last executing test programs: 14.657104752s ago: executing program 0 (id=2502): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000040)={{0x0, 0x3}}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0x3}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mount(0x0, 0x0, &(0x7f0000000040)='autofs\x00', 0x0, 0x0) r4 = socket(0x10, 0x3, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001340)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c0000001800010d00000000000000850a000000000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES32=r4, @ANYRES16=r5], 0x4c}}, 0x40000) sendmmsg(r4, &(0x7f0000000000), 0x4000000000001f2, 0xfc) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1f, 0xf, &(0x7f0000000500)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x6}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000000c0)='GPL\x00', 0x3, 0x0, 0x0, 0x41100, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xebfb}, 0x94) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) r6 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r6, 0xc01064bd, &(0x7f0000000280)={&(0x7f00000008c0), 0xffa4}) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmmsg(r7, &(0x7f00000002c0), 0x40000000000009f, 0x0) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x200}}, &(0x7f0000000100)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r8}, 0x18) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="280500003d0007010000000000000000027c"], 0x528}, 0x1, 0x0, 0x0, 0x4000}, 0xc000) 13.590133648s ago: executing program 0 (id=2504): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8000) shmdt(0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) epoll_create1(0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e25, 0x0, @loopback, 0x18}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000180), 0x4) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r1, 0x4020565a, &(0x7f0000000080)={0x5, 0x0, 0x1}) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) unshare(0x6020480) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b70200"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x3f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000200)={0x2, 0x4, 0x8, 0x1, 0x80, r2, 0x6, '\x00', 0x0, r4, 0x3, 0x4}, 0x50) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "2000a200009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd, 0x400000, 0x0, 0xffffffffffffff1b, 0x7a}, 0x0, &(0x7f0000000280)={0x3fc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 12.109979774s ago: executing program 0 (id=2510): bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0700000004000000000100000300000020000000", @ANYRES32, @ANYBLOB="0000000000000000000000000000001f00000000c63e8a7ce656f2c536062a71a3236fc8d27675fd53"], 0x2e) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000500)={0x2, 0x0, @ioapic={0x10000, 0x7ff, 0x401, 0x80, 0x0, [{0x6, 0x10, 0xff, '\x00', 0x38}, {0x4, 0x9, 0x7c, '\x00', 0x31}, {0x5, 0xb3, 0x1, '\x00', 0xd}, {0x5, 0x9, 0x3, '\x00', 0x6}, {0x9, 0x7f, 0x4, '\x00', 0x79}, {0x7, 0x80, 0x0, '\x00', 0x9}, {0x3, 0x8, 0x1, '\x00', 0x5}, {0x52, 0x3, 0x3, '\x00', 0x9}, {0x0, 0x2, 0x73, '\x00', 0xff}, {0x1, 0x6, 0x9, '\x00', 0x80}, {0x6, 0x8, 0x6, '\x00', 0x1}, {0x1, 0x1, 0xd, '\x00', 0x4}, {0x8, 0xc, 0x5, '\x00', 0x6}, {0xf, 0x10, 0x8e, '\x00', 0x4}, {0x5, 0xc0, 0x7, '\x00', 0x1}, {0x8, 0x2, 0x1, '\x00', 0x2}, {0x7, 0x6, 0x8, '\x00', 0x5}, {0x9, 0x0, 0xfa, '\x00', 0x5}, {0x9, 0x3, 0x6, '\x00', 0x6}, {0xf8, 0x4, 0xa, '\x00', 0xf8}, {0x8, 0x2, 0x1, '\x00', 0xf7}, {0x6, 0x6, 0x1, '\x00', 0xa}, {0x1, 0x0, 0x1, '\x00', 0x8}, {0x12, 0xe, 0x4, '\x00', 0x1}]}}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x10, 0x2, 0xb6, '\x00', 0x2}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000004c0)=ANY=[@ANYBLOB="010000000000000070000040"]) 11.159337058s ago: executing program 0 (id=2513): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x3, &(0x7f0000002480)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000082c0), 0x200, 0x0) syz_usb_connect$uac1(0x2, 0xa5, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902930003010000000904000000010100000a240100000002"], 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) ioctl$mixer_OSS_ALSAEMULVER(r0, 0x80044df9, &(0x7f0000008300)) r2 = syz_open_dev$vim2m(&(0x7f0000002c80), 0x100000001, 0x2) clock_gettime(0x0, &(0x7f0000010000)={0x0, 0x0}) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f00000100c0)=0xffffffffffffffff) ioctl$vim2m_VIDIOC_PREPARE_BUF(r2, 0xc058565d, &(0x7f0000002dc0)=@multiplanar_overlay={0x4, 0x1, 0x4, 0x10000, 0x8, {r3, r4/1000+60000}, {0x0, 0x1, 0xd2, 0x4, 0x0, 0xf, "f9371030"}, 0xa, 0x3, {&(0x7f0000010040)=[{0x10, 0x7, {0x7}, 0x2}, {0x5, 0x4, {0x7}, 0x1}]}, 0x35e, 0x0, r5}) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0}) r7 = syz_init_net_socket$x25(0x9, 0x5, 0x0) recvfrom(r7, 0x0, 0x0, 0x1, 0x0, 0x0) syz_usb_control_io$rtl8150(0xffffffffffffffff, &(0x7f0000010740)={0x14, &(0x7f0000010580)={0x20, 0x4, 0xb7, {0xb7, 0xf, "4dee4b35296ada0e37e66dee32f06c01e31f98ea632142920e0d7617683ca50693cc52e5f0c1b11b736aec16a3b3adfc5320ca238bd1b938a6066e10ffe4dd38106283e52e60f0074dc06b4cd59b792fdaa60fc1cb104aa7ea0348077a35a276ec8037b37ccd21d1f5200192f3b790fafa4257a60a826c81076c41fde818d2f785b0c58c670c38e189a8ae9d00262b77d66b0be684a9b15b960334750cbf6d9b0c54de31dad066a98f9b4e59bc63ec5b4a4ac57c96"}}, &(0x7f0000010640)={0x0, 0x3, 0xd4, @string={0xd4, 0x3, "886269827ce9051d975741f959ecd353c58a372ac0ac8b44366a66e50df0d8a55133174cdce69228327b858a106eb4f31857c4adb0750e22e8fc3a90056e4edf6ed71a6434f803e5fa664ba22e0e669863227a946dc59a86262a5773e45663fe0592790d34f2c51d14d3965ffdb713867a48b809b799f5e54e7cd54a231672b813a18141841f9b44d38dd406fc7e975efc81db7f2f65db419330e2970313bfe140b2933722590a164a8794d8beaff83ec00f46828ff91ec0ae559aeffec6d0cbaa51dec796f40bd6ad302798445ef2a6cb11"}}}, 0x0) r8 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x200002, 0x0) ioctl$SNDCTL_DSP_SUBDIVIDE(r8, 0xc0045009, &(0x7f0000000040)=0x2) ioctl$SNDCTL_DSP_SUBDIVIDE(r8, 0xc0045009, &(0x7f0000000000)=0x8) r9 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r9, &(0x7f0000000040)={0xa, 0x0, 0xfffffffe, @empty}, 0x20) recvfrom$l2tp6(r9, &(0x7f00000002c0)=""/42, 0x2a, 0x10040, 0x0, 0x0) close_range(r6, 0xffffffffffffffff, 0x0) shmdt(0x0) 8.761809615s ago: executing program 3 (id=2516): open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket(0x1, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f00000004000033666a"], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000180), 0x0}, 0x20) sendmmsg$unix(r2, &(0x7f0000001680), 0x0, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r4 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') close(0xffffffffffffffff) execveat$binfmt(0xffffffffffffff9c, r4, 0x0, 0x0, 0x0) openat$binfmt(0xffffffffffffff9c, r4, 0x2, 0x0) execveat$binfmt(0xffffffffffffff9c, r4, &(0x7f00000004c0)={[&(0x7f0000000000)='\x00', &(0x7f00000003c0)=')!}\x00']}, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r7 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0xffa1, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r6, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0) 7.009662137s ago: executing program 0 (id=2520): pipe2$9p(&(0x7f00000001c0), 0x0) io_setup(0x8, &(0x7f0000004200)=0x0) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)}, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) getsockopt$EBT_SO_GET_ENTRIES(0xffffffffffffffff, 0x84, 0x81, 0x0, &(0x7f0000000080)) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x10) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, 0x0}) close_range(r3, r3, 0x0) r4 = fanotify_init(0x200, 0x0) fanotify_mark(r4, 0x1, 0x4800003e, 0xffffffffffffffff, 0x0) r5 = syz_io_uring_setup(0x110, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000340)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x80}) io_uring_enter(r5, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf) io_submit(r0, 0x20000000000000f7, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0}]) socketpair$unix(0x1, 0x2, 0x0, 0x0) setresgid(0xee00, 0xee01, 0x0) setgroups(0x0, 0x0) setuid(0xee00) shmget$private(0x0, 0x4000, 0x800, &(0x7f0000007000/0x4000)=nil) 6.820822066s ago: executing program 2 (id=2522): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r0}, 0x18) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="60000000020601046c0001000000000000000000050005000a000000050001000600000005000400000000000900020073797a3000000000140003"], 0x60}}, 0x0) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) 5.824333014s ago: executing program 1 (id=2523): ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0xe) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0x40047438, &(0x7f0000000180)=""/246) ioctl$PPPIOCNEWUNIT(r0, 0x80047455, 0x0) 5.536154773s ago: executing program 1 (id=2524): r0 = socket(0xa, 0x3, 0x3a) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, 0x0) socket$inet6(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r4 = syz_open_dev$sndctrl(&(0x7f0000000600), 0x0, 0x8801) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f0000001340)={{0x0, 0x0, 0x0, 0x8, 'syz0\x00'}, 0x3, 0x0, 0x8, 0x0, 0x3, 0x0, 'syz1\x00', &(0x7f0000000180)=['\x00', '-[\'\x00', 'r\x0e\x81|\x0f\xa3\x8a\xb9\x8c\x94\x04\x17\v\rh\x10'], 0xc15c}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x81) setsockopt$MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd3, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @local}, {0xa, 0x0, 0x0, @empty}, 0x1, {[0x0, 0x0, 0x0, 0x0, 0x0, 0xe3]}}, 0x5c) 5.479739169s ago: executing program 2 (id=2525): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$inet_sctp(0x2, 0x5, 0x84) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r5, {0x0, 0x2}, {}, {0x3a2457a517263b31}}, [@filter_kind_options=@f_flower={{0xb}, {0x1c, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x18, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x14, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x2}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR={0x5}]}]}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x22044028}, 0x8000840) 5.449001551s ago: executing program 0 (id=2526): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) mq_timedreceive(r1, 0x0, 0x0, 0x1, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x90000) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6(0xa, 0x3, 0x4) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0xfffc, @broadcast}, 0x2}}, 0x2e) prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) r2 = syz_usb_connect(0x5, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r3, &(0x7f0000000300)={{0x6, @bcast, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @null, @default]}, 0x48) close(r3) writev(0xffffffffffffffff, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0xcc, 0x30, 0xffff, 0x70bd27, 0x0, {}, [{0xb8, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x10000, 0x0, 0x0, 0x0, 0x0, {0x0, 0x2, 0x0, 0x0, 0xfffe}, {0x0, 0x0, 0x0, 0x6, 0xfffd}}}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_gact={0x48, 0x2, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x0, 0x1}}]}, {0x4}, {0xc, 0x3}, {0xc}}}]}]}, 0xcc}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = getpid() syz_open_procfs(r6, &(0x7f0000000000)='smaps_rollup\x00') sendmsg$nl_route_sched(r5, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000440)=@deltaction={0x28, 0x32, 0x101, 0x0, 0x0, {}, [@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4001}, 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r2, &(0x7f00000002c0)={0x14, &(0x7f0000000040)=ANY=[], 0x0}, 0x0) r7 = syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r7, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) 4.336479531s ago: executing program 1 (id=2527): r0 = socket$netlink(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket(0x1f, 0x80002, 0x1) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910710007e570966f4366ec9d47c"], 0x1c}, 0x1, 0x0, 0x0, 0x44040}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000100)) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) dup3(r5, r4, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000200)={0x10, 0x0, &(0x7f0000000000)=[@request_death], 0x0, 0x1000000, 0x0}) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) read$FUSE(r2, &(0x7f0000000480)={0x2020}, 0x2020) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) r6 = syz_io_uring_setup(0x266a, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x80, 0x1d4, 0x0, r2}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r6, 0x2ded, 0xef92, 0x0, 0x0, 0x0) r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) recvmsg(r9, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x54}, 0x122) r10 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r10, 0x0, 0x0) getsockname$packet(r10, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x7) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {0x0, 0x8}, {0xfff1, 0xffff}, {0x6}}}, 0x24}}, 0x4000800) sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000200)=@gettclass={0x24, 0x2a, 0x1, 0x70bd28, 0x25dfdbff, {0x0, 0x0, 0x0, r11, {0xfff2, 0xffff}, {0x7}, {0xfff2}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x0) 4.086176646s ago: executing program 2 (id=2528): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(aes)\x00'}, 0x58) landlock_create_ruleset(&(0x7f0000000000)={0x34b9, 0x2, 0x2}, 0x38, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00'}) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) setfsuid(0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x80040000}, 0x1c) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000003100)=[{{&(0x7f0000000000), 0x6e, &(0x7f0000000080)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}}], 0x1, 0x100, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f00000030c0)=[{{0x0, 0x0, &(0x7f0000000400)}}], 0x1, 0x9200000000000000) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000003c0)=""/244, &(0x7f0000000040)=0xf4) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_open_dev$tty1(0xc, 0x4, 0x1) syz_usbip_server_init(0x1) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001040)={0xc, {"a2e3ad21ed0d52f91b23090987f70e06d038e7ff7fc6e5539b3264078b089b0c08384d090890e0878f0e1ac6e7049b334a959b4b9a240a5b67f3988f7ef319520100ffe8d178708c523c921b1b6d31310d075d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa17d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe2c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a605608057228652a449df466c63d36770243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1008892fd6b21ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928900d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b03000000cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f632a70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171608bdc00fbbd0385075465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c113d12a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571ebff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4804afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa34046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b08005f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d789364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c220300000007b3d5bd3b01faffd0a5dbed2881a970fbf561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000900000000000000000000000000000000000000000000000000000000000000000000ebffffffffffffff00", 0x1000}}, 0xffffffffffffff90) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0x0, 0x9, 0x0, 0xf, 0x80000002}, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) 4.04394805s ago: executing program 3 (id=2529): openat$tun(0xffffffffffffff9c, 0x0, 0x100, 0x0) r0 = socket(0x1000000000000010, 0x80802, 0x0) bind$netlink(r0, &(0x7f0000000440)={0x10, 0x0, 0x0, 0x10004400}, 0xc) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000240)=0x3) ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000080)=0x8) ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f00000000c0)) syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff) mkdirat(0xffffffffffffffff, &(0x7f0000000100)='./file1\x00', 0x1c1) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}]}) read$FUSE(0xffffffffffffffff, &(0x7f0000002d40)={0x2020}, 0x2020) read$dsp(r2, &(0x7f00000001c0)=""/95, 0x5f) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, 0x0, 0x0) 1.957354017s ago: executing program 2 (id=2530): read$FUSE(0xffffffffffffffff, &(0x7f0000006300)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0) sched_setattr(r0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) io_uring_setup(0x115c, &(0x7f0000000440)={0x0, 0x8270, 0x40, 0x3, 0x117}) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, 0x0, 0x400c0c0) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="030000000400000004000000b5"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x4, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="18000000000000000000000000000000180200", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000180)="c1dfb080cd21d308098ee68886dd", 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003) 1.532679668s ago: executing program 3 (id=2531): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000740)={@remote}, 0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0xfd}}, 0x14) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000200)={@dev}, 0x14) syz_emit_ethernet(0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd60e0ffac00142c00fe8000000000000000000000000000bbfe8000000000000000000000000000bb"], 0x0) 1.461947845s ago: executing program 2 (id=2532): sendmmsg$unix(0xffffffffffffffff, &(0x7f00000021c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}}], 0x1, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) unshare(0x8000000) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x1, 0xb0, &(0x7f0000000140)=""/176, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) syz_io_uring_setup(0x3380, &(0x7f0000000180)={0x0, 0x7752, 0x10100, 0xdffffffc, 0x1000002}, &(0x7f0000000100)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r0, r1, &(0x7f0000000000)=@IORING_OP_LINKAT={0x27, 0x15, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x1400, 0x1}) 1.276177474s ago: executing program 1 (id=2533): ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0xe) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0x40047438, &(0x7f0000000180)=""/246) ioctl$PPPIOCNEWUNIT(r0, 0x80047455, 0x0) 1.257341536s ago: executing program 3 (id=2534): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, 0x0, 0x0) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) 1.122975429s ago: executing program 3 (id=2535): r0 = socket(0xa, 0x3, 0x3a) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, 0x0) socket$inet6(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r4 = syz_open_dev$sndctrl(&(0x7f0000000600), 0x0, 0x8801) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f0000001340)={{0x0, 0x0, 0x0, 0x8, 'syz0\x00'}, 0x3, 0x0, 0x8, 0x0, 0x3, 0x0, 'syz1\x00', &(0x7f0000000180)=['\x00', '-[\'\x00', 'r\x0e\x81|\x0f\xa3\x8a\xb9\x8c\x94\x04\x17\v\rh\x10'], 0xc15c}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x81) setsockopt$MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd3, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @local}, {0xa, 0x0, 0x0, @empty}, 0x1, {[0x0, 0x0, 0x0, 0x0, 0x0, 0xe3]}}, 0x5c) 1.122513849s ago: executing program 1 (id=2536): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202) write$sndseq(r0, 0x0, 0x0) r1 = syz_io_uring_setup(0x1e1e, &(0x7f0000000140)={0x0, 0x86f7, 0x10100}, &(0x7f0000002000)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22}) io_uring_enter(r1, 0x48e9, 0x300, 0x2, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f00000000c0)={0x80, 0x5, 0x7fff, 0x9, 0xbffff4f1, 0x2}) 1.028031378s ago: executing program 2 (id=2537): open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket(0x1, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f00000004000033666a"], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000180), 0x0}, 0x20) sendmmsg$unix(r2, &(0x7f0000001680), 0x0, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r4 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') close(0xffffffffffffffff) execveat$binfmt(0xffffffffffffff9c, r4, 0x0, 0x0, 0x0) openat$binfmt(0xffffffffffffff9c, r4, 0x2, 0x0) execveat$binfmt(0xffffffffffffff9c, r4, &(0x7f00000004c0)={[&(0x7f0000000000)='\x00', &(0x7f00000003c0)=')!}\x00']}, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r7 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0xffa1, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r6, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0) 973.374984ms ago: executing program 1 (id=2538): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, 0x0, 0x4040004) sendto$inet6(r1, &(0x7f00000001c0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r3, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) shutdown(r3, 0x1) recvfrom(r3, &(0x7f0000000480)=""/110, 0x168f6f3d, 0x734, 0x0, 0xfffffffffffffecb) ioctl$sock_inet_tcp_SIOCINQ(r3, 0x541b, &(0x7f0000000000)) setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x0, 0xfe, 0x2, 0x0, 0x8, 0x5, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3}, 0xe) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r4 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r4, &(0x7f00000000c0)={0x1d, 0x0, 0x0, {0x0, 0x1, 0x3}}, 0x18) shutdown(r1, 0x1) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x25, &(0x7f0000000280)={0x0, @in={{0x2, 0x4e21, @empty}}, 0x0, 0x1, 0x0, 0x8}, 0x9c) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000100)=0x6, 0x4) recvmmsg(r1, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0) 0s ago: executing program 3 (id=2539): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000040)={0x1, 0x7ff}, 0x8) close(r0) kernel console output (not intermixed with test programs): ses=4294967295 subj=unconfined pid=8977 comm="syz.0.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182bb8eec9 code=0x7ffc0000 [ 471.032872][ T28] audit: type=1326 audit(1760485871.547:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8977 comm="syz.0.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182bb8eec9 code=0x7ffc0000 [ 471.059516][ T28] audit: type=1326 audit(1760485871.547:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8977 comm="syz.0.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=315 compat=0 ip=0x7f182bb8eec9 code=0x7ffc0000 [ 471.527160][ T8988] netlink: 16 bytes leftover after parsing attributes in process `syz.1.845'. [ 471.527223][ T28] audit: type=1326 audit(1760485871.547:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8977 comm="syz.0.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182bb8eec9 code=0x7ffc0000 [ 471.584265][ T8992] netlink: 4 bytes leftover after parsing attributes in process `syz.3.847'. [ 471.635251][ T28] audit: type=1326 audit(1760485871.547:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8977 comm="syz.0.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182bb8eec9 code=0x7ffc0000 [ 471.675198][ T28] audit: type=1326 audit(1760485871.557:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8977 comm="syz.0.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f182bb8eec9 code=0x7ffc0000 [ 471.891757][ T28] audit: type=1326 audit(1760485871.557:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8977 comm="syz.0.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182bb8eec9 code=0x7ffc0000 [ 473.013747][ T9013] netlink: 4 bytes leftover after parsing attributes in process `syz.2.853'. [ 473.064184][ T9017] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 474.282502][ T9030] cgroup: Bad value for 'name' [ 474.407493][ T9031] netlink: 16 bytes leftover after parsing attributes in process `syz.1.858'. [ 475.254584][ T9038] netlink: 4 bytes leftover after parsing attributes in process `syz.3.859'. [ 475.271969][ T9042] netlink: 1296 bytes leftover after parsing attributes in process `syz.2.861'. [ 480.123571][ T9066] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 480.186487][ T9072] tipc: Enabling of bearer rejected, failed to enable media [ 480.240209][ T23] IPVS: starting estimator thread 0... [ 480.363422][ T9075] IPVS: using max 26 ests per chain, 62400 per kthread [ 481.823606][ T9090] netlink: 16 bytes leftover after parsing attributes in process `syz.3.869'. [ 481.934426][ T28] kauditd_printk_skb: 52 callbacks suppressed [ 481.934442][ T28] audit: type=1326 audit(1760485883.037:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9078 comm="syz.3.869" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc37558eec9 code=0x7ffc0000 [ 482.164856][ T9085] workqueue: Failed to create a rescuer kthread for wq "xfs-reclaim/nullb0": -EINTR [ 482.323682][ T9084] netlink: 4 bytes leftover after parsing attributes in process `syz.0.871'. [ 482.410135][ T28] audit: type=1326 audit(1760485883.037:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9078 comm="syz.3.869" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc37558eec9 code=0x7ffc0000 [ 482.456221][ T28] audit: type=1326 audit(1760485883.037:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9078 comm="syz.3.869" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fc37558eec9 code=0x7ffc0000 [ 484.744481][ T9115] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 485.868480][ T9130] netlink: 4 bytes leftover after parsing attributes in process `syz.2.883'. [ 489.223449][ T9151] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 489.754489][ T9164] fuse: Bad value for 'fd' [ 490.481257][ T9172] hub 2-0:1.0: USB hub found [ 490.488740][ T9172] hub 2-0:1.0: 1 port detected [ 493.003879][ T9196] 9pnet_fd: Insufficient options for proto=fd [ 493.011665][ T9198] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 494.674107][ T9215] netlink: 1296 bytes leftover after parsing attributes in process `syz.2.905'. [ 495.542388][ T9212] netlink: 28 bytes leftover after parsing attributes in process `syz.1.903'. [ 496.503061][ T9239] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 496.973996][ T9247] netlink: 1296 bytes leftover after parsing attributes in process `syz.2.916'. [ 497.500062][ T9255] 9pnet_fd: Insufficient options for proto=fd [ 498.691393][ T9262] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 498.725816][ T9265] overlayfs: failed to clone upperpath [ 500.285784][ T9282] netlink: 1296 bytes leftover after parsing attributes in process `syz.3.930'. [ 500.434756][ T9284] netlink: 4 bytes leftover after parsing attributes in process `syz.1.929'. [ 501.175748][ T9296] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 501.921066][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.931578][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.646020][ T9318] netlink: 1296 bytes leftover after parsing attributes in process `syz.2.939'. [ 503.745917][ T9314] netlink: 28 bytes leftover after parsing attributes in process `syz.1.935'. [ 503.977818][ T9325] netlink: 1296 bytes leftover after parsing attributes in process `syz.2.940'. [ 504.232248][ T9329] netlink: 'syz.3.942': attribute type 10 has an invalid length. [ 504.251966][ T9329] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 504.488001][ T28] audit: type=1107 audit(1760485906.837:375): pid=9327 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 504.797087][ T9332] netlink: 4 bytes leftover after parsing attributes in process `syz.0.943'. [ 505.462173][ T9339] fuse: Bad value for 'fd' [ 505.838944][ T9343] bond1: entered allmulticast mode [ 505.857588][ T9343] 8021q: adding VLAN 0 to HW filter on device bond1 [ 506.166370][ T9350] netlink: 1296 bytes leftover after parsing attributes in process `syz.0.949'. [ 507.606188][ T9363] netlink: 120 bytes leftover after parsing attributes in process `syz.0.953'. [ 510.101495][ T9380] netlink: 4 bytes leftover after parsing attributes in process `syz.1.957'. [ 514.366366][ T9411] netlink: 4 bytes leftover after parsing attributes in process `syz.1.968'. [ 525.096945][ T9496] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 530.798284][ T9533] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1000'. [ 530.878711][ T9537] netlink: 2384 bytes leftover after parsing attributes in process `syz.2.1000'. [ 530.907450][ T9540] netlink: 28 bytes leftover after parsing attributes in process `syz.1.997'. [ 531.173686][ T967] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 531.353442][ T967] usb 4-1: Using ep0 maxpacket: 8 [ 531.364661][ T967] usb 4-1: unable to get BOS descriptor or descriptor too short [ 531.381090][ T967] usb 4-1: config 0 has an invalid interface number: 88 but max is 0 [ 531.391251][ T967] usb 4-1: config 0 has no interface number 0 [ 531.402260][ T967] usb 4-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 531.420292][ T967] usb 4-1: config 0 interface 88 altsetting 8 endpoint 0x86 has invalid wMaxPacketSize 0 [ 531.463043][ T967] usb 4-1: config 0 interface 88 has no altsetting 0 [ 531.537011][ T967] usb 4-1: string descriptor 0 read error: -22 [ 531.679812][ T967] usb 4-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31 [ 531.712973][ T967] usb 4-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3 [ 531.759093][ T967] usb 4-1: config 0 descriptor?? [ 531.836877][ T967] input: USB Acecad Flair Tablet 0460:0004 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.88/input/input6 [ 531.995494][ T9543] udevd[9543]: Error opening device "/dev/input/event4": Input/output error [ 532.009006][ T9543] udevd[9543]: Unable to EVIOCGABS device "/dev/input/event4" [ 532.018988][ T9543] udevd[9543]: Unable to EVIOCGABS device "/dev/input/event4" [ 532.197261][ T5886] usb 4-1: USB disconnect, device number 12 [ 536.186617][ T9584] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 540.641332][ T9599] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1015'. [ 540.670379][ T9606] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1017'. [ 544.765221][ T9646] IPVS: Unknown mcast interface: vcan0 [ 547.423385][ T967] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 547.618733][ T967] usb 4-1: config 1 has an invalid interface number: 7 but max is 0 [ 547.643497][ T967] usb 4-1: config 1 has no interface number 0 [ 547.659928][ T967] usb 4-1: config 1 interface 7 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1024 [ 547.682670][ T967] usb 4-1: config 1 interface 7 altsetting 0 has a duplicate endpoint with address 0x6, skipping [ 547.714321][ T967] usb 4-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 547.733475][ T967] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 547.751752][ T967] usb 4-1: Product: syz [ 547.756164][ T967] usb 4-1: Manufacturer: syz [ 547.760803][ T967] usb 4-1: SerialNumber: syz [ 547.782592][ T9670] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 547.800341][ T9670] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 547.812021][ T967] usb 4-1: Expected 3 endpoints, found: 2 [ 547.966022][ T9681] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1036'. [ 548.083040][ T5862] usb 4-1: USB disconnect, device number 13 [ 549.942480][ T9699] capability: warning: `syz.0.1041' uses deprecated v2 capabilities in a way that may be insecure [ 553.876813][ T9723] trusted_key: syz.0.1050 sent an empty control message without MSG_MORE. [ 554.457820][ T28] audit: type=1326 audit(1760485956.807:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9734 comm="syz.0.1054" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f182bb8eec9 code=0x0 [ 563.048214][ T9820] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1077'. [ 563.798896][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.805613][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.941235][ T9825] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1079'. [ 565.348000][ T9843] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 568.151354][ T9866] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1089'. [ 569.803809][ T9884] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1095'. [ 570.360360][ T9894] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1097'. [ 570.942289][ T28] audit: type=1326 audit(1760485973.287:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9896 comm="syz.1.1099" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f91ea78eec9 code=0x0 [ 572.415238][ T9925] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1108'. [ 572.822746][ T9932] lo speed is unknown, defaulting to 1000 [ 573.746466][ T9937] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1110'. [ 574.161034][ T9947] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1114'. [ 574.588553][ T9956] kernel read not supported for file /!selinuxwk1m9ɞ*T#jYmVvm(p-QZ#{ (pid: 9956 comm: syz.3.1119) [ 575.609961][ T9965] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1120'. [ 577.246514][ T9988] netlink: 1296 bytes leftover after parsing attributes in process `syz.1.1122'. [ 578.083480][ T8] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 578.913458][ T8] usb 4-1: Using ep0 maxpacket: 8 [ 578.926907][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 578.967176][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 579.003321][ T8] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 579.036313][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 579.057542][ T8] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 579.088099][ T8] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 579.123437][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 579.173748][ T8] usb 4-1: config 0 descriptor?? [ 579.181416][T10001] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 579.671378][T10019] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1136'. [ 580.266822][T10024] IPVS: Unknown mcast interface: vcan0 [ 580.361700][ T5886] usb 4-1: USB disconnect, device number 14 [ 580.365323][ T5800] Bluetooth: hci4: Opcode 0x0c03 failed: -19 [ 581.206720][ T28] audit: type=1326 audit(1760485983.557:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10040 comm="syz.2.1146" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f966098eec9 code=0x0 [ 581.375515][T10051] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1148'. [ 586.076627][T10077] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1155'. [ 587.624922][T10092] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1160'. [ 591.264503][T10129] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1171'. [ 594.382666][T10158] netlink: 1296 bytes leftover after parsing attributes in process `syz.3.1178'. [ 595.440278][T10169] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1181'. [ 596.675386][T10175] netlink: 1296 bytes leftover after parsing attributes in process `syz.3.1182'. [ 599.031129][T10198] cgroup: Bad value for 'name' [ 599.062942][ T28] audit: type=1326 audit(1760486001.367:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10194 comm="syz.2.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 599.087099][ T28] audit: type=1326 audit(1760486001.367:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10194 comm="syz.2.