last executing test programs: 3m59.68835167s ago: executing program 2 (id=2092): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000500)=ANY=[@ANYBLOB="01000000000000001b0001c000"]) 3m58.393007874s ago: executing program 2 (id=2096): syz_open_dev$vim2m(&(0x7f0000000080), 0x2, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) close(0x3) 3m56.788129052s ago: executing program 2 (id=2098): r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000) r1 = socket$qrtr(0x2a, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x40000000000001, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8) process_vm_writev(0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0) readv(r0, 0x0, 0x0) close_range(r0, r1, 0x0) 3m56.285915654s ago: executing program 2 (id=2099): r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000002140)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, 0x0}}, {{&(0x7f0000000300)={0x2, 0x4e23, @empty}, 0x10, 0x0, 0x0, &(0x7f0000000a40)=[@ip_retopts={{0x14, 0x0, 0x7, {[@rr={0x7, 0x3, 0x3}]}}}], 0x18}}], 0x2, 0x4000800) 3m56.163053942s ago: executing program 2 (id=2100): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb2570000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x48) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000001c0)='sched_switch\x00'}, 0xe) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x2042, 0x0) ioctl$AUTOFS_IOC_FAIL(r2, 0x4c80, 0x7000000) r3 = socket$netlink(0x10, 0x3, 0x4) writev(r3, &(0x7f0000000300)=[{&(0x7f0000000340)="580000001400192340834b80040d8c560a117436c379000000000000000058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100090c100000000000224e0000", 0x58}], 0x1) 3m53.127652321s ago: executing program 2 (id=2108): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x11) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000100)={{0x100, 0x9, 0x2, 0xfffe}, 'syz1\x00', 0x3b}) ioctl$UI_DEV_CREATE(r0, 0x5501) write$input_event(r0, &(0x7f0000000200)={{0x77359400}, 0x11, 0xae, 0x7fffffff}, 0xffffffe7) 3m36.689243015s ago: executing program 32 (id=2108): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x11) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000100)={{0x100, 0x9, 0x2, 0xfffe}, 'syz1\x00', 0x3b}) ioctl$UI_DEV_CREATE(r0, 0x5501) write$input_event(r0, &(0x7f0000000200)={{0x77359400}, 0x11, 0xae, 0x7fffffff}, 0xffffffe7) 19.4219571s ago: executing program 1 (id=2952): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) bind$inet(r0, 0x0, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x4000015}, 0x0) close(0x3) 16.308031529s ago: executing program 1 (id=2974): recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[], &(0x7f0000000000)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r2}, 0x10) r3 = bpf$ITER_CREATE(0xb, 0x0, 0x0) close(r3) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$MAP_GET_NEXT_KEY(0x22, 0x0, 0x0) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r0}, 0x10) r5 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r4}, 0x8) close(r5) 12.940036435s ago: executing program 1 (id=2996): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'geneve1\x00'}) sendmsg$nl_route_sched(r1, 0x0, 0x0) sendmsg$NFC_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="010528bdb20c0000df251d000000"], 0x14}, 0x1, 0x0, 0x0, 0x4004005}, 0x8000) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 9.888167029s ago: executing program 1 (id=3014): r0 = socket$nl_crypto(0x10, 0x3, 0x15) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000006c0)) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x8}, 0x48) close(r1) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f00000048c0)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001d00)=""/1, 0x1}], 0x1}, 0xc}], 0x1, 0x10002, 0x0) 8.681387885s ago: executing program 0 (id=3021): syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000751c0110e60f00989ad1010203010902"], 0x0) io_uring_setup(0x5be0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000001e40)=ANY=[@ANYBLOB="0b00000005000000020000000200000005"], 0x48) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000240), &(0x7f00000003c0)=r5}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r1, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x15, &(0x7f00000001c0)=ANY=[], 0x0) 8.668148462s ago: executing program 4 (id=3022): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="0200000004000000060000000500"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) shutdown(0xffffffffffffffff, 0x1) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket(0x840000000002, 0x3, 0xff) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001440)={0x94, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x2d, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @val={0x25, 0x3, {0x0, 0xb8}}, @void, @void, @void, @void, @void, @void}}, @NL80211_ATTR_BEACON_TAIL={0xa, 0xf, [@chsw_timing={0x68, 0x4, {0x1, 0x9}}]}], @crypto_settings=[@NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x201}, @NL80211_ATTR_CONTROL_PORT_NO_PREAUTH={0x4}, @NL80211_ATTR_AKM_SUITES={0x20, 0x4c, [0xfac05, 0x10f423, 0x0, 0xfac13, 0xfac10, 0xfac0d, 0xfac11]}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x94}}, 0x0) 7.645202743s ago: executing program 4 (id=3028): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_mr_cache\x00') r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r1) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) ptrace(0x10, r1) ptrace$peeksig(0x4209, r1, &(0x7f0000000080), 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) writev(r2, 0x0, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000005c00)="2700000014000707030e0000120f0a0011000100f5fe", 0x16) read$char_usb(r0, &(0x7f00000003c0)=""/241, 0xf1) syz_usbip_server_init(0x3) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) r3 = socket(0x2b, 0x1, 0x1) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e1f, 0x2, @local, 0x1}, 0x1c) 6.39213659s ago: executing program 1 (id=3031): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) sendmmsg$sock(r0, &(0x7f0000000740), 0x0, 0x0) 6.208115069s ago: executing program 5 (id=3034): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) r4 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) 5.375452656s ago: executing program 5 (id=3036): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r3], 0x3c}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800e0001006970366772657461700000001800028014000700fc00000000000000000000000000000008000a00", @ANYRES32=r6], 0x54}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="20000000110001002dbd7000f9dbdf2500000000", @ANYRES32=r6], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 5.273419583s ago: executing program 0 (id=3038): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101}) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x40}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x9, 0x2, {0x0, 0x0, 0x0, r2, {0x0, 0xffff}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0xc, 0x5}}]}}]}, 0x48}}, 0x0) 5.241318328s ago: executing program 5 (id=3039): socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, 0x0, 0x4001) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000280)=0x3) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) 5.201120955s ago: executing program 4 (id=3040): socket(0x10, 0x3, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_create1(0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x43, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x40001e0, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x60, 0x0, &(0x7f0000000500)=[@release={0x40046306, 0x2}, @reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48, 0x18, &(0x7f00000005c0)={@flat=@handle={0x73682a85, 0x10a, 0x1}, @flat=@handle={0x73682a85, 0x200b, 0x1}, @flat=@binder={0x73622a85, 0x101, 0x1}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}, 0x400}, @release={0x40046306, 0x2}, @register_looper], 0x0, 0x0, 0x0}) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000a80)={{0x2, 0x0, @empty}, {0x0, @link_local}, 0x4a, {}, 'lo\x00'}) 4.049580608s ago: executing program 4 (id=3043): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'bond0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000200)={'batadv0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000ec0)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x21}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE1={0x8, 0x1, r2}, @IFLA_HSR_SLAVE2={0x8, 0x2, r3}, @IFLA_HSR_PROTOCOL={0x5, 0x7, 0x1}]}}}]}, 0x48}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a0000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc0800034000000130400000000c0a01010000000000000000f4ff29227fc1020073797a31000000000900010073797a310000000014000380100000800c00018006000100d1030000140000001100010000000000000000000100000a"], 0xac}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) recvfrom(r5, 0x0, 0x0, 0x2120, 0x0, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) unshare(0x28000600) close(0x3) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000001c0)={0x1, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYRESHEX=r2, @ANYRES32=r6, @ANYBLOB="0000000000000000f7080400000000007b8af8ff00cfc3958649cfbc1e624adc000000bfa200000000002007020000f8ffff5477e8f26b2b2a92b2a5a56eeff924ff33a5523878950016b70400000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$NFT_MSG_GETSETELEM(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x2c, 0xd, 0xa, 0x301, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)={0x60, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private}}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x0}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x60}}, 0x0) ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD(r8, 0x8982, &(0x7f0000000100)={0x7, 'vlan0\x00', {0xd6}}) r10 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000040)={'lo\x00'}) listen(0xffffffffffffffff, 0x27f8) accept4$x25(0xffffffffffffffff, 0x0, 0x0, 0x80800) 3.829590717s ago: executing program 3 (id=3044): socket$packet(0x11, 0xa, 0x300) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x11}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x12}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x78}, 0x1, 0x0, 0x0, 0x840}, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3a}}}, 0x1c) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4001c00) 3.676571494s ago: executing program 0 (id=3045): r0 = socket(0x2b, 0x1, 0x1) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000180)={@loopback, 0x8000000, 0x0, 0xff, 0x1}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000780)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000180)={@mcast1, 0x8000000, 0x0, 0xff, 0x0, 0x4}, 0x20) 3.519960021s ago: executing program 3 (id=3046): r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x6, 0x1, 0x1}, 0x1c) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1fd, 0x1, 0x1}, 0x1c) recvmsg$unix(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20) sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, 0x0, 0x0) r3 = socket$kcm(0x2, 0x3, 0x84) sendmsg$inet(r3, &(0x7f0000000100)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000000580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @loopback}}}], 0x20}, 0x0) setsockopt$sock_int(r1, 0x1, 0x21, &(0x7f0000000540)=0x5, 0x4) recvmsg$unix(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20) socket$xdp(0x2c, 0x3, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x9200000000000000) sendmsg$nl_netfilter(r4, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000280)={&(0x7f0000000580)={0x1390, 0x6, 0x8, 0x5, 0x70bd2a, 0x25dfdbfe, {0x3, 0x0, 0x6}, [@generic, @generic="1352aee34be766f7980bc8b916963fc759aab486f342cab4bba4ddc8ff0ef9ec5f580a94d4da67a36ececeabf4f46d4e0b1ad45adac5689df7453efc99f31f888a9519d675d5ff2281459682", @generic="c389073a149baa70044247960d79452acc2e40d4878727ffd1098f2f2931108f3d9c6e19a0d4781c1ffbbc5db61a974b398e9204164acddadc551e09c7ab29af9fd6a7e936b00b6692a61a5af678078dbc6ec20a586b1b51047c309f3e2344d719b1ee249440e0e558f4161591dc9cba5a2770da6b29fe1b92c56bcc", @typed={0x8, 0x73, 0x0, 0x0, @fd=r4}, @generic="1a0c4be833fb4bd18a7b896708067744c3799a0fd619b8fb5582f3f66a643a4fedd5fe3d13e27b501249a6697b537f9bde1b8f29f78dceec3980d05261868aec6ea98210234070e4ef775080b69ad83b0398532fe368eaf90bcf12076c486d5bb1c1e354def2b8a5814da61f882c18f60a3a2275db78dba81c3ecb06aec966d383e606a0e691e605d6d10a8991a119cab711461ddc108d7be764d14dd591ef2c8191a578c249c6938a04e8b735c42d2561ad358c269f6258f8f2e349a1a8e34e446f2531c29e95c67803b9ebb6132f33ddfcf95d78e055cc6e103514d83254b80f4137bef6ee56b32c036bdca2b35add96870940e583767d2fdd111b3d40b10654cb3e2d3fcc3065d89e3c80ea7b53fc203ae3b4ce46211a3ed261eae1259fe8e2cbbdaa3c40aaafb8d217c92b7c80f6e2588146d3012990b066e2b6f4b7cf85b36ce9d1da010c951eaf442c5b811b813a5a11006a2c257d9be729bfb113ef7598db644b13381a0640abd9c72430b4a2f0fecb58ad78102469070ec9459b2e505d65976f882e27bef304a4c39fba9120ea1926cef990456cf8189cbf44367ee2cac60a327d341a224fc1cc74bba45f9a2175fef384dd1d206e4f6c85ae7a0229bf54cdbd16bcb939cecdf205cbe63e6554fbebe8bac9d9a9622273bd2efda93dad2326c68cb9b5dc539510071e68627ee920d0745a6507f788a5208ad85f1111f72dd243ce78888cc7fcb8ed705b4979b17d7bde04e7b56615e305ce2604d54a7427c89f2291507a855a24666711c4de0c26a2d65c2a643fef99b870bd429111d37f13db6d43db95b9af82747c5f831ba6a22249a505f508802cd41ed04757358d854345fcb5feaff9254f32c62957b2ee33eb3b64cb34708933a1432c5f80a177ee3cdf3a28c9236e10718a1cc5370d6cec8f8ffc571b613fc456054a29a700c96c29490e697435e3499953591c71827b1ef5ee9b672d26f261c938bc29ff115b05cadde63c839f6e156ff5b2c7710c64e1c9a936f264d67799d4a1cf31bac24c5b9bd279a0cfaf7b6cab045e48c8614ef34003d61a349c4124e3e6980d95e30f8f9893be21f892fc715c554f058572bf2cb9f8e331d0807fab46599653a98ee9d7af3d7c99ad2d69cfcfbce15638b3466e85417f785dbf8bba6efd99bbcad41f43e599c4b2de91425b765b24171f2899dcbff85fe4c10a73cacabfb52e66d8e6e5d06216d56acda7bcacbe9924447870713a118b1ecf3c825b10305866123a7dacdd277b0e7bed42a1fccdc0ac5662faf8340fe064b97a8a51c76641ec4bea7955be699008ed391184f1b28765abe15bdb6d947633e7101d0d094a6648920a5ee0690926b66e6ed1cc29ee6871cbf00f275d7856f761eca77cdeb591e018ce71fc5052d85db157da1c5c745b6052a5db72299563bf0dc7c8182bf03bdd2a92275926be38f13d845e0e999f8bf8a8b6590d821c70db4167e169f70bd0512f45c68de9d0b49c6a9e4e71b01140d5b9fe8ad4bf690756431050dc8cfdb98a93e5d66c3412fa3454b0559cc28d65fc3ab4f5f0b840feccaa663763e64fba352916556b1f8e70e87089072bb83b1affa7185661c4d449cb3b80b1ad8ad3c26f6eb8a039105ca2dc985596a7c277421d441e6120823951e04e6a87fa12b90f52be2ae20ed4a253bcf9722a0cc543c6c507f28d9b9f636f86116d65e5a2c1fade9b39679e21694a74e3e1356c40cf74bdfb803d491bced45b26f8a1720f554de81242de4b0697a11f1bcffd1906fb7ac8ee84bb008b4da9f3bff11b3122a69d03611c1205bc37ffd7f5f111616b850dac60a6b01d47c22566172fe6274656c88a0903bb24eb6959f37baf7c515ea9d3425d942690361fc21872e23823127f43fa97065925a7390ad605be7dfce1eb4581ece1d917700b2c2ed196d538835b9bfae049438e837661f75ea6d794b9355440a7e9420f6303c04169ef344d854e8fc48d90ef059f416df7f9a54f80696c29fb22b527257a90d4ff9b241005a45b330df2636246b947ec307290c6fd5636d12f7a5707a207338615c76c3df4cc7b712c9deed75dfdb539d953b92a11a33ce63e560caaa1afac871ab1663d459d983586f8792c1b7097dc4f48699a9e40d002a44b0d3b125be7fb5a99a521c47f48e7c6b267da796a1c56972cd0750de4a90c49e4bcf77f9a336be6e813fe1aacd2ce9fb7be861a266d7894d4e9fb0f15aec7947a192b199c4160bbe0222c5b06ef8aeb10cf9077e20e7d74704dff94976ee095a0737982bb0af9179eced7a8ec1dc97014133affd5a8fd69b32fa46fd70e5343b13a56c6abf352a25e400fcea08a8784856e762cdf189f2bdfb861e55ec52348c31865af6ea797b0074a82dc7d23f7bde1f9225c3874c529b0f1c0d2930a586dc1e7531a86b7149697aaf4ac4c106cfb46cfc22730771cf79ece98f530e77a1944f34f9c314781755a0466b4e566ab55f6f745bbfd5189206f480dffbde0b57aa45999af55c2782bbad064ac584f22c0ce2d1b0fb4aea3f5ccc3b2e608460defb83f0379ddd9a2670491b618cfde88a7824b5a19e9e4a84fc81e7f3fea2090ca20f407a2e8fbc99e8c765b0b656397dad6596531b13d607c8bde3b335680b77870cbd01bc48c013c658c7e213b357142b1b27836babae2ef08b02f432ef9ca2916c53082c1fb0e15999957ebc5a0995d476d5e422f04e7cd52db916d7873cce518acfeac4ba231110d17db7365a2c0ba4f1c3d0de9797d9c6f844664c7c3a5e39fba10926764a396c08629442e2f0538b60475d791e7ae733d6f3eade2a15114e489df262af1b985e7d31c1d44bfab08aa33f8efdd9f3e7b1aa984d0200f62ce0a1e1cbf4bd25124447f4eb25bf0eda8de079f52f741f2eabb81cebae32a7f9c18d6cf22433bc36b620ab87e627972abdd909d002f17b3f6212ea35a54b51cdfb32ded09c571ff59b605641dd81fa688434d0f7839c54b120726149bdb6708e2e7126bc018ad97fa21aca2bb7b3d466adf4a453b381a232e0dda9963cb487e55fea932126926a1ca0207cbdb16fc9981e79ddf57f03a8fe2fe95a86d998c3414777286fb8390c0c8f07e36975d025fdcb4a924e1bbc816a15f0cac73e14637602dc89ff917e2901c6a472d32819033b9f6dabae63a65ce56c565f501528172b6720dcb20cbe38a0cb44c3edf376926d7825ab5be3ec91c983d48b87be268086f200fe36796745045c59d8502f317cc43c72c7a553410fc02160552e1bdb35eae8f3122260a0bd88a94b02d1bcb4f25c56cdafd009a5f32623afa00e865dc92b79f2d2ccf47b18c0dfa87e389c1000a13d6f8e8ea5b4f916ea1c40521fd8e994be1ddfc653ab1f006e26cd36debfd28d6100322206fbca264bed493aa02892cffaae2c42315db8228c0c4f2684153f001a158c21bf7117669e88247b5fca6c7b976ef3fc852b9d81c585aa10ed030660b6ddca43838e40d4ba72cb28c18157acfa884c5e96dbd057b2ede2ee8a85388e912a6fe5ab3f9d299cd9a8b5b2c4cba4a7e275c7ce1487a68ef1c50bba2ecdfba24d14ffb25b3b1dde745bab652034e3f84810700606fdb29b019bb1e1da223578b5e1ccce01410c0ca0b014dc698fa6bfed8bee2b9d7a6bc893f4a8010c2eb14b30509b30eb87f15f9d35d0fbc1c630a4e4b0127f153e41935561745a811e53deb971c096e862ca7b77f57049823cf1531f3b833bdad73d6edf0766012ea3677538130f4a62d9cac87b026b7976b9a40ace025655c3328056f7752f5247535098f47e3f33ac8d1a356631e471e5d33a42e8e62888cf66b2c6f4d9f1fd4a22f0a068667798d9dcbe0436df67c76d8124e1dd99dbde5d0de2ef749e72dc95f805a1aedc0fd0490eb1355c741fa3027a8869245b9688154c4d4a19876a158c5cda1e75e7e4cb6702b78fd9889ea48d600562dabccd38be67ba15c1edd17b9b2df02e8a862c3c977113a365c8c9d64540351202b5734ae71317b07f73e83def952f146b8bef947882e6c217e419c0283795e227e26d49798c5336237b29479e3f4e664040940f10dec2261eed2faadb080054cceffb37dbfcbf2453c824b1c64679642ab48ec43b9af89dc40d134137099c5a975a73a007fb7315cb4cbf107bc30061baae0c0c48e9562ff6f5fb7d2b72cd437bc172ba4c7d6cb2b3aede0482971099d1679bdd71e650df1746e9dad6eee10e803eba12b7ea3ae4d17dae17a9eaf23513ffa0d7a88359d038af4eab7f65e2a3dde10d5d886b8abd74830824e20284adf5560b179f7bead56e84d7247207e43902626d1058f8d83d29ea65a1aafe16d33d2e304b7993123cd0eaaf62d34828887ad91cf80cff23f18654535f0ed3d16f71f850a2e810bfe1692536acf9844d118a234a041c1f01e89723ae389e13e9d2f71794c874876ad791cee0598c72278686c056ab0cd379c3b1d0def9cd0070c63699ae0c78e7f96fe468948e417d0656f008d01c4ea7638c926c0e2f6ff854dcbb228b5f37f95b004b9c4880e6bc67f521dd2d213a9a7cbb816b407c9b7f4186c53c585b1d16e8d4b833e8504173ea2fc5549376b4bf453fd67d48188e3e6419218f791cec72a2b5f73ce714d15df5c0377a55640a28da414557f195fed00ee7220d14b9da92a0f0ff6904ee081c557d941ddeda7e5242dfaf6072215762b85c9f8a0b46fd16fd0f0c81b1c332dfdff47d18fc8d596c8286db53c7455ad8e9c7547ab96606ce248075a60755c9974d05bb187065ff255ad968c34ac2f9d3a2b3097eeea116d39eeb7135c82ba89386b49fc44053203e9d2cb5634a7b778ca0b20ca2fcee2c1076ef9c7ba7244a0212837bb9d4952f80a878d3cca68423608161d2efad48af35798b70bc3c266705da7cbf187c04eb8b3f7e8b74e3e6c02522b835b5dc3e000cb09ba8a1162b849bc41e66b0643457dc3b3cacdce5ae96bae804e44428df01ad5d193cf9ce8f121a890b63a53f81186f987df2b65d52e7d1bfb07e3376ae4d6048c14740d51d08bc137aa894b761274755649fcd6d877518a626d52ffb50b0df215a26993b49003871389b499cb321280bce7caaa96bbe3504f3f41de0a500a33cbb3619ff46bb4d7cb7b861d841d1818ba9137dcae9685e45325bc6201fe1d9fac95e4ff7bccaee1cb525668f4799ef00c8c5d6e77319cf76c3e2c01fc9e6326b7e1754d61db3a0052b9b29ab09ed50120d33efdab5f82b61947bdc6ccca5ef7201ae1a79a00860821b852ce3c967a11e00af2ef4ca4a40e8d19453d0e08c5652c14d6bce6058f7bba9789c60d90179c0627c77aad32bf5520aa814cced1c413c1fa5415b271bad11e81dc46067867539ff753b193e7766e7443dff04677a637fd40a4b37441f5fd6e18d9b64b138ca1bda3c97bd609c5a42d8b700ffc478101c0d98882daf0b6f487b7b7896a010060ef7d76ea1c9777451a2c814668935d3ddf30b63cf7ab9b4053c6e4971eacddaf4720337bfee16ba34aec4dd1ba2e472828b12186bd305bdcbd9403a90ae6234b9aa39d0614f2f734abc3f20ad7c6e96ee1d5a87aa1a42f9c3e3dcdf4d692668c936c1deaa20f6ad7759a6449fa1d811d087a34b35a44d35311cacec425be200b8ead4e8ed7383bb238b8a73cdfa9cf68c8f36774aad5dd1057895e4b6f11f2973083497d745ecf9a9c84c757a9cf988595cee139be4e54e78ddc48ca9fc7dc4ca1fdc5bc58e97ad0ee4c7cb1d0facfff0babba161803451d3a65ca9f3efe2b9e1fb58fe22077932081c976", @generic="df965b48b42b3420c5068a9991b3547a0a34cb8da7e36c469f3742cbf9447a85d6d1f3be195edc3d4007fc547f7958ee8ce41d0a958c6a75c7964737fd4f7cf4b06ac3bb2d854b8aa2a34d", @generic="e42fa39d722488fafe0fbbbd4a1093b9b517d838ed03375197187a0bbd605dbe3dea46a656ac803e3584f57edb7f1bd744e1c53140f50b115557e73552fcb7e96613353caf3f57e24adf292678cd2dcfc2435ecda172adca5b851906048f219cb67d9adcf52661dea646cc494e838a5ae9d337a978a6d0ab59ae5e22534f1f78f67ed0b959d3cb8d9841046e2f4aa21495fdbefd6682a460bddef19b89411ab8474a0caf0afe9a06babc11d2377fa3d8a8036457b2f67176e8aff24db80a90832dad", @nested={0x119, 