Releasing backup interface [ 604.858312][T12518] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 604.867377][T12437] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 604.878775][T12518] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 604.897533][T12437] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 604.921967][T12518] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 604.928867][T12518] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 604.947157][T12518] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 604.953562][T12518] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 604.966399][T12518] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 604.973644][T12518] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 604.979796][T12518] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 605.003710][T12518] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 605.062463][T12522] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2354'. [ 605.102428][T12523] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2354'. [ 606.382316][ T5310] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 606.393172][ T5310] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 606.410484][ T5310] asix 3-1:0.0: probe with driver asix failed with error -71 [ 606.420717][ T5310] usb 3-1: USB disconnect, device number 24 [ 606.448945][T12437] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 606.472684][ T5231] Bluetooth: hci2: command 0x0406 tx timeout [ 606.492006][T12437] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 606.513792][T12437] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 606.535328][T12437] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 606.602676][ T9] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 607.390898][ T5231] Bluetooth: hci3: command 0x0406 tx timeout [ 607.397145][ T5231] Bluetooth: hci0: command 0x0406 tx timeout [ 607.403333][ T5231] Bluetooth: hci5: command 0x0407 tx timeout [ 607.409414][ T5231] Bluetooth: hci4: command 0x0c1a tx timeout [ 607.734314][ T9] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 607.742331][ T9] usb 5-1: config 0 has no interface number 0 [ 607.751888][ T9] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 607.761010][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 607.769156][ T9] usb 5-1: Product: syz [ 607.773387][ T9] usb 5-1: Manufacturer: syz [ 607.777994][ T9] usb 5-1: SerialNumber: syz [ 608.120589][ T9] usb 5-1: config 0 descriptor?? [ 608.144716][T12537] netlink: 288 bytes leftover after parsing attributes in process `syz.0.2358'. [ 608.230133][T12437] 8021q: adding VLAN 0 to HW filter on device bond0 [ 608.257431][T12437] 8021q: adding VLAN 0 to HW filter on device team0 [ 608.272308][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 608.279504][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 608.471608][ T9] usb 5-1: dvb_usb_v2: found a 'E3C EC168 reference design' in cold state [ 608.482952][ T9] usb 5-1: Direct firmware load for dvb-usb-ec168.fw failed with error -2 [ 608.491509][ T9] usb 5-1: Falling back to sysfs fallback for: dvb-usb-ec168.fw [ 608.553554][ T5239] Bluetooth: hci2: command 0x0406 tx timeout [ 609.289413][T12566] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2367'. [ 609.309769][T12568] loop3: detected capacity change from 0 to 1024 [ 609.333634][ T6537] bridge0: port 2(bridge_slave_1) entered blocking state [ 609.340828][ T6537] bridge0: port 2(bridge_slave_1) entered forwarding state [ 609.405192][T12566] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2367'. [ 609.561445][ T5239] Bluetooth: hci4: command 0x0c1a tx timeout [ 609.568648][ T5239] Bluetooth: hci5: command 0x0407 tx timeout [ 609.569765][ T5231] Bluetooth: hci0: command 0x0406 tx timeout [ 609.575169][ T5239] Bluetooth: hci3: command 0x0406 tx timeout [ 609.732468][T12575] /dev/loop3: Can't open blockdev [ 610.528524][T12437] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 610.736928][T12586] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2373'. [ 610.793790][T12437] veth0_vlan: entered promiscuous mode [ 610.830525][T12437] veth1_vlan: entered promiscuous mode [ 610.881631][T12437] veth0_macvtap: entered promiscuous mode [ 610.904788][T12437] veth1_macvtap: entered promiscuous mode [ 610.919912][T12437] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 610.931253][T12437] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 610.941217][T12437] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 610.951987][T12437] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 610.962504][T12437] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 610.973598][T12437] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 610.983510][T12437] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 611.002653][T12437] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.012510][T12437] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 611.026908][T12437] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.040139][T12437] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 611.050819][T12437] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.062476][T12437] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 611.073891][T12437] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 611.084517][T12437] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.094519][T12437] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 611.105129][T12437] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.115412][T12437] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 611.127429][T12437] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.143088][T12437] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 611.164871][T12437] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.187456][T12437] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 611.198272][T12437] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.208393][T12437] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 611.219404][T12437] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.237559][T12437] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 611.836475][ T5239] Bluetooth: hci5: command 0x0407 tx timeout [ 611.842551][ T5239] Bluetooth: hci4: command 0x0c1a tx timeout [ 611.865443][T12437] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 611.874421][T12437] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 611.884424][T12437] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 611.893241][T12437] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 612.085059][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 612.112791][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 612.158055][ T5325] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 612.186469][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 612.199585][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 612.804310][ T5325] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 612.837703][ T5325] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 613.024803][ T5325] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 613.112991][ T5230] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 613.152126][ T5325] usb 1-1: config 0 descriptor?? [ 613.292792][ T5230] usb 2-1: Using ep0 maxpacket: 16 [ 613.301021][ T5230] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 613.318596][ T5230] usb 2-1: config 0 has no interfaces? [ 613.325793][ T5230] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 613.336483][ T5230] usb 2-1: config 0 has no interfaces? [ 613.344849][ T5230] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 613.356698][ T5230] usb 2-1: config 0 has no interfaces? [ 613.366367][ T5230] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 613.378537][ T5230] usb 2-1: config 0 has no interfaces? [ 613.385596][ T5230] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 613.396567][ T5230] usb 2-1: config 0 has no interfaces? [ 613.418463][ T5230] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 613.440015][ T5230] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 613.451722][ T5230] usb 2-1: Product: syz [ 613.472037][ T5230] usb 2-1: Manufacturer: syz [ 613.485658][ T5230] usb 2-1: SerialNumber: syz [ 613.541840][ T5230] usb 2-1: config 0 descriptor?? [ 613.580370][T12634] loop2: detected capacity change from 0 to 1024 [ 613.823470][T12636] netlink: 108 bytes leftover after parsing attributes in process `syz.4.2389'. [ 613.917902][ T5325] keytouch 0003:0926:3333.0007: fixing up Keytouch IEC report descriptor [ 613.928101][ T5236] Bluetooth: hci5: command 0x0407 tx timeout [ 614.036353][ T5325] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0007/input/input12 [ 614.419654][T12638] bridge0: port 3(dummy0) entered blocking state [ 614.445671][T12638] bridge0: port 3(dummy0) entered disabled state [ 614.473796][T12638] dummy0: entered allmulticast mode [ 614.484087][T12642] /dev/loop2: Can't open blockdev [ 614.494357][T12638] dummy0: entered promiscuous mode [ 614.525623][T12638] bridge0: port 3(dummy0) entered blocking state [ 614.532186][T12638] bridge0: port 3(dummy0) entered forwarding state [ 614.578405][ T5325] keytouch 0003:0926:3333.0007: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 614.589185][ T5279] usb 2-1: USB disconnect, device number 30 [ 