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 599.145551][ T28] audit: type=1326 audit(1760486001.367:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10194 comm="syz.2.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 599.169070][ T28] audit: type=1326 audit(1760486001.367:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10194 comm="syz.2.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 599.495825][ T28] audit: type=1326 audit(1760486001.367:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10194 comm="syz.2.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 599.630594][ T28] audit: type=1326 audit(1760486001.367:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10194 comm="syz.2.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=315 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 599.812453][ T28] audit: type=1326 audit(1760486001.367:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10194 comm="syz.2.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 599.850302][ T28] audit: type=1326 audit(1760486001.377:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10194 comm="syz.2.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 599.918596][ T28] audit: type=1326 audit(1760486001.377:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10194 comm="syz.2.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 599.967712][ T28] audit: type=1326 audit(1760486001.377:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10194 comm="syz.2.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 600.335322][T10208] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1191'. [ 601.636323][T10216] netlink: 1296 bytes leftover after parsing attributes in process `syz.2.1193'. [ 602.619197][T10221] netlink: 1296 bytes leftover after parsing attributes in process `syz.1.1195'. [ 604.169224][ T28] kauditd_printk_skb: 14 callbacks suppressed [ 604.169243][ T28] audit: type=1326 audit(1760486006.207:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10235 comm="syz.1.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91ea78eec9 code=0x7ffc0000 [ 604.255073][T10239] cgroup: Bad value for 'name' [ 604.823356][ T28] audit: type=1326 audit(1760486006.207:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10235 comm="syz.1.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91ea78eec9 code=0x7ffc0000 [ 604.939934][ T28] audit: type=1326 audit(1760486006.357:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10235 comm="syz.1.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f91ea78eec9 code=0x7ffc0000 [ 604.987311][ T28] audit: type=1326 audit(1760486006.357:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10235 comm="syz.1.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91ea78eec9 code=0x7ffc0000 [ 605.073393][ T28] audit: type=1326 audit(1760486006.357:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10235 comm="syz.1.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91ea78eec9 code=0x7ffc0000 [ 605.250878][ T28] audit: type=1326 audit(1760486006.607:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10235 comm="syz.1.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f91ea78eec9 code=0x7ffc0000 [ 605.283412][ T28] audit: type=1326 audit(1760486006.607:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10235 comm="syz.1.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91ea78eec9 code=0x7ffc0000 [ 605.283473][ T28] audit: type=1326 audit(1760486006.607:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10235 comm="syz.1.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91ea78eec9 code=0x7ffc0000 [ 605.386178][T10251] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1201'. [ 605.559984][ T28] audit: type=1326 audit(1760486006.757:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10235 comm="syz.1.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f91ea78eec9 code=0x7ffc0000 [ 605.593473][ T28] audit: type=1326 audit(1760486006.757:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10235 comm="syz.1.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91ea78eec9 code=0x7ffc0000 [ 609.522428][ T28] kauditd_printk_skb: 17 callbacks suppressed [ 609.522447][ T28] audit: type=1326 audit(1760486011.837:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10266 comm="syz.1.1209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91ea78eec9 code=0x7ffc0000 [ 609.743515][ T8] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 609.777083][ T28] audit: type=1326 audit(1760486011.837:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10266 comm="syz.1.1209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91ea78eec9 code=0x7ffc0000 [ 610.038365][ T8] usb 4-1: Using ep0 maxpacket: 8 [ 610.549015][ T8] usb 4-1: config 0 has an invalid interface number: 110 but max is 0 [ 610.583306][ T8] usb 4-1: config 0 has no interface number 0 [ 610.589469][ T8] usb 4-1: config 0 interface 110 has no altsetting 0 [ 610.633471][ T8] usb 4-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=f6.56 [ 610.643621][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 610.651985][ T8] usb 4-1: Product: syz [ 610.657221][ T8] usb 4-1: Manufacturer: syz [ 610.661969][ T8] usb 4-1: SerialNumber: syz [ 610.687108][ T8] usb 4-1: config 0 descriptor?? [ 611.133875][T10299] lo speed is unknown, defaulting to 1000 [ 612.046399][T10283] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1211'. [ 612.105281][T10284] netlink: 2384 bytes leftover after parsing attributes in process `syz.3.1211'. [ 612.306637][ T5862] usb 4-1: USB disconnect, device number 15 [ 613.278673][T10312] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1219'. [ 617.760998][T10356] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1231'. [ 618.061904][T10360] netlink: 2384 bytes leftover after parsing attributes in process `syz.0.1231'. [ 619.393831][ T28] audit: type=1326 audit(1760486021.747:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10364 comm="syz.3.1234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc37558eec9 code=0x7ffc0000 [ 619.673959][T10372] cgroup: Bad value for 'name' [ 620.171058][ T28] audit: type=1326 audit(1760486021.747:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10364 comm="syz.3.1234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc37558eec9 code=0x7ffc0000 [ 620.193638][ C1] vkms_vblank_simulate: vblank timer overrun [ 620.278520][ T28] audit: type=1326 audit(1760486021.877:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10364 comm="syz.3.1234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fc37558eec9 code=0x7ffc0000 [ 620.377921][T10370] workqueue: Failed to create a rescuer kthread for wq "xfs-conv/nullb0": -EINTR [ 620.699792][T10378] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1236'. [ 621.477113][T10378] syz.0.1236 (10378) used greatest stack depth: 17384 bytes left [ 623.041931][T10390] IPVS: Unknown mcast interface: vcan0 [ 625.126492][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 625.133042][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.431650][T10426] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1250'. [ 625.493370][ T8] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 626.526568][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 626.537435][ T8] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 626.551723][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 626.565530][ T8] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 626.579587][T10433] IPVS: Unknown mcast interface: vcan0 [ 626.599803][ T8] usb 4-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 626.621283][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 626.698352][ T8] usb 4-1: config 0 descriptor?? [ 627.753680][ T8] hdpvr 4-1:0.0: firmware version 0x51 dated [ 627.761295][ T8] hdpvr 4-1:0.0: untested firmware, the driver might not work. [ 627.815708][ T28] audit: type=1326 audit(1760486030.157:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10450 comm="syz.2.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 627.910238][ T8] hdpvr 4-1:0.0: device init failed [ 627.926880][ T28] audit: type=1326 audit(1760486030.157:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10450 comm="syz.2.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 627.974929][ T8] hdpvr: probe of 4-1:0.0 failed with error -12 [ 628.156328][ T8] usb 4-1: USB disconnect, device number 16 [ 628.258631][ T28] audit: type=1326 audit(1760486030.157:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10450 comm="syz.2.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 628.525347][ T28] audit: type=1326 audit(1760486030.157:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10450 comm="syz.2.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 628.578626][ T28] audit: type=1326 audit(1760486030.157:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10450 comm="syz.2.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 628.650482][ T28] audit: type=1326 audit(1760486030.167:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10450 comm="syz.2.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=8 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 628.673375][ T28] audit: type=1326 audit(1760486030.167:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10450 comm="syz.2.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 630.806049][T10493] netlink: 'syz.3.1268': attribute type 1 has an invalid length. [ 630.856206][T10494] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1267'. [ 630.951528][T10494] netlink: 2384 bytes leftover after parsing attributes in process `syz.2.1267'. [ 634.600923][T10523] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1276'. [ 634.610082][T10523] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1276'. [ 635.959507][T10533] gfs2: not a GFS2 filesystem [ 639.841486][T10560] IPVS: Unknown mcast interface: vcan0 [ 644.859204][T10607] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 645.415979][T10621] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 649.769300][T10658] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 649.998244][T10662] netlink: 1296 bytes leftover after parsing attributes in process `syz.0.1317'. [ 651.754701][T10690] lo speed is unknown, defaulting to 1000 [ 651.760656][T10690] lo speed is unknown, defaulting to 1000 [ 651.904384][T10690] lo speed is unknown, defaulting to 1000 [ 651.918967][T10690] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 652.016823][T10694] netlink: 1296 bytes leftover after parsing attributes in process `syz.2.1329'. [ 652.702850][T10690] lo speed is unknown, defaulting to 1000 [ 652.762475][T10690] lo speed is unknown, defaulting to 1000 [ 652.775662][T10690] lo speed is unknown, defaulting to 1000 [ 652.796813][T10690] lo speed is unknown, defaulting to 1000 [ 652.819170][T10698] IPVS: Unknown mcast interface: vcan0 [ 652.899346][T10700] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 655.584364][T10718] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1335'. [ 655.625934][T10726] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 655.649312][T10726] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 655.667204][T10726] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 655.828290][T10726] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 656.762010][T10738] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 656.993380][ T8] usb 4-1: new full-speed USB device number 17 using dummy_hcd [ 658.323741][ T8] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 658.363330][ T8] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 658.699124][ T8] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 658.767627][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 658.831448][ T8] usb 4-1: Product: syz [ 658.844199][ T28] audit: type=1326 audit(1760486061.067:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10749 comm="syz.2.1344" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f966098eec9 code=0x0 [ 658.877116][ T8] usb 4-1: Manufacturer: syz [ 658.901832][ T8] usb 4-1: SerialNumber: syz [ 659.134663][ T8] usb 4-1: can't set config #1, error -71 [ 659.178489][ T8] usb 4-1: USB disconnect, device number 17 [ 659.417855][T10765] syz.3.1347: attempt to access beyond end of device [ 659.417855][T10765] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 659.463012][T10765] FAT-fs (nbd3): unable to read boot sector [ 659.648924][ T5800] Bluetooth: hci1: unexpected event 0x0b length: 234 > 11 [ 659.845010][T10774] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 662.360471][T10793] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1357'. [ 662.429543][ T28] audit: type=1326 audit(1760486064.777:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10794 comm="syz.1.1356" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f91ea78eec9 code=0x0 [ 662.738629][T10803] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1359'. [ 663.023383][ T8] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 663.076851][T10812] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 663.225666][ T8] usb 4-1: Using ep0 maxpacket: 32 [ 663.315823][ T8] usb 4-1: config 0 has an invalid descriptor of length 13, skipping remainder of the config [ 663.328730][ T8] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 663.374483][ T8] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 663.383776][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 663.391818][ T8] usb 4-1: Product: syz [ 663.396883][ T8] usb 4-1: Manufacturer: syz [ 663.401997][ T8] usb 4-1: SerialNumber: syz [ 663.409534][ T8] usb 4-1: config 0 descriptor?? [ 663.882004][T10803] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 663.891970][T10803] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 663.906840][T10803] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 663.915590][T10803] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 665.288911][T10837] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 665.557374][ T28] audit: type=1326 audit(1760486067.907:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10838 comm="syz.1.1372" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f91ea78eec9 code=0x0 [ 666.349813][ T8] usb 4-1: USB disconnect, device number 18 [ 669.761774][T10873] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 671.060203][T10892] netlink: 80 bytes leftover after parsing attributes in process `syz.1.1386'. [ 673.316440][T10907] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 676.551735][T10947] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 680.006119][T10981] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 682.577108][T11024] fuse: Bad value for 'fd' [ 682.703991][T11023] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 682.925239][T11021] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1428'. [ 685.566590][T11052] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1436'. [ 685.665221][T11056] fuse: Bad value for 'fd' [ 685.861740][T11064] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1441'. [ 686.176885][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.184603][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 689.938405][T11109] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1453'. [ 690.189187][T11112] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1454'. [ 693.402883][T11137] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 694.693556][T11152] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1464'. [ 697.270781][T11168] cgroup: Bad value for 'name' [ 697.283403][ T28] audit: type=1326 audit(1760486099.037:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11162 comm="syz.2.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 697.368141][ T28] audit: type=1326 audit(1760486099.047:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11162 comm="syz.2.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 697.691241][ T28] audit: type=1326 audit(1760486100.037:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11162 comm="syz.2.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 697.717314][ T28] audit: type=1326 audit(1760486100.037:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11162 comm="syz.2.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 697.770551][ T28] audit: type=1326 audit(1760486100.037:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11162 comm="syz.2.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 698.053344][ T28] audit: type=1326 audit(1760486100.037:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11162 comm="syz.2.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 698.086618][ T28] audit: type=1326 audit(1760486100.037:451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11162 comm="syz.2.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 698.120870][ T28] audit: type=1326 audit(1760486100.037:452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11162 comm="syz.2.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 698.150789][ T28] audit: type=1326 audit(1760486100.037:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11162 comm="syz.2.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 698.179293][ T28] audit: type=1326 audit(1760486100.037:454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11162 comm="syz.2.