0x81, 0x0, 0x1, [@typed={0xc, 0x7e, 0x0, 0x0, @u64=0x1}, @generic="d876c94770ac4652acb44adb44c6f1fe268a25c2be0acd5f7335af20ed496209966e0d8d37048e102ed02ebde3340a65306477faa762ebb4034275019afebab677c8b564ee53e90e5d94373ea7c5519a2826d70ce877ead0c44945c0173a8422910c5273700af2c1fa31219fce7217ad3b5eedd1c61512a6bce6bb7c7737b5e58ef8703e79c1bc53b9c5caf799f963a0ec7bb19da00382d6e20b861c7861ec5060cb16969073bac386d4bcb8981a95779cd8338d8725d26b941638fd0ec8d3b5084dabb5107b98f8902a54317ef96117b3d4a3717244dc97cd695c95cb13ea9a9b", @typed={0x8, 0x109, 0x0, 0x0, @u32=0xfffffff8}, @nested={0x4, 0xfa}, @typed={0x8, 0xed, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}}, @typed={0x14, 0x112, 0x0, 0x0, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}}]}, @nested={0x7d, 0x24, 0x0, 0x1, [@typed={0x8, 0xa8, 0x0, 0x0, @u32=0x886}, @typed={0xb, 0xc7, 0x0, 0x0, @str='&#--,\'\x00'}, @generic="081c3ddf5f352c7da8feda68a309ef7765b161e7172c6e8c729dc5a399e2ff8487ccc2659306e98d6e17d11fc2a82ad8b6792810d908904df0e3c657d4e0eafb7a1e37cb96b5cced07710dd01e4f0fa9c6a74cc1997fa2dc78dfd3bed5", @typed={0x4, 0x79}, @nested={0x4, 0x3}]}]}, 0x1390}}, 0x10000000) close(0x4) 2.704709723s ago: executing program 4 (id=3047): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)}, {&(0x7f00000001c0)="66f7", 0x2}, {&(0x7f0000000300)='l3', 0x2}], 0x3}], 0x1, 0x0) 2.672072754s ago: executing program 0 (id=3048): syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000751c0110e60f00989ad1010203010902"], 0x0) io_uring_setup(0x5be0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000001e40)=ANY=[@ANYBLOB="0b00000005000000020000000200000005"], 0x48) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000240), &(0x7f00000003c0)=r5}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r1, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x15, &(0x7f00000001c0)=ANY=[], 0x0) 2.60007568s ago: executing program 1 (id=3049): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r3], 0x3c}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800e0001006970366772657461700000001800028014000700fc00000000000000000000000000000008000a00", @ANYRES32=r6], 0x54}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="20000000110001002dbd7000f9dbdf2500000000", @ANYRES32=r6], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 2.483923184s ago: executing program 4 (id=3050): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_mr_cache\x00') r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r1) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) ptrace(0x10, r1) ptrace$peeksig(0x4209, r1, &(0x7f0000000080), 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) writev(r2, 0x0, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000005c00)="2700000014000707030e0000120f0a0011000100f5fe", 0x16) read$char_usb(r0, &(0x7f00000003c0)=""/241, 0xf1) syz_usbip_server_init(0x3) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) r3 = socket(0x2b, 0x1, 0x1) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e1f, 0x2, @local, 0x1}, 0x1c) 2.211206625s ago: executing program 5 (id=3051): bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x6, 0x4, &(0x7f00000005c0)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) 2.074612945s ago: executing program 3 (id=3052): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000fdffffee00002c"], 0x0, 0x1000, 0x0, 0x0, 0x0, 0x2}, 0x94) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000001c0001000000000004086aa42d"], 0x30}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) socket(0x10, 0x3, 0x0) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000300)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c00", @ANYRES16=r2, @ANYBLOB, @ANYRES32=r3], 0x1c}}, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write(r4, &(0x7f0000000080)="29000300010003", 0x7) 2.037972121s ago: executing program 5 (id=3053): socket(0x10, 0x3, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_create1(0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x43, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x40001e0, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x60, 0x0, &(0x7f0000000500)=[@release={0x40046306, 0x2}, @reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48, 0x18, &(0x7f00000005c0)={@flat=@handle={0x73682a85, 0x10a, 0x1}, @flat=@handle={0x73682a85, 0x200b, 0x1}, @flat=@binder={0x73622a85, 0x101, 0x1}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}, 0x400}, @release={0x40046306, 0x2}, @register_looper], 0x0, 0x0, 0x0}) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000a80)={{0x2, 0x0, @empty}, {0x0, @link_local}, 0x4a, {}, 'lo\x00'}) 1.296210779s ago: executing program 3 (id=3054): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x12, &(0x7f00000003c0)=ANY=[@ANYRESHEX=r0, @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) fspick(0xffffffffffffff9c, &(0x7f00000000c0)='./file0/file1\x00', 0x1) getresuid(&(0x7f0000000100), &(0x7f0000000140), &(0x7f00000002c0)) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94) socket$inet6(0xa, 0x802, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x5, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000005c0)='sched_switch\x00', r1}, 0x18) prlimit64(0x0, 0xe, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) r4 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$ARPT_SO_GET_REVISION_TARGET(r4, 0x0, 0x63, &(0x7f0000000040)={'ipvs\x00'}, &(0x7f0000000000)=0x1e) acct(&(0x7f0000000240)='./file0/file1\x00') write$FUSE_INIT(r0, &(0x7f0000000440)={0x50, 0x0, 0x0, {0x7, 0x29, 0x80000, 0x104032, 0x2, 0x2, 0xfffffffd, 0xffffdffc, 0x0, 0x0, 0x0, 0x7ffbffff}}, 0x50) 1.00240043s ago: executing program 5 (id=3055): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) close(r0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x18, 0x6, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffffff}, [@jmp={0x5, 0x0, 0x849aee721dcc84be, 0x0, 0x0, 0x2}, @jmp={0x5, 0x0, 0xc, 0x0, 0x0, 0xfffffffffffffffc}, @jmp={0x5, 0x0, 0x8, 0x0, 0x0, 0xfffffffffffffffe, 0xd1}]}, &(0x7f00000000c0)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x10, 0x4, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1, 0x0, 0xd}, 0x18) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c0260000410007010000000007000000017c"], 0x26c0}}, 0x4010) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz0\x00', 0x200002, 0x0) mkdirat$cgroup(r4, &(0x7f0000000280)='syz1\x00', 0x1ff) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000004c0)={0x68, 0x2, 0x6, 0x5, 0x0, 0x0, {0x7}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xffff}]}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x2}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x9}, @IPSET_ATTR_CIDR={0x5, 0x3, 0xc}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x2}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x3}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x68}, 0x1, 0x0, 0x0, 0x810}, 0x20004000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='virtio_transport_alloc_pkt\x00', r0}, 0x18) r5 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r5, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) 168.195464ms ago: executing program 3 (id=3056): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)={0x60, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private}}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x0}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x60}}, 0x0) 158.688367ms ago: executing program 0 (id=3057): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000e80)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd7000fbdbdf2501000000080001000000000008000200020000003400048005"], 0x58}}, 0x0) 68.817926ms ago: executing program 0 (id=3058): r0 = socket(0x2b, 0x1, 0x1) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000180)={@loopback, 0x8000000, 0x0, 0xff, 0x1}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000780)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000180)={@mcast1, 0x8000000, 0x0, 0xff, 0x0, 0x4}, 0x20) 0s ago: executing program 3 (id=3059): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x33, 0x0, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000000600)=[{{0x0, 0x0, &(0x7f0000000780), 0x0, &(0x7f0000000580)=""/70, 0x46}}], 0x1, 0x20, 0x0) setsockopt$inet6_int(r0, 0x29, 0x42, &(0x7f0000000100)=0x2, 0x4) r1 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) kernel console output (not intermixed with test programs): high-speed USB device number 13 using dummy_hcd [ 481.233948][ C1] vkms_vblank_simulate: vblank timer overrun [ 481.367161][ T5810] usb 5-1: Using ep0 maxpacket: 16 [ 482.169411][ T5956] vhci_hcd: vhci_device speed not set [ 482.214433][ T5810] usb 5-1: config 0 has no interfaces? [ 482.224015][ T5810] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 482.224042][ T5810] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 482.224060][ T5810] usb 5-1: Product: syz [ 482.224073][ T5810] usb 5-1: Manufacturer: syz [ 482.224086][ T5810] usb 5-1: SerialNumber: syz [ 482.269952][ T5810] usb 5-1: config 0 descriptor?? [ 482.694464][ T61] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 483.486629][ T5810] usb 5-1: USB disconnect, device number 13 [ 485.489190][ T9827] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1316'. [ 490.602670][ T61] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 493.110591][ T9885] team_slave_0: entered promiscuous mode [ 493.110649][ T9885] team_slave_1: entered promiscuous mode [ 493.111155][ T9885] vlan2: entered promiscuous mode [ 493.111170][ T9885] team0: entered promiscuous mode [ 501.452200][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.452248][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.959070][ T5879] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 502.223720][ T5879] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 502.223750][ T5879] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 502.223769][ T5879] usb 1-1: Product: syz [ 502.223782][ T5879] usb 1-1: Manufacturer: syz [ 502.223795][ T5879] usb 1-1: SerialNumber: syz [ 502.230732][ T5879] usb 1-1: config 0 descriptor?? [ 504.065630][ T5879] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 505.813401][ T5879] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 506.128039][ T5879] usb 1-1: USB disconnect, device number 4 [ 506.376477][ T5892] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 506.526373][ T5892] usb 5-1: Using ep0 maxpacket: 32 [ 506.529208][ T5892] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 506.532425][ T5892] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 506.532451][ T5892] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 506.532470][ T5892] usb 5-1: Product: syz [ 506.532483][ T5892] usb 5-1: Manufacturer: syz [ 506.532497][ T5892] usb 5-1: SerialNumber: syz [ 506.552088][ T5892] usb 5-1: config 0 descriptor?? [ 506.554575][ T9983] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 506.568548][ T5892] hub 5-1:0.0: bad descriptor, ignoring hub [ 506.568590][ T5892] hub 5-1:0.0: probe with driver hub failed with error -5 [ 507.139299][T10000] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1376'. [ 507.148703][ T5892] usb 5-1: USB disconnect, device number 14 [ 508.989220][ T5956] usb 5-1: new full-speed USB device number 15 using dummy_hcd [ 509.652347][ T5956] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 509.652376][ T5956] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 509.652395][ T5956] usb 5-1: Product: syz [ 509.652408][ T5956] usb 5-1: Manufacturer: syz [ 509.652421][ T5956] usb 5-1: SerialNumber: syz [ 509.718418][ T5956] usb 5-1: config 0 descriptor?? [ 509.938620][ T5956] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 510.898084][ T5956] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 511.426458][ T5956] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 512.386351][ T5956] usb 1-1: Using ep0 maxpacket: 16 [ 512.389164][ T5956] usb 1-1: config 0 has no interfaces? [ 512.392321][ T5956] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 512.392347][ T5956] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 512.392368][ T5956] usb 1-1: Product: syz [ 512.392433][ T5956] usb 1-1: Manufacturer: syz [ 512.392447][ T5956] usb 1-1: SerialNumber: syz [ 512.488686][ T5956] usb 1-1: config 0 descriptor?? [ 512.537071][ T5956] usb 5-1: USB disconnect, device number 15 [ 512.872749][ T44] usb 1-1: USB disconnect, device number 5 [ 515.098033][T10084] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1405'. [ 515.375400][ T37] audit: type=1326 audit(1760505687.086:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10092 comm="syz.0.1408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f754b8eeec9 code=0x7ffc0000 [ 515.375550][ T37] audit: type=1326 audit(1760505687.086:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10092 comm="syz.0.1408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f754b8eeec9 code=0x7ffc0000 [ 515.416744][ T37] audit: type=1326 audit(1760505687.136:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10092 comm="syz.0.1408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f754b8eeec9 code=0x7ffc0000 [ 515.425324][ T37] audit: type=1326 audit(1760505687.136:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10092 comm="syz.0.1408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f754b8eeec9 code=0x7ffc0000 [ 515.425375][ T37] audit: type=1326 audit(1760505687.136:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10092 comm="syz.0.1408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f754b8eeec9 code=0x7ffc0000 [ 515.425416][ T37] audit: type=1326 audit(1760505687.136:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10092 comm="syz.0.1408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f754b8eeec9 code=0x7ffc0000 [ 515.425456][ T37] audit: type=1326 audit(1760505687.136:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10092 comm="syz.0.1408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f754b8eeec9 code=0x7ffc0000 [ 515.425503][ T37] audit: type=1326 audit(1760505687.136:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10092 comm="syz.0.1408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f754b8eeec9 code=0x7ffc0000 [ 515.426415][ T37] audit: type=1326 audit(1760505687.136:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10092 comm="syz.0.1408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f754b8eeec9 code=0x7ffc0000 [ 515.426778][ T37] audit: type=1326 audit(1760505687.146:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10092 comm="syz.0.1408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f754b8eeec9 code=0x7ffc0000 [ 524.376430][ T5879] usb 3-1: new full-speed USB device number 9 using dummy_hcd [ 524.532086][ T5879] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 524.532116][ T5879] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 524.532134][ T5879] usb 3-1: Product: syz [ 524.532148][ T5879] usb 3-1: Manufacturer: syz [ 524.532161][ T5879] usb 3-1: SerialNumber: syz [ 524.547892][ T5879] usb 3-1: config 0 descriptor?? [ 524.763660][ T5879] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 525.214707][ T61] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 526.188299][ T5879] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 527.928949][ T5892] usb 3-1: USB disconnect, device number 9 [ 532.320214][T10222] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 532.547684][T10224] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1449'. [ 532.548432][T10224] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1449'. [ 532.996987][ T5892] usb 5-1: new full-speed USB device number 16 using dummy_hcd [ 534.124747][ T5892] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 534.124805][ T5892] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 534.124824][ T5892] usb 5-1: Product: syz [ 534.124837][ T5892] usb 5-1: Manufacturer: syz [ 534.124850][ T5892] usb 5-1: SerialNumber: syz [ 534.135169][ T5892] usb 5-1: config 0 descriptor?? [ 534.380389][ T5892] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 536.186972][ T5892] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 536.207983][ T5892] usb 5-1: USB disconnect, device number 16 [ 539.263173][T10285] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 540.448485][ T61] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 540.668111][T10293] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1468'. [ 540.669114][T10293] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1468'. [ 541.616489][ T5879] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 541.896845][ T5879] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 541.896875][ T5879] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 541.896887][ T5879] usb 4-1: Product: syz [ 541.896895][ T5879] usb 4-1: Manufacturer: syz [ 541.896902][ T5879] usb 4-1: SerialNumber: syz [ 542.338500][ T5879] usb 4-1: config 0 descriptor?? [ 543.843149][ T5879] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 544.799745][ T5879] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 546.497429][ T61] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 546.785824][ T5892] usb 4-1: USB disconnect, device number 11 [ 551.237223][ T61] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 554.963335][T10393] netlink: 1296 bytes leftover after parsing attributes in process `syz.2.1500'. [ 555.114479][ C1] vkms_vblank_simulate: vblank timer overrun [ 555.177334][ C1] vkms_vblank_simulate: vblank timer overrun [ 555.364086][ C1] vkms_vblank_simulate: vblank timer overrun [ 555.612546][ C1] vkms_vblank_simulate: vblank timer overrun [ 555.770390][T10398] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1502'. [ 555.901826][T10400] syz.3.1503 uses obsolete (PF_INET,SOCK_PACKET) [ 555.972248][ C1] vkms_vblank_simulate: vblank timer overrun [ 556.168084][ C1] vkms_vblank_simulate: vblank timer overrun [ 558.313650][ C1] vkms_vblank_simulate: vblank timer overrun [ 558.841394][ C1] vkms_vblank_simulate: vblank timer overrun [ 559.124137][ C1] vkms_vblank_simulate: vblank timer overrun [ 560.056553][ C1] vkms_vblank_simulate: vblank timer overrun [ 560.066005][ T61] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 560.856521][ T5879] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 560.969728][T10430] netlink: 1296 bytes leftover after parsing attributes in process `syz.4.1512'. [ 561.782432][ T5879] usb 1-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 561.782462][ T5879] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 561.798751][ T5879] usb 1-1: config 0 descriptor?? [ 561.830069][ T5879] gspca_main: spca508-2.14.0 probing 8086:0110 [ 562.009670][ T5879] gspca_spca508: reg_read err -32 [ 562.010324][ T5879] gspca_spca508: reg_read err -32 [ 562.010960][ T5879] gspca_spca508: reg_read err -32 [ 562.212223][ T5879] gspca_spca508: reg_read