614.749975][ T5325] usb 1-1: USB disconnect, device number 41 [ 616.309915][T12679] netlink: 108 bytes leftover after parsing attributes in process `syz.1.2402'. [ 620.034650][ T5277] usb 3-1: new full-speed USB device number 25 using dummy_hcd [ 620.796743][ T5277] usb 3-1: device descriptor read/64, error -71 [ 620.797435][T12728] netlink: 108 bytes leftover after parsing attributes in process `syz.3.2418'. [ 621.252703][ T5277] usb 3-1: new full-speed USB device number 26 using dummy_hcd [ 621.572424][ T5277] usb 3-1: device descriptor read/64, error -71 [ 621.583652][T12739] squashfs: Unknown parameter '' [ 622.169016][ T5277] usb usb3-port1: attempt power cycle [ 624.089966][T12769] process 'syz.3.2433' launched './file1' with NULL argv: empty string added [ 624.391539][T12776] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2436'. [ 624.636363][ T1266] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.902762][ T5325] usb 3-1: new full-speed USB device number 28 using dummy_hcd [ 625.270011][ T5325] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 625.280258][ T5325] usb 3-1: config 0 has no interfaces? [ 625.290606][ T5325] usb 3-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 625.301002][ T5325] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 625.309302][ T5325] usb 3-1: Product: syz [ 625.313559][ T5325] usb 3-1: Manufacturer: syz [ 625.318341][ T5325] usb 3-1: SerialNumber: syz [ 625.985041][ T5325] usb 3-1: config 0 descriptor?? [ 626.242972][T12806] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2445'. [ 626.785242][T12813] loop1: detected capacity change from 0 to 1024 [ 626.955908][T12816] binder: BINDER_SET_CONTEXT_MGR already set [ 626.962013][T12816] binder: 12814:12816 ioctl 4018620d 20000040 returned -16 [ 627.103863][T12822] /dev/loop1: Can't open blockdev [ 627.992161][T12643] usb 3-1: USB disconnect, device number 28 [ 629.787676][T12854] binder: BINDER_SET_CONTEXT_MGR already set [ 629.813211][T12854] binder: 12852:12854 ioctl 4018620d 20000040 returned -16 [ 629.889502][T12862] netlink: 'syz.1.2467': attribute type 10 has an invalid length. [ 629.938678][T12862] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 629.965057][T12868] netlink: 'syz.1.2467': attribute type 2 has an invalid length. [ 629.974605][T12867] netlink: 'syz.2.2469': attribute type 10 has an invalid length. [ 630.010944][T12867] bond0: (slave netdevsim0): Releasing backup interface [ 630.027870][T12867] team0: Port device netdevsim0 added [ 631.881544][T12897] : renamed from vlan0 (while UP) [ 632.624219][T12910] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2480'. [ 633.507561][T12924] netlink: 'syz.1.2486': attribute type 10 has an invalid length. [ 633.574981][T12924] netlink: 'syz.1.2486': attribute type 2 has an invalid length. [ 633.610965][T12928] squashfs: Unknown parameter '' [ 634.161868][T12941] : renamed from vlan0 (while UP) [ 635.538947][T12962] loop2: detected capacity change from 0 to 1024 [ 635.743314][T12643] usb 2-1: new full-speed USB device number 31 using dummy_hcd [ 635.839208][T12971] /dev/loop2: Can't open blockdev [ 635.944407][T12643] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 635.987253][T12643] usb 2-1: config 0 has no interfaces? [ 636.011185][T12643] usb 2-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 636.036712][T12974] netlink: 16162 bytes leftover after parsing attributes in process `syz.4.2501'. [ 636.053103][T12643] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 636.075529][T12643] usb 2-1: Product: syz [ 636.088196][T12643] usb 2-1: Manufacturer: syz [ 636.100155][T12643] usb 2-1: SerialNumber: syz [ 636.109448][T12643] usb 2-1: config 0 descriptor?? [ 637.210087][T12984] netlink: 'syz.0.2504': attribute type 10 has an invalid length. [ 637.332881][T12984] netlink: 'syz.0.2504': attribute type 2 has an invalid length. [ 637.622397][T12994] netlink: 'syz.3.2508': attribute type 1 has an invalid length. [ 637.687590][T12994] bond2: entered promiscuous mode [ 637.796246][T12998] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2507'. [ 638.450386][ T5230] usb 2-1: USB disconnect, device number 31 [ 638.881481][T13021] netlink: 16162 bytes leftover after parsing attributes in process `syz.1.2515'. [ 639.118606][T13024] syzkaller0: entered promiscuous mode [ 639.142748][T13024] syzkaller0: entered allmulticast mode [ 642.796958][ T5277] usb 4-1: new full-speed USB device number 19 using dummy_hcd [ 642.976185][ T5277] usb 4-1: config 0 has an invalid interface number: 133 but max is 0 [ 642.984831][ T5277] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 642.995396][ T5277] usb 4-1: config 0 has no interface number 0 [ 643.004209][ T5277] usb 4-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 643.014212][ T5277] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 643.022813][ T5277] usb 4-1: Product: syz [ 643.027338][ T5277] usb 4-1: Manufacturer: syz [ 643.031970][ T5277] usb 4-1: SerialNumber: syz [ 643.038851][ T5277] usb 4-1: config 0 descriptor?? [ 643.255665][ T5277] keyspan 4-1:0.133: Keyspan 1 port adapter converter detected [ 643.268257][T13031] netlink: 'syz.1.2519': attribute type 1 has an invalid length. [ 643.268330][ T5277] keyspan 4-1:0.133: found no endpoint descriptor for endpoint 82 [ 643.285613][T13041] netlink: 'syz.2.2521': attribute type 10 has an invalid length. [ 643.311897][ T5277] keyspan 4-1:0.133: found no endpoint descriptor for endpoint 81 [ 643.329196][ T5277] keyspan 4-1:0.133: found no endpoint descriptor for endpoint 1 [ 643.337156][ T5277] keyspan 4-1:0.133: found no endpoint descriptor for endpoint 2 [ 643.356162][ T5277] usb 4-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 643.376690][T13041] team0: Port device netdevsim0 removed [ 643.395748][T13041] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 643.419985][T13042] netlink: 'syz.2.2521': attribute type 2 has an invalid length. [ 643.470526][ T5277] usb 4-1: USB disconnect, device number 19 [ 643.478192][ T5277] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 643.498211][ T5277] keyspan 4-1:0.133: device disconnected [ 644.224213][ T5277] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 644.704600][T13083] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2533'. [ 644.804434][ T5277] usb 1-1: New USB device found, idVendor=093a, idProduct=2601, bcdDevice= 8.8f [ 644.843507][ T5277] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 644.996636][ T5277] usb 1-1: config 0 descriptor?? [ 645.195308][ T5277] gspca_main: pac7311-2.14.0 probing 093a:2601 [ 645.557690][T13091] syzkaller0: entered promiscuous mode [ 645.565016][ T5277] gspca_pac7311: reg_w() failed index 0x78, value 0x40, error -71 [ 645.570389][T13091] syzkaller0: entered allmulticast mode [ 645.573924][ T5277] pac7311 1-1:0.0: probe with driver pac7311 failed with error -71 [ 645.628507][ T5277] usb 1-1: USB disconnect, device number 42 [ 645.804614][T13102] netlink: 'syz.2.2538': attribute type 10 has an invalid length. [ 645.824714][T13103] netlink: 'syz.2.2538': attribute type 2 has an invalid length. [ 649.997292][T13122] netlink: 'syz.4.2544': attribute type 10 has an invalid length. [ 650.094677][T13122] bond0: (slave netdevsim0): Releasing backup interface [ 650.116274][T13122] team0: Port device netdevsim0 added [ 650.153527][T13123] netlink: 'syz.4.2544': attribute type 10 has an invalid length. [ 650.208842][T13123] team0: Port device netdevsim0 removed [ 650.223200][T13123] bond0: (slave netdevsim0): no link monitoring support [ 650.232342][T13123] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 650.511696][T13146] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2553'. [ 651.255549][T13155] netlink: 'syz.1.2556': attribute type 10 has an invalid length. [ 651.291870][T13155] netlink: 'syz.1.2556': attribute type 2 has an invalid length. [ 651.713111][ T5230] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 652.160378][T13164] syzkaller0: entered promiscuous mode [ 652.167637][T13164] syzkaller0: entered allmulticast mode [ 652.276409][ T5230] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 652.361315][ T5230] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 652.371551][ T5230] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 652.381860][ T5230] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 652.405241][T13161] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 652.419337][ T5230] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 654.568416][ T5277] usb 1-1: USB disconnect, device number 43 [ 658.371059][T13183] netlink: 'syz.4.2562': attribute type 10 has an invalid length. [ 658.383647][T13183] bond0: (slave netdevsim0): Releasing backup interface [ 658.392468][T13183] team0: Port device netdevsim0 added [ 658.399037][T13185] netlink: 'syz.4.2562': attribute type 10 has an invalid length. [ 658.424830][T13185] team0: Port device netdevsim0 removed [ 658.430928][T13185] bond0: (slave netdevsim0): no link monitoring support [ 658.442868][T13185] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 658.453101][T13195] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2567'. [ 658.492954][T13205] netlink: 'syz.1.2569': attribute type 10 has an invalid length. [ 658.521368][T13206] netlink: 'syz.1.2569': attribute type 2 has an invalid length. [ 