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 698.939172][T11189] syz.2.1472: vmalloc error: size 16777216, failed to allocated page array size 32768, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 698.958056][T11189] CPU: 1 PID: 11189 Comm: syz.2.1472 Not tainted syzkaller #0 [ 698.965668][T11189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 698.975951][T11189] Call Trace: [ 698.979268][T11189] [ 698.982346][T11189] dump_stack_lvl+0x16c/0x230 [ 698.987074][T11189] ? show_regs_print_info+0x20/0x20 [ 698.992301][T11189] ? load_image+0x3b0/0x3b0 [ 698.996848][T11189] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 699.003303][T11189] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 699.009826][T11189] warn_alloc+0x210/0x300 [ 699.014224][T11189] ? zone_watermark_ok_safe+0x230/0x230 [ 699.019876][T11189] ? _raw_spin_unlock+0x28/0x40 [ 699.024806][T11189] ? __kmem_cache_free+0xba/0x1f0 [ 699.029955][T11189] __vmalloc_node_range+0x662/0x1320 [ 699.035389][T11189] ? free_vm_area+0x50/0x50 [ 699.039922][T11189] ? kvmalloc_node+0x70/0x180 [ 699.044629][T11189] ? kvmalloc_node+0x70/0x180 [ 699.049427][T11189] ? trace_kmalloc+0x1f/0xa0 [ 699.054069][T11189] kvmalloc_node+0x13f/0x180 [ 699.058795][T11189] ? xp_create_and_assign_umem+0x17c/0xc00 [ 699.064632][T11189] xp_create_and_assign_umem+0x17c/0xc00 [ 699.070319][T11189] ? dev_get_by_index+0x22/0x2d0 [ 699.075662][T11189] xsk_bind+0x31d/0xc70 [ 699.080109][T11189] __sys_bind+0x31a/0x410 [ 699.084684][T11189] ? __ia32_sys_socketpair+0xb0/0xb0 [ 699.090116][T11189] __x64_sys_bind+0x7a/0x90 [ 699.094658][T11189] do_syscall_64+0x55/0xb0 [ 699.099227][T11189] ? clear_bhb_loop+0x40/0x90 [ 699.103958][T11189] ? clear_bhb_loop+0x40/0x90 [ 699.108769][T11189] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 699.114893][T11189] RIP: 0033:0x7f966098eec9 [ 699.119612][T11189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 699.139545][T11189] RSP: 002b:00007f96617e8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 699.147994][T11189] RAX: ffffffffffffffda RBX: 00007f9660be6090 RCX: 00007f966098eec9 [ 699.156169][T11189] RDX: 0000000000000010 RSI: 0000200000000100 RDI: 0000000000000003 [ 699.164250][T11189] RBP: 00007f9660a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 699.172413][T11189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 699.180520][T11189] R13: 00007f9660be6128 R14: 00007f9660be6090 R15: 00007fff60ebacd8 [ 699.188545][T11189] [ 699.193993][T11189] Mem-Info: [ 699.197225][T11189] active_anon:18907 inactive_anon:0 isolated_anon:0 [ 699.197225][T11189] active_file:10790 inactive_file:40128 isolated_file:0 [ 699.197225][T11189] unevictable:17160 dirty:28 writeback:0 [ 699.197225][T11189] slab_reclaimable:10618 slab_unreclaimable:108544 [ 699.197225][T11189] mapped:25188 shmem:13881 pagetables:638 [ 699.197225][T11189] sec_pagetables:0 bounce:0 [ 699.197225][T11189] kernel_misc_reclaimable:0 [ 699.197225][T11189] free:1292100 free_pcp:16886 free_cma:0 [ 699.257788][T11189] Node 0 active_anon:75804kB inactive_anon:0kB active_file:43160kB inactive_file:160256kB unevictable:67104kB isolated(anon):0kB isolated(file):0kB mapped:105068kB dirty:108kB writeback:0kB shmem:53932kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12292kB pagetables:2580kB sec_pagetables:0kB all_unreclaimable? no [ 699.292396][T11197] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 699.305619][T11189] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:256kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 699.354019][T11189] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 699.381799][T11189] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 699.388189][T11189] Node 0 DMA32 free:1268216kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:75692kB inactive_anon:0kB active_file:43160kB inactive_file:158920kB unevictable:67104kB writepending:116kB present:3129332kB managed:2589604kB mlocked:0kB bounce:0kB free_pcp:35820kB local_pcp:18776kB free_cma:0kB [ 699.419801][T11189] lowmem_reserve[]: 0 0 1 1 1 [ 699.425127][T11189] Node 0 Normal free:4kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1336kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 699.456628][T11189] lowmem_reserve[]: 0 0 0 0 0 [ 699.461920][T11189] Node 1 Normal free:3884576kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:256kB unevictable:1536kB writepending:4kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:32608kB local_pcp:6464kB free_cma:0kB [ 699.499000][T11189] lowmem_reserve[]: 0 0 0 0 0 [ 699.504268][T11189] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 699.518529][T11189] Node 0 DMA32: 6*4kB (UME) 14*8kB (ME) 11*16kB (ME) 160*32kB (UME) 101*64kB (UME) 53*128kB (UM) 47*256kB (UME) 43*512kB (UME) 13*1024kB (UM) 7*2048kB (UM) 290*4096kB (M) = 1268216kB [ 699.541465][T11189] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 699.558873][T11189] Node 1 Normal: 252*4kB (UM) 58*8kB (UME) 46*16kB (UME) 164*32kB (UME) 60*64kB (UME) 10*128kB (UME) 3*256kB (UM) 1*512kB (U) 2*1024kB (U) 1*2048kB (U) 944*4096kB (ME) = 3884576kB [ 699.582435][T11189] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 699.592351][T11189] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 699.602548][T11189] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 699.612865][T11189] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 699.622426][T11189] 81177 total pagecache pages [ 699.627898][T11189] 0 pages in swap cache [ 699.632179][T11189] Free swap = 124348kB [ 699.636716][T11189] Total swap = 124996kB [ 699.641184][T11189] 2097051 pages RAM [ 699.645355][T11189] 0 pages HighMem/MovableOnly [ 699.650451][T11189] 416136 pages reserved [ 699.654808][T11189] 0 pages cma reserved [ 699.953089][T11205] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1476'. [ 702.302674][ T28] kauditd_printk_skb: 7 callbacks suppressed [ 702.302691][ T28] audit: type=1326 audit(1760486104.647:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11214 comm="syz.3.1480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc37558eec9 code=0x7ffc0000 [ 702.446378][ T28] audit: type=1326 audit(1760486104.647:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11214 comm="syz.3.1480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc37558eec9 code=0x7ffc0000 [ 703.153451][ T967] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 703.302849][T11252] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 703.317265][ T5800] Bluetooth: hci3: unexpected event for opcode 0x0000 [ 703.494686][ T967] usb 4-1: Using ep0 maxpacket: 8 [ 703.509209][ T967] usb 4-1: config 0 has an invalid interface number: 110 but max is 0 [ 703.521121][ T967] usb 4-1: config 0 has no interface number 0 [ 703.586236][ T967] usb 4-1: config 0 interface 110 has no altsetting 0 [ 703.606863][ T967] usb 4-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=f6.56 [ 703.617535][ T967] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 703.625848][ T967] usb 4-1: Product: syz [ 703.630380][ T967] usb 4-1: Manufacturer: syz [ 703.635267][ T967] usb 4-1: SerialNumber: syz [ 704.373437][ T967] usb 4-1: config 0 descriptor?? [ 704.441501][T11258] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1489'. [ 704.655352][T11244] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1484'. [ 704.681494][T11244] netlink: 2384 bytes leftover after parsing attributes in process `syz.3.1484'. [ 704.802789][ T5862] usb 4-1: USB disconnect, device number 19 [ 707.373417][ T5800] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 707.384058][ T5800] Bluetooth: hci3: Injecting HCI hardware error event [ 707.392417][T10014] Bluetooth: hci3: hardware error 0x00 [ 708.370264][T11294] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1498'. [ 708.379892][T11294] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 708.556650][T11302] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1500'. [ 709.454693][T10014] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 711.868123][T11334] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1510'. [ 711.878763][T11334] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 712.212200][T11341] netlink: 1296 bytes leftover after parsing attributes in process `syz.3.1512'. [ 712.962553][T11344] lo speed is unknown, defaulting to 1000 [ 712.972723][T11344] lo speed is unknown, defaulting to 1000 [ 713.853044][ T967] usb 4-1: new full-speed USB device number 20 using dummy_hcd [ 714.076263][ T967] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 714.087538][ T967] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 714.102152][ T967] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 714.111843][ T967] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 714.122974][ T967] usb 4-1: Product: syz [ 714.137983][ T967] usb 4-1: Manufacturer: syz [ 714.148455][ T967] usb 4-1: SerialNumber: syz [ 714.422518][ T967] usb 4-1: skipping empty audio interface (v1) [ 714.484968][ T967] snd-usb-audio: probe of 4-1:1.0 failed with error -22 [ 714.505298][ T967] usb 4-1: USB disconnect, device number 20 [ 714.514678][T11346] udevd[11346]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 714.787996][T11378] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1523'. [ 714.798216][T11378] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 718.745275][T11439] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1543'. [ 719.853468][ T7262] IPVS: ip_vs_send_async error -19 [ 720.308228][T11461] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 722.226598][T11485] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1557'. [ 723.064245][T11494] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1560'. [ 723.766078][T11508] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1565'. [ 724.443355][ T7262] IPVS: ip_vs_send_async error -19 [ 724.756181][T11520] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1571'. [ 727.450994][T11551] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1579'. [ 728.137022][T11556] syz.1.1580: vmalloc error: size 16777216, failed to allocated page array size 32768, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 728.169912][T11556] CPU: 0 PID: 11556 Comm: syz.1.1580 Not tainted syzkaller #0 [ 728.177429][T11556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 728.187725][T11556] Call Trace: [ 728.191023][T11556] [ 728.193970][T11556] dump_stack_lvl+0x16c/0x230 [ 728.198678][T11556] ? show_regs_print_info+0x20/0x20 [ 728.203896][T11556] ? load_image+0x3b0/0x3b0 [ 728.208428][T11556] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 728.214872][T11556] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 728.221397][T11556] warn_alloc+0x210/0x300 [ 728.225795][T11556] ? zone_watermark_ok_safe+0x230/0x230 [ 728.231381][T11556] ? _raw_spin_unlock+0x28/0x40 [ 728.236261][T11556] __vmalloc_node_range+0x662/0x1320 [ 728.241566][T11556] ? __asan_memset+0x22/0x40 [ 728.246376][T11556] ? free_vm_area+0x50/0x50 [ 728.250908][T11556] ? kvmalloc_node+0x70/0x180 [ 728.255600][T11556] ? kvmalloc_node+0x70/0x180 [ 728.260287][T11556] ? trace_kmalloc+0x1f/0xa0 [ 728.264997][T11556] kvmalloc_node+0x13f/0x180 [ 728.269602][T11556] ? xp_create_and_assign_umem+0x17c/0xc00 [ 728.275421][T11556] xp_create_and_assign_umem+0x17c/0xc00 [ 728.281087][T11556] ? mutex_lock_nested+0x20/0x20 [ 728.286041][T11556] ? dev_get_by_index+0x22/0x2d0 [ 728.291012][T11556] ? dev_get_by_index+0x22/0x2d0 [ 728.295997][T11556] xsk_bind+0x31d/0xc70 [ 728.300176][T11556] __sys_bind+0x31a/0x410 [ 728.304526][T11556] ? __ia32_sys_socketpair+0xb0/0xb0 [ 728.309843][T11556] __x64_sys_bind+0x7a/0x90 [ 728.314475][T11556] do_syscall_64+0x55/0xb0 [ 728.318901][T11556] ? clear_bhb_loop+0x40/0x90 [ 728.323589][T11556] ? clear_bhb_loop+0x40/0x90 [ 728.328375][T11556] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 728.334278][T11556] RIP: 0033:0x7f91ea78eec9 [ 728.338707][T11556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 728.358361][T11556] RSP: 002b:00007f91eb6f1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 728.366803][T11556] RAX: ffffffffffffffda RBX: 00007f91ea9e6090 RCX: 00007f91ea78eec9 [ 728.374832][T11556] RDX: 0000000000000010 RSI: 0000200000000100 RDI: 0000000000000003 [ 728.382914][T11556] RBP: 00007f91ea811f91 R08: 0000000000000000 R09: 0000000000000000 [ 728.391009][T11556] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 728.399114][T11556] R13: 00007f91ea9e6128 R14: 00007f91ea9e6090 R15: 00007ffe1b2c1458 [ 728.407129][T11556] [ 728.420831][T11556] Mem-Info: [ 728.430990][T11556] active_anon:21618 inactive_anon:0 isolated_anon:0 [ 728.430990][T11556] active_file:10790 inactive_file:40140 isolated_file:0 [ 728.430990][T11556] unevictable:17160 dirty:63 writeback:0 [ 728.430990][T11556] slab_reclaimable:10653 slab_unreclaimable:107689 [ 728.430990][T11556] mapped:25506 shmem:16624 pagetables:630 [ 728.430990][T11556] sec_pagetables:0 bounce:0 [ 728.430990][T11556] kernel_misc_reclaimable:0 [ 728.430990][T11556] free:1294792 free_pcp:12747 free_cma:0 [ 728.476611][ C1] vkms_vblank_simulate: vblank timer overrun [ 728.499533][T11556] Node 0 active_anon:89872kB inactive_anon:0kB active_file:43160kB inactive_file:160304kB unevictable:67104kB isolated(anon):0kB isolated(file):0kB mapped:104924kB dirty:252kB writeback:0kB shmem:68360kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12084kB pagetables:2520kB sec_pagetables:0kB all_unreclaimable? no [ 728.532233][ C1] vkms_vblank_simulate: vblank timer overrun [ 728.583666][T11556] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:256kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 728.623428][T11556] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 728.661691][T11565] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1584'. [ 728.675610][T11556] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 728.682798][T11556] Node 0 DMA32 free:1272420kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:93048kB inactive_anon:0kB active_file:43160kB inactive_file:158968kB unevictable:67104kB writepending:252kB present:3129332kB managed:2589604kB mlocked:0kB bounce:0kB free_pcp:18268kB local_pcp:16980kB free_cma:0kB [ 728.713771][ C1] vkms_vblank_simulate: vblank timer overrun [ 728.720890][T11556] lowmem_reserve[]: 0 0 1 1 1 [ 728.726180][T11556] Node 0 Normal free:4kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1336kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 728.758328][T11556] lowmem_reserve[]: 0 0 0 0 0 [ 728.763557][T11556] Node 1 Normal free:3884832kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:256kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:32352kB local_pcp:6208kB free_cma:0kB [ 728.793142][ C1] vkms_vblank_simulate: vblank timer overrun [ 728.904080][T11556] lowmem_reserve[]: 0 0 0 0 0 [ 728.909539][T11556] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 728.924178][T11556] Node 0 DMA32: 4*4kB (UE) 12*8kB (E) 2*16kB (UE) 109*32kB (UME) 92*64kB (UME) 80*128kB (UM) 62*256kB (UME) 52*512kB (UME) 34*1024kB (UM) 6*2048kB (UM) 281*4096kB (M) = 1260336kB [ 728.955515][T11556] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 728.967762][T11556] Node 1 Normal: 252*4kB (UM) 58*8kB (UME) 46*16kB (UME) 170*32kB (UME) 61*64kB (UME) 10*128kB (UME) 3*256kB (UM) 1*512kB (U) 2*1024kB (U) 1*2048kB (U) 944*4096kB (ME) = 3884832kB [ 728.989550][T11556] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 728.999664][T11556] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 729.009430][T11556] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 729.019488][T11556] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 729.029210][T11556] 86450 total pagecache pages [ 729.034344][T11556] 0 pages in swap cache [ 729.038886][T11556] Free swap = 124604kB [ 729.043246][T11556] Total swap = 124996kB [ 729.047764][T11556] 2097051 pages RAM [ 729.051741][T11556] 0 pages HighMem/MovableOnly [ 729.068788][T11556] 416136 pages reserved [ 729.073386][T11556] 0 pages cma reserved [ 733.042014][T11620] lo speed is unknown, defaulting to 1000 [ 733.077503][T11620] lo speed is unknown, defaulting to 1000 [ 733.166226][T11625] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1597'. [ 733.498868][ T28] audit: type=1326 audit(1760486135.847:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11615 comm="syz.3.1596" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc37558eec9 code=0x0 [ 735.003917][T11637] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 735.010931][T11637] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 735.049839][T11637] vhci_hcd vhci_hcd.0: Device attached [ 735.111806][T11640] vhci_hcd: connection closed [ 735.115465][ T8965] vhci_hcd: stop threads [ 735.126182][ T8965] vhci_hcd: release socket [ 735.130722][ T8965] vhci_hcd: disconnect device [ 736.199058][ T28] audit: type=1326 audit(1760486138.547:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11654 comm="syz.2.1605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 736.224138][T11661] cgroup: Bad value for 'name' [ 736.241471][ T28] audit: type=1326 audit(1760486138.547:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11654 comm="syz.2.1605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 736.274303][ T28] audit: type=1326 audit(1760486138.547:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11654 comm="syz.2.1605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 736.300196][ T28] audit: type=1326 audit(1760486138.547:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11654 comm="syz.2.1605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 736.324350][ T28] audit: type=1326 audit(1760486138.547:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11654 comm="syz.2.1605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 736.347530][ T28] audit: type=1326 audit(1760486138.567:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11654 