err -71 [ 562.212650][ T5879] gspca_spca508: reg write: error -71 [ 562.212738][ T5879] spca508 1-1:0.0: probe with driver spca508 failed with error -71 [ 562.214785][ T5879] usb 1-1: USB disconnect, device number 6 [ 562.974820][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.974892][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 565.049065][T10453] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1518'. [ 565.346389][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 565.346413][ C1] vcan0: j1939_xtp_rx_dat: no rx connection found [ 566.603066][T10466] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1524'. [ 566.731058][T10468] netlink: 1296 bytes leftover after parsing attributes in process `syz.2.1523'. [ 567.883565][ C0] vkms_vblank_simulate: vblank timer overrun [ 568.672391][ C0] vkms_vblank_simulate: vblank timer overrun [ 568.896571][T10486] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1525'. [ 569.040070][ C0] vkms_vblank_simulate: vblank timer overrun [ 569.567795][ C0] vkms_vblank_simulate: vblank timer overrun [ 570.309449][ C0] vkms_vblank_simulate: vblank timer overrun [ 572.215320][ C0] vkms_vblank_simulate: vblank timer overrun [ 574.399002][T10529] qnx6: unable to read the first superblock [ 574.479904][T10529] qnx6: unable to read the first superblock [ 574.480040][T10529] qnx6: unable to read the first superblock [ 576.518903][T10537] netlink: 1296 bytes leftover after parsing attributes in process `syz.2.1545'. [ 577.068622][ C0] vkms_vblank_simulate: vblank timer overrun [ 578.114493][ C0] vkms_vblank_simulate: vblank timer overrun [ 578.306414][ C0] vkms_vblank_simulate: vblank timer overrun [ 578.547911][ C0] vkms_vblank_simulate: vblank timer overrun [ 579.527970][ T37] kauditd_printk_skb: 9 callbacks suppressed [ 579.527988][ T37] audit: type=1326 audit(1760505751.236:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10562 comm="syz.4.1553" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f493fb3eec9 code=0x0 [ 579.636432][ T5956] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 580.545396][ C0] vkms_vblank_simulate: vblank timer overrun [ 580.866414][ T5956] usb 3-1: Using ep0 maxpacket: 16 [ 580.872235][ T5956] usb 3-1: config 0 has no interfaces? [ 580.875731][ T5956] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 580.875756][ T5956] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 580.875775][ T5956] usb 3-1: Product: syz [ 580.875788][ T5956] usb 3-1: Manufacturer: syz [ 580.875812][ T5956] usb 3-1: SerialNumber: syz [ 580.927656][ T5956] usb 3-1: config 0 descriptor?? [ 581.174528][ T44] usb 3-1: USB disconnect, device number 10 [ 581.284711][ T61] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 582.108880][ C0] vkms_vblank_simulate: vblank timer overrun [ 582.521204][ C0] vkms_vblank_simulate: vblank timer overrun [ 582.750784][ C0] vkms_vblank_simulate: vblank timer overrun [ 582.826913][ C0] vkms_vblank_simulate: vblank timer overrun [ 582.873939][ C0] vkms_vblank_simulate: vblank timer overrun [ 582.956390][ C0] vkms_vblank_simulate: vblank timer overrun [ 583.112730][ C0] vkms_vblank_simulate: vblank timer overrun [ 584.436391][ C0] vkms_vblank_simulate: vblank timer overrun [ 585.716327][ C0] vkms_vblank_simulate: vblank timer overrun [ 585.752385][T10604] tipc: Enabling of bearer rejected, already enabled [ 585.792114][T10611] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1565'. [ 587.056603][ T61] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 588.569089][T10637] netlink: 1296 bytes leftover after parsing attributes in process `syz.3.1573'. [ 590.837136][T10657] tipc: Enabling of bearer rejected, already enabled [ 597.003779][ T37] audit: type=1326 audit(1760505768.716:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10707 comm="syz.4.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493fb3eec9 code=0x7ffc0000 [ 597.004073][ T37] audit: type=1326 audit(1760505768.716:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10707 comm="syz.4.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493fb3eec9 code=0x7ffc0000 [ 597.004625][ T37] audit: type=1326 audit(1760505768.716:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10707 comm="syz.4.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f493fb3eec9 code=0x7ffc0000 [ 597.012115][ T37] audit: type=1326 audit(1760505768.726:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10707 comm="syz.4.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493fb3eec9 code=0x7ffc0000 [ 597.012878][ T37] audit: type=1326 audit(1760505768.726:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10707 comm="syz.4.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493fb3eec9 code=0x7ffc0000 [ 597.013257][ T37] audit: type=1326 audit(1760505768.726:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10707 comm="syz.4.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f493fb3eec9 code=0x7ffc0000 [ 597.013934][ T37] audit: type=1326 audit(1760505768.726:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10707 comm="syz.4.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493fb3eec9 code=0x7ffc0000 [ 597.014413][ T37] audit: type=1326 audit(1760505768.726:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10707 comm="syz.4.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f493fb3eec9 code=0x7ffc0000 [ 597.015573][ T37] audit: type=1326 audit(1760505768.726:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10707 comm="syz.4.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493fb3eec9 code=0x7ffc0000 [ 597.018920][ T37] audit: type=1326 audit(1760505768.736:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10707 comm="syz.4.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f493fb3eec9 code=0x7ffc0000 [ 597.455232][T10719] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 597.550505][T10722] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1599'. [ 597.551219][T10722] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1599'. [ 601.735972][T10746] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1606'. [ 602.149462][T10752] tipc: Enabling of bearer rejected, already enabled [ 606.097277][T10773] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 606.147066][T10773] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1617'. [ 606.147087][T10773] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1617'. [ 606.178017][T10773] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1617'. [ 611.703849][T10813] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1629'. [ 612.480837][T10822] tipc: Enabling of bearer rejected, already enabled [ 615.988585][T10860] netlink: 1296 bytes leftover after parsing attributes in process `syz.4.1645'. [ 617.096318][ T37] kauditd_printk_skb: 29 callbacks suppressed [ 617.096336][ T37] audit: type=1800 audit(1760505788.576:94): pid=10857 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.1647" name="/" dev="fuse" ino=0 res=0 errno=0 [ 617.864851][ C0] vkms_vblank_simulate: vblank timer overrun [ 618.576076][ C0] vkms_vblank_simulate: vblank timer overrun [ 618.783039][ C0] vkms_vblank_simulate: vblank timer overrun [ 618.815208][ T37] audit: type=1326 audit(1760505790.526:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10880 comm="syz.0.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f754b8eeec9 code=0x7ffc0000 [ 618.816615][ T37] audit: type=1326 audit(1760505790.536:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10880 comm="syz.0.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f754b8eeec9 code=0x7ffc0000 [ 618.817342][ T37] audit: type=1326 audit(1760505790.536:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10880 comm="syz.0.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f754b8eeec9 code=0x7ffc0000 [ 618.839370][ T37] audit: type=1326 audit(1760505790.546:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10880 comm="syz.0.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f754b8eeec9 code=0x7ffc0000 [ 618.873379][ T37] audit: type=1326 audit(1760505790.566:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10880 comm="syz.0.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f754b8eeec9 code=0x7ffc0000 [ 618.939846][ T37] audit: type=1326 audit(1760505790.656:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10880 comm="syz.0.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f754b8eeec9 code=0x7ffc0000 [ 618.941888][ T37] audit: type=1326 audit(1760505790.656:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10880 comm="syz.0.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f754b8eeec9 code=0x7ffc0000 [ 618.942345][ T37] audit: type=1326 audit(1760505790.656:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10880 comm="syz.0.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f754b8eeec9 code=0x7ffc0000 [ 618.942631][ T37] audit: type=1326 audit(1760505790.656:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10880 comm="syz.0.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f754b8eeec9 code=0x7ffc0000 [ 619.301312][ C0] vkms_vblank_simulate: vblank timer overrun [ 619.569003][T10894] netlink: 1296 bytes leftover after parsing attributes in process `syz.0.1658'. [ 620.163687][ C0] vkms_vblank_simulate: vblank timer overrun [ 620.767332][ C0] vkms_vblank_simulate: vblank timer overrun [ 621.056971][ C0] vkms_vblank_simulate: vblank timer overrun [ 622.133541][T10916] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1667'. [ 622.902026][ C0] vkms_vblank_simulate: vblank timer overrun [ 623.077782][ C0] vkms_vblank_simulate: vblank timer overrun [ 623.278993][ C0] vkms_vblank_simulate: vblank timer overrun [ 623.418698][T10931] netlink: 1296 bytes leftover after parsing attributes in process `syz.0.1671'. [ 623.568041][ C0] vkms_vblank_simulate: vblank timer overrun [ 624.333394][ C0] vkms_vblank_simulate: vblank timer overrun [ 624.430967][ C0] vkms_vblank_simulate: vblank timer overrun [ 624.442550][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.442618][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.658975][ C0] vkms_vblank_simulate: vblank timer overrun [ 624.940767][ C0] vkms_vblank_simulate: vblank timer overrun [ 626.936342][ C0] vkms_vblank_simulate: vblank timer overrun [ 627.089131][ C0] vkms_vblank_simulate: vblank timer overrun [ 627.378229][ C0] vkms_vblank_simulate: vblank timer overrun [ 627.775689][ C0] vkms_vblank_simulate: vblank timer overrun [ 627.817492][T10959] overlayfs: failed to resolve './bus': -2 [ 627.918069][T10965] netlink: 1296 bytes leftover after parsing attributes in process `syz.2.1683'. [ 627.921450][ C0] vkms_vblank_simulate: vblank timer overrun [ 628.331797][ T37] kauditd_printk_skb: 12 callbacks suppressed [ 628.331813][ T37] audit: type=1326 audit(1760505800.046:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10966 comm="syz.4.1684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493fb3eec9 code=0x7ffc0000 [ 628.332099][ T37] audit: type=1326 audit(1760505800.046:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10966 comm="syz.4.1684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493fb3eec9 code=0x7ffc0000 [ 628.336860][ T37] audit: type=1326 audit(1760505800.056:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10966 comm="syz.4.1684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f493fb3eec9 code=0x7ffc0000 [ 628.354156][ T37] audit: type=1326 audit(1760505800.066:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10966 comm="syz.4.1684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493fb3eec9 code=0x7ffc0000 [ 628.354206][ T37] audit: type=1326 audit(1760505800.066:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10966 comm="syz.4.1684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493fb3eec9 code=0x7ffc0000 [ 628.354246][ T37] audit: type=1326 audit(1760505800.066:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10966 comm="syz.4.1684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f493fb3eec9 code=0x7ffc0000 [ 628.354286][ T37] audit: type=1326 audit(1760505800.066:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10966 comm="syz.4.1684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493fb3eec9 code=0x7ffc0000 [ 628.354325][ T37] audit: type=1326 audit(1760505800.066:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10966 comm="syz.4.1684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493fb3eec9 code=0x7ffc0000 [ 628.358130][ T37] audit: type=1326 audit(1760505800.076:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10966 comm="syz.4.1684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f493fb3eec9 code=0x7ffc0000 [ 628.360809][ T37] audit: type=1326 audit(1760505800.076:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10966 comm="syz.4.1684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493fb3eec9 code=0x7ffc0000 [ 628.712847][ C0] vkms_vblank_simulate: vblank timer overrun [ 628.977230][ C0] vkms_vblank_simulate: vblank timer overrun [ 629.295311][T10982] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1692'. [ 629.295335][T10982] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1692'. [ 629.295581][T10982] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1692'. [ 629.295597][T10982] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1692'. [ 629.746286][ C0] vkms_vblank_simulate: vblank timer overrun [ 629.948994][ C0] vkms_vblank_simulate: vblank timer overrun [ 630.937423][ C0] vkms_vblank_simulate: vblank timer overrun [ 631.069967][ C0] vkms_vblank_simulate: vblank timer overrun [ 631.196430][ C0] vkms_vblank_simulate: vblank timer overrun [ 631.326458][ T5879] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 631.476470][ T5879] usb 1-1: Using ep0 maxpacket: 16 [ 631.478920][ T5879] usb 1-1: config 0 has no interfaces? [ 631.481476][ T5879] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 631.481497][ T5879] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 631.481507][ T5879] usb 1-1: Product: syz [ 631.481514][ T5879] usb 1-1: Manufacturer: syz [ 631.481521][ T5879] usb 1-1: SerialNumber: syz [ 631.485351][ T5879] usb 1-1: config 0 descriptor?? [ 631.643075][T11016] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1706'. [ 631.643090][T11016] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1706'. [ 631.643295][T11016] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1706'. [ 631.643303][T11016] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1706'. [ 631.707344][ T5879] usb 1-1: USB disconnect, device number 7 [ 631.980873][ C0] vkms_vblank_simulate: vblank timer overrun [ 632.284576][ C0] vkms_vblank_simulate: vblank timer overrun [ 632.787291][ C0] vkms_vblank_simulate: vblank timer overrun [ 634.247378][T11051] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1717'. [ 634.247401][T11051] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1717'. [ 634.247650][T11051] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1717'. [ 634.247664][T11051] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1717'. [ 634.856398][ T9971] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 634.901618][T11062] tipc: Enabling of bearer rejected, already enabled [ 635.279080][ T9971] usb 4-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 635.279108][ T9971] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 635.308223][ T9971] usb 4-1: config 0 descriptor?? [ 635.324252][ T9971] gspca_main: spca508-2.14.0 probing 8086:0110 [ 635.406494][ T5879] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 635.528466][ T9971] gspca_spca508: reg_read err -32 [ 635.530585][ T9971] gspca_spca508: reg_read err -32 [ 635.566476][ T5879] usb 3-1: Using ep0 maxpacket: 16 [ 635.571711][ T5879] usb 3-1: config 0 has no interfaces? [ 635.600088][ T5879] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 635.600107][ T5879] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 635.600156][ T5879] usb 3-1: Product: syz [ 635.600164][ T5879] usb 3-1: Manufacturer: syz [ 635.600171][ T5879] usb 3-1: SerialNumber: syz [ 635.605748][ T5879] usb 3-1: config 0 descriptor?? [ 636.167780][ T9971] gspca_spca508: reg_read err -110 [ 636.181175][ T9971] gspca_spca508: reg_read err -32 [ 636.191835][ T9971] gspca_spca508: reg write: error -32 [ 636.191927][ T9971] spca508 4-1:0.0: probe with driver spca508 failed with error -32 [ 636.214727][ T5879] usb 4-1: USB disconnect, device number 12 [ 636.255970][ T9971] usb 3-1: USB disconnect, device number 11 [ 638.170941][T11092] tipc: Started in network mode [ 638.170970][T11092] tipc: Node identity ac14140f, cluster identity 4711 [ 638.171285][T11092] tipc: New replicast peer: 255.255.255.255 [ 638.172765][T11092] tipc: Enabled bearer , priority 10 [ 639.171729][ T5892] tipc: Node number set to 2886997007 [ 643.346408][ T5892] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 643.347348][ T44] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 643.496533][ T5892] usb 1-1: Using ep0 maxpacket: 16 [ 643.500235][ T44] usb 3-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 643.500261][ T44] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 643.504637][ C0] vkms_vblank_simulate: vblank timer overrun [ 643.549277][ T5892] usb 1-1: config 0 has no interfaces? [ 643.554621][ T5892] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 643.554635][ T5892] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 643.554645][ T5892] usb 1-1: Product: syz [ 643.554652][ T5892] usb 1-1: Manufacturer: syz [ 643.554659][ T5892] usb 1-1: SerialNumber: syz [ 643.651479][ T5892] usb 1-1: config 0 descriptor?? [ 643.651803][ T44] usb 3-1: config 0 descriptor?? [ 643.671851][ T44] gspca_main: spca508-2.14.0 probing 8086:0110 [ 643.874613][ T44] gspca_spca508: reg_read err -32 [ 643.875250][ T44] gspca_spca508: reg_read err -32 [ 644.088571][ T44] gspca_spca508: reg_read err -71 [ 644.088993][ T44] gspca_spca508: reg_read err -71 [ 644.089391][ T44] gspca_spca508: reg write: error -71 [ 644.089479][ T44] spca508 3-1:0.0: probe with driver spca508 failed with error -71 [ 644.092524][ T44] usb 3-1: USB disconnect, device number 12 [ 644.141812][ T5956] usb 1-1: USB disconnect, device number 8 [ 644.146426][ T5892] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 644.436372][ T5892] usb 5-1: Using ep0 maxpacket: 32 [ 644.455951][ T5892] usb 5-1: New USB device found, idVendor=13d3, idProduct=3393, bcdDevice=6b.ed [ 644.455970][ T5892] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 644.455981][ T5892] usb 5-1: Product: syz [ 644.455988][ T5892] usb 5-1: Manufacturer: syz [ 644.455995][ T5892] usb 5-1: SerialNumber: syz [ 644.492463][ T5892] usb 5-1: config 0 descriptor?? [ 644.646385][ C0] vkms_vblank_simulate: vblank timer overrun [ 644.737384][ C0] vkms_vblank_simulate: vblank timer overrun [ 645.923415][ C0] vkms_vblank_simulate: vblank timer overrun [ 646.438708][ C0] vkms_vblank_simulate: vblank timer overrun [ 647.761629][ C0] vkms_vblank_simulate: vblank timer overrun [ 648.551697][ T44] usb 5-1: USB disconnect, device number 17 [ 649.136446][ T5956] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 649.166401][ T5879] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 649.289507][ T5956] usb 4-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 649.289525][ T5956] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 649.344675][ T5956] usb 4-1: config 0 descriptor?? [ 649.346456][ T5879] usb 5-1: Using ep0 maxpacket: 16 [ 649.348839][ T5879] usb 5-1: config 0 has no interfaces? [ 649.351967][ T5879] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 649.351991][ T5879] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 649.352010][ T5879] usb 5-1: Product: syz [ 649.352024][ T5879] usb 5-1: Manufacturer: syz [ 649.352035][ T5879] usb 5-1: SerialNumber: syz [ 649.561033][ T5879] usb 5-1: config 0 descriptor?? [ 649.578032][ T5956] gspca_main: