last executing test programs: 1m1.330290807s ago: executing program 3 (id=2829): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0) r2 = socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, r2) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) creat(&(0x7f0000000240)='./file0\x00', 0x122) dup(r1) setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0) lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000400)=@v3={0x3000000, [{0x9, 0x1}, {0x0, 0x3d9b}]}, 0x18, 0x3) lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], &(0x7f00000002c0)=""/203, 0xfffffffffffffe5f) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, 0x0, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r5 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x5) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, r5, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffdd5}, 0x94) socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$MRT6_ADD_MIF(r2, 0x29, 0xca, &(0x7f0000000040)={0x0, 0x1}, 0xc) setsockopt$MRT6_ADD_MFC_PROXY(r2, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, {0xa, 0x0, 0x0, @empty}}, 0x5c) setsockopt$MRT6_FLUSH(r2, 0x29, 0xd4, 0x0, 0x0) 59.019671978s ago: executing program 3 (id=2838): bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b7000000ff020100bfa30000000000000703000018feffff720aa9fff8ffffff71a4a9ff0000000072030200000000131d400500000000004704000001ed00006b030000000000001d440000000000007a0a00fe00ffffffc303000051000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7109000000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a1074649c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c0dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6acdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e50002a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de5c028d6112a0c2d21b2dc98814106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c53218294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb118888876b617398d00a7526103ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fed000000007baa5b6a686b50f0937f778af083e08b7ab6cd9c65ba55f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddc42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293d364b9effa9a9406ac2683e231d4774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479517dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a79e59e1712c8c546768e5722da19fcdb4c2890cda1f96b952511e3a49d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767987d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca485683252b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c32040098e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a0032f37ff559be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1be62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee07751532d5e7d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070f66b2b388f0f744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e2fa3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef907000000f01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e015cb56119df72c7533a48d028a3a981463f25c068d4410dad0c74e2a9478fa3be18a1a27bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb581012fd7a8139166fd5e59c84f4ab07001b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe62fe293308b2a146f12a4c205235924cee765d94b1cc06641247c773ab8d1abbeb03ea68"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x1010000}, 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff11, 0x0, 0xffffffffffffffff, 0xfffffffffffffea5}, 0x48) 58.866041372s ago: executing program 3 (id=2839): r0 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000680)={0x84, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) r1 = accept(0xffffffffffffffff, &(0x7f0000000200)=@rc={0x1f, @fixed}, &(0x7f0000000000)=0x80) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x202001, 0x0) getsockname$packet(r1, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000100)=0x14) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) r2 = socket(0x40000000015, 0x5, 0x0) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) bind$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) syz_usb_control_io$printer(r0, &(0x7f0000000180)={0x14, &(0x7f0000000040)={0x40, 0x4, 0x16, {0x16, 0x31, "69c334cd2d86994a3a55a832c754ea735ed12218"}}, &(0x7f0000000380)={0x0, 0x3, 0xd2, @string={0xd2, 0x3, "2c2ba4c487d2227ae0611c2559976dfb9b89584e2f5a794c9d36c7cb845f14c19e1756715ea9a9d2bb8024505c3b808b29c37a71e3a2c78fce640deb11bddbef3047b4cbb88df9667ccafe003fed559c9ea027b9c517f764b02bd3c083ded147670eb9425f28f93ed2d49875cc5d92dcd44744d2f92cb8464c6a2cc2a2b73b1a31244a131aa38f1be9db8b3caeaa9d6fc7df8ab8db3a3da0ec27d525eafb4841028def317f685eeb1c61bc77e8971f2dfb27f1610ee65bb005c85be6dc277923821d16e3a0cb39fac3c2741ca193acb7"}}}, &(0x7f0000000540)={0x34, &(0x7f0000000280)={0x40, 0x6, 0x2f, "287dcde199c3df502c0a1b61e7051d82b968cf27f93a0009a4550a436602812961d8db81d5296dfaf31193b15c1841"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x1}, &(0x7f0000000300)={0x0, 0x8, 0x1, 0x9}, &(0x7f0000000480)={0x20, 0x0, 0x1b, {0x19, "52a6cd88b0078e2b69a49174404526727ed66dfc3e9e0e77cd"}}, &(0x7f00000004c0)={0x20, 0x1, 0x1, 0x48}, &(0x7f0000000500)={0x20, 0x0, 0x1, 0x4}}) sendto$inet(r2, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x1a000}, 0x1, 0x0, 0x0, 0x300}, 0x0) setsockopt$sock_int(r2, 0x1, 0x2e, &(0x7f0000000140)=0x9, 0x4) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000c80)={0x44, &(0x7f0000000940)={0x40, 0x14, 0x4, "a84469b7"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 55.762349798s ago: executing program 3 (id=2854): read$FUSE(0xffffffffffffffff, &(0x7f0000000bc0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) rt_sigqueueinfo(r0, 0x2f, &(0x7f0000000240)={0x19, 0x1000200, 0xa}) r1 = socket(0x10, 0x3, 0x0) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="400000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001800128008000100707070000c00028008000100", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES64=r1], 0x40}}, 0x0) r3 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x40000936, 0x0, 0x10000, 0xe9}, &(0x7f0000000b80)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x108) r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901) move_mount(r6, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r7, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) pivot_root(&(0x7f00000001c0)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000440)='./file0\x00') syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x2000, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r3, 0x47ba, 0x0, 0x0, 0x0, 0x0) getsockopt$SO_J1939_PROMISC(r6, 0x6b, 0x2, &(0x7f0000000080), &(0x7f00000002c0)=0x4) 55.51772058s ago: executing program 3 (id=2857): syz_usb_connect(0x3, 0x24, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0xa1, 0x7b, 0xee, 0x10, 0x12d1, 0x9e79, 0x3932, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x50, 0x0, [{{0x9, 0x4, 0x15, 0x0, 0x0, 0xff, 0x6, 0xb}}]}}]}}, 0x0) syz_usb_connect$printer(0x4, 0x36, &(0x7f0000000300)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x10, 0x4b8, 0x202, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x60, 0x7, [{{0x9, 0x4, 0x0, 0x1, 0x1, 0x7, 0x1, 0x1, 0x81, "", {{{0x9, 0x5, 0x1, 0x2, 0x3ff, 0x3, 0x9, 0x3}}, [{{0x9, 0x5, 0x82, 0x2, 0x0, 0x7f, 0xe, 0x3}}]}}}]}}]}}, &(0x7f0000000380)={0xa, &(0x7f0000000340)={0xa, 0x6, 0x200, 0x6, 0x0, 0xfa, 0x10, 0x9}, 0x79, &(0x7f0000000400)={0x5, 0xf, 0x79, 0x3, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0xa, 0x2, 0xb, 0x1}, @wireless={0xb, 0x10, 0x1, 0xc, 0x0, 0x3, 0x6, 0x56, 0xc}, @generic={0x5f, 0x10, 0xe66fdda59637930a, "801c700461e39fe993917252848fdda9bbb9863cb3c142f0bf207a643fecaed343870b369e595b168f347be68da5b6eae03766a3b22ff2fae0f5714071f52323f1ff9ecdeee5f6f9db244453dbed97bd02c748f9b9db490e49628677"}]}, 0x1, [{0xde, &(0x7f0000000480)=@string={0xde, 0x3, "2c3b9c2c53f510e6ebe34f524c8ad5becac920f7233c2de5c08697c7c1bfddcb6476281e264768903452efd517347b41eee02bc9afa75cdc2e50afd76a3baaa9c1ff6523aaf6897346b6e44e046ceafce4ac4418e02be5b79de52a914eff0d11e1c721a8ba0976b3e40f40f44a2a5dbe36658d0245cbdd0a19735ebafc75f81ce0fa359633438cce549e810a2bbefcb410d4308322ee2b8ae9170da08cba4038900fb481ce4de8b88258e29bb85dc1e46c44a355a5caa8ded8a1496fccf0d5e0744fcec96292ef98693b73b9a22f1fa1f007522571467f019ae63d1b"}}]}) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) fsopen(&(0x7f0000000280)='cifs\x00', 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$PROG_LOAD(0x5, 0x0, 0x0) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x5, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000), 0x900, 0x0) r3 = userfaultfd(0x801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000100)) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) ioctl$UFFDIO_CONTINUE(r3, 0xc020aa07, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) syz_usb_connect$cdc_ncm(0x0, 0x74, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x62, 0x2, 0x1, 0xd, 0x0, 0x6, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "74d6bde90b9c"}, {0x5, 0x24, 0x0, 0x1}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x4de, 0x7129, 0x7}, {0x6, 0x24, 0x1a, 0x7, 0x28}}, {{0x9, 0x5, 0x81, 0x3, 0x20, 0x71, 0xad, 0x6}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x40, 0x18, 0xb2, 0xeb}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0xbf, 0x0, 0x7}}}}}}}]}}, &(0x7f0000000280)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x250, 0x8, 0x86, 0xad, 0xff, 0x6}, 0x44, &(0x7f00000000c0)={0x5, 0xf, 0x44, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0xc, 0x8, 0x6, 0x8}, @ss_cap={0xa, 0x10, 0x3, 0xa9b0086cda698bd3, 0x2, 0x1, 0x1, 0x7}, @ssp_cap={0xc, 0x10, 0xa, 0x7, 0x0, 0x0, 0xff00, 0x8}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x5, 0x5, 0x4, 0x6}, @ssp_cap={0x18, 0x10, 0xa, 0x3a, 0x3, 0x7b7fdc1, 0xf000, 0xa945, [0x3f30, 0x0, 0x30]}]}, 0x4, [{0x7f, &(0x7f0000000140)=@string={0x7f, 0x3, "c8088aa4da659aaa82538d0aa22dceeefdb8b4233cb7a9120b6350d49ef3c22bbf4a462ef7ea3c132c24bac89115a150fed949c00e79b6814b5d69fc1b8718eb6971666b568da323a4611aaa303b1cd46108565d844503d1a394006c68c2178ab3b23eb00d3ae5255a9c481e39fb55df9095fcaefcf5aa5cf5cfd09ae3"}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x3401}}, {0x4, &(0x7f0000000200)=@lang_id={0x4}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x280a}}]}) 54.755588462s ago: executing program 3 (id=2859): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) semget$private(0x0, 0x3, 0x4) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x6}, {0xffff, 0xffff}, {0xb}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x14, 0x2, [@TCA_PIE_BETA={0x8, 0x5, 0x4}, @TCA_PIE_ALPHA={0x8, 0x4, 0x8}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x5}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000080)={0x0, @in6={{0xa, 0x4e24, 0x2, @private2, 0x5}}}, &(0x7f0000000000)=0x84) getsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000140)=@assoc_id=r3, &(0x7f00000001c0)=0x4) 54.388913568s ago: executing program 32 (id=2859): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) semget$private(0x0, 0x3, 0x4) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x6}, {0xffff, 0xffff}, {0xb}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x14, 0x2, [@TCA_PIE_BETA={0x8, 0x5, 0x4}, @TCA_PIE_ALPHA={0x8, 0x4, 0x8}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x5}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000080)={0x0, @in6={{0xa, 0x4e24, 0x2, @private2, 0x5}}}, &(0x7f0000000000)=0x84) getsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000140)=@assoc_id=r3, &(0x7f00000001c0)=0x4) 7.832485528s ago: executing program 4 (id=3237): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000013002f0a253d70000000000007006800", @ANYRES32=r1, @ANYBLOB="000900001020060024000c80090001"], 0x44}}, 0x0) 6.437918719s ago: executing program 4 (id=3255): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x701203, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) socket$unix(0x1, 0x1, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x80000, {0x0, 0x0, 0x0, r8, {0x0, 0x9}, {0xffe6, 0xb}, {0xffe0, 0xa}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x0, 0x1, 0x406, 0xfffffffe, 0xffffffff, 0x23}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 5.559172148s ago: executing program 4 (id=3264): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, 0x0, 0x0) socket$packet(0x11, 0xa, 0x300) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) syz_emit_ethernet(0x33, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x25, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x11, 0x0, @gue={{0x2, 0x1, 0x1, 0xfd, 0x100, @val=0x80}, 'N'}}}}}}, 0x0) 5.464199111s ago: executing program 4 (id=3265): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@bridge_setlink={0x34, 0x13, 0xa2f, 0x70bd2c, 0x25cfdbfd, {0x7, 0x0, 0x68, r1, 0x16258, 0x28}, [@IFLA_LINKINFO={0x14, 0x1a, 0x0, 0x1, @vlan={{0x9}, {0x4, 0x4}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x20}, 0x50) 4.449880684s ago: executing program 4 (id=3276): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c) socket$packet(0x11, 0xa, 0x300) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, 0x0, 0x0) syz_emit_ethernet(0x33, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x25, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x11, 0x0, @gue={{0x2, 0x1, 0x1, 0xfd, 0x100, @val=0x80}, 'N'}}}}}}, 0x0) 4.309765848s ago: executing program 4 (id=3278): creat(&(0x7f0000000000)='./file0\x00', 0x142) openat$ppp(0xffffffffffffff9c, 0x0, 0x101900, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000300)={{0x0, 0x2, 0xd, 0x0, 0x3}}) 2.806461878s ago: executing program 2 (id=3290): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=@newtfilter={0x8c, 0x2c, 0xd27, 0x70bd2d, 0x25dfdc00, {0x0, 0x0, 0x0, r2, {0xffff, 0x3}, {}, {0xfff3, 0xffe0}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0xd, 0xd0ea, 0x20000001, 0x3, 0x4}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x1, 0xb}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x50}, 0x0) 2.340596053s ago: executing program 5 (id=3292): sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x2a, 0x2, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=@newtfilter={0x90, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0xfffa}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x58, 0x2, [@TCA_FLOWER_ACT={0x54, 0x3, [@m_connmark={0x50, 0x1, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xc9f1, 0x4, 0x10000005, 0x40, 0x7fffffff}}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x2, 0x7}}]}, 0x90}}, 0x24000040) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 2.19066722s ago: executing program 2 (id=3293): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000000)=@newtaction={0x44, 0x30, 0x1, 0x0, 0x0, {}, [{0x30, 0x1, [@m_bpf={0x2c, 0x2, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x44}}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x44) 2.163060307s ago: executing program 5 (id=3294): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f00000004c0), 0x10) sendmsg$can_bcm(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000700)=ANY=[@ANYBLOB="05000000030000000000000000400000", @ANYRES64=r0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x2710], 0x38}, 0x20}, 0x0) 2.01433153s ago: executing program 2 (id=3296): r0 = socket$xdp(0x2c, 0x3, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00', 0x0}) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000340)=0x8000, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', 0x0}) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000001780)=0x100000, 0x4) bind$xdp(r3, &(0x7f0000000100)={0x2c, 0x0, r5}, 0x10) bind$xdp(r0, &(0x7f0000000240)={0x2c, 0x1, r2, 0x0, r3}, 0x10) 2.006135736s ago: executing program 5 (id=3298): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c) socket$packet(0x11, 0xa, 0x300) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, 0x0, 0x0) syz_emit_ethernet(0x33, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x25, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x11, 0x0, @gue={{0x2, 0x1, 0x1, 0xfd, 0x100, @val=0x80}, 'N'}}}}}}, 0x0) 1.879751203s ago: executing program 5 (id=3301): openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=@newtaction={0x5c, 0x30, 0xb, 0x0, 0x25dfdbfe, {}, [{0x48, 0x1, [@m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xd, 0x2, 0x0, 0x8}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x1}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000540)=ANY=[@ANYBLOB="1400000010"], 0xb0}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DEL(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="e00000000a06010100000000000000000300000908000940800000010900020073797a310000000005000100070000000800094000000005880008800c000780080009"], 0x13a}, 0x1, 0x0, 0x0, 0x4800}, 0x48080) 1.758833433s ago: executing program 5 (id=3302): socket$packet(0x11, 0x3, 0x300) openat$sndseq(0xffffffffffffff9c, 0x0, 0xe0c81) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, 0x0, 0x20040802) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) setxattr$system_posix_acl(0x0, &(0x7f0000002a40)='system.posix_acl_default\x00', 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) wait4(0x0, 0x0, 0x2, 0x0) capget(&(0x7f0000000200)={0x20080522}, &(0x7f0000000240)={0x1, 0x7, 0x7fffffff, 0x1, 0x7ff, 0x81}) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x4000054) 1.242904638s ago: executing program 2 (id=3306): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000000)=@newtaction={0x44, 0x30, 0x1, 0x0, 0x0, {}, [{0x30, 0x1, [@m_bpf={0x2c, 0x2, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x44}}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x44) 960.23236ms ago: executing program 0 (id=3309): unshare(0x400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0xffb2) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x4, &(0x7f0000000100)=@ccm_128={{0x303}, '\x00 \x00', "38967a2445914c2e5ab898a7f56a364a", "80020007", "bff5b80e1f6fd131"}, 0x28) 893.052591ms ago: executing program 2 (id=3310): getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e20, @private=0xa010101}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000400)={0x0, 0x38, "ec2ab3294c462a2b6389fba6926f0291739803b12a576b8938437e6218edc00c23ee285cfd0d59413e88105c0d72a707232c20538eaf313d"}, &(0x7f0000000000)=0x40) r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x27) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(0xffffffffffffffff, 0x84, 0x79, &(0x7f0000000180)={r1, 0x54e5, 0xd0e6}, 0x8) 834.472385ms ago: executing program 0 (id=3311): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) 818.925668ms ago: executing program 1 (id=3312): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1a, &(0x7f0000000000)=0x6, 0x4) r1 = socket(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast2={0xff, 0x5}}, 0x1c) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x40, 0x10, 0x403, 0x200000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x42}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GTP_FD1={0x8, 0x2, @udp6}, @IFLA_GTP_FD0={0x8, 0x1, @udp=r1}]}}}]}, 0x40}, 0x1, 0xba01}, 0x0) 724.078694ms ago: executing program 0 (id=3313): r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000140), 0x0) sendto$inet(r0, &(0x7f0000000300)="fa", 0x1, 0x44054, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10) 589.24454ms ago: executing program 2 (id=3314): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x3, 0x6576, 0xd}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r1, 