last executing test programs: 34.219392487s ago: executing program 0 (id=4151): r0 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r0, &(0x7f0000000180)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x24) listen(r0, 0x100000) 34.107953176s ago: executing program 0 (id=4152): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={0xffffffffffffffff, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r0 = syz_io_uring_setup(0x239, &(0x7f0000000080), &(0x7f0000000180), &(0x7f00000001c0)=0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x3) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x111, 0x1}}, 0x20) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) shutdown(0xffffffffffffffff, 0x1) r5 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r5, &(0x7f0000000040), 0x0) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7020000080000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70300000000030085"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$BTRFS_IOC_INO_LOOKUP(0xffffffffffffffff, 0xd0009412, &(0x7f00000006c0)={0x0, 0x200}) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x4, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="85000000ce0000006a0a00ff000000003500000000000000950000000000000018100000", @ANYRES32, @ANYBLOB="100000000000002505000020000000009500000000000000"], &(0x7f0000000140)='GPL\x00', 0xa, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e}, 0x2d) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x30, 0x0, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_TAGLST={0x1c, 0x4, 0x0, 0x1, [{0x5}, {0x5, 0x3, 0x1}, {0x5}]}]}, 0x30}}, 0x0) 31.311865832s ago: executing program 0 (id=4161): io_setup(0x6, &(0x7f00000003c0)=0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000000c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) ioctl$SNDCTL_SEQ_RESET(r1, 0x5100) 30.731390242s ago: executing program 0 (id=4165): mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000004580)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000002480)='./file0\x00', 0x0, 0x104000, 0x0) 29.665403721s ago: executing program 0 (id=4167): ioctl$TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000001740)) r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000140), 0x10) sendmsg$can_bcm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="050000000300000000000000", @ANYRES64=r0, @ANYBLOB="0000000001"], 0x48}}, 0x0) recvmsg$can_bcm(r0, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x103) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) read(r0, &(0x7f0000001480)=""/4094, 0xffe) 24.832647368s ago: executing program 0 (id=4174): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x14) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)) 6.4393936s ago: executing program 2 (id=4258): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000300)={0x0, "fe84589dca4e36b9c34bb248598817945d657180c4ec4a8e159bfead524b6bbf8f71843cc138ff3d8a6f7da95e6c478dac5cfd45e5e0829bd43f0255257740fb"}, 0x48, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.events\x00', 0x7a05, 0x1700) pwritev(r1, &(0x7f0000000440)=[{&(0x7f0000000240)="96", 0x3fc00}], 0x2, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) getsockopt$packet_buf(r2, 0x107, 0x0, 0x0, &(0x7f0000000100)) 6.240466157s ago: executing program 2 (id=4260): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001a80)={0x68, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_SEQ_ADJ_REPLY={0x4, 0x5}]}, 0x68}}, 0x0) 6.045754395s ago: executing program 2 (id=4261): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0x6a, &(0x7f0000000180)={@link_local, @dev, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x30, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @private1}}}}}}}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)}) r1 = gettid() r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r3 = dup(r2) sendmsg$netlink(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000540)={0x64, 0x0, 0x0, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0x18, 0x0, 0x0, 0x1, [@typed={0x14, 0x3e, 0x0, 0x0, @ipv6=@mcast2}]}, @typed={0x8, 0x0, 0x0, 0x0, @uid}, @generic="927ef64ac433742f16d04eb7c3a75ba3ad4b2b914856d7feb680a59adff821bac1d07055a3"]}, 0x64}, {&(0x7f0000000580)=ANY=[], 0x1f88}], 0x2}, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f0000000340)=""/177, 0xb1}], 0x1) rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) shutdown(r3, 0x0) tkill(r1, 0x7) inotify_init1(0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), r0) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES16], 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) syz_usb_control_io$hid(r4, &(0x7f0000000040)={0x24, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="00220f0000000b574e69392bf85edacab30000420008700a84a9c4d4ae001fde2f2ab5c199f31cc2a8d2df7790b4e3d087472e7671b70ea130860584c6080fa190b12c72b12f68d1270747343453001dedf1e33a743c0bc066318144274ed08aa2a24c4d475a4a9264a08905794c9d8f923388a23267a85be2889cc0edb6599de191b5a2875185"], 0x0}, 0x0) syz_usb_control_io(r4, 0x0, &(0x7f0000000c00)={0x84, &(0x7f0000000140)=ANY=[@ANYBLOB="000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = epoll_create1(0x0) epoll_wait(r6, &(0x7f000000affb)=[{}], 0x1, 0x7fff) ioctl$FAT_IOCTL_SET_ATTRIBUTES(r6, 0x40047211, &(0x7f0000000080)=0x4) mmap(&(0x7f000000b000/0x2000)=nil, 0x2000, 0x0, 0x11, r5, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000040)={0x20000007}) r7 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) readv(r7, &(0x7f0000000480)=[{&(0x7f0000001580)=""/4091, 0x18}], 0x2) ioctl$HIDIOCSFLAG(r7, 0x4004480f, &(0x7f0000000000)=0x3) ioctl$HIDIOCGUSAGE(r7, 0xc018480b, 0x0) sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, 0x0, 0x40040) syz_emit_ethernet(0x3f, &(0x7f0000000000)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x42}, @val={@val={0x88a8, 0x7}, {0x8100, 0x0, 0x1, 0x2}}, {@arp={0x806, @generic={0x0, 0x0, 0x6, 0x6, 0x2, @random="78eea3bc7a81", "39b44d88a54a", @local, "ab819369b4e03a06117118ff998bb8"}}}}, &(0x7f0000000040)={0x0, 0x2, [0x3b4, 0xb03, 0xbb6, 0x146]}) 2.756301102s ago: executing program 2 (id=4271): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x14, 0x4, 0x4, 0x22}, 0x48) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000040)=0x8, 0x4) bind$inet(r1, &(0x7f0000000200)={0x2, 0x0, @empty}, 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r0, &(0x7f00000001c0), &(0x7f00000004c0)=@udp=r1}, 0x20) 2.458850585s ago: executing program 2 (id=4275): r0 = syz_open_procfs$userns(0x0, &(0x7f0000000000)) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder0\x00', 0x2, 0x0) r1 = ioctl$NS_GET_PARENT(r0, 0xb702, 0x0) ioctl$int_in(r1, 0x5421, &(0x7f0000000080)) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = accept4$inet(0xffffffffffffffff, &(0x7f0000001080)={0x2, 0x0, @empty}, 0x0, 0x800) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r1, 0x6611) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r5, 0x0) ftruncate(r5, 0x796c) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000001100), &(0x7f0000001140)=0xc) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x1b, &(0x7f0000001280), 0x4) getsockopt$inet6_tcp_buf(r4, 0x6, 0x8, &(0x7f0000000040)=""/4096, &(0x7f0000001040)=0x1000) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x5}, {}, {0x85, 0x0, 0x0, 0x73}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500d, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2.229517191s ago: executing program 3 (id=4278): r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x0, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000140)={0x0, 0x40, 0x4, {0x1, @raw_data="3d924b8271394fa4ec01eb92492ff84715d1a004d08b012a7cafe27a5f313d31bbdae5b411ca5be6bfe92437ed0d21b5180e375be56b3b9306d7dbb26bf9f22de7ac7681cca450055250217bdf1113b4258293ba4efed32147bda8454dd115bd5ba066ba06f2854cc96db9a98055cbde9fd084a1223ada91ed2e832907a01ab5ee65f997b617f73d1aa5a6dfc47acdc5eb834f8e448469d235e4380cbcc3314c94970349a3c1374ffec96177b67caa0656f9664277cadb8597e7d911ad1da457ef9744b0993c57a7"}}) ioctl$vim2m_VIDIOC_PREPARE_BUF(r0, 0xc058560f, &(0x7f0000000240)=@fd={0x0, 0x9, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40130be6"}}) 2.009373982s ago: executing program 2 (id=4280): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0x6a, &(0x7f0000000180)={@link_local, @dev, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x30, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @private1}}}}}}}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)}) r1 = gettid() r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r3 = dup(r2) sendmsg$netlink(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000540)={0x64, 0x0, 0x0, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0x18, 0x0, 0x0, 0x1, [@typed={0x14, 0x3e, 0x0, 0x0, @ipv6=@mcast2}]}, @typed={0x8, 0x0, 0x0, 0x0, @uid}, @generic="927ef64ac433742f16d04eb7c3a75ba3ad4b2b914856d7feb680a59adff821bac1d07055a3"]}, 0x64}, {&(0x7f0000000580)=ANY=[], 0x1f88}], 0x2}, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f0000000340)=""/177, 0xb1}], 0x1) rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) shutdown(r3, 0x0) tkill(r1, 0x7) inotify_init1(0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), r0) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES16], 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) syz_usb_control_io$hid(r4, &(0x7f0000000040)={0x24, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="00220f0000000b574e69392bf85edacab30000420008700a84a9c4d4ae001fde2f2ab5c199f31cc2a8d2df7790b4e3d087472e7671b70ea130860584c6080fa190b12c72b12f68d1270747343453001dedf1e33a743c0bc066318144274ed08aa2a24c4d475a4a9264a08905794c9d8f923388a23267a85be2889cc0edb6599de191b5a2875185"], 0x0}, 0x0) syz_usb_control_io(r4, 0x0, &(0x7f0000000c00)={0x84, &(0x7f0000000140)=ANY=[@ANYBLOB="000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = epoll_create1(0x0) epoll_wait(r6, &(0x7f000000affb)=[{}], 0x1, 0x7fff) ioctl$FAT_IOCTL_SET_ATTRIBUTES(r6, 0x40047211, &(0x7f0000000080)=0x4) mmap(&(0x7f000000b000/0x2000)=nil, 0x2000, 0x0, 0x11, r5, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000040)={0x20000007}) r7 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) readv(r7, &(0x7f0000000480)=[{&(0x7f0000001580)=""/4091, 0x18}], 0x2) ioctl$HIDIOCSFLAG(r7, 0x4004480f, &(0x7f0000000000)=0x3) ioctl$HIDIOCGUSAGE(r7, 0xc018480b, 0x0) sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, 0x0, 0x40040) syz_emit_ethernet(0x3f, &(0x7f0000000000)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x42}, @val={@val={0x88a8, 0x7}, {0x8100, 0x0, 0x1, 0x2}}, {@arp={0x806, @generic={0x0, 0x0, 0x6, 0x6, 0x2, @random="78eea3bc7a81", "39b44d88a54a", @local, "ab819369b4e03a06117118ff998bb8"}}}}, &(0x7f0000000040)={0x0, 0x2, [0x3b4, 0xb03, 0xbb6, 0x146]}) 1.991146842s ago: executing program 4 (id=4281): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010400000000000000000100000008000240000000020900010073797a300000000014000000110001"], 0x50}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x9000, 0x6}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x605, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x14}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x64}}, 0x0) sendmsg$NFT_MSG_GETSET(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000005c0)={0x14, 0xa, 0xa, 0x101}, 0x14}}, 0x0) recvmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 1.979473526s ago: executing program 3 (id=4282): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001a80)={0x68, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_SEQ_ADJ_REPLY={0x4, 0x5}]}, 0x68}}, 0x0) 1.83523596s ago: executing program 3 (id=4283): r0 = memfd_create(&(0x7f0000002840)='\x1aj~\x97\xc1\x00\x00\x00\xff\x00\x00\x00\x7f\xef_\xd3\xdc=f.z=\x80=8\x1f\x14\xa2&\xbam\v\xa9\f\xf5\x17t\xc9\x80\xf4\xa1\xeb\x907L\x7f \xe3\x19\xcb\xbf\xfc\x00\x00\x00\x00\x15\x00\x00\x00\x00\x00\x00\x00\x00h}\x00\x135V\xd9\xe0\xb0\x17\x01g\xff?\xc8\xfb3\x93\xbc\xcf\xf2\x95\xbeYd,\xb3\x17\xb0L\xe841(\"\xc2K\x11\x81\xef.m\xf7@\xb1\xf9\xee\xce\\\xd9\x03\nHNzF``\xa0\xc4}P\xb3\b\x0e\xcd\x86\'qb\x9a\xce\"\xfb\xd6\x91\'\x9b~\xcd\xfd\xaa\n\xea\x8dC\x9aQ\n\xce\"\x9cN\xed0\xf0\xc2x\x93h\xe8\\\x18\xd26\xe7\x8d4\x06\xf0\xe3M\xe5\x91\x0f\x85\x97gla\x06\xe1\xba\x1a\x1d \n\fr\xae\x12M\xcb6\xe0\x15\xd5d\x16\xc3\xdf\xa2\x04wB\xd0\x18\xa4\x17|\vH\xf5\xb0\xb5\xc7\x9f`Fz\xa3x\x99\xe17\xd2vAW\xe5\x18)9\xba\xa68A\xf8y\xe6\xac\xda\xc7u\xa9\x00{:\x01\xee,\a:\x06\xad{\x80\xfd\xc7\"\x95\x0f\xe3\x86\x19\xc3\xd2\xf7\x18\xf8\xed\x8b\"\xd8\x8f\xde`\xb0D\xfd\x84\xa3\xd7\xf3R\x8d\x88\xdaJ\xb0\xf8^\xd4>\xc7e\xab\x8f+\xda\x9b\xae\xf2\xca\xb9\xde\xb5\x8f\xdb\xba}\x7f\xf8\xe5i,m\b\xf0\xc7\xe9R\x9cY$\xcb\x00/!Z\xeb\x9bE\xf2\xb9\xcc\xf0\x9c\x02\xfc\x9c\x91q\xba|\x80n\x1f\xffG\xc3\x13\xe7v\xa7\x95md\x0f\xa5\x06\v^n\x84d5o\x02\xb3.\x8dc\x18\xe0\xc2\x9b\xe1D\x0fB] \xdfJGr\xdbc,\xef82%\x97\xe4;u\xa9\xe5\xef*n\xf613\x17\x80[\x90]\xef\xc1\x8e\rD\xd2\xe0\x8c\xf2\x00\x00\x00\x00\x00\x00\x00Gs\xab\x1e\xa13\x93\x8d\x04U\xf5\xb8Th9s3\xc9\xbf\xe5My$\x99.\xf0\xd5\xc8\xb1\xfc4\xe7\x83z\x11a\xb7\xebY\x1d\xcd\x81N\xed\xbd\xa5\xce\xa0f\xe5q2\xbc#w\xe4_\x8a-\xad\xc2/_\xe6\nE\xeb\x9c\x96\xf4`\xa2\x06\xe0^\xfb\x99\xbb}\xfb\x052_\x83*B\xf1\xf0\x95\xd2K\xd6\xe5\xb1\x1a\x02,\xbe\xf5\xd0\xd4\xa1A\xf3!\n\xc6b\xeb\x92\xea\xd8\xe1$\xbbUO\x1fS\x02\x9e\xa7|i:\xb1\xf60\xf6M\xe6,\x81=F\xa1\xca\x06\x0e\x14\x89/\xa7\"\x17-h9\x176\x9d\x04\x1el\xdcp\x89\x1b \x93f\x9a\x10\xd9\xa2Y\b\xfalA\xe1\x1bI\xb9\xf8\xa0\xb0\xc2\x04\xedO\n\vj&\xb5\x04\xc3{Yt\xf4rS^\x0e$\xe9\x05\xcd\x9b\x84\x14`\xed\x9e\xbbh\x81h\xf2\xe7\xe2DO\x1a\xe9\xc1\x1cu\xa5\xbd\x90\xbb\x03\xd5\x00\xf2\x83T\xe4\x0eF\x7f\x85\xb5\xe9CJ0xffffffffffffffff}, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) syz_open_procfs(r1, &(0x7f0000000100)='net/netfilter\x00') ioctl$TCSETAW(0xffffffffffffffff, 0x5407, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, "b308015e27d438ae"}) 1.612286291s ago: executing program 3 (id=4286): socket$nl_generic(0x10, 0x3, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000000)={'veth0_to_team\x00', &(0x7f0000000080)=@ethtool_cmd={0x27}}) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f00000000c0), 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000080)='cpuset.mems\x00', 0x2, 0x0) r4 = openat$cgroup_ro(r2, &(0x7f0000000140)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a50000002300000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000140)='mmap_lock_acquire_returned\x00', r5}, 0x10) sendfile(r3, r4, 0x0, 0x7ffff000) 1.387782581s ago: executing program 4 (id=4288): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_COUNTERS={0x4}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_ID={0x8}]}], {0x14, 0x10}}, 0x88}}, 0x0) 1.319054628s ago: executing program 3 (id=4289): r0 = syz_open_procfs$userns(0x0, &(0x7f0000000000)) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder0\x00', 0x2, 0x0) r1 = ioctl$NS_GET_PARENT(r0, 0xb702, 0x0) ioctl$int_in(r1, 0x5421, &(0x7f0000000080)) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = accept4$inet(0xffffffffffffffff, &(0x7f0000001080)={0x2, 0x0, @empty}, 0x0, 0x800) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r1, 0x6611) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r5, 0x0) ftruncate(r5, 0x796c) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000001100), &(0x7f0000001140)=0xc) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x1b, &(0x7f0000001280), 0x4) getsockopt$inet6_tcp_buf(r4, 0x6, 0x8, &(0x7f0000000040)=""/4096, &(0x7f0000001040)=0x1000) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x5}, {}, {0x85, 0x0, 0x0, 0x73}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500d, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.291843012s ago: executing program 1 (id=4290): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000a80)={0x0, 0x58, &(0x7f00000009c0)=[@in6={0xa, 0x4e22, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e22, 0x0, @private0}, @in={0x2, 0x0, @empty}]}, &(0x7f0000000ac0)=0x10) 1.177871641s ago: executing program 4 (id=4291): r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x0, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000140)={0x0, 0x40, 0x4, {0x1, @raw_data="3d924b8271394fa4ec01eb92492ff84715d1a004d08b012a7cafe27a5f313d31bbdae5b411ca5be6bfe92437ed0d21b5180e375be56b3b9306d7dbb26bf9f22de7ac7681cca450055250217bdf1113b4258293ba4efed32147bda8454dd115bd5ba066ba06f2854cc96db9a98055cbde9fd084a1223ada91ed2e832907a01ab5ee65f997b617f73d1aa5a6dfc47acdc5eb834f8e448469d235e4380cbcc3314c94970349a3c1374ffec96177b67caa0656f9664277cadb8597e7d911ad1da457ef9744b0993c57a7"}}) ioctl$vim2m_VIDIOC_PREPARE_BUF(r0, 0xc058560f, &(0x7f0000000240)=@fd={0x0, 0x9, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40130be6"}}) 1.047740403s ago: executing program 1 (id=4292): prlimit64(0x0, 0x7, &(0x7f00000002c0), 0x0) r0 = getpid() syz_pidfd_open(r0, 0x0) 930.770025ms ago: executing program 3 (id=4293): socket$inet_udplite(0x2, 0x2, 0x88) mkdir(0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x8800, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r2 = socket(0x10, 0x803, 0x0) r3 = socket(0x200000100000011, 0x3, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/net/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd1l,'}, 0x30) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r4) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r5, &(0x7f0000000f80)=""/4096, 0x1000) memfd_create(0x0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000004e00), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(r8, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2) r9 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="611582000000000061138c0000000000bfa000000000000007000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350607000fff07206706000002000000160302000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a62951e532b33c57004ffc2e83361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b068fff496d2da73c32bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c54d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f6b5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff139604faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61dc18402cde8bf777b2eaa45c940aabc86b94f8cbde4d470667bee722a6a2af483ad0d3415bd0f9db009acaba9eaea93f7a1d434e00000000000000000000d154ba10a8e51489a614e69722bac300"/1551], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x48) r10 = dup(r9) ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="820000000200000071000040"]) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="400004001400c2b26dd252720000000011ffad76", @ANYRES32=r11, @ANYBLOB], 0x40}}, 0x0) 907.984847ms ago: executing program 4 (id=4294): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010400000000000000000100000008000240000000020900010073797a300000000014000000110001"], 0x50}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x9000, 0x6}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x605, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x14}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x64}}, 0x0) sendmsg$NFT_MSG_GETSET(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000005c0)={0x14, 0xa, 0xa, 0x101}, 0x14}}, 0x0) recvmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 847.310962ms ago: executing program 1 (id=4295): r0 = memfd_create(&(0x7f0000002840)='\x1aj~\x97\xc1\x00\x00\x00\xff\x00\x00\x00\x7f\xef_\xd3\xdc=f.z=\x80=8\x1f\x14\xa2&\xbam\v\xa9\f\xf5\x17t\xc9\x80\xf4\xa1\xeb\x907L\x7f \xe3\x19\xcb\xbf\xfc\x00\x00\x00\x00\x15\x00\x00\x00\x00\x00\x00\x00\x00h}\x00\x135V\xd9\xe0\xb0\x17\x01g\xff?