658.537731][T13220] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 660.650355][T13237] loop1: detected capacity change from 0 to 128 [ 661.689074][T13250] syzkaller0: entered promiscuous mode [ 661.712787][T13250] syzkaller0: entered allmulticast mode [ 662.235720][T13258] netlink: 'syz.2.2582': attribute type 10 has an invalid length. [ 662.250941][T13258] bond0: (slave netdevsim0): Releasing backup interface [ 662.273753][T13258] team0: Port device netdevsim0 added [ 662.323000][T13260] netlink: 'syz.2.2582': attribute type 10 has an invalid length. [ 662.339475][T13260] team0: Port device netdevsim0 removed [ 662.356392][T13260] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 665.572783][T13265] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2583'. [ 665.592891][T13269] netlink: 'syz.0.2585': attribute type 10 has an invalid length. [ 665.600835][T13272] netlink: 'syz.0.2585': attribute type 2 has an invalid length. [ 666.739580][T13310] netlink: 'syz.4.2597': attribute type 10 has an invalid length. [ 667.832884][ T5310] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 667.918185][T13310] bond0: (slave netdevsim0): Releasing backup interface [ 667.947117][T13310] team0: Port device netdevsim0 added [ 668.057955][T13317] netlink: 'syz.4.2597': attribute type 10 has an invalid length. [ 668.108177][T13317] team0: Port device netdevsim0 removed [ 668.124174][T13317] bond0: (slave netdevsim0): no link monitoring support [ 668.148270][T13317] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 668.297971][T13323] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 668.306612][ T5310] usb 4-1: Using ep0 maxpacket: 32 [ 668.344432][T13323] batadv_slave_0: entered promiscuous mode [ 669.042703][ T5310] usb 4-1: config index 0 descriptor too short (expected 35577, got 27) [ 669.051315][ T5310] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 669.067217][ T5310] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 669.077942][ T5310] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 669.089485][ T5310] usb 4-1: config 1 has no interface number 0 [ 669.097575][ T5310] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 669.106759][ T5310] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 669.224994][ T5310] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found [ 669.287093][T13329] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2600'. [ 669.385480][ T5310] snd_usb_pod 4-1:1.1: endpoint not available, using fallback values [ 669.394081][ T5310] snd_usb_pod 4-1:1.1: invalid control EP [ 669.402944][ T5310] snd_usb_pod 4-1:1.1: cannot start listening: -22 [ 669.409902][ T5310] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected [ 669.423082][ T5310] snd_usb_pod 4-1:1.1: probe with driver snd_usb_pod failed with error -22 [ 669.434132][T13338] netlink: 'syz.2.2602': attribute type 10 has an invalid length. [ 669.500946][T13343] netlink: 'syz.2.2602': attribute type 2 has an invalid length. [ 670.714219][ T9] usb 5-1: dvb_usb_v2: Did not find the firmware file 'dvb-usb-ec168.fw' (status -110). You can use /scripts/get_dvb_firmware to get the firmware [ 671.161034][ T9] dvb_usb_ec168 5-1:0.1: probe with driver dvb_usb_ec168 failed with error -110 [ 671.522324][ T9] usb 5-1: USB disconnect, device number 22 [ 671.543580][T13351] loop1: detected capacity change from 0 to 164 [ 672.498923][ T5280] usb 4-1: USB disconnect, device number 20 [ 672.513083][ T5239] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 672.523458][ T5239] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 672.531903][ T5239] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 672.545934][ T5239] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 672.554469][ T5239] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 672.594216][ T5239] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 673.007158][T13373] netlink: 112 bytes leftover after parsing attributes in process `syz.0.2610'. [ 673.551982][ T3026] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 673.591574][T13375] netlink: 1320 bytes leftover after parsing attributes in process `syz.2.2609'. [ 673.705725][ T3026] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 673.872942][ T5310] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 674.027515][ T3026] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 674.211634][T13377] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 674.273646][T13377] Error parsing options; rc = [-22] [ 674.282175][T13383] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2614'. [ 674.368839][ T3026] bond0: (slave netdevsim0): Releasing backup interface [ 674.379485][ T3026] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 674.439170][ T5310] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 674.450414][ T5310] usb 1-1: config 0 has no interfaces? [ 674.629925][ T5310] usb 1-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=9f.d4 [ 674.639374][ T5310] usb 1-1: New USB device strings: Mfr=188, Product=0, SerialNumber=0 [ 674.647756][ T5310] usb 1-1: Manufacturer: syz [ 674.671000][ T5310] usb 1-1: config 0 descriptor?? [ 674.803343][T13396] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 675.293192][ T5239] Bluetooth: hci6: command tx timeout [ 675.375951][T13360] chnl_net:caif_netlink_parms(): no params data found [ 675.508819][ T5310] usb 1-1: USB disconnect, device number 44 [ 675.547780][ T3026] ip6gretap0: left allmulticast mode [ 675.556496][ T3026] ip6gretap0: left promiscuous mode [ 675.561926][ T3026] bridge0: port 3(ip6gretap0) entered disabled state [ 675.632459][ T3026] bridge_slave_1: left allmulticast mode [ 675.701725][ T3026] bridge_slave_1: left promiscuous mode [ 675.732077][ T3026] bridge0: port 2(bridge_slave_1) entered disabled state [ 675.758474][ T3026] bridge_slave_0: left allmulticast mode [ 675.782531][ T3026] bridge_slave_0: left promiscuous mode [ 675.793011][ T3026] bridge0: port 1(bridge_slave_0) entered disabled state [ 677.352873][ T5239] Bluetooth: hci6: command tx timeout [ 678.190339][T13426] netlink: 112 bytes leftover after parsing attributes in process `syz.3.2622'. [ 679.534116][ T5239] Bluetooth: hci6: command tx timeout [ 681.213941][ T3026] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 681.236415][ T3026] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 681.257362][ T3026] bond0 (unregistering): Released all slaves [ 681.271291][ T3026] bond1 (unregistering): Released all slaves [ 681.288973][T13360] bridge0: port 1(bridge_slave_0) entered blocking state [ 681.296441][T13360] bridge0: port 1(bridge_slave_0) entered disabled state [ 681.311365][T13360] bridge_slave_0: entered allmulticast mode [ 681.322835][T13360] bridge_slave_0: entered promiscuous mode [ 681.363329][T13360] bridge0: port 2(bridge_slave_1) entered blocking state [ 681.372476][T13360] bridge0: port 2(bridge_slave_1) entered disabled state [ 681.389317][T13360] bridge_slave_1: entered allmulticast mode [ 681.396887][T13360] bridge_slave_1: entered promiscuous mode [ 681.459943][T13452] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2631'. [ 681.593228][ T5239] Bluetooth: hci6: command tx timeout [ 681.813797][T13462] netlink: 112 bytes leftover after parsing attributes in process `syz.0.2635'. [ 682.341800][T13455] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2632'. [ 682.416981][T13360] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 682.487937][T13469] loop3: detected capacity change from 0 to 164 [ 682.566096][T13360] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 682.946681][ T3026] hsr_slave_0: left promiscuous mode [ 682.947026][ T3026] hsr_slave_1: left promiscuous mode [ 682.947403][ T3026] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 682.947471][ T3026] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 682.947881][ T3026] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 682.947900][ T3026] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 682.959179][ T3026] veth1_macvtap: left promiscuous mode [ 682.959248][ T3026] veth0_macvtap: left promiscuous mode [ 682.959317][ T3026] veth1_vlan: left promiscuous mode [ 682.959368][ T3026] veth0_vlan: left promiscuous mode [ 685.084538][ T3026] team0 (unregistering): Port device team_slave_0 removed [ 685.886663][T13360] team0: Port device team_slave_0 added [ 685.894047][T13487] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2642'. [ 685.974983][T13360] team0: Port device team_slave_1 added [ 685.995130][ T1266] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.165600][T13360] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 686.262861][T13360] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 686.305938][T13360] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 686.384772][ T5280] usb 1-1: new full-speed USB device number 45 using dummy_hcd [ 686.432660][T13509] netlink: 112 bytes leftover after parsing attributes in process `syz.3.2647'. [ 686.877438][T13360] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 686.902764][T13360] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 686.969003][ T5280] usb 1-1: config 0 has an invalid interface number: 133 but max is 0 [ 686.990365][ T5280] usb 1-1: config 0 has no interface number 0 [ 687.008568][ T5280] usb 1-1: config 0 interface 133 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 