last executing test programs: 4m54.813093256s ago: executing program 1 (id=2181): r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000080)={0x80000042, 0xffffffff}, 0x10) bind$tipc(r0, 0x0, 0x0) close(r0) 4m53.783128314s ago: executing program 1 (id=2187): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c"], 0x48) capset(&(0x7f0000019340)={0x20071026}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff, 0xe}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000001007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000085000000a000000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 4m52.915811313s ago: executing program 1 (id=2194): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000001080)={0x200000, 0x200000, 0x0, 0x0, 0x0, 0x4}) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r0, &(0x7f0000000340)="41000000010001", 0x7) 4m52.121111273s ago: executing program 1 (id=2197): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) umount2(&(0x7f00000002c0)='./file0/../file0\x00', 0x8) 4m51.310582096s ago: executing program 1 (id=2202): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newtaction={0x70, 0x30, 0x1, 0x0, 0x25dfdbfc, {}, [{0x5c, 0x1, [@m_sample={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PARMS={0x18, 0x2, {0x9, 0x4000000, 0xffffffffffffffff, 0x0, 0x1}}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8}, @TCA_SAMPLE_RATE={0x8, 0x3, 0xcac1}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 4m44.367913842s ago: executing program 1 (id=2220): write$RDMA_USER_CM_CMD_QUERY(0xffffffffffffffff, &(0x7f0000000080)={0x13, 0x10, 0xfa00, {0x0, 0xffffffffffffffff, 0x1}}, 0x18) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0x4800, 0x0, 0x7}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0xffffffffffffff4a, &(0x7f0000000200)={&(0x7f0000000080)={0x18, 0x16, 0xa01, 0x2000000}, 0x78}}, 0x0) 4m42.361343943s ago: executing program 32 (id=2220): write$RDMA_USER_CM_CMD_QUERY(0xffffffffffffffff, &(0x7f0000000080)={0x13, 0x10, 0xfa00, {0x0, 0xffffffffffffffff, 0x1}}, 0x18) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0x4800, 0x0, 0x7}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0xffffffffffffff4a, &(0x7f0000000200)={&(0x7f0000000080)={0x18, 0x16, 0xa01, 0x2000000}, 0x78}}, 0x0) 1m10.557903438s ago: executing program 3 (id=4207): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0) ftruncate(r0, 0xc17a) capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x80000000, 0x5}) r1 = syz_clone(0x800000, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r2) mount(0x0, &(0x7f00000010c0)='.\x00', &(0x7f0000000000)='proc\x00', 0x80, 0x0) syz_open_procfs(r1, &(0x7f0000000540)='fd/3\x00') 1m9.905761901s ago: executing program 3 (id=4212): r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x4e24, 0x8eb, @empty, 0x3}}}, &(0x7f0000000040)=0x84) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000540)={r3, 0x400, 0x0, 0xfffb, 0x1, 0x0, 0x5a7, 0xe03, {r3, @in={{0x2, 0x4e24, @local}}, 0xf, 0x7, 0x3a, 0x8, 0x7}}, &(0x7f0000000600)=0xb0) 1m9.607545692s ago: executing program 3 (id=4215): socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x215eb000) r0 = socket(0x14, 0x2, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x61f0, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040024}, 0x8040) 1m8.400651631s ago: executing program 3 (id=4225): mkdir(&(0x7f0000001a80)='./file0\x00', 0x1cb) mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0) mount$bpf(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x200000000000, &(0x7f0000000200)='.\x00', 0x0, 0x8b7840, 0x0) mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x84000, 0x0) mkdir(&(0x7f0000000140)='./file0/../file0\x00', 0x190) mount$bpf(0x200000000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x989046, 0x0) mount$bpf(0x200000000000, &(0x7f0000000440)='./file0/../file0\x00', 0x0, 0x2042, 0x0) 1m8.068999377s ago: executing program 3 (id=4228): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000140)=0x200000000) write$vhost_msg_v2(r0, &(0x7f0000000980)={0x2, 0x0, {0x0, 0x4b, 0x0, 0x0, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f0000002080)={0x2, 0x0, {&(0x7f0000001f80)=""/152, 0x98, 0x0, 0x0, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f0000000c00)={0x2, 0x0, {&(0x7f0000000480)=""/191, 0xbf, 0x0, 0x3, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f0000000180)={0x2, 0x0, {&(0x7f0000000540)=""/224, 0xe0, 0x0, 0x2, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f0000000340)={0x2, 0x0, {&(0x7f0000000a00)=""/274, 0x112, 0x0, 0x1, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f00000003c0)={0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}}, 0x48) 1m6.338889214s ago: executing program 3 (id=4243): connect$tipc(0xffffffffffffffff, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x1, 0x1}}}, 0x10) r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x8) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x40000000, 0x0, 0x0}, 0x800) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x8) 1m5.797129171s ago: executing program 33 (id=4243): connect$tipc(0xffffffffffffffff, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x1, 0x1}}}, 0x10) r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x8) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x40000000, 0x0, 0x0}, 0x800) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x8) 6.766313403s ago: executing program 2 (id=4835): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) io_uring_register$IORING_UNREGISTER_NAPI(0xffffffffffffffff, 0x1c, 0x0, 0x1) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e21, 0x1, @loopback, 0x13}, 0x1c) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r2, 0x1, &(0x7f0000000040), 0x0) splice(r1, 0x0, r0, 0x0, 0x10000008ebc, 0x0) 5.387000315s ago: executing program 2 (id=4854): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, 0x0, 0x4000010) bind$inet6(r0, &(0x7f0000000500)={0xa, 0x4e20, 0xbb6, @loopback, 0x5}, 0x28) connect$inet6(r0, &(0x7f0000000480)={0xa, 0x4e20, 0x9, @loopback, 0x106}, 0x1c) close(0x3) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000400)=0x4, 0x4) r2 = fcntl$dupfd(r0, 0x406, r0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) write$binfmt_elf64(r2, &(0x7f00000004c0)=ANY=[], 0xfffffdcf) 4.205668242s ago: executing program 2 (id=4861): unshare(0x20000400) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d491009b3426c8928f3d97cb", 0x10) r2 = accept4(r1, 0x0, 0x0, 0x0) recvmsg$qrtr(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000003c0)=""/161, 0xa1}], 0x1, 0x0, 0x0, 0x2000}, 0x1c, 0x0) 3.33984709s ago: executing program 0 (id=4872): socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) openat$tun(0xffffffffffffff9c, 0x0, 0xc1842, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file7\x00', 0x1ac) renameat2(0xffffffffffffff9c, &(0x7f0000000780)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file7/file0\x00', 0x0) 3.216578522s ago: executing program 6 (id=4874): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, 0x0, 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) r4 = eventfd2(0x0, 0x0) close(r4) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) write$eventfd(r4, &(0x7f0000000180)=0x5, 0xfffffde3) ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000100)=@riscv64_smstateen_csr={0x8030000003020000, &(0x7f0000000000)=0x9}) 3.121580465s ago: executing program 2 (id=4876): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) bind$unix(r0, &(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x1c2) r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) fcntl$lock(r1, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0xc369d000) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file1/file3\x00', 0x2) r2 = landlock_create_ruleset(&(0x7f0000000040)={0x2b, 0x3}, 0x18, 0x0) landlock_restrict_self(r2, 0xa) 2.839098958s ago: executing program 0 (id=4879): fcntl$lock(0xffffffffffffffff, 0x24, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, 0x0, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r0 = userfaultfd(0x1) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000009, 0x32, 0xffffffffffffffff, 0x91c6b000) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x100}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1}) syz_open_procfs(0x0, &(0x7f0000001040)='net/nf_conntrack_expect\x00') syz_genetlink_get_family_id$nl80211(&(0x7f00000012c0), 0xffffffffffffffff) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000000000/0x800000)=nil, 0x800000}) 2.532547746s ago: executing program 6 (id=4884): socket$packet(0x11, 0x2, 0x300) socket$nl_netfilter(0x10, 0x3, 0xc) socket$packet(0x11, 0x3, 0x300) bpf$ENABLE_STATS(0x20, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000580)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@mcast2, 0x800, 0x0, 0x103, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4) sendmsg$inet6(r0, &(0x7f00000000c0)={&(0x7f00000001c0)={0xa, 0x4e23, 0x80000, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="110000000000000029000000", @ANYRES16=r0], 0x18}, 0x2000c8d0) 2.083678097s ago: executing program 0 (id=4889): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r4, 0x0, 0xf3a, 0x0) write(r1, &(0x7f0000000240)="94", 0x1) vmsplice(r4, &(0x7f0000000380)=[{&(0x7f0000013580)="0dd2e7", 0x3}], 0x1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0) tee(r0, r4, 0x8f5, 0x0) write(r2, 0x0, 0x0) 2.08315291s ago: executing program 6 (id=4890): prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000040)=0x5) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket(0x10, 0x3, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x141041) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000001c0)={0x80001009, 0x0, 0x0, 'queue0\x00', 0xfffffffc}) write$sndseq(r1, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick=0x1f4, {}, {}, @raw32={[0x2600]}}], 0xffc8) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000500)={0x0, 0xe, 0x1, 'queue0\x00'}) read$char_usb(0xffffffffffffffff, &(0x7f00000000c0)=""/192, 0xc0) 1.802023745s ago: executing program 6 (id=4895): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000800)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0x2c}, @ptr={0x70742a85, 0x100000, &(0x7f0000000400)=""/216, 0xd8, 0x1, 0xffffffffffffffff}, @fda={0x66646185, 0x9, 0x1, 0x20}}, &(0x7f0000000240)={0x0, 0x28, 0x50}}, 0x400}], 0x0, 0x0, 0x0}) 1.666383329s ago: executing program 0 (id=4897): r0 = socket$inet_udp(0x2, 0x2, 0x0) close(0x3) r1 = socket$unix(0x1, 0x2, 0x0) r2 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r2, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10) close(r1) listen(r2, 0x0) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendmmsg$inet(r0, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000001c0)='\a', 0x1}], 0x1}}], 0x1, 0x4008004) 1.481587892s ago: executing program 6 (id=4900): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x2}}, 0x10) bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10) bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x20000003}}}, 0x10) bind$tipc(r0, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10) bind$tipc(r1, &(0x7f0000000440)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x3}}, 0x10) bind$tipc(r1, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x2, {0x42, 0x1, 0x3}}, 0x10) bind$tipc(r0, 0x0, 0x0) 1.373789894s ago: executing program 0 (id=4901): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) pipe(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r4, 0x0, r2, 0x0, 0xf3a, 0x0) tee(r1, r5, 0xf3a, 0x4) write$binfmt_elf64(r3, &(0x7f0000001080)=ANY=[], 0x18c6) 1.179626391s ago: executing program 6 (id=4904): r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = socket$unix(0x1, 0x2, 0x0) connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) ppoll(&(0x7f0000000040)=[{r1, 0x3328}], 0x1, 0x0, 0x0, 0x0) unshare(0x22020400) close(r0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) recvmsg(r1, &(0x7f0000001480)={0x0, 0x0, 0x0}, 0x100) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 1.176698465s ago: executing program 5 (id=4905): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24000000) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000240)={0x0, 0xdffd, 0xf35, 0x405, 0x6, 0x100}) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x802) rseq(0x0, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) socket$netlink(0x10, 0x3, 0x0) capset(0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x280000e) 1.121046201s ago: executing program 4 (id=4906): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x6, 0x201}]}) recvmmsg(0xffffffffffffffff, &(0x7f0000002000)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000280)=""/111, 0x6f}], 0x1}, 0x7}], 0x1, 0x20, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="c3"], 0x48) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x8, 0x2, 0xffffffffffffffff], 0x0, 0x200}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 947.961351ms ago: executing program 5 (id=4907): openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000004882, 0x0) r0 = socket$inet(0x2, 0x80001, 0x84) setsockopt$sock_int(r0, 0x1, 0xf, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000005580)=""/102392, 0x18ff8) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) ioctl$BLKZEROOUT(r2, 0x127f, 0x0) 933.005919ms ago: executing program 4 (id=4908): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340)) ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f) write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) syz_usb_connect(0x0, 0x24, 0x0, 0x0) 880.399412ms ago: executing program 2 (id=4909): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b00000008000003000000000000000001000000", @ANYRES32], 0x50) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xb, 0x8, 0xc, 0x80000000, 0x1}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0, 0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000280)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x756}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4) sendmsg$inet(r4, &(0x7f0000000780)={0x0, 0x0, 0x0}, 0x4800) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xbd213077fa1addad, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000680)={r5}, 0xc) 792.223023ms ago: executing program 0 (id=4910): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = socket$inet_udp(0x2, 0x2, 0x0) recvmsg(r0, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x40000100) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0xf}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x4000, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e24, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa845942824251d7d17b5191584bcd4fbe40a23424d00", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) recvmmsg(r0, &(0x7f0000006000)=[{{0x0, 0x0, 0x0}, 0x7fffffff}], 0x1, 0x102, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x80, &(0x7f0000000080)={0xa, 0x4e21, 0x10, @private2, 0xfffffffb}, 0x1c) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x2}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 771.522357ms ago: executing program 4 (id=4911): r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) sendmsg$NL80211_CMD_PROBE_CLIENT(0xffffffffffffffff, 0x0, 0x101) write$FUSE_INIT(r0, 0x0, 0x0) timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000b80)=0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f00000007c0)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x0, 0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040), 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() 688.561239ms ago: executing program 5 (id=4912): r0 = socket$inet6(0xa, 0x3, 0x3) close(0x3) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4) recvmmsg(r1, &(0x7f0000001480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=""/4096, 0x1000}, 0x3}], 0x1, 0x40010102, 0x0) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$inet6_udp_int(r2, 0x11, 0x67, &(0x7f0000000180)=0x7f, 