spca508-2.14.0 probing 8086:0110 [ 650.135697][ T5956] gspca_spca508: reg_read err -110 [ 650.140600][ T5956] gspca_spca508: reg_read err -32 [ 650.151259][ T5956] gspca_spca508: reg_read err -32 [ 650.266756][ T44] usb 5-1: USB disconnect, device number 18 [ 650.362537][ T5956] gspca_spca508: reg_read err -71 [ 650.363119][ T5956] gspca_spca508: reg write: error -71 [ 650.363216][ T5956] spca508 4-1:0.0: probe with driver spca508 failed with error -71 [ 650.367630][ T5956] usb 4-1: USB disconnect, device number 13 [ 653.346465][ T5892] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 654.156687][ T5892] usb 5-1: Using ep0 maxpacket: 32 [ 654.436449][ T5892] usb 5-1: New USB device found, idVendor=13d3, idProduct=3393, bcdDevice=6b.ed [ 654.477051][ T5892] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 654.477083][ T5892] usb 5-1: Product: syz [ 654.477097][ T5892] usb 5-1: Manufacturer: syz [ 654.522297][ T5892] usb 5-1: SerialNumber: syz [ 654.528559][ T5892] usb 5-1: config 0 descriptor?? [ 655.014550][T11248] netlink: 1296 bytes leftover after parsing attributes in process `syz.0.1781'. [ 655.916033][T11253] tipc: Enabling of bearer rejected, already enabled [ 656.495535][ C1] vkms_vblank_simulate: vblank timer overrun [ 658.548223][ C1] vkms_vblank_simulate: vblank timer overrun [ 658.693826][ T1224] usb 5-1: USB disconnect, device number 19 [ 659.169495][ C1] vkms_vblank_simulate: vblank timer overrun [ 659.938014][ C1] vkms_vblank_simulate: vblank timer overrun [ 659.988880][T11291] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1799'. [ 659.988900][T11291] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1799'. [ 660.540433][ C1] vkms_vblank_simulate: vblank timer overrun [ 660.922258][ T6998] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 660.922773][ T6998] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 660.922814][ T6998] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 660.922849][ T6998] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 660.923070][T11291] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1799'. [ 660.923088][T11291] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1799'. [ 663.740291][T11312] Can't find ip_set type hash:ip,po [ 665.247145][ T44] usb 5-1: new full-speed USB device number 20 using dummy_hcd [ 666.174434][ T61] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 666.275963][T11334] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1812'. [ 666.276051][T11334] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1812'. [ 666.336531][ T44] usb 5-1: device descriptor read/64, error -71 [ 666.404748][T11334] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1812'. [ 666.404774][T11334] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1812'. [ 666.404838][ T8375] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 666.409336][ T8375] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 666.409386][ T8375] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 666.409421][ T8375] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 666.936447][ T44] usb 5-1: new full-speed USB device number 21 using dummy_hcd [ 667.086410][ T44] usb 5-1: device descriptor read/64, error -71 [ 667.199578][ T44] usb usb5-port1: attempt power cycle [ 672.626619][ T5879] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 672.816458][ T5879] usb 5-1: Using ep0 maxpacket: 32 [ 672.834259][ T5879] usb 5-1: New USB device found, idVendor=13d3, idProduct=3393, bcdDevice=6b.ed [ 672.834301][ T5879] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 672.834323][ T5879] usb 5-1: Product: syz [ 672.834337][ T5879] usb 5-1: Manufacturer: syz [ 672.834352][ T5879] usb 5-1: SerialNumber: syz [ 672.841483][ T5879] usb 5-1: config 0 descriptor?? [ 673.036387][ T1224] usb 4-1: new full-speed USB device number 14 using dummy_hcd [ 673.177334][ T1224] usb 4-1: device descriptor read/64, error -71 [ 673.417354][ T1224] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 673.613542][ T44] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 673.726445][ T1224] usb 4-1: device descriptor read/64, error -71 [ 673.764600][ T44] usb 1-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 673.764619][ T44] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 673.785070][ T44] usb 1-1: config 0 descriptor?? [ 673.795163][ T44] gspca_main: spca508-2.14.0 probing 8086:0110 [ 673.839591][ T1224] usb usb4-port1: attempt power cycle [ 674.010539][ T44] gspca_spca508: reg_read err -32 [ 674.254708][ T44] gspca_spca508: reg_read err -71 [ 674.255313][ T1224] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 674.272143][ T44] gspca_spca508: reg_read err -71 [ 674.274542][ T44] gspca_spca508: reg_read err -71 [ 674.274971][ T44] gspca_spca508: reg write: error -71 [ 674.275066][ T44] spca508 1-1:0.0: probe with driver spca508 failed with error -71 [ 674.278926][ T1224] usb 4-1: device descriptor read/8, error -71 [ 674.313072][ T44] usb 1-1: USB disconnect, device number 9 [ 675.176591][ T1224] usb 4-1: new full-speed USB device number 17 using dummy_hcd [ 675.233385][ T1224] usb 4-1: device descriptor read/8, error -71 [ 675.338297][ T1224] usb usb4-port1: unable to enumerate USB device [ 676.620009][T11401] tipc: Enabling of bearer rejected, already enabled [ 676.650223][ T1224] usb 5-1: USB disconnect, device number 23 [ 677.996564][ T37] kauditd_printk_skb: 11 callbacks suppressed [ 677.996584][ T37] audit: type=1800 audit(1760505849.556:137): pid=11408 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.1836" name="SYSV00000000" dev="tmpfs" ino=2 res=0 errno=0 [ 680.523015][ T61] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 682.053318][ T1224] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 682.238010][ C0] vkms_vblank_simulate: vblank timer overrun [ 682.966925][ C0] vkms_vblank_simulate: vblank timer overrun [ 682.988629][ T1224] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 682.988659][ T1224] usb 5-1: New USB device found, idVendor=046d, idProduct=c532, bcdDevice= 0.00 [ 682.988678][ T1224] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 682.991898][ T1224] usb 5-1: config 0 descriptor?? [ 683.152479][ C0] vkms_vblank_simulate: vblank timer overrun [ 683.899186][ C0] vkms_vblank_simulate: vblank timer overrun [ 684.235932][ T1224] usbhid 5-1:0.0: can't add hid device: -71 [ 684.236063][ T1224] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 684.244546][ T1224] usb 5-1: USB disconnect, device number 24 [ 685.034580][ C0] vkms_vblank_simulate: vblank timer overrun [ 685.093437][T11450] usb usb5: usbfs: process 11450 (syz.2.1847) did not claim interface 0 before use [ 685.137924][ C0] vkms_vblank_simulate: vblank timer overrun [ 685.243080][ C0] vkms_vblank_simulate: vblank timer overrun [ 685.778438][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.778510][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 685.996458][ T44] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 686.171199][ C0] vkms_vblank_simulate: vblank timer overrun [ 686.196423][ T44] usb 5-1: Using ep0 maxpacket: 32 [ 686.294862][ T44] usb 5-1: New USB device found, idVendor=13d3, idProduct=3393, bcdDevice=6b.ed [ 686.294892][ T44] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 686.294912][ T44] usb 5-1: Product: syz [ 686.294925][ T44] usb 5-1: Manufacturer: syz [ 686.294938][ T44] usb 5-1: SerialNumber: syz [ 686.614260][ C0] vkms_vblank_simulate: vblank timer overrun [ 687.337036][ T61] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 687.602936][ T44] usb 5-1: config 0 descriptor?? [ 687.735432][ C0] vkms_vblank_simulate: vblank timer overrun [ 687.799927][ C0] vkms_vblank_simulate: vblank timer overrun [ 690.612080][ C0] vkms_vblank_simulate: vblank timer overrun [ 690.748038][ C0] vkms_vblank_simulate: vblank timer overrun [ 692.177477][ C0] vkms_vblank_simulate: vblank timer overrun [ 692.405475][ T37] audit: type=1800 audit(1760505864.116:138): pid=11504 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.1866" name="SYSV00000000" dev="tmpfs" ino=1 res=0 errno=0 [ 692.620097][ T61] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 693.176443][ T44] usb 5-1: can't set config #0, error -110 [ 694.476026][T11482] usb 5-1: USB disconnect, device number 25 [ 696.349046][ T61] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 697.654073][ T37] audit: type=1800 audit(1760505869.366:139): pid=11545 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.1880" name="SYSV00000000" dev="tmpfs" ino=3 res=0 errno=0 [ 697.782948][T11547] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1879'. [ 700.041150][T11565] netlink: 1296 bytes leftover after parsing attributes in process `syz.0.1885'. [ 700.830300][ C0] vkms_vblank_simulate: vblank timer overrun [ 701.709940][ C0] vkms_vblank_simulate: vblank timer overrun [ 701.737818][ T61] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 703.834056][ C0] vkms_vblank_simulate: vblank timer overrun [ 704.059844][ C0] vkms_vblank_simulate: vblank timer overrun [ 704.411595][ C0] vkms_vblank_simulate: vblank timer overrun [ 704.716613][ T5956] usb 1-1: new full-speed USB device number 10 using dummy_hcd [ 704.908338][ C0] vkms_vblank_simulate: vblank timer overrun [ 704.909417][ T5956] usb 1-1: device descriptor read/64, error -71 [ 705.050454][ C0] vkms_vblank_simulate: vblank timer overrun [ 705.816068][ T61] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 706.216381][ T5956] usb 1-1: new full-speed USB device number 11 using dummy_hcd [ 706.546486][ T5956] usb 1-1: device descriptor read/64, error -71 [ 706.656758][ T5956] usb usb1-port1: attempt power cycle [ 707.026516][ T1224] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 707.034669][ T5956] usb 1-1: new full-speed USB device number 12 using dummy_hcd [ 707.061861][ T5956] usb 1-1: device descriptor read/8, error -71 [ 707.316423][ T5956] usb 1-1: new full-speed USB device number 13 using dummy_hcd [ 707.467204][ T1224] usb 4-1: Using ep0 maxpacket: 32 [ 707.541909][ T1224] usb 4-1: New USB device found, idVendor=13d3, idProduct=3393, bcdDevice=6b.ed [ 707.541928][ T1224] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 707.541939][ T1224] usb 4-1: Product: syz [ 707.541946][ T1224] usb 4-1: Manufacturer: syz [ 707.541954][ T1224] usb 4-1: SerialNumber: syz [ 707.548544][ T1224] usb 4-1: config 0 descriptor?? [ 707.620308][ T5956] usb 1-1: device descriptor read/8, error -71 [ 707.729182][ T5956] usb usb1-port1: unable to enumerate USB device [ 711.607068][ T61] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 712.537134][ T1224] usb 4-1: USB disconnect, device number 18 [ 714.901050][T11682] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1925'. [ 715.028908][T11685] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1923'. [ 717.444765][ T61] Bluetooth: Unexpected continuation frame (len 16) [ 720.941654][T11722] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1938'. [ 725.186828][ T5879] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 725.736462][ T5879] usb 4-1: Using ep0 maxpacket: 32 [ 725.744451][ T5879] usb 4-1: New USB device found, idVendor=13d3, idProduct=3393, bcdDevice=6b.ed [ 725.744468][ T5879] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 725.744478][ T5879] usb 4-1: Product: syz [ 725.744486][ T5879] usb 4-1: Manufacturer: syz [ 725.744493][ T5879] usb 4-1: SerialNumber: syz [ 725.784181][ T5879] usb 4-1: config 0 descriptor?? [ 726.928394][T11785] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1960'. [ 730.944481][ T5879] usb 4-1: USB disconnect, device number 19 [ 735.933118][T11853] netlink: 'syz.4.1982': attribute type 4 has an invalid length. [ 736.480404][T11864] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1985'. [ 737.163186][T11871] bridge0: port 1(gretap0) entered blocking state [ 737.172201][T11871] bridge0: port 1(gretap0) entered disabled state [ 737.185680][T11871] gretap0: entered allmulticast mode [ 737.258824][T11871] gretap0: entered promiscuous mode [ 737.313786][T11871] bridge0: port 1(gretap0) entered blocking state [ 737.317407][T11871] bridge0: port 1(gretap0) entered forwarding state [ 737.984105][ T37] audit: type=1326 audit(1760505909.696:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11878 comm="syz.2.1991" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f08da75eec9 code=0x0 [ 739.192085][T11889] netlink: 1296 bytes leftover after parsing attributes in process `syz.4.1993'. [ 739.392188][T11882] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8) [ 739.392215][T11882] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 739.514744][T11882] vhci_hcd vhci_hcd.0: Device attached [ 739.905527][ C1] vkms_vblank_simulate: vblank timer overrun [ 739.912682][ T5812] usb 37-1: new high-speed USB device number 3 using vhci_hcd [ 739.930595][T11891] vhci_hcd: sendmsg failed!, ret=-32 for 48 [ 739.969285][T11886] vhci_hcd: connection closed [ 739.973880][ T8377] vhci_hcd: stop threads [ 739.973901][ T8377] vhci_hcd: release socket [ 739.973966][ T8377] vhci_hcd: disconnect device [ 740.176378][ C1] vkms_vblank_simulate: vblank timer overrun [ 740.861522][ C1] vkms_vblank_simulate: vblank timer overrun [ 741.695872][ C1] vkms_vblank_simulate: vblank timer overrun [ 742.605971][ C1] vkms_vblank_simulate: vblank timer overrun [ 742.757286][ C1] vkms_vblank_simulate: vblank timer overrun [ 742.859597][T11922] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2002'. [ 743.292892][ C1] vkms_vblank_simulate: vblank timer overrun [ 743.491118][ C1] vkms_vblank_simulate: vblank timer overrun [ 743.510400][ C1] vkms_vblank_simulate: vblank timer overrun [ 744.097037][ C1] vkms_vblank_simulate: vblank timer overrun [ 744.697284][ C1] vkms_vblank_simulate: vblank timer overrun [ 744.773049][T11938] netlink: 1296 bytes leftover after parsing attributes in process `syz.2.2008'. [ 745.196427][ T5812] vhci_hcd: vhci_device speed not set [ 745.206105][T11941] tipc: Enabling of bearer rejected, already enabled [ 745.295878][ C0] vkms_vblank_simulate: vblank timer overrun [ 745.731286][ C0] vkms_vblank_simulate: vblank timer overrun [ 745.856556][T11951] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2011'. [ 746.132547][ C0] vkms_vblank_simulate: vblank timer overrun [ 746.156626][ C0] vkms_vblank_simulate: vblank timer overrun [ 746.184270][ C0] vkms_vblank_simulate: vblank timer overrun [ 746.255627][ C0] vkms_vblank_simulate: vblank timer overrun [ 746.617114][ C0] vkms_vblank_simulate: vblank timer overrun [ 746.669061][ T37] audit: type=1326 audit(1760505918.386:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11944 comm="syz.2.2012" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f08da75eec9 code=0x0 [ 747.012343][T11956] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8) [ 747.012370][T11956] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 747.015976][T11956] vhci_hcd vhci_hcd.0: Device attached [ 747.212457][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.212531][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.218506][ T5956] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 747.218698][T11958] vhci_hcd: connection closed [ 747.306433][ T43] vhci_hcd: stop threads [ 747.306452][ T43] vhci_hcd: release socket [ 747.308378][ T43] vhci_hcd: disconnect device [ 747.367782][ T5956] usb 5-1: Using ep0 maxpacket: 16 [ 747.375043][ T5956] usb 5-1: config 0 has no interfaces? [ 747.379885][ T5956] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 747.379912][ T5956] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 747.379930][ T5956] usb 5-1: Product: syz [ 747.379944][ T5956] usb 5-1: Manufacturer: syz [ 747.379957][ T5956] usb 5-1: SerialNumber: syz [ 747.385653][ T5956] usb 5-1: config 0 descriptor?? [ 747.756493][T11482] vhci_hcd: vhci_device speed not set [ 747.800025][ T1224] usb 5-1: USB disconnect, device number 26 [ 748.829329][ C0] vkms_vblank_simulate: vblank timer overrun [ 749.791326][ T61] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 751.942973][ T1224] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 752.041502][T11997] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2024'. [ 752.556680][ T1224] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz0 [ 753.183508][T12000] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 753.212911][ T37] audit: type=1326 audit(1760505924.926:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12004 comm="syz.3.2029" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f63d17eeec9 code=0x0 [ 753.717382][T12000] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface [ 753.991987][T12008] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8) [ 753.992005][T12008] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 753.992089][T12008] vhci_hcd vhci_hcd.0: Device attached [ 754.301140][T12000] bond1 (unregistering): Released all slaves [ 755.247017][ T1224] usb 39-1: new high-speed USB device number 3 using vhci_hcd [ 755.261305][T12013] vhci_hcd: connection reset by peer [ 755.281078][ T6981] vhci_hcd: stop threads [ 755.281097][ T6981] vhci_hcd: release socket [ 755.281311][ T6981] vhci_hcd: disconnect device [ 757.243975][T12035] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2036'. [ 757.244339][T12035] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2036'. [ 757.732592][T12043] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2038'. [ 757.866903][ T44] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 758.620824][ T44] usb 1-1: Using ep0 maxpacket: 16 [ 759.080799][ T44] usb 1-1: config 0 has no interfaces? [ 759.085035][ T44] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 759.085051][ T44] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 759.085061][ T44] usb 1-1: Product: syz [ 759.085068][ T44] usb 1-1: Manufacturer: syz [ 759.085075][ T44] usb 1-1: SerialNumber: syz [ 759.149095][ T44] usb 1-1: config 0 descriptor?? [ 759.506035][T12052] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2040'. [ 760.424624][ T1224] vhci_hcd: vhci_device speed not set [ 760.549455][ T5956] usb 1-1: USB disconnect, device number 14 [ 761.401615][ C1] vkms_vblank_simulate: vblank timer overrun [ 761.618069][ C1] vkms_vblank_simulate: vblank timer overrun [ 762.393777][ C1] vkms_vblank_simulate: vblank timer overrun [ 762.543298][ C1] vkms_vblank_simulate: vblank timer overrun [ 762.606116][T12074] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2048'. [ 762.606879][T12074] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2048'. [ 762.741621][ C1] vkms_vblank_simulate: vblank timer overrun [ 763.604743][ C1] vkms_vblank_simulate: vblank timer overrun [ 764.107103][ C1] vkms_vblank_simulate: vblank timer overrun [ 764.283608][ C1] vkms_vblank_simulate: vblank timer overrun [ 764.385286][ C1] vkms_vblank_simulate: vblank timer overrun [ 764.915262][ C1] vkms_vblank_simulate: vblank timer overrun [ 765.624991][ C1] vkms_vblank_simulate: vblank timer overrun [ 766.066436][ T5894] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 766.136431][ T1224] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 766.346426][ T5894] usb 3-1: Using ep0 maxpacket: 16 [ 766.348580][ T5894] usb 3-1: config 0 has no interfaces? [ 767.329483][ T1224] usb 5-1: config 220 has an invalid interface number: 76 but max is 2 [ 767.329511][ T1224] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 767.329531][ T1224] usb 5-1: config 220 has no interface number 2 [ 767.329609][ T1224] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 767.329636][ T1224] usb 5-1: config 220 interface 0 has no altsetting 0 [ 767.329653][ T1224] usb 5-1: config 220 interface 76 has no altsetting 0 [ 767.329669][ T1224] usb 5-1: config 220 interface 1 has no altsetting 0 [ 767.378649][ T1224] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 767.378677][ T1224] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 