\xc8\xfb3\x93\xbc\xcf\xf2\x95\xbeYd,\xb3\x17\xb0L\xe841(\"\xc2K\x11\x81\xef.m\xf7@\xb1\xf9\xee\xce\\\xd9\x03\nHNzF``\xa0\xc4}P\xb3\b\x0e\xcd\x86\'qb\x9a\xce\"\xfb\xd6\x91\'\x9b~\xcd\xfd\xaa\n\xea\x8dC\x9aQ\n\xce\"\x9cN\xed0\xf0\xc2x\x93h\xe8\\\x18\xd26\xe7\x8d4\x06\xf0\xe3M\xe5\x91\x0f\x85\x97gla\x06\xe1\xba\x1a\x1d \n\fr\xae\x12M\xcb6\xe0\x15\xd5d\x16\xc3\xdf\xa2\x04wB\xd0\x18\xa4\x17|\vH\xf5\xb0\xb5\xc7\x9f`Fz\xa3x\x99\xe17\xd2vAW\xe5\x18)9\xba\xa68A\xf8y\xe6\xac\xda\xc7u\xa9\x00{:\x01\xee,\a:\x06\xad{\x80\xfd\xc7\"\x95\x0f\xe3\x86\x19\xc3\xd2\xf7\x18\xf8\xed\x8b\"\xd8\x8f\xde`\xb0D\xfd\x84\xa3\xd7\xf3R\x8d\x88\xdaJ\xb0\xf8^\xd4>\xc7e\xab\x8f+\xda\x9b\xae\xf2\xca\xb9\xde\xb5\x8f\xdb\xba}\x7f\xf8\xe5i,m\b\xf0\xc7\xe9R\x9cY$\xcb\x00/!Z\xeb\x9bE\xf2\xb9\xcc\xf0\x9c\x02\xfc\x9c\x91q\xba|\x80n\x1f\xffG\xc3\x13\xe7v\xa7\x95md\x0f\xa5\x06\v^n\x84d5o\x02\xb3.\x8dc\x18\xe0\xc2\x9b\xe1D\x0fB] \xdfJGr\xdbc,\xef82%\x97\xe4;u\xa9\xe5\xef*n\xf613\x17\x80[\x90]\xef\xc1\x8e\rD\xd2\xe0\x8c\xf2\x00\x00\x00\x00\x00\x00\x00Gs\xab\x1e\xa13\x93\x8d\x04U\xf5\xb8Th9s3\xc9\xbf\xe5My$\x99.\xf0\xd5\xc8\xb1\xfc4\xe7\x83z\x11a\xb7\xebY\x1d\xcd\x81N\xed\xbd\xa5\xce\xa0f\xe5q2\xbc#w\xe4_\x8a-\xad\xc2/_\xe6\nE\xeb\x9c\x96\xf4`\xa2\x06\xe0^\xfb\x99\xbb}\xfb\x052_\x83*B\xf1\xf0\x95\xd2K\xd6\xe5\xb1\x1a\x02,\xbe\xf5\xd0\xd4\xa1A\xf3!\n\xc6b\xeb\x92\xea\xd8\xe1$\xbbUO\x1fS\x02\x9e\xa7|i:\xb1\xf60\xf6M\xe6,\x81=F\xa1\xca\x06\x0e\x14\x89/\xa7\"\x17-h9\x176\x9d\x04\x1el\xdcp\x89\x1b \x93f\x9a\x10\xd9\xa2Y\b\xfalA\xe1\x1bI\xb9\xf8\xa0\xb0\xc2\x04\xedO\n\vj&\xb5\x04\xc3{Yt\xf4rS^\x0e$\xe9\x05\xcd\x9b\x84\x14`\xed\x9e\xbbh\x81h\xf2\xe7\xe2DO\x1a\xe9\xc1\x1cu\xa5\xbd\x90\xbb\x03\xd5\x00\xf2\x83T\xe4\x0eF\x7f\x85\xb5\xe9CJ0x0}) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001180)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112b0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01ac69398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ef6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b6214912a517810200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734837ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a6d072034cecc457776c5fa1f33b0203c07052c6bc314b0ac5c63bc2083c9cda0b7480e0b17854ffcc76176ce266bc698f7921b8afe798a7a5ed33ab0374455ee368fda99a0e681bf9426831b193395cb01a7332a50aac841cb7d48a1768a7640a9820631ba775a"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03076844268cb89e14f008004be0ffff00124000638477fbac141416ac14141607089f034d2f87e544026aab845013f2325f1a39010702038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2, 0x25, 0x0, @val=@kprobe_multi=@syms={0x0, 0x0, 0x0}}, 0x40) syz_emit_ethernet(0xfdef, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa88a800008864"], 0x0) 233.826987ms ago: executing program 4 (id=4298): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x1b}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}}, 0x0) 0s ago: executing program 1 (id=4299): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'team_slave_0\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) r4 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)={0x5c, r4, 0x1, 0x0, 0x0, {0x1, 0x6c00000000000000}, [{{0x8, 0x1, r3}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r1}}}]}}]}, 0x5c}, 0x1, 0xf000}, 0x0) kernel console output (not intermixed with test programs): my_hcd.4-1/input0 [ 827.038473][ T5139] usb 5-1: USB disconnect, device number 33 [ 827.615639][ T785] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 827.808268][ T785] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 827.849477][ T785] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 827.916021][ T785] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 827.977691][ T785] usb 2-1: config 0 descriptor?? [ 828.022708][ T785] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 830.240543][ T5190] usb 2-1: USB disconnect, device number 22 [ 832.022688][T14115] syz.0.2981: attempt to access beyond end of device [ 832.022688][T14115] nbd0: rw=0, sector=1, nr_sectors = 1 limit=0 [ 832.027628][T14114] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2983'. [ 832.046200][T14114] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2983'. [ 832.094423][T14115] VFS: could not find a valid V7 on nbd0. [ 833.606780][T14140] input: syz1 as /devices/virtual/input/input30 [ 833.919303][T14148] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2994'. [ 833.956422][T14148] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2994'. [ 834.544038][T14159] vlan2: entered promiscuous mode [ 834.573382][T14159] bond0: entered promiscuous mode [ 834.593610][T14159] bond_slave_0: entered promiscuous mode [ 834.615990][T14159] bond_slave_1: entered promiscuous mode [ 834.661568][T14159] bond0: left promiscuous mode [ 834.677122][T14159] bond_slave_0: left promiscuous mode [ 834.714355][T14159] bond_slave_1: left promiscuous mode [ 835.986406][T14182] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3006'. [ 836.005244][T14182] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3006'. [ 838.318242][T14222] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3020'. [ 838.351623][T14222] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3020'. [ 838.569608][ T29] kauditd_printk_skb: 68 callbacks suppressed [ 838.569649][ T29] audit: type=1326 audit(2000000626.777:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14217 comm="syz.3.3021" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4560975a99 code=0x0 [ 839.692751][ T29] audit: type=1326 audit(2000000627.897:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14239 comm="syz.0.3027" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd86f775a99 code=0x0 [ 842.709353][ T5103] Bluetooth: hci1: unexpected event for opcode 0x0000 [ 842.735455][T14267] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3034'. [ 843.025198][T14280] overlayfs: failed to clone upperpath [ 843.075390][T14280] netlink: 'syz.4.3039': attribute type 10 has an invalid length. [ 843.132434][T14280] mac80211_hwsim hwsim47 wlan1: left allmulticast mode [ 843.218945][T14280] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 843.690937][T14285] 8021q: adding VLAN 0 to HW filter on device bond0 [ 843.747247][T14285] bond0: (slave rose0): Enslaving as an active interface with an up link [ 843.763754][T14291] input: syz0 as /devices/virtual/input/input31 [ 844.074081][ T29] audit: type=1326 audit(2000000632.277:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14298 comm="syz.0.3048" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd86f775a99 code=0x0 [ 846.175779][ T5190] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 846.547775][ T5190] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 846.725888][ T5103] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 846.734800][ T5103] Bluetooth: hci1: Injecting HCI hardware error event [ 846.744005][ T5103] Bluetooth: hci1: hardware error 0x00 [ 847.835627][ T5190] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 847.868777][ T5190] usb 4-1: New USB device found, idVendor=046d, idProduct=c623, bcdDevice= 0.00 [ 847.895733][ T5190] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 847.936487][ T5190] usb 4-1: config 0 descriptor?? [ 848.379166][ T5190] logitech 0003:046D:C623.0011: item fetching failed at offset 3/5 [ 848.433018][ T5190] logitech 0003:046D:C623.0011: parse failed [ 848.464264][ T5190] logitech 0003:046D:C623.0011: probe with driver logitech failed with error -22 [ 848.750111][ T9479] usb 4-1: USB disconnect, device number 31 [ 848.756553][ T5140] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 849.016274][ T5140] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 849.070761][ T5140] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 553, setting to 64 [ 849.181394][ T5140] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 849.197978][ T5140] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 849.209411][ T5140] usb 1-1: Product: syz [ 849.213755][ T5140] usb 1-1: Manufacturer: syz [ 849.219001][ T5140] usb 1-1: SerialNumber: syz [ 849.518420][T14382] ieee802154 phy0 wpan0: encryption failed: -22 [ 849.873010][ T5103] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 851.185120][ T5103] Bluetooth: hci2: link tx timeout [ 851.191149][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.204692][ T5103] Bluetooth: hci2: link tx timeout [ 851.211863][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.225749][ T5103] Bluetooth: hci2: link tx timeout [ 851.230952][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.265983][ T5103] Bluetooth: hci2: link tx timeout [ 851.271402][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.281493][ T5103] Bluetooth: hci2: link tx timeout [ 851.286891][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.294902][ T5103] Bluetooth: hci2: link tx timeout [ 851.300681][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.309746][ T5103] Bluetooth: hci2: link tx timeout [ 851.315122][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.324517][ T5103] Bluetooth: hci2: link tx timeout [ 851.330382][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.340428][ T5103] Bluetooth: hci2: link tx timeout [ 851.347490][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.357047][ T5103] Bluetooth: hci2: link tx timeout [ 851.362234][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.373547][ T5103] Bluetooth: hci2: link tx timeout [ 851.381521][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.391538][ T5103] Bluetooth: hci2: link tx timeout [ 851.396913][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.405071][ T5103] Bluetooth: hci2: link tx timeout [ 851.417524][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.444451][ T5103] Bluetooth: hci2: link tx timeout [ 851.449928][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.457977][ T5103] Bluetooth: hci2: link tx timeout [ 851.463529][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.471522][ T5103] Bluetooth: hci2: link tx timeout [ 851.476841][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.486177][ T5103] Bluetooth: hci2: link tx timeout [ 851.491539][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.499480][ T5103] Bluetooth: hci2: link tx timeout [ 851.504770][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.514112][ T5103] Bluetooth: hci2: link tx timeout [ 851.519900][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.527991][ T5103] Bluetooth: hci2: link tx timeout [ 851.533340][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.541338][ T5103] Bluetooth: hci2: link tx timeout [ 851.546716][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.554664][ T5103] Bluetooth: hci2: link tx timeout [ 851.560122][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.568446][ T5103] Bluetooth: hci2: link tx timeout [ 851.573756][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.584257][ T5103] Bluetooth: hci2: link tx timeout [ 851.589544][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.599095][ T5103] Bluetooth: hci2: link tx timeout [ 851.604369][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.626161][ T5103] Bluetooth: hci2: link tx timeout [ 851.631576][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.640295][ T5103] Bluetooth: hci2: link tx timeout [ 851.645610][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.653802][ T5103] Bluetooth: hci2: link tx timeout [ 851.659140][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.686862][ T5103] Bluetooth: hci2: link tx timeout [ 851.692180][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.701310][ T5103] Bluetooth: hci2: link tx timeout [ 851.706641][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.718374][ T5103] Bluetooth: hci2: link tx timeout [ 851.723983][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.734364][ T5103] Bluetooth: hci2: link tx timeout [ 851.739642][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.750890][ T5103] Bluetooth: hci2: link tx timeout [ 851.756885][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.769535][ T5103] Bluetooth: hci2: link tx timeout [ 851.775078][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.786278][ T5103] Bluetooth: hci2: link tx timeout [ 851.792622][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.800696][ T5103] Bluetooth: hci2: link tx timeout [ 851.808265][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.825728][ T5103] Bluetooth: hci2: link tx timeout [ 851.832644][ T5103] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 851.934564][T14408] (unnamed net_device) (uninitialized): option lacp_rate: invalid value (4) [ 851.967323][ T5140] cdc_ncm 1-1:1.0: bind() failure [ 851.993353][ T5140] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 852.045818][ T5140] cdc_ncm 1-1:1.1: bind() failure [ 852.522434][ T9] usb 1-1: USB disconnect, device number 32 [ 853.316032][ T5096] Bluetooth: hci2: command 0x0406 tx timeout [ 853.806939][ T5096] Bluetooth: hci2: unexpected event for opcode 0x0000 [ 853.837552][T14425] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3091'. [ 854.407358][T14436] overlayfs: failed to clone upperpath [ 854.481678][T14438] netlink: 'syz.2.3094': attribute type 10 has an invalid length. [ 854.820839][T14438] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 855.133589][T14450] overlayfs: statfs failed on './file0' [ 856.891646][T14484] can0: slcan on ptm0. [ 856.953588][T14483] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3111'. [ 857.000006][T14492] overlayfs: failed to clone upperpath [ 857.220578][T14493] netlink: 'syz.4.3112': attribute type 10 has an invalid length. [ 857.268689][ T5190] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 857.455730][T14473] can0 (unregistered): slcan off ptm0. [ 857.528098][ T5190] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 857.554939][ T5190] usb 4-1: config 1 has an invalid descriptor of length 110, skipping remainder of the config [ 857.660537][ T5190] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 857.732127][ T5190] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 101, changing to 10 [ 857.777353][ T5190] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 10100, setting to 1024 [ 857.818913][ T5190] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 857.840719][ T5190] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 857.849472][ T5096] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 857.858507][ T5096] Bluetooth: hci2: Injecting HCI hardware error event [ 857.869057][ T5096] Bluetooth: hci2: hardware error 0x00 [ 857.925142][ T5190] usb 4-1: Product: syz [ 857.942488][ T5190] usb 4-1: Manufacturer: syz [ 857.974507][T14491] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 858.021015][ T5190] cdc_wdm 4-1:1.0: skipping garbage [ 858.055160][ T5190] cdc_wdm 4-1:1.0: skipping garbage [ 858.071518][ T5190] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 858.094537][ T5190] cdc_wdm 4-1:1.0: Unknown control protocol [ 858.962127][T14515] befs: (nullb0): No write support. Marking filesystem read-only [ 859.040950][T14515] befs: (nullb0): invalid magic header [ 859.225695][ T9479] usb 4-1: USB disconnect, device number 32 [ 859.837950][T14529] can0: slcan on ptm0. [ 859.925963][ T5096] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 861.914532][T14525] can0 (unregistered): slcan off ptm0. [ 863.093967][T14572] netlink: 'syz.3.3142': attribute type 12 has an invalid length. [ 864.169383][T14584] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3147'. [ 864.907174][T14593] befs: (nullb0): No write support. Marking filesystem read-only [ 864.951539][T14593] befs: (nullb0): invalid magic header [ 