0x4) connect$inet6(r2, &(0x7f00000001c0)={0xa, 0x4e23, 0x3, @mcast1, 0x2}, 0x1c) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}}, 0x1c) write(r2, &(0x7f0000000300)="89ba41c97928dec7cec15a160d3dba2553780081e7465c883ac4dd9b3e59b519a795020072aed129d4b5247c983455b3d757e8b2333a64d9abf416fd83f942661c47bcdf71f7d07ba20d03474a4a4bce636ea8d2b882b2b49ef18e2a96e41f206d930eda2769c5ee6d5e3d541ce9a21c3ce5cb5fbdad9a45de00000000000000", 0x80) 667.621987ms ago: executing program 2 (id=4913): syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa210104, @multicast1, {[@generic={0x7, 0x10, "0990ec742f779f8fcaa6a306fc78"}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), 0xffffffffffffffff) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x680, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_CLOCK(r1, 0x4030ae7b, &(0x7f0000000000)={0x253, 0x4, 0x5, 0x8000000000000100, 0x6}) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000) futex(&(0x7f0000000200)=0x1, 0x6, 0x0, &(0x7f0000000240)={0x77359400}, 0x0, 0x1) 553.204433ms ago: executing program 4 (id=4914): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0x1, 0x5, 0x7fffffff}]}) socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x1b7f, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x0, 0x20002f7}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x0, 0xffff}}}, 0x24}}, 0x0) r1 = socket$inet(0x2, 0x80001, 0x84) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000100)="16", 0x1}], 0x1) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8) fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 500.378851ms ago: executing program 5 (id=4915): setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2e, &(0x7f0000000080)=0x55b6, 0x4) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000000)={[{0x20000007, 0x101, 0x5, 0x9, 0x6, 0x0, 0xff, 0x6, 0x9, 0x6, 0xfb, 0x67, 0x4}, {0xf9d1, 0x7, 0x3, 0x2, 0x6, 0xfe, 0x9, 0x6a, 0xf, 0x44, 0xfe, 0x4, 0x1ff}, {0x5, 0x9, 0x0, 0x4, 0x0, 0x4, 0xfe, 0xb, 0x3, 0x7f, 0x3, 0x7, 0x6}], 0x40004}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) syz_usb_connect$midi(0x5, 0x31, &(0x7f0000000180)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x40, 0x1430, 0x474b, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1f, 0x1, 0x1, 0x18, 0x10, 0x4, "", {{{0x9, 0x4, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x6, [], [{{0x9, 0x5, 0x8c, 0x2, 0x200, 0x6d, 0xf7, 0x80, {0x4}}}]}}}}}]}}, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x3000, 0x0, 0x1}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000040)={0x0, 0x12000, 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 348.619125ms ago: executing program 4 (id=4916): bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@tracing={0x0, 0x5}}, 0x20) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xfffffff9) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/246, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@ip_ttl={{0x14, 0x0, 0x2, 0x800}}], 0x18}, 0x80) 311.721034ms ago: executing program 5 (id=4917): r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff3000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r2 = io_uring_setup(0x523, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0) connect$unix(r1, &(0x7f00000027c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 396.444µs ago: executing program 5 (id=4918): r0 = socket(0x400000000010, 0x3, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffdf, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850) sendmsg$nl_route_sched(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000940)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r4, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r6, {0xf000, 0xffff}, {}, {0x7, 0xa}}}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x20000840) 0s ago: executing program 4 (id=4919): socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket(0xa, 0x3, 0x3a) gettid() r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x2]}, 0x8, 0x0) read$FUSE(r1, &(0x7f0000001b40)={0x2020}, 0x205c) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000080)={0x4, 0x0, 0xfc}, 0xc) kernel console output (not intermixed with test programs): ceived packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 354.893491][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 354.893969][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 354.894325][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 354.894734][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 354.895199][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 354.895628][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 354.895973][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 358.309530][T10189] ptrace attach of "./syz-executor exec"[5589] was attempted by "\x22"[10189] [ 358.331722][T10188] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1964'. [ 358.331748][T10188] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1964'. [ 358.331768][T10188] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1964'. [ 359.842273][ T5807] usb 2-1: new full-speed USB device number 10 using dummy_hcd [ 359.902196][ C0] net_ratelimit: 8788 callbacks suppressed [ 359.902220][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 359.902585][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 359.903098][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 359.903447][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 359.903883][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 359.904349][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 359.904776][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 359.905121][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 359.905727][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 359.906136][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 360.126016][ T5807] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83 [ 360.126053][ T5807] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 360.126100][ T5807] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 360.126124][ T5807] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 361.159012][ T5807] usb 2-1: config 0 descriptor?? [ 361.526629][ T5807] ath6kl: Failed to submit usb control message: -71 [ 361.526692][ T5807] ath6kl: unable to send the bmi data to the device: -71 [ 361.526708][ T5807] ath6kl: Unable to send get target info: -71 [ 361.527912][ T5807] ath6kl: Failed to init ath6kl core: -71 [ 361.529618][ T5807] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 361.719699][ T5807] usb 2-1: USB disconnect, device number 10 [ 363.385010][T10223] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1980'. [ 364.282028][T10239] netlink: 'syz.2.1986': attribute type 1 has an invalid length. [ 364.912403][ C0] net_ratelimit: 7927 callbacks suppressed [ 364.912424][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 364.912862][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 364.913236][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 364.913757][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 364.914135][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 364.914620][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 364.915131][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 364.915583][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 364.915986][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 364.916661][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 366.772509][ T36] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 367.183775][ T5599] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 367.224691][ T36] usb 1-1: Using ep0 maxpacket: 16 [ 367.227463][ T36] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 367.227497][ T36] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 367.227520][ T36] usb 1-1: config 0 interface 0 has no altsetting 0 [ 367.227557][ T36] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 367.227581][ T36] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 367.442223][ T5599] usb 4-1: Using ep0 maxpacket: 32 [ 367.880634][ T5599] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 367.880671][ T5599] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 367.880711][ T5599] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 367.880734][ T5599] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 368.160234][ T36] usb 1-1: config 0 descriptor?? [ 368.184200][ T5599] usb 4-1: config 0 descriptor?? [ 369.231195][ T5599] hub 4-1:0.0: USB hub found [ 369.269106][ T36] hid (null): report_id 0 is invalid [ 369.278087][ T5599] hub 4-1:0.0: 26 ports detected [ 369.288722][ T5599] hub 4-1:0.0: insufficient power available to use all downstream ports [ 369.695051][ T36] usb 1-1: USB disconnect, device number 15 [ 369.922506][ C0] net_ratelimit: 9692 callbacks suppressed [ 369.922539][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 369.922945][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 369.923296][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 369.923780][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 369.924119][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 369.924494][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 369.924971][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 369.925411][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 369.925750][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 369.926197][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 373.078861][ T37] audit: type=1326 audit(1777478152.217:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10302 comm="syz.0.2013" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd0e8ffcdd9 code=0x0 [ 374.314349][ T5599] usb 4-1: USB disconnect, device number 11 [ 374.932324][ C0] net_ratelimit: 7336 callbacks suppressed [ 374.932349][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 374.932801][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 374.933143][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 374.933540][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 374.934008][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 374.934418][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 374.934768][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 374.935317][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 374.935662][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 374.936034][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 378.292662][T10358] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2038'. [ 379.157496][ T1334] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.157580][ T1334] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.943150][ C0] net_ratelimit: 7215 callbacks suppressed [ 379.943176][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 379.943744][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 379.944254][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 379.944719][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 379.945284][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 379.945864][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 379.946342][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 379.946738][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 379.947411][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 379.947961][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 384.952218][ C0] net_ratelimit: 9157 callbacks suppressed [ 384.952244][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 384.952684][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 384.953160][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 384.953572][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 384.953908][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 384.954349][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 384.954801][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 384.955203][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 384.955637][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 384.956057][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 386.772393][T10455] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 386.772424][T10455] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 386.772924][T10455] vhci_hcd vhci_hcd.0: Device attached [ 387.869434][ T31] usb 35-1: new low-speed USB device number 2 using vhci_hcd [ 387.907988][ T9] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 388.082295][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 388.469533][ T9] usb 2-1: config 0 has no interfaces? [ 388.469576][ T9] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 388.469601][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 388.499128][T10467] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2078'. [ 388.608118][ T9] usb 2-1: config 0 descriptor?? [ 388.990025][ T36] usb 2-1: USB disconnect, device number 11 [ 389.031114][T10456] usb 35-1: recv xbuf, 0 [ 389.192596][ T31] usb 35-1: device descriptor read/64, error -71 [ 389.215745][ T13] vhci_hcd vhci_hcd.1: stop threads [ 389.215777][ T13] vhci_hcd vhci_hcd.1: release socket [ 389.215851][ T13] vhci_hcd vhci_hcd.1: disconnect device [ 389.382428][ T31] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 389.977334][ C0] net_ratelimit: 8500 callbacks suppressed [ 389.977377][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 389.979823][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 389.980385][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 389.980955][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 389.981637][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 389.997648][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 389.998135][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 389.998680][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 389.999288][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 390.027162][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 390.983987][T10472] syz.0.2079 (10472) used greatest stack depth: 18112 bytes left [ 393.892344][ T10] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 394.044049][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 394.074633][ T10] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 394.074670][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 394.074690][ T10] usb 2-1: Product: syz [ 394.074860][ T10] usb 2-1: Manufacturer: syz [ 394.075091][ T10] usb 2-1: SerialNumber: syz [ 394.758457][ T10] usb 2-1: config 0 descriptor?? [ 394.982237][ C0] net_ratelimit: 6908 callbacks suppressed [ 394.982261][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 394.982658][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 394.983133][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 394.983536][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 394.983877][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 394.984314][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 394.984776][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 394.985258][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 394.985645][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 394.986039][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 395.883851][ T10] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 396.444239][ T10] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 396.558737][ T10] usb 2-1: USB disconnect, device number 12 [ 399.999259][ C0] net_ratelimit: 7954 callbacks suppressed [ 399.999282][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 399.999694][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 400.000188][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 400.056469][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 400.056875][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 400.057318][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 400.109730][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 