last executing test programs: 5.715726826s ago: executing program 2 (id=2586): prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x401) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = syz_open_dev$vim2m(&(0x7f00000006c0), 0x0, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405668, &(0x7f0000000080)={0x0, 0x3, 0x2, "b800020000000000000000110fd3f1000000000000000000b700"}) preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r2 = socket(0x848000000015, 0x805, 0x0) connect$inet6(r2, &(0x7f0000000240)={0xa, 0x0, 0x0, @loopback}, 0x1c) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r3, 0x107, 0x13, &(0x7f0000000000)=0x8, 0x4) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x10}, 0x1c) sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000005c0)={@ifindex, 0xffffffffffffffff, 0x9, 0x0, 0xffffffffffffffff, @link_id}, 0x20) keyctl$dh_compute(0x17, &(0x7f0000000000), &(0x7f0000000200)=""/211, 0xd3, 0x0) prctl$PR_SET_MM(0x41555856, 0x2, &(0x7f0000ffb000/0x2000)=nil) r4 = fsopen(&(0x7f0000000040)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='source', &(0x7f0000000200)='#\n$)-.\x02\xcc\xd7\xb2f\xcdY\xb9\xc7\x9d\xb2a\r\xd7\xef\xc5\x112s\x88\n\x13:\xd6\xfa\xd5?\xc7\xfd&\x8d*\xbb|&#\xe9\xa3\'\x91>C\x1bV\x87\xeb\xfe\xda\x89\xb7}@\x8f\x97\x18\xce\x92\xc9\xa8\x1c\x9d\\C\xfeI%\xae\x8fKHq\x89\x83\xbb\x9dC\xd6Hy\xfao\x04\xa4\xb6\x88\xdb\xa1b\xae\xa7\x87\xcc\xc7\xa4\xdc\n=/o\xf3\x96\xaf\b1\x1b48\bu\x01\xab\x90Q\xe8r\xe7\r\'-06,\xff\x84x\'+\xd5\xd4?[e\x19\xa3\\J\xe9\x8a\xb9\xe495\x12B\x06\xe5\x8f\x83Vb\xf1\xbc\xb9E\x1a\x9bH$\x1f^\x9dX\xd0\xca\xcc\xc9\x86\xaa\xd0\x9c\xc0\x82\xabE\xcc{\xcd\xd3\xdb\x97v\x9c\xbd%fN1\xd4[\xa0\x0f\xdd.\x15\xf1)\xd6\xd8\x1cb\xc5\xd9=c\xb5<|+K*\x9f\x01u\xb0\xe4\x98_', 0xfeffffff00000000) set_mempolicy(0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 5.114094929s ago: executing program 4 (id=2591): r0 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @private0}, 0x1c) setsockopt$inet6_mreq(r0, 0x29, 0x14, &(0x7f0000000200)={@mcast1}, 0x14) r1 = socket$inet(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r6}, 0x10) connect$inet6(0xffffffffffffffff, &(0x7f0000000340)={0xa, 0x0, 0xfffffffe, @ipv4={'\x00', '\xff\xff', @multicast1}}, 0x1c) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r7, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) sendto$inet6(r7, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendto$inet6(r7, &(0x7f0000000080)='D', 0x1, 0x1, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x7ffffffff000) setsockopt$inet_opts(r1, 0x0, 0x4, 0x0, 0x0) getsockopt$inet_opts(r1, 0x0, 0x9, &(0x7f0000000000)=""/138, &(0x7f00000000c0)=0x8a) syz_emit_ethernet(0x66, &(0x7f0000000280)=ANY=[@ANYBLOB="bbd28ddcfbbbaaaaaaaaaa0086dd60003a0400033a00f58000000000000000000000000000bbff020000000000000000000000000001"], 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) 5.040914357s ago: executing program 2 (id=2593): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000040)) 3.283377667s ago: executing program 0 (id=2594): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r4 = dup2(r3, r3) close_range(r3, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f0000000140)={0x1, 0x0, [{0x48e}]}) mkdir(&(0x7f00000000c0)='./bus\x00', 0x2) r5 = open(&(0x7f0000000140)='./file1\x00', 0x280040, 0x180) r6 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r6, 0xc01064bd, &(0x7f0000000080)={0xffffffffffffffff, 0x60}) socket$xdp(0x2c, 0x3, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') linkat(r5, &(0x7f0000000100)='./file1\x00', r5, &(0x7f0000000240)='./file0\x00', 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x0, 0x0) renameat2(r7, 0x0, r7, &(0x7f0000000000)='./file0\x00', 0x0) 3.277806803s ago: executing program 4 (id=2595): r0 = socket$unix(0x1, 0x5, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r1, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 3.275116256s ago: executing program 2 (id=2596): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x64, 0x19, 0x1, 0x0, 0x0, {0x1d, 0xd601, 0x9}, [@nested={0x4d, 0xf, 0x0, 0x1, [@generic="b6aa883c187282aae29c84151472d9010000000698029295938bb88410e2247554e77a5fb3477db89e064fa08f0bc302dedd1500000000000000000000000000000000a96508a6178d"]}]}, 0x64}}, 0x0) 3.25357248s ago: executing program 1 (id=2597): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_S_CROP(r0, 0x4014563c, &(0x7f000001f9c0)={0xa}) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f00000000c0)={0x2, 0x0, 0x0, {0x0, 0x0, 0x0, 0xfffffff9}}) 3.198951634s ago: executing program 2 (id=2598): r0 = syz_io_uring_setup(0x23b, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0xfffffffffffffffc}) io_uring_enter(r0, 0x484, 0x0, 0x0, 0x0, 0x0) 3.189849595s ago: executing program 3 (id=2599): r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_opts(r0, 0x0, 0x200000000000a, &(0x7f0000000000)="ea00005c00000000", 0x1) setsockopt$inet_opts(r0, 0x0, 0x200000000000c, &(0x7f00000009c0), 0x0) 3.154399776s ago: executing program 2 (id=2600): r0 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x3], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x18, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_CMD={0x5}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8}]}]}]}}]}, 0xa4}}, 0x0) 3.010493931s ago: executing program 2 (id=2601): mkdirat(0xffffffffffffff9c, 0x0, 0x0) syz_usb_connect(0x0, 0x50d, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x90) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) clock_adjtime(0xffffffd3, &(0x7f00000001c0)) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) ioctl$VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000003400)={0xf0f045}) write$binfmt_script(r1, &(0x7f00000000c0), 0xfea7) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$kcm(0x21, 0x2, 0x2) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rxrpc_call\x00', r3}, 0x10) sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x80, 0x0, 0x0, &(0x7f0000000140)=[{0x10, 0x110}], 0x10}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) dup2(r4, r2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r5 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x1a1900) fcntl$dupfd(r5, 0x0, r5) 3.010233856s ago: executing program 3 (id=2602): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100), 0x6) ioctl$sock_bt_hci(r0, 0x400448e6, 0x0) 3.009908149s ago: executing program 1 (id=2603): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000001e00), 0x2, 0x0) ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000001e40)=@multiplanar_overlay={0x0, 0x8, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "6397a28f"}, 0x0, 0x3, {0x0}}) 2.926707929s ago: executing program 4 (id=2604): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000880)=ANY=[@ANYBLOB="340000001900150000000000000000000a00000002"], 0x34}], 0x1}, 0x0) 2.873832777s ago: executing program 3 (id=2605): openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$FUSE_NOTIFY_STORE(0xffffffffffffffff, 0x0, 0x2b) socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000090000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) keyctl$set_reqkey_keyring(0xe, 0x0) request_key(0x0, 0x0, &(0x7f0000000180)='-\x00', 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002280)={0x18, 0x28, 0x107, 0x0, 0x0, {0x5, 0x7c}, [@nested={0x4}]}, 0x18}}, 0x0) 2.518820139s ago: executing program 4 (id=2606): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffa}]}) getxattr(0x0, 0x0, 0x0, 0x0) 2.459704884s ago: executing program 1 (id=2607): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x6286) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000500)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc250d40f7535f7866907dc6751dfb265a0e3ccae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c9837d5ac03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce935b0f327cb3f011a7d06602e2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a9b893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1525320e716660000000000b02b001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c5452f42e09b388a14b22bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1c77a211bfa02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0843b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730302b66cf8aeb1f98bd67bfd38ec2beac3ca99f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94d81150c68ab27987655e1dd676ceef54ad4d663f88b6f82a65f7c94a0e40cbb782ff536bd67ba81125f8e0af199094b407f630dc6eb3b79615a4e63f75ab30b1e475748cb5dce6581dc92f740a21fb8dec725b4f2a0b0972f852504245d5ce11cfdead09c9b6e094261084cd20c2294525061a4638c0bfd08dfa70d24bf85d9cfd940e1a4f1509bed8233f22506e5b000000000000862a01def6c9e879a87688ad151c14ae7ff8a090aebe7e4f936c26e565ae96d38ee5f794468caa17419e22ff13df60a95596490358a3b8121511e427d619ad87fe998702ea0b659eff3f5cd8f4094fdd6b1d45facfe6629846170d99de670a9e72e21ed7363876612bf58a17142abccbbe4762f531067f92af24f5354f432ed1df74f8168d05de528f63a98bca22820439c567973de0077c068d1b70b6"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@bloom_filter={0x1e, 0x9, 0x7ff, 0x6, 0x40, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x5, 0xd}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFC_CMD_GET_TARGET(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x4}, 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000140), r5) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), r5) sendmsg$NL802154_CMD_NEW_INTERFACE(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000100)={0x14, r6, 0x1, 0x0, 0x0, {0x1c}}, 0x14}}, 0x0) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, 0x0, 0x40010) socket$nl_route(0x10, 0x3, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) dup(r7) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r8, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) 2.101449076s ago: executing program 0 (id=2608): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="180000000000000000000000000000009500160000000000e2bac15d3b6641a215f099e26603a050337b2ccc70a9f928ba3c529bb6e7365e7e246317380f5884d79663e7fcaa89795d7b10e88378c33265a7af06040e3d0bbc6a5864dfa023c6ac1da574242785bbb4ece12b11da52496875e1e384042aad63a3094bf3bc0e40a79960f9f1610940e67e30611d9873d1e6cb9c4cce44c999c49ff52a6400192fd021d7158438d7686a6f66778022c93c544189b684754e7e0f77a4f498609e53104c8aa70632fcc58c757bbc06f6472622dce2729d7296959ce003ec84acd015e352484c42fc29e5aea62fb7977813f7254fd6f62fec638abf292e6c33925b29"], &(0x7f0000000000)='syzkaller\x00'}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r0}, 0x10) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) close(r2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) 1.237547167s ago: executing program 3 (id=2609): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000940)={0x0, 0xa, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000580081044e81f782db44b904021d080009000200e8fe55a1180015000600142603600e120900210000000401a80016000a00014006000000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) 1.233808225s ago: executing program 0 (id=2610): r0 = socket$inet6_udp(0xa, 0x2, 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000004b40)={'ip6_vti0\x00', 0x0}) 353.274208ms ago: executing program 1 (id=2611): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x106}}, 0x20) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r2, &(0x7f00000003c0)={0xb, 0x10, 0xfa00, {0x0, r1}}, 0x18) 352.715817ms ago: executing program 0 (id=2612): mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x2, 0x17, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000180100002020702500000000002020207b1af8ff00000000bda100000000000037010000f8ffffffb702000008000000b70300000000000016090000060000003f91000000000000b5020000000000008500000085000000b70000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000003100)=@gcm_128={{0x303}, "0400", "0d07080d004fcf0000e8ffff1a8600", "cf0d00", "8657e2b7e43b34e4"}, 0x28) write$binfmt_script(r0, &(0x7f0000001300), 0x8f) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000180)=0x40) writev(r0, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0x1}], 0x1) 352.524284ms ago: executing program 4 (id=2613): r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_opts(r0, 0x0, 0x200000000000a, &(0x7f0000000000)="ea00005c00000000", 0x1) setsockopt$inet_opts(r0, 0x0, 0x200000000000c, &(0x7f00000009c0), 0x0) 217.46677ms ago: executing program 1 (id=2614): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWRULE={0x78, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x4c, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x15}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x6}, @NFTA_NG_TYPE={0x8}]}}}, {0x1c, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_MASQ_REG_PROTO_MIN={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xa0}}, 0x0) 209.779009ms ago: executing program 3 (id=2615): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100), 0x6) ioctl$sock_bt_hci(r0, 0x400448e6, 0x0) 172.405798ms ago: executing program 4 (id=2616): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/kexec_crash_size', 0x40102, 0x0) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[@ANYRESDEC], 0xfffffc8f) splice(r0, 0x0, r2, 0x0, 0x1800, 0x0) 154.973842ms ago: executing program 0 (id=2617): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000001e00), 0x2, 0x0) ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000001e40)=@multiplanar_overlay={0x0, 0x8, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "6397a28f"}, 0x0, 0x3, {0x0}}) 56.417781ms ago: executing program 3 (id=2618): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f7", 0x1}], 0x1}], 0x1, 0x0) recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000100)=""/3, 0x3}], 0x1}, 0x0) 769.704µs ago: executing program 1 (id=2619): r0 = socket$can_raw(0x1d, 0x3, 0x1) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) setsockopt$CAN_RAW_ERR_FILTER(r0, 0x65, 0x7, &(0x7f00000001c0)=0x44, 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000180)={&(0x7f00000005c0)={0x1d, r1}, 0x10, &(0x7f0000000140)={&(0x7f0000000040)=@canfd={{}, 0x0, 0x0, 0x4, 0x0, "f124a6bed4a6e874c28a9ab403693c64c130d1c03d41c1da8ebbbd090ffdef352b1d82f25c7719aa569b4e29f1b1c3200d701547228df8a88f7c32e74900"}, 0x48}, 0x2}, 0x0) 0s ago: executing program 0 (id=2620): openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$FUSE_NOTIFY_STORE(0xffffffffffffffff, 0x0, 0x2b) socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000090000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) keyctl$set_reqkey_keyring(0xe, 0x0) request_key(0x0, 0x0, &(0x7f0000000180)='-\x00', 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002280)={0x18, 0x28, 0x107, 0x0, 0x0, {0x5, 0x7c}, [@nested={0x4}]}, 0x18}}, 0x0) kernel console output (not intermixed with test programs): 1.882:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7448 comm="syz.0.703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7fbbfdf75b59 code=0x7ffc0000 [ 200.505985][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.513215][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 200.532440][ T29] audit: type=1326 audit(1721299581.882:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7448 comm="syz.0.703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbbfdf75b59 code=0x7ffc0000 [ 200.653947][ T29] audit: type=1326 audit(1721299581.892:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7448 comm="syz.0.703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=441 compat=0 ip=0x7fbbfdf75b59 code=0x7ffc0000 [ 200.732849][ T7173] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 200.858255][ T7089] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 201.022884][ T7089] veth0_vlan: entered promiscuous mode [ 201.060695][ T7089] veth1_vlan: entered promiscuous mode [ 201.413823][ T7089] veth0_macvtap: entered promiscuous mode [ 201.780106][ T7089] veth1_macvtap: entered promiscuous mode [ 202.133216][ T7173] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 202.231829][ T7089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 202.280298][ T7089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 202.309268][ T7089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 202.343015][ T7089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 202.363845][ T7089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 202.394238][ T7089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 202.424015][ T7089] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 202.446757][ T7089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 202.458095][ T7089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 202.472492][ T7089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 202.488464][ T7089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 202.505380][ T7089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 202.519444][ T7089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 