0x100000000) sendmmsg$inet6(r0, &(0x7f00000080c0)=[{{&(0x7f0000000480)={0xa, 0x4e1e, 0x8, @private2={0xfc, 0x2, '\x00', 0x2}, 0x6}, 0x1c, &(0x7f00000004c0)=[{&(0x7f0000001880)="02", 0x1}], 0x1}}], 0x1, 0x931766f6319eed40) 587.01771ms ago: executing program 1 (id=3315): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r1, &(0x7f0000000340)={0x1d, 0x0, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081) setsockopt$SO_J1939_FILTER(r1, 0x6b, 0x1, &(0x7f00000005c0)=[{0x1, 0x3, {0x0, 0xf0, 0x4}, {0x1}, 0xff, 0xff}, {0x1, 0x1, {0x2, 0x0, 0x4}, {0x0, 0xff}, 0xfe, 0x1}], 0x40) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=@newtfilter={0x24, 0x11, 0x1, 0x70bd26, 0x25dfdbfc, {0x0, 0x0, 0x74, 0x0, {0xb, 0xfff2}, {0xfff1, 0x9}, {0x2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x20000050) 557.591741ms ago: executing program 0 (id=3316): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=@newtfilter={0x8c, 0x2c, 0xd27, 0x70bd2d, 0x25dfdc00, {0x0, 0x0, 0x0, r2, {0xffff, 0x3}, {}, {0xfff3, 0xffe0}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0xd, 0xd0ea, 0x20000001, 0x3, 0x4}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x1, 0xb}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x50}, 0x0) 489.61859ms ago: executing program 1 (id=3317): r0 = socket$xdp(0x2c, 0x3, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00', 0x0}) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000340)=0x8000, 0x4) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000001780)=0x100000, 0x4) bind$xdp(r3, &(0x7f0000000100), 0x10) bind$xdp(r0, &(0x7f0000000240)={0x2c, 0x1, r2, 0x0, r3}, 0x10) 307.672515ms ago: executing program 1 (id=3318): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000900)={0x5c, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0x48, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x42, 0x4, {'gcm(aes)\x00', 0x1a, "e3de3d7b4cd0c6ef010b365d32447ec3ee777de700fb05f2a3f3"}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4}, 0x4000004) 186.212946ms ago: executing program 0 (id=3319): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x701203, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) r7 = socket$unix(0x1, 0x1, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x80000, {0x0, 0x0, 0x0, r9, {0x0, 0x9}, {0xffe6, 0xb}, {0xffe0, 0xa}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x0, 0x1, 0x406, 0xfffffffe, 0xffffffff, 0x23}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 82.775097ms ago: executing program 1 (id=3320): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000000)=@newtaction={0x44, 0x30, 0x1, 0x0, 0x0, {}, [{0x30, 0x1, [@m_bpf={0x2c, 0x2, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x44}}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x44) 39.115294ms ago: executing program 0 (id=3321): unshare(0x400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0xffb2) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x4, &(0x7f0000000100)=@ccm_128={{0x303}, '\x00 \x00', "38967a2445914c2e5ab898a7f56a364a", "80020007", "bff5b80e1f6fd131"}, 0x28) 1.202128ms ago: executing program 1 (id=3322): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f00000004c0), 0x10) sendmsg$can_bcm(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000700)=ANY=[@ANYBLOB="05000000030000000000000000400000", @ANYRES64=r0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB], 0x38}, 0x20}, 0x0) 0s ago: executing program 5 (id=3323): openat$tun(0xffffffffffffff9c, 0x0, 0x200, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) syz_emit_ethernet(0xfb5, &(0x7f0000001680)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @multicast, @void, {@llc={0x4, {@snap={0x1, 0x1, "ef", '#&b', 0x88be, "ca4d1e64a2504eca9051004bfacc1a68e8dfb08577452bb97a460950f9986d55b3ac976dda9c53ac17adf1b7a0c123230a61476d13b6cb2383d7d1dadf7e839bd506ae42c6e3bbe523e1cf89e0db78c3eae1b639337f326ecd40a6ba117ca1292c4dfe1e691647129af2d7d057df156c7eba213b8c21b5642070d028a9c39dfed5dd6013a081aa9774cf6b4e08caac022c0913cf1dff7265a561af2e3792b92af7487c18ccb129f5639feb7482b0760c95e485d9ce4bbf8bf2d1e3d986a6e1966edc6f06e5d1dec48db7b097306349d6dd8a4a4fbaefc7141f6ac1d3c4506bacfdf154508498b14531f848671267f617e5bf4531e4fb2023b084da8d231c585db0b2dff15db75b82333eca895048dbd91d4961b5c0137688e190a16ae88301baaa10cfa2e3c2247c8f6dc9dff40583284eb96b30096ba29a44319d402954cce740fab2f303a32f233cf056596bbd56da494407a5a0da66e4db6636b5d4fc13b821ea7893c052b9ad2593636732cff3693f799a95837ac7b8eac286c89c5b76368b664146af37b5a959ac9766b717e1ea72375f15af62854baaee69cd1429dcd5f53be10a7021431c8005881c0f87b3d7cd4d843978281c2796792bc3298b87d859fc64450c9504f0ff04ed8264f1ed2f4deda89eb86a2fcdc9e5810cb138bdc765e458dc38aea158130549806fd764a322d9ae0e900251ce157378afc72d009e803f481a3ccb96aa15d78febfd22db10321238436ba8a16d70eb5721de151afefddd5f1b53ada04b9e062f846608f494a2570a6a089cca943b228208232ab55ffe156d42a01e2dc477b0c860c68460d9d4c5eae664ddc75686ecb87678f2e9202867a8aaf6efa5f735dcb13081ee65fb98d170efd8ec0c34f32fe45dffa025a716d6e77532d627df66db7a2689bf7e8198d3d355fd7a5b39812a8776e43ab2b7f1217a26f86a47a92c7a7749a88cecc7b7ac741489a390115c27bf9999b0b1df24cb6bee50c03bb61a6e4a82a23ff705927b37f066c2fa2460d02c974601efc30cae00491f6302a39d353489d65e3bead178b375dcaa1446b9c333811229025cec9ff17bbfb9f8b56d01e7fb603d39968305181766fb56897bf9b01691deb84aeda1191d14496d2e242183878428ebf889482c190a1ac1c0b560d9f3d5d2b5f186f6a78f03b9e1fc8c838a95701a419b1f4446513dc141de49523eeb7d1fe1118cb4b7489dbf60fa94507509bf53cc0669891d69bd6c778687d7479ab383a9100b677354b2fd699ba2bd0ed86283c874618106f0e0d5716b10031ba37b56a7bf7b4ac7d7f82c9e9729d783f3343a14fcfcf9c61a005f4e230f622f4c46bc450db12f3f35664350b5a4c08ef2698c1af059bf61ef6918792578a136e6dd1976836cd4c2e6271c6c53d1f736e3af27ec62fb6cc3afaba4aead91060249b2b3343025b28324971fc7944c41e04308c501cfa970d96aa3dbe18e2f98c41186e7169392e74b25ad6aeb568e697c14077f0d0637953fd28843173714a52d34c042f051dde22564c8ac72d5c5ffe049ca3a75d8ca340538915488f66f053352c370b8c1da675e831dd46c57b5d93d3b0e592f1424c4f722f03f2cd0e5ec71541eda52c9e4c9a470165eb7168cb65caea3a7184c6716d27bf07c91a4be25c5310318e2c689cfc3a70f0e9ae91cd864e228dc2f7c8566302bb4bf822483e24efce51d5a3d64a5a3bc09a65784ffc192b13aabb7dedf221e1821727844e4881d8e928e3430c7403494c691f7df01f2c7c0a65c9a0e564029bf618355ed7e596e1a1e61dfdd837592bc1af24ddb270950abd69f7aebdc9ac60dc8273124bc0cdb79f4baa5259b155f292ade92fbfd791b67517eeca90fcad7b2e7a78e4c26ba01c216f7431ab437de5e368ae6b46c482f0493fb2dc1ca9157010fdcf32c98f980f372cd966177bbb0c4f28909f6f857009390fc063bc7f37fc47e735de75066efcf19c6a31db53de20b6c5e6d51f26874f67d0ad3dc1211e3af8ad71f6d7666aa328058999f420fa5d535d2781e2748bb354c45b3020ad021016951ece33b5bc4e10109edbb303caeceeb14ba1775f9eb0e50b124c4c6810e6128802cde5c465b4635e4bcc3465276d0158b0e1a02f2617f125a0395b2cd31156937fd08e31d9643164e1c16581e1722ec001a7ec5014ca254335edbd74a8f931b69155d3d575596671bad2c1b1ccf2d5019ddd6e44bfe44060eaaffe5fc04c841a4040b9c3360f980c701597dd1b1ffce53fa60445c9eb0ea02593e8677e78a03e53878ba6e91e2b7c72c53734db6ef21d6703f6e783d89b9749c3fd2502653a0d418388fbc69867aa690982312182c2e6ac9eb50cc7bf64e27cddab3f5106a4f839581f71f9d35396d5cb0be3775ab5cfdade56c57b0746cf53063d44848372abdc9e8235b9a7ea505078e6969533ed5d5a8a2bc7996d23a311d1180275f9f0d18e59f03e74e0ae8a27b098d6bf124c0e096b995b8f4feee4e3023d918cd664ca72fcc3fc7246498f5218d657675402303201ae147ffbf1f46caa17d8849cbe26f259e6113fe32c0af70c2807a06983973ed151ed00990421ffa8c4e3a34f1a0c85dc15f02d990d33a3f723f1a90ca59398305fe64f306561ad55899a6911283234179bab277bc12c9e0ddb31933017d51c05f820b19678132b309ed3a5b7e1652fa2d4b49f231435f9938553179513233d015b2aa23ba0467509f63fbc400d3bdb7f0a6518e92ee91418212925446f5363801ca26243130662e2641153984874f2a45dfed4a23410357a81f840c3bc134b3c13f24ee2b7aac40ce82e92dd2b133bcf809ab48b099dd4ed34f6233cbfe7b69d70878decb15bb7e8e1a701b7cfbe04d0c203fea755788ed73337eee0239c5c65714fafd70a94bf72c5d8677de910fe65c75a52900c80d02fadd2c5734e09c869a984c224ee4e57436438edc2f1966524a5c7a173e75fee240dec40b4a7caee35fb4c082ecebd6d0f240702ff9025641672295a80a5472312d76b0c87d139da2067a0655ccef70a5b72843ac4f6a92affdb7d8a181832e5ecf25bd68ac97f329df78498ef840ee5e7f3459f9bbf5363e6d4912a4a48106c0cd7014fb9353ce1efb4c4402789448d0c8faf91c582c2daff3705c08dcf95db9a274f8045a5bf88e98be1c760397de4229f845d7ad0fd96d427da9aa69d20b4464e09a155c3d7b1f0dc484a297d767b801c960cd824f93fd60f7a6ad1738716c3cc5901c777aa8c5ba64d0b4576a87ebc1bb7bb619c002ade9b2af79a375b0da6195b0c44cb339b2a3d50b786331e61f83213ccb644dc53b8a82e6570af15fee02a235b39c10af20e7025179058ca522bb59ac2b58f1ac7a2227d9241ae10c633568b5b152fd227022af2154c8511f13aeb6c07caaed383c031a7938167c5f3226322edce6c358a8cecdc069e4a07ebaad095aaf0874f5b588e152da613380609e99c52453f4783b3dd23d19fabe575f597302277eb69547d8aec4011442752584e12efa99a9ec8d32fe8ac48a0eac66a7ddcf761bad5525dae2b14eba623117985a729709e0e0ef1feda163afd022aaa75fa59be81af46bc55f5316912919e9ca931ea6c2b98895c7871bd7de7d6698ae52fe15a3c6a4eea5a7aef3f65ac12f0b45c8b6774d73c3ed0ea1daf34fb67e5c4ac38376807031bb4e1ebc124180ba6fe55508cadfb69c440360b26dc670ed0973beb1ae7c5dbc4027edc6d08d7a19553a48af641db7048f1d254ace66d938c1bcdf944262e37fe5c8d8221dd65419f1da0df55c4673d3d5503cc81cfcf09675b50e5ef54d15a20448e4ffdee282bf997114a42cb758546a48633ec5380372a00fc8bf26a935e05dd27a486d6df084d60a3c803a1c599cc2df0390f084e82d4dc78e7e652c58ea440aa00b48b86d7c8c64457b0d0fd6349d2470a98ea8c1b04cf1542e8c3f1f4d39329245e5b691ef1bbc5a38efb738efb80a61cbabd9f9e1e4c4af76d2f0687b062490f7d03b37090da65759709b553dadc11db28bd59deb28511d75c651bbb64096b90aadff941a5ff65f20c0f19f7ef640f1b69479f98184cfb2d8575edd1793eab077eadf33adb3998f362c5742182011dc443157793bd4d1f0616f67caa1b73e96c8c07e403bce72802c477b148655f1413b5404f5d73b2da672422282fe55bca847b97cebf339ab68ab6ea56dfda555c1ea8c84043e18459d6c96d8317b7c436d7d20d19c39da55c01bbc491a588f7f2743998c819e3b9687e76d72585db73b181a0c50b60f607ca47541bdd427b8057384acc6731a85e6134ef002c45f15effed2dc0e085f491116a722057b5c20764b8c043d15eb631de3d8ef84fe109d7c0b750e21ff7ec312be4920bf7e9a7a91e81a067da2dee6dc1c7307c6c12f205e10d715bcec35459be82756a640daa3e2fa68dbcfa93c7a0592483ab45c65dd495782dfad63c414a2767591dff4a49fafc18ff55177e1ffb2ae32fdd146e7bfcf05d39ff38785819c8767afe32ab8b058198a1877fd9c8591f5f6acb8add0d573ad537dd4be65bc90357052f9bfc601b56e150e296af466f75d1727cc61ae25931b9178069d5a7861f502894eddc198a18d3ce3fa0a5df5baea027da0c8002067a24419eda67278498be42ee1452eadf3033516fde72cc46edb9ac2565fd86f9d0452672e850c8c9a8a3f0548572ea8792ec30ae080a96e12d13c5158e5d92f9abeb9faf4c2ebf69f9e1df44920c1f0a10dfcfaf74f4d465190237579a9c3a51b9d30d373f92e422b582a82ddfa5f5490089e80d66c38279ac9746776f47a0d3527e01f6dbec4f8d43d81ff72a414703f15035cd98f4888c4194966f95bfac92fa791ca2c5a8588570c1ece520ef3a9dc8290a83cdeb0d79f124eb86a9a6b4e6963c78aac925c93e5b1b6e84c36a310c72a41cd775542346f688dce2f1053b1b12d59f541d61e8df52d896e69e482c001d74ce9f242712b68c3656954ef94002f6a4dba2335d8cf76e6317d92271ef162a3f6480fc4e19f1ebbce06b0df9bea563bbdb102f020d82d194a3f3054052d318790d66c6c9e522906211837c3d37215f74e95a61a5bff2e2d8d866bb1755956dd58467b92fd827d870b904da6d7fd08bc1a4cb106afc9eac6d2e149a061c819a049f7468e7e15567a492c463d104e5262e5ac8835b64a3d41ec7ae2d314f058c22b1d355821e2dbad2d05fe8342917bb524245b58525a470d3908e494d68bb14aad0f6d0a4161a4ca13e48f822f52b9b4974d9571234cbfc668f4f9453e4d49d13f9633e90c62252dec6a45b214ec684a0aef313b6ae5aae5fa6dc2d4b002724123aa6d23d6d03c282b5ab551a351c5d4763f7177c40eb3d07249930c9fed1aba83c4b7c0bb6ac56d93ea2b62fd919fb521ca07748172d58f0ec7c577e051586b49e61cf6561835444116a0de799849c3009673c6e5ff482c906ff5f85c75ff51da49a0030f15e931aa2e4f6bd1ddfb9bf746eced0b460e61b5ecd67b53cb003dd31734deca1ea5848828402110fecc6b07787d531a19a0957f928475e58a7d166dc52d32a4c91b7a92455fbb02afaf11bd20e0204ec181f9a17626bf73e39f78af1b73a89ea3eb6b83b2b2a739f128e21d21089c4d"}}}}}, 0x0) kernel console output (not intermixed with test programs): er 83 using dummy_hcd [ 692.306876][ T5916] usb 2-1: Invalid ep0 maxpacket: 64 [ 692.326217][ T5916] usb usb2-port1: unable to enumerate USB device [ 692.402105][T15541] netlink: 'syz.0.2631': attribute type 30 has an invalid length. [ 693.145781][T13290] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 693.255739][ T5916] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 693.306045][T13290] usb 3-1: Using ep0 maxpacket: 8 [ 693.312717][T13290] usb 3-1: config 0 has an invalid interface number: 56 but max is 0 [ 693.322606][T13290] usb 3-1: config 0 has no interface number 0 [ 693.333673][T13290] usb 3-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64 [ 693.351855][T13290] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 693.360413][T13290] usb 3-1: Product: syz [ 693.364660][T13290] usb 3-1: Manufacturer: syz [ 693.370747][T13290] usb 3-1: SerialNumber: syz [ 693.382632][T13290] usb 3-1: config 0 descriptor?? [ 693.393898][T13290] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state. [ 693.402936][T13290] pctv452e: pctv452e_power_ctrl: 1 [ 693.402936][T13290] [ 693.411169][T13290] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22 [ 693.411169][T13290] [ 693.424994][T13290] dvb-usb: bulk message failed: -22 (5/0) [ 693.431316][ T5916] usb 4-1: Using ep0 maxpacket: 16 [ 693.439091][ T5916] usb 4-1: config 0 has no interfaces? [ 693.446446][ T5916] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 693.462091][ T5916] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 693.471921][T13290] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 693.484035][ T5916] usb 4-1: Manufacturer: syz [ 693.491067][T13290] dvbdev: DVB: registering new adapter (Technotrend TT Connect S2-3600) [ 693.509072][T13290] usb 3-1: media controller created [ 693.515223][ T5916] usb 4-1: config 0 descriptor?? [ 693.523847][T13290] dvb-usb: bulk message failed: -22 (8/0) [ 693.531293][T13290] pctv452e: I2C error -22; AA 01 A0 01 14 -> aa 01 31 04 a0 01 14 [ 693.548205][T13290] dvb-usb: MAC address reading failed. [ 693.570728][T13290] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 693.623739][T13290] DVB: Unable to find symbol stb0899_attach() [ 693.629990][T13290] dvb-usb: no frontend was attached by 'Technotrend TT Connect S2-3600' [ 693.744709][T15554] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2632'. [ 693.770813][T15559] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 693.790337][T13290] rc_core: IR keymap rc-tt-1500 not found [ 693.808887][T13290] Registered IR keymap rc-empty [ 693.821262][T15559] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 693.832442][T13290] rc rc0: Technotrend TT Connect S2-3600 as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc0 [ 693.883790][T13290] input: Technotrend TT Connect S2-3600 as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc0/input70 [ 693.916197][T13290] dvb-usb: schedule remote query interval to 100 msecs. [ 693.930918][T13290] pctv452e: pctv452e_power_ctrl: 0 [ 693.930918][T13290] [ 693.991475][T13290] dvb-usb: Technotrend TT Connect S2-3600 successfully initialized and connected. [ 694.037256][ T5916] dvb-usb: bulk message failed: -22 (4/0) [ 694.047538][ T5916] dvb-usb: error -22 while querying for an remote control event. [ 694.206085][ T5916] dvb-usb: bulk message failed: -22 (4/0) [ 694.245777][ T5916] dvb-usb: error -22 while querying for an remote control event. [ 694.368347][T13290] dvb-usb: bulk message failed: -22 (4/0) [ 694.375825][T13290] dvb-usb: error -22 while querying for an remote control event. [ 694.536112][ T5916] dvb-usb: bulk message failed: -22 (4/0) [ 694.542127][ T5916] dvb-usb: error -22 while querying for an remote control event. [ 694.566860][T13290] usb 2-1: new high-speed USB device number 84 using dummy_hcd [ 694.685993][ T5914] dvb-usb: bulk message failed: -22 (4/0) [ 694.691977][ T5914] dvb-usb: error -22 while querying for an remote control event. [ 694.727426][T13290] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 694.739990][T13290] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 694.751798][T13290] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 694.762194][T13290] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 694.777784][T13290] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 694.788584][T13290] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 694.799279][T13290] usb 2-1: config 0 descriptor?? [ 694.806017][ T5914] dvb-usb: bulk message failed: -22 (4/0) [ 694.811954][ T5914] dvb-usb: error -22 while querying for an remote control event. [ 694.969687][ T5916] dvb-usb: bulk message failed: -22 (4/0) [ 694.975506][ T5916] dvb-usb: error -22 while querying for an remote control event. [ 695.085809][ T5916] dvb-usb: bulk message failed: -22 (4/0) [ 695.091653][ T5916] dvb-usb: error -22 while querying for an remote control event. [ 695.265917][ T5916] dvb-usb: bulk message failed: -22 (4/0) [ 695.272494][ T5916] dvb-usb: error -22 while querying for an remote control event. [ 695.396468][ T5916] dvb-usb: bulk message failed: -22 (4/0) [ 695.404483][ T5916] dvb-usb: error -22 while querying for an remote control event. [ 695.525872][ T5916] dvb-usb: bulk message failed: -22 (4/0) [ 695.531758][ T5916] dvb-usb: error -22 while querying for an remote control event. [ 695.587855][T13290] usbhid 2-1:0.0: can't add hid device: -71 [ 695.599832][T13290] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 695.630929][T13290] usb 2-1: USB disconnect, device number 84 [ 695.655766][ T5916] dvb-usb: bulk message failed: -22 (4/0) [ 695.663977][ T5916] dvb-usb: error -22 while querying for an remote control event. [ 695.739572][T15566] wireguard1: entered allmulticast mode [ 695.775775][ T5916] dvb-usb: bulk message failed: -22 (4/0) [ 695.790188][ T5916] dvb-usb: error -22 while querying for an remote control event. [ 695.813176][ T5913] usb 3-1: USB disconnect, device number 19 [ 695.846154][ T5913] dvb-usb: Technotrend TT Connect S2-3600 successfully deinitialized and disconnected. [ 696.216086][T15572] program syz.4.2639 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 696.426207][ T24] usb 4-1: USB disconnect, device number 21 [ 696.485920][ T43] usb 2-1: new high-speed USB device number 85 using dummy_hcd [ 696.690000][ T43] usb 2-1: config 0 has too many interfaces: 204, using maximum allowed: 32 [ 696.699065][ T43] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 204 [ 696.715872][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 696.735681][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 696.746689][ T43] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 696.762135][ T43] usb 2-1: New USB device found, idVendor=28bd, idProduct=0909, bcdDevice= 0.00 [ 696.771517][ T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 696.783042][ T43] usb 2-1: config 0 descriptor?? [ 697.108510][T15597] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2645'. [ 697.118995][ T30] audit: type=1326 audit(1760494940.457:1037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15588 comm="syz.0.2643" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc11018eec9 code=0x0 [ 697.174087][ T43] usbhid 2-1:0.0: can't add hid device: -71 [ 697.182694][ T43] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 697.205172][ T30] audit: type=1326 audit(1760494940.497:1038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15596 comm="syz.2.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f786678eec9 code=0x7ffc0000 [ 697.241504][ T43] usb 2-1: USB disconnect, device number 85 [ 697.327241][ T30] audit: type=1326 audit(1760494940.497:1039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15596 comm="syz.2.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f786678eec9 code=0x7ffc0000 [ 697.375716][ T30] audit: type=1326 audit(1760494940.497:1040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15596 comm="syz.2.