400.110167][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 400.110520][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 400.110920][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 401.027979][T10552] Bluetooth: MGMT ver 1.23 [ 404.114416][T10579] netlink: 'syz.3.2122': attribute type 1 has an invalid length. [ 405.002264][ C0] net_ratelimit: 8001 callbacks suppressed [ 405.002289][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 405.002719][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 405.003083][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 405.003504][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 405.004108][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 405.004548][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 405.004931][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 405.005359][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 405.005913][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 405.006345][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 408.262424][ T5599] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 408.414093][ T5599] usb 3-1: Using ep0 maxpacket: 32 [ 408.416766][ T5599] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 408.416795][ T5599] usb 3-1: config 0 has no interface number 0 [ 408.420028][ T5599] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 408.420061][ T5599] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 408.420080][ T5599] usb 3-1: Product: syz [ 408.420095][ T5599] usb 3-1: Manufacturer: syz [ 408.420110][ T5599] usb 3-1: SerialNumber: syz [ 408.496147][ T5599] usb 3-1: config 0 descriptor?? [ 409.485331][ T5599] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 409.712533][ C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 409.729760][ C1] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 116 [ 410.012377][ C0] net_ratelimit: 8693 callbacks suppressed [ 410.012402][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 410.012881][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 410.013279][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 410.013692][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 410.014100][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 410.014568][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 410.015017][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 410.015358][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 410.015767][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 410.016230][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 411.738673][ C1] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 412.227198][ T5599] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 412.352911][ T5599] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 412.514172][ T5599] usb 3-1: USB disconnect, device number 14 [ 413.250371][ T5599] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 413.580699][ T5599] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 413.696174][ T5599] quatech2 3-1:0.51: device disconnected [ 415.022370][ C0] net_ratelimit: 9297 callbacks suppressed [ 415.022395][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 415.022802][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 415.023285][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 415.023730][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 415.024093][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 415.024483][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 415.025014][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 415.025424][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 415.025758][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 415.026163][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 417.150796][T10645] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 420.038657][ C0] net_ratelimit: 9299 callbacks suppressed [ 420.038681][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 420.039179][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 420.039608][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 420.096715][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 420.097249][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 420.097744][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 420.162447][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 420.162883][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 420.163293][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 420.178425][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 420.392436][T10648] erspan0: entered promiscuous mode [ 424.751272][T10694] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2172'. [ 425.042518][ C0] net_ratelimit: 9281 callbacks suppressed [ 425.042543][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 425.042986][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 425.043453][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 425.043887][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 425.044233][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 425.044636][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 425.045112][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 425.045502][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 425.045868][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 425.046271][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 425.792292][ T36] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 426.234274][ T36] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 426.234307][ T36] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 426.234326][ T36] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 426.234393][ T36] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 426.248365][ T36] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 426.248395][ T36] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 426.248414][ T36] usb 3-1: Product: syz [ 426.248426][ T36] usb 3-1: Manufacturer: syz [ 426.270667][ T36] cdc_wdm 3-1:1.0: skipping garbage [ 426.270687][ T36] cdc_wdm 3-1:1.0: skipping garbage [ 427.017128][ T36] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 427.017154][ T36] cdc_wdm 3-1:1.0: Unknown control protocol [ 427.132469][ T36] usb 3-1: USB disconnect, device number 15 [ 430.052522][ C0] net_ratelimit: 7355 callbacks suppressed [ 430.052546][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 430.053059][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 430.053541][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 430.053923][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 430.054348][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 430.054857][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 430.055283][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 430.055641][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 430.056073][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 430.056685][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 435.062576][ C0] net_ratelimit: 6387 callbacks suppressed [ 435.062600][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 435.063073][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 435.063455][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 435.063926][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 435.064471][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 435.064938][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 435.065332][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 435.065799][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 435.066329][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 435.066797][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 438.781814][T10800] program syz.2.2223 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 440.072510][ C0] net_ratelimit: 9665 callbacks suppressed [ 440.072535][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 440.073006][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 440.073412][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 440.073742][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 440.074166][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 440.074641][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 440.075037][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 440.075383][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 440.075787][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 440.076290][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 440.424992][ T1334] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.425073][ T1334] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.058839][ T1350] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 441.251358][ T5604] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 441.533903][ T5604] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 441.559430][ T5604] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 441.576913][ T5604] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 441.578657][ T5604] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 443.702394][ T5606] Bluetooth: hci0: command tx timeout [ 445.082518][ C0] net_ratelimit: 8077 callbacks suppressed [ 445.082541][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 445.083002][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 445.083401][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 445.083874][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 445.084256][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 445.084565][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 445.084884][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 445.085262][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 445.085676][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 445.085953][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 445.399633][T10852] program syz.3.2244 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 445.782580][ T5606] Bluetooth: hci0: command tx timeout [ 447.853187][ T1350] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 447.876721][ T5606] Bluetooth: hci0: command tx timeout [ 449.708591][T10874] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 449.944413][ T5606] Bluetooth: hci0: command tx timeout [ 450.092201][ C0] net_ratelimit: 7828 callbacks suppressed [ 450.092226][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 450.092698][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 450.093096][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 450.093449][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 450.093844][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 450.094310][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 450.094818][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 450.095165][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 450.095575][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 450.096045][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 453.601510][T10906] netlink: 203340 bytes leftover after parsing attributes in process `syz.0.2266'. [ 454.962241][ T1242] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 455.060455][T10918] netlink: 'syz.0.2270': attribute type 11 has an invalid length. [ 455.102375][ C0] net_ratelimit: 8624 callbacks suppressed [ 455.102398][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 455.102805][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 455.103292][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 455.103801][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 455.104278][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 455.104638][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 455.105049][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 455.105547][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 455.105966][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 455.106336][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 455.585828][ T1242] usb 3-1: Using ep0 maxpacket: 32 [ 456.152301][ T1242] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 456.152334][ T1242] usb 3-1: config 0 has no interface number 0 [ 456.154807][ T1242] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 456.154838][ T1242] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 456.154859][ T1242] usb 3-1: Product: syz [ 456.154874][ T1242] usb 3-1: Manufacturer: syz [ 456.154889][ T1242] usb 3-1: SerialNumber: syz [ 456.164394][ T1242] usb 3-1: config 0 descriptor?? [ 456.168747][ T1242] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 458.069263][ C0] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 458.215558][ T1242] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 458.238929][ T1242] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 460.116577][ T1242] usb 3-1: USB disconnect, device number 16 [ 460.122254][ C0] net_ratelimit: 10002 callbacks suppressed [ 460.122274][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 460.122682][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 460.123103][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 460.123588][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 460.124022][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 460.124401][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 460.124822][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 460.125299][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 460.125733][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 460.126085][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 460.150620][ T1350] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 460.596885][ T1242] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 462.156940][ T1242] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 462.158031][ T1242] quatech2 3-1:0.51: device disconnected [ 464.480075][ T1350] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 464.846749][T10812] lo speed is unknown, defaulting to 1000 [ 465.132256][ C0] net_ratelimit: 9076 callbacks suppressed [ 465.132279][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 465.132782][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 465.133226][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 465.133622][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 465.134053][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 465.134560][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 465.134990][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 465.135433][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 465.135867][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 465.136369][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 466.054685][T10963] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 466.794213][T10977] Invalid argument reading file caps for ./file0 [ 470.142402][ C0] net_ratelimit: 7460 callbacks suppressed [ 470.142426][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 470.142786][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 470.143197][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 470.143667][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 470.144108][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 470.144430][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 470.144845][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 470.145347][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 470.145774][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 470.146142][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 473.140633][T11020] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.2313'. [ 475.152518][ C0] net_ratelimit: 8138 callbacks suppressed [ 475.152542][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 475.152935][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 475.153406][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 475.153983][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 