767.378697][ T1224] usb 5-1: Product: syz [ 767.378710][ T1224] usb 5-1: Manufacturer: syz [ 767.378723][ T1224] usb 5-1: SerialNumber: syz [ 767.426214][ T5894] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 767.426232][ T5894] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 767.426242][ T5894] usb 3-1: Product: syz [ 767.426458][ T5894] usb 3-1: Manufacturer: syz [ 767.426472][ T5894] usb 3-1: SerialNumber: syz [ 767.491800][ T5894] usb 3-1: config 0 descriptor?? [ 768.959820][ T5894] usb 3-1: USB disconnect, device number 13 [ 769.071164][ T1224] usb 5-1: selecting invalid altsetting 0 [ 769.076000][ T1224] uvcvideo 5-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 769.076039][ T1224] uvcvideo 5-1:220.0: No valid video chain found. [ 769.161837][ T1224] usb 5-1: selecting invalid altsetting 0 [ 769.161876][ T1224] usbtest 5-1:220.1: probe with driver usbtest failed with error -22 [ 769.214024][ T1224] usb 5-1: USB disconnect, device number 27 [ 771.274879][T12150] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 771.286005][T12150] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 771.700414][T12150] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 771.700506][T12150] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 771.714547][ T61] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 771.758592][T12150] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 771.758643][T12150] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 772.047774][T12150] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 772.047827][T12150] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 772.417787][T12150] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 772.417890][T12150] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 772.631666][T12150] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 773.286462][ T61] Bluetooth: hci0: command 0x0406 tx timeout [ 773.766414][ T61] Bluetooth: hci2: command 0x0406 tx timeout [ 773.766503][T12166] Bluetooth: hci1: command 0x0406 tx timeout [ 774.230213][ T61] Bluetooth: hci3: command 0x0406 tx timeout [ 775.089087][ T61] Bluetooth: hci4: command 0x0c1a tx timeout [ 775.382356][ T61] Bluetooth: hci0: command 0x0406 tx timeout [ 775.858985][ T61] Bluetooth: hci2: command 0x0406 tx timeout [ 776.122289][ T61] Bluetooth: hci1: command 0x0406 tx timeout [ 776.491041][ T61] Bluetooth: hci3: command 0x0406 tx timeout [ 777.126584][ T61] Bluetooth: hci4: command 0x0c1a tx timeout [ 778.009630][ T61] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 779.546876][ T61] Bluetooth: hci4: command 0x0c1a tx timeout [ 785.082439][T12265] input: syz1 as /devices/virtual/input/input8 [ 785.082694][T12265] input: failed to attach handler leds to device input8, error: -6 [ 785.317105][T12267] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2107'. [ 794.074410][T12319] random: crng reseeded on system resumption [ 794.849426][T12323] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 795.791083][T12329] netlink: 'syz.3.2131': attribute type 21 has an invalid length. [ 795.794097][T12329] netlink: 'syz.3.2131': attribute type 6 has an invalid length. [ 795.794194][T12329] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2131'. [ 796.404674][ T37] audit: type=1326 audit(1760505968.116:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12333 comm="syz.3.2133" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f63d17eeec9 code=0x0 [ 796.671436][T12342] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8) [ 796.671462][T12342] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 796.671531][T12342] vhci_hcd vhci_hcd.0: Device attached [ 796.916396][ T44] usb 39-1: new high-speed USB device number 4 using vhci_hcd [ 797.749511][T12345] vhci_hcd: connection reset by peer [ 798.006620][ T70] vhci_hcd: stop threads [ 798.006641][ T70] vhci_hcd: release socket [ 798.006720][ T70] vhci_hcd: disconnect device [ 798.366997][T12360] netlink: 31 bytes leftover after parsing attributes in process `syz.4.2139'. [ 802.056861][ T44] vhci_hcd: vhci_device speed not set [ 803.482776][T12166] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 803.503162][T12166] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 803.506205][T12166] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 803.509138][T12166] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 803.515405][T12166] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 804.404582][T12166] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 805.731637][T12166] Bluetooth: hci5: command tx timeout [ 807.448330][T12392] chnl_net:caif_netlink_parms(): no params data found [ 807.766442][T12166] Bluetooth: hci5: command tx timeout [ 807.784409][T12434] netlink: 1296 bytes leftover after parsing attributes in process `syz.3.2163'. [ 808.663969][ C0] vkms_vblank_simulate: vblank timer overrun [ 808.665395][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.665465][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.097633][ C0] vkms_vblank_simulate: vblank timer overrun [ 809.700800][ C0] vkms_vblank_simulate: vblank timer overrun [ 810.017471][ C0] vkms_vblank_simulate: vblank timer overrun [ 810.026737][T12166] Bluetooth: hci5: command tx timeout [ 810.531955][ C0] vkms_vblank_simulate: vblank timer overrun [ 810.573431][ C0] vkms_vblank_simulate: vblank timer overrun [ 810.769342][ C0] vkms_vblank_simulate: vblank timer overrun [ 810.806798][ C0] vkms_vblank_simulate: vblank timer overrun [ 810.839465][ C0] vkms_vblank_simulate: vblank timer overrun [ 810.884934][ C0] vkms_vblank_simulate: vblank timer overrun [ 810.997387][ C0] vkms_vblank_simulate: vblank timer overrun [ 811.069262][ C0] vkms_vblank_simulate: vblank timer overrun [ 811.881861][ T6981] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 812.335330][T12166] Bluetooth: hci5: command tx timeout [ 812.361527][ C0] vkms_vblank_simulate: vblank timer overrun [ 813.144956][ C0] vkms_vblank_simulate: vblank timer overrun [ 813.535373][ C0] vkms_vblank_simulate: vblank timer overrun [ 814.067138][T12490] netlink: 277 bytes leftover after parsing attributes in process `syz.0.2179'. [ 814.550109][ T6981] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 816.010093][ T6981] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 816.136601][ T44] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 816.154545][T12392] bridge0: port 1(bridge_slave_0) entered blocking state [ 816.154892][T12392] bridge0: port 1(bridge_slave_0) entered disabled state [ 816.155121][T12392] bridge_slave_0: entered allmulticast mode [ 816.180226][T12392] bridge_slave_0: entered promiscuous mode [ 816.443110][ T6981] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 816.512981][ T44] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 816.513098][ T44] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 816.513329][ T44] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 816.513411][ T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 816.807308][T12516] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 816.813342][ T44] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 816.858088][T12392] bridge0: port 2(bridge_slave_1) entered blocking state [ 816.858407][T12392] bridge0: port 2(bridge_slave_1) entered disabled state [ 816.859049][T12392] bridge_slave_1: entered allmulticast mode [ 816.867311][T12392] bridge_slave_1: entered promiscuous mode [ 817.397091][T12529] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 818.662851][T12392] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 818.708468][T12392] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 818.740203][ T5956] usb 5-1: USB disconnect, device number 28 [ 818.756634][ T5879] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 818.906579][ T5879] usb 1-1: Using ep0 maxpacket: 16 [ 818.908907][ T5879] usb 1-1: config 0 has no interfaces? [ 818.915725][ T5879] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 818.915752][ T5879] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 818.915771][ T5879] usb 1-1: Product: syz [ 818.915784][ T5879] usb 1-1: Manufacturer: syz [ 818.915798][ T5879] usb 1-1: SerialNumber: syz [ 818.972708][ T5879] usb 1-1: config 0 descriptor?? [ 819.061543][T12392] team0: Port device team_slave_0 added [ 819.208647][T12392] team0: Port device team_slave_1 added [ 820.511948][ T44] usb 1-1: USB disconnect, device number 15 [ 822.053495][T12392] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 822.053513][T12392] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 822.053540][T12392] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 822.093153][T12392] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 822.093170][T12392] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 822.093195][T12392] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 824.290633][ T6981] bond0 (unregistering): Released all slaves [ 824.603670][ T6981] tipc: Disabling bearer [ 824.604175][ T6981] tipc: Left network mode [ 824.619939][T12392] hsr_slave_0: entered promiscuous mode [ 824.620720][T12392] hsr_slave_1: entered promiscuous mode [ 824.621316][T12392] debugfs: 'hsr0' already exists in 'hsr' [ 824.621331][T12392] Cannot create hsr debugfs directory [ 827.006516][ T44] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 827.170168][ T6981] hsr_slave_0: left promiscuous mode [ 827.316462][ T44] usb 5-1: Using ep0 maxpacket: 16 [ 827.320848][ T44] usb 5-1: config 0 has no interfaces? [ 827.332497][ T6981] veth1_macvtap: left promiscuous mode [ 827.332794][ T6981] veth0_macvtap: left promiscuous mode [ 827.333137][ T6981] veth1_vlan: left promiscuous mode [ 827.336042][ T6981] veth0_vlan: left promiscuous mode [ 827.363359][ T44] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 827.363387][ T44] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 827.363413][ T44] usb 5-1: Product: syz [ 827.363425][ T44] usb 5-1: Manufacturer: syz [ 827.363438][ T44] usb 5-1: SerialNumber: syz [ 827.397875][ T44] usb 5-1: config 0 descriptor?? [ 831.894999][ T1224] usb 5-1: USB disconnect, device number 29 [ 832.941005][T12392] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 833.011851][T12392] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 833.113780][T12392] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 833.210069][T12392] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 833.523486][T12392] 8021q: adding VLAN 0 to HW filter on device bond0 [ 833.584501][T12392] 8021q: adding VLAN 0 to HW filter on device team0 [ 833.610889][ T6988] bridge0: port 1(bridge_slave_0) entered blocking state [ 833.611115][ T6988] bridge0: port 1(bridge_slave_0) entered forwarding state [ 834.395688][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 834.418125][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 834.429422][ T37] audit: type=1326 audit(1760506006.146:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12652 comm="syz.0.2226" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f754b8eeec9 code=0x0 [ 837.551294][ C1] vkms_vblank_simulate: vblank timer overrun [ 838.204333][ C1] vkms_vblank_simulate: vblank timer overrun [ 838.329314][T12392] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 838.340188][ C1] vkms_vblank_simulate: vblank timer overrun [ 839.532763][ C1] vkms_vblank_simulate: vblank timer overrun [ 840.130523][ C1] vkms_vblank_simulate: vblank timer overrun [ 840.456730][T12392] veth0_vlan: entered promiscuous mode [ 840.473700][T12392] veth1_vlan: entered promiscuous mode [ 840.559096][T12392] veth0_macvtap: entered promiscuous mode [ 840.574183][T12392] veth1_macvtap: entered promiscuous mode [ 840.622146][T12392] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 840.650886][T12392] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 840.669987][ T37] audit: type=1326 audit(1760506012.386:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12707 comm="syz.4.2240" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f493fb3eec9 code=0x0 [ 840.683319][ T8377] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 840.683582][ T8377] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 840.683619][ T8377] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 840.683652][ T8377] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 841.402396][T12717] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8) [ 841.404236][T12717] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 841.413819][T12717] vhci_hcd vhci_hcd.0: Device attached [ 841.696504][T12718] vhci_hcd: connection closed [ 841.696878][ T44] usb 41-1: new high-speed USB device number 2 using vhci_hcd [ 841.726729][ T6988] vhci_hcd: stop threads [ 841.726750][ T6988] vhci_hcd: release socket [ 841.726829][ T6988] vhci_hcd: disconnect device [ 842.125800][T12725] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2244'. [ 842.415529][ T8377] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 842.415550][ T8377] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 842.514124][ T6981] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 842.514145][ T6981] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 844.219803][T12746] gfs2: error -5 reading superblock [ 844.918446][ T37] audit: type=1326 audit(1760506016.636:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12759 comm="syz.3.2256" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f63d17eeec9 code=0x0 [ 845.076474][T12771] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8) [ 845.076500][T12771] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 845.079958][T12771] vhci_hcd vhci_hcd.0: Device attached [ 845.361826][T12524] usb 39-1: new high-speed USB device number 5 using vhci_hcd [ 845.747087][T12772] vhci_hcd: connection reset by peer [ 845.802004][ T2862] vhci_hcd: stop threads [ 845.802025][ T2862] vhci_hcd: release socket [ 845.802099][ T2862] vhci_hcd: disconnect device [ 846.866445][ T44] vhci_hcd: vhci_device speed not set [ 848.513625][ T61] Bluetooth: hci4: ACL packet for unknown connection handle 200 [ 849.869671][T12846] tipc: Started in network mode [ 849.869702][T12846] tipc: Node identity c6fd19dc65ba, cluster identity 4711 [ 849.869916][T12846] tipc: Enabled bearer , priority 0 [ 849.870831][T12846] syzkaller0: entered promiscuous mode [ 849.870854][T12846] syzkaller0: entered allmulticast mode [ 849.874783][T12846] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 850.214306][T12852] tipc: Resetting bearer [ 850.884599][T12860] tipc: Enabled bearer , priority 0 [ 850.918477][ T5812] tipc: Node number set to 2739345884 [ 851.109914][T12845] tipc: Resetting bearer [ 851.447721][T12524] vhci_hcd: vhci_device speed not set [ 851.603276][T12871] netlink: 1296 bytes leftover after parsing attributes in process `syz.0.2294'. [ 851.629908][T12845] tipc: Disabling bearer [ 851.786844][T12863] syzkaller0: entered promiscuous mode [ 851.786871][T12863] syzkaller0: entered allmulticast mode [ 852.157234][T12869] tipc: Resetting bearer [ 852.186635][T12857] tipc: Resetting bearer [ 852.367725][T12857] tipc: Disabling bearer [ 852.704301][ T37] audit: type=1326 audit(1760506024.416:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12886 comm="syz.5.2303" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f711a9beec9 code=0x0 [ 853.074503][T12894] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(8) [ 853.074645][T12894] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 853.077079][T12894] vhci_hcd vhci_hcd.0: Device attached [ 853.396376][T12524] usb 43-1: new high-speed USB device number 2 using vhci_hcd [ 853.534584][T12900] netlink: 'syz.4.2305': attribute type 10 has an invalid length. [ 853.534995][T12900] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2305'. [ 853.535008][T12900] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2305'. [ 853.535026][T12900] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2305'. [ 853.540113][T12900] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2305'. [ 853.626512][T12895] vhci_hcd: connection reset by peer [ 853.626915][ T8375] vhci_hcd: stop threads [ 853.626931][ T8375] vhci_hcd: release socket [ 853.626999][ T8375] vhci_hcd: disconnect device [ 854.215141][ C0] vkms_vblank_simulate: vblank timer overrun [ 854.394587][T12928] netlink: 277 bytes leftover after parsing attributes in process `syz.3.2316'. [ 854.591758][ C0] vkms_vblank_simulate: vblank timer overrun [ 854.632338][ C0] vkms_vblank_simulate: vblank timer overrun [ 854.706993][ T5812] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 854.894340][ T5812] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 854.894370][ T5812] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 854.894390][ T5812] usb 6-1: Product: syz [ 854.894404][ T5812] usb 6-1: Manufacturer: syz [ 854.894417][ T5812] usb 6-1: SerialNumber: syz [ 854.937868][ T5812] usb 6-1: config 0 descriptor?? [ 855.155345][ T5812] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 855.663233][ C0] vkms_vblank_simulate: vblank timer overrun [ 856.424752][ C0] vkms_vblank_simulate: vblank timer overrun [ 856.675493][T12954] netlink: 277 bytes leftover after parsing attributes in process `syz.4.2329'. [ 856.690389][ T37] audit: type=1326 audit(1760506028.406:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12955 comm="syz.3.2328" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f63d17eeec9 code=0x0 [ 856.763079][ T5812] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 856.865112][T12959] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8) [ 856.865140][T12959] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 856.865310][T12959] vhci_hcd vhci_hcd.0: Device attached [ 857.060378][T12966] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2331'. [ 857.222216][ T5812] usb 39-1: new high-speed USB device number 6 using vhci_hcd [ 857.666323][T12960] vhci_hcd: connection reset by peer [ 857.678952][ T6984] vhci_hcd: stop threads [ 857.678970][ T6984] vhci_hcd: release socket [ 857.679036][ T6984] vhci_hcd: disconnect device [ 858.213404][ T44] usb 6-1: USB disconnect, device number 2 [ 858.486587][T12524] vhci_hcd: vhci_device speed not set [ 861.356448][T12727] usb 4-1: new full-speed USB device number 20 using dummy_hcd [ 861.510901][T12727] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 861.510959][T12727] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 861.510970][T12727] usb 4-1: Product: syz [ 861.510978][T12727] usb 4-1: Manufacturer: syz [ 861.510985][T12727] usb 4-1: SerialNumber: syz [ 861.514096][T12727] usb 4-1: config 0 descriptor?? [ 861.767636][T13021] netlink: 1296 bytes leftover after parsing attributes in process `syz.4.2348'. [ 862.013041][T12727] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 862.316556][ T5812] vhci_hcd: vhci_device speed not set [ 862.614913][T12727] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 862.946407][T11482] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 863.104217][ C1] vkms_vblank_simulate: vblank timer overrun [ 863.278777][ C1] vkms_vblank_simulate: vblank timer overrun [ 863.396046][ C1] vkms_vblank_simulate: vblank timer overrun [ 863.906954][ C1] vkms_vblank_simulate: vblank timer overrun [ 863.923652][T11482] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 863.923689][T11482] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 863.923734][T11482] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 863.923758][T11482] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 863.970084][T13026] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 864.110970][T11482] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 864.664422][ C1] vkms_vblank_simulate: vblank timer overrun [ 864.755335][ T1224] usb 4-1: USB disconnect, device number 20 [ 864.851414][T11482] usb 5-1: USB disconnect, device number 30 [ 865.087321][ C1] vkms_vblank_simulate: vblank timer overrun [ 865.851934][ C1] vkms_vblank_simulate: vblank timer overrun [ 866.488712][ C1] vkms_vblank_simulate: vblank timer overrun [ 866.721658][ C1] vkms_vblank_simulate: vblank timer overrun [ 867.636385][T11482] usb 6-1: new full-speed USB device number 3 using dummy_hcd [ 867.791827][T11482] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 867.791857][T11482] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 867.791877][T11482] usb 6-1: Product: syz [ 867.791890][T11482] usb 6-1: Manufacturer: syz [ 867.791904][T11482] usb 6-1: SerialNumber: syz [ 867.830723][T11482] usb 6-1: config 0 descriptor?? [ 868.065729][T11482] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 868.460603][T13075] netlink: 277 bytes leftover after parsing attributes in process `syz.3.2371'. [ 868.733750][T11482] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 869.796446][T11482] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 870.190367][T11482] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 870.190488][T11482] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 870.190803][T11482] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 870.190882][T11482] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 870.504579][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.504655][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.536535][T13083] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 870.543726][T11482] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 870.659761][ T5812] usb 6-1: USB disconnect, device number 3 [ 870.888902][ T5812] usb 1-1: USB disconnect, device number 16 [ 871.645690][T13117] netlink: 277 bytes leftover after parsing attributes in process `syz.0.2386'. [ 872.550047][T13125] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2390'. [ 872.649990][T12524] usb 4-1: new full-speed USB device number 21 using dummy_hcd [ 872.716685][T13127] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 872.790888][T13127] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface [ 872.834027][T12524] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 872.834057][T12524] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 872.834072][T12524] usb 4-1: Product: syz [ 872.834080][T12524] usb 4-1: Manufacturer: syz [ 872.834087][T12524] usb 4-1: SerialNumber: syz [ 872.880116][T12524] usb 4-1: config 0 descriptor?? [ 872.884562][T13127] bond1 (unregistering): Released all slaves [ 873.110281][T12524] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 873.636514][T12727] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 874.147521][T12524] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 874.157203][T12727] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 874.157238][T12727] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 874.157279][T12727] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 874.157301][T12727] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 874.217495][T13139] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 874.221472][T12727] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 874.522331][T12524] usb 5-1: USB disconnect, device number 31 [ 875.400394][T12727] usb 4-1: USB disconnect, device number 21 [ 875.658394][T13176] netlink: 277 bytes leftover after parsing attributes in process `syz.3.2408'. [ 877.747610][T13198] netlink: 1296 bytes leftover after parsing attributes in process `syz.5.2416'. [ 878.386381][ T1224] usb 4-1: new full-speed USB device number 22 using dummy_hcd [ 878.395638][T13202] gfs2: error -5 reading superblock [ 878.552968][ T1224] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 878.552998][ T1224] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 878.553017][ T1224] usb 4-1: Product: syz [ 878.553031][ T1224] usb 4-1: Manufacturer: syz [ 878.553045][ T1224] usb 4-1: SerialNumber: syz [ 878.594986][ T1224] usb 4-1: config 0 descriptor?? [ 878.859356][ C1] vkms_vblank_simulate: vblank timer overrun [ 879.206565][ T1224] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 880.396639][ T37] audit: type=1800 audit(1760506052.116:149): pid=13220 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.2428" name="/" dev="fuse" ino=0 res=0 errno=0 [ 880.410721][ C0] raw-gadget.0 gadget.3: ignoring, device is not running [ 880.411134][ C0] raw-gadget.0 gadget.3: ignoring, device is not running [ 880.411525][ C0] raw-gadget.0 gadget.3: ignoring, device is not running [ 880.414820][ T1224] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 880.422858][ T1224] usb 4-1: USB disconnect, device number 22 [ 882.912668][T13269] fuse: Invalid rootmode [ 882.941590][T13266] tipc: Enabled bearer , priority 0 [ 882.942268][T13266] syzkaller0: entered promiscuous mode [ 882.942316][T13266] syzkaller0: entered allmulticast mode [ 882.957095][T13266] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 883.330895][T13270] tipc: Resetting bearer [ 883.366614][T13265] tipc: Resetting bearer [ 883.757519][T13265] tipc: Disabling bearer [ 883.846668][ T1224] usb 4-1: new full-speed USB device number 23 using dummy_hcd [ 883.901775][T13282] netlink: 277 bytes leftover after parsing attributes in process `syz.5.2454'. [ 884.004993][ T1224] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 884.005013][ T1224] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 884.005096][ T1224] usb 4-1: Product: syz [ 884.005111][ T1224] usb 4-1: Manufacturer: syz [ 884.005122][ T1224] usb 4-1: SerialNumber: syz [ 884.152026][ T1224] usb 4-1: config 0 descriptor?? [ 884.360036][ T1224] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 885.669395][ T1224] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 885.697140][ T1224] usb 4-1: USB disconnect, device number 23 [ 885.761760][T13292] fuse: Invalid rootmode [ 887.426435][T13308] syz_tun: entered allmulticast mode [ 887.469787][T13308] syz_tun: left allmulticast mode [ 887.500362][T13308] dvmrp1: entered allmulticast mode [ 887.865101][T13321] fuse: Unknown parameter '00000000000000000000' [ 888.263750][T13329] gfs2: error -5 reading superblock [ 890.098233][T13351] fuse: Unknown parameter '00000000000000000000' [ 891.028497][T13372] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2490'. [ 891.194246][T13381] fuse: Unknown parameter '00000000000000000000' [ 894.121260][T13417] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2504'. [ 894.926510][ T1224] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 895.068406][T13438] netlink: 1296 bytes leftover after parsing attributes in process `syz.4.2514'. [ 895.247804][ T1224] usb 1-1: device descriptor read/64, error -71 [ 895.594964][ T1224] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 895.759807][ T1224] usb 1-1: device descriptor read/64, error -71 [ 895.867043][ T1224] usb usb1-port1: attempt power cycle [ 896.206536][ T1224] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 896.229216][ T1224] usb 1-1: device descriptor read/8, error -71 [ 896.466704][ T1224] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 896.488860][ T1224] usb 1-1: device descriptor read/8, error -71 [ 896.597209][ T1224] usb usb1-port1: unable to enumerate USB device [ 896.794551][ C0] vkms_vblank_simulate: vblank timer overrun [ 896.882473][ C0] vkms_vblank_simulate: vblank timer overrun [ 896.936554][ T1224] usb 4-1: new full-speed USB device number 24 using dummy_hcd [ 897.090703][ T1224] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 897.090727][ T1224] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 897.090738][ T1224] usb 4-1: Product: syz [ 897.090746][ T1224] usb 4-1: Manufacturer: syz [ 897.090753][ T1224] usb 4-1: SerialNumber: syz [ 897.094245][ T1224] usb 4-1: config 0 descriptor?? [ 897.301383][ T1224] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 897.759065][T13465] tipc: Enabling of bearer rejected, already enabled [ 898.290081][T13471] netlink: 1296 bytes leftover after parsing attributes in process `syz.0.2527'. [ 898.293609][ C0] vkms_vblank_simulate: vblank timer overrun [ 899.285477][ C0] vkms_vblank_simulate: vblank timer overrun [ 899.581979][ C0] vkms_vblank_simulate: vblank timer overrun [ 899.596349][ C0] raw-gadget.1 gadget.3: ignoring, device is not running [ 899.599402][ C0] raw-gadget.1 gadget.3: ignoring, device is not running [ 899.628996][ T1224] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 899.632393][ T1224] usb 4-1: USB disconnect, device number 24 [ 899.987828][T13492] tipc: Enabling of bearer rejected, failed to enable media [ 900.461730][ C0] vkms_vblank_simulate: vblank timer overrun [ 900.747555][ T61] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 900.769527][ T61] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 900.817693][ T61] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 900.819126][ T61] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 900.820505][ T61] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 900.928544][ C0] vkms_vblank_simulate: vblank timer overrun [ 901.703580][ T8377] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 902.026744][ C0] vkms_vblank_simulate: vblank timer overrun [ 902.072080][ T8377] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 902.112145][ T37] audit: type=1326 audit(1760506073.826:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13512 comm="syz.3.2544" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f63d17eeec9 code=0x0 [ 902.413558][ C0] vkms_vblank_simulate: vblank timer overrun [ 902.620742][ C0] vkms_vblank_simulate: vblank timer overrun [ 902.743545][T13521] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 902.743682][T13521] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 902.745531][T13521] vhci_hcd vhci_hcd.0: Device attached [ 902.886513][ T61] Bluetooth: hci2: command tx timeout [ 902.990819][T11482] usb 39-1: new high-speed USB device number 7 using vhci_hcd [ 903.020928][T13522] vhci_hcd: connection closed [ 903.022346][ T6988] vhci_hcd: stop threads [ 903.022364][ T6988] vhci_hcd: release socket [ 903.022439][ T6988] vhci_hcd: disconnect device [ 903.053969][ T8377] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 903.302436][ T8377] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 903.344557][T13504] chnl_net:caif_netlink_parms(): no params data found [ 903.631607][T13504] bridge0: port 1(bridge_slave_0) entered blocking state [ 903.631839][T13504] bridge0: port 1(bridge_slave_0) entered disabled state [ 903.632036][T13504] bridge_slave_0: entered allmulticast mode [ 903.653164][T13504] bridge_slave_0: entered promiscuous mode [ 903.686968][T13504] bridge0: port 2(bridge_slave_1) entered blocking state [ 903.687135][T13504] bridge0: port 2(bridge_slave_1) entered disabled state [ 903.687368][T13504] bridge_slave_1: entered allmulticast mode [ 903.692629][T13504] bridge_slave_1: entered promiscuous mode [ 904.966461][ T61] Bluetooth: hci2: command tx timeout [ 905.020133][T13504] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 905.040785][T13504] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 905.329558][T13504] team0: Port device team_slave_0 added [ 905.366018][T13504] team0: Port device team_slave_1 added [ 906.676719][T12727] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 906.848871][T12727] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 906.848904][T12727] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 906.848930][T12727] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 906.848942][T12727] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 906.852879][T13575] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 906.856001][T12727] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 907.046415][ T61] Bluetooth: hci2: command tx timeout [ 907.227881][T12727] usb 6-1: USB disconnect, device number 4 [ 908.076494][T11482] vhci_hcd: vhci_device speed not set [ 908.159531][ T8377] bond0 (unregistering): Released all slaves [ 908.422646][T13582] netlink: 'syz.0.2566': attribute type 2 has an invalid length. [ 908.425034][T13504] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 908.425049][T13504] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 908.425073][T13504] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 908.426076][ T8377] tipc: Disabling bearer [ 908.427472][ T8377] tipc: Left network mode [ 908.434947][T13504] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 908.434961][T13504] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 908.434985][T13504] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 908.765209][T13582] : entered promiscuous mode [ 909.134042][ T61] Bluetooth: hci2: command tx timeout [ 909.529836][T13504] hsr_slave_0: entered promiscuous mode [ 909.533168][T13504] hsr_slave_1: entered promiscuous mode [ 909.534317][T13504] debugfs: 'hsr0' already exists in 'hsr' [ 909.534345][T13504] Cannot create hsr debugfs directory [ 910.141131][T13616] netlink: 'syz.5.2578': attribute type 2 has an invalid length. [ 910.254557][T13616] : entered promiscuous mode [ 910.539556][ T8377] hsr_slave_0: left promiscuous mode [ 910.576761][ T8377] hsr_slave_1: left promiscuous mode [ 910.730321][ T8377] veth1_macvtap: left promiscuous mode [ 910.730432][ T8377] veth0_macvtap: left promiscuous mode [ 910.730702][ T8377] veth1_vlan: left promiscuous mode [ 910.730877][ T8377] veth0_vlan: left promiscuous mode [ 917.820117][T13701] gfs2: error -5 reading superblock [ 917.970566][T13504] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 918.002316][T13504] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 918.116966][T13504] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 918.149255][T13504] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 918.404419][T13504] 8021q: adding VLAN 0 to HW filter on device bond0 [ 918.457484][T13504] 8021q: adding VLAN 0 to HW filter on device team0 [ 918.476477][ T8377] bridge0: port 1(bridge_slave_0) entered blocking state [ 918.476675][ T8377] bridge0: port 1(bridge_slave_0) entered forwarding state [ 918.520482][ T70] bridge0: port 2(bridge_slave_1) entered blocking state [ 918.524374][ T70] bridge0: port 2(bridge_slave_1) entered forwarding state [ 918.559726][T13725] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2617'. [ 919.106038][T13504] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 919.702355][T13504] veth0_vlan: entered promiscuous mode [ 919.711027][T13504] veth1_vlan: entered promiscuous mode [ 919.743837][T13504] veth0_macvtap: entered promiscuous mode [ 919.749589][T13504] veth1_macvtap: entered promiscuous mode [ 919.771782][T13504] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 919.807336][T13504] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 919.872338][ T68] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 919.894294][ T68] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 920.128896][ T68] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 920.130141][ T68] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 920.204857][T13760] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2626'. [ 920.789233][ T8377] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 920.789253][ T8377] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 920.911672][ T8377] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 920.911693][ T8377] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 920.936628][ T5892] Dead loop on virtual device wlan1, fix it urgently! [ 921.526547][ T5892] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 921.599406][T13777] netlink: 'syz.5.2632': attribute type 7 has an invalid length. [ 921.599428][T13777] netlink: 'syz.5.2632': attribute type 8 has an invalid length. [ 921.599441][T13777] netlink: 'syz.5.2632': attribute type 13 has an invalid length. [ 921.656378][ T5892] usb 5-1: device descriptor read/64, error -71 [ 921.897397][ T5892] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 922.026472][ T5892] usb 5-1: device descriptor read/64, error -71 [ 922.137114][ T5892] usb usb5-port1: attempt power cycle [ 922.371337][T13789] tipc: Enabled bearer , priority 0 [ 922.372263][T13789] syzkaller0: entered promiscuous mode [ 922.372286][T13789] syzkaller0: entered allmulticast mode [ 922.411829][T13789] tipc: Resetting bearer [ 922.438132][T13788] tipc: Resetting bearer [ 922.509686][ T5892] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 922.530190][ T5892] usb 5-1: device descriptor read/8, error -71 [ 922.617381][T13788] tipc: Disabling bearer [ 922.619409][T12166] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 922.623465][T12166] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 922.625958][T12166] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 922.627354][T12166] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 922.628618][T12166] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 922.786412][ T5892] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 922.826553][ T5892] usb 5-1: device descriptor read/8, error -71 [ 922.938741][ T5892] usb usb5-port1: unable to enumerate USB device [ 924.726731][ T61] Bluetooth: hci4: command tx timeout [ 925.066921][T13822] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2649'. [ 925.243506][T13822] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2649'. [ 925.491857][ T68] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 925.491891][ T68] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 925.988325][ T68] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 925.988347][ T68] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 926.156419][ T5894] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 926.280773][ T68] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 926.280800][ T68] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 926.316386][ T5894] usb 5-1: device descriptor read/64, error -71 [ 926.508587][T13854] netlink: 'syz.5.2659': attribute type 2 has an invalid length. [ 926.556396][ T5894] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 926.585930][ T68] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 926.585952][ T68] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 926.677601][T13790] chnl_net:caif_netlink_parms(): no params data found [ 926.696384][ T5894] usb 5-1: device descriptor read/64, error -71 [ 926.806660][ T61] Bluetooth: hci4: command tx timeout [ 926.808677][ T5894] usb usb5-port1: attempt power cycle [ 926.904549][T13860] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2661'. [ 927.146743][ T5894] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 927.167150][ T5894] usb 5-1: device descriptor read/8, error -71 [ 927.416404][ T5894] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 927.437255][ T5894] usb 5-1: device descriptor read/8, error -71 [ 927.552488][ T5894] usb usb5-port1: unable to enumerate USB device [ 927.627484][T13872] netlink: 1296 bytes leftover after parsing attributes in process `syz.3.2664'. [ 928.359907][ C1] vkms_vblank_simulate: vblank timer overrun [ 928.446514][T13790] bridge0: port 1(bridge_slave_0) entered blocking state [ 928.446658][T13790] bridge0: port 1(bridge_slave_0) entered disabled state [ 928.446883][T13790] bridge_slave_0: entered allmulticast mode [ 928.449633][T13790] bridge_slave_0: entered promiscuous mode [ 928.452723][T13790] bridge0: port 2(bridge_slave_1) entered blocking state [ 928.452875][T13790] bridge0: port 2(bridge_slave_1) entered disabled state [ 928.453424][T13790] bridge_slave_1: entered allmulticast mode [ 928.490613][ T61] Bluetooth: hci5: command 0x0405 tx timeout [ 928.514165][T13790] bridge_slave_1: entered promiscuous mode [ 928.875076][T13790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 928.886609][T12166] Bluetooth: hci4: command tx timeout [ 928.891484][T13790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 929.379210][T13790] team0: Port device team_slave_0 added [ 