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=27 compat=0 ip=0x7f786678eec9 code=0x7ffc0000 [ 697.411842][ T30] audit: type=1326 audit(1760494940.497:1041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15596 comm="syz.2.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f786678eec9 code=0x7ffc0000 [ 697.438033][ T30] audit: type=1326 audit(1760494940.497:1042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15596 comm="syz.2.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f786678eec9 code=0x7ffc0000 [ 697.442509][T15604] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2647'. [ 697.461687][ T30] audit: type=1326 audit(1760494940.497:1043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15596 comm="syz.2.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f786678eec9 code=0x7ffc0000 [ 697.496304][ T30] audit: type=1326 audit(1760494940.497:1044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15596 comm="syz.2.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f786678eec9 code=0x7ffc0000 [ 697.523750][ T30] audit: type=1326 audit(1760494940.507:1045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15596 comm="syz.2.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f786678eec9 code=0x7ffc0000 [ 697.553807][ T30] audit: type=1326 audit(1760494940.507:1046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15596 comm="syz.2.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f786678eec9 code=0x7ffc0000 [ 697.792506][T15616] netlink: zone id is out of range [ 697.805694][T15616] netlink: zone id is out of range [ 697.805791][T13290] usb 2-1: new high-speed USB device number 86 using dummy_hcd [ 697.810991][T15616] netlink: zone id is out of range [ 697.828456][T15616] netlink: zone id is out of range [ 697.833643][T15616] netlink: zone id is out of range [ 697.839751][T15616] netlink: del zone limit has 4 unknown bytes [ 698.047894][T13290] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 698.057507][T13290] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 698.072990][T13290] usb 2-1: config 0 descriptor?? [ 698.090350][T13290] cp210x 2-1:0.0: cp210x converter detected [ 698.105820][ T5913] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 698.252134][T15633] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 698.261822][T15633] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 698.365962][ T5913] usb 4-1: device descriptor read/64, error -71 [ 698.408080][T15633] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 698.422243][T15633] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 698.625773][ T5913] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 698.726331][T13290] cp210x 2-1:0.0: failed to get vendor val 0x000e size 678: -121 [ 698.734143][T13290] cp210x 2-1:0.0: GPIO initialisation failed: -121 [ 698.752834][T13290] usb 2-1: cp210x converter now attached to ttyUSB0 [ 698.807707][ T5913] usb 4-1: device descriptor read/64, error -71 [ 698.867211][T15641] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2655'. [ 698.879094][T15641] openvswitch: netlink: Flow key attr not present in new flow. [ 698.908582][ T43] usb 2-1: USB disconnect, device number 86 [ 698.917876][ T43] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 698.927894][ T5913] usb usb4-port1: attempt power cycle [ 699.004480][ T43] cp210x 2-1:0.0: device disconnected [ 699.015767][ T5916] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 699.127396][T13290] usb 5-1: new high-speed USB device number 123 using dummy_hcd [ 699.145982][ T5916] usb 3-1: device descriptor read/64, error -71 [ 699.288450][T13290] usb 5-1: Using ep0 maxpacket: 32 [ 699.295712][ T5913] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 699.339635][ T5913] usb 4-1: device descriptor read/8, error -71 [ 699.385935][ T5916] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 699.393837][T13290] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 699.521559][T13290] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 699.535936][ T5916] usb 3-1: device descriptor read/64, error -71 [ 699.547167][T13290] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 699.564264][T13290] usb 5-1: Product: syz [ 699.573858][T13290] usb 5-1: Manufacturer: syz [ 699.583724][T13290] usb 5-1: SerialNumber: syz [ 699.610592][T13290] usb 5-1: config 0 descriptor?? [ 699.625996][ T5913] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 699.646518][ T5916] usb usb3-port1: attempt power cycle [ 699.656718][ T5913] usb 4-1: device descriptor read/8, error -71 [ 699.805712][ T5913] usb usb4-port1: unable to enumerate USB device [ 699.857850][T15641] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2655'. [ 699.867839][T15641] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2655'. [ 699.916737][T15649] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2658'. [ 700.045452][ T5916] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 700.106665][ T5916] usb 3-1: device descriptor read/8, error -71 [ 700.346086][ T5916] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 700.366610][ T5916] usb 3-1: device descriptor read/8, error -71 [ 700.476599][ T5916] usb usb3-port1: unable to enumerate USB device [ 700.541258][ T5913] usb 5-1: USB disconnect, device number 123 [ 700.696660][T15653] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2660'. [ 700.708270][T15653] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2660'. [ 700.717585][T15653] netlink: 'syz.1.2660': attribute type 7 has an invalid length. [ 700.965823][ T5916] usb 5-1: new high-speed USB device number 124 using dummy_hcd [ 701.088271][T15661] batman_adv: batadv0: Interface deactivated: virt_wifi0 [ 701.106452][T15664] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2662'. [ 701.117625][ T5916] usb 5-1: Using ep0 maxpacket: 32 [ 701.124603][ T5916] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 701.139092][ T5916] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 701.155490][ T5916] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 701.169365][ T5916] usb 5-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 701.178201][ T5916] usb 5-1: Product: syz [ 701.182499][ T5916] usb 5-1: Manufacturer: syz [ 701.212419][ T5916] hub 5-1:4.0: USB hub found [ 701.418687][ T5916] hub 5-1:4.0: 7 ports detected [ 701.425210][ T5916] hub 5-1:4.0: insufficient power available to use all downstream ports [ 701.619404][ T5916] hub 5-1:4.0: hub_hub_status failed (err = -71) [ 701.629041][ T5916] hub 5-1:4.0: config failed, can't get hub status (err -71) [ 701.666783][ T5916] usb 5-1: USB disconnect, device number 124 [ 702.117509][T15682] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 702.177218][ T5913] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 702.187385][ T43] usb 2-1: new high-speed USB device number 87 using dummy_hcd [ 702.435844][ T5913] usb 3-1: Using ep0 maxpacket: 8 [ 702.441009][ T43] usb 2-1: Using ep0 maxpacket: 16 [ 702.453617][ T5913] usb 3-1: config 0 has an invalid interface number: 31 but max is 0 [ 702.494050][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 702.508485][ T5913] usb 3-1: config 0 has no interface number 0 [ 702.548325][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 702.604710][ T5913] usb 3-1: New USB device found, idVendor=112a, idProduct=0005, bcdDevice=be.68 [ 702.623852][ T43] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 702.647230][ T5913] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 702.672020][ T5913] usb 3-1: Product: syz [ 702.679030][ T43] usb 2-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00 [ 702.679296][T15689] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2669'. [ 702.695691][ T5913] usb 3-1: Manufacturer: syz [ 702.703633][ T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 702.716117][ T5913] usb 3-1: SerialNumber: syz [ 702.734653][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 702.734667][ T30] audit: type=1326 audit(1760494946.107:1049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15688 comm="syz.4.2669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21e658eec9 code=0x7ffc0000 [ 702.765601][ T5913] usb 3-1: config 0 descriptor?? [ 702.768040][ T30] audit: type=1326 audit(1760494946.147:1050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15688 comm="syz.4.2669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=27 compat=0 ip=0x7f21e658eec9 code=0x7ffc0000 [ 702.799977][ T30] audit: type=1326 audit(1760494946.147:1051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15688 comm="syz.4.2669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21e658eec9 code=0x7ffc0000 [ 702.799994][ T43] usb 2-1: config 0 descriptor?? [ 702.837147][ T30] audit: type=1326 audit(1760494946.207:1052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15688 comm="syz.4.2669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f21e658eec9 code=0x7ffc0000 [ 702.839254][ T5913] redrat3 3-1:0.31: Couldn't find all endpoints [ 702.912149][ T30] audit: type=1326 audit(1760494946.207:1053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15688 comm="syz.4.2669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21e658eec9 code=0x7ffc0000 [ 702.937008][ T30] audit: type=1326 audit(1760494946.207:1054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15688 comm="syz.4.2669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21e658eec9 code=0x7ffc0000 [ 702.962177][ T30] audit: type=1326 audit(1760494946.287:1055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15688 comm="syz.4.2669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f21e658eec9 code=0x7ffc0000 [ 702.985413][ T30] audit: type=1326 audit(1760494946.287:1056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15688 comm="syz.4.2669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21e658eec9 code=0x7ffc0000 [ 703.008934][ T30] audit: type=1326 audit(1760494946.287:1057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15688 comm="syz.4.2669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21e658eec9 code=0x7ffc0000 [ 703.121308][ T5913] usb 3-1: USB disconnect, device number 24 [ 703.351035][T15674] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 703.368795][T15674] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 703.390118][T15674] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 703.396383][T15691] fuse: Bad value for 'group_id' [ 703.406863][T15693] fuse: Bad value for 'group_id' [ 703.412022][T15691] fuse: Bad value for 'group_id' [ 703.421013][T15693] fuse: Bad value for 'group_id' [ 703.423673][T15674] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 703.485926][ T30] audit: type=1326 audit(1760494946.857:1058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15673 comm="syz.1.2664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff64d58eec9 code=0x7ffc0000 [ 703.543620][T15700] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 703.558328][T15700] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 703.631834][ T43] input: HID 054c:03d5 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:054C:03D5.0049/input/input71 [ 703.708697][ T43] sony 0003:054C:03D5.0049: input,hidraw0: USB HID v0.00 Joystick [HID 054c:03d5] on usb-dummy_hcd.1-1/input0 [ 704.463865][T15722] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2678'. [ 704.505887][ T5916] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 704.676493][ T5916] usb 4-1: Using ep0 maxpacket: 16 [ 704.699499][ T5916] usb 4-1: config 0 has an invalid interface number: 41 but max is 0 [ 704.719397][ T5916] usb 4-1: config 0 has no interface number 0 [ 704.731337][ T5916] usb 4-1: config 0 interface 41 has no altsetting 0 [ 704.746292][ T5916] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 704.755360][ T5916] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 704.764760][ T5916] usb 4-1: Product: syz [ 704.769068][ T5916] usb 4-1: Manufacturer: syz [ 704.773677][ T5916] usb 4-1: SerialNumber: syz [ 704.781770][ T5916] usb 4-1: config 0 descriptor?? [ 704.790047][ T5916] CoreChips 4-1:0.41: probe with driver CoreChips failed with error -22 [ 704.970785][ T5913] usb 2-1: USB disconnect, device number 87 [ 705.625296][ T5913] usb 4-1: USB disconnect, device number 26 [ 705.783336][T15743] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2685'. [ 705.907826][T15745] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 705.936009][T15746] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 705.936363][T15745] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 705.953035][T15746] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 706.661497][T15753] program syz.2.2688 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 706.724196][T15756] loop2: detected capacity change from 0 to 7 [ 706.738514][T15758] netlink: 'syz.2.2688': attribute type 10 has an invalid length. [ 706.756241][T15758] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2688'. [ 706.777371][T15756] loop2: [ 706.781399][T15756] loop2: partition table partially beyond EOD, truncated [ 706.783154][T15758] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 708.145276][T15774] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 708.197647][T15774] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 708.535731][T13290] hid-generic 0000:0000:0000.004A: unknown main item tag 0x0 [ 708.582537][T13290] hid-generic 0000:0000:0000.004A: hidraw0: HID v0.00 Device [syz1] on syz0 [ 708.736079][ T5913] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 708.895699][ T5913] usb 3-1: Using ep0 maxpacket: 8 [ 708.911302][ T5913] usb 3-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 708.925401][ T5913] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 708.955123][ T5913] usb 3-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 708.971908][ T5913] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 708.994761][ T5913] usb 3-1: Product: syz [ 709.005762][ T5913] usb 3-1: Manufacturer: syz [ 709.010816][ T5913] usb 3-1: SerialNumber: syz [ 709.088876][ T5913] usb 3-1: config 0 descriptor?? [ 709.103313][ T5913] streamzap 3-1:0.0: streamzap_probe: Unexpected desc.bNumEndpoints (0) [ 709.340839][T13290] usb 3-1: USB disconnect, device number 25 [ 709.377110][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 709.377122][ T30] audit: type=1804 audit(1760494952.747:1060): pid=15797 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2701" name="/newroot/507/file1" dev="tmpfs" ino=2658 res=1 errno=0 [ 709.689768][T15804] loop2: detected capacity change from 0 to 7 [ 709.711475][ T5841] loop2: [ 709.714483][ T5841] loop2: partition table partially beyond EOD, truncated [ 709.738732][T15804] loop2: [ 709.787195][T15804] loop2: partition table partially beyond EOD, truncated [ 710.361381][T15817] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2706'. [ 710.606055][T13290] usb 3-1: new full-speed USB device number 26 using dummy_hcd [ 710.774309][T13290] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 710.846787][T13290] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 710.860999][T15825] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2707'. [ 710.910388][T13290] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10 [ 710.945722][T13290] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 710.955490][T13290] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 711.023386][T13290] usb 3-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 711.056964][T13290] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 711.065190][T13290] usb 3-1: Product: syz [ 711.086984][T13290] usb 3-1: Manufacturer: syz [ 711.091640][T13290] usb 3-1: SerialNumber: syz [ 711.140595][T13290] usb 3-1: config 0 descriptor?? [ 711.377706][T13290] radio-si470x 3-1:0.0: si470x_get_report: usb_control_msg returned -32 [ 711.414584][T12596] raw-gadget.2 gadget.0: failed to queue disconnect event [ 711.428290][T13290] radio-si470x 3-1:0.0: probe with driver radio-si470x failed with error -5 [ 711.838807][ T5829] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 711.850032][ T5829] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 711.869441][ T5829] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 711.881075][ T5829] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 711.889418][ T5829] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 712.661665][ T7561] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 712.813598][ T7561] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 712.859613][T15839] chnl_net:caif_netlink_parms(): no params data found [ 712.981157][ T7561] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 713.234516][ T7561] team0: Port device netdevsim0 removed [ 713.242796][ T7561] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 713.357881][T13290] usb 3-1: USB disconnect, device number 26 [ 713.549753][T15839] bridge0: port 1(bridge_slave_0) entered blocking state [ 713.558726][T15839] bridge0: port 1(bridge_slave_0) entered disabled state [ 713.566463][T15839] bridge_slave_0: entered allmulticast mode [ 713.577968][T15839] bridge_slave_0: entered promiscuous mode [ 713.669264][T15839] bridge0: port 2(bridge_slave_1) entered blocking state [ 713.716006][T13290] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 713.717315][T15839] bridge0: port 2(bridge_slave_1) entered disabled state [ 713.745430][T15839] bridge_slave_1: entered allmulticast mode [ 713.762480][T15839] bridge_slave_1: entered promiscuous mode [ 713.838515][T15839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 713.849574][T15862] FAULT_INJECTION: forcing a failure. [ 713.849574][T15862] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 713.851877][T15839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 713.872365][T15862] CPU: 1 UID: 0 PID: 15862 Comm: syz.4.2716 Not tainted syzkaller #0 PREEMPT(full) [ 713.872389][T15862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 713.872400][T15862] Call Trace: [ 713.872408][T15862] [ 713.872416][T15862] dump_stack_lvl+0x189/0x250 [ 713.872441][T15862] ? __pfx____ratelimit+0x10/0x10 [ 713.872466][T15862] ? __pfx_dump_stack_lvl+0x10/0x10 [ 713.872484][T15862] ? __pfx__printk+0x10/0x10 [ 713.872511][T15862] should_fail_ex+0x414/0x560 [ 713.872545][T15862] _copy_to_user+0x31/0xb0 [ 713.872569][T15862] simple_read_from_buffer+0xe1/0x170 [ 713.872594][T15862] proc_fail_nth_read+0x1b3/0x220 [ 713.872620][T15862] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 713.872647][T15862] ? rw_verify_area+0x2a6/0x4d0 [ 713.872663][T15862] ? __lock_acquire+0xab9/0xd20 [ 713.872682][T15862] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 713.872707][T15862] vfs_read+0x200/0xa30 [ 713.872724][T15862] ? fdget_pos+0x247/0x320 [ 713.872749][T15862] ? __pfx___mutex_lock+0x10/0x10 [ 713.872769][T15862] ? __pfx_vfs_read+0x10/0x10 [ 713.872789][T15862] ? __fget_files+0x2a/0x420 [ 713.872814][T15862] ? __fget_files+0x3a0/0x420 [ 713.872833][T15862] ? __fget_files+0x2a/0x420 [ 713.872863][T15862] ksys_read+0x145/0x250 [ 713.872885][T15862] ? __pfx_ksys_read+0x10/0x10 [ 713.872905][T15862] ? do_syscall_64+0xbe/0xfa0 [ 713.872927][T15862] do_syscall_64+0xfa/0xfa0 [ 713.872943][T15862] ? lockdep_hardirqs_on+0x9c/0x150 [ 713.872961][T15862] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 713.872980][T15862] ? clear_bhb_loop+0x60/0xb0 [ 713.873003][T15862] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 713.873021][T15862] RIP: 0033:0x7f21e658d8dc [ 713.873039][T15862] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 713.873055][T15862] RSP: 