475.154474][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 475.154875][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 475.155344][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 475.155958][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 475.156432][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 475.156883][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 475.575625][T11013] mac80211_hwsim hwsim9 wlan1: entered promiscuous mode [ 475.643039][T11013] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode [ 475.934114][T11013] syz.0.2310 (11013) used greatest stack depth: 17224 bytes left [ 480.166216][ C0] net_ratelimit: 8903 callbacks suppressed [ 480.166240][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 480.166658][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 480.167115][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 480.167552][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 480.167929][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 480.170528][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 480.171028][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 480.171434][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 480.171770][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 480.174441][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 480.492850][ T1022] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 484.262663][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 485.172386][ C0] net_ratelimit: 9093 callbacks suppressed [ 485.172409][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 485.172753][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 485.173149][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 485.173602][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 485.174014][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 485.174354][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 485.174922][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 485.175502][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 485.176078][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:bc:5c:43:3e:3e, vlan:0) [ 485.176440][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 485.683938][ T1350] veth0_to_bridge: left allmulticast mode [ 485.684131][ T1350] veth0_to_bridge: left promiscuous mode [ 485.687719][ T1350] bridge0: port 3(veth0_to_bridge) entered disabled state [ 485.999966][ T1350] bridge_slave_1: left allmulticast mode [ 486.000005][ T1350] bridge_slave_1: left promiscuous mode [ 486.058368][ T1350] bridge0: port 2(bridge_slave_1) entered disabled state [ 486.176356][ T1350] bridge_slave_0: left allmulticast mode [ 486.176396][ T1350] bridge_slave_0: left promiscuous mode [ 486.177170][ T1350] bridge0: port 1(bridge_slave_0) entered disabled state [ 486.211232][T11121] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2351'. [ 486.600587][T11131] loop9: detected capacity change from 0 to 7 [ 486.868553][T11131] Dev loop9: unable to read RDB block 7 [ 486.868591][T11131] loop9: AHDI p2 p3 [ 486.868623][T11131] loop9: partition table partially beyond EOD, truncated [ 486.895890][T11131] loop9: p2 size 1701016946 extends beyond EOD, truncated [ 487.494235][ T9630] udevd[9630]: inotify_add_watch(7, /dev/loop9p2, 10) failed: No such file or directory [ 489.352350][ T1350] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 489.453093][ T1350] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 489.509521][ T1350] bond0 (unregistering): Released all slaves [ 489.572664][ T5254] 8021q: adding VLAN 0 to HW filter on device eth1 [ 489.574597][T11119] veth1_to_bond: entered allmulticast mode [ 489.825415][T11121] bond0: (slave bond_slave_1): Releasing backup interface [ 489.867964][T11121] bond_slave_1 (unregistering): left allmulticast mode [ 490.252425][ T1350] tipc: Disabling bearer [ 490.253098][ T1350] tipc: Left network mode [ 491.273239][ T37] audit: type=1326 audit(1777478270.417:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11245 comm="syz.3.2411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8348bbcdd9 code=0x7ffc0000 [ 491.275112][ T37] audit: type=1326 audit(1777478270.417:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11245 comm="syz.3.2411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8348bbcdd9 code=0x7ffc0000 [ 491.277071][ T37] audit: type=1326 audit(1777478270.417:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11245 comm="syz.3.2411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8348bbcdd9 code=0x7ffc0000 [ 491.277655][ T37] audit: type=1326 audit(1777478270.417:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11245 comm="syz.3.2411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=69 compat=0 ip=0x7f8348bbcdd9 code=0x7ffc0000 [ 491.277703][ T37] audit: type=1326 audit(1777478270.417:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11245 comm="syz.3.2411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8348bbcdd9 code=0x7ffc0000 [ 491.277745][ T37] audit: type=1326 audit(1777478270.417:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11245 comm="syz.3.2411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8348bbcdd9 code=0x7ffc0000 [ 491.278106][ T37] audit: type=1326 audit(1777478270.417:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11245 comm="syz.3.2411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8348bbcdd9 code=0x7ffc0000 [ 491.309740][ T37] audit: type=1326 audit(1777478270.447:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11245 comm="syz.3.2411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8348bbcdd9 code=0x7ffc0000 [ 491.311850][ T37] audit: type=1326 audit(1777478270.447:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11245 comm="syz.3.2411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7f8348bbcdd9 code=0x7ffc0000 [ 491.311900][ T37] audit: type=1326 audit(1777478270.447:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11245 comm="syz.3.2411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8348bbcdd9 code=0x7ffc0000 [ 492.272358][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 494.076757][ T5254] 8021q: adding VLAN 0 to HW filter on device eth2 [ 494.407431][T11323] netlink: 'syz.2.2440': attribute type 1 has an invalid length. [ 494.407456][T11323] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2440'. [ 494.608150][T10812] bridge0: port 1(bridge_slave_0) entered blocking state [ 494.608298][T10812] bridge0: port 1(bridge_slave_0) entered disabled state [ 494.608531][T10812] bridge_slave_0: entered allmulticast mode [ 494.727767][T10812] bridge_slave_0: entered promiscuous mode [ 495.777718][T10812] bridge0: port 2(bridge_slave_1) entered blocking state [ 495.777952][T10812] bridge0: port 2(bridge_slave_1) entered disabled state [ 495.778192][T10812] bridge_slave_1: entered allmulticast mode [ 495.799264][T10812] bridge_slave_1: entered promiscuous mode [ 497.127871][T10812] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 497.166066][T10812] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 497.332269][ T10] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 497.367864][ T1350] hsr_slave_0: left promiscuous mode [ 497.490861][ T10] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 497.490955][ T10] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 497.491001][ T10] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 497.491036][ T10] usb 3-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 497.529790][ T1350] hsr_slave_1: left promiscuous mode [ 497.555180][ T10] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 497.555214][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 497.555233][ T10] usb 3-1: Product: syz [ 497.555246][ T10] usb 3-1: Manufacturer: syz [ 497.555261][ T10] usb 3-1: SerialNumber: syz [ 497.615925][ T10] cdc_mbim 3-1:1.0: skipping garbage [ 497.620477][ T1350] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 497.620750][ T1350] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 497.748519][ T1350] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 497.748561][ T1350] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 497.835398][T11386] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 498.446632][T11386] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 498.657378][ T10] cdc_mbim 3-1:1.0: bind() failure [ 498.678406][ T1350] veth1_macvtap: left promiscuous mode [ 498.678849][ T1350] veth0_macvtap: left promiscuous mode [ 498.679214][ T1350] veth1_vlan: left promiscuous mode [ 498.679630][ T1350] veth0_vlan: left promiscuous mode [ 498.698801][ T10] cdc_ncm 3-1:1.1: probe with driver cdc_ncm failed with error -71 [ 498.701143][ T10] cdc_mbim 3-1:1.1: probe with driver cdc_mbim failed with error -71 [ 498.714755][ T10] usbtest 3-1:1.1: probe with driver usbtest failed with error -71 [ 498.738075][ T10] usb 3-1: USB disconnect, device number 17 [ 499.541145][ T5604] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 499.586322][ T5604] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 499.592913][ T5604] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 499.631257][ T5604] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 499.650832][ T5604] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 500.188072][T11454] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2497'. [ 501.524380][ T1350] team0 (unregistering): Port device team_slave_1 removed [ 501.593252][ T1350] team0 (unregistering): Port device team_slave_0 removed [ 501.866711][ T5604] Bluetooth: hci5: command tx timeout [ 501.868032][ T1334] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.868991][ T1334] net_ratelimit: 727 callbacks suppressed [ 501.869005][ T1334] aoe: packet could not be sent on ipvlan1. consider increasing tx_queue_len [ 502.315469][T11454] bridge0: port 2(bridge_slave_1) entered disabled state [ 502.354257][T11454] bridge0: port 1(bridge_slave_0) entered disabled state [ 502.858021][ T1022] batman_adv: batadv1: IGMP Querier appeared [ 502.858038][ T1022] batman_adv: batadv1: MLD Querier appeared [ 504.007338][ T5604] Bluetooth: hci5: command tx timeout [ 504.548020][T11569] netlink: 112 bytes leftover after parsing attributes in process `syz.3.2543'. [ 505.165334][T11569] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2543'. [ 505.253753][ T5254] 8021q: adding VLAN 0 to HW filter on device eth3 [ 505.366286][T11596] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 505.366286][T11596] The task syz.3.2553 (11596) triggered the difference, watch for misbehavior. [ 505.551770][T11434] lo speed is unknown, defaulting to 1000 [ 506.022422][ T5604] Bluetooth: hci5: command tx timeout [ 506.669467][T11633] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2567'. [ 506.669495][T11633] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2567'. [ 506.982408][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 507.674891][ T1350] bridge_slave_1: left allmulticast mode [ 507.674930][ T1350] bridge_slave_1: left promiscuous mode [ 507.714554][ T1350] bridge0: port 2(bridge_slave_1) entered disabled state [ 507.927310][T11665] input: syz1 as /devices/virtual/input/input11 [ 507.954905][ T1350] bridge_slave_0: left allmulticast mode [ 507.954944][ T1350] bridge_slave_0: left promiscuous mode [ 507.997159][ T1350] bridge0: port 1(bridge_slave_0) entered disabled state [ 508.102351][ T5604] Bluetooth: hci5: command tx timeout [ 508.603186][ T1350] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 508.723440][ T1350] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 508.805613][ T1350] bond0 (unregistering): Released all slaves [ 509.077190][ T5254] 8021q: adding VLAN 0 to HW filter on device eth4 [ 511.680733][T11434] bridge0: port 1(bridge_slave_0) entered blocking state [ 511.680864][T11434] bridge0: port 1(bridge_slave_0) entered disabled state [ 511.681099][T11434] bridge_slave_0: entered allmulticast mode [ 511.709655][T11434] bridge_slave_0: entered promiscuous mode [ 511.953224][T11434] bridge0: port 2(bridge_slave_1) entered blocking state [ 511.953368][T11434] bridge0: port 2(bridge_slave_1) entered disabled state [ 511.953617][T11434] bridge_slave_1: entered allmulticast mode [ 511.957220][T11434] bridge_slave_1: entered promiscuous mode [ 512.446770][T11434] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 512.500814][T11434] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 512.745825][T11434] team0: Port device team_slave_0 added [ 512.785408][T11434] team0: Port device team_slave_1 added [ 513.332321][T11434] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 513.332340][T11434] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 513.332368][T11434] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 513.376506][T11434] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 513.376524][T11434] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 513.376609][T11434] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 513.396963][T11821] netlink: 'syz.3.2644': attribute type 8 has an invalid length. [ 513.396984][T11821] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2644'. [ 513.650301][T11821] bond0: entered promiscuous mode [ 513.650338][T11821] bond_slave_0: entered promiscuous mode [ 513.650885][T11821] bond_slave_1: entered promiscuous mode [ 513.690919][T11821] gretap0: entered promiscuous mode [ 513.743511][T11821] hsr1: entered promiscuous mode [ 514.408722][T11850] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2656'. [ 514.808469][T11434] hsr_slave_0: entered promiscuous mode [ 514.809992][T11434] hsr_slave_1: entered promiscuous mode [ 514.811037][T11434] debugfs: 'hsr0' already exists in 'hsr' [ 514.811063][T11434] Cannot create hsr debugfs directory [ 514.841651][ T36] IPVS: starting estimator thread 0... [ 514.841870][T11858] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 514.932375][T11866] IPVS: using max 7 ests per chain, 16800 per kthread [ 516.265615][ T10] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 516.425751][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 516.425788][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 516.425842][ T10] usb 4-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.01 [ 516.425866][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 516.452667][ T10] usb 4-1: config 0 descriptor?? [ 516.996980][ T10] arvo 0003:1E7D:30D4.0012: item fetching failed at offset 3/7 [ 516.999399][ T10] arvo 0003:1E7D:30D4.0012: parse failed [ 516.999477][ T10] arvo 0003:1E7D:30D4.0012: probe with driver arvo failed with error -22 [ 517.124513][ T10] usb 4-1: USB disconnect, device number 12 [ 517.519471][ T5604] Bluetooth: hci4: adv larger than maximum supported [ 517.519493][ T5604] Bluetooth: hci4: Unknown advertising packet type: 0x7f [ 517.519511][ T5604] Bluetooth: hci4: Malformed LE Event: 0x0d [ 518.283959][T11434] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 518.435173][T11434] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 518.446334][T11434] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 518.610349][T11434] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 518.623778][T11434] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 518.834349][T11434] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 518.838939][T11434] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 518.856665][ T37] kauditd_printk_skb: 13 callbacks suppressed [ 518.856683][ T37] audit: type=1326 audit(1777478297.987:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11978 comm="syz.0.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0e8ffcdd9 code=0x7ffc0000 [ 518.856734][ T37] audit: type=1326 audit(1777478297.987:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11978 comm="syz.0.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0e8ffcdd9 code=0x7ffc0000 [ 518.856782][ T37] audit: type=1326 audit(1777478297.987:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11978 comm="syz.0.