865.067795][T14599] bridge0: port 2(bridge_slave_1) entered disabled state [ 865.075290][T14599] bridge0: port 2(bridge_slave_1) entered blocking state [ 865.082572][T14599] bridge0: port 2(bridge_slave_1) entered forwarding state [ 865.314967][T14603] netlink: 'syz.1.3153': attribute type 2 has an invalid length. [ 865.895982][ T5096] Bluetooth: hci3: link tx timeout [ 865.901690][ T5096] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 865.915024][ T5096] Bluetooth: hci3: link tx timeout [ 865.921183][ T5096] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 865.930893][ T5096] Bluetooth: hci3: link tx timeout [ 865.936317][ T5096] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 865.944451][ T5096] Bluetooth: hci3: link tx timeout [ 865.949709][ T5096] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 865.958523][ T5096] Bluetooth: hci3: link tx timeout [ 865.963734][ T5096] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 865.973188][ T5096] Bluetooth: hci3: link tx timeout [ 865.978468][ T5096] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 866.116955][T14620] overlayfs: statfs failed on './file0' [ 866.495995][ T5096] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 866.505113][ T5096] Bluetooth: hci4: Injecting HCI hardware error event [ 866.515588][T14623] Bluetooth: hci4: hardware error 0x00 [ 867.926628][ T5096] Bluetooth: hci3: command 0x0406 tx timeout [ 868.548636][T14670] netlink: 'syz.4.3179': attribute type 1 has an invalid length. [ 868.619394][T14670] netlink: 112860 bytes leftover after parsing attributes in process `syz.4.3179'. [ 868.677265][T14670] netlink: 'syz.4.3179': attribute type 1 has an invalid length. [ 868.725615][T14623] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 868.974992][T14675] can0: slcan on ptm0. [ 869.295849][ T5140] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 869.516551][T14669] can0 (unregistered): slcan off ptm0. [ 869.536119][ T5140] usb 2-1: New USB device found, idVendor=07ca, idProduct=a835, bcdDevice=21.fa [ 869.579991][ T5140] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 869.625857][ T5139] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 869.657911][ T5140] usb 2-1: config 0 descriptor?? [ 869.679315][T14692] overlayfs: failed to clone upperpath [ 869.700658][T14692] netlink: 'syz.4.3189': attribute type 10 has an invalid length. [ 869.879924][ T5139] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 869.915032][T14678] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 869.928745][T14678] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 869.977077][ T5139] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 553, setting to 64 [ 870.007008][ T5140] usb 2-1: string descriptor 0 read error: -71 [ 870.060956][ T5139] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 870.071736][ T5140] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 870.102782][ T5140] dvb_usb_af9035 2-1:0.0: probe with driver dvb_usb_af9035 failed with error -22 [ 870.112458][ T5139] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 870.127736][T14702] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3192'. [ 870.135842][ T29] audit: type=1326 audit(2000000658.317:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14695 comm="syz.2.3190" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb6bc975a99 code=0x0 [ 870.162202][ T5139] usb 4-1: Product: syz [ 870.180462][ T5140] usb 2-1: USB disconnect, device number 23 [ 870.187021][ T5139] usb 4-1: Manufacturer: syz [ 870.195644][ T5139] usb 4-1: SerialNumber: syz [ 870.426048][ T1250] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.437308][ T1250] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.606819][T14688] ieee802154 phy0 wpan0: encryption failed: -22 [ 872.185906][ T5139] cdc_ncm 4-1:1.0: bind() failure [ 872.218367][ T5139] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 872.241843][ T5139] cdc_ncm 4-1:1.1: bind() failure [ 872.684849][ T785] usb 4-1: USB disconnect, device number 33 [ 872.818551][ T5139] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 873.005859][ T5139] usb 1-1: Using ep0 maxpacket: 16 [ 873.017748][ T5139] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 873.063278][ T5139] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 873.115554][ T5139] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 873.141410][ T5139] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 873.155761][ T5139] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 873.203839][ T5139] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 873.245969][ T5139] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 873.254054][ T5139] usb 1-1: Manufacturer: syz [ 873.300053][ T5139] usb 1-1: config 0 descriptor?? [ 873.955611][ T5139] rc_core: IR keymap rc-hauppauge not found [ 873.971808][ T5139] Registered IR keymap rc-empty [ 873.981562][ T5139] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 874.751668][ T5139] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 874.808972][ T5139] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 874.857489][ T5139] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input33 [ 874.910892][ T5139] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 874.957997][ T5139] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 875.182086][ T5139] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 875.215741][ T5139] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 876.144781][ T5139] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 876.216425][ T5139] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 876.277811][ T5139] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 876.346554][ T5139] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 876.391153][T14767] loop6: detected capacity change from 0 to 16384 [ 876.416660][ T5139] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 876.485868][ T5139] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 876.561270][T14767] I/O error, dev loop6, sector 1536 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 0 [ 876.578501][ T5139] mceusb 1-1:0.0: Registered with mce emulator interface version 1 [ 876.617729][ T5139] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 876.650415][T14767] I/O error, dev loop6, sector 1792 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 0 [ 876.673491][ T5139] usb 1-1: USB disconnect, device number 33 [ 876.694380][T14767] I/O error, dev loop6, sector 1536 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 876.714703][T14767] Buffer I/O error on dev loop6, logical block 192, async page read [ 877.345182][T14775] can0: slcan on ptm0. [ 877.758609][T14773] can0 (unregistered): slcan off ptm0. [ 877.776142][T14785] MTD: Couldn't look up './file0': -15 [ 879.665936][T14799] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3224'. [ 879.695285][T14799] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3224'. [ 880.647634][ C1] Dead loop on virtual device ipvlan1, fix it urgently! [ 880.679318][T14815] can0: slcan on ptm0. [ 880.946801][ T29] audit: type=1326 audit(2000000669.157:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14829 comm="syz.1.3236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7708775a99 code=0x7ffc0000 [ 881.051606][ T29] audit: type=1326 audit(2000000669.177:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14829 comm="syz.1.3236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7708775a99 code=0x7ffc0000 [ 881.193621][ T29] audit: type=1326 audit(2000000669.187:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14829 comm="syz.1.3236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f7708775a99 code=0x7ffc0000 [ 881.236109][T14810] can0 (unregistered): slcan off ptm0. [ 881.610891][T14839] netlink: 'syz.1.3238': attribute type 12 has an invalid length. [ 882.125566][ T29] audit: type=1326 audit(2000000669.187:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14829 comm="syz.1.3236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7708775a99 code=0x7ffc0000 [ 882.226926][ T29] audit: type=1326 audit(2000000669.187:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14829 comm="syz.1.3236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7708775a99 code=0x7ffc0000 [ 882.257290][T14843] kAFS: No cell specified [ 882.286225][ T29] audit: type=1326 audit(2000000669.197:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14829 comm="syz.1.3236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=94 compat=0 ip=0x7f7708775a99 code=0x7ffc0000 [ 882.374692][ T29] audit: type=1326 audit(2000000669.197:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14829 comm="syz.1.3236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7708775a99 code=0x7ffc0000 [ 882.527767][ T29] audit: type=1326 audit(2000000669.197:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14829 comm="syz.1.3236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7708775a99 code=0x7ffc0000 [ 882.549193][T14848] netlink: 'syz.0.3243': attribute type 3 has an invalid length. [ 882.625343][T14848] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.3243'. [ 886.278570][T14865] netlink: 'syz.2.3251': attribute type 1 has an invalid length. [ 887.288827][T14877] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3255'. [ 887.337611][T14877] (unnamed net_device) (uninitialized): (slave dummy0): Device is not bonding slave [ 887.394845][T14877] (unnamed net_device) (uninitialized): option active_slave: invalid value (dummy0) [ 889.241607][T14908] netlink: 'syz.3.3262': attribute type 21 has an invalid length. [ 889.290798][T14908] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3262'. [ 889.356484][T14908] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3262'. [ 889.419351][ T29] audit: type=1326 audit(2000000677.627:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14905 comm="syz.3.3262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4560975a99 code=0x7ffc0000 [ 889.500519][ T29] audit: type=1326 audit(2000000677.657:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14905 comm="syz.3.3262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4560975a99 code=0x7ffc0000 [ 890.050420][T14929] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3271'. [ 890.078383][T14929] (unnamed net_device) (uninitialized): (slave dummy0): Device is not bonding slave [ 890.110462][T14929] (unnamed net_device) (uninitialized): option active_slave: invalid value (dummy0) [ 891.846621][T14960] netlink: 'syz.1.3280': attribute type 21 has an invalid length. [ 891.880045][T14960] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3280'. [ 892.088579][T14966] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3283'. [ 892.128201][T14966] (unnamed net_device) (uninitialized): (slave dummy0): Device is not bonding slave [ 892.160408][T14966] (unnamed net_device) (uninitialized): option active_slave: invalid value (dummy0) [ 892.839722][T14982] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 892.926428][ T29] audit: type=1326 audit(2000000681.127:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14983 comm="syz.0.3291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd86f775a99 code=0x7ffc0000 [ 893.007129][ T29] audit: type=1326 audit(2000000681.127:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14983 comm="syz.0.3291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd86f775a99 code=0x7ffc0000 [ 893.089253][ T29] audit: type=1326 audit(2000000681.137:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14983 comm="syz.0.3291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd86f775a99 code=0x7ffc0000 [ 893.179688][ T29] audit: type=1326 audit(2000000681.147:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14983 comm="syz.0.3291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd86f775a99 code=0x7ffc0000 [ 893.268605][ T29] audit: type=1326 audit(2000000681.147:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14983 comm="syz.0.3291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd86f775a99 code=0x7ffc0000 [ 893.412983][ T29] audit: type=1326 audit(2000000681.167:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14983 comm="syz.0.3291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=18 compat=0 ip=0x7fd86f775a99 code=0x7ffc0000 [ 893.535619][ T29] audit: type=1326 audit(2000000681.167:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14983 comm="syz.0.3291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd86f775a99 code=0x7ffc0000 [ 894.315656][ T29] audit: type=1326 audit(2000000681.167:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14983 comm="syz.0.3291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd86f775a99 code=0x7ffc0000 [ 894.426080][ T29] audit: type=1326 audit(2000000681.177:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14983 comm="syz.0.3291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=173 compat=0 ip=0x7fd86f775a99 code=0x7ffc0000 [ 894.716097][ T29] audit: type=1326 audit(2000000681.177:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14983 comm="syz.0.3291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd86f775a99 code=0x7ffc0000 [ 894.869319][ T29] audit: type=1326 audit(2000000681.177:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14983 comm="syz.0.3291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd86f775a99 code=0x7ffc0000 [ 894.897080][ T29] audit: type=1326 audit(2000000681.177:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14983 comm="syz.0.3291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=229 compat=0 ip=0x7fd86f775a99 code=0x7ffc0000 [ 895.055680][ T5140] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 895.635080][ T29] audit: type=1326 audit(2000000681.177:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14983 comm="syz.0.3291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd86f775a99 code=0x7ffc0000 [ 895.702788][ T5140] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 895.777102][ T5140] usb 4-1: New USB device found, idVendor=050f, idProduct=0190, bcdDevice=2b.a5 [ 895.804525][ T29] audit: type=1326 audit(2000000681.177:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14983 comm="syz.0.3291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd86f775a99 code=0x7ffc0000 [ 895.872307][ T5140] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 895.915081][ T5140] usb 4-1: config 0 descriptor?? [ 895.927669][ T29] audit: type=1326 audit(2000000681.177:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14983 comm="syz.0.3291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd86f775a99 code=0x7ffc0000 [ 895.965358][ T5140] cdc_subset 4-1:0.0: probe with driver cdc_subset failed with error -22 [ 896.023854][T15030] Dead loop on virtual device ipvlan1, fix it urgently! [ 896.066885][ T29] audit: type=1326 audit(2000000681.177:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14983 comm="syz.0.3291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd86f775a99 code=0x7ffc0000 [ 896.116939][T15032] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3308'. [ 896.144876][T15032] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3308'. [ 896.179024][ T29] audit: type=1326 audit(2000000681.177:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14983 comm="syz.0.3291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd86f775a99 code=0x7ffc0000 [ 896.303866][ T29] audit: type=1326 audit(2000000681.177:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14983 comm="syz.0.3291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd86f775a99 code=0x7ffc0000 [ 896.365649][ T5140] usb 4-1: USB disconnect, device number 34 [ 896.436300][T15042] tmpfs: Bad value for 'mpol' [ 896.598038][T15045] xt_hashlimit: max too large, truncated to 1048576 [ 896.658802][T15045] xt_hashlimit: overflow, try lower: 0/0 [ 896.705603][T13411] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 896.958903][T13411] usb 5-1: config 1 has an invalid interface number: 5 but max is 2 [ 896.987187][T13411] usb 5-1: config 1 has an invalid descriptor of length 163, skipping remainder of the config [ 897.048587][T13411] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 897.085581][T13411] usb 5-1: config 1 has no interface number 1 [ 897.176532][T13411] usb 5-1: too many endpoints for config 1 interface 5 altsetting 1: 66, using maximum allowed: 30 [ 897.242284][T13411] usb 5-1: config 1 interface 5 altsetting 1 has an invalid endpoint descriptor of length 5, skipping [ 897.312955][T13411] usb 5-1: config 1 interface 5 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 66 [ 897.394415][T13411] usb 5-1: config 1 interface 5 has no altsetting 0 [ 897.450866][T13411] usb 5-1: string descriptor 0 read error: -22 [ 897.486157][T13411] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 897.525675][T13411] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 897.584066][T13411] usb 5-1: 0:2 : does not exist [ 897.915707][ T8] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 898.155562][ T8] usb 2-1: Using ep0 maxpacket: 8 [ 898.201424][ T8] usb 2-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 898.255785][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 898.319899][ T8] usb 2-1: config 0 descriptor?? [ 898.349851][ T8] usb-storage 2-1:0.0: USB Mass Storage device detected [ 898.403095][ T8] usb-storage 2-1:0.0: Quirks match for vid 04e6 pid 000b: 4 [ 899.244478][T15030] syz.4.3307 (15030) used greatest stack depth: 7896 bytes left [ 899.410630][T15073] netlink: 'syz.0.3321': attribute type 12 has an invalid length. [ 899.781654][T13411] usb 2-1: USB disconnect, device number 24 [ 