002b:00007f21e73bb030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 713.873075][T15862] RAX: ffffffffffffffda RBX: 00007f21e67e5fa0 RCX: 00007f21e658d8dc [ 713.873089][T15862] RDX: 000000000000000f RSI: 00007f21e73bb0a0 RDI: 0000000000000005 [ 713.873100][T15862] RBP: 00007f21e73bb090 R08: 0000000000000000 R09: 0000000000000000 [ 713.873112][T15862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 713.873123][T15862] R13: 00007f21e67e6038 R14: 00007f21e67e5fa0 R15: 00007f21e690fa28 [ 713.873152][T15862] [ 713.873679][T13290] usb 3-1: Using ep0 maxpacket: 16 [ 713.995871][T13721] Bluetooth: hci5: command tx timeout [ 714.127650][T13290] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 164, changing to 11 [ 714.145475][T13290] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice=fb.00 [ 714.175953][T13290] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=255 [ 714.194477][T13290] usb 3-1: Product: syz [ 714.198931][T13290] usb 3-1: Manufacturer: syz [ 714.203615][T13290] usb 3-1: SerialNumber: syz [ 714.215018][T13290] usb 3-1: config 0 descriptor?? [ 714.455560][T15873] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2717'. [ 714.696179][ T5916] usb 2-1: new high-speed USB device number 88 using dummy_hcd [ 714.876500][ T5916] usb 2-1: Using ep0 maxpacket: 16 [ 714.884088][ T5916] usb 2-1: config 0 interface 0 has no altsetting 0 [ 714.906715][ T5916] usb 2-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.00 [ 714.916696][ T5916] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 714.932708][ T5916] usb 2-1: config 0 descriptor?? [ 714.971554][T15883] netlink: 'syz.4.2719': attribute type 10 has an invalid length. [ 715.141894][ T7561] bond0 (unregistering): Released all slaves [ 715.318352][ T7561] bond1 (unregistering): Released all slaves [ 715.339728][T15839] team0: Port device team_slave_0 added [ 715.397059][ T5916] usbhid 2-1:0.0: can't add hid device: -71 [ 715.403221][ T5916] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 715.432988][T15883] bond0: (slave netdevsim0): Releasing backup interface [ 715.444893][ T5916] usb 2-1: USB disconnect, device number 88 [ 715.448389][T15883] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 715.462003][T15883] team0: Failed to send options change via netlink (err -105) [ 715.472046][T15883] team0: Port device netdevsim0 added [ 715.496240][T15839] team0: Port device team_slave_1 added [ 715.572643][ T7561] tipc: Left network mode [ 715.575389][T15839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 715.585199][T15839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 715.612254][T15839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 715.625407][T15839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 715.632534][T15839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 715.660471][T15839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 715.781799][T15839] hsr_slave_0: entered promiscuous mode [ 715.794554][T15839] hsr_slave_1: entered promiscuous mode [ 715.796258][ T43] usb 5-1: new high-speed USB device number 125 using dummy_hcd [ 715.802143][T15839] debugfs: 'hsr0' already exists in 'hsr' [ 715.816660][T15839] Cannot create hsr debugfs directory [ 715.992649][ T43] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 716.019474][ T43] usb 5-1: config 16 interface 0 altsetting 75 endpoint 0x7 has an invalid bInterval 0, changing to 7 [ 716.044655][ T43] usb 5-1: config 16 interface 0 altsetting 75 endpoint 0x7 has invalid wMaxPacketSize 0 [ 716.069392][ T43] usb 5-1: config 16 interface 0 altsetting 75 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 716.092929][ T43] usb 5-1: config 16 interface 0 has no altsetting 0 [ 716.100411][ T43] usb 5-1: New USB device found, idVendor=15c2, idProduct=0036, bcdDevice=bb.7a [ 716.128824][ T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 716.195801][T13721] Bluetooth: hci5: command tx timeout [ 716.353311][ T7561] hsr_slave_0: left promiscuous mode [ 716.367952][ T7561] hsr_slave_1: left promiscuous mode [ 716.374736][ T7561] batman_adv: batadv0: Removing interface: virt_wifi0 [ 716.396189][ T5914] usb 2-1: new full-speed USB device number 89 using dummy_hcd [ 716.579652][ T5914] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 716.592675][ T5914] usb 2-1: New USB device found, idVendor=0c70, idProduct=f00b, bcdDevice= 0.00 [ 716.602857][ T5914] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 716.626948][ T5914] usb 2-1: config 0 descriptor?? [ 716.915460][ T43] usb 5-1: string descriptor 0 read error: -71 [ 716.958996][ T43] imon:imon_find_endpoints: no valid input (IR) endpoint found [ 716.976012][ T43] imon 5-1:16.0: unable to initialize intf0, err -19 [ 716.987297][ T43] imon:imon_probe: failed to initialize context! [ 716.993840][ T43] imon 5-1:16.0: unable to register, err -19 [ 717.029550][ T43] usb 5-1: USB disconnect, device number 125 [ 717.316053][ T5914] aquacomputer_d5next 0003:0C70:F00B.004B: hidraw0: USB HID v1.01 Device [HID 0c70:f00b] on usb-dummy_hcd.1-1/input0 [ 718.123748][ T43] usb 2-1: USB disconnect, device number 89 [ 718.181191][T15917] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 718.187861][T15917] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 718.276047][T13721] Bluetooth: hci5: command tx timeout [ 718.372450][T15917] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 718.393136][T15917] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 718.402699][T15917] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 718.414446][T15917] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 718.420791][T15917] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 718.433778][T15917] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 718.601665][T13290] usbhid 3-1:0.0: can't add hid device: -71 [ 718.631710][T13290] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 718.724488][T13290] usb 3-1: USB disconnect, device number 27 [ 718.730515][T15928] vti0: entered promiscuous mode [ 718.730554][T15928] vti0: entered allmulticast mode [ 718.896760][T15839] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 718.941069][T15839] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 719.006589][T15839] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 719.019724][T15937] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2728'. [ 719.052357][T15839] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 719.277828][ T7561] IPVS: stop unused estimator thread 0... [ 719.490678][T15839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 719.521631][T15839] 8021q: adding VLAN 0 to HW filter on device team0 [ 719.533365][ T1153] bridge0: port 1(bridge_slave_0) entered blocking state [ 719.540621][ T1153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 719.568019][ T1153] bridge0: port 2(bridge_slave_1) entered blocking state [ 719.575160][ T1153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 719.607788][T15839] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 719.712121][T15839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 719.925387][T15839] veth0_vlan: entered promiscuous mode [ 720.041836][T15839] veth1_vlan: entered promiscuous mode [ 720.091057][T15974] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2733'. [ 720.101029][T15974] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2733'. [ 720.111222][T15971] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 720.120647][T15974] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2733'. [ 720.123935][T15971] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 720.176041][T15971] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 720.185962][T15971] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 720.205949][T15971] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 720.296618][T15839] veth0_macvtap: entered promiscuous mode [ 720.306415][T15839] veth1_macvtap: entered promiscuous mode [ 720.342776][T15839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 720.383500][T15839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 720.431585][ T1153] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 720.452086][ T1153] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 720.488352][ T1153] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 720.766789][ T1153] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 721.284170][T15997] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2734'. [ 721.351082][T15997] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 721.400330][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 721.427902][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 721.488288][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 721.510261][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 721.631604][T16013] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2708'. [ 721.678915][T16013] bond1: option ad_actor_sys_prio: invalid value (0) [ 721.687680][T16013] bond1: option ad_actor_sys_prio: allowed values 1 - 65535 [ 721.697653][T16013] bond1 (unregistering): Released all slaves [ 721.786870][ T43] usb 2-1: new high-speed USB device number 90 using dummy_hcd [ 721.817387][ T5913] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 721.993652][ T5913] usb 4-1: config 147 has an invalid interface number: 9 but max is 1 [ 722.003169][ T5913] usb 4-1: config 147 has an invalid descriptor of length 1, skipping remainder of the config [ 722.018056][ T43] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 722.028396][ T43] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 722.040172][ T5913] usb 4-1: config 147 has 1 interface, different from the descriptor's value: 2 [ 722.050558][ T43] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 722.060176][ T5913] usb 4-1: config 147 has no interface number 0 [ 722.067505][ T5913] usb 4-1: config 147 interface 9 altsetting 9 endpoint 0xD has invalid maxpacket 1024, setting to 64 [ 722.079195][ T43] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 722.090673][ T5913] usb 4-1: config 147 interface 9 altsetting 9 endpoint 0x4 has an invalid bInterval 145, changing to 7 [ 722.102315][ T43] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 722.113861][ T5913] usb 4-1: config 147 interface 9 altsetting 9 has a duplicate endpoint with address 0xF, skipping [ 722.129157][ T5913] usb 4-1: config 147 interface 9 altsetting 9 has a duplicate endpoint with address 0xE, skipping [ 722.140670][ T5913] usb 4-1: config 147 interface 9 altsetting 9 has 6 endpoint descriptors, different from the interface descriptor's value: 14 [ 722.154303][ T5913] usb 4-1: config 147 interface 9 has no altsetting 0 [ 722.162034][ T43] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 722.172149][ T43] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 722.180734][ T43] usb 2-1: Product: syz [ 722.185785][ T43] usb 2-1: Manufacturer: syz [ 722.192220][ T5913] usb 4-1: New USB device found, idVendor=0dba, idProduct=1000, bcdDevice=ba.80 [ 722.201873][T13721] Bluetooth: hci4: command 0x0406 tx timeout [ 722.201890][ T5829] Bluetooth: hci2: command 0x0406 tx timeout [ 722.208093][T13721] Bluetooth: hci1: command 0x0406 tx timeout [ 722.214187][ T5829] Bluetooth: hci0: command 0x0406 tx timeout [ 722.222315][ T5913] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 722.241282][ T43] cdc_wdm 2-1:1.0: skipping garbage [ 722.246972][ T43] cdc_wdm 2-1:1.0: skipping garbage [ 722.253473][ T5913] usb 4-1: Product: 蕨㭾ᷮ䪓ﱻ陌Ꮕ಺ꃀ裂㤣⚰ᠪ木떚墪ᛞ㥊✝ᑎ伮ꏠ㊦伷졃ቯ您唊ꭢꈺ፾煥 [ 722.270634][ T43] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 722.276918][ T5829] Bluetooth: hci5: command 0x0c1a tx timeout [ 722.284262][ T43] cdc_wdm 2-1:1.0: Unknown control protocol [ 722.290957][ T5913] usb 4-1: Manufacturer: К [ 722.295727][ T5913] usb 4-1: SerialNumber: Ѝ [ 722.329651][T16009] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 722.448659][T16010] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 722.491120][T16010] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 722.551677][T16009] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 722.567486][T16009] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 722.618168][T16009] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 722.654172][T16009] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 723.006227][ T43] usb 1-1: new high-speed USB device number 121 using dummy_hcd [ 723.228955][ T43] usb 1-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 723.238455][ T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 723.251822][ T43] usb 1-1: config 0 descriptor?? [ 723.261197][ T43] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 723.699459][ T43] cpia1 1-1:0.0: unexpected state after lo power cmd: 00 [ 723.807884][T16046] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2741'. [ 723.899990][ T43] gspca_cpia1: usb_control_msg 01, error -32 [ 723.911108][ T43] gspca_cpia1: usb_control_msg 01, error -71 [ 723.928249][ T43] cpia1 1-1:0.0: only firmware version 1 is supported (got: 0) [ 723.928683][T16050] loop2: detected capacity change from 0 to 7 [ 723.944841][ T43] usb 1-1: USB disconnect, device number 121 [ 723.956519][ T5844] loop2: [ 723.959517][ T5844] loop2: partition table partially beyond EOD, truncated [ 723.971381][T16050] loop2: [ 723.974381][T16050] loop2: partition table partially beyond EOD, truncated [ 724.116156][ T5914] usb 5-1: new high-speed USB device number 126 using dummy_hcd [ 724.277200][ T5829] Bluetooth: hci0: command 0x0406 tx timeout [ 724.293903][ T5914] usb 5-1: too many configurations: 239, using maximum allowed: 8 [ 724.329178][ T5914] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 724.338688][ T5914] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 724.347218][ T5914] usb 5-1: Product: syz [ 724.351560][ T5914] usb 5-1: Manufacturer: syz [ 724.356280][ T5829] Bluetooth: hci5: command 0x0c1a tx timeout [ 724.362695][ T5914] usb 5-1: SerialNumber: syz [ 724.493659][ T5914] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 724.562366][ T43] usb 2-1: USB disconnect, device number 90 [ 724.601101][ T5913] usb 4-1: USB disconnect, device number 27 [ 724.744295][ T5841] udevd[5841]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:147.9/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 724.885767][ T24] usb 1-1: new high-speed USB device number 122 using dummy_hcd [ 724.977976][ T5916] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 725.045788][ T43] usb 2-1: new high-speed USB device number 91 using dummy_hcd [ 725.056231][ T24] usb 1-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 725.076410][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 725.118187][ T24] usb 1-1: config 0 descriptor?? [ 725.129750][ T24] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 725.227785][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 725.277407][ T43] usb 2-1: New USB device found, idVendor=1532, idProduct=010d, bcdDevice= 0.00 [ 725.296874][ T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 725.388076][ T43] usb 2-1: config 0 descriptor?? [ 725.831194][T16072] fuse: Bad value for 'fd' [ 725.840189][T11559] usb 5-1: USB disconnect, device number 126 [ 725.847642][T16062] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 725.867956][T16062] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 726.030728][T16062] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 726.061944][ T5916] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 726.086463][T16062] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 726.095317][ T5916] ath9k_htc: Failed to initialize the device [ 726.115051][T11559] usb 5-1: ath9k_htc: USB layer deinitialized [ 726.170193][ T43] usbhid 2-1:0.0: can't add hid device: -71 [ 726.186287][ T43] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 726.199990][ T43] usb 2-1: USB disconnect, device number 91 [ 726.414329][ T24] gspca_stv06xx: I2C: Read error writing address: -71 [ 726.444910][ T5829] Bluetooth: hci5: command 0x0c1a tx timeout [ 726.451856][T16058] fuse: Unknown parameter 'FŀV [ 726.451856][T16058] ' [ 726.568207][ T24] usb 1-1: USB disconnect, device number 122 [ 726.715902][T16080] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2750'. [ 726.811714][T16083] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2750'. [ 727.355819][ T24] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 727.515784][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 727.522834][ T24] usb 3-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 727.541281][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 727.770178][ T24] usb 3-1: config 0 descriptor?? [ 727.788060][ T43] usb 1-1: new high-speed USB device number 123 using dummy_hcd [ 727.798516][ T24] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 727.885085][T16098] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2753'. [ 727.967887][ T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 727.978024][ T43] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 728.030196][ T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 728.055708][ T43] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 728.078875][ T43] usb 1-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 728.197311][ T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 728.303607][ T43] usb 1-1: config 0 descriptor?? [ 728.378563][T16107] fuse: Unknown parameter 'user_id0000000000000000000000000000000000000000' [ 728.532858][T16096] program syz.0.2755 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 728.592262][ T43] hdpvr 1-1:0.0: firmware version 0xd dated jl;S11!vOp [ 728.592262][ T43] 4(r [ 728.592262][ T43] d2}d~٭^r [ 728.761559][ T24] gspca_nw80x: reg_r err -110 [ 728.769889][ T24] nw80x 3-1:0.0: probe with driver nw80x failed with error -110 [ 728.869012][ T43] hdpvr 1-1:0.0: device init failed [ 728.916440][ T43] hdpvr 1-1:0.0: probe with driver hdpvr failed with error -12 [ 728.928712][ T43] usb 1-1: USB disconnect, device number 123 [ 729.385763][ T43] usb 2-1: new high-speed USB device number 92 using dummy_hcd [ 729.609690][ T5916] usb 3-1: USB disconnect, device number 28 [ 729.635834][ T43] usb 2-1: Using ep0 maxpacket: 32 [ 729.767801][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 729.911417][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 729.922723][ T43] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 729.932826][ T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 729.945333][ T43] usb 2-1: config 0 descriptor?? [ 729.969529][ T43] hub 2-1:0.0: USB hub found [ 729.986075][ T24] usb 1-1: new low-speed USB device number 124 using dummy_hcd [ 730.126900][ T24] usb 1-1: device descriptor read/64, error -71 [ 730.186006][ T5916] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 730.204661][ T43] hub 2-1:0.0: 1 port detected [ 730.348220][ T5916] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 730.365980][ T24] usb 1-1: new low-speed USB device number 125 using dummy_hcd [ 730.373972][ T5916] usb 3-1: New USB device found, idVendor=1532, idProduct=010d, bcdDevice= 0.00 [ 730.396179][ T5916] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 730.421797][ T5916] usb 3-1: config 0 descriptor?? [ 730.525816][ T24] usb 1-1: device descriptor read/64, error -71 [ 730.636133][ T24] usb usb1-port1: attempt power cycle [ 730.837298][T16120] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 730.850986][T16120] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 730.860716][ T5916] hid (null): invalid report_count 139821482 [ 730.875389][ T5916] razer 0003:1532:010D.004C: invalid report_count 