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0e8ffcdd9 code=0x7ffc0000 [ 518.856827][ T37] audit: type=1326 audit(1777478297.987:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11978 comm="syz.0.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0e8ffcdd9 code=0x7ffc0000 [ 518.856872][ T37] audit: type=1326 audit(1777478297.987:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11978 comm="syz.0.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0e8ffcdd9 code=0x7ffc0000 [ 518.856917][ T37] audit: type=1326 audit(1777478297.987:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11978 comm="syz.0.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fd0e8ffcdd9 code=0x7ffc0000 [ 518.856962][ T37] audit: type=1326 audit(1777478297.987:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11978 comm="syz.0.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0e8ffcdd9 code=0x7ffc0000 [ 518.857008][ T37] audit: type=1326 audit(1777478297.987:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11978 comm="syz.0.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0e8ffcdd9 code=0x7ffc0000 [ 518.857053][ T37] audit: type=1326 audit(1777478297.997:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11978 comm="syz.0.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0e8ffcdd9 code=0x7ffc0000 [ 518.857098][ T37] audit: type=1326 audit(1777478297.987:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11978 comm="syz.0.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=51 compat=0 ip=0x7fd0e8ffcdd9 code=0x7ffc0000 [ 519.206791][T11987] 9p: Bad value for 'rfdno' [ 519.356265][T11434] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 519.413885][ T10] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 519.562217][ T10] usb 3-1: Using ep0 maxpacket: 32 [ 519.572480][ T10] usb 3-1: unable to get BOS descriptor or descriptor too short [ 519.574009][ T10] usb 3-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config [ 519.580951][ T10] usb 3-1: New USB device found, idVendor=0403, idProduct=da73, bcdDevice= 0.09 [ 519.580981][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 519.581001][ T10] usb 3-1: SerialNumber: syz [ 519.630835][ T10] ftdi_sio 3-1:6.0: FTDI USB Serial Device converter detected [ 519.658563][ T10] usb 3-1: Detected SIO [ 519.895136][ T10] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 519.979472][ T10] usb 3-1: USB disconnect, device number 18 [ 520.091999][ T10] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 520.158681][ T10] ftdi_sio 3-1:6.0: device disconnected [ 521.066981][T11434] 8021q: adding VLAN 0 to HW filter on device bond0 [ 521.325318][T11434] 8021q: adding VLAN 0 to HW filter on device team0 [ 521.446369][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 521.446792][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 521.516031][ T192] bridge0: port 2(bridge_slave_1) entered blocking state [ 521.516267][ T192] bridge0: port 2(bridge_slave_1) entered forwarding state [ 523.177022][T12094] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2757'. [ 523.520009][T12109] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 523.520034][T12109] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 524.148063][T12129] binder_alloc: binder_alloc_mmap_handler: 12126 200000001000-200000003000 already mapped failed -16 [ 524.470824][T11434] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 525.331578][ T37] kauditd_printk_skb: 3 callbacks suppressed [ 525.331598][ T37] audit: type=1800 audit(1777478304.347:104): pid=12163 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.2778" name="nullb0" dev="tmpfs" ino=2394 res=0 errno=0 [ 525.946498][T12188] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 526.077985][T11434] veth0_vlan: entered promiscuous mode [ 526.233954][T11434] veth1_vlan: entered promiscuous mode [ 526.459027][T11434] veth0_macvtap: entered promiscuous mode [ 526.487794][T11434] veth1_macvtap: entered promiscuous mode [ 526.619102][T11434] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 526.782866][T11434] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 526.877967][ T13] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 526.928665][ T13] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 526.928999][ T13] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 526.933131][ T13] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 528.971334][ T5848] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 528.971367][ T5848] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 529.788320][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 529.788342][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 530.196475][T12273] syz.2.2816 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 533.838758][T12381] loop2: detected capacity change from 0 to 7 [ 534.120091][T12381] Dev loop2: unable to read RDB block 7 [ 534.120138][T12381] loop2: unable to read partition table [ 534.120413][T12381] loop2: partition table beyond EOD, truncated [ 534.120452][T12381] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 534.489420][T12392] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 535.785768][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 537.815687][ T37] audit: type=1326 audit(1777478316.957:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12480 comm="syz.2.2897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe24141cdd9 code=0x7ffc0000 [ 537.816969][ T37] audit: type=1326 audit(1777478316.957:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12480 comm="syz.2.2897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe24141cdd9 code=0x7ffc0000 [ 537.820221][ T37] audit: type=1326 audit(1777478316.957:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12480 comm="syz.2.2897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7fe24141cdd9 code=0x7ffc0000 [ 537.820862][ T37] audit: type=1326 audit(1777478316.957:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12480 comm="syz.2.2897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe24141cdd9 code=0x7ffc0000 [ 537.821043][ T37] audit: type=1326 audit(1777478316.957:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12480 comm="syz.2.2897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe24141cdd9 code=0x7ffc0000 [ 537.838682][ T37] audit: type=1326 audit(1777478316.967:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12480 comm="syz.2.2897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fe24141cdd9 code=0x7ffc0000 [ 537.859224][ T37] audit: type=1326 audit(1777478316.997:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12480 comm="syz.2.2897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe24141cdd9 code=0x7ffc0000 [ 537.864606][ T37] audit: type=1326 audit(1777478316.997:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12480 comm="syz.2.2897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=161 compat=0 ip=0x7fe24141cdd9 code=0x7ffc0000 [ 537.867651][ T37] audit: type=1326 audit(1777478317.007:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12480 comm="syz.2.2897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe24141cdd9 code=0x7ffc0000 [ 537.867698][ T37] audit: type=1326 audit(1777478317.007:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12480 comm="syz.2.2897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe24141cdd9 code=0x7ffc0000 [ 538.575955][T12497] sctp: [Deprecated]: syz.3.2904 (pid 12497) Use of struct sctp_assoc_value in delayed_ack socket option. [ 538.575955][T12497] Use struct sctp_sack_info instead [ 539.124067][T12509] loop8: detected capacity change from 0 to 8 [ 539.143183][T12509] Dev loop8: unable to read RDB block 8 [ 539.143248][T12509] loop8: unable to read partition table [ 539.143477][T12509] loop8: partition table beyond EOD, truncated [ 539.143496][T12509] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 541.011027][T12560] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.2932'. [ 542.430209][T12610] netlink: 212344 bytes leftover after parsing attributes in process `syz.5.2952'. [ 542.968697][T12628] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2961'. [ 543.371288][T12630] ip6erspan0: entered promiscuous mode [ 548.479554][T12800] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3033'. [ 548.517473][T12800] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3033'. [ 548.517501][T12800] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3033'. [ 556.510521][T13023] IPVS: Scheduler module ip_vs_sip not found [ 560.277039][T13110] netlink: 'syz.5.3164': attribute type 1 has an invalid length. [ 560.277064][T13110] netlink: 16150 bytes leftover after parsing attributes in process `syz.5.3164'. [ 562.372581][T13172] sctp: [Deprecated]: syz.5.3193 (pid 13172) Use of struct sctp_assoc_value in delayed_ack socket option. [ 562.372581][T13172] Use struct sctp_sack_info instead [ 563.317274][ T1334] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.318116][ T1334] aoe: packet could not be sent on ipvlan1. consider increasing tx_queue_len [ 563.472629][T13201] netlink: 104 bytes leftover after parsing attributes in process `syz.5.3207'. [ 563.662259][ T1242] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 563.854741][ T1242] usb 4-1: config 1 interface 0 has no altsetting 0 [ 563.875292][ T1242] usb 4-1: string descriptor 0 read error: -22 [ 563.875453][ T1242] usb 4-1: New USB device found, idVendor=04fc, idProduct=05d8, bcdDevice= 0.40 [ 563.875478][ T1242] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 564.410755][ T1242] hid_parser_main: 8 callbacks suppressed [ 564.410783][ T1242] sunplus 0003:04FC:05D8.0013: unknown main item tag 0x0 [ 564.410816][ T1242] sunplus 0003:04FC:05D8.0013: unknown main item tag 0x0 [ 564.410842][ T1242] sunplus 0003:04FC:05D8.0013: unknown main item tag 0x0 [ 564.410866][ T1242] sunplus 0003:04FC:05D8.0013: unknown main item tag 0x0 [ 564.410891][ T1242] sunplus 0003:04FC:05D8.0013: unknown main item tag 0x0 [ 564.410917][ T1242] sunplus 0003:04FC:05D8.0013: unknown main item tag 0x0 [ 564.410941][ T1242] sunplus 0003:04FC:05D8.0013: unknown main item tag 0x0 [ 564.410966][ T1242] sunplus 0003:04FC:05D8.0013: unknown main item tag 0x0 [ 564.410991][ T1242] sunplus 0003:04FC:05D8.0013: unknown main item tag 0x0 [ 564.411016][ T1242] sunplus 0003:04FC:05D8.0013: unknown main item tag 0x0 [ 564.551035][ T1242] sunplus 0003:04FC:05D8.0013: hidraw0: USB HID vff.7f Device [HID 04fc:05d8] on usb-dummy_hcd.3-1/input0 [ 564.643008][ T1242] usb 4-1: USB disconnect, device number 13 [ 564.818090][T13237] fido_id[13237]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory [ 565.172290][ T9746] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 565.326258][ T9746] usb 3-1: Using ep0 maxpacket: 8 [ 565.330125][ T9746] usb 3-1: unable to get BOS descriptor or descriptor too short [ 565.331789][ T9746] usb 3-1: config 96 has an invalid interface number: 80 but max is 1 [ 565.331816][ T9746] usb 3-1: config 96 has an invalid interface number: 72 but max is 1 [ 565.331837][ T9746] usb 3-1: config 96 has no interface number 0 [ 565.331853][ T9746] usb 3-1: config 96 has no interface number 1 [ 565.331911][ T9746] usb 3-1: config 96 interface 80 altsetting 192 endpoint 0x6 has invalid maxpacket 1024, setting to 64 [ 565.331940][ T9746] usb 3-1: config 96 interface 80 altsetting 192 bulk endpoint 0x3 has invalid maxpacket 1023 [ 565.331980][ T9746] usb 3-1: config 96 interface 72 altsetting 3 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 565.332008][ T9746] usb 3-1: config 96 interface 72 altsetting 3 has a duplicate endpoint with address 0x6, skipping [ 565.332030][ T9746] usb 3-1: config 96 interface 80 has no altsetting 0 [ 565.335228][ T9746] usb 3-1: config 96 interface 72 has no altsetting 0 [ 565.336106][ T9746] usb 3-1: language id specifier not provided by device, defaulting to English [ 565.338093][ T9746] usb 3-1: New USB device found, idVendor=0d8e, idProduct=7802, bcdDevice=a2.04 [ 565.338121][ T9746] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 565.338139][ T9746] usb 3-1: Product: syz [ 565.338152][ T9746] usb 3-1: Manufacturer: 鯩魎롉ff烠듹ځ안墢烐䃈㕜ᬮ蹂䡖킀㸰挌㵌檏郗覮쟥힇앸䙥륂풠额㌔ા鬀㲀厵㕵ມ餵藫굟꣠靰⊄仑㿛诱ঢ়ୣ䟜荧枸⛫㉈滺䮍퓂㷀筙卺芍᳑헇ᦽ卟멄꤄젝ব鶌誮㎊ⵂ潤潲愄耬얣 [ 565.338178][ T9746] usb 3-1: SerialNumber: syz [ 565.446303][T13242] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 565.520350][T13253] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 565.766110][ T9746] usb 3-1: Could not find all expected endpoints [ 565.780739][ T9746] usb 3-1: Could not find all expected endpoints [ 565.792721][ T9746] usb 3-1: USB disconnect, device number 19 [ 565.839608][T13262] netlink: 'syz.5.3236': attribute type 1 has an invalid length. [ 566.125453][T13262] bond1: entered promiscuous mode [ 566.125857][T13262] 8021q: adding VLAN 0 to HW filter on device bond1 [ 566.414548][T13264] bond1: (slave bridge1): making interface the new active one [ 566.414577][T13264] bridge1: entered promiscuous mode [ 566.516622][T13264] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 566.933405][ T37] kauditd_printk_skb: 5 callbacks suppressed [ 566.933426][ T37] audit: type=1326 audit(1777478346.067:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13277 comm="syz.5.3243" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f46c24fcdd9 code=0x0 [ 567.232257][ T9746] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 567.382343][ T9746] usb 3-1: Using ep0 maxpacket: 32 [ 567.386594][ T9746] usb 3-1: config 1 has an invalid descriptor of length 102, skipping remainder of the config [ 567.386625][ T9746] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 567.391373][ T9746] usb 3-1: New USB device found, idVendor=041e, idProduct=30df, bcdDevice= 0.40 [ 567.391405][ T9746] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 567.391426][ T9746] usb 3-1: Product: syz [ 567.391441][ T9746] usb 3-1: Manufacturer: syz [ 567.391456][ T9746] usb 3-1: SerialNumber: syz [ 567.682954][ T9746] usb 3-1: unit 8 not found! [ 568.103020][ T9746] snd-usb-audio 3-1:1.1: probe with driver snd-usb-audio failed with error -16 [ 568.103746][ T1242] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 568.142450][ T9746] usb 3-1: USB disconnect, device number 20 [ 568.352316][ T1242] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 568.352346][ T1242] usb 4-1: config 0 has no interfaces? [ 568.378735][ T1242] usb 4-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c [ 568.378765][ T1242] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 568.378783][ T1242] usb 4-1: Product: syz [ 568.378796][ T1242] usb 4-1: Manufacturer: syz [ 568.378808][ T1242] usb 4-1: SerialNumber: syz [ 568.412746][ T1242] usb 4-1: config 0 descriptor?? [ 569.429290][ T36] usb 4-1: USB disconnect, device number 14 [ 571.169474][T13396] loop8: detected capacity change from 0 to 8 [ 571.307641][T13396] Dev loop8: unable to read RDB block 8 [ 571.307688][T13396] loop8: unable to read partition table [ 571.308037][T13396] loop8: partition table beyond EOD, truncated [ 571.308074][T13396] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 574.074125][ T9746] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 574.313922][ T9746] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 574.313957][ T9746] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 574.313978][ T9746] usb 4-1: Product: syz [ 574.313992][ T9746] usb 4-1: Manufacturer: syz [ 574.314007][ T9746] usb 4-1: SerialNumber: syz [ 574.803119][ T9746] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 574.803192][ T9746] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 574.893300][T13505] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3347'. [ 575.438346][ T9746] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000000. ret = -EPROTO [ 575.438414][ T9746] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 575.608633][ T9746] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 575.651888][ T9746] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71 [ 575.794459][ T9746] usb 4-1: USB disconnect, device