202.548010][ T7089] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 202.563842][ T7529] netlink: 4 bytes leftover after parsing attributes in process `syz.1.723'. [ 202.607397][ T7089] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 202.635756][ T7089] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 202.683297][ T7089] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 202.711576][ T7089] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.134164][ T5088] Bluetooth: hci0: command 0x0406 tx timeout [ 203.558525][ T1044] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 203.580041][ T1044] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 203.658274][ T4374] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 203.683957][ T4374] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 203.726206][ T7173] veth0_vlan: entered promiscuous mode [ 203.775883][ T7173] veth1_vlan: entered promiscuous mode [ 203.812967][ T7561] batman_adv: batadv0: Adding interface: macvlan2 [ 203.820798][ T7561] batman_adv: batadv0: The MTU of interface macvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 203.877920][ T7563] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 203.888339][ T7561] batman_adv: batadv0: Not using interface macvlan2 (retrying later): interface not active [ 203.898424][ T7563] overlayfs: failed to set xattr on upper [ 203.905249][ T7563] overlayfs: ...falling back to redirect_dir=nofollow. [ 203.923686][ T7563] overlayfs: ...falling back to index=off. [ 203.948333][ T7563] overlayfs: ...falling back to uuid=null. [ 204.017610][ T7173] veth0_macvtap: entered promiscuous mode [ 204.061942][ T7173] veth1_macvtap: entered promiscuous mode [ 204.110002][ T7173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 204.136625][ T7173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.156561][ T7173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 204.183431][ T7173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.207280][ T7579] netlink: 72 bytes leftover after parsing attributes in process `syz.0.736'. [ 204.213563][ T7173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 204.243610][ T7173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.262405][ T7173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 204.273917][ T7173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.292629][ T7173] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 204.340937][ T7173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 204.382136][ T7173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.412794][ T7173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 204.432389][ T7173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.444211][ T7173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 204.456015][ T7173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.498742][ T7173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 204.549761][ T7173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.582054][ T7598] input: syz1 as /devices/virtual/input/input8 [ 204.595200][ T7173] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 204.653099][ T7173] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.690995][ T7173] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.707481][ T7173] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.728525][ T7173] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.577474][ T7614] netlink: 830 bytes leftover after parsing attributes in process `syz.1.748'. [ 205.785513][ T7614] macvlan0: entered allmulticast mode [ 205.811624][ T7614] veth1_vlan: entered allmulticast mode [ 206.005639][ T7614] pim6reg: entered allmulticast mode [ 206.299973][ T7628] netlink: 72 bytes leftover after parsing attributes in process `syz.3.750'. [ 206.377140][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.554232][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.725884][ T4143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.769546][ T4143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 208.102802][ T7658] vlan2: entered promiscuous mode [ 208.121122][ T7658] vlan2: entered allmulticast mode [ 212.319346][ T29] audit: type=1326 audit(1721299598.792:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7739 comm="syz.4.787" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa534775b59 code=0x0 [ 212.876938][ T7777] syz.0.795 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 213.327980][ T7792] overlayfs: failed to get inode (-116) [ 213.355635][ T7792] overlayfs: failed to look up (file0) for ino (-116) [ 215.142093][ T7891] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 215.188811][ T7892] can: request_module (can-proto-0) failed. [ 216.020972][ T7935] netlink: 24 bytes leftover after parsing attributes in process `syz.2.846'. [ 216.250461][ T7943] netlink: 'syz.1.850': attribute type 1 has an invalid length. [ 216.268710][ T7943] netlink: 8 bytes leftover after parsing attributes in process `syz.1.850'. [ 216.500704][ T7949] can: request_module (can-proto-0) failed. [ 216.709304][ T7951] can: request_module (can-proto-0) failed. [ 216.841501][ T7969] netlink: 8 bytes leftover after parsing attributes in process `syz.1.858'. [ 216.988793][ T7974] netlink: 24 bytes leftover after parsing attributes in process `syz.1.860'. [ 217.627804][ T8010] batman_adv: batadv0: Adding interface: ipvlan2 [ 217.645870][ T8010] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 217.702980][ T8010] batman_adv: batadv0: Not using interface ipvlan2 (retrying later): interface not active [ 217.776297][ T8016] dccp_v6_rcv: dropped packet with invalid checksum [ 217.899481][ T8019] netlink: 'syz.4.877': attribute type 7 has an invalid length. [ 217.930541][ T8023] netlink: 8 bytes leftover after parsing attributes in process `syz.3.881'. [ 217.947961][ T5089] Bluetooth: unknown link type 72 [ 217.954866][ T5089] Bluetooth: hci0: connection err: -111 [ 217.963607][ T5089] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 222.546890][ T8062] dccp_v6_rcv: dropped packet with invalid checksum [ 224.938672][ T8082] netlink: 'syz.1.901': attribute type 21 has an invalid length. [ 224.964787][ T8084] netlink: 'syz.3.903': attribute type 1 has an invalid length. [ 224.993593][ T8082] netlink: 160 bytes leftover after parsing attributes in process `syz.1.901'. [ 225.171371][ T8098] netlink: 'syz.0.910': attribute type 21 has an invalid length. [ 225.374123][ T8104] netlink: 4 bytes leftover after parsing attributes in process `syz.2.914'. [ 225.432647][ T8104] ip6gretap0: entered promiscuous mode [ 225.440107][ T8104] macvtap1: entered promiscuous mode [ 225.445988][ T8104] macvtap1: entered allmulticast mode [ 225.451398][ T8104] ip6gretap0: entered allmulticast mode [ 225.476924][ T8112] netlink: 4 bytes leftover after parsing attributes in process `syz.2.914'. [ 225.898785][ T8112] ip6gretap0: left allmulticast mode [ 225.925892][ T8112] ip6gretap0: left promiscuous mode [ 225.958877][ T8112] macvtap1: left promiscuous mode [ 225.977925][ T8112] macvtap1: left allmulticast mode [ 226.202051][ T8128] netlink: 'syz.2.919': attribute type 21 has an invalid length. [ 226.234460][ T8128] netlink: 160 bytes leftover after parsing attributes in process `syz.2.919'. [ 226.360808][ T8138] netlink: 'syz.2.924': attribute type 21 has an invalid length. [ 226.458625][ T29] audit: type=1400 audit(1721300124.936:199): lsm=SMACK fn=smack_ptrace_access_check action=denied subject="#!" object="_" requested=rw pid=8140 comm="syz.2.926" opid=8140 ocomm="syz.2.926" [ 226.573547][ T25] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 226.644550][ T8152] netlink: 4 bytes leftover after parsing attributes in process `syz.2.929'. [ 226.676323][ T8152] ip6gretap0: entered promiscuous mode [ 226.699692][ T8152] macvtap2: entered promiscuous mode [ 226.710951][ T8152] macvtap2: entered allmulticast mode [ 226.718928][ T8152] ip6gretap0: entered allmulticast mode [ 226.735088][ T8158] netlink: 4 bytes leftover after parsing attributes in process `syz.2.929'. [ 226.763707][ T25] usb 2-1: Using ep0 maxpacket: 8 [ 226.782162][ T8158] ip6gretap0: left allmulticast mode [ 226.784724][ T25] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 226.798087][ T8158] ip6gretap0: left promiscuous mode [ 226.811299][ T8158] macvtap2: left promiscuous mode [ 226.813805][ T25] usb 2-1: config 179 has no interface number 0 [ 226.834778][ T25] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 226.863311][ T25] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 226.884875][ T25] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 226.905827][ T25] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 226.930611][ T8158] macvtap2: left allmulticast mode [ 226.953049][ T25] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 227.055021][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 227.090930][ T8133] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 227.670994][ T5132] input: Generic X-Box pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input9 [ 227.734632][ T8178] netlink: 'syz.2.938': attribute type 21 has an invalid length. [ 227.895174][ T5133] usb 2-1: USB disconnect, device number 14 [ 227.895260][ C1] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 227.953883][ T5133] xpad 2-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 228.101399][ T8188] input: syz1 as /devices/virtual/input/input10 [ 228.384361][ T8207] netlink: 'syz.3.949': attribute type 9 has an invalid length. [ 228.419573][ T8207] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.949'. [ 229.256064][ T8221] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 229.457847][ T8234] input: syz1 as /devices/virtual/input/input11 [ 229.498920][ T8238] netlink: 8 bytes leftover after parsing attributes in process `syz.4.963'. [ 229.837734][ T8253] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 231.453591][ T8265] netlink: 'syz.3.973': attribute type 14 has an invalid length. [ 231.461544][ T8265] (unnamed net_device) (uninitialized): option xmit_hash_policy: invalid value (204) [ 231.804667][ T8276] netlink: 8 bytes leftover after parsing attributes in process `syz.4.978'. [ 231.845187][ T8285] input: syz1 as /devices/virtual/input/input12 [ 232.269155][ T8303] kvm: pic: non byte read [ 232.366710][ T8311] netlink: 'syz.4.991': attribute type 9 has an invalid length. [ 232.396822][ T8311] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.991'. [ 232.509247][ T8317] netlink: 8 bytes leftover after parsing attributes in process `syz.1.994'. [ 232.795725][ T8320] netlink: 'syz.0.990': attribute type 14 has an invalid length. [ 232.805641][ T8320] (unnamed net_device) (uninitialized): option xmit_hash_policy: invalid value (204) [ 233.436133][ T8324] input: syz1 as /devices/virtual/input/input13 [ 233.498448][ T29] audit: type=1326 audit(1721300131.976:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8327 comm="syz.4.999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa534775b59 code=0x7ffc0000 [ 233.582384][ T29] audit: type=1326 audit(1721300131.976:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8327 comm="syz.4.999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=264 compat=0 ip=0x7fa534775b59 code=0x7ffc0000 [ 233.610442][ T29] audit: type=1326 audit(1721300131.976:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8327 comm="syz.4.999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa534775b59 code=0x7ffc0000 [ 233.650141][ T29] audit: type=1326 audit(1721300131.976:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8327 comm="syz.4.999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa534775b59 code=0x7ffc0000 [ 233.684892][ T8336] ptrace attach of "./syz-executor exec"[5091] was attempted by ""[8336] [ 233.844548][ T8342] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 234.414638][ T8360] netlink: 'syz.4.1007': attribute type 14 has an invalid length. [ 234.424594][ T8360] (unnamed net_device) (uninitialized): option xmit_hash_policy: invalid value (204) [ 235.311172][ T8375] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1016'. [ 235.330443][ T8375] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1016'. [ 235.445617][ T8379] dccp_invalid_packet: P.Data Offset(103) too large [ 235.642363][ T8392] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1020'. [ 235.787092][ T8396] kvm: pic: non byte read [ 236.093688][ T8413] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1030'. [ 236.111921][ T8413] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1030'. [ 236.273540][ T5132] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 236.341883][ T8419] dccp_invalid_packet: P.Data Offset(103) too large [ 236.477990][ T5132] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 236.496423][ T5132] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 236.523169][ T5132] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 236.558147][ T5132] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 236.588817][ T5132] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 236.610799][ T5132] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 236.655833][ T5132] usb 2-1: Product: syz [ 236.675874][ T5132] usb 2-1: Manufacturer: syz [ 236.713820][ T5132] cdc_wdm 2-1:1.0: skipping garbage [ 236.731983][ T5132] cdc_wdm 2-1:1.0: skipping garbage [ 236.759984][ T5132] cdc_wdm 2-1:1.0: skipping garbage [ 236.781372][ T5132] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22 [ 236.857191][ T8430] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1037'. [ 237.800727][ T8454] netlink: 'syz.2.1045': attribute type 2 has an invalid length. [ 238.062550][ T5134] usb 2-1: USB disconnect, device number 15 [ 238.250276][ T8467] xt_CT: You must specify a L4 protocol and not use inversions on it [ 239.568676][ T8486] ERROR: device name not specified. [ 241.038764][ T8491] 9pnet_fd: Insufficient options for proto=fd [ 241.144445][ T8493] program syz.1.1059 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 241.672049][ T8519] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1071'. [ 241.682086][ T8519] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1071'. [ 241.713490][ T5092] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 241.965784][ T5092] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 242.128418][ T5092] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 242.497857][ T5092] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 242.507561][ T5092] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 242.523500][ T5092] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 242.532613][ T5092] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 242.549425][ T29] audit: type=1326 audit(1721300141.026:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8526 comm="syz.0.1074" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbbfdf75b59 code=0x0 [ 242.557386][ T5092] usb 4-1: Product: syz [ 242.587036][ T5092] usb 4-1: Manufacturer: syz [ 242.607754][ T5092] cdc_wdm 4-1:1.0: skipping garbage [ 242.623489][ T5092] cdc_wdm 4-1:1.0: skipping garbage [ 242.628766][ T5092] cdc_wdm 4-1:1.0: skipping garbage [ 242.658109][ T5092] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22 [ 242.881378][ T5132] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 243.711301][ T5132] usb 2-1: Using ep0 maxpacket: 8 [ 243.723260][ T5132] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 243.763673][ T5132] usb 2-1: config 179 has no interface number 0 [ 243.785387][ T5132] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 243.809002][ T5132] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 243.825025][ T5133] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 243.928458][ T5132] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 243.940552][ T5132] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 243.954297][ T5132] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 243.963775][ T5132] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.002088][ T8524] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 244.180418][ T5133] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 12408, setting to 64 [ 244.268581][ T5133] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 244.671057][ T5133] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.730118][ T5133] usb 5-1: config 0 descriptor?? [ 245.166220][ T5133] ath6kl: Failed to submit usb control message: -71 [ 245.172919][ T5133] ath6kl: unable to send the bmi data to the device: -71 [ 245.182160][ T5133] ath6kl: Unable to send get target info: -71 [ 245.212674][ T5133] ath6kl: Failed to init ath6kl core: -71 [ 245.226828][ T5132] input: Generic X-Box pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input14 [ 245.234032][ T5133] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 245.284102][ T5133] usb 5-1: USB