139821482 [ 730.883252][ T5916] razer 0003:1532:010D.004C: item 0 4 1 9 parsing failed [ 730.893296][ T5916] razer 0003:1532:010D.004C: probe with driver razer failed with error -22 [ 731.040059][ T24] usb 1-1: new low-speed USB device number 126 using dummy_hcd [ 731.071358][ T24] usb 1-1: device descriptor read/8, error -71 [ 731.077597][ T5916] usb 3-1: USB disconnect, device number 29 [ 731.239393][ T43] hub 2-1:0.0: hub_hub_status failed (err = -32) [ 731.253457][ T43] hub 2-1:0.0: config failed, can't get hub status (err -32) [ 731.280363][ T43] usbhid 2-1:0.0: can't add hid device: -32 [ 731.307153][ T43] usbhid 2-1:0.0: probe with driver usbhid failed with error -32 [ 731.327620][ T24] usb 1-1: new low-speed USB device number 127 using dummy_hcd [ 731.376953][ T24] usb 1-1: device descriptor read/8, error -71 [ 731.551558][ T24] usb usb1-port1: unable to enumerate USB device [ 731.739388][ T24] usb 2-1: USB disconnect, device number 92 [ 732.176729][ T24] usb 2-1: new full-speed USB device number 93 using dummy_hcd [ 732.348999][ T24] usb 2-1: config 5 has an invalid interface number: 123 but max is 0 [ 732.358558][ T24] usb 2-1: config 5 has no interface number 0 [ 732.364704][ T24] usb 2-1: config 5 interface 123 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B [ 732.386407][ T24] usb 2-1: config 5 interface 123 altsetting 7 endpoint 0x4 has invalid maxpacket 8224, setting to 64 [ 732.410810][ T24] usb 2-1: config 5 interface 123 has no altsetting 0 [ 732.431264][ T24] usb 2-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7 [ 732.440833][ T43] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 732.468534][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 732.483801][ T24] usb 2-1: Product: syz [ 732.492900][ T24] usb 2-1: Manufacturer: syz [ 732.502982][ T24] usb 2-1: SerialNumber: syz [ 732.608183][ T43] usb 4-1: Using ep0 maxpacket: 8 [ 732.617161][ T43] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 732.626645][ T43] usb 4-1: config 1 has no interface number 1 [ 732.634407][ T43] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 732.671894][ T43] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 732.685708][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 732.731627][ T43] usb 4-1: Product: syz [ 732.736804][ T43] usb 4-1: Manufacturer: syz [ 732.755083][ T24] comedi comedi5: driver 'ni6501' has successfully auto-configured 'ni6501'. [ 732.774960][ T43] usb 4-1: SerialNumber: syz [ 732.798265][ T24] usb 2-1: USB disconnect, device number 93 [ 732.998165][ T43] usb 4-1: 2:1 : format type 0 is detected, processed as PCM [ 733.007217][ T43] usb 4-1: 2:1 : sample bitwidth 243 in over sample bytes 3 [ 733.020469][ T43] usb 4-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 733.028632][ T43] usb 4-1: 2:1 : invalid channels 0 [ 733.076956][ T43] usb 4-1: USB disconnect, device number 28 [ 733.146180][T11559] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 733.330613][T11559] usb 1-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 733.340065][T11559] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 733.355976][T11559] usb 1-1: Product: syz [ 733.360255][T11559] usb 1-1: Manufacturer: syz [ 733.364929][T11559] usb 1-1: SerialNumber: syz [ 733.387464][T11559] usb 1-1: config 0 descriptor?? [ 733.428760][T11559] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 733.480712][T16166] bond5: entered promiscuous mode [ 733.486170][T16166] bond5: entered allmulticast mode [ 733.491707][T16166] 8021q: adding VLAN 0 to HW filter on device bond5 [ 733.604798][T16154] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 733.632317][T16154] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 733.685893][T11559] gspca_sunplus: reg_r err -71 [ 733.690770][T11559] sunplus 1-1:0.0: probe with driver sunplus failed with error -71 [ 733.738693][T11559] usb 1-1: USB disconnect, device number 2 [ 734.077013][T11559] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 734.385927][ T5916] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 734.414481][T11559] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 734.425756][T11559] usb 1-1: New USB device found, idVendor=1532, idProduct=010d, bcdDevice= 0.00 [ 734.454623][T11559] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 734.466715][T11559] usb 1-1: config 0 descriptor?? [ 734.521299][ T5916] usb 3-1: device descriptor read/64, error -71 [ 734.558095][T16192] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2781'. [ 734.632979][T16194] pimreg: entered allmulticast mode [ 734.789631][ T5916] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 734.876593][T16183] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 734.906272][T16183] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 734.935777][ T5916] usb 3-1: device descriptor read/64, error -71 [ 734.949932][T16183] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 734.975820][T16183] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 734.994498][T11559] usbhid 1-1:0.0: can't add hid device: -71 [ 735.001312][T11559] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 735.046394][ T5916] usb usb3-port1: attempt power cycle [ 735.121116][T16201] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2784'. [ 735.227280][T11559] usb 1-1: USB disconnect, device number 3 [ 735.386189][ T5916] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 735.416544][ T5916] usb 3-1: device descriptor read/8, error -71 [ 735.655820][ T5916] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 735.696613][ T5916] usb 3-1: device descriptor read/8, error -71 [ 735.708158][T16210] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2787'. [ 735.795928][ T43] usb 2-1: new high-speed USB device number 94 using dummy_hcd [ 735.806248][ T5916] usb usb3-port1: unable to enumerate USB device [ 735.972152][T16201] bond0 (unregistering): Released all slaves [ 735.985969][ T43] usb 2-1: device descriptor read/64, error -71 [ 736.095996][ T5916] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 736.225829][ T43] usb 2-1: new high-speed USB device number 95 using dummy_hcd [ 736.247628][ T5916] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 736.259642][ T5916] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 736.270956][ T5916] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 736.282609][ T5916] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 736.298174][ T5916] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 736.307851][ T5916] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 736.316117][ T5916] usb 1-1: Product: syz [ 736.320727][ T5916] usb 1-1: Manufacturer: syz [ 736.325383][ T5916] usb 1-1: SerialNumber: syz [ 736.338833][T16214] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 736.348248][ T5916] cdc_mbim 1-1:1.0: skipping garbage [ 736.355888][ T43] usb 2-1: device descriptor read/64, error -71 [ 736.466162][ T43] usb usb2-port1: attempt power cycle [ 736.547201][T16214] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 736.554877][T16214] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 736.779018][T16215] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 736.786566][T16215] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 736.794175][ T5916] cdc_mbim 1-1:1.0: setting tx_max = 184 [ 736.803334][ T5916] cdc_mbim 1-1:1.0: cdc-wdm0: USB WDM device [ 736.805833][ T43] usb 2-1: new high-speed USB device number 96 using dummy_hcd [ 736.820152][ T5916] wwan wwan0: port wwan0mbim0 attached [ 736.836897][ T43] usb 2-1: device descriptor read/8, error -71 [ 736.837786][ T5916] cdc_mbim 1-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.0-1, CDC MBIM, 9e:03:36:5c:33:16 [ 737.085811][ T43] usb 2-1: new high-speed USB device number 97 using dummy_hcd [ 737.116762][ T43] usb 2-1: device descriptor read/8, error -71 [ 737.240827][ T43] usb usb2-port1: unable to enumerate USB device [ 737.390622][ T5492] 8021q: adding VLAN 0 to HW filter on device wwan0 [ 737.566252][ T5916] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 737.728678][ T5916] usb 3-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 737.738903][ T5916] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 737.753963][ T5916] usb 3-1: config 0 descriptor?? [ 737.760735][T13290] usb 5-1: new high-speed USB device number 127 using dummy_hcd [ 737.785603][ T5916] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 738.058781][T13290] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 738.084074][T13290] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 738.167699][T13290] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 738.207007][T13290] usb 5-1: config 0 descriptor?? [ 738.234981][T13290] pwc: Askey VC010 type 2 USB webcam detected. [ 738.431632][T16239] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 738.440822][T16239] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 738.653065][T13290] pwc: recv_control_msg error -32 req 02 val 2b00 [ 738.676256][T13290] pwc: recv_control_msg error -32 req 02 val 2700 [ 738.684492][T13290] pwc: recv_control_msg error -32 req 02 val 2c00 [ 738.693285][T13290] pwc: recv_control_msg error -32 req 04 val 1000 [ 738.701577][T13290] pwc: recv_control_msg error -32 req 04 val 1300 [ 738.711200][T13290] pwc: recv_control_msg error -32 req 04 val 1400 [ 738.719768][T13290] pwc: recv_control_msg error -32 req 02 val 2000 [ 738.732253][T13290] pwc: recv_control_msg error -32 req 02 val 2100 [ 738.795340][T13290] pwc: recv_control_msg error -32 req 04 val 1500 [ 738.879845][T13290] pwc: recv_control_msg error -32 req 02 val 2500 [ 738.908438][ T43] usb 1-1: USB disconnect, device number 4 [ 738.940458][T16264] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2793'. [ 738.978169][ T43] cdc_mbim 1-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.0-1, CDC MBIM [ 739.036728][ T5916] gspca_stv06xx: I2C: Read error writing address: -71 [ 739.087586][T16267] program syz.0.2794 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 739.089053][ T43] cdc_mbim 1-1:1.0 wwan0: failed to kill vid 0081/0 [ 739.109975][ T5916] usb 3-1: USB disconnect, device number 34 [ 739.266503][T16274] fuse: Unknown parameter 'user_id0000000000000000000000000000000000000000' [ 739.421422][ T43] wwan wwan0: port wwan0mbim0 disconnected [ 739.487127][T13290] pwc: recv_control_msg error -71 req 02 val 2600 [ 739.516879][T13290] pwc: recv_control_msg error -71 req 02 val 2900 [ 739.546508][T13290] pwc: recv_control_msg error -71 req 02 val 2800 [ 739.564224][T13290] pwc: recv_control_msg error -71 req 04 val 1100 [ 739.575720][T13290] pwc: recv_control_msg error -71 req 04 val 1200 [ 739.594261][T13290] pwc: Registered as video103. [ 739.618955][T13290] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input74 [ 739.661090][T13290] usb 5-1: USB disconnect, device number 127 [ 739.781972][T16286] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2797'. [ 740.804850][T16319] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2799'. [ 741.277806][T16343] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2801'. [ 741.397854][T16350] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2804'. [ 744.299652][ T43] usb 4-1: new full-speed USB device number 29 using dummy_hcd [ 744.793357][ T43] usb 4-1: config 0 has no interfaces? [ 744.806127][ T43] usb 4-1: New USB device found, idVendor=12d1, idProduct=42f7, bcdDevice=aa.47 [ 744.815372][ T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 744.826564][ T43] usb 4-1: config 0 descriptor?? [ 745.270724][ T43] usb 4-1: USB disconnect, device number 29 [ 745.517271][T16414] kvm: requested 134933 ns i8254 timer period limited to 200000 ns [ 745.534190][T16414] kvm: requested 10057 ns i8254 timer period limited to 200000 ns [ 745.574126][T16414] kvm: requested 7542 ns i8254 timer period limited to 200000 ns [ 745.655002][T16414] kvm: requested 101409 ns i8254 timer period limited to 200000 ns [ 745.821286][T16422] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 745.885807][ T43] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 746.135705][ T43] usb 4-1: Using ep0 maxpacket: 8 [ 746.157519][ T43] usb 4-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 746.169252][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 746.177587][ T43] usb 4-1: Product: syz [ 746.181844][ T43] usb 4-1: Manufacturer: syz [ 746.186697][ T43] usb 4-1: SerialNumber: syz [ 746.197461][ T43] usb 4-1: config 0 descriptor?? [ 746.206659][ T43] gspca_main: sq905-2.14.0 probing 2770:9120 [ 746.211463][T16427] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2816'. [ 746.882103][T16458] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2823'. [ 747.108120][T16461] netlink: 84 bytes leftover after parsing attributes in process `syz.0.2824'. [ 747.130398][T16461] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2824'. [ 747.326616][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.333188][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.356228][T16419] ip6tnl1: entered promiscuous mode [ 747.367021][ T43] gspca_sq905: sq905_read_data: usb_control_msg failed (-71) [ 747.381587][ T43] sq905 4-1:0.0: probe with driver sq905 failed with error -71 [ 747.412116][ T43] usb 4-1: USB disconnect, device number 30 [ 747.881164][ T5837] Bluetooth: hci5: command 0x0c1a tx timeout [ 748.076018][T13290] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 748.219786][T16474] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 748.423017][ T30] audit: type=1326 audit(1760494991.797:1061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16482 comm="syz.3.2829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f994bb8eec9 code=0x7ffc0000 [ 748.512580][ T30] audit: type=1326 audit(1760494991.827:1062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16482 comm="syz.3.2829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f994bb8eec9 code=0x7ffc0000 [ 748.561106][T13290] usb 3-1: Using ep0 maxpacket: 32 [ 748.599835][T13290] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 748.613445][T16490] pim6reg: entered allmulticast mode [ 748.627451][ T30] audit: type=1326 audit(1760494991.967:1063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16482 comm="syz.3.2829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f994bb8eec9 code=0x7ffc0000 [ 748.662401][T13290] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 748.693418][T13290] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 748.721318][T13290] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 748.735813][ T30] audit: type=1326 audit(1760494991.967:1064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16482 comm="syz.3.2829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f994bb8eec9 code=0x7ffc0000 [ 748.793900][T13290] usb 3-1: config 0 descriptor?? [ 748.821907][T13290] hub 3-1:0.0: USB hub found [ 748.849995][ T30] audit: type=1326 audit(1760494991.967:1065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16482 comm="syz.3.2829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f994bb8eec9 code=0x7ffc0000 [ 748.996773][ T30] audit: type=1326 audit(1760494991.967:1066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16482 comm="syz.3.2829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f994bb8eec9 code=0x7ffc0000 [ 749.063594][T13290] hub 3-1:0.0: 1 port detected [ 749.136614][ T30] audit: type=1326 audit(1760494991.967:1067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16482 comm="syz.3.2829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f994bb8eec9 code=0x7ffc0000 [ 749.275072][ T30] audit: type=1326 audit(1760494991.967:1068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16482 comm="syz.3.2829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f994bb8eec9 code=0x7ffc0000 [ 749.299293][ T30] audit: type=1326 audit(1760494991.967:1069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16482 comm="syz.3.2829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f994bb8eec9 code=0x7ffc0000 [ 749.324195][ T30] audit: type=1326 audit(1760494992.037:1070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16482 comm="syz.3.2829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f994bb8eec9 code=0x7ffc0000 [ 749.590823][T16501] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2832'. [ 749.956017][ T5837] Bluetooth: hci5: command 0x0c1a tx timeout [ 750.198034][T13290] hub 3-1:0.0: hub_hub_status failed (err = -32) [ 750.204409][T13290] hub 3-1:0.0: config failed, can't get hub status (err -32) [ 750.229592][T13290] usbhid 3-1:0.0: can't add hid device: -32 [ 750.261035][T13290] usbhid 3-1:0.0: probe with driver usbhid failed with error -32 [ 750.287159][T16512] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 750.536175][T16521] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2836'. [ 750.885783][T13290] usb 4-1: new full-speed USB device number 31 using dummy_hcd [ 750.903283][T16535] netlink: 6032 bytes leftover after parsing attributes in process `syz.0.2842'. [ 751.026259][ T5916] usb 3-1: USB disconnect, device number 35 [ 751.068337][T13290] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 751.110460][T13290] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 751.147119][T13290] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10 [ 751.166792][T13290] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 751.182537][T13290] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 751.198669][T13290] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 751.219315][T13290] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 751.227729][T13290] usb 4-1: Product: syz [ 751.232062][T13290] usb 4-1: Manufacturer: syz [ 751.237465][T13290] usb 4-1: SerialNumber: syz [ 751.244301][T13290] usb 4-1: config 0 descriptor?? [ 751.456858][T13290] radio-si470x 4-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 751.463815][T13290] radio-si470x 4-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 751.657388][T13290] radio-si470x 4-1:0.0: software version 0, hardware version 0 [ 751.667002][T13290] radio-si470x 4-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0. [ 751.696376][T13290] radio-si470x 4-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org [ 751.899538][T13290] radio-si470x 4-1:0.0: submitting int urb failed (-90) [ 752.235188][ T24] hid-generic 0000:0040:30383231.004D: unknown main item tag 0x0 [ 752.258266][ T24] hid-generic 0000:0040:30383231.004D: unknown main item tag 0x0 [ 752.285953][ T24] hid-generic 0000:0040:30383231.004D: unknown main item tag 0x0 [ 752.294985][ T24] hid-generic 0000:0040:30383231.004D: unknown main item tag 0x0 [ 752.305787][ T24] hid-generic 0000:0040:30383231.004D: unknown main item tag 0x0 [ 752.318554][ T24] hid-generic 0000:0040:30383231.004D: unknown main item tag 0x0 [ 752.329730][ T24] hid-generic 0000:0040:30383231.004D: unknown main item tag 0x0 [ 752.348303][ T24] hid-generic 0000:0040:30383231.004D: unknown main item tag 0x0 [ 752.388201][ T24] hid-generic 0000:0040:30383231.004D: unknown main item tag 0x0 [ 752.437675][ T24] hid-generic 0000:0040:30383231.004D: hidraw0: HID v303038.78 Device [syz1] on syz0 [ 752.475726][ T43] usb 3-1: new full-speed USB device number 36 using dummy_hcd [ 753.164583][T13290] radio-si470x 4-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 753.187717][T13290] radio-si470x 4-1:0.0: si470x_get_report: usb_control_msg returned -71 [ 753.224400][T13290] usb 4-1: USB disconnect, device number 31 [ 753.551715][ T43] usb 3-1: unable to get BOS descriptor or descriptor too short [ 753.609526][ T43] usb 3-1: not running at top speed; connect