comm="syz.2.1605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=315 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 736.378994][ T28] audit: type=1326 audit(1760486138.567:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11654 comm="syz.2.1605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 736.507595][ T28] audit: type=1326 audit(1760486138.567:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11654 comm="syz.2.1605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 736.531778][ T28] audit: type=1326 audit(1760486138.567:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11654 comm="syz.2.1605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f966098eec9 code=0x7ffc0000 [ 736.937446][T11669] lo speed is unknown, defaulting to 1000 [ 736.945150][T11669] lo speed is unknown, defaulting to 1000 [ 737.025473][T11677] fuse: Bad value for 'fd' [ 738.450576][T11701] lo speed is unknown, defaulting to 1000 [ 738.458312][T11701] lo speed is unknown, defaulting to 1000 [ 739.269997][T11713] overlayfs: missing 'lowerdir' [ 739.485252][T11719] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1626'. [ 739.689124][T11720] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1625'. [ 739.706212][T11720] netlink: 2384 bytes leftover after parsing attributes in process `syz.0.1625'. [ 739.794142][T11722] wireguard: wg1: Could not create IPv4 socket [ 742.683821][T11747] overlayfs: missing 'lowerdir' [ 744.168651][T11773] netlink: 1296 bytes leftover after parsing attributes in process `syz.3.1641'. [ 744.181057][T11774] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1642'. [ 744.470316][T11780] netlink: 1296 bytes leftover after parsing attributes in process `syz.0.1643'. [ 745.037421][T11782] overlayfs: missing 'lowerdir' [ 745.188583][T11785] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1645'. [ 745.839959][T11792] fuse: Bad value for 'fd' [ 748.632777][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 748.639486][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 749.142941][T11826] netlink: 1296 bytes leftover after parsing attributes in process `syz.2.1654'. [ 749.296681][T11828] overlayfs: missing 'lowerdir' [ 749.428265][T11831] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1656'. [ 751.600123][T11852] overlayfs: missing 'lowerdir' [ 752.334248][T11862] netlink: 1296 bytes leftover after parsing attributes in process `syz.0.1667'. [ 752.442629][T11864] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1668'. [ 753.375193][ T10] null_blk: rq ffff8880227c0000 timed out [ 753.381638][ T10] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 1 [ 753.392732][ T10] null_blk: rq ffff8880227c0180 timed out [ 753.398587][ T10] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 1 [ 753.409142][ T10] null_blk: rq ffff8880227c0300 timed out [ 753.415040][ T10] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 1 [ 753.426050][ T10] null_blk: rq ffff8880227c0480 timed out [ 753.431908][ T10] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 1 [ 753.442882][ T10] null_blk: rq ffff8880227c0600 timed out [ 753.448722][ T10] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 1 [ 753.460698][ T10] null_blk: rq ffff8880227c0780 timed out [ 753.467528][ T10] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 1 [ 753.559334][ T10] null_blk: rq ffff8880227c0900 timed out [ 753.565993][ T10] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 1 [ 753.577740][ T10] null_blk: rq ffff8880227c0a80 timed out [ 753.584110][ T10] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 1 [ 753.596978][ T10] null_blk: rq ffff8880227c0c00 timed out [ 753.602748][ T10] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 1 [ 753.613648][ T10] null_blk: rq ffff8880227c0d80 timed out [ 753.619553][ T10] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 1 [ 753.630668][ T10] null_blk: rq ffff8880227c0f00 timed out [ 753.636514][ T10] null_blk: rq ffff8880227c1080 timed out [ 753.642309][ T10] null_blk: rq ffff8880227c1200 timed out [ 753.648169][ T10] null_blk: rq ffff8880227c1380 timed out [ 753.654064][ T10] null_blk: rq ffff8880227c1500 timed out [ 753.659937][ T10] null_blk: rq ffff8880227c1680 timed out [ 753.666359][ T10] null_blk: rq ffff8880227c1800 timed out [ 753.672118][ T10] null_blk: rq ffff8880227c1980 timed out [ 753.678074][ T10] null_blk: rq ffff8880227c1b00 timed out [ 753.684000][ T10] null_blk: rq ffff8880227c1c80 timed out [ 753.689902][ T10] null_blk: rq ffff8880227c1e00 timed out [ 753.695920][ T10] null_blk: rq ffff8880227c1f80 timed out [ 753.701879][ T10] null_blk: rq ffff8880227c2100 timed out [ 753.707882][ T10] null_blk: rq ffff8880227c2280 timed out [ 753.714320][ T10] null_blk: rq ffff8880227c2400 timed out [ 753.720095][ T10] null_blk: rq ffff8880227c2580 timed out [ 753.727076][ T10] null_blk: rq ffff8880227c2700 timed out [ 753.733458][ T10] null_blk: rq ffff8880227c2880 timed out [ 753.739344][ T10] null_blk: rq ffff8880227c2a00 timed out [ 753.745270][ T10] null_blk: rq ffff8880227c2b80 timed out [ 753.751045][ T10] null_blk: rq ffff8880227c2d00 timed out [ 753.756863][ T10] null_blk: rq ffff8880227c2e80 timed out [ 753.764313][ T10] null_blk: rq ffff8880227c3000 timed out [ 753.770089][ T10] null_blk: rq ffff8880227c3180 timed out [ 753.782146][ T10] null_blk: rq ffff8880227c3300 timed out [ 753.788614][ T10] null_blk: rq ffff8880227c3480 timed out [ 753.794776][ T10] null_blk: rq ffff8880227c3600 timed out [ 753.800851][ T10] null_blk: rq ffff8880227c3780 timed out [ 753.808324][ T10] null_blk: rq ffff8880227c3900 timed out [ 753.814177][ T10] null_blk: rq ffff8880227c3a80 timed out [ 753.821277][ T10] null_blk: rq ffff8880227c3c00 timed out [ 753.827228][ T10] null_blk: rq ffff8880227c3d80 timed out [ 753.833602][ T10] null_blk: rq ffff8880227c3f00 timed out [ 753.839909][ T10] null_blk: rq ffff8880227c4080 timed out [ 753.845851][ T10] null_blk: rq ffff8880227c4200 timed out [ 753.851639][ T10] null_blk: rq ffff8880227c4380 timed out [ 753.857501][ T10] null_blk: rq ffff8880227c4500 timed out [ 753.863404][ T10] null_blk: rq ffff8880227c4680 timed out [ 753.871408][ T10] null_blk: rq ffff8880227c4800 timed out [ 753.877313][ T10] null_blk: rq ffff8880227c4980 timed out [ 753.883201][ T10] null_blk: rq ffff8880227c4b00 timed out [ 753.889027][ T10] null_blk: rq ffff8880227c4c80 timed out [ 753.894875][ T10] null_blk: rq ffff8880227c4e00 timed out [ 753.900659][ T10] null_blk: rq ffff8880227c4f80 timed out [ 753.906518][ T10] null_blk: rq ffff8880227c5100 timed out [ 753.912302][ T10] null_blk: rq ffff8880227c5280 timed out [ 753.918290][ T10] null_blk: rq ffff8880227c5400 timed out [ 753.924355][ T10] null_blk: rq ffff8880227c5580 timed out [ 753.930143][ T10] null_blk: rq ffff8880227c5700 timed out [ 753.936548][ T10] null_blk: rq ffff8880227c5880 timed out [ 753.942455][ T10] null_blk: rq ffff8880227c5a00 timed out [ 753.948456][ T10] null_blk: rq ffff8880227c5b80 timed out [ 753.954323][ T10] null_blk: rq ffff8880227c5d00 timed out [ 753.960121][ T10] null_blk: rq ffff8880227c5e80 timed out [ 754.204464][T11881] overlayfs: missing 'lowerdir' [ 754.658289][T11890] netlink: 1296 bytes leftover after parsing attributes in process `syz.3.1674'. [ 757.773751][T11921] IPVS: Unknown mcast interface: vcan0 [ 757.781915][T11919] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 757.790761][T11919] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 758.243891][T11934] hugetlbfs: syz.2.1688 (11934): Using mlock ulimits for SHM_HUGETLB is obsolete [ 758.940475][T11947] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 758.949500][T11947] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 759.281084][T11960] wireguard: wg1: Could not create IPv4 socket [ 760.219691][T11974] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 760.228601][T11974] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 760.812076][T11986] netlink: 'syz.2.1699': attribute type 16 has an invalid length. [ 760.826029][T11986] netlink: 64138 bytes leftover after parsing attributes in process `syz.2.1699'. [ 761.023088][T11990] 9pnet_virtio: no channels available for device syz [ 761.118153][T11988] block device autoloading is deprecated and will be removed. [ 761.129006][T11988] syz.3.1708: attempt to access beyond end of device [ 761.129006][T11988] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 761.878412][T11998] netlink: 1296 bytes leftover after parsing attributes in process `syz.1.1710'. [ 762.707171][T12009] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1714'. [ 762.935072][T12013] overlayfs: missing 'lowerdir' [ 764.543668][T12037] netlink: 1296 bytes leftover after parsing attributes in process `syz.0.1722'. [ 764.630700][T12038] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8) [ 764.637399][T12038] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 764.646773][T12038] vhci_hcd vhci_hcd.0: Device attached [ 765.280340][T12039] vhci_hcd: connection closed [ 765.283396][ T42] vhci_hcd: stop threads [ 766.146821][ T42] vhci_hcd: release socket [ 766.176216][ T42] vhci_hcd: disconnect device [ 767.707749][T12053] overlayfs: missing 'lowerdir' [ 767.852177][T12058] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1728'. [ 768.494710][T12077] netlink: 1296 bytes leftover after parsing attributes in process `syz.2.1732'. [ 769.207202][T12070] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1731'. [ 771.700859][T12103] overlayfs: missing 'lowerdir' [ 772.653276][ T7262] IPVS: ip_vs_send_async error -19 [ 772.964235][T12110] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1741'. [ 773.813856][T12123] netlink: 1296 bytes leftover after parsing attributes in process `syz.1.1742'. [ 776.914286][T12140] overlayfs: missing 'workdir' [ 777.143410][ T8] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 777.463363][ T8] usb 4-1: Using ep0 maxpacket: 8 [ 777.471052][ T8] usb 4-1: config 0 has an invalid interface number: 110 but max is 0 [ 777.479567][ T8] usb 4-1: config 0 has no interface number 0 [ 777.486284][ T8] usb 4-1: config 0 interface 110 has no altsetting 0 [ 777.549959][T12156] netlink: 1296 bytes leftover after parsing attributes in process `syz.1.1752'. [ 778.287270][ T8] usb 4-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=f6.56 [ 778.313541][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 778.332330][ T8] usb 4-1: Product: syz [ 778.342443][ T8] usb 4-1: Manufacturer: syz [ 778.506029][ T8] usb 4-1: SerialNumber: syz [ 778.524445][ T8] usb 4-1: config 0 descriptor?? [ 779.271051][ T8] usb 4-1: USB disconnect, device number 21 [ 779.800545][T12174] overlayfs: missing 'workdir' [ 781.718254][T12199] input: syz1 as /devices/virtual/input/input8 [ 781.731228][T12199] input: failed to attach handler leds to device input8, error: -6 [ 781.861941][T12206] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1766'. [ 781.904139][T12206] netlink: 2384 bytes leftover after parsing attributes in process `syz.0.1766'. [ 784.373463][T12217] overlayfs: missing 'workdir' [ 784.477833][ T7262] IPVS: ip_vs_send_async error -19 [ 785.226453][T12229] fuse: Bad value for 'fd' [ 785.506010][T12235] 9pnet_virtio: no channels available for device syz [ 786.659336][T12247] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1780'. [ 789.467854][T12282] netlink: 1296 bytes leftover after parsing attributes in process `syz.2.1789'. [ 790.591638][T12297] 9pnet_virtio: no channels available for device syz [ 791.392624][T12300] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1796'. [ 791.414201][T12300] bridge_slave_1: left allmulticast mode [ 791.430924][T12300] bridge_slave_1: left promiscuous mode [ 791.443180][T12300] bridge0: port 2(bridge_slave_1) entered disabled state [ 792.186066][T12300] bridge_slave_0: left allmulticast mode [ 792.361489][T12300] bridge_slave_0: left promiscuous mode [ 792.373078][T12300] bridge0: port 1(bridge_slave_0) entered disabled state [ 794.290760][T12318] netlink: 1296 bytes leftover after parsing attributes in process `syz.2.1800'. [ 794.861803][T12313] wireguard: wg1: Could not create IPv4 socket [ 796.121001][T12332] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1804'. [ 796.138871][T12332] netlink: 2384 bytes leftover after parsing attributes in process `syz.2.1804'. [ 798.433251][T12353] wireguard: wg1: Could not create IPv4 socket [ 800.720279][T12367] netlink: 1296 bytes leftover after parsing attributes in process `syz.2.1812'. [ 803.673142][T12384] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 803.842819][T12389] 9pnet_virtio: no channels available for device syz [ 804.282370][T12403] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1822'. [ 806.370034][T12414] md: md2 stopped. [ 807.439965][T12408] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1823'. [ 807.693269][ T7262] IPVS: ip_vs_send_async error -19 [ 809.057312][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.065666][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 810.196218][T12459] i2c i2c-0: Invalid block write size 34 [ 811.224739][T12467] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode [ 811.280058][T12473] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 811.296127][T12471] IPVS: Unknown mcast interface: vcan0 [ 812.063639][T12487] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 813.404911][T12505] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1850'. [ 813.731335][T12507] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 814.272512][T12503] Process accounting resumed [ 816.197569][T12523] lo speed is unknown, defaulting to 1000 [ 816.205556][T12523] lo speed is unknown, defaulting to 1000 [ 817.444549][T12537] netlink: 1296 bytes leftover after parsing attributes in process `syz.2.1859'. [ 818.150705][T12539] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 819.391155][T12559] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 821.343250][T12598] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 822.459594][T12600] delete_channel: no stack [ 822.874153][T12614] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1886'. [ 823.110468][T12621] 9pnet_fd: Insufficient options for proto=fd [ 824.788063][T12644] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 824.910581][T12637] lo speed is unknown, defaulting to 1000 [ 824.999896][T12637] lo speed is unknown, defaulting to 1000 [ 825.097717][T12651] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 826.590043][ T28] kauditd_printk_skb: 16 callbacks suppressed [ 826.590061][ T28] audit: type=1326 audit(1760486228.937:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12636 comm="syz.3.1895" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc37558eec9 code=0x0 [ 827.548751][T12679] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 829.713860][T12704] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 829.735797][T12694] lo speed is unknown, defaulting to 1000 [ 829.793671][T12694] lo speed is unknown, defaulting to 1000 [ 830.400536][ T28] audit: type=1326 audit(1760486232.747:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12693 comm="syz.0.1912" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f182bb8eec9 code=0x0 [ 831.201643][T12718] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1916'. [ 833.422867][T12754] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 834.817998][T12757] lo speed is unknown, defaulting to 1000 [ 834.824920][T12757] lo speed is unknown, defaulting to 1000 [ 838.793208][ T967] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 838.865366][T12781] bridge0: port 2(bridge_slave_1) entered disabled state [ 838.873132][T12781] bridge0: port 1(bridge_slave_0) entered disabled state [ 839.003229][ T967] usb 4-1: Using ep0 maxpacket: 8 [ 839.122118][ T967] usb 4-1: config 0 has an invalid interface number: 110 but max is 0 [ 839.774263][ T967] usb 4-1: config 0 has no interface number 0 [ 839.780639][ T967] usb 4-1: config 0 interface 110 has no altsetting 0 [ 839.793263][ T967] usb 4-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=f6.56 [ 839.802378][ T967] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 839.810661][ T967] usb 4-1: Product: syz [ 839.814971][ T967] usb 4-1: Manufacturer: syz [ 839.819704][ T967] usb 4-1: SerialNumber: syz [ 839.830405][ T967] usb 4-1: config 0 descriptor?? [ 840.261896][T12793] netlink: 2384 bytes leftover after parsing attributes in process `syz.3.1935'. [ 840.298010][T12781] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 840.307590][T12781] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 840.316796][T12781] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 840.326110][T12781] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 840.367674][T12781] bond1: left allmulticast mode [ 840.511107][T12825] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1935'. [ 840.580920][ T23] usb 4-1: USB disconnect, device number 22 [ 840.750930][T12839] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 840.797477][T12840] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 842.854676][ T5862] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 842.940044][T12871] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 842.986888][T12873] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1953'. [ 843.006230][T12873] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1953'. [ 843.055997][ T5862] usb 4-1: Using ep0 maxpacket: 16 [ 844.495090][T12890] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 844.823711][T12895] 9pnet_virtio: no channels available for device syz [ 