disconnect, device number 6 [ 245.324400][ T8563] program syz.0.1084 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 245.474566][ T9] usb 2-1: USB disconnect, device number 16 [ 245.474620][ C1] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 245.490331][ T9] xpad 2-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 245.616755][ T5133] usb 4-1: USB disconnect, device number 7 [ 246.056197][ T8584] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 246.065861][ T8584] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock [ 246.077528][ T8584] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 246.091575][ T8586] pim6reg1: entered promiscuous mode [ 246.097557][ T8584] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock [ 246.109656][ T8586] pim6reg1: entered allmulticast mode [ 246.464770][ T8605] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1102'. [ 246.479861][ T8605] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1102'. [ 246.509526][ T8605] netlink: 17 bytes leftover after parsing attributes in process `syz.3.1102'. [ 246.603529][ T5132] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 246.926551][ T5132] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 12408, setting to 64 [ 246.953556][ T5132] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 246.962820][ T5132] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 247.949486][ T8610] syz.3.1103 (8610): drop_caches: 2 [ 248.041182][ T5132] usb 2-1: config 0 descriptor?? [ 248.396856][ T8619] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1105'. [ 248.915124][ T5132] ath6kl: Failed to submit usb control message: -71 [ 248.933492][ T5132] ath6kl: unable to send the bmi data to the device: -71 [ 248.940599][ T5132] ath6kl: Unable to send get target info: -71 [ 249.003514][ T5132] ath6kl: Failed to init ath6kl core: -71 [ 249.010530][ T5132] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 249.037677][ T5132] usb 2-1: USB disconnect, device number 17 [ 249.257027][ T8630] input: syz0 as /devices/virtual/input/input15 [ 249.331357][ T8636] netlink: 'syz.1.1112': attribute type 1 has an invalid length. [ 249.543573][ T9] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 249.615491][ T8639] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1113'. [ 249.640618][ T8639] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1113'. [ 249.666947][ T8639] netlink: 17 bytes leftover after parsing attributes in process `syz.1.1113'. [ 249.730331][ T5136] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 249.773915][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 249.791366][ T9] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 249.818061][ T9] usb 3-1: config 179 has no interface number 0 [ 249.840419][ T9] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 249.862819][ T9] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 249.888805][ T9] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 249.911422][ T9] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 249.956363][ T9] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 249.957540][ T5136] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 249.983021][ T5136] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 249.993790][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 249.998684][ T5136] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 250.027012][ T5136] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 250.033764][ T8632] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 250.079685][ T5136] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 250.122270][ T5136] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 250.163260][ T5136] usb 1-1: Product: syz [ 250.187376][ T5136] usb 1-1: Manufacturer: syz [ 250.263823][ T5136] cdc_wdm 1-1:1.0: skipping garbage [ 250.270218][ T5136] cdc_wdm 1-1:1.0: skipping garbage [ 250.283169][ T5136] cdc_wdm 1-1:1.0: skipping garbage [ 250.299342][ T5136] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22 [ 250.436801][ T9] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input16 [ 250.523577][ T783] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 250.737233][ T783] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 250.783871][ T783] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 250.804891][ T783] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 250.829576][ T783] usb 5-1: SerialNumber: syz [ 250.962300][ T783] cdc_ether 5-1:1.0: skipping garbage [ 250.972001][ T783] usb 5-1: bad CDC descriptors [ 251.048111][ T9] usb 3-1: USB disconnect, device number 13 [ 251.048159][ C0] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 251.062407][ C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 251.203686][ T9] xpad 3-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 251.417168][ T5134] usb 5-1: USB disconnect, device number 7 [ 251.626257][ T8670] wireguard0: entered promiscuous mode [ 251.631785][ T8670] wireguard0: entered allmulticast mode [ 251.671963][ T783] usb 1-1: USB disconnect, device number 4 [ 251.878137][ T8675] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1124'. [ 251.888646][ T8675] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1124'. [ 251.897882][ T8675] netlink: 17 bytes leftover after parsing attributes in process `syz.2.1124'. [ 253.248134][ T8701] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1135'. [ 253.456063][ T8713] wireguard0: entered promiscuous mode [ 253.461639][ T8713] wireguard0: entered allmulticast mode [ 253.483796][ T9] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 253.713997][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 253.726113][ T9] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 253.734788][ T9] usb 4-1: config 179 has no interface number 0 [ 253.741231][ T9] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 253.756307][ T9] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 253.773499][ T9] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 253.785775][ T9] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 253.800876][ T9] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 253.814126][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 253.830215][ T8698] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 254.139502][ T5134] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input17 [ 254.544890][ T5092] usb 4-1: USB disconnect, device number 8 [ 254.551044][ C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 254.551077][ C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 254.596622][ T5092] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 254.855034][ T5134] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 255.071688][ T5134] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 255.099406][ T5134] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.138198][ T5134] usb 1-1: config 0 descriptor?? [ 255.313604][ T25] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 255.403900][ T8725] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 255.418299][ T8725] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 255.549127][ T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 12408, setting to 64 [ 255.568883][ T25] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 255.597643][ T8738] netlink: 'syz.1.1148': attribute type 11 has an invalid length. [ 255.599241][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.612238][ T8736] netlink: 191416 bytes leftover after parsing attributes in process `syz.2.1147'. [ 255.624362][ T8738] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1148'. [ 255.638523][ T8736] netlink: zone id is out of range [ 255.640016][ T25] usb 5-1: config 0 descriptor?? [ 255.662382][ T8736] netlink: zone id is out of range [ 255.672454][ T8736] netlink: zone id is out of range [ 255.688887][ T8736] netlink: zone id is out of range [ 255.722546][ T8736] netlink: zone id is out of range [ 255.727953][ T8736] netlink: zone id is out of range [ 255.733174][ T8736] netlink: zone id is out of range [ 255.734675][ T8742] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1147'. [ 255.745343][ T8736] netlink: zone id is out of range [ 255.753294][ T8736] netlink: zone id is out of range [ 255.759377][ T8736] netlink: zone id is out of range [ 255.958228][ T25] ath6kl: Failed to submit usb control message: -71 [ 255.974188][ T25] ath6kl: unable to send the bmi data to the device: -71 [ 255.983631][ T25] ath6kl: Unable to send get target info: -71 [ 256.003085][ T25] ath6kl: Failed to init ath6kl core: -71 [ 256.022092][ T25] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 256.060579][ T25] usb 5-1: USB disconnect, device number 8 [ 256.213934][ T1249] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.243987][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.508089][ T8751] netlink: 'syz.2.1152': attribute type 1 has an invalid length. [ 256.516920][ T8751] netlink: 101600 bytes leftover after parsing attributes in process `syz.2.1152'. [ 256.930119][ T5134] usb 1-1: Cannot set autoneg [ 256.941177][ T5134] MOSCHIP usb-ethernet driver 1-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -32 [ 256.979918][ T5134] usb 1-1: USB disconnect, device number 5 [ 257.664658][ T8774] netlink: 'syz.1.1160': attribute type 11 has an invalid length. [ 257.715855][ T8774] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1160'. [ 258.664044][ T8794] tty tty2: ldisc open failed (-12), clearing slot 1 [ 259.227581][ T8819] fuse: Bad value for 'fd' [ 260.759321][ T8854] net_ratelimit: 116 callbacks suppressed [ 260.759342][ T8854] dccp_invalid_packet: P.type (CLOSE) not Data || [Data]Ack, while P.X == 0 [ 262.588006][ T8888] syz.2.1200 (8888): drop_caches: 2 [ 263.537925][ T8914] fuse: Bad value for 'fd' [ 263.823741][ T5089] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 263.903963][ T5089] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 265.036335][ T5133] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 265.143658][ T8968] netlink: 216 bytes leftover after parsing attributes in process `syz.3.1235'. [ 265.155586][ T8968] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1235'. [ 265.281680][ T8974] netlink: 210596 bytes leftover after parsing attributes in process `syz.0.1238'. [ 265.293650][ T5133] usb 2-1: Using ep0 maxpacket: 32 [ 265.317571][ T5133] usb 2-1: config 0 has an invalid interface number: 155 but max is 0 [ 265.343797][ T5133] usb 2-1: config 0 has no interface number 0 [ 265.350142][ T5133] usb 2-1: config 0 interface 155 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 265.413916][ T5133] usb 2-1: config 0 interface 155 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 265.440956][ T5133] usb 2-1: New USB device found, idVendor=05d1, idProduct=1002, bcdDevice=c5.61 [ 265.463614][ T5133] usb 2-1: New USB device strings: Mfr=225, Product=1, SerialNumber=3 [ 265.489117][ T5133] usb 2-1: Product: syz [ 265.494539][ T5133] usb 2-1: Manufacturer: syz [ 265.503639][ T5133] usb 2-1: SerialNumber: syz [ 265.524637][ T5133] usb 2-1: config 0 descriptor?? [ 265.556049][ T5133] ftdi_sio 2-1:0.155: FTDI USB Serial Device converter detected [ 265.584725][ T5133] ftdi_sio ttyUSB0: unknown device type: 0xc561 [ 266.087080][ T5133] usb 2-1: USB disconnect, device number 18 [ 266.090907][ T9002] netlink: 210596 bytes leftover after parsing attributes in process `syz.0.1251'. [ 266.098203][ T5133] ftdi_sio 2-1:0.155: device disconnected [ 269.803531][ T5136] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 270.043841][ T5136] usb 5-1: Using ep0 maxpacket: 32 [ 270.079720][ T5136] usb 5-1: config 0 has an invalid interface number: 155 but max is 0 [ 270.088455][ T5136] usb 5-1: config 0 has no interface number 0 [ 270.095536][ T5136] usb 5-1: config 0 interface 155 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 270.112205][ T5136] usb 5-1: config 0 interface 155 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 270.152190][ T5136] usb 5-1: New USB device found, idVendor=05d1, idProduct=1002, bcdDevice=c5.61 [ 270.161783][ T5136] usb 5-1: New USB device strings: Mfr=225, Product=1, SerialNumber=3 [ 270.161810][ T5136] usb 5-1: Product: syz [ 270.161827][ T5136] usb 5-1: Manufacturer: syz [ 270.161842][ T5136] usb 5-1: SerialNumber: syz [ 270.174913][ T5136] usb 5-1: config 0 descriptor?? [ 270.178263][ T5136] ftdi_sio 5-1:0.155: FTDI USB Serial Device converter detected [ 270.179278][ T5136] ftdi_sio ttyUSB0: unknown device type: 0xc561 [ 271.243934][ T9093] macsec1: entered promiscuous mode [ 271.260187][ T9093] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 271.279240][ T5136] usb 5-1: USB disconnect, device number 9 [ 271.290283][ T9093] macsec1: entered allmulticast mode [ 271.294906][ T5136] ftdi_sio 5-1:0.155: device disconnected [ 271.323663][ T9093] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 271.369375][ T9093] net veth1_virt_wifi virt_wifi0: left allmulticast mode [ 271.387888][ T9093] net veth1_virt_wifi virt_wifi0: left promiscuous mode [ 271.695385][ T9116] xt_TPROXY: Can be used only with -p tcp or -p udp [ 272.346171][ T9149] xt_TPROXY: Can be used only with -p tcp or -p udp [ 272.393299][ T9148] Process accounting resumed [ 272.408024][ T783] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 272.625232][ T783] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 272.643490][ T783] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 272.667602][ T783] usb 3-1: config 0 descriptor?? [ 272.677409][ T783] cp210x 3-1:0.0: cp210x converter detected [ 272.715270][ T9158] netlink: 'syz.3.1310': attribute type 9 has an invalid length. [ 272.743882][ T9158] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.1310'. [ 272.842236][ T9162] netlink: 'syz.3.1310': attribute type 9 has an invalid length. [ 272.858034][ T9140] netlink: 'syz.4.1303': attribute type 12 has an invalid length. [ 272.883531][ T9140] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1303'. [ 272.891738][ T9162] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.1310'. [ 273.314307][ T783] cp210x 3-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 273.329285][ T783] cp210x 3-1:0.0: GPIO initialisation failed: -71 [ 273.347261][ T783] usb 3-1: cp210x converter now attached to ttyUSB0 [ 273.363793][ T783] usb 3-1: USB disconnect, device number 14 [ 273.459852][ T783] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 273.497159][ T783] cp210x 3-1:0.0: device disconnected [ 273.839883][ T1044] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.847887][ T9193] syz.4.1325 (9193): drop_caches: 2 [ 275.051634][ T1044] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.125841][ T9199] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1329'. [ 275.269005][ T1044] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.490709][ T1044] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.654583][ T9214] netlink: 'syz.4.1334': attribute type 4 has an invalid length. [ 275.678044][ T5088] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 275.689832][ T5088] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 275.698176][ T5088] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 275.742014][ T5088] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 275.753038][ T5088] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 275.761213][ T5088] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 276.186431][ T1044] bridge_slave_0: left allmulticast mode [ 276.192142][ T1044] bridge_slave_0: left promiscuous mode [ 276.274411][ T1044] bridge0: port 1(bridge_slave_0) entered disabled state [ 276.372664][ T1044] bridge_slave_1: left allmulticast mode [ 276.383265][ T9230] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1338'. [ 276.393707][ T1044] bridge_slave_1: left promiscuous mode [ 276.399543][ T1044] bridge1: port 1(bridge_slave_1) entered disabled state [ 276.792958][ T9235] syz.2.1339 (9235): drop_caches: 2 [ 276.807596][ T9235] syz.2.1339 (9235): drop_caches: 2 [ 277.607404][ T5136] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 277.853520][ T5088] Bluetooth: hci0: command tx timeout [ 277.860362][ T9244] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1342'. [ 277.873799][ T5136] usb 5-1: Using ep0 maxpacket: 32 [ 277.937298][ T5136] usb 5-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91 [ 278.013553][ T5136] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 278.031804][ T5136] usb 5-1: config 0 descriptor?? [ 278.249792][ T5136] gspca_main: sunplus-2.14.0 probing 0458:7006 [ 278.908741][ T1044] bond0 (unregistering): (slave geneve0): Releasing backup interface [ 279.175909][ T9230] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 279.207282][ T9230] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 279.336790][ T1044] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 279.350261][ T1044] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 279.372647][ T1044] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 279.390251][ T1044] bond0 (unregistering): Released all slaves [ 279.429997][ T9279] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 279.442821][ T9279] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 279.497489][ T5136] gspca_sunplus: reg_w_riv err -110 [ 279.502874][ T5136] sunplus 5-1:0.0: probe with driver sunplus failed with error -110 [ 279.660187][ T5136] usb 5-1: USB disconnect, device number 10 [ 279.679015][ T9286] xt_TPROXY: Can be used only with -p tcp or -p udp [ 279.825037][ T9289] netlink: 'syz.3.1354': attribute type 9 has an invalid length. [ 279.881901][ T9289] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.1354'. [ 279.895422][ T9283] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 279.933680][ T5088] Bluetooth: hci0: command tx timeout [ 279.966791][ T9283] syzkaller0: entered promiscuous mode [ 279.979211][ T9283] syzkaller0: entered allmulticast mode [ 280.526629][ T29] audit: type=1326 audit(1721300178.996:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9316 comm="syz.4.1357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa534775b59 code=0x7ffc0000 [ 280.590493][ T29] audit: type=1326 audit(1721300179.026:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9316 comm="syz.4.1357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7fa534775b59 code=0x7ffc0000 [ 280.641520][ T29] audit: type=1326 audit(1721300179.026:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9316 comm="syz.4.1357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa534775b59 code=0x7ffc0000 [ 280.701830][ T29] audit: type=1326 audit(1721300179.026:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9316 comm="syz.4.1357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa534775b59 code=0x7ffc0000 [ 280.738372][ T29] audit: type=1326 audit(1721300179.026:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9316 comm="syz.4.1357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa534775b59 code=0x7ffc0000 [ 280.778620][ T29] audit: type=1326 audit(1721300179.036:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9316 comm="syz.4.1357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa534775b59 code=0x7ffc0000 [ 280.840634][ T29] audit: type=1326 audit(1721300179.036:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9316 comm="syz.4.1357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa534775b59 code=0x7ffc0000 [ 280.865643][ T29] audit: type=1326 audit(1721300179.056:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9316 comm="syz.4.1357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa534775b59 code=0x7ffc0000 [ 280.888748][ T29] audit: type=1326 audit(1721300179.056:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9316 comm="syz.4.1357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa534775b59 code=0x7ffc0000 [ 280.910977][ T29] audit: type=1326 audit(1721300179.056:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9316 comm="syz.4.1357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fa534775b59 code=0x7ffc0000 [ 282.016042][ T5088] Bluetooth: hci0: command tx timeout [ 282.607586][ T1044] hsr_slave_0: left promiscuous mode [ 282.624332][ T1044] hsr_slave_1: left promiscuous mode [ 282.633857][ T1044] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 282.646036][ T9332] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 282.646061][ T1044] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 282.665224][ T1044] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 282.673016][ T1044] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 282.689703][ T1044] batman_adv: batadv0: Removing interface: ipvlan2 [ 282.737125][ T1044] veth1_macvtap: left promiscuous mode [ 282.742774][ T1044] veth0_macvtap: left promiscuous mode [ 282.748612][ T1044] veth1_vlan: left promiscuous mode [ 282.754475][ T1044] veth0_vlan: left promiscuous mode [ 283.236889][ T1044] team0 (unregistering): Port device team_slave_1 removed [ 283.281508][ T1044] team0 (unregistering): Port device team_slave_0 removed [ 283.718910][ T9295] netlink: 'syz.3.1354': attribute type 9 has an invalid length. [ 283.740307][ T9295] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.1354'. [ 283.783204][ T9215] chnl_net:caif_netlink_parms(): no params data found [ 284.098651][ T5088] Bluetooth: hci0: command tx timeout [ 284.171197][ T9215] bridge0: port 1(bridge_slave_0) entered blocking state [ 284.194646][ T9215] bridge0: port 1(bridge_slave_0) entered disabled state [ 284.201936][ T9215] bridge_slave_0: entered allmulticast mode [ 284.218883][ T9215] bridge_slave_0: entered promiscuous mode [ 284.270138][ T9346] netlink: 'syz.4.1370': attribute type 4 has an invalid length. [ 284.293893][ T9215] bridge0: port 2(bridge_slave_1) entered blocking state [ 284.301110][ T9215] bridge0: port 2(bridge_slave_1) entered disabled state [ 284.319963][ T9215] bridge_slave_1: entered allmulticast mode [ 284.332804][ T9215] bridge_slave_1: entered promiscuous mode [ 284.509405][ T9358] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 284.550432][ T9363] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1376'. [ 284.755787][ T5089] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 284.776625][ T5089] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 285.320427][ T9215] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 286.032806][ T29] kauditd_printk_skb: 22 callbacks suppressed [ 286.032846][ T29] audit: type=1326 audit(1721300184.506:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9371 comm="syz.3.1378" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f84d0775b59 code=0x0 [ 286.446139][ T9215] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 286.483575][ T5095] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 286.515526][ T5095] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 286.525709][ T5095] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 286.535411][ T5095] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 286.760551][ T9215] team0: Port device team_slave_0 added [ 286.783859][ T9215] team0: Port device team_slave_1 added [ 286.936545][ T1044] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.154181][ T9215] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 287.161270][ T9215] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 287.232530][ T9215] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 287.344522][ T1044] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.406852][ T9215] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 287.422820][ T9215] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 287.450398][ T9215] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 287.534318][ T1044] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.628498][ T1044] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.696808][ T9215] hsr_slave_0: entered promiscuous mode [ 287.720990][ T9215] hsr_slave_1: entered promiscuous mode [ 287.742630][ T9215] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 287.756656][ T9215] Cannot create hsr debugfs directory [ 288.204104][ T9437] input: syz1 as /devices/virtual/input/input18 [ 288.350439][ T9367] chnl_net:caif_netlink_parms(): no params data found [ 288.391516][ T9444] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1398'. [ 288.410384][ T1044] bridge_slave_1: left allmulticast mode [ 288.425486][ T1044] bridge_slave_1: left promiscuous mode [ 288.435962][ T1044] bridge0: port 2(bridge_slave_1) entered disabled state [ 288.646527][ T1044] bridge_slave_0: left allmulticast mode [ 288.661966][ T5088] Bluetooth: hci3: command tx timeout [ 288.783692][ T1044] bridge_slave_0: left promiscuous mode [ 288.909508][ T1044] bridge0: port 1(bridge_slave_0) entered disabled state [ 289.333288][ T9457] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1401'. [ 289.814919][ T1044] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 289.826568][ T1044] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 289.839455][ T1044] bond0 (unregistering): Released all slaves [ 290.432624][ T9474] Process accounting resumed [ 290.569412][ T29] audit: type=1326 audit(1721300189.046:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9475 comm="syz.1.1408" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f23b9f75b59 code=0x0 [ 290.773747][ T5088] Bluetooth: hci3: command tx timeout [ 291.507387][ T9367] bridge0: port 1(bridge_slave_0) entered blocking state [ 291.543026][ T9367] bridge0: port 1(bridge_slave_0) entered disabled state [ 291.554622][ T9367] bridge_slave_0: entered allmulticast mode [ 291.562059][ T9367] bridge_slave_0: entered promiscuous mode [ 291.582505][ T9367] bridge0: port 2(bridge_slave_1) entered blocking state [ 291.596733][ T9367] bridge0: port 2(bridge_slave_1) entered disabled state [ 291.613788][ T9367] bridge_slave_1: entered allmulticast mode [ 291.645198][ T9367] bridge_slave_1: entered promiscuous mode [ 292.714267][ T9507] Process accounting resumed [ 292.722995][ T9367] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 292.791301][ T9367] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 292.813734][ T5088] Bluetooth: hci3: command tx timeout [ 293.043888][ T1044] hsr_slave_0: left promiscuous mode [ 293.069886][ T1044] hsr_slave_1: left promiscuous mode [ 293.097332][ T1044] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 293.105031][ T1044] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 293.113587][ T1044] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 293.121081][ T1044] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 293.133547][ T5136] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 293.177588][ T1044] veth1_macvtap: left promiscuous mode [ 293.189821][ T1044] veth0_macvtap: left promiscuous mode [ 293.195897][ T1044] veth1_vlan: left allmulticast mode [ 293.211449][ T1044] veth1_vlan: left promiscuous mode [ 293.219938][ T1044] veth0_vlan: left promiscuous mode [ 293.333573][ T5136] usb 2-1: Using ep0 maxpacket: 8 [ 293.345278][ T5136] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=30.f4 [ 293.362638][ T5136] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 293.384343][ T5136] usb 2-1: Product: syz [ 293.388568][ T5136] usb 2-1: Manufacturer: syz [ 293.393184][ T5136] usb 2-1: SerialNumber: syz [ 293.408854][ T5136] usb 2-1: config 0 descriptor?? [ 293.419429][ T5136] dm9601 2-1:0.0: probe with driver dm9601 failed with error -22 [ 293.430778][ T5136] sr9700 2-1:0.0: probe with driver sr9700 failed with error -22 [ 293.500723][ T1044] pim6reg (unregistering): left allmulticast mode [ 293.750763][ T1044] macvlan0 (unregistering): left allmulticast mode [ 294.169567][ T5136] usb 2-1: USB disconnect, device number 19 [ 294.353572][ T29] audit: type=1326 audit(1721300192.826:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9534 comm="syz.4.1431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa534775b59 code=0x7fc00000 [ 294.683260][ T1044] team0 (unregistering): Port device team_slave_1 removed [ 294.761571][ T1044] team0 (unregistering): Port device team_slave_0 removed [ 294.902790][ T5088] Bluetooth: hci3: command tx timeout [ 295.479692][ T9543] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1430'. [ 295.489427][ T9552] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1434'. [ 295.510911][ T9367] team0: Port device team_slave_0 added [ 295.548495][ T9367] team0: Port device team_slave_1 added [ 295.680641][ T9367] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 295.727167][ T9367] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 295.803392][ T9367] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 295.827113][ T9367] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 295.834710][ T9367] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 295.862467][ T9367] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 296.047409][ T9367] hsr_slave_0: entered promiscuous mode [ 296.080158][ T9367] hsr_slave_1: entered promiscuous mode [ 296.088922][ T9367] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 296.097075][ T9367] Cannot create hsr debugfs directory [ 296.299584][ T9215] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 296.309243][ T9215] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 296.323062][ T9215] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 296.351430][ T9215] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 296.698332][ T9215] 8021q: adding VLAN 0 to HW filter on device bond0 [ 296.744893][ T9215] 8021q: adding VLAN 0 to HW filter on device team0 [ 296.804874][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 296.812257][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 296.861736][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 296.869067][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 297.189772][ T9367] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 297.252357][ T9367] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 297.317535][ T9367] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 297.352555][ T9367] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 297.562546][ T9215] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 297.759860][ T9367] 8021q: adding VLAN 0 to HW filter on device bond0 [ 297.808392][ T9215] veth0_vlan: entered promiscuous mode [ 297.831695][ T9367] 8021q: adding VLAN 0 to HW filter on device team0 [ 297.847825][ T9215] veth1_vlan: entered promiscuous mode [ 297.871898][ T5136] bridge0: port 1(bridge_slave_0) entered blocking state [ 297.879135][ T5136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 297.942826][ T5136] bridge0: port 2(bridge_slave_1) entered blocking state [ 297.950098][ T5136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 298.006962][ T9215] veth0_macvtap: entered promiscuous mode [ 298.070804][ T9215] veth1_macvtap: entered promiscuous mode [ 298.251321][ T9215] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 298.297050][ T9215] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.323415][ T9215] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 298.359932][ T9215] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.379112][ T9215] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 298.390922][ T9215] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.402782][ T9215] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 298.458432][ T9215] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 298.483684][ T9215] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.535607][ T9215] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 298.574828][ T9215] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.600479][ T9215] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 298.626506][ T9215] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.657287][ T9215] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 298.689955][ T9215] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.707966][ T9215] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.717732][ T9215] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.744557][ T9215] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.766052][ T9629] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1456'. [ 298.916957][ T9367] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 299.130151][ T1044] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 299.161476][ T1044] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 299.213942][ T5088] Bluetooth: hci1: command 0x0406 tx timeout [ 299.335053][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 299.342983][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 299.373060][ T9367] veth0_vlan: entered promiscuous mode [ 299.435180][ T9367] veth1_vlan: entered promiscuous mode [ 299.505030][ T29] audit: type=1326 audit(1721300197.966:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9655 comm="syz.1.1460" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f23b9f75b59 code=0x0 [ 299.569095][ T9367] veth0_macvtap: entered promiscuous mode [ 299.594365][ T9367] veth1_macvtap: entered promiscuous mode [ 299.664624][ T9367] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 299.700418][ T9367] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 299.731368][ T9367] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 299.770591][ T9367] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 299.790597][ T9367] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 299.802378][ T9367] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 299.814762][ T9367] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 299.827226][ T9367] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 299.840948][ T9367] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 299.893821][ T9367] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 299.917521][ T9367] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 299.932189][ T9367] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 299.964713][ T9367] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 299.985870][ T9367] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 300.008353][ T9367] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 300.031319][ T9367] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 300.057757][ T9367] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 300.069769][ T9367] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 300.086361][ T9367] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.113536][ T9367] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.143636][ T9367] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.162437][ T9367] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.467106][ T5259] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 300.501900][ T5259] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 300.600741][ T5259] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 300.647776][ T5259] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 301.117189][ T9716] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1472'. [ 303.823773][ T5132] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 303.851430][ T9765] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1486'. [ 304.343550][ T5095] Bluetooth: hci4: command 0x0405 tx timeout [ 304.750093][ T5132] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 304.759527][ T5132] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 304.781922][ T5132] usb 5-1: config 0 descriptor?? [ 306.332374][ T9801] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1496'. [ 306.502243][ T9813] 9pnet_fd: Insufficient options for proto=fd [ 307.197815][ T5132] usb 5-1: Cannot set autoneg [ 307.465290][ T9822] xt_CONNSECMARK: invalid mode: 0 [ 307.643589][ T5132] MOSCHIP usb-ethernet driver 5-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 307.706610][ T5132] usb 5-1: USB disconnect, device number 11 [ 308.035259][ T5136] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 308.463437][ T5134] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 308.695177][ T5134] usb 4-1: config 0 has no interfaces? [ 308.738457][ T5134] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 308.786975][ T5134] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 309.035980][ T5134] usb 4-1: config 0 descriptor?? [ 309.351790][ T5136] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 309.360893][ T5165] usb 4-1: USB disconnect, device number 9 [ 309.396980][ T5136] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 309.424996][ T5136] usb 3-1: Product: syz [ 309.429970][ T5136] usb 3-1: Manufacturer: syz [ 309.440444][ T5136] usb 3-1: SerialNumber: syz [ 309.456566][ T5136] usb 3-1: config 0 descriptor?? [ 309.818362][ T5165] usb 3-1: USB disconnect, device number 15 [ 310.673562][ T5165] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 310.863504][ T5165] usb 5-1: Using ep0 maxpacket: 32 [ 310.871797][ T5165] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 310.895241][ T5165] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 310.909021][ T5165] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 310.919040][ T5165] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 310.937130][ T5165] hub 5-1:4.0: USB hub found [ 311.141288][ T5165] hub 5-1:4.0: config failed, can't read hub descriptor (err -90) [ 311.355423][ T5165] usbhid 5-1:4.0: can't add hid device: -71 [ 311.361468][ T5165] usbhid 5-1:4.0: probe with driver usbhid failed with error -71 [ 311.404541][ T5165] usb 5-1: USB disconnect, device number 12 [ 311.593696][ T5136] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 311.830563][ T5136] usb 3-1: config 0 has no interfaces? [ 311.850180][ T5136] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 311.880273][ T5136] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 311.909045][ T5136] usb 3-1: config 0 descriptor?? [ 312.200831][ T5092] usb 3-1: USB disconnect, device number 16 [ 313.629444][ T9975] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1542'. [ 314.161455][ T9986] syzkaller0: tun_chr_ioctl cmd 2148553947 [ 314.491286][ T9990] netdevsim netdevsim2: Direct firmware load for ng failed with error -2 [ 314.545692][ T9990] netdevsim netdevsim2: Falling back to sysfs fallback for: ng [ 314.853817][ T25] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 315.843436][ T25] usb 4-1: Using ep0 maxpacket: 8 [ 315.912867][ T25] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 315.942641][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 316.002687][ T25] usb 4-1: config 0 descriptor?? [ 316.067414][T10006] sg_write: data in/out 196608/1 bytes for SCSI command 0xf2-- guessing data in; [ 316.067414][T10006] program syz.2.1555 not setting count and/or reply_len properly [ 316.194131][T10006] sg_write: data in/out 1818846731/53 bytes for SCSI command 0x46-- guessing data in; [ 316.194131][T10006] program syz.2.1555 not setting count and/or reply_len properly [ 316.299423][T10006] Illegal XDP return value 8 on prog (id 266) dev N/A, expect packet loss! [ 316.334060][ T5088] Bluetooth: hci3: command tx timeout [ 316.507900][T10015] syzkaller0: tun_chr_ioctl cmd 2148553947 [ 316.722093][T10034] __vm_enough_memory: pid: 10034, comm: syz.1.1566, bytes: 549681586176 not enough memory for the allocation [ 316.746391][ T5136] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 316.946145][ T5136] usb 5-1: config 0 has an invalid interface number: 199 but max is 1 [ 316.968791][ T5136] usb 5-1: config 0 has no interface number 1 [ 316.989896][ T5136] usb 5-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 317.010156][ T5136] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 317.124425][T10044] pimreg: entered allmulticast mode [ 317.621130][ T1249] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.628343][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.759285][ T29] audit: type=1400 audit(1721300216.239:241): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=10047 comm="syz.0.1571" dest=20002 netif=wpan0 [ 317.777045][ T5136] usb 5-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00 [ 317.788102][ T5136] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 317.797161][ T5136] usb 5-1: SerialNumber: syz [ 317.824557][ T5136] usb 5-1: config 0 descriptor?? [ 317.969112][T10059] Bluetooth: MGMT ver 1.23 [ 317.969205][T10057] sctp: [Deprecated]: syz.2.1575 (pid 10057) Use of int in max_burst socket option deprecated. [ 317.969205][T10057] Use struct sctp_assoc_value instead [ 318.062218][ T5136] usb 5-1: Found UVC 0.00 device (0002:0000) [ 318.082819][ T5136] usb 5-1: No valid video chain found. [ 318.130271][ T5136] usb 5-1: USB disconnect, device number 13 [ 318.583906][ T29] audit: type=1800 audit(1721300217.059:242): pid=10059 uid=0 auid=4294967295 ses=4294967295 subj=_ op=set_data cause=unavailable-hash-algorithm comm="syz.1.1572" name="/newroot/321/file0" dev="tmpfs" ino=1721 res=0 errno=0 [ 319.294655][T10077] overlay: Unknown parameter '\dev/input/event#' [ 319.515412][ T25] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 319.570095][ T25] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 319.606355][ T25] asix 4-1:0.0: probe with driver asix failed with error -71 [ 319.642797][T10084] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1585'. [ 319.658757][ T25] usb 4-1: USB disconnect, device number 10 [ 319.972457][T10091] pimreg: entered allmulticast mode [ 320.839239][T10095] netlink: 'syz.0.1589': attribute type 4 has an invalid length. [ 320.983468][ T9] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 320.991503][T10105] netlink: 'syz.3.1590': attribute type 10 has an invalid length. [ 321.049622][ T29] audit: type=1804 audit(1721300219.519:243): pid=10108 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.1594" name="/newroot/20/bus/bus" dev="overlay" ino=126 res=1 errno=0 [ 321.072026][ C1] vkms_vblank_simulate: vblank timer overrun [ 321.102180][T10108] Invalid ELF header magic: != ELF [ 321.176098][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 321.256637][T10105] 8021q: adding VLAN 0 to HW filter on device team0 [ 321.283611][T10105] bond0: (slave team0): Enslaving as an active interface with an up link [ 321.292235][T10110] netlink: 'syz.0.1593': attribute type 30 has an invalid length. [ 321.303831][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 322.099158][T10114] tty tty29: ldisc open failed (-12), clearing slot 28 [ 322.210268][ T9] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 322.215570][T10117] nbd: socks must be embedded in a SOCK_ITEM attr [ 322.238895][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 322.285909][ T9] usb 2-1: config 0 descriptor?? [ 322.341613][T10119] dccp_invalid_packet: P.Data Offset(0) too small [ 322.411773][T10121] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1598'. [ 322.576022][T10129] overlay: Unknown parameter '\dev/input/event#' [ 323.616312][ T9] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x2 [ 323.633527][ T9] plantronics 0003:047F:FFFF.0005: ignoring exceeding usage max [ 323.642356][ T9] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 323.685149][ T9] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving [ 323.724632][T10138] sctp: [Deprecated]: syz.0.1603 (pid 10138) Use of int in max_burst socket option deprecated. [ 323.724632][T10138] Use struct sctp_assoc_value instead [ 323.778184][ T9] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 323.846131][ T9] usb 2-1: USB disconnect, device number 20 [ 324.046686][ T5088] Bluetooth: unknown link type 32 [ 324.051988][ T5088] Bluetooth: hci3: connection err: -111 [ 324.201208][ T29] audit: type=1804 audit(1721300222.679:244): pid=10152 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.1607" name="/newroot/39/bus/bus" dev="overlay" ino=228 res=1 errno=0 [ 324.234652][T10152] Invalid ELF header magic: != ELF [ 325.401216][ T5088] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0' [ 325.412589][ T5088] CPU: 1 PID: 5088 Comm: kworker/u9:3 Not tainted 6.10.0-syzkaller-05505-gb1bc554e009e #0 [ 325.422502][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 325.432555][ T5088] Workqueue: hci3 hci_rx_work [ 325.437283][ T5088] Call Trace: [ 325.440572][ T5088] [ 325.443508][ T5088] dump_stack_lvl+0x241/0x360 [ 325.448289][ T5088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 325.453492][ T5088] ? __pfx__printk+0x10/0x10 [ 325.458104][ T5088] ? sysfs_create_dir_ns+0x28a/0x3a0 [ 325.463414][ T5088] ? kmalloc_trace_noprof+0x19c/0x2c0 [ 325.468803][ T5088] sysfs_create_dir_ns+0x2ce/0x3a0 [ 325.473939][ T5088] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 325.479699][ T5088] kobject_add_internal+0x435/0x8d0 [ 325.484951][ T5088] kobject_add+0x152/0x220 [ 325.489407][ T5088] ? do_raw_spin_unlock+0x13c/0x8b0 [ 325.494618][ T5088] ? device_add+0x3e7/0xbf0 [ 325.499133][ T5088] ? __pfx_kobject_add+0x10/0x10 [ 325.504075][ T5088] ? _raw_spin_unlock+0x28/0x50 [ 325.509064][ T5088] ? get_device_parent+0x165/0x410 [ 325.514205][ T5088] device_add+0x4e5/0xbf0 [ 325.518588][ T5088] hci_conn_add_sysfs+0xe8/0x200 [ 325.523572][ T5088] le_conn_complete_evt+0xc9f/0x12e0 [ 325.529003][ T5088] ? trace_contention_end+0x3c/0x120 [ 325.534337][ T5088] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 325.540187][ T5088] ? __mutex_unlock_slowpath+0x21d/0x750 [ 325.545864][ T5088] ? __copy_skb_header+0x437/0x5b0 [ 325.551040][ T5088] ? skb_pull_data+0x112/0x230 [ 325.555882][ T5088] hci_le_enh_conn_complete_evt+0x185/0x420 [ 325.561840][ T5088] hci_event_packet+0xa55/0x1540 [ 325.566836][ T5088] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 325.572215][ T5088] ? __pfx_hci_event_packet+0x10/0x10 [ 325.577610][ T5088] ? do_raw_spin_unlock+0x13c/0x8b0 [ 325.582837][ T5088] ? hci_send_to_monitor+0xd8/0x7f0 [ 325.588241][ T5088] ? kcov_remote_start+0x9e/0x7e0 [ 325.593287][ T5088] hci_rx_work+0x3e8/0xca0 [ 325.597818][ T5088] ? process_scheduled_works+0x945/0x1830 [ 325.605251][ T5088] process_scheduled_works+0xa2c/0x1830 [ 325.605346][ T5088] ? __pfx_process_scheduled_works+0x10/0x10 [ 325.617289][ T5088] ? assign_work+0x364/0x3d0 [ 325.621907][ T5088] worker_thread+0x86d/0xd40 [ 325.626547][ T5088] ? __kthread_parkme+0x169/0x1d0 [ 325.631691][ T5088] ? __pfx_worker_thread+0x10/0x10 [ 325.636926][ T5088] kthread+0x2f0/0x390 [ 325.641008][ T5088] ? __pfx_worker_thread+0x10/0x10 [ 325.646107][ T5088] ? __pfx_kthread+0x10/0x10 [ 325.650790][ T5088] ret_from_fork+0x4b/0x80 [ 325.655238][ T5088] ? __pfx_kthread+0x10/0x10 [ 325.659930][ T5088] ret_from_fork_asm+0x1a/0x30 [ 325.664719][ T5088] [ 325.698410][ T5088] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 325.712550][ T5088] Bluetooth: hci3: failed to register connection device [ 325.876107][T10167] dccp_invalid_packet: P.Data Offset(0) too small [ 327.455479][T10187] overlay: Unknown parameter '\dev/input/event#' [ 327.646311][ T29] audit: type=1804 audit(1721300226.129:245): pid=10188 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.1619" name="/newroot/328/bus/file0" dev="overlay" ino=1767 res=1 errno=0 [ 327.724343][T10195] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491 [ 327.773838][ T5088] Bluetooth: hci3: command tx timeout [ 327.781273][T10202] dccp_invalid_packet: P.Data Offset(0) too small [ 328.505236][T10232] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491 [ 328.995596][ T9] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 329.446456][ T9] usb 2-1: config 0 has an invalid interface number: 199 but max is 1 [ 329.611948][ T9] usb 2-1: config 0 has no interface number 1 [ 329.683011][ T9] usb 2-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 329.715817][ T9] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 329.859501][ T9] usb 2-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00 [ 329.893987][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 329.904141][ T9] usb 2-1: SerialNumber: syz [ 330.184484][ T9] usb 2-1: config 0 descriptor?? [ 330.584672][ T9] usb 2-1: Found UVC 0.00 device (0002:0000) [ 330.591697][ T9] usb 2-1: No valid video chain found. [ 330.782538][ T9] usb 2-1: USB disconnect, device number 21 [ 332.969427][T10391] netlink: 'syz.3.1660': attribute type 4 has an invalid length. [ 333.047270][T10391] netlink: 'syz.3.1660': attribute type 1 has an invalid length. [ 333.070206][T10393] netlink: 'syz.0.1662': attribute type 3 has an invalid length. [ 333.095395][T10391] netlink: 88156 bytes leftover after parsing attributes in process `syz.3.1660'. [ 333.428326][T10390] xt_TCPMSS: Only works on TCP SYN packets [ 336.633832][ T25] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 336.693934][ T9] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 336.837403][ T25] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 336.869047][ T25] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 336.901415][ T25] usb 1-1: New USB device found, idVendor=44b7, idProduct=0000, bcdDevice= 0.00 [ 336.923735][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 336.935787][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 336.938986][ T25] usb 1-1: SerialNumber: syz [ 336.972573][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 337.031668][ T9] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 337.060781][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 337.111383][ T9] usb 2-1: config 0 descriptor?? [ 337.236866][ T25] usb 1-1: 0:12 : does not exist [ 337.363950][ T25] usb 1-1: USB disconnect, device number 6 [ 337.573048][ T9] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x2 [ 337.617830][ T9] plantronics 0003:047F:FFFF.0006: ignoring exceeding usage max [ 337.629981][ T9] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 337.777444][ T9] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving [ 337.808180][ T9] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 337.905837][ T9] usb 2-1: USB disconnect, device number 22 [ 337.914323][ T9054] udevd[9054]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 338.937344][T10481] Cannot find set identified by id 0 to match [ 339.086235][ T5165] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 339.236925][T10491] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 339.283555][ T5165] usb 1-1: Using ep0 maxpacket: 32 [ 339.320943][ T5165] usb 1-1: config 128 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 339.347721][ T5165] usb 1-1: config 128 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 339.372866][ T5165] usb 1-1: config 128 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 339.417593][ T5165] usb 1-1: config 128 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 