number 15 [ 577.130805][T13577] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.3377'. [ 577.424027][T13582] loop2: detected capacity change from 0 to 7 [ 577.529163][T13582] Dev loop2: unable to read RDB block 7 [ 577.529211][T13582] loop2: unable to read partition table [ 577.529463][T13582] loop2: partition table beyond EOD, truncated [ 577.529507][T13582] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 577.682026][T13588] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3383'. [ 577.794444][T13591] loop8: detected capacity change from 0 to 8 [ 577.805974][T13591] Dev loop8: unable to read RDB block 8 [ 577.806024][T13591] loop8: unable to read partition table [ 577.806268][T13591] loop8: partition table beyond EOD, truncated [ 577.806303][T13591] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 581.639840][T13701] netlink: 'syz.0.3431': attribute type 10 has an invalid length. [ 581.640217][T13701] tipc: Resetting bearer [ 581.907418][T13714] sg_read: process 234 (syz.5.3437) changed security contexts after opening file descriptor, this is not allowed. [ 582.252354][T13701] team0: Failed to send options change via netlink (err -105) [ 582.252383][T13701] team0: Port device dummy0 added [ 582.313452][T13723] CUSE: unknown device info "trans" [ 582.313469][T13723] CUSE: unknown device info "/dev/cuse" [ 582.313477][T13723] CUSE: DEVNAME unspecified [ 583.880091][T13752] 8021q: adding VLAN 0 to HW filter on device bond1 [ 583.889113][T13752] 8021q: adding VLAN 0 to HW filter on device bond2 [ 584.110438][T13769] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3463'. [ 584.263234][T13769] 8021q: adding VLAN 0 to HW filter on device bond1 [ 584.677196][T13784] netlink: 212360 bytes leftover after parsing attributes in process `syz.3.3467'. [ 584.942624][T13790] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3471'. [ 586.252322][ T9746] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 586.407049][ T9746] usb 4-1: config 0 has too many interfaces: 253, using maximum allowed: 32 [ 586.407080][ T9746] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 253 [ 586.446901][ T9746] usb 4-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac [ 586.446934][ T9746] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 586.446955][ T9746] usb 4-1: Product: syz [ 586.446970][ T9746] usb 4-1: Manufacturer: syz [ 586.446984][ T9746] usb 4-1: SerialNumber: syz [ 586.481491][ T9746] usb 4-1: config 0 descriptor?? [ 586.523181][ T9746] gspca_main: sunplus-2.14.0 probing 055f:c630 [ 587.763696][ T9746] gspca_sunplus: reg_r err -71 [ 587.763794][ T9746] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 587.897960][ T9746] usb 4-1: USB disconnect, device number 16 [ 589.754941][T13912] fuse: Bad value for 'fd' [ 589.988923][T13916] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3524'. [ 589.988949][T13916] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3524'. [ 589.989189][T13916] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3524'. [ 589.989204][T13916] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3524'. [ 593.226514][T14016] loop2: detected capacity change from 0 to 7 [ 593.261631][T14016] Dev loop2: unable to read RDB block 7 [ 593.261678][T14016] loop2: unable to read partition table [ 593.261917][T14016] loop2: partition table beyond EOD, truncated [ 593.261946][T14016] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 594.032330][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 595.164270][T14073] netlink: 212360 bytes leftover after parsing attributes in process `syz.5.3594'. [ 595.745147][T14088] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3600'. [ 596.764885][T14112] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3609'. [ 596.764922][T14112] netlink: 'syz.3.3609': attribute type 1 has an invalid length. [ 596.764936][T14112] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3609'. [ 596.894029][T14113] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3609'. [ 596.894066][T14113] netlink: 'syz.3.3609': attribute type 1 has an invalid length. [ 596.894080][T14113] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3609'. [ 597.214003][T14120] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3611'. [ 597.765663][ T9746] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 597.915633][ T9746] usb 3-1: Using ep0 maxpacket: 16 [ 597.929741][ T9746] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 597.929780][ T9746] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 597.929825][ T9746] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 597.929849][ T9746] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 597.946280][ T9746] usb 3-1: config 0 descriptor?? [ 598.443852][ T9746] HID 045e:07da: Invalid code 65791 type 1 [ 598.460070][ T9746] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0014/input/input12 [ 598.653752][ T9] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 598.827650][ T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 598.827681][ T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 598.836661][ T9] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 598.836694][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 598.836715][ T9] usb 4-1: SerialNumber: syz [ 599.351711][ T9] usb 4-1: 0:2 : does not exist [ 599.421540][ T9746] microsoft 0003:045E:07DA.0014: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 599.794766][ T9746] usb 3-1: USB disconnect, device number 21 [ 600.294016][ T9] usb 4-1: USB disconnect, device number 17 [ 600.452858][T14200] trusted_key: syz.3.3648 sent an empty control message without MSG_MORE. [ 600.846361][ T9630] udevd[9630]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 604.886116][T14303] netlink: 7 bytes leftover after parsing attributes in process `syz.2.3692'. [ 605.090871][T14305] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 605.286179][T14318] block nbd5: NBD_DISCONNECT [ 606.057196][T14324] block nbd5: Disconnected due to user request. [ 606.057265][T14324] block nbd5: shutting down sockets [ 606.479727][T14356] ptrace attach of "./syz-executor exec"[5592] was attempted by " [ 609.039843][T14462] netlink: 'syz.2.3751': attribute type 1 has an invalid length. [ 616.298570][T14663] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3822'. [ 616.298598][T14663] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3822'. [ 617.404489][T14690] netlink: 'syz.3.3836': attribute type 11 has an invalid length. [ 617.404513][T14690] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3836'. [ 617.407083][T14690] netlink: 'syz.3.3836': attribute type 11 has an invalid length. [ 617.407106][T14690] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3836'. [ 617.667469][T14697] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3838'. [ 617.986512][T14703] binder: 14702:14703 ioctl c0306201 200000000040 returned -14 [ 618.516925][ T36] usb 3-1: new full-speed USB device number 22 using dummy_hcd [ 618.684523][ T36] usb 3-1: config 10 has an invalid interface number: 32 but max is 0 [ 618.684555][ T36] usb 3-1: config 10 has no interface number 0 [ 618.684589][ T36] usb 3-1: config 10 interface 32 has no altsetting 0 [ 618.687602][ T36] usb 3-1: New USB device found, idVendor=0ccd, idProduct=005e, bcdDevice=f1.a8 [ 618.687632][ T36] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 618.687653][ T36] usb 3-1: Product: syz [ 618.687667][ T36] usb 3-1: Manufacturer: syz [ 618.687681][ T36] usb 3-1: SerialNumber: syz [ 618.993737][ T36] usb-storage 3-1:10.32: USB Mass Storage device detected [ 619.256234][ T36] usb 3-1: USB disconnect, device number 22 [ 619.391008][T14747] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3857'. [ 619.484565][T14750] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3857'. [ 619.484599][T14750] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3857'. [ 619.716557][T14759] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3863'. [ 620.692905][T14782] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3873'. [ 622.248339][T14823] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3891'. [ 622.568889][T14832] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 4, id = 0 [ 624.032249][ T36] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 624.153794][T14875] netlink: 'syz.0.3922': attribute type 2 has an invalid length. [ 624.182335][ T36] usb 3-1: Using ep0 maxpacket: 16 [ 624.186897][ T36] usb 3-1: config 0 has no interfaces? [ 624.204517][ T36] usb 3-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90 [ 624.204551][ T36] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 624.204573][ T36] usb 3-1: Product: syz [ 624.204587][ T36] usb 3-1: Manufacturer: syz [ 624.204602][ T36] usb 3-1: SerialNumber: syz [ 624.267729][ T36] usb 3-1: config 0 descriptor?? [ 624.509451][ T36] usb 3-1: USB disconnect, device number 23 [ 624.763079][ T1334] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.763817][ T1334] aoe: packet could not be sent on ipvlan1. consider increasing tx_queue_len [ 625.065683][ T31] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 625.125059][T14899] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3924'. [ 625.228025][ T31] usb 4-1: Using ep0 maxpacket: 32 [ 625.235262][ T31] usb 4-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 625.235291][ T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 625.235309][ T31] usb 4-1: Product: syz [ 625.235322][ T31] usb 4-1: Manufacturer: syz [ 625.235335][ T31] usb 4-1: SerialNumber: syz [ 625.248413][ T31] usb 4-1: config 0 descriptor?? [ 625.378988][T14899] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3924'. [ 625.394648][ T1058] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 625.501783][ T31] RobotFuzz Open Source InterFace, OSIF 4-1:0.0: version d4.15 found at bus 004 address 018 [ 625.511729][T14465] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 625.511780][T14465] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 625.511813][T14465] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 625.969522][T14921] fuse: Bad value for 'fd' [ 626.201578][T14891] i2c i2c-1: failure reading status [ 626.256653][ T9746] usb 4-1: USB disconnect, device number 18 [ 626.393414][T14934] netlink: 27 bytes leftover after parsing attributes in process `syz.0.3937'. [ 626.828978][T14893] Bluetooth: hci5: command 0x0406 tx timeout [ 628.034307][T14985] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3960'. [ 628.034348][T14985] netlink: 'syz.2.3960': attribute type 7 has an invalid length. [ 628.034361][T14985] netlink: 'syz.2.3960': attribute type 8 has an invalid length. [ 628.034373][T14985] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3960'. [ 628.850019][T15005] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3969'. [ 630.084531][ T5604] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:201' [ 630.084563][ T5604] CPU: 1 UID: 0 PID: 5604 Comm: kworker/u9:8 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 630.084594][ T5604] Tainted: [L]=SOFTLOCKUP [ 630.084601][ T5604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 630.084615][ T5604] Workqueue: hci5 hci_rx_work [ 630.084642][ T5604] Call Trace: [ 630.084650][ T5604] [ 630.084660][ T5604] dump_stack_lvl+0xe8/0x150 [ 630.084688][ T5604] sysfs_create_dir_ns+0x271/0x2a0 [ 630.084721][ T5604] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 630.084758][ T5604] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 630.084793][ T5604] ? rt_spin_unlock+0x160/0x200 [ 630.084835][ T5604] kobject_add_internal+0x631/0xd10 [ 630.084869][ T5604] kobject_add+0x163/0x240 [ 630.084899][ T5604] ? __pfx_kobject_add+0x10/0x10 [ 630.084931][ T5604] ? get_device_parent+0x370/0x3a0 [ 630.084960][ T5604] device_add+0x408/0xbb0 [ 630.084988][ T5604] hci_conn_add_sysfs+0xd5/0x210 [ 630.085025][ T5604] le_conn_complete_evt+0x10e6/0x16b0 [ 630.085065][ T5604] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 630.085090][ T5604] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 630.085109][ T5604] ? lockdep_hardirqs_on+0x7a/0x110 [ 630.085130][ T5604] ? skb_pull_data+0xfb/0x200 [ 630.085163][ T5604] hci_le_conn_complete_evt+0x187/0x470 [ 630.085197][ T5604] hci_event_packet+0x659/0xef0 [ 630.085226][ T5604] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 630.085250][ T5604] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 630.085272][ T5604] ? __pfx_hci_event_packet+0x10/0x10 [ 630.085292][ T5604] ? rt_spin_unlock+0x14f/0x200 [ 630.085327][ T5604] ? hci_send_to_monitor+0xe2/0x590 [ 630.085357][ T5604] hci_rx_work+0x3ee/0x1040 [ 630.085387][ T5604] ? process_scheduled_works+0xa70/0x1860 [ 630.085414][ T5604] process_scheduled_works+0xb5d/0x1860 [ 630.085478][ T5604] ? __pfx_process_scheduled_works+0x10/0x10 [ 630.085512][ T5604] ? assign_work+0x3d5/0x5e0 [ 630.085543][ T5604] worker_thread+0xa53/0xfc0 [ 630.085602][ T5604] kthread+0x388/0x470 [ 630.085632][ T5604] ? __pfx_worker_thread+0x10/0x10 [ 630.085655][ T5604] ? __pfx_kthread+0x10/0x10 [ 630.085686][ T5604] ret_from_fork+0x514/0xb70 [ 630.085716][ T5604] ? __pfx_ret_from_fork+0x10/0x10 [ 630.085741][ T5604] ? __switch_to+0xc79/0x1410 [ 630.085777][ T5604] ? __pfx_kthread+0x10/0x10 [ 630.085808][ T5604] ret_from_fork_asm+0x1a/0x30 [ 630.085865][ T5604] [ 630.085930][ T5604] kobject: kobject_add_internal failed for hci5:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 630.085975][ T5604] Bluetooth: hci5: failed to register connection device [ 632.382207][ T5704] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 632.450946][ T37] audit: type=1326 audit(1777478411.587:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15127 comm="syz.5.4022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c24fcdd9 code=0x7ffc0000 [ 632.451126][ T37] audit: type=1326 audit(1777478411.587:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15127 comm="syz.5.4022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c24fcdd9 code=0x7ffc0000 [ 632.463135][ T37] audit: type=1326 audit(1777478411.597:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15127 comm="syz.5.4022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f46c24fcdd9 code=0x7ffc0000 [ 632.463187][ T37] audit: type=1326 audit(1777478411.607:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15127 comm="syz.5.4022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c24fcdd9 code=0x7ffc0000 [ 632.463226][ T37] audit: type=1326 audit(1777478411.607:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15127 comm="syz.5.4022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c24fcdd9 code=0x7ffc0000 [ 632.465385][ T37] audit: type=1326 audit(1777478411.607:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15127 comm="syz.5.4022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f46c24fcdd9 code=0x7ffc0000 [ 632.472237][ T37] audit: type=1326 audit(1777478411.607:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15127 comm="syz.5.4022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c24fcdd9 code=0x7ffc0000 [ 632.477647][ T37] audit: type=1326 audit(1777478411.617:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15127 comm="syz.5.4022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c24fcdd9 code=0x7ffc0000 [ 632.477695][ T37] audit: type=1326 audit(1777478411.617:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15127 comm="syz.5.4022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f46c24fcdd9 code=0x7ffc0000 [ 632.477734][ T37] audit: type=1326 audit(1777478411.617:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15127 comm="syz.5.4022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c24fcdd9 code=0x7ffc0000 [ 632.539732][ T5704] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 632.539773][ T5704] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 632.539809][ T5704] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 632.539830][ T5704] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 632.570991][ T5704] usb 4-1: config 0 descriptor?? [ 633.066125][ T5704] hid_parser_main: 4005 callbacks suppressed [ 633.066153][ T5704] pyra 0003:1E7D:2CF6.0015: unknown main item tag 0x0 [ 633.066183][ T5704] pyra 0003:1E7D:2CF6.0015: unknown main item tag 0x0 [ 633.066208][ T5704] pyra 0003:1E7D:2CF6.0015: unknown main item tag 0x0 [ 633.066233][ T5704] pyra 0003:1E7D:2CF6.0015: unknown main item tag 0x0 [ 633.066278][ T5704] pyra 0003:1E7D:2CF6.0015: unknown main item tag 0x0 [ 633.066303][ T5704] pyra 0003:1E7D:2CF6.0015: unknown main item tag 0x0 [ 633.066328][ T5704] pyra 0003:1E7D:2CF6.0015: unknown main item tag 0x0 [ 633.151628][ T5704] pyra 0003:1E7D:2CF6.0015: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.3-1/input0 [ 634.059492][ T5704] pyra 0003:1E7D:2CF6.0015: couldn't init struct pyra_device [ 634.059557][ T5704] pyra 0003:1E7D:2CF6.0015: couldn't install mouse [ 634.067923][ T5704] pyra 0003:1E7D:2CF6.0015: probe with driver pyra failed with error -71 [ 634.203623][ T5704] usb 4-1: USB disconnect, device number 19 [ 635.239376][ T5807] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 635.392227][ T5807] usb 6-1: Using ep0 maxpacket: 32 [ 635.395353][ T5807] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 635.395389][ T5807] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 635.395412][ T5807] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 635.395459][ T5807] usb 6-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 635.395484][ T5807] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 635.471714][ T5807] usb 6-1: config 0 descriptor?? [ 636.047418][ T5807] input: HID 0458:5011 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0458:5011.0016/input/input13 [ 636.377023][T15210] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4056'. [ 636.476391][ T5807] input: HID 0458:5011 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0458:5011.0016/input/input14 [ 637.567332][T15206] lo speed is unknown, defaulting to 1000 [ 637.615018][ T5807] kye 0003:0458:5011.0016: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.5-1/input0 [ 638.025601][ T1242] usb 6-1: USB disconnect, device number 2 [ 640.372203][ T36] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 640.542149][ T36] usb 6-1: Using ep0 maxpacket: 8 [ 640.545379][ T36] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 640.545412][ T36] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 640.545438][ T36] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 640.545462][ T36] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 640.545510][ T36] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 640.545534][ T36] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 640.864435][ T36] usb 6-1: GET_CAPABILITIES returned 0 [ 640.864493][ T36] usbtmc 6-1:16.0: can't read capabilities [ 641.374761][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 641.420900][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 641.421006][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 641.421084][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 641.456532][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 641.456620][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 641.456690][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 641.460717][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 641.460768][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 641.460805][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 641.460842][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 641.460879][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 641.461140][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 641.461180][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 641.461217][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 641.461254][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 641.705566][ T9746] usb 6-1: USB disconnect, device number 3 [ 644.778051][T15409] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4140'. [ 644.869065][T15411] gretap0: entered promiscuous mode [ 644.904009][T15414] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 644.904093][T15416] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4141'. [ 644.931832][T15416] gretap0: left promiscuous mode [ 644.941660][T14460] netdevsim netdevsim5 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0 [ 644.941717][T14460] netdevsim netdevsim5 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0 [ 644.941757][T14460] netdevsim netdevsim5 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0 [ 644.941794][T14460] netdevsim netdevsim5 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0 [ 645.142307][ T9746] usb 3-1: new full-speed USB device number 24 using dummy_hcd [ 645.296630][ T9746] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 645.296693][ T9746] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 645.296720][ T9746] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10 [ 645.296746][ T9746] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 645.296768][ T9746] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 645.300332][ T9746] usb 3-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 645.300365][ T9746] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 645.300386][ T9746] usb 3-1: Product: syz [ 645.300401][ T9746] usb 3-1: Manufacturer: syz [ 645.300416][ T9746] usb 3-1: SerialNumber: syz [ 645.405237][ T9746] usb 3-1: config 0 descriptor?? [ 645.422490][ T37] kauditd_printk_skb: 6 callbacks suppressed [ 645.422508][ T37] audit: type=1326 audit(1777478424.567:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15427 comm="syz.5.4147" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f46c24fcdd9 code=0x0 [ 645.624196][ T9746] radio-si470x 3-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 645.624224][ T9746] radio-si470x 3-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 645.817837][ T9746] radio-si470x 3-1:0.0: software version 0, hardware version 0 [ 645.817865][ T9746] radio-si470x 3-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0. [ 645.817886][ T9746] radio-si470x 3-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org [ 645.942729][ T5604] Bluetooth: hci4: command 0x0405 tx timeout [ 646.018722][ T9746] radio-si470x 3-1:0.0: submitting int urb failed (-90) [ 646.400590][T15459] netlink: 'syz.5.4159': attribute type 1 has an invalid length. [ 646.400857][T15459] netlink: 'syz.5.4159': attribute type 4 has an invalid length. [ 646.400874][T15459] netlink: 9462 bytes leftover after parsing attributes in process `syz.5.4159'. [ 646.421965][ T9746] radio-si470x 3-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 646.428572][ T9746] radio-si470x 3-1:0.0: probe with driver radio-si470x failed with error -22 [ 646.509981][ T9746] usb 3-1: USB disconnect, device number 24 [ 648.022758][ T5604] Bluetooth: hci4: command 0x0405 tx timeout [ 648.678519][T15502] lo speed is unknown, defaulting to 1000 [ 648.995564][T15526] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 649.115101][T15523] team0 (unregistering): Port device team_slave_0 removed [ 649.170888][T15523] team0 (unregistering): Port device team_slave_1 removed [ 650.144951][ T37] audit: type=1326 audit(1777478429.287:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15557 comm="syz.5.4202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c24fcdd9 code=0x7ffc0000 [ 650.145052][ T37] audit: type=1326 audit(1777478429.287:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15557 comm="syz.5.4202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c24fcdd9 code=0x7ffc0000 [ 650.146650][ T37] audit: type=1326 audit(1777478429.287:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15557 comm="syz.5.4202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c24fcdd9 code=0x7ffc0000 [ 650.147643][ T37] audit: type=1326 audit(1777478429.287:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15557 comm="syz.5.4202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c24fcdd9 code=0x7ffc0000 [ 650.147875][ T37] audit: type=1326 audit(1777478429.287:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15557 comm="syz.5.4202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f46c24fcdd9 code=0x7ffc0000 [ 650.148119][ T37] audit: type=1326 audit(1777478429.287:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15557 comm="syz.5.4202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c24fcdd9 code=0x7ffc0000 [ 650.148362][ T37] audit: type=1326 audit(1777478429.287:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15557 comm="syz.5.4202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c24fcdd9 code=0x7ffc0000 [ 650.148643][ T37] audit: type=1326 audit(1777478429.287:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15557 comm="syz.5.4202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c24fcdd9 code=0x7ffc0000 [ 650.176648][ T37] audit: type=1326 audit(1777478429.287:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15557 comm="syz.5.4202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c24fcdd9 code=0x7ffc0000 [ 654.382691][T15642] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 655.481599][ C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 655.880606][ T5604] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 655.980570][ T5604] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 656.003003][ T5604] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 656.076534][ T5604] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 656.108593][ T5604] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 657.276190][T15705] fuse: fd is not a fuse device [ 657.480447][T15667] lo speed is unknown, defaulting to 1000 [ 658.310074][T15733] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.4275'. [ 658.359303][ T5604] Bluetooth: hci0: command tx timeout [ 659.144876][T15763] overlayfs: failed to clone upperpath [ 659.470506][T15770] fuse: fd is not a fuse device [ 660.126356][T15667] bridge0: port 1(bridge_slave_0) entered blocking state [ 660.126546][T15667] bridge0: port 1(bridge_slave_0) entered disabled state [ 660.127079][T15667] bridge_slave_0: entered allmulticast mode [ 660.140616][T15667] bridge_slave_0: entered promiscuous mode [ 660.151985][T15667] bridge0: port 2(bridge_slave_1) entered blocking state [ 660.156466][T15667] bridge0: port 2(bridge_slave_1) entered disabled state [ 660.159715][T15667] bridge_slave_1: entered allmulticast mode [ 660.247773][T15667] bridge_slave_1: entered promiscuous mode [ 660.422192][ T5604] Bluetooth: hci0: command tx timeout [ 660.494893][T15667] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 660.516283][T15667] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 660.809327][T15667] team0: Port device team_slave_0 added [ 660.877064][T15667] team0: Port device team_slave_1 added [ 661.116606][T15667] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 661.116626][T15667] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 661.116651][T15667] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 661.120929][T15667] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 661.120946][T15667] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 661.120973][T15667] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 661.538191][T15821] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 661.566923][T15667] hsr_slave_0: entered promiscuous mode [ 661.568599][T15667] hsr_slave_1: entered promiscuous mode [ 661.569797][T15667] debugfs: 'hsr0' already exists in 'hsr' [ 661.569824][T15667] Cannot create hsr debugfs directory [ 662.502491][ T5604] Bluetooth: hci0: command tx timeout [ 664.370949][T15667] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 664.434988][T15667] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 664.558770][T15667] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 664.582178][ T5604] Bluetooth: hci0: command tx timeout [ 664.935347][T15667] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 664.938720][T15667] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 665.070254][T15667] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 665.079819][T15667] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 665.604002][T15667] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 666.287446][T15667] 8021q: adding VLAN 0 to HW filter on device bond0 [ 666.418502][T15667] 8021q: adding VLAN 0 to HW filter on device team0 [ 666.517762][T14460] bridge0: port 1(bridge_slave_0) entered blocking state [ 666.518008][T14460] bridge0: port 1(bridge_slave_0) entered forwarding state [ 666.797541][T14460] bridge0: port 2(bridge_slave_1) entered blocking state [ 666.799841][T14460] bridge0: port 2(bridge_slave_1) entered forwarding state [ 668.494952][T15959] RDS: rds_bind could not find a transport for fe80::, load rds_tcp or rds_rdma? [ 669.265220][T16014] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4389'. [ 669.371917][T15667] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 669.920687][T16033] netlink: 'syz.0.4396': attribute type 4 has an invalid length. [ 670.009908][T16035] netlink: 'syz.0.4396': attribute type 4 has an invalid length. [ 670.808876][T15667] veth0_vlan: entered promiscuous mode [ 671.109342][T15667] veth1_vlan: entered promiscuous mode [ 671.496196][T15667] veth0_macvtap: entered promiscuous mode [ 671.559793][T15667] veth1_macvtap: entered promiscuous mode [ 671.755152][T15667] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 671.765924][T15667] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 671.938758][T14460] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 671.939372][T14460] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 671.943164][T14460] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 671.943666][T14460] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 673.294333][T16110] fuse: fd is not a fuse device [ 673.905782][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 673.905807][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 674.358942][ T9751] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 674.358965][ T9751] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 675.972240][ T819] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 676.182121][ T819] usb 7-1: Using ep0 maxpacket: 32 [ 676.183068][ T37] kauditd_printk_skb: 21 callbacks suppressed [ 676.183088][ T37] audit: type=1804 audit(1777478455.237:168): pid=16159 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.4450" name="file0" dev="tmpfs" ino=3880 res=1 errno=0 [ 676.185320][ T819] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 676.185353][ T819] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 676.185374][ T819] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 676.185415][ T819] usb 7-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 676.185437][ T819] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 676.302600][ T819] usb 7-1: config 0 descriptor?? [ 676.823767][ T819] input: HID 0458:5011 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:0458:5011.0017/input/input15 [ 676.936116][T16178] fuse: fd is not a fuse device [ 676.959716][ T819] input: HID 0458:5011 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:0458:5011.0017/input/input16 [ 677.159380][ T819] kye 0003:0458:5011.0017: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.6-1/input0 [ 679.761483][ T819] usb 7-1: USB disconnect, device number 2 [ 682.298685][T16244] binder: 16240:16244 ioctl c0306201 200000000540 returned -22 [ 684.661724][ T37] audit: type=1326 audit(1777478463.797:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16333 comm="syz.6.4526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc49e76cdd9 code=0x7ffc0000 [ 684.661782][ T37] audit: type=1326 audit(1777478463.797:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16333 comm="syz.6.4526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc49e76cdd9 code=0x7ffc0000 [ 684.732122][ T37] audit: type=1326 audit(1777478463.867:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16333 