to a high speed hub [ 753.714705][T16575] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2853'. [ 753.736611][T16575] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2853'. [ 753.849176][ T43] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 753.859637][ T43] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 753.870723][ T43] usb 3-1: config 1 has no interface number 1 [ 753.877467][ T43] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 753.891666][ T43] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 48, changing to 4 [ 753.903072][ T43] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 12540, setting to 1023 [ 753.919736][T16580] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2855'. [ 753.934576][ T43] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 753.944443][ T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 753.963835][ T43] usb 3-1: Product: syz [ 753.989198][ T43] usb 3-1: Manufacturer: syz [ 754.004259][ T43] usb 3-1: SerialNumber: syz [ 754.049253][T16584] loop2: detected capacity change from 0 to 7 [ 754.070009][T16584] loop2: [ 754.073104][T16584] loop2: partition table partially beyond EOD, truncated [ 754.221034][T10079] vivid-000: reconnect [ 754.340973][ T43] hub 3-1:1.0: Invalid hub with more than one config or interface [ 754.363990][ T43] hub 3-1:1.0: probe with driver hub failed with error -22 [ 754.386448][ T984] usb 2-1: new high-speed USB device number 98 using dummy_hcd [ 754.553777][ T43] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor [ 754.575961][ T984] usb 2-1: Using ep0 maxpacket: 16 [ 754.582752][ T984] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 754.614398][ T984] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFC, changing to 0x8C [ 754.660313][ T984] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 7 [ 754.676658][ T43] usb 3-1: USB disconnect, device number 36 [ 754.704405][ T984] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 754.751498][ T984] usb 2-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f [ 754.762434][ T984] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 754.764846][ T8069] udevd[8069]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 754.794517][ T984] usb 2-1: Product: syz [ 754.820516][ T984] usb 2-1: Manufacturer: syz [ 754.837444][ T984] usb 2-1: SerialNumber: syz [ 754.887257][ T984] usb 2-1: config 0 descriptor?? [ 755.105885][ T984] rc_core: IR keymap rc-xbox-dvd not found [ 755.114634][T16586] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 755.123317][ T984] Registered IR keymap rc-empty [ 755.132456][ T984] rc rc0: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 755.144239][T16586] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 755.161065][ T984] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input75 [ 755.197357][ T984] usb 2-1: USB disconnect, device number 98 [ 755.203403][ C1] xbox_remote 2-1:0.0: xbox_remote_irq_in: usb_submit_urb()=-19 [ 755.569242][ T5837] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 755.583431][ T5837] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 755.612011][ T5837] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 755.630020][ T5837] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 755.677717][ T5837] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 755.802294][T16596] xt_cgroup: xt_cgroup: no path or classid specified [ 756.025468][T16601] geneve2: entered promiscuous mode [ 756.030960][ T5916] usb 2-1: new high-speed USB device number 99 using dummy_hcd [ 756.243772][T16610] bond0: left allmulticast mode [ 756.249844][ T5916] usb 2-1: Using ep0 maxpacket: 8 [ 756.262411][ T5916] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 756.262439][ T5916] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 756.262463][ T5916] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 239, changing to 11 [ 756.262489][ T5916] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 9059, setting to 1024 [ 756.262514][ T5916] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 756.267320][ T5916] usb 2-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=a6.d1 [ 756.267340][ T5916] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 756.267359][ T5916] usb 2-1: Product: syz [ 756.267374][ T5916] usb 2-1: Manufacturer: syz [ 756.267389][ T5916] usb 2-1: SerialNumber: syz [ 756.273467][ T5916] usb 2-1: config 0 descriptor?? [ 756.277395][T16610] bond_slave_0: left allmulticast mode [ 756.277447][T16610] bond_slave_1: left allmulticast mode [ 756.278365][T16610] bridge0: port 3(bond0) entered disabled state [ 756.347099][T16610] : left allmulticast mode [ 756.347127][T16610] : left promiscuous mode [ 756.347381][T16610] bridge0: port 1() entered disabled state [ 756.386463][T16610] bridge_slave_1: left allmulticast mode [ 756.386491][T16610] bridge_slave_1: left promiscuous mode [ 756.386731][T16610] bridge0: port 2(bridge_slave_1) entered disabled state [ 756.405122][T16610] bond0: (slave bond_slave_0): Releasing backup interface [ 756.407615][T16610] bond_slave_0: left promiscuous mode [ 756.412686][T16610] bond0: (slave bond_slave_1): Releasing backup interface [ 756.435185][T16610] bond_slave_1: left promiscuous mode [ 756.465514][T16610] team0: Port device team_slave_0 removed [ 756.512932][T16610] team0: Port device team_slave_1 removed [ 756.547428][T16610] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 756.619509][T16618] debugfs: '!' already exists in 'ieee80211' [ 756.752714][T16619] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2863'. [ 757.124803][T16592] chnl_net:caif_netlink_parms(): no params data found [ 757.722633][ T5829] Bluetooth: hci1: command tx timeout [ 757.867902][T16630] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2866'. [ 758.815929][T11309] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 758.965814][ T5916] rc_core: IR keymap rc-imon-rsc not found [ 758.971681][ T5916] Registered IR keymap rc-empty [ 758.978445][ T5916] rc rc0: iMON Station as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 758.990313][ T5916] input: iMON Station as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input76 [ 759.003866][T11309] usb 3-1: config 0 has no interfaces? [ 759.030876][T11309] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 759.046013][T11309] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 759.056062][T11309] usb 3-1: Product: syz [ 759.060239][T11309] usb 3-1: Manufacturer: syz [ 759.064919][T11309] usb 3-1: SerialNumber: syz [ 759.079023][T11309] usb 3-1: config 0 descriptor?? [ 759.099074][ T5916] usb 2-1: USB disconnect, device number 99 [ 759.304975][ T7561] dvmrp0 (unregistering): left allmulticast mode [ 759.314314][T16646] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2870'. [ 759.441700][T16650] binder: 16649:16650 ioctl c0306201 200000000040 returned -14 [ 759.465969][ T5916] usb 2-1: new high-speed USB device number 100 using dummy_hcd [ 759.627689][ T5916] usb 2-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 759.638994][ T5916] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 759.654338][ T5916] usb 2-1: config 0 descriptor?? [ 759.663918][ T5916] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 759.730191][ T7561] bond1 (unregistering): Released all slaves [ 759.736579][T13290] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 759.795966][ T5829] Bluetooth: hci1: command tx timeout [ 759.830957][T16592] bridge0: port 1(bridge_slave_0) entered blocking state [ 759.842251][T16592] bridge0: port 1(bridge_slave_0) entered disabled state [ 759.857353][T16592] bridge_slave_0: entered allmulticast mode [ 759.865401][T16592] bridge_slave_0: entered promiscuous mode [ 759.865804][T13290] usb 1-1: device descriptor read/64, error -71 [ 759.900559][ T7561] tipc: Left network mode [ 759.924980][T16592] bridge0: port 2(bridge_slave_1) entered blocking state [ 759.932716][T16592] bridge0: port 2(bridge_slave_1) entered disabled state [ 759.940168][T16592] bridge_slave_1: entered allmulticast mode [ 759.948599][T16592] bridge_slave_1: entered promiscuous mode [ 760.072149][T16592] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 760.123429][T16592] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 760.135874][T13290] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 760.265903][T13290] usb 1-1: device descriptor read/64, error -71 [ 760.296001][ T24] usb 3-1: USB disconnect, device number 37 [ 760.308896][T16643] xt_cgroup: invalid path, errno=-2 [ 760.376183][T13290] usb usb1-port1: attempt power cycle [ 760.415366][T16592] team0: Port device team_slave_0 added [ 760.460349][ T7561] hsr_slave_0: left promiscuous mode [ 760.468298][ T7561] hsr_slave_1: left promiscuous mode [ 760.474657][ T7561] batman_adv: batadv0: Removing interface: virt_wifi0 [ 760.500349][ T7561] pim6reg (unregistering): left allmulticast mode [ 760.523768][ T7561] pimreg (unregistering): left allmulticast mode [ 760.721796][T13290] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 760.754173][T13290] usb 1-1: device descriptor read/8, error -71 [ 761.013245][T16679] fuse: Bad value for 'rootmode' [ 761.018413][T13290] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 761.056846][T13290] usb 1-1: device descriptor read/8, error -71 [ 761.176470][T13290] usb usb1-port1: unable to enumerate USB device [ 761.880507][ T5829] Bluetooth: hci1: command tx timeout [ 762.112617][T16592] team0: Port device team_slave_1 added [ 762.180854][ T5916] gspca_stv06xx: I2C: Read error writing address: -71 [ 762.219864][ T5916] usb 2-1: USB disconnect, device number 100 [ 763.107266][T16592] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 763.157986][T16592] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 763.331562][T16592] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 763.431695][T16592] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 763.505925][T16592] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 763.554493][T16715] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2882'. [ 763.708102][T16592] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 763.957165][ T5829] Bluetooth: hci1: command tx timeout [ 764.147992][T16592] hsr_slave_0: entered promiscuous mode [ 764.154848][T16592] hsr_slave_1: entered promiscuous mode [ 764.226849][T16592] debugfs: 'hsr0' already exists in 'hsr' [ 764.261877][T16592] Cannot create hsr debugfs directory [ 764.275341][T16730] kernel read not supported for file / 7âW)s!Qfsl{Tr)rO2:"T+͟v|ղDvc֠6xc: (pid: 16730 comm: syz.2.2885) [ 764.344930][ T7561] IPVS: stop unused estimator thread 0... [ 764.356693][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 764.356710][ T30] audit: type=1800 audit(1760495007.727:1072): pid=16730 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2885" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=69314 res=0 errno=0 [ 764.555791][ T5916] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 764.880142][T16750] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2888'. [ 764.893227][T16750] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2888'. [ 765.331898][T16767] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 765.346863][ T5916] usb 1-1: new full-speed USB device number 10 using dummy_hcd [ 765.351242][T16592] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 765.409903][T16592] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 765.423308][T16592] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 765.437706][T16592] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 765.518766][ T5916] usb 1-1: config 0 has an invalid interface number: 87 but max is 0 [ 765.616083][ T5916] usb 1-1: config 0 has no interface number 0 [ 765.631801][ T5916] usb 1-1: config 0 interface 87 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 765.705743][ T5916] usb 1-1: New USB device found, idVendor=1b3d, idProduct=930f, bcdDevice=d1.6c [ 765.715102][ T5916] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 765.733634][ T5916] usb 1-1: Product: syz [ 765.742781][ T5916] usb 1-1: Manufacturer: syz [ 765.814997][ T5916] usb 1-1: SerialNumber: syz [ 765.874387][T16592] 8021q: adding VLAN 0 to HW filter on device bond0 [ 765.920261][ T5916] usb 1-1: config 0 descriptor?? [ 765.946717][T16749] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 766.006656][ T5916] ftdi_sio 1-1:0.87: FTDI USB Serial Device converter detected [ 766.021743][T16592] 8021q: adding VLAN 0 to HW filter on device team0 [ 766.031219][ T5916] ftdi_sio ttyUSB0: unknown device type: 0xd16c [ 766.044419][ T7561] bridge0: port 1(bridge_slave_0) entered blocking state [ 766.051651][ T7561] bridge0: port 1(bridge_slave_0) entered forwarding state [ 766.092602][ T7561] bridge0: port 2(bridge_slave_1) entered blocking state [ 766.099789][ T7561] bridge0: port 2(bridge_slave_1) entered forwarding state [ 766.476766][T16787] syzkaller1: tun_chr_ioctl cmd 1074025672 [ 766.558868][T16749] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 766.560243][T16787] syzkaller1: ignored: set checksum enabled [ 766.607360][T16749] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 766.636196][T16592] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 766.887500][T16592] veth0_vlan: entered promiscuous mode [ 766.965356][T16592] veth1_vlan: entered promiscuous mode [ 767.071852][T16763] program syz.4.2890 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 767.098816][T16592] veth0_macvtap: entered promiscuous mode [ 767.131223][T16592] veth1_macvtap: entered promiscuous mode [ 767.201570][T16592] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 767.338980][T16592] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 767.406987][ T802] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 767.447565][ T802] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 767.498763][ T802] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 767.539085][ T802] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 767.956576][T16807] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2895'. [ 768.238007][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 768.275232][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 768.349037][ T24] usb 1-1: USB disconnect, device number 10 [ 768.380104][ T24] ftdi_sio 1-1:0.87: device disconnected [ 768.423829][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 768.447586][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 768.506995][T16818] netlink: 'syz.2.2899': attribute type 298 has an invalid length. [ 768.547677][T11559] usb 2-1: new full-speed USB device number 101 using dummy_hcd [ 768.789563][T11559] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 768.841484][T11559] usb 2-1: New USB device found, idVendor=3823, idProduct=0001, bcdDevice= 3.eb [ 768.860873][T11559] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 768.890234][T11559] usb 2-1: Product: syz [ 768.893196][T16832] kvm: pic: non byte write [ 768.905688][T11559] usb 2-1: Manufacturer: syz [ 768.920488][T11559] usb 2-1: SerialNumber: syz [ 768.966954][T11559] usb 2-1: config 0 descriptor?? [ 769.009271][T11559] usbtouchscreen 2-1:0.0: probe with driver usbtouchscreen failed with error -12 [ 769.193046][T16813] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 769.216711][T16813] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 769.309777][T16844] netlink: 'syz.1.2897': attribute type 10 has an invalid length. [ 769.534834][ T5837] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 769.545028][ T5837] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 769.553561][ T5837] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 769.582979][ T5837] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 769.592669][ T5837] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 769.875392][ T60] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 769.887926][ T60] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 770.031319][ T60] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 770.054845][ T60] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 770.073383][T16862] netlink: 'syz.0.2911': attribute type 3 has an invalid length. [ 770.190002][ T60] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 770.202007][ T60] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 770.468411][T16854] chnl_net:caif_netlink_parms(): no params data found [ 770.777685][T16889] netlink: 288 bytes leftover after parsing attributes in process `syz.5.2919'. [ 770.962751][T16854] bridge0: port 1(bridge_slave_0) entered blocking state [ 770.970677][T16854] bridge0: port 1(bridge_slave_0) entered disabled state [ 770.978191][T16854] bridge_slave_0: entered allmulticast mode [ 770.986590][T16854] bridge_slave_0: entered promiscuous mode [ 771.064111][T16854] bridge0: port 2(bridge_slave_1) entered blocking state [ 771.094473][T16854] bridge0: port 2(bridge_slave_1) entered disabled state [ 771.125552][T16854] bridge_slave_1: entered allmulticast mode [ 771.133893][T16902] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2922'. [ 771.136075][T16854] bridge_slave_1: entered promiscuous mode [ 771.156220][T16902] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2922'. [ 771.272347][T16902] ip6gretap0: entered promiscuous mode [ 771.298496][T16902] erspan0: entered promiscuous mode [ 771.340417][ T5914] usb 2-1: USB disconnect, device number 101 [ 771.422569][T16854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 771.520490][T16854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 771.636448][ T5829] Bluetooth: hci0: command tx timeout [ 771.987835][T16925] netlink: 'syz.1.2930': attribute type 25 has an invalid length. [ 772.039947][ T60] bond3 (unregistering): (slave gretap1): Releasing active interface [ 772.111832][ T60] bond4 (unregistering): (slave geneve3): Releasing active interface [ 772.337654][ T60] bond3 (unregistering): (slave bridge4): Releasing active interface [ 772.652211][ T60] bond0 (unregistering): Released all slaves [ 772.833833][ T60] bond1 (unregistering): Released all slaves [ 772.997788][ T60] bond2 (unregistering): Released all slaves [ 773.015056][ T60] bond3 (unregistering): Released all slaves [ 773.155789][ T60] bond4 (unregistering): Released all slaves [ 773.285558][ T60] bond5 (unregistering): Released all slaves [ 773.300433][T16854] team0: Port device team_slave_0 added [ 773.309813][T16854] team0: Port device team_slave_1 added [ 773.383268][ T60] tipc: Left network mode [ 773.388682][T16935] syzkaller0: entered promiscuous mode [ 773.394257][T16935] syzkaller0: entered allmulticast mode [ 773.552885][T16854] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 773.561962][T16854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 773.588772][T16854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 773.630544][T16942] netlink: 512 bytes leftover after parsing attributes in process `syz.5.2936'. [ 773.644100][T16854] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 773.651878][T16854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 773.685316][T16854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 773.717053][ T5829] Bluetooth: hci0: command tx timeout [ 773.891150][T16854] hsr_slave_0: entered promiscuous mode [ 773.909616][T16854] hsr_slave_1: entered promiscuous mode [ 773.916684][T16854] debugfs: 'hsr0' already exists in 'hsr' [ 773.922439][T16854] Cannot create hsr debugfs directory [ 774.581840][T16974] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2947'. [ 774.655838][T16979] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2947'. [ 