339.439981][ T5165] usb 1-1: config 128 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 339.495120][ T5165] usb 1-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 339.534153][ T5165] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 339.570225][T10508] Cannot find set identified by id 0 to match [ 339.992837][T10522] xt_cgroup: xt_cgroup: no path or classid specified [ 339.998541][ T5165] ntrig 0003:1B96:000A.0007: unknown main item tag 0x0 [ 340.007108][ T5165] ntrig 0003:1B96:000A.0007: unknown main item tag 0x0 [ 340.039413][ T5165] ntrig 0003:1B96:000A.0007: unknown main item tag 0x0 [ 340.051716][ T5165] ntrig 0003:1B96:000A.0007: unknown main item tag 0x0 [ 340.069499][ T5165] ntrig 0003:1B96:000A.0007: unknown main item tag 0x0 [ 340.098614][ T5165] ntrig 0003:1B96:000A.0007: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.0-1/input0 [ 340.235316][ T5165] usb 1-1: USB disconnect, device number 7 [ 340.690708][T10540] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 341.803278][T10552] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 342.180671][ T29] audit: type=1326 audit(1721300240.649:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10564 comm="syz.3.1721" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f84d0775b59 code=0x0 [ 342.286804][T10561] xt_TCPMSS: Only works on TCP SYN packets [ 342.476234][T10580] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 342.766793][T10589] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1731'. [ 343.174233][ T29] audit: type=1804 audit(1721300241.649:247): pid=10592 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.4.1733" name="/newroot/216/bus/file0" dev="overlay" ino=1155 res=1 errno=0 [ 343.567021][T10609] netlink: 'syz.3.1738': attribute type 10 has an invalid length. [ 343.576023][T10609] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1738'. [ 343.587167][T10609] team0: entered promiscuous mode [ 343.592417][T10609] team_slave_0: entered promiscuous mode [ 343.651736][T10609] team_slave_1: entered promiscuous mode [ 343.717230][T10609] bond0: (slave team0): Releasing backup interface [ 343.802775][T10609] bridge0: port 3(team0) entered blocking state [ 343.822195][ T5088] Bluetooth: hci1: SCO packet for unknown connection handle 205 [ 343.840373][T10618] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1738'. [ 343.864607][T10609] bridge0: port 3(team0) entered disabled state [ 343.871894][T10609] team0: entered allmulticast mode [ 343.877719][T10609] team_slave_0: entered allmulticast mode [ 343.884321][T10609] team_slave_1: entered allmulticast mode [ 343.952276][T10611] netlink: 'syz.0.1740': attribute type 13 has an invalid length. [ 344.402861][T10639] program syz.4.1751 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 344.461913][ T5088] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 344.472676][ T5088] CPU: 0 PID: 5088 Comm: kworker/u9:3 Not tainted 6.10.0-syzkaller-05505-gb1bc554e009e #0 [ 344.482727][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 344.493001][ T5088] Workqueue: hci4 hci_rx_work [ 344.497886][ T5088] Call Trace: [ 344.501175][ T5088] [ 344.504321][ T5088] dump_stack_lvl+0x241/0x360 [ 344.509006][ T5088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 344.514205][ T5088] ? __pfx__printk+0x10/0x10 [ 344.518794][ T5088] ? sysfs_create_dir_ns+0x28a/0x3a0 [ 344.524269][ T5088] ? kmalloc_trace_noprof+0x19c/0x2c0 [ 344.529741][ T5088] sysfs_create_dir_ns+0x2ce/0x3a0 [ 344.534946][ T5088] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 344.540623][ T5088] kobject_add_internal+0x435/0x8d0 [ 344.545835][ T5088] kobject_add+0x152/0x220 [ 344.550255][ T5088] ? do_raw_spin_unlock+0x13c/0x8b0 [ 344.555644][ T5088] ? device_add+0x3e7/0xbf0 [ 344.561057][ T5088] ? __pfx_kobject_add+0x10/0x10 [ 344.566288][ T5088] ? _raw_spin_unlock+0x28/0x50 [ 344.571206][ T5088] ? get_device_parent+0x165/0x410 [ 344.576551][ T5088] device_add+0x4e5/0xbf0 [ 344.580902][ T5088] hci_conn_add_sysfs+0xe8/0x200 [ 344.585958][ T5088] le_conn_complete_evt+0xc9f/0x12e0 [ 344.591353][ T5088] ? trace_contention_end+0x3c/0x120 [ 344.596748][ T5088] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 344.602507][ T5088] ? __mutex_unlock_slowpath+0x21d/0x750 [ 344.608173][ T5088] ? __copy_skb_header+0x437/0x5b0 [ 344.613304][ T5088] ? skb_pull_data+0x112/0x230 [ 344.618082][ T5088] hci_le_enh_conn_complete_evt+0x185/0x420 [ 344.623991][ T5088] hci_event_packet+0xa55/0x1540 [ 344.628937][ T5088] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 344.634224][ T5088] ? __pfx_hci_event_packet+0x10/0x10 [ 344.639600][ T5088] ? do_raw_spin_unlock+0x13c/0x8b0 [ 344.644795][ T5088] ? hci_send_to_monitor+0xd8/0x7f0 [ 344.649989][ T5088] ? kcov_remote_start+0x9e/0x7e0 [ 344.655011][ T5088] hci_rx_work+0x3e8/0xca0 [ 344.659439][ T5088] ? process_scheduled_works+0x945/0x1830 [ 344.665276][ T5088] process_scheduled_works+0xa2c/0x1830 [ 344.670952][ T5088] ? __pfx_process_scheduled_works+0x10/0x10 [ 344.677121][ T5088] ? assign_work+0x364/0x3d0 [ 344.681732][ T5088] worker_thread+0x86d/0xd40 [ 344.686330][ T5088] ? __kthread_parkme+0x169/0x1d0 [ 344.691353][ T5088] ? __pfx_worker_thread+0x10/0x10 [ 344.696473][ T5088] kthread+0x2f0/0x390 [ 344.700625][ T5088] ? __pfx_worker_thread+0x10/0x10 [ 344.705736][ T5088] ? __pfx_kthread+0x10/0x10 [ 344.710322][ T5088] ret_from_fork+0x4b/0x80 [ 344.714775][ T5088] ? __pfx_kthread+0x10/0x10 [ 344.719409][ T5088] ret_from_fork_asm+0x1a/0x30 [ 344.724310][ T5088] [ 344.732607][ T5088] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 344.753590][ T5088] Bluetooth: hci4: failed to register connection device [ 344.826148][T10646] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 344.869967][T10653] ɶƣ0GC: entered promiscuous mode [ 346.336543][T10686] openvswitch: ɶƣ0GC: Dropping previously announced user features [ 346.441008][ T29] audit: type=1326 audit(1721300244.919:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10687 comm="syz.3.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84d0775b59 code=0x7ffc0000 [ 346.539319][ T29] audit: type=1326 audit(1721300244.919:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10687 comm="syz.3.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84d0775b59 code=0x7ffc0000 [ 346.596145][ T29] audit: type=1326 audit(1721300244.919:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10687 comm="syz.3.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f84d0775b59 code=0x7ffc0000 [ 346.623520][ T29] audit: type=1326 audit(1721300244.919:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10687 comm="syz.3.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84d0775b59 code=0x7ffc0000 [ 346.645901][ T29] audit: type=1326 audit(1721300244.919:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10687 comm="syz.3.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84d0775b59 code=0x7ffc0000 [ 346.668355][ T29] audit: type=1326 audit(1721300244.919:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10687 comm="syz.3.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84d0775b59 code=0x7ffc0000 [ 346.697988][ T29] audit: type=1326 audit(1721300244.919:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10687 comm="syz.3.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f84d0775b59 code=0x7ffc0000 [ 346.725241][ T29] audit: type=1326 audit(1721300244.979:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10687 comm="syz.3.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84d0775b59 code=0x7ffc0000 [ 346.814035][ T5088] Bluetooth: hci4: command 0x0405 tx timeout [ 347.277496][ T29] kauditd_printk_skb: 154 callbacks suppressed [ 347.277537][ T29] audit: type=1326 audit(1721300245.759:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10687 comm="syz.3.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f84d0775b59 code=0x7ffc0000 [ 347.472617][T10287] Bluetooth: hci5: Frame reassembly failed (-84) [ 347.673828][ T29] audit: type=1326 audit(1721300245.789:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10687 comm="syz.3.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f84d0775b59 code=0x7ffc0000 [ 347.709787][T10717] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1783'. [ 347.976112][T10726] netlink: 'syz.1.1781': attribute type 7 has an invalid length. [ 347.984153][T10726] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1781'. [ 348.018352][T10726] netlink: 'syz.1.1781': attribute type 3 has an invalid length. [ 348.026397][T10726] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1781'. [ 349.057523][T10741] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 349.104878][ T5165] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 349.383826][ T5088] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 349.544097][T10759] netlink: 'syz.3.1797': attribute type 4 has an invalid length. [ 349.620819][T10759] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1797'. [ 350.014223][ T5165] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 350.723864][T10796] Bluetooth: hci5: Frame reassembly failed (-84) [ 350.895304][ T12] Bluetooth: hci5: Frame reassembly failed (-84) [ 352.814945][ T5088] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 353.153013][T10832] netlink: 'syz.3.1820': attribute type 1 has an invalid length. [ 353.330474][T10839] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 353.352579][T10837] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 354.638426][T10887] netlink: 'syz.2.1834': attribute type 1 has an invalid length. [ 355.480398][T10903] dccp_v6_rcv: dropped packet with invalid checksum [ 356.113709][T10934] macsec0: entered promiscuous mode [ 356.152605][T10934] macsec0: entered allmulticast mode [ 356.188250][T10938] veth1_macvtap: entered allmulticast mode [ 356.226362][T10938] macsec0: left promiscuous mode [ 356.233121][T10938] macsec0: left allmulticast mode [ 356.283433][T10938] veth1_macvtap: left allmulticast mode [ 356.484938][T10946] bond0: entered promiscuous mode [ 356.505626][T10946] bond_slave_0: entered promiscuous mode [ 356.516284][T10946] bond_slave_1: entered promiscuous mode [ 356.528650][T10946] dummy0: entered promiscuous mode [ 356.632487][T10950] kvm: pic: non byte read [ 356.713464][ T5134] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 356.927758][ T5134] usb 3-1: config 0 interface 0 has no altsetting 0 [ 356.943516][ T5134] usb 3-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75 [ 356.971859][T10964] syzkaller1: entered promiscuous mode [ 356.977711][ T5134] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 356.992356][T10964] syzkaller1: entered allmulticast mode [ 357.001311][ T5134] usb 3-1: config 0 descriptor?? [ 357.592543][T10989] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1854'. [ 357.648156][ T5134] video4linux radio32: keene_cmd_main failed (-71) [ 357.672942][ T5134] radio-keene 3-1:0.0: V4L2 device registered as radio32 [ 357.709994][ T5134] usb 3-1: USB disconnect, device number 17 [ 357.849341][T10993] kvm: pic: non byte read [ 358.123421][ T5092] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 358.315780][ T5092] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 358.329486][ T5092] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 358.340748][ T5092] usb 1-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33 [ 358.354348][ T5092] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 358.400009][ T5092] usb 1-1: config 0 descriptor?? [ 358.744812][ T25] usb 1-1: USB disconnect, device number 8 [ 358.801528][T11009] netlink: 'syz.2.1878': attribute type 4 has an invalid length. [ 358.810934][T11007] binder: BINDER_SET_CONTEXT_MGR already set [ 358.824053][T11007] binder: 11006:11007 ioctl 4018620d 20000040 returned -16 [ 358.831618][T11009] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1878'. [ 360.115884][T11023] 9pnet_fd: Insufficient options for proto=fd [ 360.153964][T11023] xt_recent: Unsupported userspace flags (00000064) [ 362.561811][T11064] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1897'. [ 362.623921][T11069] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1899'. [ 362.711610][T11070] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1897'. [ 363.945439][T11094] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1907'. [ 363.987418][T11094] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1907'. [ 364.331401][T11117] tipc: Started in network mode [ 364.360237][T11117] tipc: Node identity aaaaaaaaaa32, cluster identity 4711 [ 364.378917][T11117] tipc: Enabled bearer , priority 10 [ 364.411026][T11117] tipc: Resetting bearer [ 365.896521][ T783] tipc: Node number set to 10005162 [ 366.032194][T11117] tipc: Disabling bearer [ 367.451776][T11166] netlink: 1 bytes leftover after parsing attributes in process `syz.1.1932'. [ 367.558959][T11169] cifs: Unknown parameter '_LI !BEJFAi_^wktcُE|,2' [ 367.635933][T11169] overlay: ./file1 is not a directory [ 372.309901][ T25] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 374.239162][T11192] xt_CONNSECMARK: invalid mode: 0 [ 380.527744][ T1249] ieee802154 phy0 wpan0: encryption failed: -22 [ 380.534245][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 381.316356][T11241] xt_CONNSECMARK: invalid mode: 0 [ 383.602031][T11316] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1981'. [ 383.880481][T11321] binder_alloc: 11318: binder_install_single_page failed to insert page at offset 1000 with -14 [ 384.135631][T11330] netlink: 'syz.4.1986': attribute type 30 has an invalid length. [ 384.329145][T11321] syz.3.1982 (11321): drop_caches: 2 [ 384.482101][T11334] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1988'. [ 384.503703][T11334] bridge_slave_1: left allmulticast mode [ 384.520751][T11334] bridge_slave_1: left promiscuous mode [ 384.534190][T11334] bridge0: port 2(bridge_slave_1) entered disabled state [ 384.565380][T11334] bridge_slave_0: left allmulticast mode [ 384.573334][T11334] bridge_slave_0: left promiscuous mode [ 384.580765][T11334] bridge0: port 1(bridge_slave_0) entered disabled state [ 385.921851][T11350] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1991'. [ 386.435431][ T5088] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 386.444738][ T5088] Bluetooth: hci3: Injecting HCI hardware error event [ 386.454388][ T5088] Bluetooth: hci3: hardware error 0x00 [ 386.461204][ T5095] Bluetooth: hci1: unexpected event 0x2f length: 509 > 260 [ 387.124385][ T5095] Bluetooth: hci3: unexpected event for opcode 0x1003 [ 387.302059][ T5092] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 387.468349][T11382] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2006'. [ 387.502499][ T5092] usb 5-1: Using ep0 maxpacket: 8 [ 387.514921][ T5092] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 387.527396][ T5092] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 387.537993][ T5092] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 387.551538][ T5092] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 387.562448][ T5092] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 387.576250][ T5092] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 387.586464][ T5092] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 387.877761][ T5092] usb 5-1: usb_control_msg returned -32 [ 387.920728][ T5092] usbtmc 5-1:16.0: can't read capabilities [ 388.021861][ T5238] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 388.212922][ T5238] usb 4-1: Using ep0 maxpacket: 8 [ 388.227042][ T5238] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 388.263994][ T5238] usb 4-1: New USB device found, idVendor=1b3d, idProduct=0146, bcdDevice= 1.b8 [ 388.288079][ T5238] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 388.328990][ T5238] usb 4-1: config 0 descriptor?? [ 388.340226][ T5238] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 388.357229][ T5238] usb 4-1: Detected SIO [ 388.396340][ T5238] ftdi_sio ttyUSB0: Overriding wMaxPacketSize on endpoint 2 [ 388.429161][ T5238] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 388.611993][ T5165] usb 5-1: USB disconnect, device number 14 [ 388.622217][T11411] usbtmc 5-1:16.0: usb_control_msg returned -71 [ 388.886498][ T5088] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 390.069048][ T5136] usb 4-1: USB disconnect, device number 12 [ 390.120637][ T5136] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 390.121141][ T5136] ftdi_sio 4-1:0.0: device disconnected [ 390.722457][T11471] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2043'. [ 390.749053][ T5092] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 390.782214][ T5092] hid-generic 0000:0000:0000.0008: hidraw0: HID v0.00 Device [syz0] on syz0 [ 390.811513][ T5238] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 391.376065][ T29] audit: type=1804 audit(1721300289.314:412): pid=11479 