900.034019][T15081] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 900.060223][T15037] syz.4.3307 (15037): drop_caches: 2 [ 900.173130][ T8] usb 5-1: USB disconnect, device number 34 [ 900.356730][ T784] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 900.582305][ T784] usb 4-1: too many configurations: 12, using maximum allowed: 8 [ 900.673609][ T784] usb 4-1: New USB device found, idVendor=5bd3, idProduct=317c, bcdDevice= 4.5e [ 900.750782][ T784] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 900.839938][T15094] ip6t_srh: unknown srh invflags 7D00 [ 901.658484][ T784] usb 4-1: config 0 descriptor?? [ 901.800141][T15099] MTD: Couldn't look up './file0': -15 [ 901.951748][T15081] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(5) [ 901.958341][T15081] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 902.012078][T15081] vhci_hcd vhci_hcd.0: Device attached [ 902.018487][ T29] kauditd_printk_skb: 15 callbacks suppressed [ 902.018508][ T29] audit: type=1800 audit(2000000690.197:274): pid=15090 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.3328" name="SYSV00000000" dev="hugetlbfs" ino=5 res=0 errno=0 [ 902.062012][ T784] usb 4-1: string descriptor 0 read error: -71 [ 902.065096][T15105] vhci_hcd: connection closed [ 902.076239][ T2841] vhci_hcd: stop threads [ 902.101148][ T2841] vhci_hcd: release socket [ 902.128252][ T2841] vhci_hcd: disconnect device [ 902.169788][ T784] usb 4-1: USB disconnect, device number 35 [ 903.917343][T15123] loop0: detected capacity change from 0 to 1 [ 903.951945][T15123] Buffer I/O error on dev loop0, logical block 0, async page read [ 904.009310][T15123] Buffer I/O error on dev loop0, logical block 0, async page read [ 904.056362][T15123] Buffer I/O error on dev loop0, logical block 0, async page read [ 904.059875][T15130] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 904.089034][T15123] Buffer I/O error on dev loop0, logical block 0, async page read [ 904.128005][T15123] Buffer I/O error on dev loop0, logical block 0, async page read [ 904.185655][T15123] ldm_validate_partition_table(): Disk read failed. [ 904.221273][T15123] Buffer I/O error on dev loop0, logical block 0, async page read [ 904.255060][T15123] Buffer I/O error on dev loop0, logical block 0, async page read [ 904.293710][T15123] Buffer I/O error on dev loop0, logical block 0, async page read [ 904.311147][T15125] kvm: kvm [15124]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0xbe706111 [ 904.333820][T15123] Buffer I/O error on dev loop0, logical block 0, async page read [ 904.358218][T15138] netlink: 'syz.3.3343': attribute type 3 has an invalid length. [ 904.386035][T15123] Dev loop0: unable to read RDB block 0 [ 904.401048][T15123] Buffer I/O error on dev loop0, logical block 0, async page read [ 904.439962][T15123] loop0: unable to read partition table [ 904.470427][T15123] loop0: partition table beyond EOD, truncated [ 904.510883][T15123] loop_reread_partitions: partition scan of loop0 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡p¨â·û [ 904.510883][T15123] ) failed (rc=-5) [ 904.544613][T15137] overlayfs: failed to get inode (-116) [ 904.571061][T15137] overlayfs: failed to look up (file0) for ino (-116) [ 906.480152][T15149] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 906.723848][ T29] audit: type=1800 audit(2000000694.927:275): pid=15148 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.3346" name="SYSV00000000" dev="hugetlbfs" ino=3 res=0 errno=0 [ 907.002253][T15171] netlink: 'syz.0.3354': attribute type 3 has an invalid length. [ 907.256559][T15180] overlayfs: failed to get inode (-116) [ 907.277012][T15180] overlayfs: failed to look up (file0) for ino (-116) [ 907.367214][ T5140] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 907.585482][ T5140] usb 5-1: Using ep0 maxpacket: 8 [ 907.609045][ T5140] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 907.665792][ T5140] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 32 [ 907.713172][ T5140] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 907.759221][ T5140] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 907.788393][ T5140] usb 5-1: Product: syz [ 907.803922][ T5140] usb 5-1: Manufacturer: syz [ 907.828065][ T5140] usb 5-1: SerialNumber: syz [ 908.091331][T15175] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 908.098868][T15175] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 908.450209][T15175] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 908.896024][T15175] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 908.966838][ T5140] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -71 [ 909.037596][ T5140] usb 5-1: USB disconnect, device number 35 [ 912.057886][T15219] netlink: 'syz.2.3368': attribute type 3 has an invalid length. [ 913.280486][T15248] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3379'. [ 913.540974][T15248] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3379'. [ 914.613785][T15270] netlink: 'syz.0.3387': attribute type 10 has an invalid length. [ 914.629371][T15271] netlink: 'syz.1.3386': attribute type 1 has an invalid length. [ 914.653347][T15270] bond0: (slave bond_slave_0): Releasing backup interface [ 914.745175][T15267] gre0: entered allmulticast mode [ 915.133948][T15281] bridge0: port 3(team0) entered disabled state [ 915.207047][T15281] bridge0: port 1(bridge_slave_0) entered disabled state [ 915.246746][T15281] bridge0: port 2(bridge_slave_1) entered disabled state [ 915.669885][T15286] bridge0: port 3(team0) entered blocking state [ 915.676400][T15286] bridge0: port 3(team0) entered forwarding state [ 915.773868][T15286] bridge0: port 1(bridge_slave_0) entered blocking state [ 915.781213][T15286] bridge0: port 1(bridge_slave_0) entered forwarding state [ 916.601655][T15286] bridge0: port 2(bridge_slave_1) entered blocking state [ 916.608925][T15286] bridge0: port 2(bridge_slave_1) entered forwarding state [ 916.719584][T15289] kvm: kvm [15287]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0xbe706111 [ 917.029107][T13411] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 917.046308][ T29] audit: type=1326 audit(2000000705.227:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15298 comm="syz.0.3398" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd86f775a99 code=0x0 [ 917.335924][T13411] usb 2-1: Using ep0 maxpacket: 16 [ 917.362142][T13411] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 917.398625][T13411] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 917.499875][T13411] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 917.616193][T13411] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 917.680080][T13411] usb 2-1: config 0 descriptor?? [ 918.210798][T13411] usbhid 2-1:0.0: can't add hid device: -71 [ 918.275749][T13411] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 918.353730][T13411] usb 2-1: USB disconnect, device number 25 [ 919.605611][T15341] netlink: 'syz.1.3410': attribute type 32 has an invalid length. [ 919.674237][T15341] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3410'. [ 919.816099][T15341] (unnamed net_device) (uninitialized): option coupled_control: invalid value (116) [ 921.255646][ T5140] usb 1-1: new full-speed USB device number 34 using dummy_hcd [ 921.574095][T15324] 9pnet_fd: Insufficient options for proto=fd [ 921.635512][ T5140] usb 1-1: device descriptor read/64, error -71 [ 921.654206][ T29] audit: type=1326 audit(2000000709.889:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15363 comm="syz.2.3417" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb6bc975a99 code=0x0 [ 921.878171][T15374] netlink: 'syz.4.3421': attribute type 21 has an invalid length. [ 921.915570][ T5140] usb 1-1: new full-speed USB device number 35 using dummy_hcd [ 921.924539][T15374] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3421'. [ 922.022501][T15374] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3421'. [ 922.103944][ T29] audit: type=1326 audit(2000000710.339:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15372 comm="syz.4.3421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb8a2775a99 code=0x7ffc0000 [ 922.166236][ T5140] usb 1-1: device descriptor read/64, error -71 [ 922.282041][ T29] audit: type=1326 audit(2000000710.369:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15372 comm="syz.4.3421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb8a2775a99 code=0x7ffc0000 [ 922.334806][ T5140] usb usb1-port1: attempt power cycle [ 922.755851][ T5140] usb 1-1: new full-speed USB device number 36 using dummy_hcd [ 922.828332][ T5140] usb 1-1: device descriptor read/8, error -71 [ 922.868469][T15383] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 923.146503][ T5140] usb 1-1: new full-speed USB device number 37 using dummy_hcd [ 923.222852][ T5140] usb 1-1: device descriptor read/8, error -71 [ 923.346121][ T5140] usb usb1-port1: unable to enumerate USB device [ 924.893579][T15418] RDS: rds_bind could not find a transport for 2001::1, load rds_tcp or rds_rdma? [ 925.245593][ T784] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 925.491106][T15421] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 925.795498][ T784] usb 4-1: Using ep0 maxpacket: 32 [ 926.598135][ T784] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 926.671153][ T784] usb 4-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 926.747014][ T784] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 926.798911][ T784] usb 4-1: Product: syz [ 926.803152][ T784] usb 4-1: Manufacturer: syz [ 926.835497][ T784] usb 4-1: SerialNumber: syz [ 926.875168][ T784] usb 4-1: config 0 descriptor?? [ 926.913406][ T784] usb 4-1: bad CDC descriptors [ 926.936123][ T784] usb 4-1: unsupported MDLM descriptors [ 927.016879][ T29] audit: type=1326 audit(2000000715.249:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15435 comm="syz.2.3444" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb6bc975a99 code=0x0 [ 927.189750][T15431] nbd: device at index 1 is going down [ 927.224567][ T5140] usb 4-1: USB disconnect, device number 36 [ 927.940134][T15457] RDS: rds_bind could not find a transport for 2001::1, load rds_tcp or rds_rdma? [ 928.309468][T15461] bridge0: port 2(bridge_slave_1) entered disabled state [ 929.210905][ T29] audit: type=1326 audit(2000000717.439:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15481 comm="syz.4.3462" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb8a2775a99 code=0x0 [ 930.070509][ T29] audit: type=1326 audit(2000000718.309:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15495 comm="syz.1.3466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7708775a99 code=0x7ffc0000 [ 930.190293][ T29] audit: type=1326 audit(2000000718.329:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15495 comm="syz.1.3466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7708775a99 code=0x7ffc0000 [ 930.456612][ T29] audit: type=1326 audit(2000000718.359:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15495 comm="syz.1.3466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=239 compat=0 ip=0x7f7708775a99 code=0x7ffc0000 [ 931.615869][ T29] audit: type=1326 audit(2000000718.369:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15495 comm="syz.1.3466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7708775a99 code=0x7ffc0000 [ 931.675554][T15505] bridge0: port 2(bridge_slave_1) entered disabled state [ 931.688309][ T29] audit: type=1326 audit(2000000718.369:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15495 comm="syz.1.3466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7708775a99 code=0x7ffc0000 [ 931.891347][ T1250] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.891507][ T1250] ieee802154 phy1 wpan1: encryption failed: -22 [ 933.351725][T14623] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 933.439399][T14623] Bluetooth: hci3: ACL packet for unknown connection handle 2248 [ 933.505236][T14623] Bluetooth: hci3: ACL packet for unknown connection handle 201 [ 933.549938][T14623] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 933.961346][ T5190] usb 1-1: new full-speed USB device number 38 using dummy_hcd [ 934.955965][ T5190] usb 1-1: device descriptor read/64, error -71 [ 935.285624][ T5190] usb 1-1: new full-speed USB device number 39 using dummy_hcd [ 935.448373][T14623] Bluetooth: hci3: command 0x0406 tx timeout [ 935.485915][ T5190] usb 1-1: device descriptor read/64, error -71 [ 935.599633][ T5144] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 935.637792][ T5190] usb usb1-port1: attempt power cycle [ 935.845440][ T5144] usb 5-1: Using ep0 maxpacket: 32 [ 935.867564][ T5144] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 935.898227][ T5144] usb 5-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 935.915712][ T5144] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 935.945490][ T5144] usb 5-1: Product: syz [ 935.962543][ T5144] usb 5-1: Manufacturer: syz [ 935.975731][ T5144] usb 5-1: SerialNumber: syz [ 935.988403][ T5144] usb 5-1: config 0 descriptor?? [ 936.007484][ T5144] usb 5-1: bad CDC descriptors [ 936.012928][ T5144] usb 5-1: unsupported MDLM descriptors [ 936.065550][ T5190] usb 1-1: new full-speed USB device number 40 using dummy_hcd [ 936.127613][ T5190] usb 1-1: device descriptor read/8, error -71 [ 936.201313][T13411] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 936.305098][ T5140] usb 5-1: USB disconnect, device number 36 [ 936.395514][ T5190] usb 1-1: new full-speed USB device number 41 using dummy_hcd [ 936.431104][T13411] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 936.482506][ T5190] usb 1-1: device descriptor read/8, error -71 [ 936.483318][T13411] usb 2-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 3, skipping [ 936.595248][T13411] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6 [ 936.632167][T13411] usb 2-1: string descriptor 0 read error: -71 [ 936.648152][T13411] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 936.656003][ T5190] usb usb1-port1: unable to enumerate USB device [ 936.658448][T13411] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 936.724928][T13411] usb 2-1: can't set config #1, error -71 [ 936.778769][T13411] usb 2-1: USB disconnect, device number 26 [ 938.146967][T15612] nbd4: detected capacity change from 0 to 8388607 [ 938.778166][T14623] block nbd4: Receive control failed (result -32) [ 938.819938][T15612] block nbd4: shutting down sockets [ 939.114603][T15626] bad cache= option: none [ 939.114603][T15626] [ 939.150081][T15626] CIFS: VFS: bad cache= option: none [ 941.698342][T15654] batadv0: entered promiscuous mode [ 941.763655][T15655] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 946.872251][T15674] bad cache= option: none [ 946.872251][T15674] [ 946.899926][T15674] CIFS: VFS: bad cache= option: none [ 948.766610][T15681] nbd: device at index 2 is going down [ 948.782707][T15694] batadv0: entered promiscuous mode [ 948.853935][T15695] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 956.389576][T15722] team0: Port device virt_wifi0 added [ 957.408553][T15732] batadv0: entered promiscuous mode [ 957.778790][T15735] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 957.975616][ T5103] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 957.993170][ T5103] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 958.006602][ T5103] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 958.036750][ T5103] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 958.046910][ T5103] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 958.059843][ T5103] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 958.584038][ T29] audit: type=1804 audit(2000000746.819:287): pid=15750 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.3550" name="/newroot/362/bus/file0" dev="overlay" ino=1964 res=1 errno=0 [ 959.131158][T15765] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3556'. [ 959.318196][T15737] chnl_net:caif_netlink_parms(): no params data found [ 959.954161][T15737] bridge0: port 1(bridge_slave_0) entered blocking state [ 960.006797][T15737] bridge0: port 1(bridge_slave_0) entered disabled state [ 960.017700][T15737] bridge_slave_0: entered allmulticast mode [ 960.036377][T15737] bridge_slave_0: entered promiscuous mode [ 960.081633][T15737] bridge0: port 2(bridge_slave_1) entered blocking state [ 960.115721][T15737] bridge0: port 2(bridge_slave_1) entered disabled state [ 960.136066][T15737] bridge_slave_1: entered allmulticast mode [ 960.166414][ T5103] Bluetooth: hci0: command tx timeout [ 960.174909][T15737] bridge_slave_1: entered promiscuous mode [ 960.237067][T15804] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3568'. [ 960.268602][T15797] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3567'. [ 960.451657][T15737] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 960.490381][T15810] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 960.526573][T15737] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 960.774484][T15737] team0: Port device team_slave_0 added [ 960.857491][T15737] team0: Port device team_slave_1 added [ 961.189498][T15737] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 961.225912][T15737] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 961.315849][T15737] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 961.347842][T15833] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3578'. [ 961.376467][T15737] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 961.417924][T15737] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 961.595452][T15737] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 961.946187][T15737] hsr_slave_0: entered