929.394892][T13790] team0: Port device team_slave_1 added [ 929.609406][T13895] netlink: 'syz.3.2671': attribute type 2 has an invalid length. [ 929.721608][ C1] vkms_vblank_simulate: vblank timer overrun [ 929.829180][ C1] vkms_vblank_simulate: vblank timer overrun [ 929.832948][ T68] gretap0: left allmulticast mode [ 929.832974][ T68] gretap0: left promiscuous mode [ 929.842371][ T68] bridge0: port 1(gretap0) entered disabled state [ 930.539592][T13904] netlink: 'syz.4.2675': attribute type 3 has an invalid length. [ 930.688268][T13914] netlink: 'syz.5.2678': attribute type 10 has an invalid length. [ 930.740999][T13916] netlink: 'syz.5.2678': attribute type 10 has an invalid length. [ 930.966484][T12166] Bluetooth: hci4: command tx timeout [ 931.305802][ C1] vkms_vblank_simulate: vblank timer overrun [ 931.534324][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.534397][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 931.863687][ C1] vkms_vblank_simulate: vblank timer overrun [ 931.903824][ T68] dvmrp1 (unregistering): left allmulticast mode [ 932.076400][ C1] vkms_vblank_simulate: vblank timer overrun [ 932.669605][ C1] vkms_vblank_simulate: vblank timer overrun [ 932.938985][ C1] vkms_vblank_simulate: vblank timer overrun [ 933.046401][ C1] vkms_vblank_simulate: vblank timer overrun [ 933.153515][ C1] vkms_vblank_simulate: vblank timer overrun [ 933.570894][ T68] bond0 (unregistering): Released all slaves [ 933.631002][T13895] : entered promiscuous mode [ 933.899452][T13914] team0: Port device dummy0 added [ 933.937291][T13916] team0: Port device dummy0 removed [ 933.940754][T13916] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 933.940877][ T68] : left promiscuous mode [ 934.225817][T13790] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 934.225828][T13790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 934.225842][T13790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 934.226919][T13932] netlink: 60 bytes leftover after parsing attributes in process `syz.5.2687'. [ 934.282796][T13790] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 934.282811][T13790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 934.282835][T13790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 934.730848][ T68] tipc: Disabling bearer [ 934.731129][ T68] tipc: Left network mode [ 935.260244][T13790] hsr_slave_0: entered promiscuous mode [ 935.262372][T13790] hsr_slave_1: entered promiscuous mode [ 935.263297][T13790] debugfs: 'hsr0' already exists in 'hsr' [ 935.263319][T13790] Cannot create hsr debugfs directory [ 935.401585][T13949] netlink: 'syz.3.2694': attribute type 2 has an invalid length. [ 935.939124][T13963] netlink: 60 bytes leftover after parsing attributes in process `syz.5.2700'. [ 936.264588][T13978] netlink: 'syz.4.2706': attribute type 2 has an invalid length. [ 936.346471][ T68] hsr_slave_0: left promiscuous mode [ 936.390829][ T68] hsr_slave_1: left promiscuous mode [ 936.452829][ T68] veth1_macvtap: left promiscuous mode [ 936.452939][ T68] veth0_macvtap: left promiscuous mode [ 936.453203][ T68] veth1_vlan: left promiscuous mode [ 936.453383][ T68] veth0_vlan: left promiscuous mode [ 942.055765][T13978] : entered promiscuous mode [ 942.069094][T13988] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 942.190322][T14000] fuse: Unknown parameter '0x0000000000000004' [ 945.028399][T14021] netlink: 'syz.5.2721': attribute type 2 has an invalid length. [ 945.527809][T14028] fuse: Unknown parameter '0x0000000000000004' [ 945.703273][T13790] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 945.721155][T13790] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 945.801229][T13790] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 946.178892][T14030] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 946.180151][T13790] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 947.677142][T13790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 947.728129][T13790] 8021q: adding VLAN 0 to HW filter on device team0 [ 947.737724][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 947.738176][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 947.990104][ T6990] bridge0: port 2(bridge_slave_1) entered blocking state [ 947.990185][ T6990] bridge0: port 2(bridge_slave_1) entered forwarding state [ 949.921581][T13790] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 950.003774][T13790] veth0_vlan: entered promiscuous mode [ 950.045077][T13790] veth1_vlan: entered promiscuous mode [ 950.132795][T13790] veth0_macvtap: entered promiscuous mode [ 950.142501][T13790] veth1_macvtap: entered promiscuous mode [ 950.216212][T13790] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 950.241078][T13790] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 950.271342][ T1122] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 950.275798][ T1122] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 950.298378][ T1122] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 950.303295][ T6998] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 951.628418][ T1122] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 951.628438][ T1122] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 951.754945][ T6998] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 951.754965][ T6998] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 953.332173][ T61] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 953.367731][ T61] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 953.385679][ T61] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 953.404209][ T61] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 953.413389][ T61] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 954.984253][ T70] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 954.984289][ T70] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 955.369728][ T70] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 955.369763][ T70] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 955.446875][T12166] Bluetooth: hci1: command tx timeout [ 955.790046][ T70] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 955.790081][ T70] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 956.204072][ T70] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 956.204094][ T70] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 956.915016][T14141] chnl_net:caif_netlink_parms(): no params data found [ 957.430277][T14187] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2782'. [ 957.526580][T12166] Bluetooth: hci1: command tx timeout [ 957.627831][T14200] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2785'. [ 957.956921][ T70] gretap0: left allmulticast mode [ 957.956942][ T70] gretap0: left promiscuous mode [ 957.957120][ T70] bridge0: port 3(gretap0) entered disabled state [ 958.017685][ T70] bridge_slave_1: left allmulticast mode [ 958.017706][ T70] bridge_slave_1: left promiscuous mode [ 958.021661][ T70] bridge0: port 2(bridge_slave_1) entered disabled state [ 958.099643][ T70] bridge_slave_0: left allmulticast mode [ 958.099671][ T70] bridge_slave_0: left promiscuous mode [ 958.099922][ T70] bridge0: port 1(bridge_slave_0) entered disabled state [ 959.616430][T12166] Bluetooth: hci1: command tx timeout [ 960.757316][ T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 960.816991][ T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 960.841205][ T70] bond0 (unregistering): Released all slaves [ 960.856195][ T70] bond1 (unregistering): Released all slaves [ 960.898477][T14141] bridge0: port 1(bridge_slave_0) entered blocking state [ 960.898617][T14141] bridge0: port 1(bridge_slave_0) entered disabled state [ 960.898853][T14141] bridge_slave_0: entered allmulticast mode [ 960.901669][T14141] bridge_slave_0: entered promiscuous mode [ 961.138130][T14141] bridge0: port 2(bridge_slave_1) entered blocking state [ 961.138268][T14141] bridge0: port 2(bridge_slave_1) entered disabled state [ 961.138513][T14141] bridge_slave_1: entered allmulticast mode [ 961.142303][T14141] bridge_slave_1: entered promiscuous mode [ 961.146548][ T70] : left promiscuous mode [ 961.377999][ T70] tipc: Disabling bearer [ 961.378134][ T70] tipc: Left network mode [ 961.512565][T14141] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 961.611718][T14141] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 961.697406][T12166] Bluetooth: hci1: command tx timeout [ 962.247770][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 962.544801][T14234] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2799'. [ 962.618636][T14141] team0: Port device team_slave_0 added [ 963.058877][T14141] team0: Port device team_slave_1 added [ 963.131539][ T5893] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 963.179543][ T5893] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 964.256504][ T70] hsr_slave_0: left promiscuous mode [ 964.307851][ T70] hsr_slave_1: left promiscuous mode [ 964.308868][ T70] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 964.309157][ T70] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 964.358341][ T70] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 964.358369][ T70] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 964.491963][ T70] veth1_macvtap: left promiscuous mode [ 964.492059][ T70] veth0_macvtap: left promiscuous mode [ 964.492207][ T70] veth1_vlan: left promiscuous mode [ 964.492312][ T70] veth0_vlan: left promiscuous mode [ 967.586880][ T70] team_slave_1 (unregistering): left promiscuous mode [ 967.626949][ T70] team0 (unregistering): Port device team_slave_1 removed [ 967.797756][ T70] team_slave_0 (unregistering): left promiscuous mode [ 967.816805][ T70] team0 (unregistering): Port device team_slave_0 removed [ 970.357282][T14245] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2804'. [ 970.389693][T14141] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 970.389710][T14141] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 970.389736][T14141] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 970.930054][T14141] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 970.930071][T14141] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 970.930097][T14141] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 972.274332][T14141] hsr_slave_0: entered promiscuous mode [ 972.275730][T14141] hsr_slave_1: entered promiscuous mode [ 972.809478][T14312] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2830'. [ 973.281367][T14323] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2834'. [ 973.953498][T14339] netlink: 277 bytes leftover after parsing attributes in process `syz.4.2840'. [ 975.474153][T14141] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 975.654253][T14141] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 975.835579][T14141] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 975.930380][T14141] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 976.194844][T14141] 8021q: adding VLAN 0 to HW filter on device bond0 [ 976.242736][T14141] 8021q: adding VLAN 0 to HW filter on device team0 [ 976.279514][ T70] bridge0: port 1(bridge_slave_0) entered blocking state [ 976.280941][ T70] bridge0: port 1(bridge_slave_0) entered forwarding state [ 976.315256][ T70] bridge0: port 2(bridge_slave_1) entered blocking state [ 976.326190][ T70] bridge0: port 2(bridge_slave_1) entered forwarding state [ 976.874239][T14377] netlink: 277 bytes leftover after parsing attributes in process `syz.4.2850'. [ 977.201684][T14141] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 977.415179][T14141] veth0_vlan: entered promiscuous mode [ 977.674228][T14141] veth1_vlan: entered promiscuous mode [ 977.836790][T14385] netlink: 1296 bytes leftover after parsing attributes in process `syz.4.2853'. [ 977.935884][T14141] veth0_macvtap: entered promiscuous mode [ 977.959600][T14141] veth1_macvtap: entered promiscuous mode [ 978.004608][T14141] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 978.078412][T14141] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 978.196673][ T6988] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 978.227678][ T6988] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 978.229258][ T6988] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 978.239473][ T6988] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 978.893123][T14300] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 978.893142][T14300] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 979.438422][ T70] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 979.438444][ T70] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 979.750831][T14402] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2860'. [ 979.961548][T14409] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2761'. [ 980.132428][ C0] vkms_vblank_simulate: vblank timer overrun [ 980.228674][ C0] vkms_vblank_simulate: vblank timer overrun [ 980.279645][ C0] vkms_vblank_simulate: vblank timer overrun [ 980.306682][ C0] vkms_vblank_simulate: vblank timer overrun [ 980.416492][ C0] vkms_vblank_simulate: vblank timer overrun [ 980.492827][ C0] vkms_vblank_simulate: vblank timer overrun [ 981.606544][ C0] vkms_vblank_simulate: vblank timer overrun [ 981.688793][ C0] vkms_vblank_simulate: vblank timer overrun [ 981.980708][ C0] vkms_vblank_simulate: vblank timer overrun [ 982.006389][ T37] audit: type=1326 audit(1760506153.706:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14415 comm="syz.4.2864" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f714985eec9 code=0x0 [ 982.010019][T14417] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7) [ 982.010045][T14417] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 982.010134][T14417] vhci_hcd vhci_hcd.0: Device attached [ 982.027710][T14432] netlink: 'syz.5.2868': attribute type 1 has an invalid length. [ 982.069578][T14432] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2868'. [ 982.078721][T14432] 8021q: adding VLAN 0 to HW filter on device bond3 [ 982.164974][T14430] vhci_hcd: connection closed [ 982.187931][ T7001] vhci_hcd: stop threads [ 982.187952][ T7001] vhci_hcd: release socket [ 982.188015][ T7001] vhci_hcd: disconnect device [ 982.193932][T14432] 8021q: adding VLAN 0 to HW filter on device bond3 [ 982.213848][T14432] bond3: (slave geneve2): making interface the new active one [ 982.220774][T14432] bond3: (slave geneve2): Enslaving as an active interface with an up link [ 982.221015][ T7001] netdevsim netdevsim5 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0 [ 982.222788][ T43] netdevsim netdevsim5 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0 [ 982.231520][ T7001] netdevsim netdevsim5 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0 [ 982.239957][ T7001] netdevsim netdevsim5 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0 [ 982.275910][ T1224] vhci_hcd: vhci_device speed not set [ 982.491287][ C0] vkms_vblank_simulate: vblank timer overrun [ 982.777402][ C0] vkms_vblank_simulate: vblank timer overrun [ 983.047364][T14450] gfs2: error -5 reading superblock [ 983.367207][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 991.549190][T14530] tipc: Started in network mode [ 991.549211][T14530] tipc: Node identity 22308298552c, cluster identity 4711 [ 991.549696][T14530] tipc: Enabled bearer , priority 0 [ 991.826502][ T37] audit: type=1326 audit(1760506163.536:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14556 comm="syz.5.2913" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f711a9beec9 code=0x0 [ 992.007454][T14535] team0: Port device team_slave_0 removed [ 992.056377][ T5892] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 992.176705][T14538] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 992.216360][ T5892] usb 5-1: Using ep0 maxpacket: 16 [ 992.220108][ T5892] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 992.220145][ T5892] usb 5-1: can't read configurations, error -61 [ 992.366503][ T5892] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 992.406083][T14560] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(7) [ 992.406101][T14560] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 992.432451][T14560] vhci_hcd vhci_hcd.0: Device attached [ 992.677312][ T1224] tipc: Node number set to 1998357144 [ 992.701369][ T5892] usb 5-1: Using ep0 maxpacket: 16 [ 992.705637][ T5892] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 992.705672][ T5892] usb 5-1: can't read configurations, error -61 [ 992.706072][ T5892] usb usb5-port1: attempt power cycle [ 993.094181][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.105629][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.482551][T14563] vhci_hcd: connection closed [ 993.502991][T14529] tipc: Disabling bearer [ 993.503042][ T43] vhci_hcd: stop threads [ 993.503056][ T43] vhci_hcd: release socket [ 993.503126][ T43] vhci_hcd: disconnect device [ 993.536410][ T44] usb 43-1: new high-speed USB device number 3 using vhci_hcd [ 993.536505][ T44] usb 43-1: enqueue for inactive port 0 [ 993.606585][ T44] vhci_hcd: vhci_device speed not set [ 993.756492][ T5892] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 993.776942][ T5892] usb 5-1: Using ep0 maxpacket: 16 [ 993.778774][ T5892] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 993.778794][ T5892] usb 5-1: can't read configurations, error -61 [ 993.906422][ T5892] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 993.927418][ T5892] usb 5-1: Using ep0 maxpacket: 16 [ 993.942253][ T5892] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 993.942294][ T5892] usb 5-1: can't read configurations, error -61 [ 993.942677][ T5892] usb usb5-port1: unable to enumerate USB device [ 994.310927][T14586] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 995.257439][ C0] vkms_vblank_simulate: vblank timer overrun [ 995.326930][ C0] vkms_vblank_simulate: vblank timer overrun [ 995.414531][ C0] vkms_vblank_simulate: vblank timer overrun [ 995.500670][ C0] vkms_vblank_simulate: vblank timer overrun [ 995.801072][T14607] netlink: 220 bytes leftover after parsing attributes in process `syz.5.2932'. [ 995.819688][T14607] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input9 [ 996.476741][ C0] vkms_vblank_simulate: vblank timer overrun [ 997.454920][ C0] vkms_vblank_simulate: vblank timer overrun [ 997.599613][ C0] vkms_vblank_simulate: vblank timer overrun [ 999.003275][ C0] vkms_vblank_simulate: vblank timer overrun [ 999.131773][ C0] vkms_vblank_simulate: vblank timer overrun [ 999.249374][ C0] vkms_vblank_simulate: vblank timer overrun [ 999.545796][ C0] vkms_vblank_simulate: vblank timer overrun [ 999.693846][ C0] vkms_vblank_simulate: vblank timer overrun [ 1000.384313][ C0] vkms_vblank_simulate: vblank timer overrun [ 1000.951294][ C0] vkms_vblank_simulate: vblank timer overrun [ 1001.025132][ T5894] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 1001.055515][ C0] vkms_vblank_simulate: vblank timer overrun [ 1001.130845][ C0] vkms_vblank_simulate: vblank timer overrun [ 1001.246356][ C0] vkms_vblank_simulate: vblank timer overrun [ 1001.335806][ C0] vkms_vblank_simulate: vblank timer overrun [ 1001.516376][ T5894] usb 4-1: Using ep0 maxpacket: 16 [ 1001.518883][ T5894] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1001.518920][ T5894] usb 4-1: can't read configurations, error -61 [ 1001.646441][ T5894] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 1001.796344][ T5894] usb 4-1: Using ep0 maxpacket: 16 [ 1001.798957][ T5894] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1001.798991][ T5894] usb 4-1: can't read configurations, error -61 [ 1001.799433][ T5894] usb usb4-port1: attempt power cycle [ 1002.156475][ T5894] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 1002.177366][ T5894] usb 4-1: Using ep0 maxpacket: 16 [ 1002.181268][ T5894] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1002.181304][ T5894] usb 4-1: can't read