687.024704][T13360] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 687.037430][T13510] : renamed from vlan0 (while UP) [ 687.066985][ T5280] usb 1-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 687.077628][ T5280] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 687.086005][ T5280] usb 1-1: Product: syz [ 687.090217][ T5280] usb 1-1: Manufacturer: syz [ 687.094990][ T5280] usb 1-1: SerialNumber: syz [ 687.101762][ T5280] usb 1-1: config 0 descriptor?? [ 687.310487][T13360] hsr_slave_0: entered promiscuous mode [ 687.331253][T13526] loop1: detected capacity change from 0 to 1024 [ 687.348381][ T5280] keyspan 1-1:0.133: Keyspan 1 port adapter converter detected [ 687.358056][ T5280] keyspan 1-1:0.133: unsupported endpoint type 0 [ 687.475044][ T5280] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 81 [ 687.483177][ T5280] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 1 [ 687.491200][ T5280] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 2 [ 687.506201][ T5280] usb 1-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 687.523666][T13360] hsr_slave_1: entered promiscuous mode [ 687.546496][T13360] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 687.584652][T13360] Cannot create hsr debugfs directory [ 687.656940][T13528] /dev/loop1: Can't open blockdev [ 687.706983][ T5280] usb 1-1: USB disconnect, device number 45 [ 687.723611][ T5280] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 687.749132][ T5280] keyspan 1-1:0.133: device disconnected [ 687.794354][ T29] audit: type=1326 audit(1727518422.143:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13530 comm="syz.2.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff115d7dff9 code=0x7ffc0000 [ 687.825508][T13531] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 687.846114][T13531] futex_wake_op: syz.2.2655 tries to shift op by -1; fix this program [ 687.869405][ T29] audit: type=1326 audit(1727518422.163:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13530 comm="syz.2.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7ff115d7dff9 code=0x7ffc0000 [ 687.959264][ T29] audit: type=1326 audit(1727518422.163:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13530 comm="syz.2.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff115d7dff9 code=0x7ffc0000 [ 687.994959][ T29] audit: type=1326 audit(1727518422.163:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13530 comm="syz.2.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff115d7c990 code=0x7ffc0000 [ 688.029993][ T29] audit: type=1326 audit(1727518422.173:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13530 comm="syz.2.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff115d7dff9 code=0x7ffc0000 [ 688.061679][ T29] audit: type=1326 audit(1727518422.173:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13530 comm="syz.2.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff115d7dff9 code=0x7ffc0000 [ 688.153284][ T29] audit: type=1326 audit(1727518422.173:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13530 comm="syz.2.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff115d7dff9 code=0x7ffc0000 [ 688.208558][ T29] audit: type=1326 audit(1727518422.193:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13530 comm="syz.2.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff115d7dff9 code=0x7ffc0000 [ 688.231489][ T29] audit: type=1326 audit(1727518422.193:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13530 comm="syz.2.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff115d7dff9 code=0x7ffc0000 [ 688.243308][T13532] netlink: 1276 bytes leftover after parsing attributes in process `syz.2.2655'. [ 688.254628][ T29] audit: type=1326 audit(1727518422.243:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13530 comm="syz.2.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff115d7dff9 code=0x7ffc0000 [ 688.321413][ T3026] IPVS: stop unused estimator thread 0... [ 688.768122][T13551] netlink: 112 bytes leftover after parsing attributes in process `syz.3.2660'. [ 689.045840][ T5239] Bluetooth: hci5: command 0x0407 tx timeout [ 689.470909][T13360] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 689.515628][T13360] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 689.533744][T13360] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 689.550846][T13360] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 690.410379][T13360] 8021q: adding VLAN 0 to HW filter on device bond0 [ 690.479458][T13572] loop2: detected capacity change from 0 to 1024 [ 690.489043][T13360] 8021q: adding VLAN 0 to HW filter on device team0 [ 690.662314][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 690.669525][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 690.677470][ T9] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 690.740941][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 690.748135][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 690.874928][T13578] /dev/loop2: Can't open blockdev [ 690.965135][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 690.989528][ T9] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 691.027403][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 691.073967][ T9] usb 4-1: config 0 descriptor?? [ 691.099215][ T9] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 691.460604][T13360] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 691.562854][ T5325] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 691.732857][ T5325] usb 1-1: Using ep0 maxpacket: 32 [ 691.746313][ T5325] usb 1-1: New USB device found, idVendor=3823, idProduct=0001, bcdDevice= 3.eb [ 691.757233][ T5325] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 691.765835][ T5325] usb 1-1: Product: syz [ 691.772510][ T5325] usb 1-1: Manufacturer: syz [ 691.780886][ T5325] usb 1-1: SerialNumber: syz [ 691.814495][ T5325] usb 1-1: config 0 descriptor?? [ 691.874928][T13360] veth0_vlan: entered promiscuous mode [ 691.913216][T13360] veth1_vlan: entered promiscuous mode [ 691.966512][T13360] veth0_macvtap: entered promiscuous mode [ 692.018207][T13360] veth1_macvtap: entered promiscuous mode [ 692.029932][ T5325] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input13 [ 692.093496][T13360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 692.104175][T13360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 692.114501][T13360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 692.132871][T13360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 692.144550][T13360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 692.158361][T13360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 692.192048][T13360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 692.211129][T13360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 692.221242][T13360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 692.249341][T13360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 692.261099][ T5325] usb 1-1: USB disconnect, device number 46 [ 692.299339][T13360] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 692.356731][T13360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 692.377516][T13360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 692.392062][T13360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 692.412643][T13360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 692.429722][T13360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 692.440725][T13360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 692.455685][T13360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 692.469215][T13360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 692.502708][T13360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 692.519807][T13360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 692.529866][T13360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 692.540802][T13360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 692.554010][T13360] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 692.581149][T13360] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 692.590389][T13360] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 692.599885][T13360] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 692.610064][T13360] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 692.678864][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 692.687521][ T5230] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 692.701695][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 692.738604][ T1298] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 692.752314][ T1298] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 692.865979][ T5230] usb 2-1: Using ep0 maxpacket: 32 [ 692.878837][ T5230] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 692.907611][ T5230] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 692.928286][ T5230] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 692.967602][ T5230] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 692.999494][ T5230] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 693.063999][ T5230] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 693.090019][ T5230] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 693.099359][ T5230] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 693.763568][ T5230] usb 2-1: config 0 descriptor?? [ 693.783875][ T5310] usb 