774.704432][T16984] SET target dimension over the limit! [ 775.246288][ T60] hsr_slave_0: left promiscuous mode [ 775.284675][ T60] veth1_macvtap: left promiscuous mode [ 775.290968][ T60] veth0_macvtap: left promiscuous mode [ 775.297230][ T60] veth1_vlan: left promiscuous mode [ 775.302800][ T60] veth0_vlan: left promiscuous mode [ 775.455426][ T60] team0 (unregistering): Port device batadv1 removed [ 775.797578][ T5829] Bluetooth: hci0: command tx timeout [ 776.510649][T17016] tipc: Enabled bearer , priority 0 [ 776.525445][T17017] syzkaller0: entered promiscuous mode [ 776.542074][T17017] syzkaller0: entered allmulticast mode [ 776.586000][T17014] tipc: Resetting bearer [ 776.629127][T17013] tipc: Resetting bearer [ 776.658314][T17013] tipc: Disabling bearer [ 777.120082][T17044] pim6reg1: entered promiscuous mode [ 777.125587][T17044] pim6reg1: entered allmulticast mode [ 777.314644][T17052] netlink: 'syz.0.2966': attribute type 10 has an invalid length. [ 777.344026][T17055] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2967'. [ 777.417508][T17052] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 777.588738][T17055] vlan2: entered promiscuous mode [ 777.594112][T17055] geneve1: entered promiscuous mode [ 777.607628][T17055] vlan2: entered allmulticast mode [ 777.612880][T17055] geneve1: entered allmulticast mode [ 777.737419][T17067] tipc: Enabled bearer , priority 0 [ 777.769854][T17067] syzkaller0: entered promiscuous mode [ 777.776445][T17067] syzkaller0: entered allmulticast mode [ 777.812830][T17067] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 777.863417][T17067] tipc: Resetting bearer [ 777.872786][T16854] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 777.880159][ T5829] Bluetooth: hci0: command tx timeout [ 777.894375][T17066] tipc: Resetting bearer [ 777.934436][T17066] tipc: Disabling bearer [ 777.980546][T16854] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 777.999969][T16854] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 778.013173][T16854] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 778.025731][ T43] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 778.189889][T16854] 8021q: adding VLAN 0 to HW filter on device bond0 [ 778.207752][ T43] usb 6-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 778.227044][ T43] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 778.248345][T16854] 8021q: adding VLAN 0 to HW filter on device team0 [ 778.258249][ T43] usb 6-1: config 0 descriptor?? [ 778.265400][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 778.272635][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 778.279285][ T43] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 778.304562][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 778.312261][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 778.469585][T16854] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 778.604103][T16854] veth0_vlan: entered promiscuous mode [ 778.633800][T16854] veth1_vlan: entered promiscuous mode [ 778.683602][T16854] veth0_macvtap: entered promiscuous mode [ 778.699495][T16854] veth1_macvtap: entered promiscuous mode [ 778.748543][T16854] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 778.778543][T16854] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 778.819112][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 778.861417][ T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 778.904884][ T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 778.935424][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 779.121663][ T7561] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 779.147250][ T7561] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 779.216674][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 779.249471][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 779.497612][ T43] gspca_stv06xx: I2C: Read error writing address: -71 [ 779.534949][ T43] usb 6-1: USB disconnect, device number 2 [ 779.558297][T17122] netlink: 'syz.4.2980': attribute type 10 has an invalid length. [ 779.674155][T17122] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 780.047103][ T5916] IPVS: starting estimator thread 0... [ 780.060527][T17157] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2995'. [ 780.089301][T17157] IPVS: length: 141 != 8 [ 780.139201][T17158] IPVS: using max 26 ests per chain, 62400 per kthread [ 780.224011][T17165] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2997'. [ 780.320528][T17172] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3002'. [ 780.535482][T17184] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3007'. [ 780.814464][T17198] tipc: Started in network mode [ 780.826270][T17198] tipc: Node identity 66aff6cc2609, cluster identity 4711 [ 780.847660][T17198] tipc: Enabled bearer , priority 0 [ 780.867774][T17198] syzkaller0: entered promiscuous mode [ 780.873369][T17198] syzkaller0: entered allmulticast mode [ 780.932608][T17198] tipc: Resetting bearer [ 780.987732][T17197] tipc: Resetting bearer [ 781.059709][T17197] tipc: Disabling bearer [ 781.212808][T17214] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3020'. [ 781.501573][T17228] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3027'. [ 781.591866][T17203] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 781.604454][T17203] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 781.641812][T17232] netlink: 'syz.5.3029': attribute type 2 has an invalid length. [ 781.642203][T17203] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 781.656083][T17203] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 781.792448][T17203] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 781.817996][T17203] Bluetooth: hci5: Error when powering off device on rfkill (-4) [ 782.248648][T17203] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 782.254693][T17203] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 782.255118][T17266] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3040'. [ 782.275302][T17266] netlink: 35 bytes leftover after parsing attributes in process `syz.0.3040'. [ 782.286779][T17266] netlink: 'syz.0.3040': attribute type 6 has an invalid length. [ 782.295561][T17266] netlink: 35 bytes leftover after parsing attributes in process `syz.0.3040'. [ 782.383791][T17271] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3044'. [ 782.393386][T17271] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3044'. [ 782.597062][T17203] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 782.603182][T17203] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 783.035436][T17307] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3056'. [ 783.487478][T17333] netlink: 'syz.0.3064': attribute type 1 has an invalid length. [ 783.562276][T17333] 8021q: adding VLAN 0 to HW filter on device bond1 [ 783.724441][T17343] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3067'. [ 783.983811][T17361] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3073'. [ 784.549907][T17389] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3082'. [ 785.323432][ T5829] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 785.334523][ T5829] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 785.342942][ T5829] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 785.369062][ T5829] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 785.378964][ T5829] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 785.395133][ T5837] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 785.399357][T17407] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3088'. [ 785.411778][ T5837] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 785.422950][ T5837] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 785.436869][ T5837] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 785.446211][ T5837] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 785.964192][ T36] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 785.995819][ T36] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 786.116821][T17437] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3096'. [ 786.186969][T17439] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3096'. [ 786.684243][ T36] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 786.695042][ T36] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 786.767498][T17456] tipc: Started in network mode [ 786.778097][T17456] tipc: Node identity 9eb82839cb61, cluster identity 4711 [ 786.798157][T17456] tipc: Enabled bearer , priority 0 [ 786.823600][T17458] syzkaller0: entered promiscuous mode [ 786.832483][T17458] syzkaller0: entered allmulticast mode [ 786.931187][ T36] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 786.942021][ T36] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 786.974660][T17455] tipc: Resetting bearer [ 787.007593][T17467] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 787.018333][T17467] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 787.029165][T17454] tipc: Resetting bearer [ 787.034972][T17467] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 787.063838][T17454] tipc: Disabling bearer [ 787.137311][ T36] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 787.168424][ T36] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 787.295560][T17478] netlink: 'syz.2.3110': attribute type 10 has an invalid length. [ 787.347268][T17478] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 787.426910][T17486] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3113'. [ 787.458664][T17489] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3114'. [ 787.476771][ T5829] Bluetooth: hci3: command tx timeout [ 787.546606][T17410] chnl_net:caif_netlink_parms(): no params data found [ 787.723302][ T36] macsec0: left allmulticast mode [ 787.728893][ T36] veth1_macvtap: left allmulticast mode [ 787.734575][ T36] macsec0: left promiscuous mode [ 787.742708][ T36] bridge0: port 3(macsec0) entered disabled state [ 787.754011][ T36] bridge_slave_1: left allmulticast mode [ 787.770431][ T36] bridge_slave_1: left promiscuous mode [ 787.780744][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 787.838809][ T36] bridge_slave_0: left allmulticast mode [ 787.862406][ T36] bridge_slave_0: left promiscuous mode [ 787.877239][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 788.449533][T17526] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3124'. [ 788.609602][ T36] dvmrp0 (unregistering): left allmulticast mode [ 788.927030][ T36] bond0 (unregistering): Released all slaves [ 789.059397][ T36] bond1 (unregistering): Released all slaves [ 789.078231][T17518] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3121'. [ 789.295028][ T36] tipc: Left network mode [ 789.316977][ T36] IPVS: stopping master sync thread 7829 ... [ 789.370663][T17410] bridge0: port 1(bridge_slave_0) entered blocking state [ 789.383349][T17410] bridge0: port 1(bridge_slave_0) entered disabled state [ 789.393991][T17410] bridge_slave_0: entered allmulticast mode [ 789.403792][T17410] bridge_slave_0: entered promiscuous mode [ 789.414503][T17410] bridge0: port 2(bridge_slave_1) entered blocking state [ 789.422007][T17410] bridge0: port 2(bridge_slave_1) entered disabled state [ 789.429581][T17410] bridge_slave_1: entered allmulticast mode [ 789.438756][T17410] bridge_slave_1: entered promiscuous mode [ 789.556392][ T5829] Bluetooth: hci3: command tx timeout [ 789.641346][T17410] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 789.657409][T17410] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 789.768238][T17552] tipc: Enabled bearer , priority 0 [ 789.799942][T17555] syzkaller0: entered promiscuous mode [ 789.819013][T17555] syzkaller0: entered allmulticast mode [ 789.881544][T17410] team0: Port device team_slave_0 added [ 789.890965][T17410] team0: Port device team_slave_1 added [ 790.048926][T17550] tipc: Resetting bearer [ 790.081456][T17549] tipc: Resetting bearer [ 790.109718][T17549] tipc: Disabling bearer [ 790.124236][T17410] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 790.135782][T17410] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 790.162359][T17410] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 790.205909][ T36] hsr_slave_0: left promiscuous mode [ 790.255608][ T36] veth1_macvtap: left promiscuous mode [ 790.270003][ T36] veth0_macvtap: left promiscuous mode [ 790.280445][ T36] veth1_vlan: left promiscuous mode [ 790.298090][ T36] veth0_vlan: left promiscuous mode [ 791.142587][ T36] team_slave_1 (unregistering): left promiscuous mode [ 791.153223][ T36] team0 (unregistering): Port device team_slave_1 removed [ 791.201086][ T36] team_slave_0 (unregistering): left promiscuous mode [ 791.209567][ T36] team0 (unregistering): Port device team_slave_0 removed [ 791.635891][ T5829] Bluetooth: hci3: command tx timeout [ 791.680245][T17410] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 791.687872][T17410] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 791.713987][T17410] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 791.731181][T17588] syzkaller0: entered promiscuous mode [ 791.737050][T17588] syzkaller0: entered allmulticast mode [ 791.777740][T17600] tipc: Enabling of bearer rejected, failed to enable media [ 791.963113][T17410] hsr_slave_0: entered promiscuous mode [ 791.999761][T17410] hsr_slave_1: entered promiscuous mode [ 792.044611][T17613] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3148'. [ 792.584220][ C1] vcan0: j1939_tp_rxtimer: 0xffff888028e53800: rx timeout, send abort [ 792.783126][T17641] syzkaller0: entered promiscuous mode [ 792.863753][T17641] syzkaller0: entered allmulticast mode [ 792.931926][T17628] tipc: Enabled bearer , priority 0 [ 793.041227][T17654] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3160'. [ 793.084349][ C1] vcan0: j1939_tp_rxtimer: 0xffff888028e53c00: rx timeout, send abort [ 793.092890][ C1] vcan0: j1939_tp_rxtimer: 0xffff888028e53800: abort rx timeout. Force session deactivation [ 793.143599][T17628] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 793.226868][T17659] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3161'. [ 793.296832][T17662] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3162'. [ 793.323152][T17645] tipc: Resetting bearer [ 793.452620][T17627] tipc: Resetting bearer [ 793.570834][T17627] tipc: Disabling bearer [ 793.592754][ C1] vcan0 (unregistered): j1939_tp_rxtimer: 0xffff888028e53c00: abort rx timeout. Force session deactivation [ 793.622092][T17674] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3168'. [ 793.719609][ T5829] Bluetooth: hci3: command tx timeout [ 793.816628][T17681] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3170'. [ 793.874027][T17685] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3172'. [ 794.050359][T17692] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3174'. [ 794.471145][T17410] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 794.529994][T17410] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 794.657391][T17410] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 794.713187][T17410] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 794.873503][T17727] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3183'. [ 795.111787][T17410] 8021q: adding VLAN 0 to HW filter on device bond0 [ 795.178567][T17410] 8021q: adding VLAN 0 to HW filter on device team0 [ 795.263970][T17737] netlink: 64 bytes leftover after parsing attributes in process `syz.5.3186'. [ 795.308408][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 795.315672][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 795.344386][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 795.351634][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 795.395204][T17735] tipc: Enabled bearer , priority 0 [ 795.444422][T17735] tipc: Resetting bearer [ 795.478517][T17738] syzkaller0: entered promiscuous mode [ 795.504558][T17738] syzkaller0: entered allmulticast mode [ 795.550127][T17734] tipc: Resetting bearer [ 795.713085][T17734] tipc: Disabling bearer [ 796.103400][T17410] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 796.122722][T17410] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 796.322396][T17410] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 796.969282][T17410] veth0_vlan: entered promiscuous mode [ 797.084575][T17410] veth1_vlan: entered promiscuous mode [ 797.118832][T17410] veth0_macvtap: entered promiscuous mode [ 797.130991][T17410] veth1_macvtap: entered promiscuous mode [ 797.194596][T17773] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3194'. [ 797.309287][T17410] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 797.450601][T17410] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 797.511510][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 797.547659][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 797.570160][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 797.592527][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 797.909029][ T1153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 797.926646][ T1153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 797.953596][ T7561] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 797.965171][ T7561] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 798.417815][T17819] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3204'. [ 798.782046][T17838] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3209'. [ 799.949811][T17850] syz.2.3213 (17850): drop_caches: 2 [ 799.999215][T17861] syz.1.3217 (17861): drop_caches: 2 [ 800.007393][T17861] syz.1.3217 (17861): drop_caches: 2 [ 800.136896][ T30] audit: type=1326 audit(1760495043.507:1073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17863 comm="syz.2.3218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac0618eec9 code=0x7ffc0000 [ 800.206497][ T30] audit: type=1326 audit(1760495043.507:1074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17863 comm="syz.2.3218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac0618eec9 code=0x7ffc0000 [ 800.260251][ T30] audit: type=1326 audit(1760495043.547:1075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17863 comm="syz.2.3218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fac0618eec9 code=0x7ffc0000 [ 800.319742][ T30] audit: type=1326 audit(1760495043.547:1076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17863 comm="syz.2.3218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac0618eec9 code=0x7ffc0000 [ 800.375858][ T30] audit: type=1326 audit(1760495043.547:1077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17863 comm="syz.2.3218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac0618eec9 code=0x7ffc0000 [ 800.399161][T17876] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3221'. [ 800.446099][ T30] audit: type=1326 audit(1760495043.547:1078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17863 comm="syz.2.3218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fac0618eec9 code=0x7ffc0000 [ 800.526309][ T30] audit: type=1326 audit(1760495043.547:1079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17863 comm="syz.2.3218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac0618eec9 code=0x7ffc0000 [ 800.618027][ T30] audit: type=1326 audit(1760495043.547:1080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17863 comm="syz.2.3218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=292 compat=0 ip=0x7fac0618eec9 code=0x7ffc0000 [ 800.713859][ T30] audit: type=1326 audit(1760495043.547:1081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17863 