844.916722][T12897] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 845.919697][ T5862] usb 4-1: unable to get BOS descriptor or descriptor too short [ 845.960440][ T5862] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 845.987442][ T5862] usb 4-1: can't read configurations, error -71 [ 846.586037][T12922] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 846.715989][T12923] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1968'. [ 846.765354][T12923] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1968'. [ 846.795260][T12923] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1968'. [ 847.068781][T12933] veth0: entered allmulticast mode [ 847.986367][T12923] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1968'. [ 848.801321][T12945] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 849.582392][T12952] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 850.555668][T12971] fuse: Bad value for 'fd' [ 851.269878][T12977] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 851.836562][T12986] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 852.579222][T12997] overlayfs: failed to clone upperpath [ 854.388370][T13009] overlayfs: failed to clone upperpath [ 855.038620][T13018] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 855.563526][T13027] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 856.238518][T13038] bridge_slave_0: left allmulticast mode [ 856.255924][T13038] bridge_slave_0: left promiscuous mode [ 856.276087][T13038] bridge0: port 1(bridge_slave_0) entered disabled state [ 857.285422][T13038] bridge_slave_1: left allmulticast mode [ 857.291345][T13038] bridge_slave_1: left promiscuous mode [ 857.443445][T13038] bridge0: port 2(bridge_slave_1) entered disabled state [ 857.724248][T13038] bond0: (slave bond_slave_0): Releasing backup interface [ 857.758387][T13038] bond0: (slave bond_slave_1): Releasing backup interface [ 857.882612][T13057] netlink: 1296 bytes leftover after parsing attributes in process `syz.1.2013'. [ 858.448751][T13038] team0: Port device team_slave_0 removed [ 858.475034][T13038] team0: Port device team_slave_1 removed [ 858.978403][T13060] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 860.901439][T13085] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 863.151535][T13109] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 867.144243][T13131] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2034'. [ 867.351110][T13133] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 869.652816][T13157] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 870.227107][T13161] netlink: 'syz.1.2042': attribute type 2 has an invalid length. [ 870.249059][T13161] netlink: 'syz.1.2042': attribute type 1 has an invalid length. [ 870.268567][T13161] netlink: 'syz.1.2042': attribute type 1 has an invalid length. [ 870.535231][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.543639][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.647230][T13171] netlink: 1296 bytes leftover after parsing attributes in process `syz.2.2044'. [ 871.866710][T13187] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 873.313660][T13207] netlink: 1296 bytes leftover after parsing attributes in process `syz.1.2054'. [ 873.453607][ T7262] IPVS: ip_vs_send_async error -19 [ 875.045839][T13220] tipc: Can't bind to reserved service type 0 [ 875.096575][T13223] tmpfs: Bad value for 'grpquota_block_hardlimit' [ 876.684716][T13212] lo speed is unknown, defaulting to 1000 [ 876.695292][T13212] lo speed is unknown, defaulting to 1000 [ 877.345933][T13247] netlink: 1296 bytes leftover after parsing attributes in process `syz.0.2067'. [ 879.270227][T13260] tmpfs: Bad value for 'grpquota_block_hardlimit' [ 880.780247][T13282] netlink: 1296 bytes leftover after parsing attributes in process `syz.0.2077'. [ 881.550014][T13283] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2078'. [ 883.408334][T13291] netlink: 2384 bytes leftover after parsing attributes in process `syz.1.2078'. [ 888.635189][T13327] netlink: 'syz.2.2089': attribute type 2 has an invalid length. [ 889.083839][T13327] netlink: 'syz.2.2089': attribute type 1 has an invalid length. [ 889.109754][T13327] netlink: 'syz.2.2089': attribute type 1 has an invalid length. [ 893.465696][T13368] netlink: 1296 bytes leftover after parsing attributes in process `syz.3.2098'. [ 896.803154][T13400] netlink: 1296 bytes leftover after parsing attributes in process `syz.3.2107'. [ 898.363436][T13420] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2115'. [ 898.382297][T13420] netlink: 1296 bytes leftover after parsing attributes in process `syz.0.2115'. [ 899.392280][T13426] netlink: 1296 bytes leftover after parsing attributes in process `syz.3.2116'. [ 900.197009][T13451] lo speed is unknown, defaulting to 1000 [ 900.219710][T13451] lo speed is unknown, defaulting to 1000 [ 901.695270][T13461] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 902.167470][T13469] netlink: 1296 bytes leftover after parsing attributes in process `syz.1.2128'. [ 904.594249][T13487] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2133'. [ 905.905006][T13496] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 908.249468][T13529] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 908.865462][T12828] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 909.083372][T12828] usb 4-1: Using ep0 maxpacket: 8 [ 909.106751][T12828] usb 4-1: config 0 has an invalid interface number: 110 but max is 0 [ 909.140128][T12828] usb 4-1: config 0 has no interface number 0 [ 909.169998][T12828] usb 4-1: config 0 interface 110 has no altsetting 0 [ 909.191054][T12828] usb 4-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=f6.56 [ 909.200941][T12828] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 909.211619][T12828] usb 4-1: Product: syz [ 909.218559][T12828] usb 4-1: Manufacturer: syz [ 909.224650][T12828] usb 4-1: SerialNumber: syz [ 909.241659][T12828] usb 4-1: config 0 descriptor?? [ 909.623305][T13527] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2146'. [ 909.651406][T13527] netlink: 2384 bytes leftover after parsing attributes in process `syz.3.2146'. [ 910.006421][T12816] usb 4-1: USB disconnect, device number 25 [ 910.923166][T13559] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2153'. [ 910.943415][T13559] netlink: 1296 bytes leftover after parsing attributes in process `syz.3.2153'. [ 911.992257][T13564] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 912.228078][T12828] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 912.449463][T12828] usb 4-1: unable to get BOS descriptor or descriptor too short [ 912.465947][T12828] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 912.473850][T12828] usb 4-1: can't read configurations, error -71 [ 913.424718][T13591] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2163'. [ 913.444285][T13591] netlink: 1296 bytes leftover after parsing attributes in process `syz.3.2163'. [ 914.154141][T13596] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 916.567354][T13634] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2176'. [ 916.585655][T13634] netlink: 1296 bytes leftover after parsing attributes in process `syz.1.2176'. [ 917.790854][ T28] audit: type=1326 audit(1760486319.887:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13640 comm="syz.1.2177" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f91ea78eec9 code=0x0 [ 917.976491][T13648] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2177'. [ 919.756866][T13668] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2185'. [ 919.775036][T13668] netlink: 1296 bytes leftover after parsing attributes in process `syz.1.2185'. [ 920.989843][T13671] lo speed is unknown, defaulting to 1000 [ 921.009240][T13671] lo speed is unknown, defaulting to 1000 [ 921.572884][T13685] 9pnet_virtio: no channels available for device syz [ 922.679940][T13704] netlink: 1296 bytes leftover after parsing attributes in process `syz.1.2195'. [ 924.061653][T13713] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2199'. [ 924.250403][T13717] lo speed is unknown, defaulting to 1000 [ 924.294796][T13717] lo speed is unknown, defaulting to 1000 [ 924.604627][T13727] netlink: 'syz.3.2202': attribute type 6 has an invalid length. [ 924.612826][T13727] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2202'. [ 926.438325][T13742] wireguard: wg1: Could not create IPv4 socket [ 927.297693][T13775] lo speed is unknown, defaulting to 1000 [ 927.327358][T13775] lo speed is unknown, defaulting to 1000 [ 929.414301][T13798] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2222'. [ 929.463458][T13798] netlink: 2384 bytes leftover after parsing attributes in process `syz.0.2222'. [ 929.551762][T13805] fuse: Bad value for 'fd' [ 932.003751][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 932.010712][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 934.653264][ T7262] IPVS: ip_vs_send_async error -19 [ 935.336223][T13859] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2241'. [ 935.369348][T13859] netlink: 2384 bytes leftover after parsing attributes in process `syz.0.2241'. [ 935.392077][T13863] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 935.406729][T13863] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 935.417788][T13863] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 935.433662][T13863] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 935.453804][T13863] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 935.464506][T13863] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 935.941473][T13861] lo speed is unknown, defaulting to 1000 [ 935.950809][T13861] lo speed is unknown, defaulting to 1000 [ 936.713150][T13884] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2247'. [ 936.737358][T13884] netlink: 1296 bytes leftover after parsing attributes in process `syz.3.2247'. [ 937.553597][T13863] Bluetooth: hci3: command tx timeout [ 937.899273][T13861] chnl_net:caif_netlink_parms(): no params data found [ 938.196229][T13906] netlink: 'syz.3.2249': attribute type 4 has an invalid length. [ 939.030194][T13861] bridge0: port 1(bridge_slave_0) entered blocking state [ 939.037743][T13861] bridge0: port 1(bridge_slave_0) entered disabled state [ 939.053522][T13861] bridge_slave_0: entered allmulticast mode [ 939.074973][ T42] IPVS: stopping master sync thread 7262 ... [ 939.084808][T13861] bridge_slave_0: entered promiscuous mode [ 939.108121][T13861] bridge0: port 2(bridge_slave_1) entered blocking state [ 939.116137][T13861] bridge0: port 2(bridge_slave_1) entered disabled state [ 939.126349][T13861] bridge_slave_1: entered allmulticast mode [ 939.134520][T13861] bridge_slave_1: entered promiscuous mode [ 939.159571][T13923] 9pnet_fd: Insufficient options for proto=fd [ 939.559261][T13861] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 939.613497][T13863] Bluetooth: hci3: command tx timeout [ 939.702255][T13861] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 940.178307][T13938] hub 9-0:1.0: USB hub found [ 940.185348][T13938] hub 9-0:1.0: 1 port detected [ 941.201406][ T42] hsr_slave_0: left promiscuous mode [ 941.217151][ T42] hsr_slave_1: left promiscuous mode [ 941.693228][T13863] Bluetooth: hci3: command tx timeout [ 942.152112][ T42] bond1 (unregistering): Released all slaves [ 943.773246][T13863] Bluetooth: hci3: command tx timeout [ 943.932208][ T42] bond0 (unregistering): Released all slaves [ 944.095734][T13861] team0: Port device team_slave_0 added [ 944.102082][T13930] lo speed is unknown, defaulting to 1000 [ 944.102615][T13954] wireguard: wg1: Could not create IPv4 socket [ 944.124947][T13930] lo speed is unknown, defaulting to 1000 [ 944.162254][T13861] team0: Port device team_slave_1 added [ 944.319931][T13861] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 944.328320][T13861] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 944.372619][T13861] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 944.426388][T13861] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 944.458070][T13861] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 944.504440][T13861] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 944.640371][T13971] netlink: 1296 bytes leftover after parsing attributes in process `syz.3.2261'. [ 945.135967][T13861] hsr_slave_0: entered promiscuous mode [ 945.194287][T13861] hsr_slave_1: entered promiscuous mode [ 945.867111][ T42] IPVS: stop unused estimator thread 0... [ 946.802114][T13997] lo speed is unknown, defaulting to 1000 [ 946.814046][T13997] lo speed is unknown, defaulting to 1000 [ 948.971678][T13861] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 949.082373][T13861] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 949.151131][T13861] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 949.243135][T13861] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 949.792238][T13861] 8021q: adding VLAN 0 to HW filter on device bond0 [ 949.915995][T13861] 8021q: adding VLAN 0 to HW filter on device team0 [ 949.929585][ T8973] bridge0: port 1(bridge_slave_0) entered blocking state [ 949.936819][ T8973] bridge0: port 1(bridge_slave_0) entered forwarding state [ 949.985266][ T8964] bridge0: port 2(bridge_slave_1) entered blocking state [ 949.992467][ T8964] bridge0: port 2(bridge_slave_1) entered forwarding state [ 950.085244][T13861] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 951.551146][T13861] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 951.660187][T13861] veth0_vlan: entered promiscuous mode [ 951.708596][T13861] veth1_vlan: entered promiscuous mode [ 952.061500][T13861] veth0_macvtap: entered promiscuous mode [ 952.312517][T13861] veth1_macvtap: entered promiscuous mode [ 952.358307][T13861] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 952.409414][T13861] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 952.457807][T13861] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 952.523254][T13861] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 952.535668][T13861] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 952.558167][T13861] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 952.919047][ T8970] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 952.958395][ T8970] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 953.044057][T14095] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2284'. [ 953.325824][ T8963] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 953.351215][ T8963] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 955.851588][T14168] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2295'. [ 959.369974][T14231] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2311'. [ 959.415824][T14231] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2311'. [ 960.625437][T14261] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2317'. [ 960.725560][T14261] netlink: 2384 bytes leftover after parsing attributes in process `syz.1.2317'. [ 961.357995][T10014] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 961.368057][T10014] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 961.381693][T10014] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 961.399702][T10014] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 961.410635][T10014] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 961.419692][T10014] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 961.490907][T14276] lo speed is unknown, defaulting to 1000 [ 961.498412][T14276] lo speed is unknown, defaulting to 1000 [ 961.892657][T14276] chnl_net:caif_netlink_parms(): no params data found [ 962.033830][T14294] netlink: 1296 bytes leftover after parsing attributes in process `syz.2.2321'. [ 962.682525][T14289] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 962.896857][T14276] bridge0: port 1(bridge_slave_0) entered blocking state [ 962.913391][T14276] bridge0: port 1(bridge_slave_0) entered disabled state [ 962.971570][T14276] bridge_slave_0: entered allmulticast mode [ 963.003313][T14276] bridge_slave_0: entered promiscuous mode [ 963.047088][T14276] bridge0: port 2(bridge_slave_1) entered blocking state [ 963.064353][T14276] bridge0: port 2(bridge_slave_1) entered disabled state [ 963.083279][T14276] bridge_slave_1: entered allmulticast mode [ 963.091926][T14276] bridge_slave_1: entered promiscuous mode [ 963.093599][T12828] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 963.227277][T14276] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 963.245581][T14276] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 963.316425][T12828] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 963.334590][T12828] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 963.356388][T14276] team0: Port device team_slave_0 added [ 963.383162][T12828] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 963.389112][T14276] team0: Port device team_slave_1 added [ 963.402618][T12828] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 963.455811][T14300] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 963.465707][T10014] Bluetooth: hci2: command tx timeout [ 963.506173][T12828] usb 3-1: Quirk or no altest; falling back to MIDI 1.0 [ 963.569880][T14276] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 963.623287][T14276] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 963.649320][ C1] vkms_vblank_simulate: vblank timer overrun [ 963.741960][T14276] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 963.765744][T12828] usb 3-1: USB disconnect, device number 8 [ 963.831952][T14276] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 