comm="syz.6.4526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc49e76cdd9 code=0x7ffc0000 [ 684.732179][ T37] audit: type=1326 audit(1777478463.867:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16333 comm="syz.6.4526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc49e76cdd9 code=0x7ffc0000 [ 684.733960][ T37] audit: type=1326 audit(1777478463.877:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16333 comm="syz.6.4526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fc49e76cdd9 code=0x7ffc0000 [ 684.838539][ T37] audit: type=1326 audit(1777478463.977:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16333 comm="syz.6.4526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc49e76cdd9 code=0x7ffc0000 [ 684.844126][ T37] audit: type=1326 audit(1777478463.977:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16333 comm="syz.6.4526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fc49e76cb42 code=0x7ffc0000 [ 685.758537][ T37] audit: type=1326 audit(1777478464.897:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16333 comm="syz.6.4526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fc49e76cbd7 code=0x7ffc0000 [ 685.758593][ T37] audit: type=1326 audit(1777478464.897:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16333 comm="syz.6.4526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7fc49e729ad1 code=0x7ffc0000 [ 685.758639][ T37] audit: type=1326 audit(1777478464.897:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16333 comm="syz.6.4526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7fc49e76dbc9 code=0x7ffc0000 [ 686.188058][ T1334] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.188834][ T1334] aoe: packet could not be sent on ipvlan1. consider increasing tx_queue_len [ 691.082149][ T5599] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 691.247606][ T5599] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 691.247671][ T5599] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 691.247695][ T5599] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 691.269484][ T5599] usb 7-1: config 0 descriptor?? [ 691.296201][ T5599] pwc: Askey VC010 type 2 USB webcam detected. [ 691.739413][ T5599] pwc: recv_control_msg error -32 req 02 val 2b00 [ 691.742463][ T5599] pwc: recv_control_msg error -32 req 02 val 2700 [ 691.756331][ T5599] pwc: recv_control_msg error -32 req 02 val 2c00 [ 691.760122][ T5599] pwc: recv_control_msg error -32 req 04 val 1000 [ 691.762275][ T5599] pwc: recv_control_msg error -32 req 04 val 1300 [ 691.770324][ T5599] pwc: recv_control_msg error -32 req 04 val 1400 [ 691.983828][ T5599] pwc: recv_control_msg error -71 req 02 val 2100 [ 691.984383][ T5599] pwc: recv_control_msg error -71 req 04 val 1500 [ 691.985500][ T5599] pwc: recv_control_msg error -71 req 02 val 2500 [ 691.986019][ T5599] pwc: recv_control_msg error -71 req 02 val 2400 [ 691.987622][ T5599] pwc: recv_control_msg error -71 req 02 val 2600 [ 691.989602][ T5599] pwc: recv_control_msg error -71 req 02 val 2900 [ 691.990279][ T5599] pwc: recv_control_msg error -71 req 02 val 2800 [ 691.992401][ T5599] pwc: recv_control_msg error -71 req 04 val 1100 [ 691.993571][ T5599] pwc: recv_control_msg error -71 req 04 val 1200 [ 692.351721][ T5599] pwc: Registered as video103. [ 692.364854][ T5599] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input17 [ 692.381810][ T5599] usb 7-1: USB disconnect, device number 3 [ 698.175630][T16680] binder: 16678:16680 ioctl c0306201 200000000080 returned -14 [ 698.201468][T16680] binder: 16678:16680 ioctl c0306201 2000000003c0 returned -14 [ 699.313126][T16700] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4693'. [ 699.313156][T16700] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4693'. [ 701.322147][ T5599] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 701.482225][ T9746] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 701.492544][ T5599] usb 3-1: Using ep0 maxpacket: 32 [ 701.498235][ T5599] usb 3-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 701.498264][ T5599] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 701.522325][ T5599] usb 3-1: config 0 descriptor?? [ 701.542340][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 701.556449][ T5599] gspca_main: sunplus-2.14.0 probing 041e:400b [ 701.643681][ T9746] usb 7-1: Using ep0 maxpacket: 16 [ 701.646446][ T9746] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 701.672476][ T9746] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 701.672509][ T9746] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 701.672528][ T9746] usb 7-1: Product: syz [ 701.672543][ T9746] usb 7-1: Manufacturer: syz [ 701.672557][ T9746] usb 7-1: SerialNumber: syz [ 701.729285][ T9746] usb 7-1: config 0 descriptor?? [ 701.754001][ T9746] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 701.754040][ T9746] em28xx 7-1:0.0: DVB interface 0 found: bulk [ 702.399867][ T5599] gspca_sunplus: reg_r err -71 [ 702.399970][ T5599] sunplus 3-1:0.0: probe with driver sunplus failed with error -71 [ 702.412863][ T5599] usb 3-1: USB disconnect, device number 25 [ 702.426545][ T9746] em28xx 7-1:0.0: unknown em28xx chip ID (0) [ 703.042557][ T9746] em28xx 7-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 703.042594][ T9746] em28xx 7-1:0.0: board has no eeprom [ 703.362652][ T9746] em28xx 7-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 703.362698][ T9746] em28xx 7-1:0.0: dvb set to bulk mode. [ 703.364521][ T4974] em28xx 7-1:0.0: Binding DVB extension [ 703.558280][ T9746] usb 7-1: USB disconnect, device number 4 [ 703.586720][ T9746] em28xx 7-1:0.0: Disconnecting em28xx [ 703.905927][ T5599] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 704.014719][ T4974] em28xx 7-1:0.0: Registering input extension [ 704.041288][ T9746] em28xx 7-1:0.0: Closing input extension [ 704.071311][ T5599] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 704.071340][ T5599] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 704.079660][ T5599] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 704.079691][ T5599] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 704.079709][ T5599] usb 3-1: SerialNumber: syz [ 704.565380][ T5599] usb 3-1: 0:2 : does not exist [ 705.881047][ T5599] usb 3-1: USB disconnect, device number 26 [ 706.112784][ T36] IPVS: starting estimator thread 0... [ 706.212212][T16849] IPVS: using max 9 ests per chain, 21600 per kthread [ 706.419881][ T9746] em28xx 7-1:0.0: Freeing device [ 706.745887][ T5994] udevd[5994]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 708.933407][T16892] netlink: 68 bytes leftover after parsing attributes in process `syz.2.4776'. [ 711.979949][T16960] faux_driver vkms: [drm] Unknown color mode 11; guessing buffer size. [ 712.996553][T16987] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 717.722648][T17116] overlayfs: failed to clone upperpath [ 721.049508][T17216] ------------[ cut here ]------------ [ 721.049524][T17216] debug_locks && !(!get_current()->pi_blocked_on) [ 721.049535][T17216] WARNING: kernel/locking/spinlock_rt.c:40 at rt_spin_lock+0x31c/0x400, CPU#0: syz.2.4913/17216 [ 721.049586][T17216] Modules linked in: [ 721.049608][T17216] CPU: 0 UID: 0 PID: 17216 Comm: syz.2.4913 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 721.049638][T17216] Tainted: [L]=SOFTLOCKUP [ 721.049646][T17216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 721.049659][T17216] RIP: 0010:rt_spin_lock+0x31c/0x400 [ 721.049689][T17216] Code: 48 3b 44 24 60 0f 85 98 00 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d e9 d0 70 01 00 cc e8 9a e2 14 f6 e9 ac fe ff ff 90 <0f> 0b 90 e9 f6 fd ff ff 90 0f 0b 90 e9 3f ff ff ff e8 7e e2 14 f6 [ 721.049708][T17216] RSP: 0018:ffffc9000db1f5a0 EFLAGS: 00010282 [ 721.049724][T17216] RAX: 1ffff11005fa5167 RBX: 1ffff92001b63eb8 RCX: 0000000000000046 [ 721.049741][T17216] RDX: 0000000000000000 RSI: ffffffff8d860ca5 RDI: ffffffff8ba74c60 [ 721.049756][T17216] RBP: ffffc9000db1f660 R08: ffffffff8220efe4 R09: ffff88801a029758 [ 721.049772][T17216] R10: dffffc0000000000 R11: fffffbfff1f11a5f R12: ffff88802fd28b38 [ 721.049788][T17216] R13: dffffc0000000000 R14: ffff88801a029700 R15: ffffc9000db1f5e0 [ 721.049805][T17216] FS: 00007fe23f66e6c0(0000) GS:ffff88812617c000(0000) knlGS:0000000000000000 [ 721.049824][T17216] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 721.049848][T17216] CR2: 00002000000c4030 CR3: 0000000069a32000 CR4: 00000000003526f0 [ 721.049869][T17216] Call Trace: [ 721.049877][T17216] [ 721.049892][T17216] ? __pfx_rt_spin_lock+0x10/0x10 [ 721.049922][T17216] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 721.049944][T17216] ? lockdep_hardirqs_on+0x7a/0x110 [ 721.049966][T17216] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 721.049992][T17216] ? fill_pool+0x156/0x580 [ 721.050023][T17216] get_from_partial_node+0x54/0x480 [ 721.050058][T17216] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 721.050096][T17216] ? fill_pool+0x156/0x580 [ 721.050126][T17216] ___slab_alloc+0xb2/0x670 [ 721.050169][T17216] kmem_cache_alloc_noprof+0xea/0x680 [ 721.050193][T17216] ? fill_pool+0x156/0x580 [ 721.050226][T17216] fill_pool+0x156/0x580 [ 721.050262][T17216] ? __pfx_fill_pool+0x10/0x10 [ 721.050300][T17216] ? debug_objects_fill_pool+0x6f/0xd0 [ 721.050327][T17216] ? debug_objects_fill_pool+0x6f/0xd0 [ 721.050359][T17216] debug_objects_fill_pool+0x97/0xd0 [ 721.050387][T17216] debug_object_assert_init+0x34/0x340 [ 721.050424][T17216] hrtimer_start_range_ns+0x3f/0xef0 [ 721.050465][T17216] ? _raw_spin_unlock_irq+0x23/0x50 [ 721.050489][T17216] futex_lock_pi+0x8df/0xb10 [ 721.050523][T17216] ? __pfx_futex_lock_pi+0x10/0x10 [ 721.050551][T17216] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 721.050572][T17216] ? __lock_acquire+0x6b5/0x2cf0 [ 721.050614][T17216] ? __schedule+0x1697/0x54c0 [ 721.050648][T17216] ? __pfx_futex_wake_mark+0x10/0x10 [ 721.050727][T17216] do_futex+0x292/0x420 [ 721.050765][T17216] ? __pfx_do_futex+0x10/0x10 [ 721.050804][T17216] __se_sys_futex+0x3a8/0x450 [ 721.050850][T17216] ? __pfx___se_sys_futex+0x10/0x10 [ 721.050881][T17216] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.050911][T17216] ? __x64_sys_futex+0x21/0xf0 [ 721.050940][T17216] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.050963][T17216] do_syscall_64+0x15f/0xf80 [ 721.050985][T17216] ? clear_bhb_loop+0x40/0x90 [ 721.051011][T17216] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.051032][T17216] RIP: 0033:0x7fe24141cdd9 [ 721.051053][T17216] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 721.051071][T17216] RSP: 002b:00007fe23f66e028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 721.051094][T17216] RAX: ffffffffffffffda RBX: 00007fe241695fa0 RCX: 00007fe24141cdd9 [ 721.051110][T17216] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000200000000200 [ 721.051124][T17216] RBP: 00007fe2414b2d69 R08: 0000000000000000 R09: 0000000000000001 [ 721.051139][T17216] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000000 [ 721.051153][T17216] R13: 00007fe241696038 R14: 00007fe241695fa0 R15: 00007ffd9e3b4928 [ 721.051189][T17216] [ 721.051200][T17216] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 721.051217][T17216] CPU: 0 UID: 0 PID: 17216 Comm: syz.2.4913 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 721.051246][T17216] Tainted: [L]=SOFTLOCKUP [ 721.051254][T17216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 721.051266][T17216] Call Trace: [ 721.051273][T17216] [ 721.051282][T17216] vpanic+0x56c/0xa60 [ 721.051308][T17216] ? __pfx__printk+0x10/0x10 [ 721.051337][T17216] ? __pfx_vpanic+0x10/0x10 [ 721.051359][T17216] ? is_bpf_text_address+0x292/0x2b0 [ 721.051384][T17216] ? is_bpf_text_address+0x26/0x2b0 [ 721.051428][T17216] panic+0xc5/0xd0 [ 721.051451][T17216] ? __pfx_panic+0x10/0x10 [ 721.051495][T17216] __warn+0x315/0x4c0 [ 721.051518][T17216] ? rt_spin_lock+0x31c/0x400 [ 721.051546][T17216] ? rt_spin_lock+0x31c/0x400 [ 721.051573][T17216] __report_bug+0x29a/0x540 [ 721.051610][T17216] ? rt_spin_lock+0x31c/0x400 [ 721.051636][T17216] ? __pfx___report_bug+0x10/0x10 [ 721.051668][T17216] ? __lock_acquire+0x6b5/0x2cf0 [ 721.051707][T17216] ? __lock_acquire+0x6b5/0x2cf0 [ 721.051733][T17216] ? rt_spin_lock+0x31c/0x400 [ 721.051756][T17216] report_bug+0x16a/0x220 [ 721.051785][T17216] ? rt_spin_lock+0x31c/0x400 [ 721.051810][T17216] ? rt_spin_lock+0x31e/0x400 [ 721.051843][T17216] handle_bug+0x9c/0x200 [ 721.051869][T17216] exc_invalid_op+0x1a/0x50 [ 721.051893][T17216] asm_exc_invalid_op+0x1a/0x20 [ 721.051913][T17216] RIP: 0010:rt_spin_lock+0x31c/0x400 [ 721.051940][T17216] Code: 48 3b 44 24 60 0f 85 98 00 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d e9 d0 70 01 00 cc e8 9a e2 14 f6 e9 ac fe ff ff 90 <0f> 0b 90 e9 f6 fd ff ff 90 0f 0b 90 e9 3f ff ff ff e8 7e e2 14 f6 [ 721.051958][T17216] RSP: 0018:ffffc9000db1f5a0 EFLAGS: 00010282 [ 721.051982][T17216] RAX: 1ffff11005fa5167 RBX: 1ffff92001b63eb8 RCX: 0000000000000046 [ 721.051996][T17216] RDX: 0000000000000000 RSI: ffffffff8d860ca5 RDI: ffffffff8ba74c60 [ 721.052011][T17216] RBP: ffffc9000db1f660 R08: ffffffff8220efe4 R09: ffff88801a029758 [ 721.052026][T17216] R10: dffffc0000000000 R11: fffffbfff1f11a5f R12: ffff88802fd28b38 [ 721.052040][T17216] R13: dffffc0000000000 R14: ffff88801a029700 R15: ffffc9000db1f5e0 [ 721.052064][T17216] ? get_from_partial_node+0x54/0x480 [ 721.052109][T17216] ? __pfx_rt_spin_lock+0x10/0x10 [ 721.052137][T17216] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 721.052158][T17216] ? lockdep_hardirqs_on+0x7a/0x110 [ 721.052177][T17216] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 721.052202][T17216] ? fill_pool+0x156/0x580 [ 721.052233][T17216] get_from_partial_node+0x54/0x480 [ 721.052265][T17216] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 721.052304][T17216] ? fill_pool+0x156/0x580 [ 721.052331][T17216] ___slab_alloc+0xb2/0x670 [ 721.052370][T17216] kmem_cache_alloc_noprof+0xea/0x680 [ 721.052394][T17216] ? fill_pool+0x156/0x580 [ 721.052430][T17216] fill_pool+0x156/0x580 [ 721.052469][T17216] ? __pfx_fill_pool+0x10/0x10 [ 721.052508][T17216] ? debug_objects_fill_pool+0x6f/0xd0 [ 721.052538][T17216] ? debug_objects_fill_pool+0x6f/0xd0 [ 721.052572][T17216] debug_objects_fill_pool+0x97/0xd0 [ 721.052600][T17216] debug_object_assert_init+0x34/0x340 [ 721.052635][T17216] hrtimer_start_range_ns+0x3f/0xef0 [ 721.052674][T17216] ? _raw_spin_unlock_irq+0x23/0x50 [ 721.052698][T17216] futex_lock_pi+0x8df/0xb10 [ 721.052734][T17216] ? __pfx_futex_lock_pi+0x10/0x10 [ 721.052763][T17216] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 721.052784][T17216] ? __lock_acquire+0x6b5/0x2cf0 [ 721.052827][T17216] ? __schedule+0x1697/0x54c0 [ 721.053013][T17216] ? __pfx_futex_wake_mark+0x10/0x10 [ 721.053063][T17216] do_futex+0x292/0x420 [ 721.053100][T17216] ? __pfx_do_futex+0x10/0x10 [ 721.053142][T17216] __se_sys_futex+0x3a8/0x450 [ 721.053177][T17216] ? __pfx___se_sys_futex+0x10/0x10 [ 721.053211][T17216] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.053241][T17216] ? __x64_sys_futex+0x21/0xf0 [ 721.053272][T17216] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.053295][T17216] do_syscall_64+0x15f/0xf80 [ 721.053320][T17216] ? clear_bhb_loop+0x40/0x90 [ 721.053347][T17216] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.053368][T17216] RIP: 0033:0x7fe24141cdd9 [ 721.053389][T17216] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 721.053405][T17216] RSP: 002b:00007fe23f66e028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 721.053428][T17216] RAX: ffffffffffffffda RBX: 00007fe241695fa0 RCX: 00007fe24141cdd9 [ 721.053444][T17216] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000200000000200 [ 721.053458][T17216] RBP: 00007fe2414b2d69 R08: 0000000000000000 R09: 0000000000000001 [ 721.053470][T17216] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000000 [ 721.053484][T17216] R13: 00007fe241696038 R14: 00007fe241695fa0 R15: 00007ffd9e3b4928 [ 721.053522][T17216] [ 721.053902][T17216] Kernel Offset: disabled