promiscuous mode [ 962.022069][T15737] hsr_slave_1: entered promiscuous mode [ 962.075778][T15737] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 962.083434][T15737] Cannot create hsr debugfs directory [ 962.181940][T15844] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3582'. [ 962.246489][ T5103] Bluetooth: hci0: command tx timeout [ 963.545821][ T5140] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 963.681493][T15875] binder: 15873:15875 ioctl 400c620e 20000140 returned -22 [ 963.752091][ T5140] usb 4-1: Using ep0 maxpacket: 8 [ 963.829064][ T5140] usb 4-1: string descriptor 0 read error: -22 [ 963.861079][ T5140] usb 4-1: New USB device found, idVendor=1871, idProduct=0306, bcdDevice=b5.b0 [ 963.945507][ T5140] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 964.057123][ T5140] usb 4-1: config 0 descriptor?? [ 964.121903][ T5140] usb 4-1: Found UVC 0.00 device (1871:0306) [ 964.170864][ T5140] usb 4-1: No valid video chain found. [ 964.221409][T15737] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 964.322766][ T5142] usb 4-1: USB disconnect, device number 37 [ 964.331319][ T5103] Bluetooth: hci0: command tx timeout [ 964.562411][T15737] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 964.813098][T15737] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 965.023554][T15737] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 965.278036][T15872] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 965.339395][T15872] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 965.476670][T15890] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3598'. [ 965.496369][T15890] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3598'. [ 965.591376][T15890] macvlan0: entered promiscuous mode [ 965.630183][T15890] batadv_slave_0: entered promiscuous mode [ 965.954129][T15737] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 966.076553][T15737] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 966.141232][T15737] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 966.215761][T15872] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 966.226283][T15737] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 966.254770][T15872] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 967.752729][T15909] netlink: 'syz.0.3603': attribute type 7 has an invalid length. [ 967.760736][T15909] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3603'. [ 968.761324][ T29] audit: type=1326 audit(2000000756.999:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15918 comm="syz.3.3608" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4560975a99 code=0x0 [ 968.871024][T15737] 8021q: adding VLAN 0 to HW filter on device bond0 [ 968.980492][T15737] 8021q: adding VLAN 0 to HW filter on device team0 [ 969.062706][ T9479] bridge0: port 1(bridge_slave_0) entered blocking state [ 969.070387][ T9479] bridge0: port 1(bridge_slave_0) entered forwarding state [ 969.136749][ T5142] bridge0: port 2(bridge_slave_1) entered blocking state [ 969.144244][ T5142] bridge0: port 2(bridge_slave_1) entered forwarding state [ 971.789997][T15737] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 972.991153][T15986] netlink: 'syz.3.3628': attribute type 20 has an invalid length. [ 973.424164][ T784] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 973.698267][ T784] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 973.877416][ T784] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 973.965852][ T784] usb 4-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 973.974990][ T784] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 974.086861][ T784] usb 4-1: config 0 descriptor?? [ 974.155943][T16006] openvswitch: netlink: Flow key attr not present in new flow. [ 974.165231][T16009] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3636'. [ 974.561665][T15737] veth0_vlan: entered promiscuous mode [ 974.602150][ T784] lg-g15 0003:046D:C222.0012: unknown main item tag 0x0 [ 974.838250][ T784] lg-g15 0003:046D:C222.0012: item fetching failed at offset 9/11 [ 974.839673][T15737] veth1_vlan: entered promiscuous mode [ 974.898916][ T784] lg-g15 0003:046D:C222.0012: probe with driver lg-g15 failed with error -22 [ 975.494804][T15737] veth0_macvtap: entered promiscuous mode [ 975.628232][T15737] veth1_macvtap: entered promiscuous mode [ 975.748444][T15737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 975.841730][T15737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 975.926589][T15737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 975.955810][ T784] usb 4-1: USB disconnect, device number 38 [ 975.992844][T15737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 976.066318][T15737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 976.133252][T15737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 976.147573][T16042] openvswitch: netlink: Flow key attr not present in new flow. [ 976.183774][T15737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 976.265519][T15737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 976.332682][T15737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 976.361465][T15737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 976.385543][T15737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 976.410700][T15737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 976.461755][T15737] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 976.504899][T15737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 976.564120][T15737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 976.605588][T15737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 976.640775][T15737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 976.697855][T15737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 976.744206][T15737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 976.805482][T15737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 976.915068][T15737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 976.924512][T16064] RDS: rds_bind could not find a transport for ::ffff:172.30.0.2, load rds_tcp or rds_rdma? [ 976.938846][T15737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 976.970877][T15737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 976.982370][T15737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 976.995230][T15737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 977.235750][T15737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 977.325725][T16064] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 977.525956][T15737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 977.568626][T15737] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 977.600598][T15737] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 977.641018][T15737] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 977.666693][T15737] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 977.695423][T15737] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 977.715657][ T784] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 977.742916][T16057] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3650'. [ 977.841137][T16070] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3654'. [ 977.921850][ T784] usb 2-1: too many configurations: 12, using maximum allowed: 8 [ 977.997184][ T784] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 978.029695][ T784] usb 2-1: config 0 has no interfaces? [ 978.062410][T16071] bond2: (slave gre1): The slave device specified does not support setting the MAC address [ 978.066688][ T784] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 978.116364][T16071] bond2: (slave gre1): Error -95 calling set_mac_address [ 978.124724][ T784] usb 2-1: config 0 has no interfaces? [ 978.163395][ T784] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 978.191525][T16072] vlan1: entered promiscuous mode [ 978.205252][ T784] usb 2-1: config 0 has no interfaces? [ 978.233491][ T784] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 978.251474][T16072] bond2: (slave vlan1): Opening slave failed [ 978.275406][ T784] usb 2-1: config 0 has no interfaces? [ 978.315167][ T784] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 978.398764][ T784] usb 2-1: config 0 has no interfaces? [ 978.445782][ T784] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 978.540335][ T784] usb 2-1: config 0 has no interfaces? [ 978.580971][ T784] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 978.634249][ T784] usb 2-1: config 0 has no interfaces? [ 978.666247][ T784] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 978.701765][ T784] usb 2-1: config 0 has no interfaces? [ 978.723855][ T784] usb 2-1: New USB device found, idVendor=5bd3, idProduct=317c, bcdDevice= 4.5e [ 978.760662][T16089] netlink: 'syz.0.3658': attribute type 3 has an invalid length. [ 978.772575][ T784] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 978.793184][T16089] netlink: 666 bytes leftover after parsing attributes in process `syz.0.3658'. [ 978.826332][ T784] usb 2-1: config 0 descriptor?? [ 978.843812][T15659] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 978.883714][T15659] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 978.898493][T16091] openvswitch: netlink: Flow key attr not present in new flow. [ 979.123682][ T2483] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 979.185225][ T2483] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 979.405186][ T9479] usb 2-1: USB disconnect, device number 27 [ 979.492640][T16099] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3663'. [ 981.024250][T16122] openvswitch: netlink: Flow key attr not present in new flow. [ 981.363388][T16126] binder: Binderfs stats mode cannot be changed during a remount [ 983.132970][T16154] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3679'. [ 983.965860][T16169] binder: Binderfs stats mode cannot be changed during a remount [ 985.295499][ T5190] usb 4-1: new low-speed USB device number 39 using dummy_hcd [ 985.487792][ T5190] usb 4-1: New USB device found, idVendor=0499, idProduct=105d, bcdDevice=9a.0f [ 985.517565][ T5190] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 985.557058][ T5190] usb 4-1: config 0 descriptor?? [ 985.657699][ T5190] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 985.851458][T13411] usb 4-1: USB disconnect, device number 39 [ 986.725321][T16208] binder: Binderfs stats mode cannot be changed during a remount [ 988.146614][T16232] RDS: rds_bind could not find a transport for ::ffff:172.30.0.1, load rds_tcp or rds_rdma? [ 988.406115][T16232] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 988.833069][T16237] xt_l2tp: missing protocol rule (udp|l2tpip) [ 988.866061][T16238] tap0: tun_chr_ioctl cmd 1074025677 [ 988.894338][T16238] tap0: linktype set to 776 [ 988.905726][T15739] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 988.922340][T16243] @ÿ: renamed from veth0_vlan (while UP) [ 988.981907][T16242] tipc: Started in network mode [ 989.002072][T16242] tipc: Node identity ac14140f, cluster identity 4711 [ 989.040294][T16242] tipc: Enabled bearer , priority 10 [ 989.143329][T15739] usb 1-1: too many configurations: 12, using maximum allowed: 8 [ 989.212293][T15739] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 989.264959][T15739] usb 1-1: config 0 has no interfaces? [ 989.305138][T15739] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 989.539444][T15739] usb 1-1: config 0 has no interfaces? [ 989.559915][T15739] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 990.339851][ T5188] tipc: Node number set to 2886997007 [ 990.346276][T15739] usb 1-1: config 0 has no interfaces? [ 990.389201][T15739] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 990.438725][T15739] usb 1-1: config 0 has no interfaces? [ 990.473346][T15739] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 990.527267][T15739] usb 1-1: config 0 has no interfaces? [ 990.556896][T15739] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 990.611935][T15739] usb 1-1: config 0 has no interfaces? [ 990.656759][T15739] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 990.688646][T16257] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3718'. [ 990.703902][T15739] usb 1-1: config 0 has no interfaces? [ 990.743058][T15739] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 990.787942][T15739] usb 1-1: config 0 has no interfaces? [ 990.810041][T15739] usb 1-1: New USB device found, idVendor=5bd3, idProduct=317c, bcdDevice= 4.5e [ 990.852795][T15739] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 990.897473][T15739] usb 1-1: config 0 descriptor?? [ 990.997221][T15739] usb 1-1: can't set config #0, error -71 [ 991.043011][T15739] usb 1-1: USB disconnect, device number 42 [ 991.377547][ T5188] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 991.435541][T16279] tap0: tun_chr_ioctl cmd 1074025677 [ 991.448424][T16279] tap0: linktype set to 776 [ 991.585562][ T5188] usb 4-1: Using ep0 maxpacket: 32 [ 991.629188][ T5188] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 991.716370][ T5188] usb 4-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 991.748720][ T5188] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 991.785548][ T5188] usb 4-1: Product: syz [ 991.815765][ T5188] usb 4-1: Manufacturer: syz [ 991.834132][ T5188] usb 4-1: SerialNumber: syz [ 991.876709][ T5188] usb 4-1: config 0 descriptor?? [ 991.882564][T16271] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 991.916667][ T5188] hub 4-1:0.0: bad descriptor, ignoring hub [ 991.944066][ T5188] hub 4-1:0.0: probe with driver hub failed with error -5 [ 991.990554][ T5188] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input35 [ 992.365120][ T5188] usb 4-1: USB disconnect, device number 40 [ 992.365193][ C0] usbtouchscreen 4-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 992.494067][T16294] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3732'. [ 993.699836][ T1250] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.706431][ T1250] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.955513][ T9479] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 994.239566][ T9479] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 994.270093][ T9479] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 994.361708][ T9479] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 994.399160][ T9479] usb 1-1: Product: syz [ 994.415537][ T9479] usb 1-1: Manufacturer: syz [ 994.430653][ T9479] usb 1-1: SerialNumber: syz [ 994.690720][T16319] tipc: Enabling of bearer rejected, already enabled [ 994.930015][ T5188] rtc_cmos 00:00: Alarms can be up to one day in the future [ 994.981764][T16326] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3745'. [ 994.985861][ T5188] rtc_cmos 00:00: Alarms can be up to one day in the future [ 995.078465][ T5188] rtc_cmos 00:00: Alarms can be up to one day in the future [ 995.103056][ T5188] rtc_cmos 00:00: Alarms can be up to one day in the future [ 995.168613][ T5188] rtc rtc0: __rtc_set_alarm: err=-22 [ 995.503508][ T9479] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 995.563319][ T9479] cdc_ncm 1-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 995.632087][ T9479] cdc_ncm 1-1:1.0: setting rx_max = 2048 [ 995.721965][ T9479] cdc_ncm 1-1:1.0: setting tx_max = 184 [ 995.947311][ T9479] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 996.085799][ T9479] usb 1-1: USB disconnect, device number 43 [ 996.126677][ T9479] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP) [ 996.769878][T16357] xt_l2tp: missing protocol rule (udp|l2tpip) [ 997.871108][ T9479] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 998.116041][ T9479] usb 1-1: Using ep0 maxpacket: 32 [ 998.150028][ T9479] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 998.264672][ T9479] usb 1-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 998.347636][ T9479] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 998.472675][ T9479] usb 1-1: Product: syz [ 998.515756][ T9479] usb 1-1: Manufacturer: syz [ 998.579077][ T9479] usb 1-1: SerialNumber: syz [ 998.641787][ T9479] usb 1-1: config 0 descriptor?? [ 998.659670][T16354] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 998.722340][ T9479] hub 1-1:0.0: bad descriptor, ignoring hub [ 998.777423][ T9479] hub 1-1:0.0: probe with driver hub failed with error -5 [ 998.826660][ T9479] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input36 [ 999.132859][T16381] program syz.2.3762 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 999.221004][ C1] usbtouchscreen 1-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 999.221004][T15739] usb 1-1: USB disconnect, device number 44 [ 1000.064022][ T785] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 1000.295586][ T785] usb 5-1: Using ep0 maxpacket: 16 [ 1000.573722][ T785] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 1000.589830][ T785] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1000.599050][ T785] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1000.607216][ T785] usb 5-1: SerialNumber: syz [ 1000.618119][ T785] cdc_acm 5-1:1.0: Control and data interfaces are not separated! [ 1000.635717][ T785] cdc_acm 5-1:1.0: This needs exactly 3 endpoints [ 1000.645026][ T785] cdc_acm 5-1:1.0: probe with driver cdc_acm failed with error -22 [ 1000.931540][T16401] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 1000.957796][ C1] vkms_vblank_simulate: vblank timer overrun [ 1000.964424][T16401] CIFS mount error: No usable UNC path provided in device string! [ 1000.964424][T16401] [ 1000.976005][T16401] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 1001.970237][T16415] program syz.1.3774 