963.844341][T14276] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 963.870276][ C1] vkms_vblank_simulate: vblank timer overrun [ 963.913082][T14276] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 964.021804][T14276] hsr_slave_0: entered promiscuous mode [ 964.044511][T14276] hsr_slave_1: entered promiscuous mode [ 964.053427][T14276] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 964.061041][T14276] Cannot create hsr debugfs directory [ 964.450321][T14276] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 964.738940][T14276] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 964.889525][T14276] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 965.048941][T14276] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 965.347865][T14276] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 965.380244][T14276] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 965.403782][T14276] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 965.431244][T14276] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 965.549768][T10014] Bluetooth: hci2: command tx timeout [ 965.692552][T14276] 8021q: adding VLAN 0 to HW filter on device bond0 [ 965.785495][T14276] 8021q: adding VLAN 0 to HW filter on device team0 [ 965.819726][T13940] bridge0: port 1(bridge_slave_0) entered blocking state [ 965.827473][T13940] bridge0: port 1(bridge_slave_0) entered forwarding state [ 965.889828][T13940] bridge0: port 2(bridge_slave_1) entered blocking state [ 965.897195][T13940] bridge0: port 2(bridge_slave_1) entered forwarding state [ 966.141673][T14337] netlink: 1296 bytes leftover after parsing attributes in process `syz.2.2331'. [ 967.162106][T14276] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 967.286500][T14276] veth0_vlan: entered promiscuous mode [ 967.327600][T14276] veth1_vlan: entered promiscuous mode [ 967.408196][T14276] veth0_macvtap: entered promiscuous mode [ 967.454306][T14276] veth1_macvtap: entered promiscuous mode [ 967.507232][T14276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 967.528217][T14276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 967.557074][T14276] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 967.582558][T14276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 967.608033][T14276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 967.623320][T10014] Bluetooth: hci2: command tx timeout [ 967.642631][T14276] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 967.684823][T14276] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 967.705212][T14276] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 967.723131][T14276] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 967.742295][T14276] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 967.991493][ T8963] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 968.025670][ T8963] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 968.089910][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 968.109592][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 968.315732][T14343] fuse: Bad value for 'fd' [ 970.051380][T10014] Bluetooth: hci2: command tx timeout [ 970.187275][T14351] lo speed is unknown, defaulting to 1000 [ 970.222352][T14351] lo speed is unknown, defaulting to 1000 [ 970.258489][T14363] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2337'. [ 970.415672][T14365] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2337'. [ 970.855527][T12828] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 971.054522][T12828] usb 3-1: Using ep0 maxpacket: 8 [ 971.081810][T12828] usb 3-1: config 0 has an invalid interface number: 110 but max is 0 [ 971.102408][T12828] usb 3-1: config 0 has no interface number 0 [ 971.118354][T12828] usb 3-1: config 0 interface 110 has no altsetting 0 [ 971.138746][T12828] usb 3-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=f6.56 [ 971.153291][T12828] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 971.161894][T12828] usb 3-1: Product: syz [ 971.167686][T12828] usb 3-1: Manufacturer: syz [ 971.172565][T12828] usb 3-1: SerialNumber: syz [ 971.182244][T12828] usb 3-1: config 0 descriptor?? [ 971.409963][T14367] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2338'. [ 971.482336][T14378] netlink: 2384 bytes leftover after parsing attributes in process `syz.2.2338'. [ 971.542811][T12810] usb 3-1: USB disconnect, device number 9 [ 972.365991][T14389] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2345'. [ 972.405008][T14389] bridge_slave_1: left allmulticast mode [ 972.414257][T14389] bridge_slave_1: left promiscuous mode [ 972.457186][T14389] bridge0: port 2(bridge_slave_1) entered disabled state [ 972.664457][T14389] bridge_slave_0: left allmulticast mode [ 972.692844][T14389] bridge_slave_0: left promiscuous mode [ 972.716609][T14389] bridge0: port 1(bridge_slave_0) entered disabled state [ 973.290572][T14396] bridge_slave_0: left allmulticast mode [ 973.303413][T14396] bridge_slave_0: left promiscuous mode [ 973.309437][T14396] bridge0: port 1(bridge_slave_0) entered disabled state [ 974.134356][T14407] fuse: Unknown parameter 'u00000000000000000000' [ 975.031885][T14396] bridge_slave_1: left allmulticast mode [ 975.043460][T14396] bridge_slave_1: left promiscuous mode [ 975.056910][T14396] bridge0: port 2(bridge_slave_1) entered disabled state [ 975.080937][T14396] bond0: (slave bond_slave_0): Releasing backup interface [ 975.109677][T14396] bond0: (slave bond_slave_1): Releasing backup interface [ 975.237023][T14396] team0: Port device team_slave_0 removed [ 975.421407][T14396] team0: Port device team_slave_1 removed [ 975.451538][T14396] bond0: (slave wlan1): Releasing backup interface [ 975.668045][T14411] lo speed is unknown, defaulting to 1000 [ 975.676920][T14411] lo speed is unknown, defaulting to 1000 [ 975.816123][T14421] netlink: 1296 bytes leftover after parsing attributes in process `syz.1.2351'. [ 976.911718][T14428] netlink: 1296 bytes leftover after parsing attributes in process `syz.3.2353'. [ 979.085060][T14454] netlink: 1296 bytes leftover after parsing attributes in process `syz.1.2361'. [ 979.848422][T14460] netlink: 1296 bytes leftover after parsing attributes in process `syz.2.2363'. [ 981.290571][T14474] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2368'. [ 981.343220][T14477] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2368'. [ 981.450875][T14476] lo speed is unknown, defaulting to 1000 [ 981.540605][T14476] lo speed is unknown, defaulting to 1000 [ 982.405369][T14491] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2370'. [ 982.716201][T14502] fuse: Bad value for 'fd' [ 982.991083][T12826] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 984.242901][T12826] usb 3-1: Using ep0 maxpacket: 32 [ 984.333319][T12826] usb 3-1: config 0 has an invalid descriptor of length 13, skipping remainder of the config [ 984.376802][T12826] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 984.618185][T12826] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 985.175495][T12826] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 985.416105][T12826] usb 3-1: Product: syz [ 985.420350][T12826] usb 3-1: Manufacturer: syz [ 985.426017][T12826] usb 3-1: SerialNumber: syz [ 985.435616][T12826] usb 3-1: config 0 descriptor?? [ 986.791643][T12826] usb 3-1: can't set config #0, error -71 [ 986.823564][T12826] usb 3-1: USB disconnect, device number 10 [ 990.219695][T14549] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2387'. [ 990.821711][T14545] bridge_slave_0: left allmulticast mode [ 990.827821][T14545] bridge_slave_0: left promiscuous mode [ 990.833974][T14545] bridge0: port 1(bridge_slave_0) entered disabled state [ 991.502991][T14545] bridge_slave_1: left allmulticast mode [ 991.508755][T14545] bridge_slave_1: left promiscuous mode [ 991.514952][T14545] bridge0: port 2(bridge_slave_1) entered disabled state [ 991.540406][T14545] bond0: (slave bond_slave_0): Releasing backup interface [ 991.658243][T14545] bond0: (slave bond_slave_1): Releasing backup interface [ 991.708429][T14545] team0: Port device team_slave_0 removed [ 991.742745][T14545] team0: Port device team_slave_1 removed [ 991.770759][T14545] bond0: (slave wlan1): Releasing backup interface [ 991.808528][T14549] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2387'. [ 992.007869][T14564] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2389'. [ 992.050856][T12817] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 992.360487][T14570] netlink: 1296 bytes leftover after parsing attributes in process `syz.3.2390'. [ 992.423207][T12817] usb 3-1: Using ep0 maxpacket: 32 [ 993.114148][T12817] usb 3-1: config 0 has an invalid descriptor of length 13, skipping remainder of the config [ 993.143558][T12817] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 993.173267][T12817] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 993.186552][T12817] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 993.203592][T12817] usb 3-1: Product: syz [ 993.223182][T12817] usb 3-1: Manufacturer: syz [ 993.227934][T12817] usb 3-1: SerialNumber: syz [ 993.274017][T12817] usb 3-1: config 0 descriptor?? [ 993.304310][T14572] bond1: entered promiscuous mode [ 993.379769][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.393238][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.405906][T14574] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 993.477598][T14574] bond1: (slave macvlan2): Enslaving as an active interface with a down link [ 993.550046][T14576] netlink: 'syz.3.2392': attribute type 10 has an invalid length. [ 993.597769][T14576] bridge0: entered promiscuous mode [ 993.689723][T14576] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 993.713623][T14574] (null): rxe_set_mtu: Set mtu to 1024 [ 993.860975][T14572] bridge0: port 1(syz_tun) entered blocking state [ 993.880339][T14572] bridge0: port 1(syz_tun) entered disabled state [ 993.908739][T14572] syz_tun: entered allmulticast mode [ 993.996624][T14572] syz_tun: entered promiscuous mode [ 994.037154][T14572] bridge0: port 1(syz_tun) entered blocking state [ 994.045102][T14572] bridge0: port 1(syz_tun) entered forwarding state [ 994.215340][T14574] __ib_cache_gid_add: unable to add gid fe80:0000:0000:0000:a8aa:aaff:feaa:aa0c error=-28 [ 994.300274][T14574] __ib_cache_gid_add: unable to add gid fe80:0000:0000:0000:e824:69ff:fe2b:d773 error=-28 [ 994.404451][T13863] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 994.427908][T13863] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 994.437027][T13863] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 994.445737][T13863] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 994.453776][T13863] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 994.462123][T13863] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 994.662277][T14587] lo speed is unknown, defaulting to 1000 [ 994.679843][T14587] lo speed is unknown, defaulting to 1000 [ 994.878478][T14574] infiniband syz1: set active [ 994.883629][T14574] infiniband syz1: added syz_tun [ 994.890693][T14574] syz1: rxe_create_cq: returned err = -12 [ 994.898102][T14574] infiniband syz1: Couldn't create ib_mad CQ [ 994.906294][T14574] infiniband syz1: Couldn't open port 1 [ 994.947486][T14574] RDS/IB: syz1: added [ 994.956433][T14574] smc: adding ib device syz1 with port count 1 [ 994.963575][T14574] smc: ib device syz1 port 1 has pnetid [ 995.499334][T14587] chnl_net:caif_netlink_parms(): no params data found [ 995.649905][ T23] usb 3-1: USB disconnect, device number 11 [ 995.868884][T14587] bridge0: port 1(bridge_slave_0) entered blocking state [ 995.881154][T14587] bridge0: port 1(bridge_slave_0) entered disabled state [ 995.891932][T14587] bridge_slave_0: entered allmulticast mode [ 995.949572][T14587] bridge_slave_0: entered promiscuous mode [ 996.394518][T14587] bridge0: port 2(bridge_slave_1) entered blocking state [ 996.478104][T14587] bridge0: port 2(bridge_slave_1) entered disabled state [ 996.493296][T10014] Bluetooth: hci0: command tx timeout [ 996.545185][T14587] bridge_slave_1: entered allmulticast mode [ 996.681398][T14587] bridge_slave_1: entered promiscuous mode [ 996.938192][T14587] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 996.999782][T14587] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 997.147439][T14587] team0: Port device team_slave_0 added [ 997.157615][T14587] team0: Port device team_slave_1 added [ 997.358292][T14587] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 997.383161][T14587] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 997.491898][T14587] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 997.505336][T14587] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 997.512435][T14587] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 997.539228][T14587] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 997.678548][T14587] hsr_slave_0: entered promiscuous mode [ 997.714977][T14587] hsr_slave_1: entered promiscuous mode [ 997.728543][T14587] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 997.746022][T14587] Cannot create hsr debugfs directory [ 998.331422][T14625] netlink: 1296 bytes leftover after parsing attributes in process `syz.2.2402'. [ 998.583351][T10014] Bluetooth: hci0: command tx timeout [ 999.158126][T14587] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 999.594711][T14587] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 999.909695][T14587] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 999.928715][T14635] netlink: 'syz.0.2406': attribute type 2 has an invalid length. [ 1000.086750][T14587] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1000.247143][T14640] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2405'. [ 1000.653255][T10014] Bluetooth: hci0: command tx timeout [ 1000.783431][T12827] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 1001.066738][T14646] bond0: (slave bond_slave_0): Releasing backup interface [ 1001.083173][T12827] usb 4-1: Using ep0 maxpacket: 32 [ 1001.091908][T12827] usb 4-1: config 0 has an invalid descriptor of length 13, skipping remainder of the config [ 1001.108063][T12827] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1001.125549][T12827] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1001.140539][T12827] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1001.148619][T12827] usb 4-1: Product: syz [ 1001.152813][T12827] usb 4-1: Manufacturer: syz [ 1001.157476][T12827] usb 4-1: SerialNumber: syz [ 1001.171784][T12827] usb 4-1: config 0 descriptor?? [ 1001.217789][T14646] bond0: (slave bond_slave_1): Releasing backup interface [ 1001.334139][T14646] team0: Port device team_slave_0 removed [ 1001.444652][T14646] team0: Port device team_slave_1 removed [ 1001.463400][T14646] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1001.504622][T14646] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1001.532491][T14646] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1001.566627][T14646] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1001.742976][T14587] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1001.769293][T14587] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1001.781942][T14587] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1001.829737][T14587] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1001.863268][T12827] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 1002.084138][T12827] usb 1-1: Using ep0 maxpacket: 8 [ 1002.086277][T14587] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1002.106896][T12827] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 1002.128736][T12827] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1002.135559][T14587] 8021q: adding VLAN 0 to HW filter on device team0 [ 1002.159030][T14357] bridge0: port 1(bridge_slave_0) entered blocking state [ 1002.166338][T14357] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1002.191595][ T8963] bridge0: port 2(bridge_slave_1) entered blocking state [ 1002.198841][ T8963] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1002.242776][T12827] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1002.287713][T12827] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1002.310871][T12827] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1002.346315][T12827] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1002.367556][T12827] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1002.646182][T12827] usb 1-1: GET_CAPABILITIES returned 0 [ 1002.685361][T12827] usbtmc 1-1:16.0: can't read capabilities [ 1002.733380][T10014] Bluetooth: hci0: command tx timeout [ 1002.899297][T12827] usb 4-1: USB disconnect, device number 28 [ 1002.933231][T14653] usbtmc 1-1:16.0: send_request_dev_dep_msg_in returned -90 [ 1002.996271][T12810] usb 1-1: USB disconnect, device number 4 [ 1003.205931][T14587] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1003.407652][T14587] veth0_vlan: entered promiscuous mode [ 1003.465628][T14587] veth1_vlan: entered promiscuous mode [ 1003.522811][T14587] veth0_macvtap: entered promiscuous mode [ 1003.541949][T14587] veth1_macvtap: entered promiscuous mode [ 1003.575428][T14587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1003.587792][T14587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1003.602447][T14587] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1003.628967][T14587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1003.642226][T14587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1003.660631][T14587] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1003.679742][T14587] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1003.689004][T14587] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1003.699686][T14587] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1003.708968][T14587] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1004.112188][ T8970] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1004.156858][ T8970] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1004.189523][T14678] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2417'. [ 1004.268378][T14357] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1004.315027][T14357] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1004.323119][T14678] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2417'. [ 1004.824564][T14689] bridge_slave_0: left allmulticast mode [ 1004.830336][T14689] bridge_slave_0: left promiscuous mode [ 1004.837612][T14689] bridge0: port 1(bridge_slave_0) entered disabled state [ 1004.962886][T14689] bridge_slave_1: left allmulticast mode [ 1004.968973][T14689] bridge_slave_1: left promiscuous mode [ 1004.987628][T14689] bridge0: port 2(bridge_slave_1) entered disabled state [ 1005.061832][T14689] bond0: (slave bond_slave_0): Releasing backup interface [ 1005.196351][T14689] bond0: (slave bond_slave_1): Releasing backup interface [ 1005.345294][T14689] team0: Port device team_slave_0 removed [ 1005.523955][T14689] team0: Port device team_slave_1 removed [ 1005.583211][T14689] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1005.623487][T14689] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1005.639525][T14689] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1005.647741][T14689] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1005.827232][T14698] mac80211_hwsim hwsim14 wlan0: entered allmulticast mode [ 1006.000806][T14712] netlink: 'syz.3.2425': attribute type 8 has an invalid length. [ 1006.797367][T14698] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 1008.315820][T14736] netdevsim netdevsim1: Direct firmware load for @ failed with error -2 [ 1008.326704][T14736] netdevsim netdevsim1: Falling back to sysfs fallback for: @ [ 1008.376433][T14739] netlink: 'syz.0.2433': attribute type 1 has an invalid length. [ 1010.481127][T14773] netlink: 'syz.0.2444': attribute type 2 has an invalid length. [ 1010.498300][T14773] netlink: 'syz.0.2444': attribute type 1 has an invalid length. [ 1011.885002][T14796] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2448'. [ 1012.059670][T14803] netlink: 'syz.0.2455': attribute type 2 has an invalid length. [ 1012.069069][T14803] netlink: 'syz.0.2455': attribute type 1 has an invalid length. [ 1013.046355][T14825] netlink: 'syz.0.2464': attribute type 2 has an invalid length. [ 1013.063191][T14825] netlink: 'syz.0.2464': attribute type 1 has an invalid length. [ 1013.569572][T14831] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2465'. [ 1013.663194][T12828] usb 3-1: new full-speed USB device number 12 using dummy_hcd [ 1013.843153][T12810] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 1013.871380][T12828] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1013.887099][T12828] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1013.912217][T12828] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1013.922246][T12828] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1013.932718][T12828] usb 3-1: Product: syz [ 1013.937452][T12828] usb 3-1: Manufacturer: syz [ 1013.942950][T12828] usb 3-1: SerialNumber: syz [ 1014.073645][T12810] usb 1-1: Using ep0 maxpacket: 32 [ 1014.101442][T12810] usb 1-1: config 0 has an invalid descriptor of length 13, skipping remainder of the config [ 1014.117836][T12810] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1014.275459][T12810] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1014.301182][T12810] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1014.313737][T12828] usb 3-1: skipping empty audio interface (v1) [ 1014.343385][T12810] usb 1-1: Product: syz [ 1014.347622][T12810] usb 1-1: Manufacturer: syz [ 1014.385917][T12810] usb 1-1: SerialNumber: syz [ 1014.418878][T12810] usb 1-1: config 0 descriptor?? [ 1014.434048][T12828] snd-usb-audio: probe of 3-1:1.0 failed with error -22 [ 1014.476650][T12828] usb 3-1: USB disconnect, device number 12 [ 1014.572364][T14255] udevd[14255]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1015.731067][T14848] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2469'. [ 1018.916504][T12828] usb 1-1: USB disconnect, device number 5 [ 1018.953985][T14840] delete_channel: no stack [ 1020.489018][T14881] netlink: 1296 bytes leftover after parsing attributes in process `syz.0.2480'. [ 1020.563255][T12815] usb 4-1: new full-speed USB device number 29 using dummy_hcd [ 1020.905629][T12815] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1021.038675][T12815] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1021.119419][T12815] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1021.155163][T12815] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1021.207636][T12815] usb 4-1: Product: syz [ 1021.211875][T12815] usb 4-1: Manufacturer: syz [ 1021.264609][T12815] usb 4-1: SerialNumber: syz [ 1021.444951][T14885] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2481'. [ 1022.471936][T12815] usb 4-1: skipping empty audio interface (v1) [ 1022.550942][T12815] snd-usb-audio: probe of 4-1:1.0 failed with error -22 [ 1022.607213][T12815] usb 4-1: USB disconnect, device number 29 [ 1022.642950][T14255] udevd[14255]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1024.677499][T14915] netlink: 1296 bytes leftover after parsing attributes in process `syz.2.2489'. [ 1025.415248][T14920] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2492'. [ 1028.575050][T12809] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 1028.975871][T12809] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1029.001541][T12809] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1029.100208][T14956] netlink: 1296 bytes leftover after parsing attributes in process `syz.0.2502'. [ 1029.582513][T14957] wireguard: wg1: Could not create IPv4 socket [ 1029.741791][T12809] usb 2-1: string descriptor 0 read error: -71 [ 1029.758079][T12809] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1029.800043][T12809] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1029.927175][T12809] usb 2-1: can't set config #1, error -71 [ 1029.935128][T12809] usb 2-1: USB disconnect, device number 2 [ 1030.090956][T14255] udevd[14255]: setting mode of /dev/bus/usb/002/002 to 020664 failed: No such file or directory [ 1030.199272][T14255] udevd[14255]: setting owner of /dev/bus/usb/002/002 to uid=0, gid=0 failed: No such file or directory [ 1030.673836][T14972] netlink: 1296 bytes leftover after parsing attributes in process `syz.2.2506'. [ 1031.145793][T14979] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2509'. [ 1031.224576][T14983] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2509'. [ 1031.942708][T14983] Can't find ip_set type [ 1034.883132][T12815] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 1035.267143][T12815] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1036.052601][T12815] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1036.213513][T12815] usb 1-1: string descriptor 0 read error: -71 [ 1036.236164][T12815] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1036.250286][T12815] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1036.279800][T12815] usb 1-1: can't set config #1, error -71 [ 1036.305823][T12815] usb 1-1: USB disconnect, device number 6 [ 1037.410188][T15042] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2522'. [ 1037.493712][T15046] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2522'. [ 1038.373262][T12815] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 1038.923243][T12815] usb 1-1: Using ep0 maxpacket: 8 [ 1038.940540][T12815] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 1038.974355][T12815] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1039.003145][T12815] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1039.030149][T12815] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1039.057729][T12815] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1039.105966][T12815] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1039.168264][T12815] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1039.270519][T15068] bridge_slave_0: left allmulticast mode [ 1039.382845][T15068] bridge_slave_0: left promiscuous mode [ 1039.389235][T15068] bridge0: port 1(bridge_slave_0) entered disabled state [ 1040.760208][T15068] bridge_slave_1: left allmulticast mode [ 1040.766294][T15068] bridge_slave_1: left promiscuous mode [ 1040.772203][T15068] bridge0: port 2(bridge_slave_1) entered disabled state [ 1041.394310][T15068] bond0: (slave bond_slave_0): Releasing backup interface [ 1041.539821][T12815] usb 1-1: usb_control_msg returned -32 [ 1041.565477][T15068] bond0: (slave bond_slave_1): Releasing backup interface [ 1041.568857][T12815] usbtmc 1-1:16.0: can't read capabilities [ 1041.706865][T15068] team0: Port device team_slave_0 removed [ 1041.776112][T15068] team0: Port device team_slave_1 removed [ 1041.793060][T15068] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1041.815113][T15068] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1041.828263][T15068] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1041.840048][T15068] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1041.866723][T15056] netlink: 'syz.0.2526': attribute type 3 has an invalid length. [ 1041.875117][T15056] netlink: 'syz.0.2526': attribute type 3 has an invalid length. [ 1041.928040][T15090] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 1043.827656][ C0] ------------[ cut here ]------------ [ 1043.833393][ C0] WARNING: CPU: 0 PID: 15104 at net/mac80211/tx.c:5031 __ieee80211_beacon_get+0x1233/0x1600 [ 1043.843590][ C0] Modules linked in: [ 1043.847544][ C0] CPU: 0 PID: 15104 Comm: syz.1.2538 Not tainted syzkaller #0 [ 1043.855174][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1043.865497][ C0] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600 [ 1043.871901][ C0] Code: 24 4c 89 e7 e8 9e 22 d4 f7 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 99 fd 96 f7 0f 0b e9 f6 f7 ff ff e8 8d fd 96 f7 <0f> 0b e9 48 fb ff ff e8 81 fd 96 f7 48 c7 c7 60 fd 23 8e 4c 89 e6 [ 1043.891664][ C0] RSP: 0000:ffffc900038f7958 EFLAGS: 00010246 [ 1043.897979][ C0] RAX: ffffffff89ee8d43 RBX: ffffffff89ee7b46 RCX: ffff888030f45a00 [ 1043.906218][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 1043.914288][ C0] RBP: 0000000000000000 R08: ffff888030f45a00 R09: 0000000000000003 [ 1043.922319][ C0] R10: 0000000000000007 R11: 0000000000000100 R12: ffff888020db63c0 [ 1043.930383][ C0] R13: dffffc0000000000 R14: ffff888020db68b0 R15: ffff8880767f6424 [ 1043.938440][ C0] FS: 0000555562f2b500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 1043.947462][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1043.954134][ C0] CR2: 0000001b3410cff8 CR3: 000000006a178000 CR4: 00000000003506f0 [ 1043.962225][ C0] Call Trace: [ 1043.965576][ C0] [ 1043.968555][ C0] ? __ieee80211_beacon_get+0x36/0x1600 [ 1043.974292][ C0] ieee80211_beacon_get_tim+0xb8/0x560 [ 1043.979893][ C0] ? ieee80211_beacon_get_template_ema_list+0x90/0x90 [ 1043.986854][ C0] mac80211_hwsim_beacon_tx+0x3c7/0x780 [ 1043.992474][ C0] __iterate_interfaces+0x243/0x500 [ 1043.997766][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 1044.004097][ C0] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 1044.011348][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 1044.017801][ C0] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 1044.024933][ C0] mac80211_hwsim_beacon+0xbb/0x1b0 [ 1044.030185][ C0] __hrtimer_run_queues+0x51e/0xc40 [ 1044.035484][ C0] ? hw_scan_work+0xf40/0xf40 [ 1044.040217][ C0] ? hrtimer_interrupt+0x9c0/0x9c0 [ 1044.045417][ C0] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 1044.051629][ C0] hrtimer_run_softirq+0x187/0x2b0 [ 1044.056844][ C0] handle_softirqs+0x280/0x820 [ 1044.061660][ C0] ? __irq_exit_rcu+0xc7/0x190 [ 1044.066534][ C0] ? do_softirq+0x180/0x180 [ 1044.071122][ C0] __irq_exit_rcu+0xc7/0x190 [ 1044.075807][ C0] ? irq_exit_rcu+0x20/0x20 [ 1044.080371][ C0] irq_exit_rcu+0x9/0x20 [ 1044.084704][ C0] sysvec_apic_timer_interrupt+0x56/0xc0 [ 1044.090397][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1044.096472][ C0] RIP: 0033:0x7f40976681cd [ 1044.100926][ C0] Code: f2 73 17 66 2e 0f 1f 84 00 00 00 00 00 48 8b 70 f8 48 83 e8 08 48 39 f2 72 f3 48 39 c3 73 3e 48 89 33 48 83 c3 08 48 8b 70 f8 <48> 89 08 48 8b 0b 49 8b 14 24 eb bf 48 39 f2 72 97 48 39 f0 73 46 [ 1044.120624][ C0] RSP: 002b:00007ffc1da28010 EFLAGS: 00000202 [ 1044.126787][ C0] RAX: 00007f40974d5728 RBX: 00007f40974d46f8 RCX: ffffffff81e9d6d8 [ 1044.134839][ C0] RDX: ffffffff81e9d6d8 RSI: ffffffff81e9d6d8 RDI: 00007f40974d5a20 [ 1044.142854][ C0] RBP: 00007f40974d4400 R08: 00007f40974d4f08 R09: 00007f40979d2000 [ 1044.150921][ C0] R10: 00007f40971ff008 R11: 0000000000000006 R12: 00007f40974d43f8 [ 1044.158970][ C0] R13: 0000000000000018 R14: ffffffffffffffff R15: 00007f40971ff008 [ 1044.167067][ C0] ? __check_object_size+0x2c8/0xa30 [ 1044.172591][ C0] ? __check_object_size+0x2c8/0xa30 [ 1044.178060][ C0] ? __check_object_size+0x2c8/0xa30 [ 1044.183451][ C0] [ 1044.186525][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1044.193934][ C0] CPU: 0 PID: 15104 Comm: syz.1.2538 Not tainted syzkaller #0 [ 1044.201426][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1044.211616][ C0] Call Trace: [ 1044.215000][ C0] [ 1044.217976][ C0] dump_stack_lvl+0x16c/0x230 [ 1044.222704][ C0] ? show_regs_print_info+0x20/0x20 [ 1044.227946][ C0] ? load_image+0x3b0/0x3b0 [ 1044.232511][ C0] panic+0x2c0/0x710 [ 1044.236569][ C0] ? bpf_jit_dump+0xd0/0xd0 [ 1044.241125][ C0] __warn+0x2e0/0x470 [ 1044.245156][ C0] ? __ieee80211_beacon_get+0x1233/0x1600 [ 1044.250943][ C0] ? __ieee80211_beacon_get+0x1233/0x1600 [ 1044.256706][ C0] report_bug+0x2be/0x4f0 [ 1044.261099][ C0] ? __ieee80211_beacon_get+0x1233/0x1600 [ 1044.266854][ C0] ? __ieee80211_beacon_get+0x1233/0x1600 [ 1044.272704][ C0] ? __ieee80211_beacon_get+0x1235/0x1600 [ 1044.278651][ C0] handle_bug+0xcf/0x120 [ 1044.282943][ C0] exc_invalid_op+0x1a/0x50 [ 1044.287494][ C0] asm_exc_invalid_op+0x1a/0x20 [ 1044.292386][ C0] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600 [ 1044.298767][ C0] Code: 24 4c 89 e7 e8 9e 22 d4 f7 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 99 fd 96 f7 0f 0b e9 f6 f7 ff ff e8 8d fd 96 f7 <0f> 0b e9 48 fb ff ff e8 81 fd 96 f7 48 c7 c7 60 fd 23 8e 4c 89 e6 [ 1044.318511][ C0] RSP: 0000:ffffc900038f7958 EFLAGS: 00010246 [ 1044.324620][ C0] RAX: ffffffff89ee8d43 RBX: ffffffff89ee7b46 RCX: ffff888030f45a00 [ 1044.332803][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 1044.340811][ C0] RBP: 0000000000000000 R08: ffff888030f45a00 R09: 0000000000000003 [ 1044.348832][ C0] R10: 0000000000000007 R11: 0000000000000100 R12: ffff888020db63c0 [ 1044.356844][ C0] R13: dffffc0000000000 R14: ffff888020db68b0 R15: ffff8880767f6424 [ 1044.364869][ C0] ? __ieee80211_beacon_get+0x36/0x1600 [ 1044.370546][ C0] ? __ieee80211_beacon_get+0x1233/0x1600 [ 1044.376316][ C0] ? __ieee80211_beacon_get+0x1233/0x1600 [ 1044.382073][ C0] ? __ieee80211_beacon_get+0x36/0x1600 [ 1044.387672][ C0] ieee80211_beacon_get_tim+0xb8/0x560 [ 1044.393260][ C0] ? ieee80211_beacon_get_template_ema_list+0x90/0x90 [ 1044.400073][ C0] mac80211_hwsim_beacon_tx+0x3c7/0x780 [ 1044.405676][ C0] __iterate_interfaces+0x243/0x500 [ 1044.410913][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 1044.417313][ C0] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 1044.424573][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 1044.430882][ C0] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 1044.437965][ C0] mac80211_hwsim_beacon+0xbb/0x1b0 [ 1044.443222][ C0] __hrtimer_run_queues+0x51e/0xc40 [ 1044.448478][ C0] ? hw_scan_work+0xf40/0xf40 [ 1044.453309][ C0] ? hrtimer_interrupt+0x9c0/0x9c0 [ 1044.458468][ C0] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 1044.464584][ C0] hrtimer_run_softirq+0x187/0x2b0 [ 1044.469754][ C0] handle_softirqs+0x280/0x820 [ 1044.474601][ C0] ? __irq_exit_rcu+0xc7/0x190 [ 1044.479582][ C0] ? do_softirq+0x180/0x180 [ 1044.484134][ C0] __irq_exit_rcu+0xc7/0x190 [ 1044.488770][ C0] ? irq_exit_rcu+0x20/0x20 [ 1044.493324][ C0] irq_exit_rcu+0x9/0x20 [ 1044.497602][ C0] sysvec_apic_timer_interrupt+0x56/0xc0 [ 1044.503282][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1044.509301][ C0] RIP: 0033:0x7f40976681cd [ 1044.513761][ C0] Code: f2 73 17 66 2e 0f 1f 84 00 00 00 00 00 48 8b 70 f8 48 83 e8 08 48 39 f2 72 f3 48 39 c3 73 3e 48 89 33 48 83 c3 08 48 8b 70 f8 <48> 89 08 48 8b 0b 49 8b 14 24 eb bf 48 39 f2 72 97 48 39 f0 73 46 [ 1044.533668][ C0] RSP: 002b:00007ffc1da28010 EFLAGS: 00000202 [ 1044.539800][ C0] RAX: 00007f40974d5728 RBX: 00007f40974d46f8 RCX: ffffffff81e9d6d8 [ 1044.547845][ C0] RDX: ffffffff81e9d6d8 RSI: ffffffff81e9d6d8 RDI: 00007f40974d5a20 [ 1044.556212][ C0] RBP: 00007f40974d4400 R08: 00007f40974d4f08 R09: 00007f40979d2000 [ 1044.564222][ C0] R10: 00007f40971ff008 R11: 0000000000000006 R12: 00007f40974d43f8 [ 1044.572229][ C0] R13: 0000000000000018 R14: ffffffffffffffff R15: 00007f40971ff008 [ 1044.580269][ C0] ? __check_object_size+0x2c8/0xa30 [ 1044.585614][ C0] ? __check_object_size+0x2c8/0xa30 [ 1044.590944][ C0] ? __check_object_size+0x2c8/0xa30 [ 1044.596282][ C0] [ 1044.599472][ C0] Kernel Offset: disabled [ 1044.603893][ C0] Rebooting in 86400 seconds..