comm="syz.2.3218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac0618eec9 code=0x7ffc0000 [ 801.118434][T17890] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3228'. [ 801.436061][T17897] tipc: Started in network mode [ 801.445600][T17897] tipc: Node identity c68682bdf2aa, cluster identity 4711 [ 801.461889][T17897] tipc: Enabled bearer , priority 0 [ 801.478330][T17902] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3233'. [ 801.489922][T17897] syzkaller0: entered promiscuous mode [ 801.495423][T17897] syzkaller0: entered allmulticast mode [ 801.593080][ T30] audit: type=1326 audit(1760495044.967:1082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17904 comm="syz.2.3235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac0618eec9 code=0x7ffc0000 [ 801.620231][T17903] tipc: Resetting bearer [ 801.634803][T17895] tipc: Resetting bearer [ 801.667946][T17895] tipc: Disabling bearer [ 801.729882][T17908] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3236'. [ 802.261739][T17930] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3246'. [ 802.772530][T17938] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3250'. [ 802.839592][T17942] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3251'. [ 802.853090][T17942] openvswitch: netlink: Flow actions attr not present in new flow. [ 803.005041][T17949] random: crng reseeded on system resumption [ 803.423270][T17963] netlink: 'syz.2.3259': attribute type 10 has an invalid length. [ 803.565039][T17954] tipc: Enabled bearer , priority 0 [ 803.574618][T17954] syzkaller0: entered promiscuous mode [ 803.580748][T17954] syzkaller0: entered allmulticast mode [ 803.612957][T17954] tipc: Resetting bearer [ 803.621111][T17953] tipc: Resetting bearer [ 803.717459][T17953] tipc: Disabling bearer [ 804.490764][T17984] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3267'. [ 804.663459][T17988] pim6reg1: entered promiscuous mode [ 804.668928][T17992] netlink: 'syz.5.3271': attribute type 10 has an invalid length. [ 804.695574][T17988] pim6reg1: entered allmulticast mode [ 804.711952][T17992] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 804.873836][T17996] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3272'. [ 804.924015][T17998] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 805.167925][T18005] tipc: Started in network mode [ 805.172892][T18005] tipc: Node identity 8e4ed9ba05fc, cluster identity 4711 [ 805.181226][T18005] tipc: Enabled bearer , priority 0 [ 805.191565][T18002] syzkaller0: entered promiscuous mode [ 805.212272][T18002] syzkaller0: entered allmulticast mode [ 805.329761][T18002] tipc: Resetting bearer [ 805.347857][T18001] tipc: Resetting bearer [ 805.409066][T18001] tipc: Disabling bearer [ 806.050405][T18010] netlink: 'syz.0.3279': attribute type 10 has an invalid length. [ 806.077245][T18010] bridge0: port 2(bridge_slave_1) entered disabled state [ 806.084936][T18010] bridge0: port 1(bridge_slave_0) entered disabled state [ 806.123025][T18024] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3279'. [ 806.175997][T18029] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3287'. [ 806.447991][T18010] bridge0: port 2(bridge_slave_1) entered blocking state [ 806.455128][T18010] bridge0: port 2(bridge_slave_1) entered forwarding state [ 806.464277][T18010] bridge0: port 1(bridge_slave_0) entered blocking state [ 806.471464][T18010] bridge0: port 1(bridge_slave_0) entered forwarding state [ 806.532743][T18010] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 806.542194][T18024] bridge_slave_1: left allmulticast mode [ 806.555396][T18024] bridge_slave_1: left promiscuous mode [ 806.563507][T18024] bridge0: port 2(bridge_slave_1) entered disabled state [ 806.767895][T18024] bridge_slave_0: left allmulticast mode [ 806.774802][T18024] bridge_slave_0: left promiscuous mode [ 806.780817][T18024] bridge0: port 1(bridge_slave_0) entered disabled state [ 806.822733][T18024] bond0: (slave bridge0): Releasing backup interface [ 807.062415][T18042] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3291'. [ 807.710336][T18061] netlink: 'syz.1.3299': attribute type 1 has an invalid length. [ 807.737341][T18061] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3299'. [ 807.751046][T18065] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3301'. [ 807.756030][T18061] bridge0: port 1(bridge_slave_0) entered disabled state [ 808.060275][T18073] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3304'. [ 808.260183][T18076] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3305'. [ 808.397250][ T30] kauditd_printk_skb: 26 callbacks suppressed [ 808.397267][ T30] audit: type=1326 audit(1760495051.777:1109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18077 comm="syz.0.3307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2ca78eec9 code=0x7ffc0000 [ 808.501860][ T30] audit: type=1326 audit(1760495051.777:1110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18077 comm="syz.0.3307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2ca78eec9 code=0x7ffc0000 [ 808.547930][ T30] audit: type=1326 audit(1760495051.777:1111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18077 comm="syz.0.3307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fc2ca78eec9 code=0x7ffc0000 [ 808.729889][ T30] audit: type=1326 audit(1760495051.777:1112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18077 comm="syz.0.3307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2ca78eec9 code=0x7ffc0000 [ 808.760009][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.766708][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.791440][ T30] audit: type=1326 audit(1760495051.777:1113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18077 comm="syz.0.3307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2ca78eec9 code=0x7ffc0000 [ 808.820564][ T30] audit: type=1326 audit(1760495051.777:1114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18077 comm="syz.0.3307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc2ca78eec9 code=0x7ffc0000 [ 808.843501][ T30] audit: type=1326 audit(1760495051.777:1115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18077 comm="syz.0.3307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2ca78eec9 code=0x7ffc0000 [ 808.885797][ T30] audit: type=1326 audit(1760495051.777:1116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18077 comm="syz.0.3307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2ca78eec9 code=0x7ffc0000 [ 809.023132][T18096] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3315'. [ 809.185717][ T30] audit: type=1326 audit(1760495051.777:1117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18077 comm="syz.0.3307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=216 compat=0 ip=0x7fc2ca78eec9 code=0x7ffc0000 [ 809.242803][ T30] audit: type=1326 audit(1760495051.777:1118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18077 comm="syz.0.3307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2ca78eec9 code=0x7ffc0000 [ 809.326153][T18104] tipc: Enabled bearer , priority 0 [ 809.333408][T18104] syzkaller0: entered promiscuous mode [ 809.339088][T18104] syzkaller0: entered allmulticast mode [ 809.349090][T18104] tipc: Resetting bearer [ 809.365909][T18103] tipc: Resetting bearer [ 809.421296][T18103] tipc: Disabling bearer [ 809.598345][T18106] ================================================================== [ 809.606451][T18106] BUG: KASAN: slab-out-of-bounds in change_page_attr_set_clr+0x625/0xfc0 [ 809.614880][T18106] Read of size 8 at addr ffff88802e9062f8 by task syz.2.3314/18106 [ 809.622771][T18106] [ 809.625111][T18106] CPU: 0 UID: 0 PID: 18106 Comm: syz.2.3314 Not tainted syzkaller #0 PREEMPT(full) [ 809.625134][T18106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 809.625146][T18106] Call Trace: [ 809.625155][T18106] [ 809.625164][T18106] dump_stack_lvl+0x189/0x250 [ 809.625188][T18106] ? __kasan_check_byte+0x12/0x40 [ 809.625213][T18106] ? __pfx_dump_stack_lvl+0x10/0x10 [ 809.625231][T18106] ? lock_release+0x4b/0x3e0 [ 809.625258][T18106] ? __virt_addr_valid+0x4a5/0x5c0 [ 809.625279][T18106] print_report+0xca/0x240 [ 809.625301][T18106] ? change_page_attr_set_clr+0x625/0xfc0 [ 809.625325][T18106] kasan_report+0x118/0x150 [ 809.625348][T18106] ? change_page_attr_set_clr+0x625/0xfc0 [ 809.625376][T18106] change_page_attr_set_clr+0x625/0xfc0 [ 809.625404][T18106] ? __pfx_change_page_attr_set_clr+0x10/0x10 [ 809.625433][T18106] ? __pfx_pagerange_is_ram_callback+0x10/0x10 [ 809.625455][T18106] ? memtype_reserve+0x874/0xb30 [ 809.625480][T18106] ? __pfx___ww_mutex_lock+0x10/0x10 [ 809.625503][T18106] _set_pages_array+0x145/0x270 [ 809.625530][T18106] drm_gem_shmem_get_pages_locked+0x2d0/0x440 [ 809.625561][T18106] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10 [ 809.625592][T18106] ? ww_mutex_lock+0x3f/0x1c0 [ 809.625611][T18106] drm_gem_shmem_mmap+0x193/0x460 [ 809.625629][T18106] drm_gem_mmap_obj+0x18a/0x4e0 [ 809.625651][T18106] drm_gem_mmap+0x384/0x640 [ 809.625671][T18106] ? __pfx_drm_gem_mmap+0x10/0x10 [ 809.625690][T18106] ? __mas_set_range+0x12f/0x3c0 [ 809.625716][T18106] mmap_region+0x18b4/0x2110 [ 809.625748][T18106] ? __pfx_mmap_region+0x10/0x10 [ 809.625794][T18106] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10 [ 809.625825][T18106] ? bpf_lsm_mmap_addr+0x9/0x20 [ 809.625848][T18106] ? security_mmap_addr+0x71/0x270 [ 809.625873][T18106] ? shmem_mapping+0xd/0x50 [ 809.625897][T18106] ? memfd_check_seals_mmap+0xc5/0x200 [ 809.625924][T18106] do_mmap+0xc45/0x10d0 [ 809.625945][T18106] ? __pfx_do_mmap+0x10/0x10 [ 809.625962][T18106] ? down_write_killable+0x178/0x230 [ 809.625984][T18106] ? __pfx_down_write_killable+0x10/0x10 [ 809.626005][T18106] ? common_file_perm+0x1b5/0x230 [ 809.626028][T18106] vm_mmap_pgoff+0x2a6/0x4d0 [ 809.626056][T18106] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 809.626081][T18106] ? __fget_files+0x2a/0x420 [ 809.626114][T18106] ? __fget_files+0x2a/0x420 [ 809.626135][T18106] ? __fget_files+0x2a/0x420 [ 809.626158][T18106] ksys_mmap_pgoff+0x51f/0x760 [ 809.626178][T18106] do_syscall_64+0xfa/0xfa0 [ 809.626196][T18106] ? lockdep_hardirqs_on+0x9c/0x150 [ 809.626213][T18106] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 809.626233][T18106] ? clear_bhb_loop+0x60/0xb0 [ 809.626253][T18106] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 809.626272][T18106] RIP: 0033:0x7fac0618eec9 [ 809.626290][T18106] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 809.626306][T18106] RSP: 002b:00007fac07027038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 809.626328][T18106] RAX: ffffffffffffffda RBX: 00007fac063e5fa0 RCX: 00007fac0618eec9 [ 809.626344][T18106] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000 [ 809.626356][T18106] RBP: 00007fac06211f91 R08: 0000000000000004 R09: 0000000100000000 [ 809.626369][T18106] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 809.626381][T18106] R13: 00007fac063e6038 R14: 00007fac063e5fa0 R15: 00007fac0650fa28 [ 809.626404][T18106] [ 809.626411][T18106] [ 809.962766][T18106] Allocated by task 18106: [ 809.967162][T18106] kasan_save_track+0x3e/0x80 [ 809.971825][T18106] __kasan_kmalloc+0x93/0xb0 [ 809.976398][T18106] __kvmalloc_node_noprof+0x5cd/0x910 [ 809.981755][T18106] drm_gem_get_pages+0x166/0xa20 [ 809.986677][T18106] drm_gem_shmem_get_pages_locked+0x201/0x440 [ 809.992741][T18106] drm_gem_shmem_mmap+0x193/0x460 [ 809.997751][T18106] drm_gem_mmap_obj+0x18a/0x4e0 [ 810.002585][T18106] drm_gem_mmap+0x384/0x640 [ 810.007071][T18106] mmap_region+0x18b4/0x2110 [ 810.011649][T18106] do_mmap+0xc45/0x10d0 [ 810.015785][T18106] vm_mmap_pgoff+0x2a6/0x4d0 [ 810.020363][T18106] ksys_mmap_pgoff+0x51f/0x760 [ 810.025109][T18106] do_syscall_64+0xfa/0xfa0 [ 810.029596][T18106] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 810.035470][T18106] [ 810.037783][T18106] The buggy address belongs to the object at ffff88802e906200 [ 810.037783][T18106] which belongs to the cache kmalloc-256 of size 256 [ 810.051841][T18106] The buggy address is located 0 bytes to the right of [ 810.051841][T18106] allocated 248-byte region [ffff88802e906200, ffff88802e9062f8) [ 810.066345][T18106] [ 810.068657][T18106] The buggy address belongs to the physical page: [ 810.075058][T18106] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802e906c00 pfn:0x2e906 [ 810.085121][T18106] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 810.093612][T18106] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 810.101137][T18106] page_type: f5(slab) [ 810.105105][T18106] raw: 00fff00000000040 ffff88813ffa6b40 ffffea0001305480 dead000000000006 [ 810.113688][T18106] raw: ffff88802e906c00 000000008010000d 00000000f5000000 0000000000000000 [ 810.122256][T18106] head: 00fff00000000040 ffff88813ffa6b40 ffffea0001305480 dead000000000006 [ 810.130912][T18106] head: ffff88802e906c00 000000008010000d 00000000f5000000 0000000000000000 [ 810.139567][T18106] head: 00fff00000000001 ffffea0000ba4181 00000000ffffffff 00000000ffffffff [ 810.148218][T18106] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 810.156864][T18106] page dumped because: kasan: bad access detected [ 810.163352][T18106] page_owner tracks the page as allocated [ 810.169058][T18106] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5847, tgid 5847 (syz-executor), ts 77697853779, free_ts 77645148036 [ 810.190396][T18106] post_alloc_hook+0x240/0x2a0 [ 810.195149][T18106] get_page_from_freelist+0x2365/0x2440 [ 810.200683][T18106] __alloc_frozen_pages_noprof+0x181/0x370 [ 810.206475][T18106] alloc_pages_mpol+0x232/0x4a0 [ 810.211309][T18106] allocate_slab+0x96/0x3a0 [ 810.215801][T18106] ___slab_alloc+0xe94/0x18a0 [ 810.220462][T18106] __slab_alloc+0x65/0x100 [ 810.224862][T18106] __kmalloc_noprof+0x471/0x7f0 [ 810.229694][T18106] fib_create_info+0x172d/0x3210 [ 810.234624][T18106] fib_table_insert+0xc6/0x1b50 [ 810.239456][T18106] fib_magic+0x2c4/0x390 [ 810.243681][T18106] fib_add_ifaddr+0x3fb/0x5f0 [ 810.248347][T18106] fib_netdev_event+0x382/0x490 [ 810.253185][T18106] notifier_call_chain+0x1b6/0x3e0 [ 810.258290][T18106] __dev_notify_flags+0x18d/0x2e0 [ 810.263306][T18106] netif_change_flags+0xe8/0x1a0 [ 810.268232][T18106] page last free pid 5846 tgid 5846 stack trace: [ 810.274537][T18106] __free_frozen_pages+0xbc4/0xd30 [ 810.279633][T18106] __slab_free+0x2e7/0x390 [ 810.284039][T18106] qlist_free_all+0x97/0x140 [ 810.288610][T18106] kasan_quarantine_reduce+0x148/0x160 [ 810.294052][T18106] __kasan_slab_alloc+0x22/0x80 [ 810.298884][T18106] kmem_cache_alloc_node_noprof+0x433/0x710 [ 810.304767][T18106] __alloc_skb+0x112/0x2d0 [ 810.309183][T18106] rtmsg_fib+0xea/0x4c0 [ 810.313340][T18106] fib_table_insert+0xd64/0x1b50 [ 810.318268][T18106] fib_magic+0x2c4/0x390 [ 810.322503][T18106] fib_add_ifaddr+0x144/0x5f0 [ 810.327175][T18106] fib_inetaddr_event+0x12e/0x190 [ 810.332188][T18106] notifier_call_chain+0x1b6/0x3e0 [ 810.337291][T18106] blocking_notifier_call_chain+0x6a/0x90 [ 810.343003][T18106] __inet_insert_ifa+0xa13/0xbf0 [ 810.347930][T18106] inet_rtm_newaddr+0xf3a/0x18b0 [ 810.352857][T18106] [ 810.355163][T18106] Memory state around the buggy address: [ 810.360771][T18106] ffff88802e906180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 810.368814][T18106] ffff88802e906200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 810.376855][T18106] >ffff88802e906280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 810.384897][T18106] ^ [ 810.392851][T18106] ffff88802e906300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 810.400896][T18106] ffff88802e906380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 810.408935][T18106] ================================================================== [ 810.430165][T18106] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 810.437389][T18106] CPU: 1 UID: 0 PID: 18106 Comm: syz.2.3314 Not tainted syzkaller #0 PREEMPT(full) [ 810.446750][T18106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 810.456875][T18106] Call Trace: [ 810.460137][T18106] [ 810.463053][T18106] dump_stack_lvl+0x99/0x250 [ 810.467631][T18106] ? __asan_memcpy+0x40/0x70 [ 810.472203][T18106] ? __pfx_dump_stack_lvl+0x10/0x10 [ 810.477387][T18106] ? __pfx__printk+0x10/0x10 [ 810.481965][T18106] vpanic+0x237/0x6d0 [ 810.485933][T18106] ? __pfx_vpanic+0x10/0x10 [ 810.490424][T18106] ? preempt_schedule+0xae/0xc0 [ 810.495269][T18106] ? __pfx_preempt_schedule+0x10/0x10 [ 810.500630][T18106] panic+0xb9/0xc0 [ 810.504339][T18106] ? __pfx_panic+0x10/0x10 [ 810.508743][T18106] ? change_page_attr_set_clr+0x625/0xfc0 [ 810.514449][T18106] check_panic_on_warn+0x89/0xb0 [ 810.519372][T18106] ? change_page_attr_set_clr+0x625/0xfc0 [ 810.525077][T18106] end_report+0x78/0x160 [ 810.529305][T18106] kasan_report+0x129/0x150 [ 810.533794][T18106] ? change_page_attr_set_clr+0x625/0xfc0 [ 810.539500][T18106] change_page_attr_set_clr+0x625/0xfc0 [ 810.545039][T18106] ? __pfx_change_page_attr_set_clr+0x10/0x10 [ 810.551092][T18106] ? __pfx_pagerange_is_ram_callback+0x10/0x10 [ 810.557234][T18106] ? memtype_reserve+0x874/0xb30 [ 810.562163][T18106] ? __pfx___ww_mutex_lock+0x10/0x10 [ 810.567432][T18106] _set_pages_array+0x145/0x270 [ 810.572275][T18106] drm_gem_shmem_get_pages_locked+0x2d0/0x440 [ 810.578334][T18106] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10 [ 810.584915][T18106] ? ww_mutex_lock+0x3f/0x1c0 [ 810.589578][T18106] drm_gem_shmem_mmap+0x193/0x460 [ 810.594585][T18106] drm_gem_mmap_obj+0x18a/0x4e0 [ 810.599423][T18106] drm_gem_mmap+0x384/0x640 [ 810.603910][T18106] ? __pfx_drm_gem_mmap+0x10/0x10 [ 810.608918][T18106] ? __mas_set_range+0x12f/0x3c0 [ 810.613855][T18106] mmap_region+0x18b4/0x2110 [ 810.618464][T18106] ? __pfx_mmap_region+0x10/0x10 [ 810.623417][T18106] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10 [ 810.630006][T18106] ? bpf_lsm_mmap_addr+0x9/0x20 [ 810.634852][T18106] ? security_mmap_addr+0x71/0x270 [ 810.639957][T18106] ? shmem_mapping+0xd/0x50 [ 810.644453][T18106] ? memfd_check_seals_mmap+0xc5/0x200 [ 810.649903][T18106] do_mmap+0xc45/0x10d0 [ 810.654055][T18106] ? __pfx_do_mmap+0x10/0x10 [ 810.658627][T18106] ? down_write_killable+0x178/0x230 [ 810.663899][T18106] ? __pfx_down_write_killable+0x10/0x10 [ 810.669516][T18106] ? common_file_perm+0x1b5/0x230 [ 810.674530][T18106] vm_mmap_pgoff+0x2a6/0x4d0 [ 810.679136][T18106] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 810.684257][T18106] ? __fget_files+0x2a/0x420 [ 810.688846][T18106] ? __fget_files+0x2a/0x420 [ 810.693435][T18106] ? __fget_files+0x2a/0x420 [ 810.698013][T18106] ksys_mmap_pgoff+0x51f/0x760 [ 810.702763][T18106] do_syscall_64+0xfa/0xfa0 [ 810.707249][T18106] ? lockdep_hardirqs_on+0x9c/0x150 [ 810.712435][T18106] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 810.718493][T18106] ? clear_bhb_loop+0x60/0xb0 [ 810.723154][T18106] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 810.729038][T18106] RIP: 0033:0x7fac0618eec9 [ 810.733449][T18106] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 810.753048][T18106] RSP: 002b:00007fac07027038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 810.761455][T18106] RAX: ffffffffffffffda RBX: 00007fac063e5fa0 RCX: 00007fac0618eec9 [ 810.769412][T18106] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000 [ 810.777366][T18106] RBP: 00007fac06211f91 R08: 0000000000000004 R09: 0000000100000000 [ 810.785332][T18106] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 810.793289][T18106] R13: 00007fac063e6038 R14: 00007fac063e5fa0 R15: 00007fac0650fa28 [ 810.801257][T18106] [ 810.804393][T18106] Kernel Offset: disabled [ 810.808696][T18106] Rebooting in 86400 seconds..