4-1: USB disconnect, device number 21 [ 694.035156][T13617] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 694.093686][T13617] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 694.258146][T13639] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2681'. [ 694.695470][ T5230] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 32 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 694.708695][ T5230] usb 2-1: USB disconnect, device number 32 [ 694.726453][ T5230] usblp0: removed [ 695.129440][ T5230] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 695.365168][ T5230] usb 2-1: Using ep0 maxpacket: 16 [ 695.403930][ T5230] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0xF has invalid maxpacket 157 [ 695.930845][ T5230] usb 2-1: string descriptor 0 read error: -71 [ 695.937263][ T5230] usb 2-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87 [ 695.946559][ T5230] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 695.964804][ T5230] usb 2-1: config 0 descriptor?? [ 696.018592][ T5230] usb 2-1: can't set config #0, error -71 [ 696.035436][ T5230] usb 2-1: USB disconnect, device number 33 [ 696.302949][ T5325] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 696.397512][ T5230] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 696.467633][ T5325] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 696.477860][ T5325] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 696.486408][ T5325] usb 3-1: Product: syz [ 696.490954][ T5325] usb 3-1: Manufacturer: syz [ 696.496208][ T5325] usb 3-1: SerialNumber: syz [ 696.505563][ T5325] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 696.523970][ T5280] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 696.564773][ T5230] usb 2-1: config index 0 descriptor too short (expected 23569, got 27) [ 696.575198][ T5230] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 696.587322][ T5230] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 696.596551][ T5230] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 696.604736][ T5230] usb 2-1: Manufacturer: syz [ 696.611488][ T5230] usb 2-1: config 0 descriptor?? [ 696.674888][ T5230] rc_core: IR keymap rc-hauppauge not found [ 696.681137][ T5230] Registered IR keymap rc-empty [ 696.688029][ T5230] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 696.701535][ T5230] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input14 [ 696.830528][ T5325] usb 2-1: USB disconnect, device number 34 [ 697.228646][T13696] loop0: detected capacity change from 0 to 7 [ 697.292296][T13696] Dev loop0: unable to read RDB block 7 [ 697.305242][T13696] loop0: unable to read partition table [ 697.331323][T13696] loop0: partition table beyond EOD, truncated [ 697.358826][T13696] loop_reread_partitions: partition scan of loop0 (被xڬdƤݡ [ 697.358826][T13696] ) failed (rc=-5) [ 698.352760][ T5280] usb 3-1: Service connection timeout for: 256 [ 698.359107][ T5280] ath9k_htc 3-1:1.0: ath9k_htc: Unable to initialize HTC services [ 698.420598][ T5280] ath9k_htc: Failed to initialize the device [ 698.438292][ T5280] usb 3-1: ath9k_htc: USB layer deinitialized [ 698.502761][ T5325] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 698.652735][ T5325] usb 4-1: Using ep0 maxpacket: 16 [ 698.659590][ T5325] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 698.665190][ T5230] usb 3-1: USB disconnect, device number 29 [ 698.694297][ T5325] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 698.711928][ T5325] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 698.727680][ T5325] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 698.736908][ T5325] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 698.749126][ T5325] usb 4-1: config 0 descriptor?? [ 698.921800][T13732] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 699.059621][T13737] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2717'. [ 699.196158][ T5325] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0 [ 699.286452][ T5325] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0008/input/input15 [ 699.325710][ T5325] microsoft 0003:045E:07DA.0008: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 699.449053][T13746] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2719'. [ 700.293050][ T5230] usb 4-1: USB disconnect, device number 22 [ 700.800769][T13757] loop1: detected capacity change from 0 to 128 [ 701.104170][T13762] loop4: detected capacity change from 0 to 7 [ 701.131991][T13762] Dev loop4: unable to read RDB block 7 [ 701.149505][T13762] loop4: unable to read partition table [ 701.163635][T13762] loop4: partition table beyond EOD, truncated [ 701.170972][T13762] loop_reread_partitions: partition scan of loop4 (被xڬdƤݡ [ 701.170972][T13762] ) failed (rc=-5) [ 701.221318][T13766] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 701.597168][ T5230] usb 3-1: new full-speed USB device number 30 using dummy_hcd [ 701.652840][ T5279] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 701.712790][ T5280] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 701.770377][ T5230] usb 3-1: config 0 has an invalid interface number: 133 but max is 0 [ 701.780960][ T5230] usb 3-1: config 0 has no interface number 0 [ 701.792007][ T5230] usb 3-1: config 0 interface 133 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 701.805598][ T5230] usb 3-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 701.814967][ T5230] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 701.825105][ T5230] usb 3-1: Product: syz [ 701.830377][ T5230] usb 3-1: Manufacturer: syz [ 701.836104][ T5230] usb 3-1: SerialNumber: syz [ 701.841547][ T5279] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 701.851163][ T5279] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 701.860020][ T5230] usb 3-1: config 0 descriptor?? [ 701.865358][ T5279] usb 2-1: Product: syz [ 701.870407][ T5279] usb 2-1: Manufacturer: syz [ 701.873639][ T5280] usb 4-1: Using ep0 maxpacket: 32 [ 701.875461][ T5279] usb 2-1: SerialNumber: syz [ 701.900529][ T5280] usb 4-1: New USB device found, idVendor=057b, idProduct=0000, bcdDevice= 0.5f [ 701.910492][ T5280] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 701.928349][ T5279] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 701.932754][ T5280] usb 4-1: Product: syz [ 701.949197][ T9] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 701.960787][ T5280] usb 4-1: Manufacturer: syz [ 701.972798][ T5280] usb 4-1: SerialNumber: syz [ 701.984375][ T5280] usb 4-1: config 0 descriptor?? [ 701.997957][ T5280] usb-storage 4-1:0.0: USB Mass Storage device detected [ 702.030621][ T5280] usb-storage 4-1:0.0: Quirks match for vid 057b pid 0000: 1 [ 702.070744][T13783] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2732'. [ 702.155479][ T5230] keyspan 3-1:0.133: Keyspan 1 port adapter converter detected [ 702.649696][ T5230] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 81 [ 702.658024][ T5230] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 1 [ 702.665929][ T5230] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 2 [ 702.669878][T13785] netlink: 1312 bytes leftover after parsing attributes in process `syz.3.2728'. [ 702.737199][ T5230] usb 3-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 702.763632][ T5230] usb 3-1: USB disconnect, device number 30 [ 702.779413][ T5230] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 702.789706][ T5230] keyspan 3-1:0.133: device disconnected [ 702.910716][T12643] usb 2-1: USB disconnect, device number 35 [ 703.342890][ T5230] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 703.545366][ T5230] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 703.556556][T13814] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2744'. [ 703.566715][ T5230] usb 3-1: config 0 has no interface number 0 [ 703.753031][ T9] usb 2-1: Service connection timeout for: 256 [ 703.762876][ T9] ath9k_htc 2-1:1.0: ath9k_htc: Unable to initialize HTC services [ 703.894114][ T9] ath9k_htc: Failed to initialize the device [ 704.011984][ T5230] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 704.021314][ T5230] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 704.029406][ T5230] usb 3-1: Product: syz [ 704.033647][ T5230] usb 3-1: Manufacturer: syz [ 704.038253][ T5230] usb 3-1: SerialNumber: syz [ 704.046340][T12643] usb 2-1: ath9k_htc: USB layer deinitialized [ 704.054523][ T5230] usb 3-1: config 0 descriptor?? [ 704.302850][ T5230] usb 3-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 704.313132][ T5230] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 704.324364][ T5230] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 704.332798][ T5230] usb 3-1: media controller created [ 704.355802][ T5230] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 704.387279][ T5280] usb 4-1: USB disconnect, device number 23 [ 704.442859][ T5310] usb 5-1: new full-speed USB device number 23 using dummy_hcd [ 704.525187][ T5230] i2c i2c-1: ec100: i2c rd failed=-32 reg=33 [ 704.579432][ T5230] usb 3-1: USB disconnect, device number 31 [ 704.783150][ T5310] usb 5-1: config 0 has an invalid interface number: 133 but max is 0 [ 704.791486][ T5310] usb 5-1: config 0 has no interface number 0 [ 704.827680][ T5310] usb 5-1: config 0 interface 133 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 704.881062][ T5310] usb 5-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 