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1002.028744][T13411] usb 5-1: USB disconnect, device number 37 [ 1004.376109][T13411] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 1004.635508][T13411] usb 5-1: Using ep0 maxpacket: 32 [ 1004.728237][T13411] usb 5-1: New USB device found, idVendor=1a0a, idProduct=0101, bcdDevice=3a.75 [ 1004.815795][T13411] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1004.877547][T13411] usb 5-1: Product: syz [ 1004.881799][T13411] usb 5-1: Manufacturer: syz [ 1004.930666][T13411] usb 5-1: SerialNumber: syz [ 1004.948047][T13411] usb 5-1: config 0 descriptor?? [ 1005.219598][T16455] input: syz1 as /devices/virtual/input/input37 [ 1005.269548][T13411] usb_ehset_test 5-1:0.0: probe with driver usb_ehset_test failed with error -32 [ 1005.388105][T13411] usb 5-1: USB disconnect, device number 38 [ 1008.845830][ T9479] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 1009.112196][T14623] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1009.136088][T14623] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1009.147700][T14623] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1009.155106][ T9479] usb 2-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 1009.165325][ T9479] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1009.176522][T14623] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1009.184405][T14623] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1009.195124][T14623] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1009.204233][ T9479] usb 2-1: config 0 descriptor?? [ 1009.395303][ T7319] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1009.457343][ T9479] usb 2-1: string descriptor 0 read error: -71 [ 1009.500417][ T9479] gspca_main: abcd:cdee too many config [ 1009.552582][ T9479] usb 2-1: USB disconnect, device number 28 [ 1009.797676][ T7319] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1009.946269][T16513] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1011.478625][T14623] Bluetooth: hci0: command tx timeout [ 1013.209916][ T7319] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1013.383092][T16512] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1013.489201][ T7319] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1013.685827][T14623] Bluetooth: hci0: command tx timeout [ 1013.811723][ T784] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1013.847833][ T784] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1013.879273][ T784] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1013.911249][ T784] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1013.947881][ T784] rtc rtc0: __rtc_set_alarm: err=-22 [ 1014.713016][ T7319] bridge_slave_1: left allmulticast mode [ 1014.743765][ T7319] bridge_slave_1: left promiscuous mode [ 1014.775168][ T7319] bridge0: port 2(bridge_slave_1) entered disabled state [ 1014.826801][ T7319] bridge_slave_0: left allmulticast mode [ 1014.845930][ T7319] bridge_slave_0: left promiscuous mode [ 1014.864312][ T7319] bridge0: port 1(bridge_slave_0) entered disabled state [ 1015.772051][T14623] Bluetooth: hci0: command tx timeout [ 1017.598481][ T7319] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1017.646350][ T7319] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1017.686425][ T7319] bond0 (unregistering): Released all slaves [ 1017.780753][T16507] chnl_net:caif_netlink_parms(): no params data found [ 1017.853564][T14623] Bluetooth: hci0: command tx timeout [ 1020.146221][T16613] input: syz1 as /devices/virtual/input/input38 [ 1020.423631][T16507] bridge0: port 1(bridge_slave_0) entered blocking state [ 1020.466984][T16507] bridge0: port 1(bridge_slave_0) entered disabled state [ 1020.492708][T16507] bridge_slave_0: entered allmulticast mode [ 1020.557627][T16507] bridge_slave_0: entered promiscuous mode [ 1020.614098][T16507] bridge0: port 2(bridge_slave_1) entered blocking state [ 1020.651552][T16507] bridge0: port 2(bridge_slave_1) entered disabled state [ 1020.708343][T16507] bridge_slave_1: entered allmulticast mode [ 1020.774281][T16507] bridge_slave_1: entered promiscuous mode [ 1021.023098][ T7319] hsr_slave_0: left promiscuous mode [ 1021.070678][ T7319] hsr_slave_1: left promiscuous mode [ 1021.104983][ T7319] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1021.141796][ T7319] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1021.170189][ T7319] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1021.200308][ T7319] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1021.340763][ T7319] veth1_macvtap: left promiscuous mode [ 1021.366809][ T7319] veth0_macvtap: left promiscuous mode [ 1021.389008][ T7319] veth1_vlan: left promiscuous mode [ 1021.416542][ T7319] veth0_vlan: left promiscuous mode [ 1025.820625][ T29] audit: type=1326 audit(2000000814.059:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16669 comm="syz.2.3862" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb6bc975a99 code=0x0 [ 1026.165691][ T5188] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 1026.291397][ T7319] team0 (unregistering): Port device team_slave_1 removed [ 1026.376455][ T5188] usb 1-1: Using ep0 maxpacket: 16 [ 1026.408374][ T5188] usb 1-1: config 0 descriptor has 1 excess byte, ignoring [ 1026.425798][ T5188] usb 1-1: config 0 has no interfaces? [ 1026.459604][ T5188] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1026.485443][ T5188] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1026.514475][ T5188] usb 1-1: Product: syz [ 1026.526846][ T5188] usb 1-1: Manufacturer: syz [ 1026.531509][ T5188] usb 1-1: SerialNumber: syz [ 1026.579674][ T5188] r8152-cfgselector 1-1: Unknown version 0x0000 [ 1026.586382][ T5188] r8152-cfgselector 1-1: config 0 descriptor?? [ 1026.630061][ T7319] team0 (unregistering): Port device team_slave_0 removed [ 1027.000175][T15739] r8152-cfgselector 1-1: USB disconnect, device number 45 [ 1028.119104][ T29] audit: type=1326 audit(2000000816.359:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16686 comm="syz.0.3866" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd86f775a99 code=0x0 [ 1028.762448][T16507] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1028.812339][T16507] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1029.057313][T16507] team0: Port device team_slave_0 added [ 1029.102286][T16507] team0: Port device team_slave_1 added [ 1029.324615][T16507] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1029.385142][T16507] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1029.502293][T16507] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1029.542214][T16507] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1029.559646][T16507] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1029.635607][T16507] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1029.671371][T16709] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3874'. [ 1029.754235][T16709] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1029.764312][T16709] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1029.773633][T16709] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1029.782418][T16709] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1029.859126][T16709] vxlan0: entered promiscuous mode [ 1030.032009][T16507] hsr_slave_0: entered promiscuous mode [ 1030.049580][T16507] hsr_slave_1: entered promiscuous mode [ 1030.062709][T16507] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1030.093056][T16507] Cannot create hsr debugfs directory [ 1030.612377][ T29] audit: type=1326 audit(2000000818.849:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16718 comm="syz.0.3878" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd86f775a99 code=0x0 [ 1030.889738][T16737] dccp_invalid_packet: P.Data Offset(0) too small [ 1031.545001][T16751] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3892'. [ 1031.693240][T16507] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1031.743275][T16507] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1031.818083][T16507] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1031.886758][T16507] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1032.062333][T16766] dccp_invalid_packet: P.Data Offset(0) too small [ 1032.391131][T16507] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1032.457590][T16775] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3903'. [ 1032.491497][T16507] 8021q: adding VLAN 0 to HW filter on device team0 [ 1032.572402][ T785] bridge0: port 1(bridge_slave_0) entered blocking state [ 1032.579690][ T785] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1032.632974][ T785] bridge0: port 2(bridge_slave_1) entered blocking state [ 1032.640267][ T785] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1032.727870][T16780] KVM: debugfs: duplicate directory 16780-5 [ 1033.028083][T16792] netlink: 'syz.0.3909': attribute type 4 has an invalid length. [ 1033.083311][ T29] audit: type=1326 audit(2000000821.309:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16784 comm="syz.3.3907" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4560975a99 code=0x0 [ 1033.253354][T16797] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3910'. [ 1033.854914][T16507] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1034.042803][T16824] netlink: 'syz.1.3921': attribute type 4 has an invalid length. [ 1037.320835][T16864] netlink: 'syz.0.3934': attribute type 4 has an invalid length. [ 1037.424327][T16507] veth0_vlan: entered promiscuous mode [ 1037.516352][T16507] veth1_vlan: entered promiscuous mode [ 1037.691637][T16507] veth0_macvtap: entered promiscuous mode [ 1037.752788][T16507] veth1_macvtap: entered promiscuous mode [ 1037.856471][T16507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1037.912727][T16507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1037.957092][T16507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1037.991646][T16507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1038.037926][T16507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1038.083935][T16507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1038.120311][T16507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1038.169383][T16507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1038.177067][ T784] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 1038.206394][T16507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1038.248210][T16507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1038.281255][T16507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1038.319120][T16507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1038.378646][ T784] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1038.385261][T16507] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1038.413319][ T784] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1038.452426][T16507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1038.460672][ T784] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1038.516305][ T784] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 1038.520666][T16507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1038.557202][ T784] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1038.569531][T16507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1038.597057][ T784] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 1038.615878][T16507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1038.641891][ T784] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1038.656627][T16507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1038.663839][ T784] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1038.706925][T16507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1038.710275][ T784] usb 4-1: Product: syz [ 1038.736241][T16507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1038.743877][ T784] usb 4-1: Manufacturer: syz [ 1038.760533][ T784] usb 4-1: SerialNumber: syz [ 1038.767089][T16507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1038.800679][ T5103] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1038.803918][T16507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1038.825619][ T5103] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1038.834649][ T5103] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1038.835028][T16507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1038.856154][ T5103] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1038.864040][T16507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1038.886651][T16507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1038.897663][ T5103] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 1038.907154][ T5103] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1038.911577][T16507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1038.993671][T16507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1039.048302][T16507] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1039.150009][ T784] cdc_ncm 4-1:1.0: bind() failure [ 1039.171545][ T784] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 1039.215632][ T784] cdc_ncm 4-1:1.1: bind() failure [ 1039.265889][ T784] usb 4-1: USB disconnect, device number 41 [ 1039.464029][T16901] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3950'. [ 1039.485101][T16901] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3950'. [ 1039.576361][T16507] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1039.615518][T16507] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1039.624302][T16507] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1039.653677][T16507] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1040.145950][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1040.178347][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1040.583735][ T3813] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1040.643544][ T3813] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1040.669781][ T29] audit: type=1326 audit(2000000828.909:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16917 comm="syz.3.3959" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4560975a99 code=0x0 [ 1040.965631][ T5103] Bluetooth: hci5: command tx timeout [ 1041.731241][T16893] chnl_net:caif_netlink_parms(): no params data found [ 1042.467883][T16893] bridge0: port 1(bridge_slave_0) entered blocking state [ 1042.495825][T16893] bridge0: port 1(bridge_slave_0) entered disabled state [ 1042.523557][T16893] bridge_slave_0: entered allmulticast mode [ 1042.570849][T16893] bridge_slave_0: entered promiscuous mode [ 1042.656453][T16893] bridge0: port 2(bridge_slave_1) entered blocking state [ 1042.743776][T16893] bridge0: port 2(bridge_slave_1) entered disabled state [ 1042.773176][T16893] bridge_slave_1: entered allmulticast mode [ 1042.811908][T16893] bridge_slave_1: entered promiscuous mode [ 1043.055604][ T5103] Bluetooth: hci5: command tx timeout [ 1043.260056][T16958] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3969'. [ 1043.531185][T16893] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1043.588274][T16893] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1043.898847][T16893] team0: Port device team_slave_0 added [ 1043.902902][T16982] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3978'. [ 1043.975228][T16893] team0: Port device team_slave_1 added [ 1044.188025][T16893] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1044.213881][T16893] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1044.328434][T16893] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1044.367722][T16893] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1044.389578][T16893] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1044.506182][T16893] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1044.676548][T16997] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3986'. [ 1045.001972][T17001] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3988'. [ 1045.128351][ T5103] Bluetooth: hci5: command tx timeout [ 1045.315118][T16893] hsr_slave_0: entered promiscuous mode [ 1045.391068][T16893] hsr_slave_1: entered promiscuous mode [ 1045.434669][T16893] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1046.255988][T16893] Cannot create hsr debugfs directory [ 1047.205770][ T5103] Bluetooth: hci5: command tx timeout [ 1047.481837][T16893] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1047.531619][T16893] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1047.653823][T17034] (unnamed net_device) (uninitialized): option miimon: invalid value (18446744073709551615) [ 1047.695438][T17034] (unnamed net_device) (uninitialized): option miimon: allowed values 0 - 2147483647 [ 1047.775883][ T5103] Bluetooth: hci0: command tx timeout [ 1048.057646][T16893] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1048.093343][T16893] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1048.484888][T16893] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1048.535266][T16893] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1048.864296][T16893] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1048.910958][T16893] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1048.992163][T17065] tipc: Started in network mode [ 1049.008776][T17065] tipc: Node identity f0, cluster identity 4711 [ 1049.034701][T17065] tipc: Node number set to 240 [ 1049.638095][T17081] input: syz0 as /devices/virtual/input/input39 [ 1049.645864][T17082] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4019'. [ 1049.719976][T16893] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1049.789337][T16893] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1049.857718][T16893] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1050.125197][T17084] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4020'. [ 