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.2045" name="/newroot/257/bus/bus" dev="overlay" ino=1372 res=1 errno=0 [ 391.526522][ T5238] usb 1-1: Using ep0 maxpacket: 32 [ 391.777618][ T5238] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 391.823580][ T5238] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0 [ 391.848843][ T5238] usb 1-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=75.9e [ 391.866598][ T5238] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 391.896397][ T5238] usb 1-1: Product: syz [ 391.900619][ T5238] usb 1-1: Manufacturer: syz [ 391.932343][ T5238] usb 1-1: SerialNumber: syz [ 391.976424][ T5238] usb 1-1: config 0 descriptor?? [ 392.006663][ T5238] iguanair 1-1:0.0: probe with driver iguanair failed with error -12 [ 392.339347][T11500] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2048'. [ 392.833959][ T5136] usb 1-1: USB disconnect, device number 9 [ 392.986143][T11507] Bluetooth: MGMT ver 1.23 [ 393.238530][ T29] audit: type=1326 audit(1721300291.542:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11519 comm="syz.2.2059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f353cd75b59 code=0x7ffc0000 [ 393.304401][ T29] audit: type=1326 audit(1721300291.542:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11519 comm="syz.2.2059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f353cd75b59 code=0x7ffc0000 [ 393.348420][ T29] audit: type=1326 audit(1721300291.572:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11519 comm="syz.2.2059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f353cd75b59 code=0x7ffc0000 [ 393.377281][ T29] audit: type=1326 audit(1721300291.572:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11519 comm="syz.2.2059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f353cd75b59 code=0x7ffc0000 [ 393.443100][ T29] audit: type=1326 audit(1721300291.572:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11519 comm="syz.2.2059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f353cd75b59 code=0x7ffc0000 [ 393.466835][ T29] audit: type=1326 audit(1721300291.572:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11519 comm="syz.2.2059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=92 compat=0 ip=0x7f353cd75b59 code=0x7ffc0000 [ 393.535857][ T29] audit: type=1326 audit(1721300291.572:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11519 comm="syz.2.2059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f353cd75b59 code=0x7ffc0000 [ 393.567219][ T29] audit: type=1326 audit(1721300291.572:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11519 comm="syz.2.2059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f353cd75b59 code=0x7ffc0000 [ 393.622250][ T5134] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 393.808033][ T5134] usb 3-1: New USB device found, idVendor=05ac, idProduct=0253, bcdDevice=65.5a [ 393.819724][ T5134] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 393.819788][T11537] pim6reg1: entered promiscuous mode [ 393.834825][T11537] pim6reg1: entered allmulticast mode [ 393.849303][ T5134] usb 3-1: config 0 descriptor?? [ 393.870156][ T5134] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input24 [ 393.885398][T11537] syzkaller0: entered allmulticast mode [ 394.790860][ T4523] bcm5974 3-1:0.0: could not read from device [ 394.813728][ T4523] bcm5974 3-1:0.0: could not read from device [ 394.818748][ T5134] usb 3-1: USB disconnect, device number 18 [ 394.830134][ T4523] bcm5974 3-1:0.0: could not read from device [ 394.848356][ T4523] bcm5974 3-1:0.0: could not read from device [ 395.004789][T11547] xt_CONNSECMARK: invalid mode: 0 [ 395.216859][T11561] 8021q: adding VLAN 0 to HW filter on device bond0 [ 395.262581][T11561] bond0: (slave rose0): Enslaving as an active interface with an up link [ 395.794710][T11579] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2076'. [ 397.040939][T11586] netlink: 'syz.1.2079': attribute type 1 has an invalid length. [ 397.049168][T11586] netlink: 148 bytes leftover after parsing attributes in process `syz.1.2079'. [ 397.060936][T11586] netlink: 'syz.1.2079': attribute type 2 has an invalid length. [ 397.068755][T11586] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2079'. [ 397.741766][T11611] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2087'. [ 398.569545][T11625] netlink: 'syz.3.2092': attribute type 1 has an invalid length. [ 398.627667][T11625] netlink: 148 bytes leftover after parsing attributes in process `syz.3.2092'. [ 398.673775][T11625] netlink: 'syz.3.2092': attribute type 2 has an invalid length. [ 398.681785][T11625] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2092'. [ 398.919480][ T5088] Bluetooth: hci0: unexpected event 0x2f length: 509 > 260 [ 399.220291][ T5132] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 400.064204][ T29] audit: type=1804 audit(1721300297.632:421): pid=11664 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.2104" name="/newroot/409/bus/bus" dev="overlay" ino=2229 res=1 errno=0 [ 400.285427][ T5132] usb 4-1: Using ep0 maxpacket: 8 [ 400.292466][ T5132] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 400.303215][ T5132] usb 4-1: New USB device found, idVendor=1b3d, idProduct=0146, bcdDevice= 1.b8 [ 400.341725][ T5132] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 400.396421][ T5132] usb 4-1: config 0 descriptor?? [ 400.418762][ T5132] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 400.439359][ T5132] usb 4-1: Detected SIO [ 400.456201][ T5132] ftdi_sio ttyUSB0: Overriding wMaxPacketSize on endpoint 2 [ 400.469291][ T5132] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 400.593872][T11690] netlink: 'syz.2.2112': attribute type 1 has an invalid length. [ 400.748485][T11690] netlink: 148 bytes leftover after parsing attributes in process `syz.2.2112'. [ 400.927182][T11690] netlink: 'syz.2.2112': attribute type 2 has an invalid length. [ 401.112134][T11690] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2112'. [ 402.139337][T11732] netlink: 'syz.0.2127': attribute type 1 has an invalid length. [ 402.149222][T11732] netlink: 148 bytes leftover after parsing attributes in process `syz.0.2127'. [ 402.159272][T11732] netlink: 'syz.0.2127': attribute type 2 has an invalid length. [ 402.168143][T11732] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2127'. [ 402.269812][T11735] Bluetooth: hci3: expected 2 bytes, got 7 bytes [ 403.735224][ T9] usb 4-1: USB disconnect, device number 13 [ 403.811743][ T9] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 404.151006][ T9] ftdi_sio 4-1:0.0: device disconnected [ 404.529589][T11776] netlink: 'syz.4.2140': attribute type 1 has an invalid length. [ 404.590373][T11776] netlink: 148 bytes leftover after parsing attributes in process `syz.4.2140'. [ 404.635193][T11776] netlink: 'syz.4.2140': attribute type 2 has an invalid length. [ 404.655362][T11776] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2140'. [ 405.414438][T11787] xt_CONNSECMARK: invalid mode: 0 [ 406.827575][T11813] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 406.891314][T11814] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 406.973789][T11813] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 407.032069][T11813] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2151'. [ 408.421272][ T5133] usb 3-1: new full-speed USB device number 19 using dummy_hcd [ 408.649331][ T5133] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 408.678942][ T5133] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64 [ 408.709321][ T5133] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 65535, setting to 64 [ 408.725737][T11873] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2177'. [ 408.738280][ T5133] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 408.761109][ T5133] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 408.791987][T11836] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 408.810714][T11836] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 409.257542][T11836] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2161'. [ 409.305740][T11836] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2161'. [ 409.412743][T11836] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2161'. [ 409.469079][T11836] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2161'. [ 409.611889][T11908] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2190'. [ 410.344771][T11836] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2161'. [ 410.664049][ T5095] Bluetooth: hci1: hardware error 0x00 [ 410.697529][ T25] usb 3-1: USB disconnect, device number 19 [ 411.514903][T11960] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2204'. [ 412.744021][T11969] netlink: 'syz.3.2208': attribute type 4 has an invalid length. [ 412.829430][ T5095] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 413.656058][T11990] xt_CONNSECMARK: invalid mode: 0 [ 413.873566][T11985] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 414.503440][T12013] netlink: 'syz.2.2223': attribute type 4 has an invalid length. [ 414.916942][ T5095] Bluetooth: hci1: Opcode 0x206c failed: -110 [ 415.298425][ T25] usb 2-1: new full-speed USB device number 23 using dummy_hcd [ 415.569837][ T25] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 415.616931][ T25] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64 [ 415.668997][ T25] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 65535, setting to 64 [ 415.699225][ T25] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 415.747467][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 415.786733][T12010] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 415.821230][T12010] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 416.209816][T12054] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x2 [ 416.590502][T12010] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2219'. [ 416.689733][T12010] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2219'. [ 416.769903][T12010] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2219'. [ 416.794445][T12010] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2219'. [ 416.889290][T12069] netlink: 'syz.0.2238': attribute type 4 has an invalid length. [ 417.066774][ T5095] Bluetooth: hci1: Opcode 0x2046 failed: -110 [ 417.888479][T12010] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2219'. [ 419.234483][ T29] audit: type=1804 audit(1721300317.001:422): pid=12094 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.2244" name="/newroot/150/bus/bus" dev="overlay" ino=827 res=1 errno=0 [ 419.473340][ T5133] usb 2-1: USB disconnect, device number 23 [ 419.548044][T12108] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2251'. [ 419.613196][T12111] netlink: 'syz.1.2253': attribute type 4 has an invalid length. [ 419.857578][T12126] sock: sock_timestamping_bind_phc: sock not bind to device [ 420.345148][ T5092] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 420.492159][T12156] sock: sock_timestamping_bind_phc: sock not bind to device [ 420.587448][ T5092] usb 4-1: Using ep0 maxpacket: 32 [ 420.614017][ T5092] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 420.633041][ T5092] usb 4-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice=db.8b [ 420.645346][ T5092] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 420.682928][ T5092] usb 4-1: config 0 descriptor?? [ 420.917912][ T5092] usb 4-1: USB disconnect, device number 14 [ 421.116547][ T29] audit: type=1326 audit(1721300319.303:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12186 comm="syz.4.2288" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa534775b59 code=0x0 [ 421.433052][T12198] program syz.2.2291 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 422.174016][T12214] netlink: 'syz.1.2299': attribute type 10 has an invalid length. [ 422.187973][T12214] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2299'. [ 422.199968][T12214] bridge0: port 2(dummy0) entered blocking state [ 422.216527][T12214] bridge0: port 2(dummy0) entered disabled state [ 422.238784][T12214] dummy0: entered allmulticast mode [ 422.252717][T12214] dummy0: entered promiscuous mode [ 422.280032][T12214] bridge0: port 2(dummy0) entered blocking state [ 422.287155][T12214] bridge0: port 2(dummy0) entered forwarding state [ 422.435930][T12226] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 422.448932][ T29] audit: type=1326 audit(1721300320.629:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12228 comm="syz.0.2305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6d4d75b59 code=0x7ffc0000 [ 422.491049][ T29] audit: type=1326 audit(1721300320.629:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12228 comm="syz.0.2305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6d4d75b59 code=0x7ffc0000 [ 422.525866][ T29] audit: type=1326 audit(1721300320.629:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12228 comm="syz.0.2305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe6d4d75b59 code=0x7ffc0000 [ 422.603543][ T29] audit: type=1326 audit(1721300320.629:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12228 comm="syz.0.2305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6d4d75b59 code=0x7ffc0000 [ 422.631487][ T29] audit: type=1326 audit(1721300320.629:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12228 comm="syz.0.2305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe6d4d75b59 code=0x7ffc0000 [ 422.656939][ T29] audit: type=1326 audit(1721300320.629:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12228 comm="syz.0.2305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6d4d75b59 code=0x7ffc0000 [ 422.689236][ T29] audit: type=1326 audit(1721300320.629:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12228 comm="syz.0.2305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6d4d75b59 code=0x7ffc0000 [ 422.734870][ T29] audit: type=1326 audit(1721300320.639:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12228 comm="syz.0.2305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe6d4d75b59 code=0x7ffc0000 [ 423.459040][T12253] hub 6-0:1.0: USB hub found [ 423.467902][T12253] hub 6-0:1.0: 1 port detected [ 425.158228][T12279] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 425.866156][T12295] xt_CONNSECMARK: invalid mode: 0 [ 426.624924][T12303] hub 6-0:1.0: USB hub found [ 426.632376][T12303] hub 6-0:1.0: 1 port detected [ 427.148341][ T5133] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 427.346382][ T5133] usb 5-1: Using ep0 maxpacket: 32 [ 427.381992][ T5133] usb 5-1: config index 0 descriptor too short (expected 65535, got 9) [ 427.417864][ T5133] usb 5-1: config 255 has too many interfaces: 255, using maximum allowed: 32 [ 427.461525][ T5133] usb 5-1: config 255 has 0 interfaces, different from the descriptor's value: 255 [ 427.474390][T12322] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 427.487382][ T5133] usb 5-1: New USB device found, idVendor=10d6, idProduct=2200, bcdDevice= 1.00 [ 427.525739][ T5133] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 427.557161][ T5133] usb 5-1: Product: syz [ 427.571151][ T5133] usb 5-1: Manufacturer: syz [ 427.586955][ T5133] usb 5-1: SerialNumber: syz [ 427.832724][ T5092] usb 5-1: USB disconnect, device number 15 [ 427.901139][ T5165] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 427.994016][ T29] kauditd_printk_skb: 12 callbacks suppressed [ 427.994036][ T29] audit: type=1326 audit(1721300326.171:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12328 comm="syz.0.2340" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe6d4d75b59 code=0x0 [ 428.142339][ T5165] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 428.165340][T12314] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 428.172199][ T5165] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 428.182405][ T5165] usb 4-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00 [ 428.191555][ T5165] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 428.203176][ T5165] usb 4-1: config 0 descriptor?? [ 428.688644][ T5165] lenovo 0003:17EF:6067.0009: hidraw0: USB HID v0.00 Device [HID 17ef:6067] on usb-dummy_hcd.3-1/input0 [ 428.972434][ T25] usb 4-1: USB disconnect, device number 15 [ 429.055202][T12353] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2349'. [ 429.586269][ T5092] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 430.432806][ T5092] usb 3-1: Using ep0 maxpacket: 32 [ 430.452624][T12383] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2362'. [ 430.469127][ T5092] usb 3-1: config index 0 descriptor too short (expected 65535, got 9) [ 430.477434][ T5092] usb 3-1: config 255 has too many interfaces: 255, using maximum allowed: 32 [ 430.516057][ T5092] usb 3-1: config 255 has 0 interfaces, different from the descriptor's value: 255 [ 430.546212][ T5092] usb 3-1: New USB device found, idVendor=10d6, idProduct=2200, bcdDevice= 