705.113011][ T5310] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 705.305583][ T5310] usb 5-1: Product: syz [ 705.405635][ T5310] usb 5-1: Manufacturer: syz [ 705.410303][ T5310] usb 5-1: SerialNumber: syz [ 705.425969][ T5310] usb 5-1: config 0 descriptor?? [ 705.517452][T13848] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2757'. [ 705.730768][ T5310] keyspan 5-1:0.133: Keyspan 1 port adapter converter detected [ 705.752341][ T5310] keyspan 5-1:0.133: found no endpoint descriptor for endpoint 81 [ 705.807594][ T5310] keyspan 5-1:0.133: found no endpoint descriptor for endpoint 1 [ 705.821177][ T5310] keyspan 5-1:0.133: found no endpoint descriptor for endpoint 2 [ 705.865162][ T5310] usb 5-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 706.100701][ T5230] usb 5-1: USB disconnect, device number 23 [ 706.122509][ T5230] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 706.173934][ T5230] keyspan 5-1:0.133: device disconnected [ 706.274176][T13861] netlink: 'syz.0.2760': attribute type 3 has an invalid length. [ 706.283603][T13861] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.2760'. [ 706.431506][ T29] kauditd_printk_skb: 18 callbacks suppressed [ 706.431524][ T29] audit: type=1326 audit(1727518440.773:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13864 comm="syz.2.2764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff115d7dff9 code=0x7ffc0000 [ 706.516675][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 706.689753][ T29] audit: type=1326 audit(1727518440.813:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13864 comm="syz.2.2764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff115d7dff9 code=0x7ffc0000 [ 707.351629][ T29] audit: type=1326 audit(1727518440.813:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13864 comm="syz.2.2764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7ff115d7dff9 code=0x7ffc0000 [ 707.382871][ T29] audit: type=1326 audit(1727518440.813:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13864 comm="syz.2.2764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff115d7dff9 code=0x7ffc0000 [ 707.554747][ T29] audit: type=1326 audit(1727518440.813:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13864 comm="syz.2.2764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff115d7dff9 code=0x7ffc0000 [ 707.595438][ T29] audit: type=1326 audit(1727518440.813:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13864 comm="syz.2.2764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff115d7dff9 code=0x7ffc0000 [ 707.629172][ T29] audit: type=1326 audit(1727518440.813:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13864 comm="syz.2.2764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff115d7dff9 code=0x7ffc0000 [ 707.658018][T13872] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 707.662427][ T29] audit: type=1326 audit(1727518440.813:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13864 comm="syz.2.2764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7ff115d7dff9 code=0x7ffc0000 [ 707.699482][ T29] audit: type=1326 audit(1727518440.813:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13864 comm="syz.2.2764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff115d7dff9 code=0x7ffc0000 [ 707.726815][ T29] audit: type=1326 audit(1727518440.813:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13864 comm="syz.2.2764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff115d7dff9 code=0x7ffc0000 [ 707.780715][T13872] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 707.892948][ T47] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 707.913905][T13895] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2773'. [ 708.093804][ T47] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 708.107848][ T47] usb 2-1: config 0 has no interface number 0 [ 708.162090][ T47] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 708.174740][ T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 708.183950][ T47] usb 2-1: Product: syz [ 708.188921][ T47] usb 2-1: Manufacturer: syz [ 708.194988][ T47] usb 2-1: SerialNumber: syz [ 708.310791][ T47] usb 2-1: config 0 descriptor?? [ 708.586674][ T47] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 708.619273][ T47] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 708.697123][ T47] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 708.729596][ T47] usb 2-1: media controller created [ 708.779671][ T47] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 708.858207][ T47] i2c i2c-1: ec100: i2c rd failed=-32 reg=33 [ 709.706935][ T47] usb 2-1: USB disconnect, device number 36 [ 709.836188][T13918] loop3: detected capacity change from 0 to 1024 [ 710.022836][ T5325] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 710.149421][T13922] /dev/loop3: Can't open blockdev [ 710.201437][ T5325] usb 3-1: config 0 interface 0 has no altsetting 0 [ 710.213241][ T5325] usb 3-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=9f.d4 [ 710.242765][ T5325] usb 3-1: New USB device strings: Mfr=188, Product=0, SerialNumber=0 [ 710.866939][ T5325] usb 3-1: Manufacturer: syz [ 710.877062][ T5325] usb 3-1: config 0 descriptor?? [ 711.299590][ T5325] gs_usb 3-1:0.0: Configuring for 1 interfaces [ 711.525847][ T5325] gs_usb 3-1:0.0: Couldn't register candev for channel 0 (-EINVAL) [ 711.588605][ T5325] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -22 [ 711.751901][ T5325] usb 3-1: USB disconnect, device number 32 [ 713.198821][T13958] syzkaller0: entered allmulticast mode [ 713.359218][T13963] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2795'. [ 713.569328][T13977] netlink: 'syz.2.2800': attribute type 9 has an invalid length. [ 714.365965][T13977] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.2800'. [ 714.411187][T13982] fuse: Bad value for 'user_id' [ 714.420007][T13982] fuse: Bad value for 'user_id' [ 714.558313][T13981] binder: 13979:13981 ioctl c0306201 0 returned -14 [ 714.892848][T13910] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 715.131047][T13910] usb 1-1: config 0 interface 0 has no altsetting 0 [ 715.149457][T13910] usb 1-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=9f.d4 [ 715.160510][T13910] usb 1-1: New USB device strings: Mfr=188, Product=0, SerialNumber=0 [ 715.168962][T13910] usb 1-1: Manufacturer: syz [ 715.187188][T13910] usb 1-1: config 0 descriptor?? [ 715.667405][T13910] gs_usb 1-1:0.0: Configuring for 1 interfaces [ 715.871894][T13910] gs_usb 1-1:0.0: Couldn't get bit timing const for channel 0 (-EPROTO) [ 715.880645][T13910] gs_usb 1-1:0.0: probe with driver gs_usb failed with error -71 [ 715.916332][T13910] usb 1-1: USB disconnect, device number 47 [ 718.757435][T13984] netlink: 'syz.2.2800': attribute type 9 has an invalid length. [ 718.767257][T13993] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2804'. [ 718.767883][T13984] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.2800'. [ 718.777972][T13993] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2804'. [ 718.913178][ T5279] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 719.207617][T14017] fuse: Bad value for 'fd' [ 719.242740][ T5279] usb 5-1: Using ep0 maxpacket: 32 [ 719.251870][ T5279] usb 5-1: New USB device found, idVendor=3823, idProduct=0001, bcdDevice= 3.eb [ 719.262660][ T5279] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 719.297382][ T5279] usb 5-1: Product: syz [ 719.318814][ T5279] usb 5-1: Manufacturer: syz [ 719.360573][ T5279] usb 5-1: SerialNumber: syz [ 719.672151][ T5279] usb 5-1: config 0 descriptor?? [ 720.004473][ T5279] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input16 [ 720.114402][T14030] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2815'. [ 720.402832][ T5325] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 720.647829][T14002] loop3: detected capacity change from 0 to 7 [ 720.662978][T14035] binder: 14034:14035 ioctl c0306201 0 returned -14 [ 720.716517][T14002] Dev loop3: unable to read RDB block 7 [ 720.867756][T14002] loop3: unable to read partition table [ 720.893520][T14002] loop3: partition table beyond EOD, truncated [ 720.894686][ T5325] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 720.920702][T14002] loop_reread_partitions: partition scan of loop3 (被 ) failed (rc=-5) [ 720.922752][ T5325] usb 3-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 720.950649][ T5325] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 720.956059][ T5230] usb 5-1: USB disconnect, device number 24 [ 720.963816][ T5325] usb 3-1: config 0 descriptor?? [ 720.999449][ T5325] usb 3-1: Found UVC 0.00 device (046d:08c1) [ 721.017364][ T5325] usb 3-1: No valid video chain found. [ 721.182858][ T5279] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 721.372810][ T5279] usb 2-1: Using ep0 maxpacket: 16 [ 721.407032][ T5279] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 721.439264][ T5279] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 721.453406][ T5279] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 721.471456][ T5279] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 721.481522][ T5279] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 721.498512][ T5279] usb 2-1: config 0 descriptor?? [ 721.894939][T14049] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2823'. [ 721.938158][ T5279] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0 [ 721.945222][T14049] batman_adv: batadv1: Adding interface: netdevsim0 [ 721.969314][T14049] batman_adv: batadv1: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 721.977364][ T5279] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0009/input/input17 [ 722.005265][T14049] batman_adv: batadv1: Interface activated: netdevsim0 [ 722.057417][ T5279] microsoft 0003:045E:07DA.0009: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 722.191805][ T5280] usb 2-1: USB disconnect, device number 37 [ 723.226387][ T9] usb 3-1: USB disconnect, device number 33 [ 723.289437][T14071] binder: 14070:14071 ioctl c0306201 0 returned -14 [ 723.302018][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.324890][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.360569][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.407163][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.433789][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.452155][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.469271][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.486127][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.497091][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.539236][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.557766][T14089] : renamed from vlan0 (while UP) [ 723.573340][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.603283][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.618192][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.632841][ T9] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 723.644762][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.662424][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.676696][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.692736][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.708682][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.723440][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.736633][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.754847][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.777420][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.798859][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.815585][ T9] usb 3-1: config 0 has no interfaces? [ 723.821437][ T9] usb 3-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 723.841138][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.850412][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 723.858616][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.875953][ T9] usb 3-1: config 0 descriptor?? [ 723.884285][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.899634][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.907279][T12643] usb 1-1: new full-speed USB device number 48 using dummy_hcd [ 723.926219][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.933938][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.941446][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.949109][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.956649][ T5230] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 723.974610][ T5230] hid-generic 0000:0000:0000.000A: hidraw0: HID v0.00 Device [syz1] on syz0 [ 724.523311][T12643] usb 1-1: config 0 has an invalid interface number: 133 but max is 0 [ 724.538891][T12643] usb 1-1: config 0 has no interface number 0 [ 724.635333][ T5325] usb 3-1: USB disconnect, device number 34 [ 724.673397][T12643] usb 1-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 724.683266][T12643] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 724.691615][T12643] usb 1-1: Product: syz [ 724.706183][T12643] usb 1-1: Manufacturer: syz [ 724.710839][T12643] usb 1-1: SerialNumber: syz [ 724.755267][T12643] usb 1-1: config 0 descriptor?? [ 724.779854][T14103] syzkaller0: entered promiscuous mode [ 724.785674][T14103] syzkaller0: entered allmulticast mode [ 724.966950][T14106] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2845'. [ 725.052630][T14109] netlink: 'syz.1.2846': attribute type 4 has an invalid length. [ 725.184817][T12643] keyspan 1-1:0.133: Keyspan 1 port adapter converter detected [ 725.210542][T14113] openvswitch: netlink: Actions may not be safe on all matching packets [ 725.214063][T12643] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 81 [ 725.260784][T12643] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 1 [ 725.278022][T12643] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 2 [ 725.294897][T12643] usb 1-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 725.424914][T12643] usb 1-1: USB disconnect, device number 48 [ 725.439248][T12643] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 725.473147][T12643] keyspan 1-1:0.133: device disconnected [ 725.660839][T14131] netlink: 296 bytes leftover after parsing attributes in process `syz.4.2854'. [ 725.782836][ T9] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 725.959889][ T9] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 725.991486][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 726.017756][ T9] usb 2-1: Product: syz [ 726.026460][ T9] usb 2-1: Manufacturer: syz [ 726.031338][ T9] usb 2-1: SerialNumber: syz [ 726.046574][ T9] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 726.073220][T12643] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 726.332778][ T47] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 726.492255][ T5230] usb 2-1: USB disconnect, device number 38 [ 726.516951][ T47] usb 1-1: config index 0 descriptor too short (expected 106, got 36) [ 726.525801][ T47] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 726.539216][ T47] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 726.544581][T14142] openvswitch: netlink: Actions may not be safe on all matching packets [ 726.562729][ T47] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1b3e, bcdDevice= 0.00 [ 726.573832][ T47] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 726.623364][ T47] usb 1-1: config 0 descriptor?? [ 727.041977][ T47] corsair 0003:1B1C:1B3E.000B: unknown main item tag 0x0 [ 727.095269][ T47] corsair 0003:1B1C:1B3E.000B: unknown main item tag 0x0 [ 727.112823][ T47] corsair 0003:1B1C:1B3E.000B: unknown main item tag 0x0 [ 727.123196][ T47] corsair 0003:1B1C:1B3E.000B: unknown main item tag 0x0 [ 727.127768][T12643] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 727.130756][ T47] corsair 0003:1B1C:1B3E.000B: unknown main item tag 0x0 [ 727.166020][ T47] corsair 0003:1B1C:1B3E.000B: failed to start in urb: -90 [ 727.182832][T12643] ath9k_htc: Failed to initialize the device [ 727.206793][ T47] corsair 0003:1B1C:1B3E.000B: hidraw0: USB HID v0.00 Device [HID 1b1c:1b3e] on usb-dummy_hcd.0-1/input0 [ 727.219740][ T5230] usb 2-1: ath9k_htc: USB layer deinitialized [ 727.268292][ T47] usb 1-1: USB disconnect, device number 49 [ 727.820791][T14168] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2866'. [ 728.603610][T14176] openvswitch: netlink: Actions may not be safe on all matching packets [ 728.713958][T14182] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2870'. [ 729.044304][T14188] netlink: 296 bytes leftover after parsing attributes in process `syz.4.2874'. [ 729.291020][T14193] syzkaller1: entered promiscuous mode [ 729.312546][T14193] syzkaller1: entered allmulticast mode [ 730.177110][T14205] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2880'. [ 730.340458][T14210] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2881'. [ 731.309537][T14220] openvswitch: netlink: Actions may not be safe on all matching packets [ 731.432889][ T30] INFO: task syz.1.2303:12356 blocked for more than 143 seconds. [ 731.463466][ T30] Not tainted 6.11.0-next-20240927-syzkaller #0 [ 731.472720][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 731.481436][ T30] task:syz.1.2303 state:D stack:26320 pid:12356 tgid:12353 ppid:5581 flags:0x00004006 [ 731.502865][T14223] fuse: Bad value for 'fd' [ 731.505180][ T30] Call Trace: [ 731.510667][ T30] [ 731.521750][ T30] __schedule+0x1895/0x4b30 [ 731.536427][ T30] ? __pfx___schedule+0x10/0x10 [ 731.549822][ T30] ? __pfx_lock_release+0x10/0x10 [ 731.577118][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 731.588111][ T30] ? schedule+0x90/0x320 [ 731.592941][ T30] schedule+0x14b/0x320 [ 731.597709][ T30] schedule_preempt_disabled+0x13/0x30 [ 731.603391][ T30] __mutex_lock+0x6a7/0xd70 [ 731.608004][ T30] ? __mutex_lock+0x52a/0xd70 [ 731.612824][ T30] ? nfsd_shutdown_threads+0x4e/0xd0 [ 731.618230][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 731.623406][ T30] nfsd_shutdown_threads+0x4e/0xd0 [ 731.628617][ T30] nfsd_umount+0x43/0xd0 [ 731.633000][ T30] deactivate_locked_super+0xc4/0x130 [ 731.638506][ T30] put_fs_context+0x94/0x780 [ 731.643446][ T30] fscontext_release+0x62/0x80 [ 731.650569][ T30] ? __pfx_fscontext_release+0x10/0x10 [ 731.656302][ T30] __fput+0x23f/0x880 [ 731.665086][ T30] task_work_run+0x24f/0x310 [ 731.669911][ T30] ? __pfx_task_work_run+0x10/0x10 [ 731.675425][ T30] ? syscall_exit_to_user_mode+0xa3/0x370 [ 731.681310][ T30] syscall_exit_to_user_mode+0x168/0x370 [ 731.688436][ T30] do_syscall_64+0x100/0x230 [ 731.694739][ T30] ? clear_bhb_loop+0x35/0x90 [ 731.699960][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 731.706065][ T30] RIP: 0033:0x7f9f7777dff9 [ 731.710620][ T30] RSP: 