1050.313874][T16893] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1050.967460][T17110] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4029'. [ 1051.102113][T16893] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1051.248270][T16893] 8021q: adding VLAN 0 to HW filter on device team0 [ 1051.372277][ T9479] bridge0: port 1(bridge_slave_0) entered blocking state [ 1051.379554][ T9479] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1051.503292][ T5142] bridge0: port 2(bridge_slave_1) entered blocking state [ 1051.510581][ T5142] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1051.744517][T16893] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1053.644023][ T29] audit: type=1326 audit(2000000841.879:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17139 comm="syz.0.4036" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd86f775a99 code=0x0 [ 1054.311118][T16893] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1054.569607][T16893] veth0_vlan: entered promiscuous mode [ 1054.638408][T17164] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1054.648519][T16893] veth1_vlan: entered promiscuous mode [ 1054.742852][ T1250] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.749786][ T1250] ieee802154 phy1 wpan1: encryption failed: -22 [ 1054.854516][T16893] veth0_macvtap: entered promiscuous mode [ 1054.995643][T16893] veth1_macvtap: entered promiscuous mode [ 1055.102766][T17177] netlink: 'syz.3.4045': attribute type 11 has an invalid length. [ 1055.196832][ T5103] Bluetooth: hci0: Malformed Event: 0x02 [ 1055.236211][T16893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1055.284742][T16893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1055.320194][T16893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1055.355847][T16893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1055.387450][T16893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1055.409863][T16893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1055.437439][T16893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1055.465200][T16893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1055.489818][T16893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1055.513166][T16893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1055.538448][T16893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1055.560759][T16893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1055.584261][T16893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1055.610991][T16893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1055.657350][T16893] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1055.843007][T16893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1055.895896][T16893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1055.925148][T16893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1055.946245][T16893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1055.956487][T16893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1055.974861][T16893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1056.000371][T16893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1056.025714][T16893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1056.048612][T16893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1056.070660][T16893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1056.095457][T16893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1056.121424][T16893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1056.142026][T16893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1056.171319][T16893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1056.201138][T16893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1056.234732][T16893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1056.273025][T16893] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1056.356164][T17190] nbd3: detected capacity change from 0 to 12 [ 1056.395993][T17191] nbd3: detected capacity change from 12 to 6 [ 1056.469636][T16893] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1056.513558][T16893] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1056.543149][T16893] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1056.567913][T16893] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1056.832628][T17189] block nbd3: shutting down sockets [ 1057.119615][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1057.129269][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1057.753303][T15659] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1057.814989][T15659] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1057.963171][T17207] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4054'. [ 1057.978784][T17209] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4057'. [ 1058.251544][ T29] audit: type=1804 audit(2000000846.479:295): pid=17217 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.4059" name="/newroot/28/file0/file0" dev="ramfs" ino=74718 res=1 errno=0 [ 1059.163727][T17252] netlink: 'syz.3.4066': attribute type 21 has an invalid length. [ 1059.163807][T17252] netlink: 156 bytes leftover after parsing attributes in process `syz.3.4066'. [ 1062.638352][ T5103] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 1062.638470][ T5103] CPU: 1 PID: 5103 Comm: kworker/u9:8 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 1062.638498][ T5103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1062.638516][ T5103] Workqueue: hci0 hci_rx_work [ 1062.638559][ T5103] Call Trace: [ 1062.638571][ T5103] [ 1062.638584][ T5103] dump_stack_lvl+0x241/0x360 [ 1062.638623][ T5103] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1062.638652][ T5103] ? __pfx__printk+0x10/0x10 [ 1062.638683][ T5103] ? sysfs_create_dir_ns+0x28a/0x3a0 [ 1062.638721][ T5103] ? kmalloc_trace_noprof+0x19c/0x2c0 [ 1062.638778][ T5103] sysfs_create_dir_ns+0x2ce/0x3a0 [ 1062.638819][ T5103] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1062.638870][ T5103] kobject_add_internal+0x435/0x8d0 [ 1062.638912][ T5103] kobject_add+0x152/0x220 [ 1062.638940][ T5103] ? do_raw_spin_unlock+0x13c/0x8b0 [ 1062.638966][ T5103] ? device_add+0x3e7/0xbf0 [ 1062.638999][ T5103] ? __pfx_kobject_add+0x10/0x10 [ 1062.639029][ T5103] ? _raw_spin_unlock+0x28/0x50 [ 1062.639065][ T5103] ? get_device_parent+0x165/0x410 [ 1062.639102][ T5103] device_add+0x4e5/0xbf0 [ 1062.639142][ T5103] hci_conn_add_sysfs+0xe8/0x200 [ 1062.639178][ T5103] le_conn_complete_evt+0xc9f/0x12e0 [ 1062.639224][ T5103] ? trace_contention_end+0x3c/0x120 [ 1062.639265][ T5103] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1062.639294][ T5103] ? __mutex_unlock_slowpath+0x21d/0x750 [ 1062.639333][ T5103] ? __copy_skb_header+0x437/0x5b0 [ 1062.639371][ T5103] ? skb_pull_data+0x112/0x230 [ 1062.639406][ T5103] hci_le_enh_conn_complete_evt+0x185/0x420 [ 1062.639457][ T5103] hci_event_packet+0xa55/0x1540 [ 1062.639497][ T5103] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1062.639543][ T5103] ? __pfx_hci_event_packet+0x10/0x10 [ 1062.639574][ T5103] ? do_raw_spin_unlock+0x13c/0x8b0 [ 1062.639609][ T5103] ? hci_send_to_monitor+0xd8/0x7f0 [ 1062.639636][ T5103] ? kcov_remote_start+0x9e/0x7e0 [ 1062.639671][ T5103] hci_rx_work+0x3e8/0xca0 [ 1062.639747][ T5103] ? process_scheduled_works+0x945/0x1830 [ 1062.639776][ T5103] process_scheduled_works+0xa2c/0x1830 [ 1062.639843][ T5103] ? __pfx_process_scheduled_works+0x10/0x10 [ 1062.639882][ T5103] ? assign_work+0x364/0x3d0 [ 1062.639917][ T5103] worker_thread+0x86d/0xd40 [ 1062.639958][ T5103] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1062.639995][ T5103] ? __kthread_parkme+0x169/0x1d0 [ 1062.640031][ T5103] ? __pfx_worker_thread+0x10/0x10 [ 1062.640060][ T5103] kthread+0x2f0/0x390 [ 1062.640092][ T5103] ? __pfx_worker_thread+0x10/0x10 [ 1062.640120][ T5103] ? __pfx_kthread+0x10/0x10 [ 1062.640154][ T5103] ret_from_fork+0x4b/0x80 [ 1062.640187][ T5103] ? __pfx_kthread+0x10/0x10 [ 1062.640220][ T5103] ret_from_fork_asm+0x1a/0x30 [ 1062.640275][ T5103] [ 1062.640308][ T5103] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 1062.640351][ T5103] Bluetooth: hci0: failed to register connection device [ 1062.646203][ T5103] Bluetooth: hci5: command tx timeout [ 1064.516291][T17348] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1064.517440][T17348] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1064.538650][T17348] hsr_slave_0: left promiscuous mode [ 1065.503253][ T5103] Bluetooth: hci0: command tx timeout [ 1065.593642][T17348] hsr_slave_1: left promiscuous mode [ 1068.691879][T17422] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1068.776574][T17422] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 1068.783186][T17422] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 1069.040722][T17422] vhci_hcd vhci_hcd.0: Device attached [ 1070.035554][ T9479] usb 14-1: SetAddress Request (6) to port 0 [ 1070.067641][ T9479] usb 14-1: new SuperSpeed USB device number 6 using vhci_hcd [ 1070.336262][T17429] vhci_hcd: connection reset by peer [ 1070.371290][ T7319] vhci_hcd: stop threads [ 1070.406320][ T7319] vhci_hcd: release socket [ 1070.429976][T15659] bridge0: port 2(bridge_slave_1) entered disabled state [ 1070.439351][ T7319] vhci_hcd: disconnect device [ 1070.497895][T15659] bridge_slave_0: left allmulticast mode [ 1070.526064][T15659] bridge_slave_0: left promiscuous mode [ 1070.550117][T15659] bridge0: port 1(bridge_slave_0) entered disabled state [ 1071.612675][T17496] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 1071.644487][T17496] UDF-fs: Scanning with blocksize 512 failed [ 1071.701952][T17496] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 1071.731706][T17496] UDF-fs: Scanning with blocksize 1024 failed [ 1071.755988][T17496] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 1071.786936][T17496] UDF-fs: Scanning with blocksize 2048 failed [ 1071.821234][T17496] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 1071.859096][T17496] UDF-fs: Scanning with blocksize 4096 failed [ 1072.980698][T15659] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1073.038527][T15659] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1073.100496][T15659] bond0 (unregistering): Released all slaves [ 1073.155637][T17512] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1073.272899][T17512] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 1073.279451][T17512] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 1073.290090][T17512] vhci_hcd vhci_hcd.0: Device attached [ 1073.349739][T15659] tipc: Disabling bearer [ 1073.432294][T15659] tipc: Left network mode [ 1073.607697][ T9] usb 12-1: SetAddress Request (2) to port 0 [ 1073.634909][ T9] usb 12-1: new SuperSpeed USB device number 2 using vhci_hcd [ 1074.121766][T17516] vhci_hcd: connection reset by peer [ 1074.129654][ T12] vhci_hcd: stop threads [ 1074.171541][ T12] vhci_hcd: release socket [ 1074.388659][ T12] vhci_hcd: disconnect device [ 1074.565638][T17536] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4156'. [ 1075.302781][ T9479] usb 14-1: device descriptor read/8, error -110 [ 1075.357063][T17529] netlink: 'syz.3.4154': attribute type 11 has an invalid length. [ 1075.917183][ T9479] usb usb14-port1: attempt power cycle [ 1076.652461][ T9479] usb usb14-port1: unable to enumerate USB device [ 1076.660644][T15659] hsr_slave_0: left promiscuous mode [ 1077.575095][T15659] hsr_slave_1: left promiscuous mode [ 1077.593749][T17570] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1077.669072][T15659] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1077.707685][T15659] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1077.764165][T15659] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1077.795645][T15659] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1078.046744][T15659] veth1_macvtap: left promiscuous mode [ 1078.066589][T15659] veth0_macvtap: left promiscuous mode [ 1078.072358][T15659] veth1_vlan: left promiscuous mode [ 1078.112219][T15659] veth0_vlan: left promiscuous mode [ 1078.296617][ T29] audit: type=1326 audit(2000000866.539:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17577 comm="syz.3.4168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4560975a99 code=0x7ffc0000 [ 1078.391779][ T29] audit: type=1326 audit(2000000866.539:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17577 comm="syz.3.4168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4560975a99 code=0x7ffc0000 [ 1078.486567][ T29] audit: type=1326 audit(2000000866.539:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17577 comm="syz.3.4168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4560975a99 code=0x7ffc0000 [ 1078.555558][T17586] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1078.565430][ T29] audit: type=1326 audit(2000000866.539:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17577 comm="syz.3.4168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4560975a99 code=0x7ffc0000 [ 1078.565496][ T29] audit: type=1326 audit(2000000866.539:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17577 comm="syz.3.4168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4560975a99 code=0x7ffc0000 [ 1078.565544][ T29] audit: type=1326 audit(2000000866.539:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17577 comm="syz.3.4168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f4560975a99 code=0x7ffc0000 [ 1078.565592][ T29] audit: type=1326 audit(2000000866.539:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17577 comm="syz.3.4168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4560975a99 code=0x7ffc0000 [ 1078.565640][ T29] audit: type=1326 audit(2000000866.539:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17577 comm="syz.3.4168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4560975a99 code=0x7ffc0000 [ 1078.565689][ T29] audit: type=1326 audit(2000000866.539:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17577 comm="syz.3.4168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4560975a99 code=0x7ffc0000 [ 1078.565738][ T29] audit: type=1326 audit(2000000866.579:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17577 comm="syz.3.4168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f4560975a99 code=0x7ffc0000 [ 1078.636106][T17587] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6) [ 1078.725408][T17587] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 1078.802217][T17587] vhci_hcd vhci_hcd.0: Device attached [ 1078.823880][ T9] usb 12-1: device descriptor read/8, error -110 [ 1079.106912][ T5142] usb 18-1: SetAddress Request (2) to port 0 [ 1079.129737][ T5142] usb 18-1: new SuperSpeed USB device number 2 using vhci_hcd [ 1079.284670][T17588] vhci_hcd: connection reset by peer [ 1079.286899][ T9] usb usb12-port1: attempt power cycle [ 1079.296487][ T53] vhci_hcd: stop threads [ 1079.296542][ T53] vhci_hcd: release socket [ 1079.297422][ T53] vhci_hcd: disconnect device [ 1080.057752][ T9] usb usb12-port1: unable to enumerate USB device [ 1080.626442][T15659] team0 (unregistering): Port device team_slave_1 removed [ 1080.799787][T15659] team0 (unregistering): Port device team_slave_0 removed [ 1083.055646][ T9] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 1083.298184][ T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1083.343883][ T9] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1083.386472][ T9] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1083.419981][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1083.450558][T17617] vivid-002: disconnect [ 1083.457354][ T9] usb 5-1: Product: syz [ 1083.475369][ T9] usb 5-1: Manufacturer: syz [ 1083.498112][T17616] vivid-002: reconnect [ 1083.502860][ T9] usb 5-1: SerialNumber: syz [ 1083.537625][ T9] usb 5-1: selecting invalid altsetting 1 [ 1083.673475][ T1100] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1083.967169][ T1100] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1084.164345][ T9] cdc_ncm 5-1:1.0: SET_CRC_MODE failed [ 1084.215761][ T9] usb 5-1: selecting invalid altsetting 1 [ 1084.221639][ T9] cdc_ncm 5-1:1.0: bind() failure [ 1084.284534][ T5142] usb 18-1: device descriptor read/8, error -110 [ 1084.308206][T14623] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1084.323262][T14623] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1084.331848][T14623] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1084.331892][ T9] usb 5-1: USB disconnect, device number 39 [ 1084.361569][T14623] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1084.471106][T14623] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1084.635149][T14623] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1084.946591][ T5142] usb usb18-port1: attempt power cycle [ 1084.973513][ T1100] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1085.054566][T17635] netlink: 'syz.1.4186': attribute type 21 has an invalid length. [ 1085.064773][T17635] netlink: 156 bytes leftover after parsing attributes in process `syz.1.4186'. [ 1085.310643][ T1100] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1085.716928][ T5142] usb usb18-port1: unable to enumerate USB device [ 1085.745664][ T1100] bridge_slave_1: left allmulticast mode [ 1085.752705][ T1100] bridge_slave_1: left promiscuous mode [ 1085.759161][ T1100] bridge0: port 2(bridge_slave_1) entered disabled state [ 1085.779750][T17651] vivid-002: disconnect [ 1085.787864][T17650] vivid-002: reconnect [ 1085.807866][ T1100] bridge_slave_0: left allmulticast mode [ 1085.824323][ T1100] bridge_slave_0: left promiscuous mode [ 1085.846645][ T1100] bridge0: port 1(bridge_slave_0) entered disabled state [ 1085.863083][T17653] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4194'. [ 1086.736188][ T5103] Bluetooth: hci1: command tx timeout [ 1087.683623][ T1100] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1087.730243][ T1100] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 1087.760913][ T1100] bond0 (unregistering): Released all slaves [ 1087.806898][ T1100] bond1 (unregistering): Released all slaves [ 1087.874468][ T1100] bond2 (unregistering): Released all slaves [ 1088.816136][ T5103] Bluetooth: hci1: command tx timeout [ 1089.454104][ T29] kauditd_printk_skb: 8 callbacks suppressed [ 1089.454125][ T29] audit: type=1326 audit(2000000877.689:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17721 comm="syz.2.4218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6bc975a99 code=0x7ffc0000 [ 1089.481852][ C0] vkms_vblank_simulate: vblank timer overrun [ 1089.538336][ T1100] hsr_slave_0: left promiscuous mode [ 1089.636470][ T1100] hsr_slave_1: left promiscuous mode [ 1089.680337][ T29] audit: type=1326 audit(2000000877.689:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17721 comm="syz.2.4218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6bc975a99 code=0x7ffc0000 [ 1089.717592][ T1100] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1089.725150][ T1100] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1089.822505][ T1100] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1089.881060][ T1100] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1089.881389][ T29] audit: type=1326 audit(2000000877.739:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17721 comm="syz.2.4218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb6bc975a99 code=0x7ffc0000 [ 1090.029924][ T29] audit: type=1326 audit(2000000877.739:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17721 comm="syz.2.4218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6bc975a99 code=0x7ffc0000 [ 1090.126572][ T1100] veth0_macvtap: left promiscuous mode [ 1090.147301][ T29] audit: type=1326 audit(2000000877.739:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17721 comm="syz.2.4218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6bc975a99 code=0x7ffc0000 [ 1090.170892][ T1100] veth1_vlan: left promiscuous mode [ 1090.200231][ T1100] veth0_vlan: left promiscuous mode [ 1090.212717][ T29] audit: type=1326 audit(2000000877.759:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17721 comm="syz.2.4218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=277 compat=0 ip=0x7fb6bc975a99 code=0x7ffc0000 [ 1090.250160][ T29] audit: type=1326 audit(2000000877.759:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17721 comm="syz.2.4218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6bc975a99 code=0x7ffc0000 [ 1090.293943][ T29] audit: type=1326 audit(2000000877.759:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17721 comm="syz.2.4218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6bc975a99 code=0x7ffc0000 [ 1090.885671][ T5103] Bluetooth: hci1: command tx timeout [ 1091.792139][ T1100] team0 (unregistering): Port device virt_wifi0 removed [ 1092.996148][ T5103] Bluetooth: hci1: command tx timeout [ 1093.633648][T17766] netlink: 'syz.3.4235': attribute type 1 has an invalid length. [ 1093.651587][T17766] netlink: 9348 bytes leftover after parsing attributes in process `syz.3.4235'. [ 1093.663583][ T1100] team0 (unregistering): Port device team_slave_1 removed [ 1093.670980][T17766] netlink: 44 bytes leftover after parsing attributes in process `syz.3.4235'. [ 1093.876697][ T1100] team0 (unregistering): Port device team_slave_0 removed [ 1095.788143][T17629] chnl_net:caif_netlink_parms(): no params data found [ 1096.336975][ T9] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 1096.450262][T17629] bridge0: port 1(bridge_slave_0) entered blocking state [ 1096.494072][T17629] bridge0: port 1(bridge_slave_0) entered disabled state [ 1096.535216][T17629] bridge_slave_0: entered allmulticast mode [ 1096.545633][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 1096.559059][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 1096.579135][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1096.587877][T17629] bridge_slave_0: entered promiscuous mode [ 1096.630290][ T9] usb 2-1: New USB device found, idVendor=2040, idProduct=6517, bcdDevice=11.cd [ 1096.641778][T17629] bridge0: port 2(bridge_slave_1) entered blocking state [ 1096.675602][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1096.689643][T17629] bridge0: port 2(bridge_slave_1) entered disabled state [ 1096.717047][T17629] bridge_slave_1: entered allmulticast mode [ 1096.735922][ T9] usb 2-1: config 0 descriptor?? [ 1096.742680][T17629] bridge_slave_1: entered promiscuous mode [ 1096.933604][T17629] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1096.974655][T17629] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1097.022620][ T9479] usb 2-1: USB disconnect, device number 29 [ 1097.151130][T17629] team0: Port device team_slave_0 added [ 1097.201542][T17629] team0: Port device team_slave_1 added [ 1097.610652][T17629] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1097.675453][T17629] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1097.785625][T17629] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1097.829242][T17629] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1097.855727][T17629] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1097.975606][T17629] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1098.882195][T17629] hsr_slave_0: entered promiscuous mode [ 1098.964072][T17629] hsr_slave_1: entered promiscuous mode [ 1099.002274][T17811] 9pnet_virtio: no channels available for device syz [ 1101.035627][T17828] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4255'. [ 1103.135655][ T29] audit: type=1326 audit(2000000891.309:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17851 comm="syz.3.4264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4560975a99 code=0x7ffc0000 [ 1103.208768][ T29] audit: type=1326 audit(2000000891.309:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17851 comm="syz.3.4264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4560975a99 code=0x7ffc0000 [ 1103.245808][T15739] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 1103.327212][T17629] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1103.337954][ T29] audit: type=1326 audit(2000000891.309:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17851 comm="syz.3.4264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4560975a99 code=0x7ffc0000 [ 1103.389224][T17629] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1103.432445][ T29] audit: type=1326 audit(2000000891.309:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17851 comm="syz.3.4264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4560975a99 code=0x7ffc0000 [ 1103.754858][T17629] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1104.158364][T17629] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1104.172624][ T29] audit: type=1326 audit(2000000891.309:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17851 comm="syz.3.4264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f4560975a99 code=0x7ffc0000 [ 1104.245860][ T29] audit: type=1326 audit(2000000891.309:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17851 comm="syz.3.4264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4560975a99 code=0x7ffc0000 [ 1104.345586][T15739] usb 2-1: Using ep0 maxpacket: 32 [ 1104.353549][T15739] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 27, changing to 8 [ 1104.359291][ T29] audit: type=1326 audit(2000000891.309:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17851 comm="syz.3.4264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4560975a99 code=0x7ffc0000 [ 1104.375363][T15739] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 16698, setting to 1024 [ 1104.463532][T15739] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1104.495534][T15739] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1104.499931][ T29] audit: type=1326 audit(2000000891.319:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17851 comm="syz.3.4264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4560975a99 code=0x7ffc0000 [ 1104.542485][T15739] hub 2-1:4.0: USB hub found [ 1104.617119][ T29] audit: type=1326 audit(2000000891.339:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17851 comm="syz.3.4264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4560975a99 code=0x7ffc0000 [ 1104.690199][ T29] audit: type=1326 audit(2000000891.339:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17851 comm="syz.3.4264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4560975a99 code=0x7ffc0000 [ 1104.713949][T17629] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1104.787159][T15739] hub 2-1:4.0: 2 ports detected [ 1104.792163][T15739] usb 2-1: selecting invalid altsetting 1 [ 1104.807209][T17629] 8021q: adding VLAN 0 to HW filter on device team0 [ 1104.825694][T15739] hub 2-1:4.0: Using single TT (err -22) [ 1104.853508][ T5140] bridge0: port 1(bridge_slave_0) entered blocking state [ 1104.860904][ T5140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1104.947112][ T9479] bridge0: port 2(bridge_slave_1) entered blocking state [ 1104.954339][ T9479] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1104.978206][T15739] hub 2-1:4.0: hub_hub_status failed (err = -71) [ 1105.015812][T15739] hub 2-1:4.0: config failed, can't get hub status (err -71) [ 1105.106959][T15739] usb 2-1: USB disconnect, device number 30 [ 1105.138603][T17629] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1105.933696][T17629] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1106.201451][T17629] veth0_vlan: entered promiscuous mode [ 1106.269863][T17629] veth1_vlan: entered promiscuous mode [ 1106.411064][T17629] veth0_macvtap: entered promiscuous mode [ 1106.479313][T17629] veth1_macvtap: entered promiscuous mode [ 1106.607746][T17629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1106.663311][T17629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1106.712021][T17629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1106.752070][T17629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1106.784433][T17629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1106.835457][T17629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1106.875393][T17629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1106.915712][T17629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1106.958643][T17629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1106.995753][T17629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1107.045530][T17629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1107.074669][T17629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1107.133143][T17629] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1107.333655][T17629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1107.407739][T17629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1107.424271][ C0] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI [ 1107.436896][ C0] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 1107.445340][ C0] CPU: 0 PID: 17938 Comm: syz.1.4297 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 1107.455193][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1107.465373][ C0] RIP: 0010:__dev_flush+0x5b/0x160 [ 1107.470527][ C0] Code: 48 89 ef e8 67 79 3a 00 48 8b 5d 00 48 39 eb 0f 84 ff 00 00 00 48 89 2c 24 49 89 dd 49 c1 ed 03 48 b8 00 00 00 00 00 fc ff df <41> 80 7c 05 00 00 74 08 48 89 df e8 35 79 3a 00 48 8b 03 48 89 44 [ 1107.490312][ C0] RSP: 0018:ffffc90000007af0 EFLAGS: 00010246 [ 1107.496392][ C0] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffff888027630000 [ 1107.504375][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: ffffc900099ef810 [ 1107.512359][ C0] RBP: ffffc900099ef810 R08: ffffffff895c373a R09: 1ffffffff1f5a16d [ 1107.520366][ C0] R10: dffffc0000000000 R11: fffffbfff1f5a16e R12: 0000000000000000 [ 1107.528340][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: ffffc900099ef810 [ 1107.536313][ C0] FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 1107.545277][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1107.551871][ C0] CR2: 000055556a5b85c8 CR3: 0000000022e44000 CR4: 00000000003526f0 [ 1107.559845][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1107.567812][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1107.575809][ C0] Call Trace: [ 1107.579108][ C0] [ 1107.581951][ C0] ? __die_body+0x88/0xe0 [ 1107.586294][ C0] ? die_addr+0x108/0x140 [ 1107.590628][ C0] ? exc_general_protection+0x3dd/0x5d0 [ 1107.596280][ C0] ? asm_exc_general_protection+0x26/0x30 [ 1107.602094][ C0] ? xdp_do_check_flushed+0x10a/0x240 [ 1107.607642][ C0] ? __dev_flush+0x5b/0x160 [ 1107.612150][ C0] xdp_do_check_flushed+0x129/0x240 [ 1107.617349][ C0] __napi_poll+0xe4/0x490 [ 1107.621682][ C0] net_rx_action+0x89b/0x1240 [ 1107.626540][ C0] ? rcu_is_watching+0x15/0xb0 [ 1107.631317][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 1107.636428][ C0] ? sched_clock+0x4a/0x70 [ 1107.640953][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1107.647287][ C0] handle_softirqs+0x2c4/0x970 [ 1107.652054][ C0] ? __irq_exit_rcu+0xf4/0x1c0 [ 1107.657114][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 1107.662425][ C0] ? irqtime_account_irq+0xd4/0x1e0 [ 1107.667628][ C0] __irq_exit_rcu+0xf4/0x1c0 [ 1107.672240][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 1107.677546][ C0] irq_exit_rcu+0x9/0x30 [ 1107.681794][ C0] common_interrupt+0xaa/0xd0 [ 1107.686479][ C0] [ 1107.689406][ C0] [ 1107.692335][ C0] asm_common_interrupt+0x26/0x40 [ 1107.697371][ C0] RIP: 0010:do_exit+0x1d30/0x27f0 [ 1107.702399][ C0] Code: 48 89 d8 48 c1 e8 03 42 80 3c 38 00 74 08 48 89 df e8 44 cc 9f 00 48 8b 1b 41 bc 08 00 00 00 4a 8d 3c 23 48 89 f8 48 c1 e8 03 <42> 80 3c 38 00 74 05 e8 24 cc 9f 00 4a 83 3c 23 00 75 0b e8 58 de [ 1107.722020][ C0] RSP: 0018:ffffc900099efac0 EFLAGS: 00000a02 [ 1107.728109][ C0] RAX: 1ffff9200133dc13 RBX: ffffc900099e8000 RCX: ffff888027630000 [ 1107.736102][ C0] RDX: 0000000000000000 RSI: ffffffff8bcadaa0 RDI: ffffc900099ee098 [ 1107.744069][ C0] RBP: ffffc900099efc20 R08: ffffffff8fad0b6f R09: 1ffffffff1f5a16d [ 1107.752037][ C0] R10: dffffc0000000000 R11: fffffbfff1f5a16e R12: 0000000000006098 [ 1107.760014][ C0] R13: 1ffff11004ec60c4 R14: 0000000000000000 R15: dffffc0000000000 [ 1107.768006][ C0] ? __pfx_do_exit+0x10/0x10 [ 1107.772617][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1107.777990][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1107.784061][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1107.790390][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 1107.795507][ C0] do_group_exit+0x207/0x2c0 [ 1107.800102][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 1107.805309][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 1107.810538][ C0] get_signal+0x16a1/0x1740 [ 1107.815046][ C0] ? __pfx_get_signal+0x10/0x10 [ 1107.819921][ C0] arch_do_signal_or_restart+0x96/0x860 [ 1107.825494][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1107.831650][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1107.837754][ C0] ? syscall_exit_to_user_mode+0xa3/0x370 [ 1107.843474][ C0] syscall_exit_to_user_mode+0xc9/0x370 [ 1107.849050][ C0] do_syscall_64+0x100/0x230 [ 1107.853661][ C0] ? clear_bhb_loop+0x35/0x90 [ 1107.858344][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1107.864246][ C0] RIP: 0033:0x7f552a975a99 [ 1107.868690][ C0] Code: Unable to access opcode bytes at 0x7f552a975a6f. [ 1107.875700][ C0] RSP: 002b:00007f552b7ef0f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1107.884112][ C0] RAX: fffffffffffffe00 RBX: 00007f552ab04118 RCX: 00007f552a975a99 [ 1107.892167][ C0] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f552ab04118 [ 1107.900155][ C0] RBP: 00007f552ab04110 R08: 00007f552b7ef6c0 R09: 00007f552b7ef6c0 [ 1107.908150][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f552ab0411c [ 1107.916138][ C0] R13: 000000000000006e R14: 00007ffc8efcddd0 R15: 00007ffc8efcdeb8 [ 1107.924129][ C0] [ 1107.927146][ C0] Modules linked in: [ 1107.931104][ C0] ---[ end trace 0000000000000000 ]--- [ 1107.936573][ C0] RIP: 0010:__dev_flush+0x5b/0x160 [ 1107.941714][ C0] Code: 48 89 ef e8 67 79 3a 00 48 8b 5d 00 48 39 eb 0f 84 ff 00 00 00 48 89 2c 24 49 89 dd 49 c1 ed 03 48 b8 00 00 00 00 00 fc ff df <41> 80 7c 05 00 00 74 08 48 89 df e8 35 79 3a 00 48 8b 03 48 89 44 [ 1107.961340][ C0] RSP: 0018:ffffc90000007af0 EFLAGS: 00010246 [ 1107.967426][ C0] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffff888027630000 [ 1107.975419][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: ffffc900099ef810 [ 1107.983390][ C0] RBP: ffffc900099ef810 R08: ffffffff895c373a R09: 1ffffffff1f5a16d [ 1107.991380][ C0] R10: dffffc0000000000 R11: fffffbfff1f5a16e R12: 0000000000000000 [ 1107.999374][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: ffffc900099ef810 [ 1108.007380][ C0] FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 1108.016322][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1108.022907][ C0] CR2: 000055556a5b85c8 CR3: 0000000022e44000 CR4: 00000000003526f0 [ 1108.030902][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1108.038890][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1108.046889][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 1108.054414][ C0] Kernel Offset: disabled [ 1108.058738][ C0] Rebooting in 86400 seconds..