configurations, error -61 [ 1002.416807][ T5894] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 1003.196860][ T5894] usb 4-1: Using ep0 maxpacket: 16 [ 1003.199942][ T5894] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1003.199978][ T5894] usb 4-1: can't read configurations, error -61 [ 1003.376470][ T5894] usb usb4-port1: unable to enumerate USB device [ 1004.035129][T14759] netlink: 'syz.5.2988': attribute type 1 has an invalid length. [ 1004.035150][T14759] netlink: 224 bytes leftover after parsing attributes in process `syz.5.2988'. [ 1004.262303][T14763] bond0: entered promiscuous mode [ 1004.262325][T14763] bond_slave_0: entered promiscuous mode [ 1004.262565][T14763] bond_slave_1: entered promiscuous mode [ 1004.282397][T14763] batadv0: entered promiscuous mode [ 1004.336778][T14763] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 1005.386406][ T5892] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 1005.441444][ T37] audit: type=1326 audit(1760506177.156:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14785 comm="syz.4.2999" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f714985eec9 code=0x0 [ 1005.510634][T14791] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8) [ 1005.510658][T14791] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1005.513412][T14791] vhci_hcd vhci_hcd.0: Device attached [ 1005.556520][ T5892] usb 1-1: Using ep0 maxpacket: 16 [ 1005.559129][ T5892] usb 1-1: config 0 has no interfaces? [ 1005.562162][ T5892] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 1005.562189][ T5892] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1005.562209][ T5892] usb 1-1: Product: syz [ 1005.562222][ T5892] usb 1-1: Manufacturer: syz [ 1005.562236][ T5892] usb 1-1: SerialNumber: syz [ 1005.572993][ T5892] usb 1-1: config 0 descriptor?? [ 1005.746397][ T5812] usb 41-1: new high-speed USB device number 4 using vhci_hcd [ 1005.889253][ T5892] usb 1-1: USB disconnect, device number 21 [ 1008.471091][T14794] vhci_hcd: connection reset by peer [ 1008.483109][ T7001] vhci_hcd: stop threads [ 1008.483121][ T7001] vhci_hcd: release socket [ 1008.483161][ T7001] vhci_hcd: disconnect device [ 1010.253894][ T5956] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 1010.325531][T14856] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3024'. [ 1010.396387][ T5956] usb 1-1: Using ep0 maxpacket: 16 [ 1010.425301][ T5956] usb 1-1: config 0 has no interfaces? [ 1010.435114][ T5956] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 1010.435140][ T5956] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1010.435160][ T5956] usb 1-1: Product: syz [ 1010.435173][ T5956] usb 1-1: Manufacturer: syz [ 1010.435187][ T5956] usb 1-1: SerialNumber: syz [ 1010.505891][ T5956] usb 1-1: config 0 descriptor?? [ 1010.594385][ T37] audit: type=1326 audit(1760506182.306:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14859 comm="syz.4.3028" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f714985eec9 code=0x0 [ 1010.823927][T14869] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8) [ 1010.823944][T14869] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1010.831954][T14869] vhci_hcd vhci_hcd.0: Device attached [ 1011.731361][ T9971] usb 1-1: USB disconnect, device number 22 [ 1011.866445][ T5812] usb 41-1: device descriptor read/64, error -110 [ 1012.732139][ T5812] usb 41-1: new high-speed USB device number 5 using vhci_hcd [ 1012.767720][T14873] vhci_hcd: connection reset by peer [ 1012.770985][T14300] vhci_hcd: stop threads [ 1012.771003][T14300] vhci_hcd: release socket [ 1012.771068][T14300] vhci_hcd: disconnect device [ 1012.860390][T14894] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3036'. [ 1014.338106][T14910] bond0: entered promiscuous mode [ 1014.338121][T14910] bond_slave_0: entered promiscuous mode [ 1014.338265][T14910] bond_slave_1: entered promiscuous mode [ 1014.339585][T14910] batadv0: entered promiscuous mode [ 1014.340403][T14910] debugfs: 'hsr1' already exists in 'hsr' [ 1014.340418][T14910] Cannot create hsr debugfs directory [ 1014.340815][T14910] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 1015.806503][ T5892] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 1015.949203][ T37] audit: type=1326 audit(1760506187.666:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14928 comm="syz.4.3050" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f714985eec9 code=0x0 [ 1015.975382][ T5892] usb 1-1: Using ep0 maxpacket: 16 [ 1015.984685][ T5892] usb 1-1: config 0 has no interfaces? [ 1015.993450][ T5892] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 1015.993476][ T5892] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1015.993495][ T5892] usb 1-1: Product: syz [ 1015.993508][ T5892] usb 1-1: Manufacturer: syz [ 1015.993521][ T5892] usb 1-1: SerialNumber: syz [ 1016.024177][T14931] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8) [ 1016.024202][T14931] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1016.024261][T14931] vhci_hcd vhci_hcd.0: Device attached [ 1016.062391][ T5892] usb 1-1: config 0 descriptor?? [ 1017.169463][ T44] usb 1-1: USB disconnect, device number 23 [ 1017.172440][T14932] vhci_hcd: connection closed [ 1017.230621][ T1122] vhci_hcd: stop threads [ 1017.230677][ T1122] vhci_hcd: release socket [ 1017.233462][ T1122] vhci_hcd: disconnect device [ 1017.728562][T14951] netlink: 9896 bytes leftover after parsing attributes in process `syz.5.3055'. [ 1017.866531][ T5812] vhci_hcd: vhci_device speed not set [ 1018.025589][T14956] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3057'. [ 1018.168560][T14951] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 1018.168576][T14951] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 14951, name: syz.5.3055 [ 1018.168586][T14951] preempt_count: 1, expected: 0 [ 1018.168590][T14951] RCU nest depth: 2, expected: 2 [ 1018.168596][T14951] 5 locks held by syz.5.3055/14951: [ 1018.168603][T14951] #0: ffff88803118ae50 (sk_lock-AF_VSOCK){+.+.}-{0:0}, at: vsock_connect+0x152/0xe20 [ 1018.168785][T14951] #1: ffffffff8d7aa4c0 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run9+0x1ec/0x500 [ 1018.168841][T14951] #2: ffff8880b8932c88 ((stream_local_lock)){+.+.}-{3:3}, at: __bpf_stream_push_str+0x211/0xbe0 [ 1018.168875][T14951] #3: ffffffff8d7aa4c0 (rcu_read_lock){....}-{1:3}, at: rt_spin_trylock+0x10d/0x2b0 [ 1018.168939][T14951] #4: ffff8880b893f6e8 (&s->lock_key#5){+.+.}-{3:3}, at: ___slab_alloc+0x12f/0x13f0 [ 1018.168987][T14951] Preemption disabled at: [ 1018.168991][T14951] [] __slab_alloc+0xea/0x1f0 [ 1018.169020][T14951] CPU: 1 UID: 0 PID: 14951 Comm: syz.5.3055 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1018.169033][T14951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1018.169045][T14951] Call Trace: [ 1018.169052][T14951] [ 1018.169057][T14951] dump_stack_lvl+0x189/0x250 [ 1018.169090][T14951] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1018.169103][T14951] ? __pfx__printk+0x10/0x10 [ 1018.169118][T14951] ? print_lock_name+0xde/0x100 [ 1018.169134][T14951] ? __slab_alloc+0xea/0x1f0 [ 1018.169149][T14951] __might_resched+0x44b/0x5d0 [ 1018.169176][T14951] ? __slab_alloc+0xea/0x1f0 [ 1018.169187][T14951] ? __pfx___might_resched+0x10/0x10 [ 1018.169202][T14951] ? ___slab_alloc+0x12f/0x13f0 [ 1018.169217][T14951] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 1018.169258][T14951] ? lockdep_hardirqs_on+0x9c/0x150 [ 1018.169314][T14951] rt_spin_lock+0xc7/0x3e0 [ 1018.169329][T14951] ? __pfx_rt_spin_lock+0x10/0x10 [ 1018.169342][T14951] ? __lock_acquire+0xab9/0xd20 [ 1018.169357][T14951] ___slab_alloc+0x12f/0x13f0 [ 1018.169374][T14951] ? __set_page_owner+0x25c/0x490 [ 1018.169392][T14951] __slab_alloc+0xc6/0x1f0 [ 1018.169404][T14951] ? __set_page_owner+0x25c/0x490 [ 1018.169415][T14951] __kmalloc_cache_noprof+0xec/0x6c0 [ 1018.169427][T14951] ? __set_page_owner+0x25c/0x490 [ 1018.169439][T14951] __set_page_owner+0x25c/0x490 [ 1018.169450][T14951] ? __pfx___set_page_owner+0x10/0x10 [ 1018.169463][T14951] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 1018.169481][T14951] post_alloc_hook+0x240/0x2a0 [ 1018.169504][T14951] get_page_from_freelist+0x28c0/0x2960 [ 1018.169525][T14951] ? lockdep_unlock+0x89/0x120 [ 1018.169538][T14951] ? __lock_acquire+0xab9/0xd20 [ 1018.169558][T14951] alloc_frozen_pages_nolock_noprof+0xbc/0x150 [ 1018.169578][T14951] alloc_pages_nolock_noprof+0xa/0x30 [ 1018.169598][T14951] bpf_stream_page_replace+0x19/0x1e0 [ 1018.169623][T14951] __bpf_stream_push_str+0x35c/0xbe0 [ 1018.169653][T14951] ? __pfx___bpf_stream_push_str+0x10/0x10 [ 1018.169690][T14951] bpf_stream_stage_printk+0x14e/0x1c0 [ 1018.169713][T14951] ? __pfx_find_from_stack_cb+0x10/0x10 [ 1018.169733][T14951] ? arch_bpf_stack_walk+0x112/0x170 [ 1018.169775][T14951] ? __pfx_bpf_stream_stage_printk+0x10/0x10 [ 1018.169793][T14951] ? arch_stack_walk+0xfc/0x150 [ 1018.169816][T14951] bpf_prog_report_may_goto_violation+0xc4/0x190 [ 1018.169833][T14951] ? __pfx_bpf_prog_report_may_goto_violation+0x10/0x10 [ 1018.169849][T14951] ? irqentry_exit+0x74/0x90 [ 1018.169866][T14951] ? read_tsc+0x9/0x20 [ 1018.169882][T14951] bpf_check_timed_may_goto+0xaa/0xb0 [ 1018.169898][T14951] arch_bpf_timed_may_goto+0x21/0x40 [ 1018.169915][T14951] bpf_prog_6fd842a53d323cc5+0x53/0x5f [ 1018.169929][T14951] bpf_trace_run9+0x2de/0x500 [ 1018.169941][T14951] ? bpf_trace_run9+0x1ec/0x500 [ 1018.169952][T14951] ? __pfx_bpf_trace_run9+0x10/0x10 [ 1018.169976][T14951] __bpf_trace_virtio_transport_alloc_pkt+0x2d7/0x340 [ 1018.169997][T14951] ? __pfx___bpf_trace_virtio_transport_alloc_pkt+0x10/0x10 [ 1018.170009][T14951] ? kmem_cache_alloc_node_noprof+0x291/0x6e0 [ 1018.170026][T14951] ? __alloc_skb+0x112/0x2d0 [ 1018.170117][T14951] ? __alloc_skb+0x1bc/0x2d0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1018.170136][T14951] ? __local_bh_enable+0x28c/0x410 [ 1018.170161][T14951] virtio_transport_alloc_skb+0x10cc/0x1130 [ 1018.170206][T14951] ? __pfx_virtio_transport_alloc_skb+0x10/0x10 [ 1018.170223][T14951] ? rt_spin_unlock+0x150/0x200 [ 1018.170245][T14951] virtio_transport_send_pkt_info+0x6be/0x1100 [ 1018.170272][T14951] virtio_transport_connect+0xa7/0x100 [ 1018.170286][T14951] ? __pfx_virtio_transport_connect+0x10/0x10 [ 1018.170302][T14951] ? __pfx_vsock_auto_bind+0x10/0x10 [ 1018.170318][T14951] ? vsock_assign_transport+0x5ed/0x770 [ 1018.170335][T14951] vsock_connect+0xb8b/0xe20 [ 1018.170356][T14951] ? __might_fault+0xb0/0x130 [ 1018.170367][T14951] ? __pfx_vsock_connect+0x10/0x10 [ 1018.170384][T14951] ? __pfx_autoremove_wake_function+0x10/0x10 [ 1018.170405][T14951] ? bpf_lsm_socket_connect+0x9/0x20 [ 1018.170425][T14951] __sys_connect+0x323/0x450 [ 1018.170478][T14951] ? __pfx___sys_connect+0x10/0x10 [ 1018.170498][T14951] ? rcu_is_watching+0x15/0xb0 [ 1018.170527][T14951] __x64_sys_connect+0x7a/0x90 [ 1018.170543][T14951] do_syscall_64+0xfa/0xfa0 [ 1018.170580][T14951] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1018.170603][T14951] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1018.170613][T14951] ? clear_bhb_loop+0x60/0xb0 [ 1018.170625][T14951] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1018.170635][T14951] RIP: 0033:0x7f711a9beec9 [ 1018.170646][T14951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1018.170656][T14951] RSP: 002b:00007f7118c26038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 1018.170668][T14951] RAX: ffffffffffffffda RBX: 00007f711ac15fa0 RCX: 00007f711a9beec9 [ 1018.170676][T14951] RDX: 0000000000000010 RSI: 0000200000000100 RDI: 0000000000000008 [ 1018.170682][T14951] RBP: 00007f711aa41f91 R08: 0000000000000000 R09: 0000000000000000 [ 1018.170689][T14951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1018.170695][T14951] R13: 00007f711ac16038 R14: 00007f711ac15fa0 R15: 00007ffd89eab9f8 [ 1018.170714][T14951] [ 1019.216712][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1019.577922][ T1224] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 1019.577936][ T1224] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1224, name: kworker/0:2 [ 1019.577945][ T1224] preempt_count: 1, expected: 0 [ 1019.577950][ T1224] RCU nest depth: 2, expected: 2 [ 1019.577955][ T1224] 6 locks held by kworker/0:2/1224: [ 1019.577961][ T1224] #0: ffff888030fddd38 ((wq_completion)vsock-loopback){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1019.578024][ T1224] #1: ffffc90005027ba0 ((work_completion)(&vsock->pkt_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1019.578054][ T1224] #2: ffffffff8d7aa4c0 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run9+0x1ec/0x500 [ 1019.578077][ T1224] #3: ffff8880b8832c88 ((stream_local_lock)){+.+.}-{3:3}, at: __bpf_stream_push_str+0x211/0xbe0 [ 1019.578105][ T1224] #4: ffffffff8d7aa4c0 (rcu_read_lock){....}-{1:3}, at: rt_spin_trylock+0x10d/0x2b0 [ 1019.578132][ T1224] #5: ffff8880b883f6e8 (&s->lock_key#5){+.+.}-{3:3}, at: ___slab_alloc+0x12f/0x13f0 [ 1019.578161][ T1224] Preemption disabled at: [ 1019.578163][ T1224] [] __slab_alloc+0xea/0x1f0 [ 1019.578183][ T1224] CPU: 0 UID: 0 PID: 1224 Comm: kworker/0:2 Tainted: G W syzkaller #0 PREEMPT_{RT,(full)} [ 1019.578197][ T1224] Tainted: [W]=WARN [ 1019.578201][ T1224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1019.578208][ T1224] Workqueue: vsock-loopback vsock_loopback_work [ 1019.578224][ T1224] Call Trace: [ 1019.578229][ T1224] [ 1019.578234][ T1224] dump_stack_lvl+0x189/0x250 [ 1019.578250][ T1224] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1019.578263][ T1224] ? __pfx__printk+0x10/0x10 [ 1019.578278][ T1224] ? print_lock_name+0xde/0x100 [ 1019.578290][ T1224] ? __slab_alloc+0xea/0x1f0 [ 1019.578304][ T1224] __might_resched+0x44b/0x5d0 [ 1019.578322][ T1224] ? __slab_alloc+0xea/0x1f0 [ 1019.578334][ T1224] ? __pfx___might_resched+0x10/0x10 [ 1019.578354][ T1224] ? ___slab_alloc+0x12f/0x13f0 [ 1019.578368][ T1224] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 1019.578385][ T1224] ? lockdep_hardirqs_on+0x9c/0x150 [ 1019.578404][ T1224] rt_spin_lock+0xc7/0x3e0 [ 1019.578418][ T1224] ? __pfx_rt_spin_lock+0x10/0x10 [ 1019.578430][ T1224] ? __lock_acquire+0xab9/0xd20 [ 1019.578445][ T1224] ___slab_alloc+0x12f/0x13f0 [ 1019.578461][ T1224] ? __set_page_owner+0x25c/0x490 [ 1019.578475][ T1224] __slab_alloc+0xc6/0x1f0 [ 1019.578487][ T1224] ? __set_page_owner+0x25c/0x490 [ 1019.578499][ T1224] __kmalloc_cache_noprof+0xec/0x6c0 [ 1019.578510][ T1224] ? __set_page_owner+0x25c/0x490 [ 1019.578522][ T1224] __set_page_owner+0x25c/0x490 [ 1019.578533][ T1224] ? __pfx___set_page_owner+0x10/0x10 [ 1019.578543][ T1224] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 1019.578561][ T1224] post_alloc_hook+0x240/0x2a0 [ 1019.578574][ T1224] get_page_from_freelist+0x28c0/0x2960 [ 1019.578596][ T1224] ? register_lock_class+0x2b7/0x320 [ 1019.578609][ T1224] ? __lock_acquire+0xab9/0xd20 [ 1019.578630][ T1224] alloc_frozen_pages_nolock_noprof+0xbc/0x150 [ 1019.578651][ T1224] alloc_pages_nolock_noprof+0xa/0x30 [ 1019.578665][ T1224] bpf_stream_page_replace+0x19/0x1e0 [ 1019.578680][ T1224] __bpf_stream_push_str+0x35c/0xbe0 [ 1019.578697][ T1224] ? __pfx___bpf_stream_push_str+0x10/0x10 [ 1019.578717][ T1224] bpf_stream_stage_printk+0x14e/0x1c0 [ 1019.578730][ T1224] ? __pfx_find_from_stack_cb+0x10/0x10 [ 1019.578741][ T1224] ? arch_bpf_stack_walk+0x112/0x170 [ 1019.578756][ T1224] ? __pfx_bpf_stream_stage_printk+0x10/0x10 [ 1019.578773][ T1224] ? arch_stack_walk+0x11c/0x150 [ 1019.578790][ T1224] bpf_prog_report_may_goto_violation+0xc4/0x190 [ 1019.578806][ T1224] ? __pfx_bpf_prog_report_may_goto_violation+0x10/0x10 [ 1019.578822][ T1224] ? irqentry_exit+0x74/0x90 [ 1019.578839][ T1224] ? read_tsc+0x9/0x20 [ 1019.578854][ T1224] bpf_check_timed_may_goto+0xaa/0xb0 [ 1019.578870][ T1224] arch_bpf_timed_may_goto+0x21/0x40 [ 1019.578887][ T1224] bpf_prog_6fd842a53d323cc5+0x53/0x5f [ 1019.578898][ T1224] bpf_trace_run9+0x2de/0x500 [ 1019.578909][ T1224] ? bpf_trace_run9+0x1ec/0x500 [ 1019.578920][ T1224] ? __pfx_bpf_trace_run9+0x10/0x10 [ 1019.578944][ T1224] __bpf_trace_virtio_transport_alloc_pkt+0x2d7/0x340 [ 1019.578962][ T1224] ? __pfx___bpf_trace_virtio_transport_alloc_pkt+0x10/0x10 [ 1019.578973][ T1224] ? kmem_cache_alloc_node_noprof+0x291/0x6e0 [ 1019.578989][ T1224] ? __alloc_skb+0x112/0x2d0 [ 1019.579012][ T1224] ? __alloc_skb+0x1bc/0x2d0 [ 1019.579030][ T1224] ? __local_bh_enable_ip+0x1c0/0x2e0 [ 1019.579046][ T1224] ? lockdep_hardirqs_on+0x9c/0x150 [ 1019.579063][ T1224] virtio_transport_alloc_skb+0x10cc/0x1130 [ 1019.579087][ T1224] ? __pfx_virtio_transport_alloc_skb+0x10/0x10 [ 1019.579108][ T1224] virtio_transport_recv_pkt+0xced/0x2710 [ 1019.579128][ T1224] ? __pfx_virtio_transport_recv_pkt+0x10/0x10 [ 1019.579142][ T1224] ? __local_bh_enable+0x28c/0x410 [ 1019.579157][ T1224] ? reacquire_held_locks+0x127/0x1d0 [ 1019.579172][ T1224] ? __lock_acquire+0xab9/0xd20 [ 1019.579189][ T1224] ? vsock_deliver_tap+0x21/0x1a0 [ 1019.579208][ T1224] ? vsock_deliver_tap+0x21/0x1a0 [ 1019.579225][ T1224] ? __pfx_virtio_transport_build_skb+0x10/0x10 [ 1019.579241][ T1224] vsock_loopback_work+0x310/0x3a0 [ 1019.579257][ T1224] ? vsock_loopback_work+0x110/0x3a0 [ 1019.579272][ T1224] ? __pfx_vsock_loopback_work+0x10/0x10 [ 1019.579299][ T1224] ? _raw_spin_unlock_irq+0x23/0x50 [ 1019.579314][ T1224] ? process_scheduled_works+0x9ef/0x17b0 [ 1019.579329][ T1224] ? process_scheduled_works+0x9ef/0x17b0 [ 1019.579350][ T1224] process_scheduled_works+0xae1/0x17b0 [ 1019.579381][ T1224] ? __pfx_process_scheduled_works+0x10/0x10 [ 1019.579407][ T1224] worker_thread+0x8a0/0xda0 [ 1019.579418][ T1224] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1019.579438][ T1224] ? __kthread_parkme+0x7b/0x200 [ 1019.579455][ T1224] kthread+0x711/0x8a0 [ 1019.579469][ T1224] ? __pfx_worker_thread+0x10/0x10 [ 1019.579478][ T1224] ? __pfx_kthread+0x10/0x10 [ 1019.579488][ T1224] ? rt_spin_unlock+0x150/0x200 [ 1019.579503][ T1224] ? rt_spin_unlock+0x161/0x200 [ 1019.579514][ T1224] ? __pfx_kthread+0x10/0x10 [ 1019.579527][ T1224] ret_from_fork+0x4bc/0x870 [ 1019.579543][ T1224] ? __pfx_ret_from_fork+0x10/0x10 [ 1019.579563][ T1224] ? __switch_to_asm+0x39/0x70 [ 1019.579575][ T1224] ? __switch_to_asm+0x33/0x70 [ 1019.579588][ T1224] ? __pfx_kthread+0x10/0x10 [ 1019.579600][ T1224] ret_from_fork_asm+0x1a/0x30 [ 1019.579624][ T1224] [ 1022.601617][ T1122] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1022.920392][ T1122] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1023.177549][ T1122] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1023.378406][ T1122] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1023.616870][ T1122] bridge_slave_1: left allmulticast mode [ 1023.616899][ T1122] bridge_slave_1: left promiscuous mode [ 1023.617168][ T1122] bridge0: port 2(bridge_slave_1) entered disabled state [ 1023.687282][ T1122] bridge_slave_0: left allmulticast mode [ 1023.687303][ T1122] bridge_slave_0: left promiscuous mode [ 1023.687489][ T1122] bridge0: port 1(bridge_slave_0) entered disabled state [ 1025.668616][ T1122] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1025.727073][ T1122] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1025.748920][ T1122] bond0 (unregistering): Released all slaves [ 1026.716414][ T1122] hsr_slave_0: left promiscuous mode [ 1026.766410][ T1122] hsr_slave_1: left promiscuous mode [ 1026.767083][ T1122] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1026.767100][ T1122] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1026.798454][ T1122] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1026.798478][ T1122] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1026.878325][ T1122] veth1_macvtap: left promiscuous mode [ 1026.878434][ T1122] veth0_macvtap: left promiscuous mode [ 1026.878698][ T1122] veth1_vlan: left promiscuous mode [ 1026.878874][ T1122] veth0_vlan: left promiscuous mode