002b:00007f9f771de038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 731.719305][ T30] RAX: 0000000000000000 RBX: 00007f9f77936130 RCX: 00007f9f7777dff9 [ 731.728105][ T30] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000004 [ 731.736693][ T30] RBP: 00007f9f777f0296 R08: 0000000000000000 R09: 0000000000000000 [ 731.745141][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 731.753417][ T30] R13: 0000000000000000 R14: 00007f9f77936130 R15: 00007ffdccd6aee8 [ 731.761496][ T30] [ 731.764674][ T30] [ 731.764674][ T30] Showing all locks held in the system: [ 731.773805][ T30] 1 lock held by khungtaskd/30: [ 731.779589][ T30] #0: ffffffff8e937de0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 731.789570][ T30] 2 locks held by kworker/u8:5/1298: [ 731.795207][ T30] #0: ffff88801b7ff148 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 731.806809][ T30] #1: ffffc9000476fd00 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 731.819170][ T30] 2 locks held by getty/4988: [ 731.824205][ T30] #0: ffff88803297a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 731.834335][ T30] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00 [ 731.845826][ T30] 6 locks held by kworker/0:3/5230: [ 731.851240][ T30] 2 locks held by kworker/u8:10/5961: [ 731.858707][ T30] 2 locks held by syz.3.1942/11213: [ 731.865278][ T30] #0: ffffffff8fd39070 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 731.873634][ T30] #1: ffffffff8ec1a588 (nfsd_mutex){+.+.}-{3:3}, at: nfsd_nl_listener_set_doit+0x12d/0x1a90 [ 731.884326][ T30] 2 locks held by syz.1.2303/12356: [ 731.890317][ T30] #0: ffff888062b020e0 (&type->s_umount_key#78){+.+.}-{3:3}, at: deactivate_super+0xb5/0xf0 [ 731.900801][ T30] #1: ffffffff8ec1a588 (nfsd_mutex){+.+.}-{3:3}, at: nfsd_shutdown_threads+0x4e/0xd0 [ 731.911306][ T30] [ 731.913999][ T30] ============================================= [ 731.913999][ T30] [ 731.922528][ T30] NMI backtrace for cpu 0 [ 731.926890][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-next-20240927-syzkaller #0 [ 731.936545][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 731.946612][ T30] Call Trace: [ 731.950003][ T30] [ 731.953031][ T30] dump_stack_lvl+0x241/0x360 [ 731.957728][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 731.962935][ T30] ? __pfx__printk+0x10/0x10 [ 731.967586][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 731.972531][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 731.977985][ T30] ? _printk+0xd5/0x120 [ 731.982178][ T30] ? __pfx__printk+0x10/0x10 [ 731.986773][ T30] ? __wake_up_klogd+0xcc/0x110 [ 731.991631][ T30] ? __pfx__printk+0x10/0x10 [ 731.996217][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 732.001245][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 732.007235][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 732.013305][ T30] watchdog+0xff4/0x1040 [ 732.017543][ T30] ? watchdog+0x1ea/0x1040 [ 732.021954][ T30] ? __pfx_watchdog+0x10/0x10 [ 732.026624][ T30] kthread+0x2f0/0x390 [ 732.030680][ T30] ? __pfx_watchdog+0x10/0x10 [ 732.035349][ T30] ? __pfx_kthread+0x10/0x10 [ 732.039930][ T30] ret_from_fork+0x4b/0x80 [ 732.044341][ T30] ? __pfx_kthread+0x10/0x10 [ 732.048918][ T30] ret_from_fork_asm+0x1a/0x30 [ 732.053689][ T30] [ 732.057459][ T30] Sending NMI from CPU 0 to CPUs 1: [ 732.063324][ C1] NMI backtrace for cpu 1 [ 732.063337][ C1] CPU: 1 UID: 0 PID: 3837 Comm: kworker/u8:8 Not tainted 6.11.0-next-20240927-syzkaller #0 [ 732.063356][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 732.063365][ C1] Workqueue: events_unbound cfg80211_wiphy_work [ 732.063391][ C1] RIP: 0010:unwind_next_frame+0x6dc/0x22d0 [ 732.063410][ C1] Code: c1 e8 3f 48 01 c8 48 83 e0 fe 49 8d 1c 46 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 75 27 48 63 03 <48> 01 d8 48 8d 4b 04 4c 39 f8 4c 0f 46 f1 48 8d 43 fc 48 0f 47 e8 [ 732.063428][ C1] RSP: 0018:ffffc9000bdb7510 EFLAGS: 00000246 [ 732.063442][ C1] RAX: fffffffff131e162 RBX: ffffffff902e99c0 RCX: dffffc0000000000 [ 732.063454][ C1] RDX: 00000000000b0001 RSI: ffffffff90a481fe RDI: ffffffff814156e0 [ 732.063466][ C1] RBP: ffffffff902e99c0 R08: 0000000000000001 R09: ffffc9000bdb76d0 [ 732.063477][ C1] R10: ffffc9000bdb7630 R11: ffffffff81808930 R12: ffffffff902e99c0 [ 732.063489][ C1] R13: ffffffff902e99c0 R14: ffffffff902e99c0 R15: ffffffff81607dff [ 732.063502][ C1] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 732.063516][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 732.063527][ C1] CR2: 00005555626c45c8 CR3: 000000007eb66000 CR4: 00000000003526f0 [ 732.063544][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 732.063554][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 732.063564][ C1] Call Trace: [ 732.063570][ C1] [ 732.063577][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 732.063597][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 732.063620][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 732.063639][ C1] ? nmi_handle+0x2a/0x5a0 [ 732.063663][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 732.063682][ C1] ? nmi_handle+0x14f/0x5a0 [ 732.063697][ C1] ? nmi_handle+0x2a/0x5a0 [ 732.063713][ C1] ? unwind_next_frame+0x6dc/0x22d0 [ 732.063728][ C1] ? default_do_nmi+0x63/0x160 [ 732.063748][ C1] ? exc_nmi+0x123/0x1f0 [ 732.063767][ C1] ? end_repeat_nmi+0xf/0x53 [ 732.063783][ C1] ? kthread+0x2ef/0x390 [ 732.063799][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 732.063820][ C1] ? unwind_next_frame+0xb0/0x22d0 [ 732.063834][ C1] ? unwind_next_frame+0x6dc/0x22d0 [ 732.063849][ C1] ? unwind_next_frame+0x6dc/0x22d0 [ 732.063865][ C1] ? unwind_next_frame+0x6dc/0x22d0 [ 732.063881][ C1] [ 732.063886][ C1] [ 732.063896][ C1] ? kthread+0x2f0/0x390 [ 732.063913][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 732.063931][ C1] arch_stack_walk+0x11c/0x150 [ 732.063950][ C1] ? kthread+0x2f0/0x390 [ 732.063967][ C1] stack_trace_save+0x118/0x1d0 [ 732.063985][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 732.064005][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 732.064029][ C1] kasan_save_track+0x3f/0x80 [ 732.064045][ C1] ? kasan_save_track+0x3f/0x80 [ 732.064059][ C1] ? kasan_save_free_info+0x40/0x50 [ 732.064078][ C1] ? __kasan_slab_free+0x59/0x70 [ 732.064098][ C1] ? kmem_cache_free+0x1a2/0x420 [ 732.064117][ C1] ? skb_release_data+0x677/0x8a0 [ 732.064135][ C1] ? sk_skb_reason_drop+0x1c9/0x380 [ 732.064151][ C1] ? ieee80211_iface_work+0x272/0xf20 [ 732.064173][ C1] ? cfg80211_wiphy_work+0x2db/0x490 [ 732.064191][ C1] ? process_scheduled_works+0xa63/0x1850 [ 732.064210][ C1] ? worker_thread+0x870/0xd30 [ 732.064229][ C1] ? kthread+0x2f0/0x390 [ 732.064265][ C1] kasan_save_free_info+0x40/0x50 [ 732.064284][ C1] __kasan_slab_free+0x59/0x70 [ 732.064300][ C1] ? skb_release_data+0x677/0x8a0 [ 732.064316][ C1] kmem_cache_free+0x1a2/0x420 [ 732.064336][ C1] ? skb_release_data+0x677/0x8a0 [ 732.064355][ C1] skb_release_data+0x677/0x8a0 [ 732.064378][ C1] sk_skb_reason_drop+0x1c9/0x380 [ 732.064397][ C1] ieee80211_iface_work+0x272/0xf20 [ 732.064422][ C1] cfg80211_wiphy_work+0x2db/0x490 [ 732.064442][ C1] ? process_scheduled_works+0x976/0x1850 [ 732.064462][ C1] process_scheduled_works+0xa63/0x1850 [ 732.064495][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 732.064519][ C1] ? assign_work+0x364/0x3d0 [ 732.064540][ C1] worker_thread+0x870/0xd30 [ 732.064567][ C1] ? __kthread_parkme+0x169/0x1d0 [ 732.064589][ C1] ? __pfx_worker_thread+0x10/0x10 [ 732.064609][ C1] kthread+0x2f0/0x390 [ 732.064623][ C1] ? __pfx_worker_thread+0x10/0x10 [ 732.064642][ C1] ? __pfx_kthread+0x10/0x10 [ 732.064658][ C1] ret_from_fork+0x4b/0x80 [ 732.064677][ C1] ? __pfx_kthread+0x10/0x10 [ 732.064692][ C1] ret_from_fork_asm+0x1a/0x30 [ 732.064718][ C1] [ 732.068001][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 732.519963][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-next-20240927-syzkaller #0 [ 732.529593][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 732.539698][ T30] Call Trace: [ 732.542984][ T30] [ 732.545911][ T30] dump_stack_lvl+0x241/0x360 [ 732.551023][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 732.556217][ T30] ? __pfx__printk+0x10/0x10 [ 732.560807][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 732.566819][ T30] ? vscnprintf+0x5d/0x90 [ 732.571183][ T30] panic+0x349/0x880 [ 732.575071][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 732.581232][ T30] ? __pfx_panic+0x10/0x10 [ 732.585637][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 732.591002][ T30] ? __irq_work_queue_local+0x137/0x410 [ 732.596545][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 732.601908][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 732.608141][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 732.614294][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 732.620448][ T30] watchdog+0x1033/0x1040 [ 732.624780][ T30] ? watchdog+0x1ea/0x1040 [ 732.629207][ T30] ? __pfx_watchdog+0x10/0x10 [ 732.633879][ T30] kthread+0x2f0/0x390 [ 732.637979][ T30] ? __pfx_watchdog+0x10/0x10 [ 732.642653][ T30] ? __pfx_kthread+0x10/0x10 [ 732.647329][ T30] ret_from_fork+0x4b/0x80 [ 732.651738][ T30] ? __pfx_kthread+0x10/0x10 [ 732.656412][ T30] ret_from_fork_asm+0x1a/0x30 [ 732.661210][ T30] [ 732.664482][ T30] Kernel Offset: disabled [ 732.668804][ T30] Rebooting in 86400 seconds..