1.00 [ 430.571877][ T5092] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 430.590843][ T5092] usb 3-1: Product: syz [ 430.605319][ T5092] usb 3-1: Manufacturer: syz [ 430.615478][ T5092] usb 3-1: SerialNumber: syz [ 430.842690][T12400] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2366'. [ 430.860542][T12400] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2366'. [ 431.030981][ T5238] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 431.661667][ T25] usb 3-1: USB disconnect, device number 20 [ 431.804355][ T5238] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 431.822851][ T5238] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 431.853025][ T5238] usb 4-1: New USB device found, idVendor=0419, idProduct=0001, bcdDevice= 0.00 [ 431.880467][ T5238] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 431.895829][ T5238] usb 4-1: config 0 descriptor?? [ 432.869247][T12421] netlink: 72 bytes leftover after parsing attributes in process `syz.4.2377'. [ 432.987463][ T5238] usbhid 4-1:0.0: can't add hid device: -71 [ 433.004365][ T5238] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 433.036489][ T5238] usb 4-1: USB disconnect, device number 16 [ 434.594207][T12445] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2384'. [ 434.615674][T12445] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2384'. [ 434.954574][T12465] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 435.002961][ T5095] Bluetooth: hci0: unexpected event 0x01 length: 6 > 1 [ 435.009741][T12465] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 435.123134][T12468] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 435.182033][ T5165] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 435.382560][ T5165] usb 4-1: Using ep0 maxpacket: 32 [ 435.391771][ T5165] usb 4-1: config index 0 descriptor too short (expected 65535, got 9) [ 435.406529][ T5165] usb 4-1: config 255 has too many interfaces: 255, using maximum allowed: 32 [ 435.417242][ T5165] usb 4-1: config 255 has 0 interfaces, different from the descriptor's value: 255 [ 435.453369][ T5165] usb 4-1: New USB device found, idVendor=10d6, idProduct=2200, bcdDevice= 1.00 [ 435.465584][ T5165] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 435.474115][ T5165] usb 4-1: Product: syz [ 435.478844][ T5165] usb 4-1: Manufacturer: syz [ 435.487059][ T5165] usb 4-1: SerialNumber: syz [ 435.757267][ T5133] usb 4-1: USB disconnect, device number 17 [ 435.945897][T12493] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2406'. [ 435.995256][T12493] : entered promiscuous mode [ 436.017743][T12495] netlink: 5 bytes leftover after parsing attributes in process `syz.1.2407'. [ 441.461347][ T1249] ieee802154 phy0 wpan0: encryption failed: -22 [ 441.461490][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 442.242952][ T5095] Bluetooth: hci4: unexpected event for opcode 0x0000 [ 442.277777][T12568] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2428'. [ 442.277809][T12568] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2428'. [ 442.428682][ T783] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 443.522950][ T783] usb 1-1: device descriptor read/all, error -71 [ 443.665670][T12588] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2437'. [ 444.836378][ T29] audit: type=1326 audit(1721300342.956:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12599 comm="syz.0.2443" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe6d4d75b59 code=0x0 [ 445.404752][T12604] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2445'. [ 446.294168][ T5095] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 446.304493][ T5095] Bluetooth: hci4: Injecting HCI hardware error event [ 446.318821][ T5095] Bluetooth: hci4: hardware error 0x00 [ 448.473268][ T5095] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 449.444491][T12674] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2465'. [ 450.727614][T12709] netlink: 652 bytes leftover after parsing attributes in process `syz.2.2483'. [ 451.101012][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 451.516871][T12736] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2493'. [ 451.585417][T12739] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.2495'. [ 451.684368][T12743] netlink: 652 bytes leftover after parsing attributes in process `syz.4.2497'. [ 452.147749][T12753] netlink: 'syz.0.2498': attribute type 4 has an invalid length. [ 453.240954][T12754] netlink: 'syz.0.2498': attribute type 4 has an invalid length. [ 454.776125][T12785] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2510'. [ 454.842207][T12785] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2510'. [ 455.448943][T12804] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2513'. [ 456.506059][T12840] netlink: 'syz.2.2529': attribute type 8 has an invalid length. [ 456.852136][ T5092] usb 5-1: new full-speed USB device number 16 using dummy_hcd [ 457.022783][ T25] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 457.046731][ T5092] usb 5-1: New USB device found, idVendor=0cf2, idProduct=6250, bcdDevice=56.a0 [ 457.076227][ T5092] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 457.119065][ T5092] usb 5-1: Product: syz [ 457.138337][ T5092] usb 5-1: Manufacturer: syz [ 457.152604][ T5092] usb 5-1: SerialNumber: syz [ 457.173824][ T5092] usb 5-1: config 0 descriptor?? [ 457.185169][ T5092] ums_eneub6250 5-1:0.0: USB Mass Storage device detected [ 457.214029][ T25] usb 3-1: Using ep0 maxpacket: 32 [ 457.389460][ T5133] usb 5-1: USB disconnect, device number 16 [ 457.803123][T12866] binder: BC_ACQUIRE_RESULT not supported [ 457.814293][T12866] binder: 12865:12866 ioctl c0306201 20000100 returned -22 [ 457.881629][T12871] netlink: 652 bytes leftover after parsing attributes in process `syz.0.2541'. [ 458.265386][ T783] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 458.726551][ T25] usb 3-1: unable to get BOS descriptor or descriptor too short [ 458.748990][ T25] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 458.764548][ T25] usb 3-1: can't read configurations, error -71 [ 458.850264][ T783] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 458.864802][ T783] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 458.878829][ T783] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 458.890130][ T783] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 458.928686][T12873] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 459.096382][ T5136] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 459.308242][ T5136] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 459.340018][ T5136] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 459.398614][ T5136] usb 1-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00 [ 459.448144][ T5136] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 459.498816][ T5136] usb 1-1: config 0 descriptor?? [ 459.635639][T12891] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2548'. [ 459.683221][ T783] usb 2-1: USB disconnect, device number 24 [ 459.695047][T12891] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2548'. [ 459.781410][T12891] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2548'. [ 460.067582][ T5136] lenovo 0003:17EF:6067.000A: hidraw0: USB HID v0.00 Device [HID 17ef:6067] on usb-dummy_hcd.0-1/input0 [ 460.357797][ T5136] usb 1-1: USB disconnect, device number 12 [ 461.014610][T12925] netlink: 'syz.1.2563': attribute type 15 has an invalid length. [ 462.083080][T12940] netlink: 'syz.0.2566': attribute type 4 has an invalid length. [ 462.588916][T12941] netlink: 'syz.0.2566': attribute type 4 has an invalid length. [ 462.986909][ T5136] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 463.193950][ T5136] usb 3-1: Using ep0 maxpacket: 32 [ 463.219261][ T5136] usb 3-1: New USB device found, idVendor=2c42, idProduct=16f8, bcdDevice=ba.e3 [ 463.246659][ T5136] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 463.259946][ T5136] usb 3-1: Product: syz [ 463.287449][ T5136] usb 3-1: Manufacturer: syz [ 463.299944][ T5136] usb 3-1: SerialNumber: syz [ 463.316010][ T5136] usb 3-1: config 0 descriptor?? [ 463.755034][ T5136] f81534a_ctrl 3-1:0.0: failed to set register 0x116: -5 [ 463.772060][ T5136] f81534a_ctrl 3-1:0.0: failed to enable ports: -5 [ 463.779687][ T5136] f81534a_ctrl 3-1:0.0: probe with driver f81534a_ctrl failed with error -5 [ 463.989963][ T5136] usb 3-1: USB disconnect, device number 23 [ 464.543919][T12976] kAFS: unable to lookup cell '' [ 468.229285][T13040] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2604'. [ 470.809226][T13062] netlink: 'syz.3.2609': attribute type 2 has an invalid length. [ 470.819753][T13062] netlink: 'syz.3.2609': attribute type 1 has an invalid length. [ 470.842436][T13062] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2609'. [ 471.122614][T13078] [ 471.125037][T13078] ====================================================== [ 471.132250][T13078] WARNING: possible circular locking dependency detected [ 471.139378][T13078] 6.10.0-syzkaller-05505-gb1bc554e009e #0 Not tainted [ 471.146607][T13078] ------------------------------------------------------ [ 471.154144][T13078] syz.4.2616/13078 is trying to acquire lock: [ 471.160461][T13078] ffff8880256bc088 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1eb/0x500 [ 471.169939][T13078] [ 471.169939][T13078] but task is already holding lock: [ 471.177325][T13078] ffff88807edc3468 (&pipe->mutex){+.+.}-{3:3}, at: iter_file_splice_write+0x335/0x14e0 [ 471.187073][T13078] [ 471.187073][T13078] which lock already depends on the new lock. [ 471.187073][T13078] [ 471.197490][T13078] [ 471.197490][T13078] the existing dependency chain (in reverse order) is: [ 471.206579][T13078] [ 471.206579][T13078] -> #2 (&pipe->mutex){+.+.}-{3:3}: [ 471.214055][T13078] lock_acquire+0x1ed/0x550 [ 471.219099][T13078] __mutex_lock+0x136/0xd70 [ 471.224123][T13078] pipe_write+0x1c9/0x1a40 [ 471.229065][T13078] __kernel_write_iter+0x47e/0x900 [ 471.234726][T13078] __kernel_write+0x120/0x180 [ 471.239924][T13078] autofs_notify_daemon+0x732/0xf80 [ 471.245764][T13078] autofs_wait+0x10b8/0x1b30 [ 471.250977][T13078] autofs_mount_wait+0x170/0x330 [ 471.256423][T13078] autofs_d_automount+0x555/0x710 [ 471.261955][T13078] __traverse_mounts+0x2ba/0x580 [ 471.267401][T13078] step_into+0x5e5/0x1080 [ 471.272233][T13078] path_lookupat+0x16f/0x450 [ 471.277335][T13078] filename_lookup+0x256/0x610 [ 471.282670][T13078] user_path_at+0x3a/0x60 [ 471.287618][T13078] __x64_sys_listxattr+0x109/0x230 [ 471.293305][T13078] do_syscall_64+0xf3/0x230 [ 471.298387][T13078] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 471.304901][T13078] [ 471.304901][T13078] -> #1 (&sbi->pipe_mutex){+.+.}-{3:3}: [ 471.312895][T13078] lock_acquire+0x1ed/0x550 [ 471.317991][T13078] __mutex_lock+0x136/0xd70 [ 471.323107][T13078] autofs_notify_daemon+0x71f/0xf80 [ 471.329025][T13078] autofs_wait+0x10b8/0x1b30 [ 471.334127][T13078] autofs_mount_wait+0x170/0x330 [ 471.340869][T13078] autofs_d_automount+0x555/0x710 [ 471.346573][T13078] __traverse_mounts+0x2ba/0x580 [ 471.352124][T13078] step_into+0x5e5/0x1080 [ 471.357045][T13078] path_lookupat+0x16f/0x450 [ 471.362260][T13078] filename_lookup+0x256/0x610 [ 471.367637][T13078] kern_path+0x35/0x50 [ 471.372224][T13078] lookup_bdev+0xc5/0x290 [ 471.377071][T13078] resume_store+0x1a0/0x710 [ 471.382119][T13078] kernfs_fop_write_iter+0x3a1/0x500 [ 471.388091][T13078] iter_file_splice_write+0xbd7/0x14e0 [ 471.394078][T13078] direct_splice_actor+0x11e/0x220 [ 471.399706][T13078] splice_direct_to_actor+0x58e/0xc90 [ 471.405688][T13078] do_splice_direct+0x28c/0x3e0 [ 471.411073][T13078] do_sendfile+0x56d/0xe20 [ 471.416008][T13078] __se_sys_sendfile64+0x17c/0x1e0 [ 471.421691][T13078] do_syscall_64+0xf3/0x230 [ 471.426727][T13078] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 471.434140][T13078] [ 471.434140][T13078] -> #0 (&of->mutex){+.+.}-{3:3}: [ 471.441796][T13078] validate_chain+0x18e0/0x5900 [ 471.447368][T13078] __lock_acquire+0x1346/0x1fd0 [ 471.453009][T13078] lock_acquire+0x1ed/0x550 [ 471.458339][T13078] __mutex_lock+0x136/0xd70 [ 471.463493][T13078] kernfs_fop_write_iter+0x1eb/0x500 [ 471.469566][T13078] iter_file_splice_write+0xbd7/0x14e0 [ 471.475643][T13078] do_splice+0xd77/0x1900 [ 471.480604][T13078] __se_sys_splice+0x331/0x4a0 [ 471.486319][T13078] do_syscall_64+0xf3/0x230 [ 471.491360][T13078] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 471.497865][T13078] [ 471.497865][T13078] other info that might help us debug this: [ 471.497865][T13078] [ 471.508706][T13078] Chain exists of: [ 471.508706][T13078] &of->mutex --> &sbi->pipe_mutex --> &pipe->mutex [ 471.508706][T13078] [ 471.522793][T13078] Possible unsafe locking scenario: [ 471.522793][T13078] [ 471.530799][T13078] CPU0 CPU1 [ 471.537282][T13078] ---- ---- [ 471.543206][T13078] lock(&pipe->mutex); [ 471.547734][T13078] lock(&sbi->pipe_mutex); [ 471.557879][T13078] lock(&pipe->mutex); [ 471.565256][T13078] lock(&of->mutex); [ 471.570186][T13078] [ 471.570186][T13078] *** DEADLOCK *** [ 471.570186][T13078] [ 471.579394][T13078] 2 locks held by syz.4.2616/13078: [ 471.584670][T13078] #0: ffff88803072c420 (sb_writers#8){.+.+}-{0:0}, at: do_splice+0xcf0/0x1900 [ 471.594021][T13078] #1: ffff88807edc3468 (&pipe->mutex){+.+.}-{3:3}, at: iter_file_splice_write+0x335/0x14e0 [ 471.604675][T13078] [ 471.604675][T13078] stack backtrace: [ 471.610661][T13078] CPU: 0 PID: 13078 Comm: syz.4.2616 Not tainted 6.10.0-syzkaller-05505-gb1bc554e009e #0 [ 471.621033][T13078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 471.631614][T13078] Call Trace: [ 471.634950][T13078] [ 471.637981][T13078] dump_stack_lvl+0x241/0x360 [ 471.642766][T13078] ? __pfx_dump_stack_lvl+0x10/0x10 [ 471.647985][T13078] ? print_circular_bug+0x130/0x1a0 [ 471.653191][T13078] check_noncircular+0x36a/0x4a0 [ 471.658204][T13078] ? check_path+0x21/0x40 [ 471.662564][T13078] ? __pfx_check_noncircular+0x10/0x10 [ 471.668036][T13078] ? lockdep_lock+0x123/0x2b0 [ 471.672828][T13078] validate_chain+0x18e0/0x5900 [ 471.678140][T13078] ? __pfx_validate_chain+0x10/0x10 [ 471.683548][T13078] ? look_up_lock_class+0x77/0x160 [ 471.688655][T13078] ? register_lock_class+0x102/0x980 [ 471.694028][T13078] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 471.700014][T13078] ? __pfx_register_lock_class+0x10/0x10 [ 471.706290][T13078] ? mark_lock+0x9a/0x350 [ 471.710662][T13078] ? lockdep_hardirqs_on+0x99/0x150 [ 471.715873][T13078] __lock_acquire+0x1346/0x1fd0 [ 471.720742][T13078] lock_acquire+0x1ed/0x550 [ 471.725347][T13078] ? kernfs_fop_write_iter+0x1eb/0x500 [ 471.730826][T13078] ? __pfx_lock_acquire+0x10/0x10 [ 471.735883][T13078] ? __pfx___might_resched+0x10/0x10 [ 471.741162][T13078] ? __virt_addr_valid+0x183/0x530 [ 471.746324][T13078] ? _copy_from_iter+0x7ed/0x1960 [ 471.751365][T13078] __mutex_lock+0x136/0xd70 [ 471.755878][T13078] ? kernfs_fop_write_iter+0x1eb/0x500 [ 471.761747][T13078] ? kernfs_fop_write_iter+0x1eb/0x500 [ 471.767204][T13078] ? __pfx___mutex_lock+0x10/0x10 [ 471.772239][T13078] ? __virt_addr_valid+0x183/0x530 [ 471.777355][T13078] ? __virt_addr_valid+0x183/0x530 [ 471.782906][T13078] ? __virt_addr_valid+0x45f/0x530 [ 471.788005][T13078] ? __check_object_size+0x49c/0x900 [ 471.793278][T13078] kernfs_fop_write_iter+0x1eb/0x500 [ 471.798549][T13078] iter_file_splice_write+0xbd7/0x14e0 [ 471.803999][T13078] ? __pfx_iter_file_splice_write+0x10/0x10 [ 471.809878][T13078] ? rcu_read_lock_any_held+0xb7/0x160 [ 471.815325][T13078] ? __pfx_iter_file_splice_write+0x10/0x10 [ 471.821822][T13078] do_splice+0xd77/0x1900 [ 471.826148][T13078] ? __pfx_lock_release+0x10/0x10 [ 471.831191][T13078] ? __pfx_reacquire_held_locks+0x10/0x10 [ 471.836905][T13078] ? pipe_clear_nowait+0x196/0x220 [ 471.842006][T13078] ? __pfx_do_splice+0x10/0x10 [ 471.846830][T13078] __se_sys_splice+0x331/0x4a0 [ 471.851651][T13078] ? __pfx___se_sys_splice+0x10/0x10 [ 471.857024][T13078] ? exc_page_fault+0x590/0x8c0 [ 471.861895][T13078] ? __x64_sys_splice+0x21/0xf0 [ 471.866754][T13078] do_syscall_64+0xf3/0x230 [ 471.871297][T13078] ? clear_bhb_loop+0x35/0x90 [ 471.875968][T13078] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 471.882040][T13078] RIP: 0033:0x7fa534775b59 [ 471.886566][T13078] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 471.906197][T13078] RSP: 002b:00007fa53552e048 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 471.914632][T13078] RAX: ffffffffffffffda RBX: 00007fa534904038 RCX: 00007fa534775b59 [ 471.922754][T13078] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000003 [ 471.930764][T13078] RBP: 00007fa5347e4e5d R08: 0000000000001800 R09: 0000000000000000 [ 471.938910][T13078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 471.947113][T13078] R13: 000000000000006e R14: 00007fa534904038 R15: 00007ffe59545b78 [ 471.955175][T13078]